diff --git a/apps/docs/content/docs/de/enterprise/index.mdx b/apps/docs/content/docs/de/enterprise/index.mdx
new file mode 100644
index 0000000000..109b196491
--- /dev/null
+++ b/apps/docs/content/docs/de/enterprise/index.mdx
@@ -0,0 +1,76 @@
+---
+title: Enterprise
+description: Enterprise-Funktionen für Organisationen mit erweiterten
+  Sicherheits- und Compliance-Anforderungen
+---
+
+import { Callout } from 'fumadocs-ui/components/callout'
+
+Sim Studio Enterprise bietet erweiterte Funktionen für Organisationen mit erhöhten Sicherheits-, Compliance- und Verwaltungsanforderungen.
+
+---
+
+## Bring Your Own Key (BYOK)
+
+Verwenden Sie Ihre eigenen API-Schlüssel für KI-Modellanbieter anstelle der gehosteten Schlüssel von Sim Studio.
+
+### Unterstützte Anbieter
+
+| Anbieter | Verwendung |
+|----------|-------|
+| OpenAI | Knowledge Base-Embeddings, Agent-Block |
+| Anthropic | Agent-Block |
+| Google | Agent-Block |
+| Mistral | Knowledge Base OCR |
+
+### Einrichtung
+
+1. Navigieren Sie zu **Einstellungen** → **BYOK** in Ihrem Workspace
+2. Klicken Sie auf **Schlüssel hinzufügen** für Ihren Anbieter
+3. Geben Sie Ihren API-Schlüssel ein und speichern Sie
+
+<Callout type="warn">
+  BYOK-Schlüssel werden verschlüsselt gespeichert. Nur Organisationsadministratoren und -inhaber können Schlüssel verwalten.
+</Callout>
+
+Wenn konfiguriert, verwenden Workflows Ihren Schlüssel anstelle der gehosteten Schlüssel von Sim Studio. Bei Entfernung wechseln Workflows automatisch zu den gehosteten Schlüsseln zurück.
+
+---
+
+## Single Sign-On (SSO)
+
+Enterprise-Authentifizierung mit SAML 2.0- und OIDC-Unterstützung für zentralisiertes Identitätsmanagement.
+
+### Unterstützte Anbieter
+
+- Okta
+- Azure AD / Entra ID
+- Google Workspace
+- OneLogin
+- Jeder SAML 2.0- oder OIDC-Anbieter
+
+### Einrichtung
+
+1. Navigieren Sie zu **Einstellungen** → **SSO** in Ihrem Workspace
+2. Wählen Sie Ihren Identitätsanbieter
+3. Konfigurieren Sie die Verbindung mithilfe der Metadaten Ihres IdP
+4. Aktivieren Sie SSO für Ihre Organisation
+
+<Callout type="info">
+  Sobald SSO aktiviert ist, authentifizieren sich Teammitglieder über Ihren Identitätsanbieter anstelle von E-Mail/Passwort.
+</Callout>
+
+---
+
+## Self-Hosted
+
+Für selbst gehostete Bereitstellungen können Enterprise-Funktionen über Umgebungsvariablen aktiviert werden:
+
+| Variable | Beschreibung |
+|----------|-------------|
+| `SSO_ENABLED`, `NEXT_PUBLIC_SSO_ENABLED` | Single Sign-On mit SAML/OIDC |
+| `CREDENTIAL_SETS_ENABLED`, `NEXT_PUBLIC_CREDENTIAL_SETS_ENABLED` | Polling-Gruppen für E-Mail-Trigger |
+
+<Callout type="warn">
+  BYOK ist nur im gehosteten Sim Studio verfügbar. Selbst gehostete Deployments konfigurieren AI-Provider-Schlüssel direkt über Umgebungsvariablen.
+</Callout>
diff --git a/apps/docs/content/docs/de/mcp/deploy-workflows.mdx b/apps/docs/content/docs/de/mcp/deploy-workflows.mdx
index 074d0a5849..a782869af7 100644
--- a/apps/docs/content/docs/de/mcp/deploy-workflows.mdx
+++ b/apps/docs/content/docs/de/mcp/deploy-workflows.mdx
@@ -17,7 +17,7 @@ MCP-Server gruppieren Ihre Workflow-Tools zusammen. Erstellen und verwalten Sie
   <Video src="mcp/mcp-server.mp4" width={700} height={450} />
 </div>
 
-1. Navigieren Sie zu **Einstellungen → MCP-Server**
+1. Navigieren Sie zu **Einstellungen → Bereitgestellte MCPs**
 2. Klicken Sie auf **Server erstellen**
 3. Geben Sie einen Namen und eine optionale Beschreibung ein
 4. Kopieren Sie die Server-URL zur Verwendung in Ihren MCP-Clients
@@ -79,7 +79,7 @@ Füge deinen API-Key-Header (`X-API-Key`) für authentifizierten Zugriff hinzu,
 
 ## Server-Verwaltung
 
-In der Server-Detailansicht unter **Einstellungen → MCP-Server** kannst du:
+In der Server-Detailansicht unter **Einstellungen → Bereitgestellte MCPs** können Sie:
 
 - **Tools anzeigen**: Alle Workflows sehen, die einem Server hinzugefügt wurden
 - **URL kopieren**: Die Server-URL für MCP-Clients abrufen
diff --git a/apps/docs/content/docs/de/mcp/index.mdx b/apps/docs/content/docs/de/mcp/index.mdx
index 12d5713bdd..77edb5b72c 100644
--- a/apps/docs/content/docs/de/mcp/index.mdx
+++ b/apps/docs/content/docs/de/mcp/index.mdx
@@ -27,7 +27,7 @@ MCP-Server stellen Sammlungen von Tools bereit, die Ihre Agenten nutzen können.
 </div>
 
 1. Navigieren Sie zu Ihren Workspace-Einstellungen
-2. Gehen Sie zum Abschnitt **MCP-Server**
+2. Gehen Sie zum Abschnitt **Bereitgestellte MCPs**
 3. Klicken Sie auf **MCP-Server hinzufügen**
 4. Geben Sie die Server-Konfigurationsdetails ein
 5. Speichern Sie die Konfiguration
diff --git a/apps/docs/content/docs/de/triggers/index.mdx b/apps/docs/content/docs/de/triggers/index.mdx
index 8fc867bd5a..23b51adf27 100644
--- a/apps/docs/content/docs/de/triggers/index.mdx
+++ b/apps/docs/content/docs/de/triggers/index.mdx
@@ -22,7 +22,7 @@ Verwende den Start-Block für alles, was aus dem Editor, deploy-to-API oder depl
 
 <Cards>
   <Card title="Start" href="/triggers/start">
-    Einheitlicher Einstiegspunkt, der Editor-Ausführungen, API-Bereitstellungen und Chat-Bereitstellungen unterstützt
+    Einheitlicher Einstiegspunkt, der Editor-Ausführungen, API-Deployments und Chat-Deployments unterstützt
   </Card>
   <Card title="Webhook" href="/triggers/webhook">
     Externe Webhook-Payloads empfangen
@@ -33,6 +33,9 @@ Verwende den Start-Block für alles, was aus dem Editor, deploy-to-API oder depl
   <Card title="RSS Feed" href="/triggers/rss">
     RSS- und Atom-Feeds auf neue Inhalte überwachen
   </Card>
+  <Card title="Email Polling Groups" href="#email-polling-groups">
+    Team-Gmail- und Outlook-Postfächer überwachen
+  </Card>
 </Cards>
 
 ## Schneller Vergleich
@@ -43,6 +46,7 @@ Verwende den Start-Block für alles, was aus dem Editor, deploy-to-API oder depl
 | **Schedule** | Timer, der im Schedule-Block verwaltet wird |
 | **Webhook** | Bei eingehender HTTP-Anfrage |
 | **RSS Feed** | Neues Element im Feed veröffentlicht |
+| **Email Polling Groups** | Neue E-Mail in Team-Gmail- oder Outlook-Postfächern empfangen |
 
 > Der Start-Block stellt immer `input`, `conversationId` und `files` Felder bereit. Füge benutzerdefinierte Felder zum Eingabeformat für zusätzliche strukturierte Daten hinzu.
 
@@ -65,3 +69,25 @@ Wenn du im Editor auf **Run** klickst, wählt Sim automatisch aus, welcher Trigg
 Wenn dein Workflow mehrere Trigger hat, wird der Trigger mit der höchsten Priorität ausgeführt. Wenn du beispielsweise sowohl einen Start-Block als auch einen Webhook-Trigger hast, wird beim Klicken auf Run der Start-Block ausgeführt.
 
 **Externe Auslöser mit Mock-Payloads**: Wenn externe Auslöser (Webhooks und Integrationen) manuell ausgeführt werden, generiert Sim automatisch Mock-Payloads basierend auf der erwarteten Datenstruktur des Auslösers. Dies stellt sicher, dass nachgelagerte Blöcke während des Testens Variablen korrekt auflösen können.
+
+## E-Mail-Polling-Gruppen
+
+Polling-Gruppen ermöglichen es Ihnen, die Gmail- oder Outlook-Postfächer mehrerer Teammitglieder mit einem einzigen Trigger zu überwachen. Erfordert einen Team- oder Enterprise-Plan.
+
+**Erstellen einer Polling-Gruppe** (Admin/Owner)
+
+1. Gehen Sie zu **Einstellungen → E-Mail-Polling**
+2. Klicken Sie auf **Erstellen** und wählen Sie Gmail oder Outlook
+3. Geben Sie einen Namen für die Gruppe ein
+
+**Mitglieder einladen**
+
+1. Klicken Sie auf **Mitglieder hinzufügen** bei Ihrer Polling-Gruppe
+2. Geben Sie E-Mail-Adressen ein (durch Komma oder Zeilenumbruch getrennt oder ziehen Sie eine CSV-Datei per Drag & Drop)
+3. Klicken Sie auf **Einladungen senden**
+
+Eingeladene erhalten eine E-Mail mit einem Link, um ihr Konto zu verbinden. Sobald die Verbindung hergestellt ist, wird ihr Postfach automatisch in die Polling-Gruppe aufgenommen. Eingeladene müssen keine Mitglieder Ihrer Sim-Organisation sein.
+
+**Verwendung in einem Workflow**
+
+Wählen Sie beim Konfigurieren eines E-Mail-Triggers Ihre Polling-Gruppe aus dem Dropdown-Menü für Anmeldeinformationen anstelle eines einzelnen Kontos aus. Das System erstellt Webhooks für jedes Mitglied und leitet alle E-Mails durch Ihren Workflow.
diff --git a/apps/docs/content/docs/en/enterprise/index.mdx b/apps/docs/content/docs/en/enterprise/index.mdx
new file mode 100644
index 0000000000..c5b451d83d
--- /dev/null
+++ b/apps/docs/content/docs/en/enterprise/index.mdx
@@ -0,0 +1,75 @@
+---
+title: Enterprise
+description: Enterprise features for organizations with advanced security and compliance requirements
+---
+
+import { Callout } from 'fumadocs-ui/components/callout'
+
+Sim Studio Enterprise provides advanced features for organizations with enhanced security, compliance, and management requirements.
+
+---
+
+## Bring Your Own Key (BYOK)
+
+Use your own API keys for AI model providers instead of Sim Studio's hosted keys.
+
+### Supported Providers
+
+| Provider | Usage |
+|----------|-------|
+| OpenAI | Knowledge Base embeddings, Agent block |
+| Anthropic | Agent block |
+| Google | Agent block |
+| Mistral | Knowledge Base OCR |
+
+### Setup
+
+1. Navigate to **Settings** → **BYOK** in your workspace
+2. Click **Add Key** for your provider
+3. Enter your API key and save
+
+<Callout type="warn">
+  BYOK keys are encrypted at rest. Only organization admins and owners can manage keys.
+</Callout>
+
+When configured, workflows use your key instead of Sim Studio's hosted keys. If removed, workflows automatically fall back to hosted keys.
+
+---
+
+## Single Sign-On (SSO)
+
+Enterprise authentication with SAML 2.0 and OIDC support for centralized identity management.
+
+### Supported Providers
+
+- Okta
+- Azure AD / Entra ID
+- Google Workspace
+- OneLogin
+- Any SAML 2.0 or OIDC provider
+
+### Setup
+
+1. Navigate to **Settings** → **SSO** in your workspace
+2. Choose your identity provider
+3. Configure the connection using your IdP's metadata
+4. Enable SSO for your organization
+
+<Callout type="info">
+  Once SSO is enabled, team members authenticate through your identity provider instead of email/password.
+</Callout>
+
+---
+
+## Self-Hosted
+
+For self-hosted deployments, enterprise features can be enabled via environment variables:
+
+| Variable | Description |
+|----------|-------------|
+| `SSO_ENABLED`, `NEXT_PUBLIC_SSO_ENABLED` | Single Sign-On with SAML/OIDC |
+| `CREDENTIAL_SETS_ENABLED`, `NEXT_PUBLIC_CREDENTIAL_SETS_ENABLED` | Polling Groups for email triggers |
+
+<Callout type="warn">
+  BYOK is only available on hosted Sim Studio. Self-hosted deployments configure AI provider keys directly via environment variables.
+</Callout>
diff --git a/apps/docs/content/docs/en/meta.json b/apps/docs/content/docs/en/meta.json
index ddef012c76..52213b66a3 100644
--- a/apps/docs/content/docs/en/meta.json
+++ b/apps/docs/content/docs/en/meta.json
@@ -15,6 +15,7 @@
     "permissions",
     "sdks",
     "self-hosting",
+    "./enterprise/index",
     "./keyboard-shortcuts/index"
   ],
   "defaultOpen": false
diff --git a/apps/docs/content/docs/en/triggers/index.mdx b/apps/docs/content/docs/en/triggers/index.mdx
index 8ac76ad4b6..2a78dd1b33 100644
--- a/apps/docs/content/docs/en/triggers/index.mdx
+++ b/apps/docs/content/docs/en/triggers/index.mdx
@@ -33,6 +33,9 @@ Use the Start block for everything originating from the editor, deploy-to-API, o
   <Card title="RSS Feed" href="/triggers/rss">
     Monitor RSS and Atom feeds for new content
   </Card>
+  <Card title="Email Polling Groups" href="#email-polling-groups">
+    Monitor team Gmail and Outlook inboxes
+  </Card>
 </Cards>
 
 ## Quick Comparison
@@ -43,6 +46,7 @@ Use the Start block for everything originating from the editor, deploy-to-API, o
 | **Schedule** | Timer managed in schedule block |
 | **Webhook** | On inbound HTTP request |
 | **RSS Feed** | New item published to feed |
+| **Email Polling Groups** | New email received in team Gmail or Outlook inboxes |
 
 > The Start block always exposes `input`, `conversationId`, and `files` fields. Add custom fields to the input format for additional structured data.
 
@@ -66,3 +70,24 @@ If your workflow has multiple triggers, the highest priority trigger will be exe
 
 **External triggers with mock payloads**: When external triggers (webhooks and integrations) are executed manually, Sim automatically generates mock payloads based on the trigger's expected data structure. This ensures downstream blocks can resolve variables correctly during testing.
 
+## Email Polling Groups
+
+Polling Groups let you monitor multiple team members' Gmail or Outlook inboxes with a single trigger. Requires a Team or Enterprise plan.
+
+**Creating a Polling Group** (Admin/Owner)
+
+1. Go to **Settings → Email Polling**
+2. Click **Create** and choose Gmail or Outlook
+3. Enter a name for the group
+
+**Inviting Members**
+
+1. Click **Add Members** on your polling group
+2. Enter email addresses (comma or newline separated, or drag & drop a CSV)
+3. Click **Send Invites**
+
+Invitees receive an email with a link to connect their account. Once connected, their inbox is automatically included in the polling group. Invitees don't need to be members of your Sim organization.
+
+**Using in a Workflow**
+
+When configuring an email trigger, select your polling group from the credentials dropdown instead of an individual account. The system creates webhooks for each member and routes all emails through your workflow.
diff --git a/apps/docs/content/docs/es/enterprise/index.mdx b/apps/docs/content/docs/es/enterprise/index.mdx
new file mode 100644
index 0000000000..48c3f59241
--- /dev/null
+++ b/apps/docs/content/docs/es/enterprise/index.mdx
@@ -0,0 +1,76 @@
+---
+title: Enterprise
+description: Funciones enterprise para organizaciones con requisitos avanzados
+  de seguridad y cumplimiento
+---
+
+import { Callout } from 'fumadocs-ui/components/callout'
+
+Sim Studio Enterprise proporciona funciones avanzadas para organizaciones con requisitos mejorados de seguridad, cumplimiento y gestión.
+
+---
+
+## Bring Your Own Key (BYOK)
+
+Usa tus propias claves API para proveedores de modelos de IA en lugar de las claves alojadas de Sim Studio.
+
+### Proveedores compatibles
+
+| Proveedor | Uso |
+|----------|-------|
+| OpenAI | Embeddings de base de conocimiento, bloque Agent |
+| Anthropic | Bloque Agent |
+| Google | Bloque Agent |
+| Mistral | OCR de base de conocimiento |
+
+### Configuración
+
+1. Navega a **Configuración** → **BYOK** en tu espacio de trabajo
+2. Haz clic en **Añadir clave** para tu proveedor
+3. Introduce tu clave API y guarda
+
+<Callout type="warn">
+  Las claves BYOK están cifradas en reposo. Solo los administradores y propietarios de la organización pueden gestionar las claves.
+</Callout>
+
+Cuando está configurado, los flujos de trabajo usan tu clave en lugar de las claves alojadas de Sim Studio. Si se elimina, los flujos de trabajo vuelven automáticamente a las claves alojadas.
+
+---
+
+## Single Sign-On (SSO)
+
+Autenticación enterprise con soporte SAML 2.0 y OIDC para gestión centralizada de identidades.
+
+### Proveedores compatibles
+
+- Okta
+- Azure AD / Entra ID
+- Google Workspace
+- OneLogin
+- Cualquier proveedor SAML 2.0 u OIDC
+
+### Configuración
+
+1. Navega a **Configuración** → **SSO** en tu espacio de trabajo
+2. Elige tu proveedor de identidad
+3. Configura la conexión usando los metadatos de tu IdP
+4. Activa SSO para tu organización
+
+<Callout type="info">
+  Una vez que SSO está activado, los miembros del equipo se autentican a través de tu proveedor de identidad en lugar de correo electrónico/contraseña.
+</Callout>
+
+---
+
+## Self-Hosted
+
+Para implementaciones self-hosted, las funciones enterprise se pueden activar mediante variables de entorno:
+
+| Variable | Descripción |
+|----------|-------------|
+| `SSO_ENABLED`, `NEXT_PUBLIC_SSO_ENABLED` | Inicio de sesión único con SAML/OIDC |
+| `CREDENTIAL_SETS_ENABLED`, `NEXT_PUBLIC_CREDENTIAL_SETS_ENABLED` | Grupos de sondeo para activadores de correo electrónico |
+
+<Callout type="warn">
+  BYOK solo está disponible en Sim Studio alojado. Las implementaciones autoalojadas configuran las claves de proveedor de IA directamente a través de variables de entorno.
+</Callout>
diff --git a/apps/docs/content/docs/es/mcp/deploy-workflows.mdx b/apps/docs/content/docs/es/mcp/deploy-workflows.mdx
index 82869165fa..5e2c6c51ae 100644
--- a/apps/docs/content/docs/es/mcp/deploy-workflows.mdx
+++ b/apps/docs/content/docs/es/mcp/deploy-workflows.mdx
@@ -17,7 +17,7 @@ Los servidores MCP agrupan tus herramientas de flujo de trabajo. Créalos y gest
   <Video src="mcp/mcp-server.mp4" width={700} height={450} />
 </div>
 
-1. Navega a **Configuración → Servidores MCP**
+1. Navega a **Configuración → MCP implementados**
 2. Haz clic en **Crear servidor**
 3. Introduce un nombre y una descripción opcional
 4. Copia la URL del servidor para usarla en tus clientes MCP
@@ -79,7 +79,7 @@ Incluye tu encabezado de clave API (`X-API-Key`) para acceso autenticado al usar
 
 ## Gestión del servidor
 
-Desde la vista de detalle del servidor en **Configuración → Servidores MCP**, puedes:
+Desde la vista de detalles del servidor en **Configuración → MCP implementados**, puedes:
 
 - **Ver herramientas**: consulta todos los flujos de trabajo añadidos a un servidor
 - **Copiar URL**: obtén la URL del servidor para clientes MCP
diff --git a/apps/docs/content/docs/es/mcp/index.mdx b/apps/docs/content/docs/es/mcp/index.mdx
index caa7319472..b6f92b43fa 100644
--- a/apps/docs/content/docs/es/mcp/index.mdx
+++ b/apps/docs/content/docs/es/mcp/index.mdx
@@ -26,8 +26,8 @@ Los servidores MCP proporcionan colecciones de herramientas que tus agentes pued
   <Video src="mcp/settings-mcp-tools.mp4" width={700} height={450} />
 </div>
 
-1. Navega a los ajustes de tu espacio de trabajo
-2. Ve a la sección **Servidores MCP**
+1. Navega a la configuración de tu espacio de trabajo
+2. Ve a la sección **MCP implementados**
 3. Haz clic en **Añadir servidor MCP**
 4. Introduce los detalles de configuración del servidor
 5. Guarda la configuración
diff --git a/apps/docs/content/docs/es/triggers/index.mdx b/apps/docs/content/docs/es/triggers/index.mdx
index 3aecce73b9..94fcb23e76 100644
--- a/apps/docs/content/docs/es/triggers/index.mdx
+++ b/apps/docs/content/docs/es/triggers/index.mdx
@@ -22,7 +22,7 @@ Utiliza el bloque Start para todo lo que se origina desde el editor, despliegue
 
 <Cards>
   <Card title="Start" href="/triggers/start">
-    Punto de entrada unificado que admite ejecuciones del editor, despliegues de API y despliegues de chat
+    Punto de entrada unificado que admite ejecuciones en el editor, despliegues de API y despliegues de chat
   </Card>
   <Card title="Webhook" href="/triggers/webhook">
     Recibe cargas útiles de webhooks externos
@@ -31,18 +31,22 @@ Utiliza el bloque Start para todo lo que se origina desde el editor, despliegue
     Ejecución basada en cron o intervalos
   </Card>
   <Card title="RSS Feed" href="/triggers/rss">
-    Monitorea feeds RSS y Atom para nuevo contenido
+    Monitorea feeds RSS y Atom para detectar contenido nuevo
+  </Card>
+  <Card title="Email Polling Groups" href="#email-polling-groups">
+    Monitorea bandejas de entrada de Gmail y Outlook del equipo
   </Card>
 </Cards>
 
 ## Comparación rápida
 
-| Disparador | Condición de inicio |
+| Trigger | Condición de inicio |
 |---------|-----------------|
-| **Start** | Ejecuciones del editor, solicitudes de despliegue a API o mensajes de chat |
+| **Start** | Ejecuciones en el editor, solicitudes de despliegue a API o mensajes de chat |
 | **Schedule** | Temporizador gestionado en el bloque de programación |
 | **Webhook** | Al recibir una solicitud HTTP entrante |
 | **RSS Feed** | Nuevo elemento publicado en el feed |
+| **Email Polling Groups** | Nuevo correo electrónico recibido en bandejas de entrada de Gmail o Outlook del equipo |
 
 > El bloque Start siempre expone los campos `input`, `conversationId` y `files`. Añade campos personalizados al formato de entrada para datos estructurados adicionales.
 
@@ -65,3 +69,25 @@ Cuando haces clic en **Ejecutar** en el editor, Sim selecciona automáticamente
 Si tu flujo de trabajo tiene múltiples disparadores, se ejecutará el disparador de mayor prioridad. Por ejemplo, si tienes tanto un bloque Start como un disparador Webhook, al hacer clic en Ejecutar se ejecutará el bloque Start.
 
 **Disparadores externos con cargas útiles simuladas**: Cuando los disparadores externos (webhooks e integraciones) se ejecutan manualmente, Sim genera automáticamente cargas útiles simuladas basadas en la estructura de datos esperada del disparador. Esto asegura que los bloques posteriores puedan resolver las variables correctamente durante las pruebas.
+
+## Grupos de sondeo de correo electrónico
+
+Los grupos de sondeo te permiten monitorear las bandejas de entrada de Gmail o Outlook de varios miembros del equipo con un solo activador. Requiere un plan Team o Enterprise.
+
+**Crear un grupo de sondeo** (administrador/propietario)
+
+1. Ve a **Configuración → Sondeo de correo electrónico**
+2. Haz clic en **Crear** y elige Gmail u Outlook
+3. Ingresa un nombre para el grupo
+
+**Invitar miembros**
+
+1. Haz clic en **Agregar miembros** en tu grupo de sondeo
+2. Ingresa direcciones de correo electrónico (separadas por comas o saltos de línea, o arrastra y suelta un CSV)
+3. Haz clic en **Enviar invitaciones**
+
+Los invitados reciben un correo electrónico con un enlace para conectar su cuenta. Una vez conectada, su bandeja de entrada se incluye automáticamente en el grupo de sondeo. Los invitados no necesitan ser miembros de tu organización Sim.
+
+**Usar en un flujo de trabajo**
+
+Al configurar un activador de correo electrónico, selecciona tu grupo de sondeo del menú desplegable de credenciales en lugar de una cuenta individual. El sistema crea webhooks para cada miembro y enruta todos los correos electrónicos a través de tu flujo de trabajo.
diff --git a/apps/docs/content/docs/fr/enterprise/index.mdx b/apps/docs/content/docs/fr/enterprise/index.mdx
new file mode 100644
index 0000000000..46efa6b6ac
--- /dev/null
+++ b/apps/docs/content/docs/fr/enterprise/index.mdx
@@ -0,0 +1,76 @@
+---
+title: Entreprise
+description: Fonctionnalités entreprise pour les organisations ayant des
+  exigences avancées en matière de sécurité et de conformité
+---
+
+import { Callout } from 'fumadocs-ui/components/callout'
+
+Sim Studio Entreprise fournit des fonctionnalités avancées pour les organisations ayant des exigences renforcées en matière de sécurité, de conformité et de gestion.
+
+---
+
+## Apportez votre propre clé (BYOK)
+
+Utilisez vos propres clés API pour les fournisseurs de modèles IA au lieu des clés hébergées par Sim Studio.
+
+### Fournisseurs pris en charge
+
+| Fournisseur | Utilisation |
+|----------|-------|
+| OpenAI | Embeddings de base de connaissances, bloc Agent |
+| Anthropic | Bloc Agent |
+| Google | Bloc Agent |
+| Mistral | OCR de base de connaissances |
+
+### Configuration
+
+1. Accédez à **Paramètres** → **BYOK** dans votre espace de travail
+2. Cliquez sur **Ajouter une clé** pour votre fournisseur
+3. Saisissez votre clé API et enregistrez
+
+<Callout type="warn">
+  Les clés BYOK sont chiffrées au repos. Seuls les administrateurs et propriétaires de l'organisation peuvent gérer les clés.
+</Callout>
+
+Une fois configurés, les workflows utilisent votre clé au lieu des clés hébergées par Sim Studio. Si elle est supprimée, les workflows basculent automatiquement vers les clés hébergées.
+
+---
+
+## Authentification unique (SSO)
+
+Authentification entreprise avec prise en charge de SAML 2.0 et OIDC pour une gestion centralisée des identités.
+
+### Fournisseurs pris en charge
+
+- Okta
+- Azure AD / Entra ID
+- Google Workspace
+- OneLogin
+- Tout fournisseur SAML 2.0 ou OIDC
+
+### Configuration
+
+1. Accédez à **Paramètres** → **SSO** dans votre espace de travail
+2. Choisissez votre fournisseur d'identité
+3. Configurez la connexion en utilisant les métadonnées de votre IdP
+4. Activez le SSO pour votre organisation
+
+<Callout type="info">
+  Une fois le SSO activé, les membres de l'équipe s'authentifient via votre fournisseur d'identité au lieu d'utiliser un email/mot de passe.
+</Callout>
+
+---
+
+## Auto-hébergé
+
+Pour les déploiements auto-hébergés, les fonctionnalités entreprise peuvent être activées via des variables d'environnement :
+
+| Variable | Description |
+|----------|-------------|
+| `SSO_ENABLED`, `NEXT_PUBLIC_SSO_ENABLED` | Authentification unique avec SAML/OIDC |
+| `CREDENTIAL_SETS_ENABLED`, `NEXT_PUBLIC_CREDENTIAL_SETS_ENABLED` | Groupes de sondage pour les déclencheurs d'e-mail |
+
+<Callout type="warn">
+  BYOK est uniquement disponible sur Sim Studio hébergé. Les déploiements auto-hébergés configurent les clés de fournisseur d'IA directement via les variables d'environnement.
+</Callout>
diff --git a/apps/docs/content/docs/fr/mcp/deploy-workflows.mdx b/apps/docs/content/docs/fr/mcp/deploy-workflows.mdx
index 61ecb33a7f..117f47e0ef 100644
--- a/apps/docs/content/docs/fr/mcp/deploy-workflows.mdx
+++ b/apps/docs/content/docs/fr/mcp/deploy-workflows.mdx
@@ -17,11 +17,11 @@ Les serveurs MCP regroupent vos outils de workflow. Créez-les et gérez-les dan
   <Video src="mcp/mcp-server.mp4" width={700} height={450} />
 </div>
 
-1. Accédez à **Paramètres → Serveurs MCP**
+1. Accédez à **Paramètres → MCP déployés**
 2. Cliquez sur **Créer un serveur**
 3. Saisissez un nom et une description facultative
 4. Copiez l'URL du serveur pour l'utiliser dans vos clients MCP
-5. Consultez et gérez tous les outils ajoutés au serveur
+5. Affichez et gérez tous les outils ajoutés au serveur
 
 ## Ajouter un workflow en tant qu'outil
 
@@ -79,7 +79,7 @@ Incluez votre en-tête de clé API (`X-API-Key`) pour un accès authentifié lor
 
 ## Gestion du serveur
 
-Depuis la vue détaillée du serveur dans **Paramètres → Serveurs MCP**, vous pouvez :
+Depuis la vue détaillée du serveur dans **Paramètres → MCP déployés**, vous pouvez :
 
 - **Voir les outils** : voir tous les workflows ajoutés à un serveur
 - **Copier l'URL** : obtenir l'URL du serveur pour les clients MCP
diff --git a/apps/docs/content/docs/fr/mcp/index.mdx b/apps/docs/content/docs/fr/mcp/index.mdx
index 97fb04ffab..b292186692 100644
--- a/apps/docs/content/docs/fr/mcp/index.mdx
+++ b/apps/docs/content/docs/fr/mcp/index.mdx
@@ -28,7 +28,7 @@ Les serveurs MCP fournissent des collections d'outils que vos agents peuvent uti
 </div>
 
 1. Accédez aux paramètres de votre espace de travail
-2. Allez à la section **Serveurs MCP**
+2. Allez dans la section **MCP déployés**
 3. Cliquez sur **Ajouter un serveur MCP**
 4. Saisissez les détails de configuration du serveur
 5. Enregistrez la configuration
diff --git a/apps/docs/content/docs/fr/triggers/index.mdx b/apps/docs/content/docs/fr/triggers/index.mdx
index 08edba3acd..2102b482f7 100644
--- a/apps/docs/content/docs/fr/triggers/index.mdx
+++ b/apps/docs/content/docs/fr/triggers/index.mdx
@@ -22,7 +22,7 @@ Utilisez le bloc Démarrer pour tout ce qui provient de l'éditeur, du déploiem
 
 <Cards>
   <Card title="Start" href="/triggers/start">
-    Point d'entrée unifié qui prend en charge les exécutions de l'éditeur, les déploiements d'API et les déploiements de chat
+    Point d'entrée unifié qui prend en charge les exécutions dans l'éditeur, les déploiements API et les déploiements de chat
   </Card>
   <Card title="Webhook" href="/triggers/webhook">
     Recevoir des charges utiles de webhook externes
@@ -31,18 +31,22 @@ Utilisez le bloc Démarrer pour tout ce qui provient de l'éditeur, du déploiem
     Exécution basée sur cron ou intervalle
   </Card>
   <Card title="RSS Feed" href="/triggers/rss">
-    Surveiller les flux RSS et Atom pour du nouveau contenu
+    Surveiller les flux RSS et Atom pour détecter du nouveau contenu
+  </Card>
+  <Card title="Email Polling Groups" href="#email-polling-groups">
+    Surveiller les boîtes de réception Gmail et Outlook de l'équipe
   </Card>
 </Cards>
 
 ## Comparaison rapide
 
 | Déclencheur | Condition de démarrage |
-|---------|-----------------|
-| **Start** | Exécutions de l'éditeur, requêtes de déploiement d'API ou messages de chat |
+|-------------|------------------------|
+| **Start** | Exécutions dans l'éditeur, requêtes de déploiement vers l'API ou messages de chat |
 | **Schedule** | Minuteur géré dans le bloc de planification |
-| **Webhook** | Sur requête HTTP entrante |
+| **Webhook** | Lors d'une requête HTTP entrante |
 | **RSS Feed** | Nouvel élément publié dans le flux |
+| **Email Polling Groups** | Nouvel e-mail reçu dans les boîtes de réception Gmail ou Outlook de l'équipe |
 
 > Le bloc Démarrer expose toujours les champs `input`, `conversationId` et `files`. Ajoutez des champs personnalisés au format d'entrée pour des données structurées supplémentaires.
 
@@ -65,3 +69,25 @@ Lorsque vous cliquez sur **Exécuter** dans l'éditeur, Sim sélectionne automat
 Si votre flux de travail comporte plusieurs déclencheurs, le déclencheur de priorité la plus élevée sera exécuté. Par exemple, si vous avez à la fois un bloc Démarrer et un déclencheur Webhook, cliquer sur Exécuter exécutera le bloc Démarrer.
 
 **Déclencheurs externes avec charges utiles simulées** : lorsque des déclencheurs externes (webhooks et intégrations) sont exécutés manuellement, Sim génère automatiquement des charges utiles simulées basées sur la structure de données attendue du déclencheur. Cela garantit que les blocs en aval peuvent résoudre correctement les variables pendant les tests.
+
+## Groupes de surveillance d'e-mails
+
+Les groupes de surveillance vous permettent de surveiller les boîtes de réception Gmail ou Outlook de plusieurs membres de l'équipe avec un seul déclencheur. Nécessite un forfait Team ou Enterprise.
+
+**Créer un groupe de surveillance** (Admin/Propriétaire)
+
+1. Accédez à **Paramètres → Surveillance d'e-mails**
+2. Cliquez sur **Créer** et choisissez Gmail ou Outlook
+3. Entrez un nom pour le groupe
+
+**Inviter des membres**
+
+1. Cliquez sur **Ajouter des membres** dans votre groupe de surveillance
+2. Entrez les adresses e-mail (séparées par des virgules ou des sauts de ligne, ou glissez-déposez un fichier CSV)
+3. Cliquez sur **Envoyer les invitations**
+
+Les personnes invitées reçoivent un e-mail avec un lien pour connecter leur compte. Une fois connectée, leur boîte de réception est automatiquement incluse dans le groupe de surveillance. Les personnes invitées n'ont pas besoin d'être membres de votre organisation Sim.
+
+**Utiliser dans un workflow**
+
+Lors de la configuration d'un déclencheur d'e-mail, sélectionnez votre groupe de surveillance dans le menu déroulant des identifiants au lieu d'un compte individuel. Le système crée des webhooks pour chaque membre et achemine tous les e-mails via votre workflow.
diff --git a/apps/docs/content/docs/ja/enterprise/index.mdx b/apps/docs/content/docs/ja/enterprise/index.mdx
new file mode 100644
index 0000000000..a08a5a51d5
--- /dev/null
+++ b/apps/docs/content/docs/ja/enterprise/index.mdx
@@ -0,0 +1,75 @@
+---
+title: エンタープライズ
+description: 高度なセキュリティとコンプライアンス要件を持つ組織向けのエンタープライズ機能
+---
+
+import { Callout } from 'fumadocs-ui/components/callout'
+
+Sim Studio Enterpriseは、強化されたセキュリティ、コンプライアンス、管理要件を持つ組織向けの高度な機能を提供します。
+
+---
+
+## Bring Your Own Key (BYOK)
+
+Sim Studioのホストキーの代わりに、AIモデルプロバイダー用の独自のAPIキーを使用できます。
+
+### 対応プロバイダー
+
+| プロバイダー | 用途 |
+|----------|-------|
+| OpenAI | ナレッジベースの埋め込み、エージェントブロック |
+| Anthropic | エージェントブロック |
+| Google | エージェントブロック |
+| Mistral | ナレッジベースOCR |
+
+### セットアップ
+
+1. ワークスペースの**設定** → **BYOK**に移動します
+2. プロバイダーの**キーを追加**をクリックします
+3. APIキーを入力して保存します
+
+<Callout type="warn">
+  BYOKキーは保存時に暗号化されます。組織の管理者とオーナーのみがキーを管理できます。
+</Callout>
+
+設定すると、ワークフローはSim Studioのホストキーの代わりに独自のキーを使用します。削除すると、ワークフローは自動的にホストキーにフォールバックします。
+
+---
+
+## シングルサインオン (SSO)
+
+集中型IDマネジメントのためのSAML 2.0およびOIDCサポートを備えたエンタープライズ認証。
+
+### 対応プロバイダー
+
+- Okta
+- Azure AD / Entra ID
+- Google Workspace
+- OneLogin
+- SAML 2.0またはOIDCに対応する任意のプロバイダー
+
+### セットアップ
+
+1. ワークスペースの**設定** → **SSO**に移動します
+2. IDプロバイダーを選択します
+3. IdPのメタデータを使用して接続を設定します
+4. 組織のSSOを有効にします
+
+<Callout type="info">
+  SSOを有効にすると、チームメンバーはメール/パスワードの代わりにIDプロバイダーを通じて認証します。
+</Callout>
+
+---
+
+## セルフホスト
+
+セルフホストデプロイメントの場合、エンタープライズ機能は環境変数を介して有効にできます:
+
+| 変数 | 説明 |
+|----------|-------------|
+| `SSO_ENABLED`、`NEXT_PUBLIC_SSO_ENABLED` | SAML/OIDCによるシングルサインオン |
+| `CREDENTIAL_SETS_ENABLED`、`NEXT_PUBLIC_CREDENTIAL_SETS_ENABLED` | メールトリガー用のポーリンググループ |
+
+<Callout type="warn">
+  BYOKはホスト型Sim Studioでのみ利用可能です。セルフホスト型デプロイメントでは、環境変数を介してAIプロバイダーキーを直接設定します。
+</Callout>
diff --git a/apps/docs/content/docs/ja/mcp/deploy-workflows.mdx b/apps/docs/content/docs/ja/mcp/deploy-workflows.mdx
index e253982a33..3b14430e26 100644
--- a/apps/docs/content/docs/ja/mcp/deploy-workflows.mdx
+++ b/apps/docs/content/docs/ja/mcp/deploy-workflows.mdx
@@ -16,11 +16,11 @@ MCPサーバーは、ワークフローツールをまとめてグループ化
   <Video src="mcp/mcp-server.mp4" width={700} height={450} />
 </div>
 
-1. **設定 → MCPサーバー**に移動
-2. **サーバーを作成**をクリック
-3. 名前と説明(任意)を入力
-4. MCPクライアントで使用するためにサーバーURLをコピー
-5. サーバーに追加されたすべてのツールを表示・管理
+1. **設定 → デプロイ済みMCP**に移動します
+2. **サーバーを作成**をクリックします
+3. 名前とオプションの説明を入力します
+4. MCPクライアントで使用するためにサーバーURLをコピーします
+5. サーバーに追加されたすべてのツールを表示および管理します
 
 ## ワークフローをツールとして追加
 
@@ -78,7 +78,7 @@ mcp-remoteまたは他のHTTPベースのMCPトランスポートを使用する
 
 ## サーバー管理
 
-**設定 → MCPサーバー**のサーバー詳細ビューから、以下の操作が可能です:
+**設定 → デプロイ済みMCP**のサーバー詳細ビューから、次のことができます:
 
 - **ツールを表示**: サーバーに追加されたすべてのワークフローを確認
 - **URLをコピー**: MCPクライアント用のサーバーURLを取得
diff --git a/apps/docs/content/docs/ja/mcp/index.mdx b/apps/docs/content/docs/ja/mcp/index.mdx
index 48907a92f5..6b2a49c421 100644
--- a/apps/docs/content/docs/ja/mcp/index.mdx
+++ b/apps/docs/content/docs/ja/mcp/index.mdx
@@ -27,10 +27,10 @@ MCPサーバーはエージェントが使用できるツールのコレクシ
 </div>
 
 1. ワークスペース設定に移動します
-2. **MCPサーバー**セクションに進みます
+2. **デプロイ済みMCP**セクションに移動します
 3. **MCPサーバーを追加**をクリックします
-4. サーバー構成の詳細を入力します
-5. 構成を保存します
+4. サーバー設定の詳細を入力します
+5. 設定を保存します
 
 <Callout type="info">
 エージェントブロックのツールバーから直接MCPサーバーを構成することもできます（クイックセットアップ）。
diff --git a/apps/docs/content/docs/ja/triggers/index.mdx b/apps/docs/content/docs/ja/triggers/index.mdx
index c2d7991a59..9095371cf3 100644
--- a/apps/docs/content/docs/ja/triggers/index.mdx
+++ b/apps/docs/content/docs/ja/triggers/index.mdx
@@ -22,16 +22,19 @@ import { Image } from '@/components/ui/image'
 
 <Cards>
   <Card title="Start" href="/triggers/start">
-    エディタ実行、APIデプロイメント、チャットデプロイメントをサポートする統合エントリーポイント
+    エディター実行、APIデプロイ、チャットデプロイをサポートする統合エントリーポイント
   </Card>
   <Card title="Webhook" href="/triggers/webhook">
-    外部のwebhookペイロードを受信
+    外部Webhookペイロードを受信
   </Card>
   <Card title="Schedule" href="/triggers/schedule">
-    Cronまたは間隔ベースの実行
+    Cronまたはインターバルベースの実行
   </Card>
   <Card title="RSS Feed" href="/triggers/rss">
-    新しいコンテンツのRSSとAtomフィードを監視
+    RSSおよびAtomフィードの新しいコンテンツを監視
+  </Card>
+  <Card title="Email Polling Groups" href="#email-polling-groups">
+    チームのGmailおよびOutlook受信トレイを監視
   </Card>
 </Cards>
 
@@ -39,10 +42,11 @@ import { Image } from '@/components/ui/image'
 
 | トリガー | 開始条件 |
 |---------|-----------------|
-| **Start** | エディタ実行、APIへのデプロイリクエスト、またはチャットメッセージ |
+| **Start** | エディター実行、deploy-to-APIリクエスト、またはチャットメッセージ |
 | **Schedule** | スケジュールブロックで管理されるタイマー |
-| **Webhook** | 受信HTTPリクエスト時 |
+| **Webhook** | インバウンドHTTPリクエスト時 |
 | **RSS Feed** | フィードに新しいアイテムが公開された時 |
+| **Email Polling Groups** | チームのGmailまたはOutlook受信トレイに新しいメールが受信された時 |
 
 > スタートブロックは常に `input`、`conversationId`、および `files` フィールドを公開します。追加の構造化データには入力フォーマットにカスタムフィールドを追加してください。
 
@@ -65,3 +69,25 @@ import { Image } from '@/components/ui/image'
 ワークフローに複数のトリガーがある場合、最も優先度の高いトリガーが実行されます。例えば、スタートブロックとウェブフックトリガーの両方がある場合、実行をクリックするとスタートブロックが実行されます。
 
 **モックペイロードを持つ外部トリガー**: 外部トリガー（ウェブフックと連携）が手動で実行される場合、Simはトリガーの予想されるデータ構造に基づいてモックペイロードを自動生成します。これにより、テスト中に下流のブロックが変数を正しく解決できるようになります。
+
+## Email Polling Groups
+
+Polling Groupsを使用すると、単一のトリガーで複数のチームメンバーのGmailまたはOutlook受信トレイを監視できます。TeamまたはEnterpriseプランが必要です。
+
+**Polling Groupの作成**（管理者/オーナー）
+
+1. **設定 → Email Polling**に移動
+2. **作成**をクリックし、GmailまたはOutlookを選択
+3. グループの名前を入力
+
+**メンバーの招待**
+
+1. Polling Groupの**メンバーを追加**をクリック
+2. メールアドレスを入力（カンマまたは改行で区切る、またはCSVをドラッグ&ドロップ）
+3. **招待を送信**をクリック
+
+招待された人は、アカウントを接続するためのリンクが記載されたメールを受信します。接続されると、その受信トレイは自動的にPolling Groupに含まれます。招待された人は、Sim組織のメンバーである必要はありません。
+
+**ワークフローでの使用**
+
+メールトリガーを設定する際、個別のアカウントではなく、認証情報ドロップダウンからPolling Groupを選択します。システムは各メンバーのWebhookを作成し、すべてのメールをワークフローを通じてルーティングします。
diff --git a/apps/docs/content/docs/zh/enterprise/index.mdx b/apps/docs/content/docs/zh/enterprise/index.mdx
new file mode 100644
index 0000000000..045a14ea4d
--- /dev/null
+++ b/apps/docs/content/docs/zh/enterprise/index.mdx
@@ -0,0 +1,75 @@
+---
+title: 企业版
+description: 为具有高级安全性和合规性需求的组织提供企业级功能
+---
+
+import { Callout } from 'fumadocs-ui/components/callout'
+
+Sim Studio 企业版为需要更高安全性、合规性和管理能力的组织提供高级功能。
+
+---
+
+## 自带密钥（BYOK）
+
+使用您自己的 API 密钥对接 AI 模型服务商，而不是使用 Sim Studio 托管的密钥。
+
+### 支持的服务商
+
+| Provider | Usage |
+|----------|-------|
+| OpenAI | 知识库嵌入、Agent 模块 |
+| Anthropic | Agent 模块 |
+| Google | Agent 模块 |
+| Mistral | 知识库 OCR |
+
+### 配置方法
+
+1. 在您的工作区进入 **设置** → **BYOK**
+2. 为您的服务商点击 **添加密钥**
+3. 输入您的 API 密钥并保存
+
+<Callout type="warn">
+  BYOK 密钥静态加密存储。仅组织管理员和所有者可管理密钥。
+</Callout>
+
+配置后，工作流将使用您的密钥而非 Sim Studio 托管密钥。如移除，工作流会自动切换回托管密钥。
+
+---
+
+## 单点登录（SSO）
+
+企业级身份认证，支持 SAML 2.0 和 OIDC，实现集中式身份管理。
+
+### 支持的服务商
+
+- Okta
+- Azure AD / Entra ID
+- Google Workspace
+- OneLogin
+- 任何 SAML 2.0 或 OIDC 服务商
+
+### 配置方法
+
+1. 在您的工作区进入 **设置** → **SSO**
+2. 选择您的身份提供商
+3. 使用 IdP 元数据配置连接
+4. 为您的组织启用 SSO
+
+<Callout type="info">
+  启用 SSO 后，团队成员将通过您的身份提供商进行身份验证，而不再使用邮箱/密码。
+</Callout>
+
+---
+
+## 自主部署
+
+对于自主部署场景，可通过环境变量启用企业功能：
+
+| 变量 | 描述 |
+|----------|-------------|
+| `SSO_ENABLED`，`NEXT_PUBLIC_SSO_ENABLED` | 使用 SAML/OIDC 的单点登录 |
+| `CREDENTIAL_SETS_ENABLED`，`NEXT_PUBLIC_CREDENTIAL_SETS_ENABLED` | 用于邮件触发器的轮询组 |
+
+<Callout type="warn">
+  BYOK 仅适用于托管版 Sim Studio。自托管部署需通过环境变量直接配置 AI 提供商密钥。
+</Callout>
diff --git a/apps/docs/content/docs/zh/mcp/deploy-workflows.mdx b/apps/docs/content/docs/zh/mcp/deploy-workflows.mdx
index 982883053e..b5d20de930 100644
--- a/apps/docs/content/docs/zh/mcp/deploy-workflows.mdx
+++ b/apps/docs/content/docs/zh/mcp/deploy-workflows.mdx
@@ -16,11 +16,11 @@ MCP 服务器用于将您的工作流工具进行分组。您可以在工作区
   <Video src="mcp/mcp-server.mp4" width={700} height={450} />
 </div>
 
-1. 进入 **设置 → MCP 服务器**
+1. 进入 **设置 → 已部署的 MCPs**
 2. 点击 **创建服务器**
 3. 输入名称和可选描述
-4. 复制服务器 URL 以在您的 MCP 客户端中使用
-5. 查看并管理已添加到服务器的所有工具
+4. 复制服务器 URL 以在你的 MCP 客户端中使用
+5. 查看并管理已添加到该服务器的所有工具
 
 ## 添加工作流为工具
 
@@ -78,7 +78,7 @@ MCP 服务器用于将您的工作流工具进行分组。您可以在工作区
 
 ## 服务器管理
 
-在 **设置 → MCP 服务器** 的服务器详情视图中，您可以：
+在 **设置 → 已部署的 MCPs** 的服务器详情页，你可以：
 
 - **查看工具**：查看添加到服务器的所有工作流
 - **复制 URL**：获取 MCP 客户端的服务器 URL
diff --git a/apps/docs/content/docs/zh/mcp/index.mdx b/apps/docs/content/docs/zh/mcp/index.mdx
index d8d4263bc0..98e72d4507 100644
--- a/apps/docs/content/docs/zh/mcp/index.mdx
+++ b/apps/docs/content/docs/zh/mcp/index.mdx
@@ -27,9 +27,9 @@ MCP 服务器提供工具集合，供您的代理使用。您可以在工作区
 </div>
 
 1. 进入您的工作区设置
-2. 转到 **MCP 服务器** 部分
-3. 点击 **添加 MCP 服务器**
-4. 输入服务器配置详情
+2. 前往 **Deployed MCPs** 部分
+3. 点击 **Add MCP Server**
+4. 输入服务器配置信息
 5. 保存配置
 
 <Callout type="info">
diff --git a/apps/docs/content/docs/zh/triggers/index.mdx b/apps/docs/content/docs/zh/triggers/index.mdx
index 4278aad11b..a17b11dd32 100644
--- a/apps/docs/content/docs/zh/triggers/index.mdx
+++ b/apps/docs/content/docs/zh/triggers/index.mdx
@@ -21,17 +21,20 @@ import { Image } from '@/components/ui/image'
 使用 Start 块处理从编辑器、部署到 API 或部署到聊天的所有操作。其他触发器可用于事件驱动的工作流：
 
 <Cards>
-  <Card title="开始" href="/triggers/start">
-    支持编辑器运行、API 部署和聊天部署的统一入口点
+  <Card title="Start" href="/triggers/start">
+    支持编辑器运行、API 部署和聊天部署的统一入口
   </Card>
   <Card title="Webhook" href="/triggers/webhook">
     接收外部 webhook 负载
   </Card>
-  <Card title="计划" href="/triggers/schedule">
-    基于 Cron 或间隔的执行
+  <Card title="Schedule" href="/triggers/schedule">
+    基于 cron 或间隔的执行
   </Card>
-  <Card title="RSS 源" href="/triggers/rss">
-    监控 RSS 和 Atom 源的新内容
+  <Card title="RSS Feed" href="/triggers/rss">
+    监控 RSS 和 Atom 订阅源的新内容
+  </Card>
+  <Card title="Email Polling Groups" href="#email-polling-groups">
+    监控团队 Gmail 和 Outlook 收件箱
   </Card>
 </Cards>
 
@@ -39,10 +42,11 @@ import { Image } from '@/components/ui/image'
 
 | 触发器 | 启动条件 |
 |---------|-----------------|
-| **开始** | 编辑器运行、部署到 API 请求或聊天消息 |
-| **计划** | 在计划块中管理的计时器 |
+| **Start** | 编辑器运行、API 部署请求或聊天消息 |
+| **Schedule** | 在 schedule 块中管理的定时器 |
 | **Webhook** | 收到入站 HTTP 请求时 |
-| **RSS 源** | 源中发布了新项目 |
+| **RSS Feed** | 订阅源中有新内容发布时 |
+| **Email Polling Groups** | 团队 Gmail 或 Outlook 收件箱收到新邮件时 |
 
 > Start 块始终公开 `input`、`conversationId` 和 `files` 字段。通过向输入格式添加自定义字段来增加结构化数据。
 
@@ -65,3 +69,25 @@ import { Image } from '@/components/ui/image'
 如果您的工作流有多个触发器，将执行优先级最高的触发器。例如，如果您同时有 Start 块和 Webhook 触发器，点击运行将执行 Start 块。
 
 **带有模拟负载的外部触发器**：当手动执行外部触发器（如 webhooks 和集成）时，Sim 会根据触发器的预期数据结构自动生成模拟负载。这确保了在测试过程中，下游模块可以正确解析变量。
+
+## 邮件轮询组
+
+轮询组可让你通过单一触发器监控多个团队成员的 Gmail 或 Outlook 收件箱。需要 Team 或 Enterprise 方案。
+
+**创建轮询组**（管理员/所有者）
+
+1. 前往 **设置 → 邮件轮询**
+2. 点击 **创建**，选择 Gmail 或 Outlook
+3. 输入组名
+
+**邀请成员**
+
+1. 在你的轮询组中点击 **添加成员**
+2. 输入邮箱地址（用逗号或换行分隔，或拖拽 CSV 文件）
+3. 点击 **发送邀请**
+
+受邀者会收到一封带有连接账户链接的邮件。连接后，他们的收件箱会自动加入轮询组。受邀者无需成为你的 Sim 组织成员。
+
+**在工作流中使用**
+
+配置邮件触发器时，从凭据下拉菜单中选择你的轮询组，而不是单独账户。系统会为每位成员创建 webhook，并将所有邮件通过你的工作流进行处理。
diff --git a/apps/docs/i18n.lock b/apps/docs/i18n.lock
index ac41c96b39..99e4ad41d1 100644
--- a/apps/docs/i18n.lock
+++ b/apps/docs/i18n.lock
@@ -4343,7 +4343,7 @@ checksums:
     content/5: 6eee8c607e72b6c444d7b3ef07244f20
     content/6: 747991e0e80e306dce1061ef7802db2a
     content/7: 430153eacb29c66026cf71944df7be20
-    content/8: 5950966e19939b7a3a320d56ee4a674c
+    content/8: f9bdeac954d1d138c954c151db0403ec
     content/9: 159cf7a6d62e64b0c5db27e73b8c1ff5
     content/10: a723187777f9a848d4daa563e9dcbe17
     content/11: b1c5f14e5290bcbbf5d590361ee7c053
@@ -5789,9 +5789,9 @@ checksums:
     content/1: e71056df0f7b2eb3b2f271f21d0052cc
     content/2: da2b445db16c149f56558a4ea876a5f0
     content/3: cec18f48b2cd7974eb556880e6604f7f
-    content/4: b200402d6a01ab565fd56d113c530ef6
+    content/4: cff35e4208de8f6ef36a6eae79915fab
     content/5: 4c3a5708af82c1ee42a12d14fd34e950
-    content/6: 64fbd5b16f4cff18ba976492a275c05e
+    content/6: 00a9f255e60b5979014694b0c2a3ba26
     content/7: a28151eeb5ba3518b33809055b04f0f6
     content/8: cffe5b901d78ebf2000d07dc7579533e
     content/9: 73486253d24eeff7ac44dfd0c8868d87
@@ -5801,6 +5801,15 @@ checksums:
     content/13: e5ca2445d3b69b062af5bf0a2988e760
     content/14: 67e0b520d57e352689789eff5803ebbc
     content/15: a1d7382600994068ca24dc03f46b7c73
+    content/16: 1895a0c773fddeb014c7aab468593b30
+    content/17: 5b478d664a0b1bc76f19516b2a6e2788
+    content/18: c97883b63e5e455cd2de51f0406f963f
+    content/19: 2ff6c01b8eebbdd653d864b105f53cde
+    content/20: 523b34e945343591d1df51a6ba6357dd
+    content/21: e6611cff00c91bd2327660aebf9418f4
+    content/22: 87e7e7df71f0883369e8abda30289c0f
+    content/23: b248d9eda347cfb122101a4e4b5eaa53
+    content/24: 2f003723d891d6c53c398b86c7397577
   0bf172ef4ee9a2c94a2967d7d320b81b:
     meta/title: 330265974a03ee22a09f42fa4ece25f6
     meta/description: e3d54cbedf551315cf9e8749228c2d1c
@@ -50141,7 +50150,7 @@ checksums:
     content/2: b082096b0c871b2a40418e479af6f158
     content/3: 9c94aa34f44540b0632931a8244a6488
     content/4: 14f33e16b5a98e4dbdda2a27aa0d7afb
-    content/5: d7b36732970b7649dd1aa1f1d0a34e74
+    content/5: 3ea8bad9314f442a69a87f313419ef1a
     content/6: f554f833467a6dae5391372fc41dad53
     content/7: 9cdb9189ecfcc4a6f567d3fd5fe342f0
     content/8: 9a107692cb52c284c1cb022b516d700b
@@ -50158,7 +50167,7 @@ checksums:
     content/19: a618fcff50c4856113428639359a922b
     content/20: 5fd3a6d2dcd8aa18dbf0b784acaa271c
     content/21: d118656dd565c4c22f3c0c3a7c7f3bee
-    content/22: f49b9be78f1e7a569e290acc1365d417
+    content/22: c161e7bcfba9cf6ef0ab8ef40ac0c17a
     content/23: 0a70ebe6eb4c543c3810977ed46b69b0
     content/24: ad8638a3473c909dbcb1e1d9f4f26381
     content/25: 95343a9f81cd050d3713988c677c750f
@@ -50299,3 +50308,30 @@ checksums:
     content/68: ba6b5020ed971cd7ffc7f0423650dfbf
     content/69: b3f310d5ef115bea5a8b75bf25d7ea9a
     content/70: 0362be478aa7ba4b6d1ebde0bd83e83a
+  f5bc5f89ed66818f4c485c554bf26eea:
+    meta/title: c70474271708e5b27392fde87462fa26
+    meta/description: 7b47db7fbb818c180b99354b912a72b3
+    content/0: 232be69c8f3053a40f695f9c9dcb3f2e
+    content/1: a4a62a6e782e18bd863546dfcf2aec1c
+    content/2: 51adf33450cab2ef392e93147386647c
+    content/3: ada515cf6e2e0f9d3f57f720f79699d3
+    content/4: d5e8b9f64d855675588845dc4124c491
+    content/5: 3acf1f0551f6097ca6159e66f5c8da1a
+    content/6: 6a6e277ded1a063ec2c2067abb519088
+    content/7: 6debcd334c3310480cbe6feab87f37b5
+    content/8: 0e3372052a2b3a1c43d853d6ed269d69
+    content/9: 90063613714128f4e61e9588e2d2c735
+    content/10: 182154179fe2a8b6b73fde0d04e0bf4c
+    content/11: 51adf33450cab2ef392e93147386647c
+    content/12: 73c3e8a5d36d6868fdb455fcb3d6074c
+    content/13: 30cd8f1d6197bce560a091ba19d0392a
+    content/14: 3acf1f0551f6097ca6159e66f5c8da1a
+    content/15: 997deef758698d207be9382c45301ad6
+    content/16: 6debcd334c3310480cbe6feab87f37b5
+    content/17: e26c8c2dffd70baef0253720c1511886
+    content/18: a99eba53979531f1c974cf653c346909
+    content/19: 51adf33450cab2ef392e93147386647c
+    content/20: ca3ec889fb218b8b130959ff04baa659
+    content/21: 306617201cf63b42f09bb72c9722e048
+    content/22: 4b48ba3f10b043f74b70edeb4ad87080
+    content/23: c8531bd570711abc1963d8b5dcf9deef
diff --git a/apps/sim/app/(auth)/signup/signup-form.tsx b/apps/sim/app/(auth)/signup/signup-form.tsx
index 0c08283b37..108e964909 100644
--- a/apps/sim/app/(auth)/signup/signup-form.tsx
+++ b/apps/sim/app/(auth)/signup/signup-form.tsx
@@ -109,11 +109,15 @@ function SignupFormContent({
       setEmail(emailParam)
     }
 
-    const redirectParam = searchParams.get('redirect')
+    // Check both 'redirect' and 'callbackUrl' params (login page uses callbackUrl)
+    const redirectParam = searchParams.get('redirect') || searchParams.get('callbackUrl')
     if (redirectParam) {
       setRedirectUrl(redirectParam)
 
-      if (redirectParam.startsWith('/invite/')) {
+      if (
+        redirectParam.startsWith('/invite/') ||
+        redirectParam.startsWith('/credential-account/')
+      ) {
         setIsInviteFlow(true)
       }
     }
diff --git a/apps/sim/app/api/auth/oauth/disconnect/route.test.ts b/apps/sim/app/api/auth/oauth/disconnect/route.test.ts
index 9cd956fee6..7f625d2539 100644
--- a/apps/sim/app/api/auth/oauth/disconnect/route.test.ts
+++ b/apps/sim/app/api/auth/oauth/disconnect/route.test.ts
@@ -8,11 +8,18 @@ import { createMockLogger, createMockRequest } from '@/app/api/__test-utils__/ut
 
 describe('OAuth Disconnect API Route', () => {
   const mockGetSession = vi.fn()
+  const mockSelectChain = {
+    from: vi.fn().mockReturnThis(),
+    innerJoin: vi.fn().mockReturnThis(),
+    where: vi.fn().mockResolvedValue([]),
+  }
   const mockDb = {
     delete: vi.fn().mockReturnThis(),
     where: vi.fn(),
+    select: vi.fn().mockReturnValue(mockSelectChain),
   }
   const mockLogger = createMockLogger()
+  const mockSyncAllWebhooksForCredentialSet = vi.fn().mockResolvedValue({})
 
   const mockUUID = 'mock-uuid-12345678-90ab-cdef-1234-567890abcdef'
 
@@ -33,6 +40,13 @@ describe('OAuth Disconnect API Route', () => {
 
     vi.doMock('@sim/db/schema', () => ({
       account: { userId: 'userId', providerId: 'providerId' },
+      credentialSetMember: {
+        id: 'id',
+        credentialSetId: 'credentialSetId',
+        userId: 'userId',
+        status: 'status',
+      },
+      credentialSet: { id: 'id', providerId: 'providerId' },
     }))
 
     vi.doMock('drizzle-orm', () => ({
@@ -45,6 +59,14 @@ describe('OAuth Disconnect API Route', () => {
     vi.doMock('@sim/logger', () => ({
       createLogger: vi.fn().mockReturnValue(mockLogger),
     }))
+
+    vi.doMock('@/lib/core/utils/request', () => ({
+      generateRequestId: vi.fn().mockReturnValue('test-request-id'),
+    }))
+
+    vi.doMock('@/lib/webhooks/utils.server', () => ({
+      syncAllWebhooksForCredentialSet: mockSyncAllWebhooksForCredentialSet,
+    }))
   })
 
   afterEach(() => {
diff --git a/apps/sim/app/api/auth/oauth/disconnect/route.ts b/apps/sim/app/api/auth/oauth/disconnect/route.ts
index 5050e86172..be645aa732 100644
--- a/apps/sim/app/api/auth/oauth/disconnect/route.ts
+++ b/apps/sim/app/api/auth/oauth/disconnect/route.ts
@@ -1,11 +1,12 @@
 import { db } from '@sim/db'
-import { account } from '@sim/db/schema'
+import { account, credentialSet, credentialSetMember } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
 import { and, eq, like, or } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { generateRequestId } from '@/lib/core/utils/request'
+import { syncAllWebhooksForCredentialSet } from '@/lib/webhooks/utils.server'
 
 export const dynamic = 'force-dynamic'
 
@@ -74,6 +75,49 @@ export async function POST(request: NextRequest) {
         )
     }
 
+    // Sync webhooks for all credential sets the user is a member of
+    // This removes webhooks that were using the disconnected credential
+    const userMemberships = await db
+      .select({
+        id: credentialSetMember.id,
+        credentialSetId: credentialSetMember.credentialSetId,
+        providerId: credentialSet.providerId,
+      })
+      .from(credentialSetMember)
+      .innerJoin(credentialSet, eq(credentialSetMember.credentialSetId, credentialSet.id))
+      .where(
+        and(
+          eq(credentialSetMember.userId, session.user.id),
+          eq(credentialSetMember.status, 'active')
+        )
+      )
+
+    for (const membership of userMemberships) {
+      // Only sync if the credential set matches this provider
+      // Credential sets store OAuth provider IDs like 'google-email' or 'outlook'
+      const matchesProvider =
+        membership.providerId === provider ||
+        membership.providerId === providerId ||
+        membership.providerId?.startsWith(`${provider}-`)
+
+      if (matchesProvider) {
+        try {
+          await syncAllWebhooksForCredentialSet(membership.credentialSetId, requestId)
+          logger.info(`[${requestId}] Synced webhooks after credential disconnect`, {
+            credentialSetId: membership.credentialSetId,
+            provider,
+          })
+        } catch (error) {
+          // Log but don't fail the disconnect - credential is already removed
+          logger.error(`[${requestId}] Failed to sync webhooks after credential disconnect`, {
+            credentialSetId: membership.credentialSetId,
+            provider,
+            error,
+          })
+        }
+      }
+    }
+
     return NextResponse.json({ success: true }, { status: 200 })
   } catch (error) {
     logger.error(`[${requestId}] Error disconnecting OAuth provider`, error)
diff --git a/apps/sim/app/api/auth/oauth/token/route.test.ts b/apps/sim/app/api/auth/oauth/token/route.test.ts
index 4d22039777..7359361a40 100644
--- a/apps/sim/app/api/auth/oauth/token/route.test.ts
+++ b/apps/sim/app/api/auth/oauth/token/route.test.ts
@@ -138,7 +138,10 @@ describe('OAuth Token API Routes', () => {
       const data = await response.json()
 
       expect(response.status).toBe(400)
-      expect(data).toHaveProperty('error', 'Credential ID is required')
+      expect(data).toHaveProperty(
+        'error',
+        'Either credentialId or (credentialAccountUserId + providerId) is required'
+      )
       expect(mockLogger.warn).toHaveBeenCalled()
     })
 
diff --git a/apps/sim/app/api/auth/oauth/token/route.ts b/apps/sim/app/api/auth/oauth/token/route.ts
index 603f5c6b0b..f5c8d7b617 100644
--- a/apps/sim/app/api/auth/oauth/token/route.ts
+++ b/apps/sim/app/api/auth/oauth/token/route.ts
@@ -4,7 +4,7 @@ import { z } from 'zod'
 import { authorizeCredentialUse } from '@/lib/auth/credential-access'
 import { checkHybridAuth } from '@/lib/auth/hybrid'
 import { generateRequestId } from '@/lib/core/utils/request'
-import { getCredential, refreshTokenIfNeeded } from '@/app/api/auth/oauth/utils'
+import { getCredential, getOAuthToken, refreshTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 
 export const dynamic = 'force-dynamic'
 
@@ -12,12 +12,17 @@ const logger = createLogger('OAuthTokenAPI')
 
 const SALESFORCE_INSTANCE_URL_REGEX = /__sf_instance__:([^\s]+)/
 
-const tokenRequestSchema = z.object({
-  credentialId: z
-    .string({ required_error: 'Credential ID is required' })
-    .min(1, 'Credential ID is required'),
-  workflowId: z.string().min(1, 'Workflow ID is required').nullish(),
-})
+const tokenRequestSchema = z
+  .object({
+    credentialId: z.string().min(1).optional(),
+    credentialAccountUserId: z.string().min(1).optional(),
+    providerId: z.string().min(1).optional(),
+    workflowId: z.string().min(1).nullish(),
+  })
+  .refine(
+    (data) => data.credentialId || (data.credentialAccountUserId && data.providerId),
+    'Either credentialId or (credentialAccountUserId + providerId) is required'
+  )
 
 const tokenQuerySchema = z.object({
   credentialId: z
@@ -58,9 +63,37 @@ export async function POST(request: NextRequest) {
       )
     }
 
-    const { credentialId, workflowId } = parseResult.data
+    const { credentialId, credentialAccountUserId, providerId, workflowId } = parseResult.data
+
+    if (credentialAccountUserId && providerId) {
+      logger.info(`[${requestId}] Fetching token by credentialAccountUserId + providerId`, {
+        credentialAccountUserId,
+        providerId,
+      })
+
+      try {
+        const accessToken = await getOAuthToken(credentialAccountUserId, providerId)
+        if (!accessToken) {
+          return NextResponse.json(
+            {
+              error: `No credential found for user ${credentialAccountUserId} and provider ${providerId}`,
+            },
+            { status: 404 }
+          )
+        }
+
+        return NextResponse.json({ accessToken }, { status: 200 })
+      } catch (error) {
+        const message = error instanceof Error ? error.message : 'Failed to get OAuth token'
+        logger.warn(`[${requestId}] OAuth token error: ${message}`)
+        return NextResponse.json({ error: message }, { status: 403 })
+      }
+    }
+
+    if (!credentialId) {
+      return NextResponse.json({ error: 'Credential ID is required' }, { status: 400 })
+    }
 
-    // We already have workflowId from the parsed body; avoid forcing hybrid auth to re-read it
     const authz = await authorizeCredentialUse(request, {
       credentialId,
       workflowId: workflowId ?? undefined,
@@ -70,7 +103,6 @@ export async function POST(request: NextRequest) {
       return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
     }
 
-    // Fetch the credential as the owner to enforce ownership scoping
     const credential = await getCredential(requestId, credentialId, authz.credentialOwnerUserId)
 
     if (!credential) {
@@ -78,7 +110,6 @@ export async function POST(request: NextRequest) {
     }
 
     try {
-      // Refresh the token if needed
       const { accessToken } = await refreshTokenIfNeeded(requestId, credential, credentialId)
 
       let instanceUrl: string | undefined
@@ -145,7 +176,6 @@ export async function GET(request: NextRequest) {
       return NextResponse.json({ error: 'User not authenticated' }, { status: 401 })
     }
 
-    // Get the credential from the database
     const credential = await getCredential(requestId, credentialId, auth.userId)
 
     if (!credential) {
diff --git a/apps/sim/app/api/auth/oauth/utils.ts b/apps/sim/app/api/auth/oauth/utils.ts
index cb9176e989..08dd16fdff 100644
--- a/apps/sim/app/api/auth/oauth/utils.ts
+++ b/apps/sim/app/api/auth/oauth/utils.ts
@@ -1,7 +1,7 @@
 import { db } from '@sim/db'
-import { account, workflow } from '@sim/db/schema'
+import { account, credentialSetMember, workflow } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
-import { and, desc, eq } from 'drizzle-orm'
+import { and, desc, eq, inArray } from 'drizzle-orm'
 import { getSession } from '@/lib/auth'
 import { refreshOAuthToken } from '@/lib/oauth'
 
@@ -105,10 +105,10 @@ export async function getOAuthToken(userId: string, providerId: string): Promise
       refreshToken: account.refreshToken,
       accessTokenExpiresAt: account.accessTokenExpiresAt,
       idToken: account.idToken,
+      scope: account.scope,
     })
     .from(account)
     .where(and(eq(account.userId, userId), eq(account.providerId, providerId)))
-    // Always use the most recently updated credential for this provider
     .orderBy(desc(account.updatedAt))
     .limit(1)
 
@@ -335,3 +335,108 @@ export async function refreshTokenIfNeeded(
     throw error
   }
 }
+
+export interface CredentialSetCredential {
+  userId: string
+  credentialId: string
+  accessToken: string
+  providerId: string
+}
+
+export async function getCredentialsForCredentialSet(
+  credentialSetId: string,
+  providerId: string
+): Promise<CredentialSetCredential[]> {
+  logger.info(`Getting credentials for credential set ${credentialSetId}, provider ${providerId}`)
+
+  const members = await db
+    .select({ userId: credentialSetMember.userId })
+    .from(credentialSetMember)
+    .where(
+      and(
+        eq(credentialSetMember.credentialSetId, credentialSetId),
+        eq(credentialSetMember.status, 'active')
+      )
+    )
+
+  logger.info(`Found ${members.length} active members in credential set ${credentialSetId}`)
+
+  if (members.length === 0) {
+    logger.warn(`No active members found for credential set ${credentialSetId}`)
+    return []
+  }
+
+  const userIds = members.map((m) => m.userId)
+  logger.debug(`Member user IDs: ${userIds.join(', ')}`)
+
+  const credentials = await db
+    .select({
+      id: account.id,
+      userId: account.userId,
+      providerId: account.providerId,
+      accessToken: account.accessToken,
+      refreshToken: account.refreshToken,
+      accessTokenExpiresAt: account.accessTokenExpiresAt,
+    })
+    .from(account)
+    .where(and(inArray(account.userId, userIds), eq(account.providerId, providerId)))
+
+  logger.info(
+    `Found ${credentials.length} credentials with provider ${providerId} for ${members.length} members`
+  )
+
+  const results: CredentialSetCredential[] = []
+
+  for (const cred of credentials) {
+    const now = new Date()
+    const tokenExpiry = cred.accessTokenExpiresAt
+    const shouldRefresh =
+      !!cred.refreshToken && (!cred.accessToken || (tokenExpiry && tokenExpiry < now))
+
+    let accessToken = cred.accessToken
+
+    if (shouldRefresh && cred.refreshToken) {
+      try {
+        const refreshResult = await refreshOAuthToken(providerId, cred.refreshToken)
+
+        if (refreshResult) {
+          accessToken = refreshResult.accessToken
+
+          const updateData: Record<string, unknown> = {
+            accessToken: refreshResult.accessToken,
+            accessTokenExpiresAt: new Date(Date.now() + refreshResult.expiresIn * 1000),
+            updatedAt: new Date(),
+          }
+
+          if (refreshResult.refreshToken && refreshResult.refreshToken !== cred.refreshToken) {
+            updateData.refreshToken = refreshResult.refreshToken
+          }
+
+          await db.update(account).set(updateData).where(eq(account.id, cred.id))
+
+          logger.info(`Refreshed token for user ${cred.userId}, provider ${providerId}`)
+        }
+      } catch (error) {
+        logger.error(`Failed to refresh token for user ${cred.userId}, provider ${providerId}`, {
+          error: error instanceof Error ? error.message : String(error),
+        })
+        continue
+      }
+    }
+
+    if (accessToken) {
+      results.push({
+        userId: cred.userId,
+        credentialId: cred.id,
+        accessToken,
+        providerId,
+      })
+    }
+  }
+
+  logger.info(
+    `Found ${results.length} valid credentials for credential set ${credentialSetId}, provider ${providerId}`
+  )
+
+  return results
+}
diff --git a/apps/sim/app/api/auth/sso/register/route.ts b/apps/sim/app/api/auth/sso/register/route.ts
index 2743842136..b53d83eae6 100644
--- a/apps/sim/app/api/auth/sso/register/route.ts
+++ b/apps/sim/app/api/auth/sso/register/route.ts
@@ -1,7 +1,8 @@
 import { createLogger } from '@sim/logger'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
-import { auth } from '@/lib/auth'
+import { auth, getSession } from '@/lib/auth'
+import { hasSSOAccess } from '@/lib/billing'
 import { env } from '@/lib/core/config/env'
 import { REDACTED_MARKER } from '@/lib/core/security/redaction'
 
@@ -63,10 +64,22 @@ const ssoRegistrationSchema = z.discriminatedUnion('providerType', [
 
 export async function POST(request: NextRequest) {
   try {
+    // SSO plugin must be enabled in Better Auth
     if (!env.SSO_ENABLED) {
       return NextResponse.json({ error: 'SSO is not enabled' }, { status: 400 })
     }
 
+    // Check plan access (enterprise) or env var override
+    const session = await getSession()
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
+    }
+
+    const hasAccess = await hasSSOAccess(session.user.id)
+    if (!hasAccess) {
+      return NextResponse.json({ error: 'SSO requires an Enterprise plan' }, { status: 403 })
+    }
+
     const rawBody = await request.json()
 
     const parseResult = ssoRegistrationSchema.safeParse(rawBody)
diff --git a/apps/sim/app/api/chat/route.ts b/apps/sim/app/api/chat/route.ts
index dd736b6529..e9ad9c079a 100644
--- a/apps/sim/app/api/chat/route.ts
+++ b/apps/sim/app/api/chat/route.ts
@@ -212,6 +212,18 @@ export async function POST(request: NextRequest) {
 
       logger.info(`Chat "${title}" deployed successfully at ${chatUrl}`)
 
+      try {
+        const { PlatformEvents } = await import('@/lib/core/telemetry')
+        PlatformEvents.chatDeployed({
+          chatId: id,
+          workflowId,
+          authType,
+          hasOutputConfigs: outputConfigs.length > 0,
+        })
+      } catch (_e) {
+        // Silently fail
+      }
+
       return createSuccessResponse({
         id,
         chatUrl,
diff --git a/apps/sim/app/api/credential-sets/[id]/invite/[invitationId]/route.ts b/apps/sim/app/api/credential-sets/[id]/invite/[invitationId]/route.ts
new file mode 100644
index 0000000000..2e7a5a7dc5
--- /dev/null
+++ b/apps/sim/app/api/credential-sets/[id]/invite/[invitationId]/route.ts
@@ -0,0 +1,156 @@
+import { db } from '@sim/db'
+import { credentialSet, credentialSetInvitation, member, organization, user } from '@sim/db/schema'
+import { createLogger } from '@sim/logger'
+import { and, eq } from 'drizzle-orm'
+import { type NextRequest, NextResponse } from 'next/server'
+import { getEmailSubject, renderPollingGroupInvitationEmail } from '@/components/emails'
+import { getSession } from '@/lib/auth'
+import { hasCredentialSetsAccess } from '@/lib/billing'
+import { getBaseUrl } from '@/lib/core/utils/urls'
+import { sendEmail } from '@/lib/messaging/email/mailer'
+
+const logger = createLogger('CredentialSetInviteResend')
+
+async function getCredentialSetWithAccess(credentialSetId: string, userId: string) {
+  const [set] = await db
+    .select({
+      id: credentialSet.id,
+      organizationId: credentialSet.organizationId,
+      name: credentialSet.name,
+      providerId: credentialSet.providerId,
+    })
+    .from(credentialSet)
+    .where(eq(credentialSet.id, credentialSetId))
+    .limit(1)
+
+  if (!set) return null
+
+  const [membership] = await db
+    .select({ role: member.role })
+    .from(member)
+    .where(and(eq(member.userId, userId), eq(member.organizationId, set.organizationId)))
+    .limit(1)
+
+  if (!membership) return null
+
+  return { set, role: membership.role }
+}
+
+export async function POST(
+  req: NextRequest,
+  { params }: { params: Promise<{ id: string; invitationId: string }> }
+) {
+  const session = await getSession()
+
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  // Check plan access (team/enterprise) or env var override
+  const hasAccess = await hasCredentialSetsAccess(session.user.id)
+  if (!hasAccess) {
+    return NextResponse.json(
+      { error: 'Credential sets require a Team or Enterprise plan' },
+      { status: 403 }
+    )
+  }
+
+  const { id, invitationId } = await params
+
+  try {
+    const result = await getCredentialSetWithAccess(id, session.user.id)
+
+    if (!result) {
+      return NextResponse.json({ error: 'Credential set not found' }, { status: 404 })
+    }
+
+    if (result.role !== 'admin' && result.role !== 'owner') {
+      return NextResponse.json({ error: 'Admin or owner permissions required' }, { status: 403 })
+    }
+
+    const [invitation] = await db
+      .select()
+      .from(credentialSetInvitation)
+      .where(
+        and(
+          eq(credentialSetInvitation.id, invitationId),
+          eq(credentialSetInvitation.credentialSetId, id)
+        )
+      )
+      .limit(1)
+
+    if (!invitation) {
+      return NextResponse.json({ error: 'Invitation not found' }, { status: 404 })
+    }
+
+    if (invitation.status !== 'pending') {
+      return NextResponse.json({ error: 'Only pending invitations can be resent' }, { status: 400 })
+    }
+
+    // Update expiration
+    const newExpiresAt = new Date()
+    newExpiresAt.setDate(newExpiresAt.getDate() + 7)
+
+    await db
+      .update(credentialSetInvitation)
+      .set({ expiresAt: newExpiresAt })
+      .where(eq(credentialSetInvitation.id, invitationId))
+
+    const inviteUrl = `${getBaseUrl()}/credential-account/${invitation.token}`
+
+    // Send email if email address exists
+    if (invitation.email) {
+      try {
+        const [inviter] = await db
+          .select({ name: user.name })
+          .from(user)
+          .where(eq(user.id, session.user.id))
+          .limit(1)
+
+        const [org] = await db
+          .select({ name: organization.name })
+          .from(organization)
+          .where(eq(organization.id, result.set.organizationId))
+          .limit(1)
+
+        const provider = (result.set.providerId as 'google-email' | 'outlook') || 'google-email'
+        const emailHtml = await renderPollingGroupInvitationEmail({
+          inviterName: inviter?.name || 'A team member',
+          organizationName: org?.name || 'your organization',
+          pollingGroupName: result.set.name,
+          provider,
+          inviteLink: inviteUrl,
+        })
+
+        const emailResult = await sendEmail({
+          to: invitation.email,
+          subject: getEmailSubject('polling-group-invitation'),
+          html: emailHtml,
+          emailType: 'transactional',
+        })
+
+        if (!emailResult.success) {
+          logger.warn('Failed to resend invitation email', {
+            email: invitation.email,
+            error: emailResult.message,
+          })
+          return NextResponse.json({ error: 'Failed to send email' }, { status: 500 })
+        }
+      } catch (emailError) {
+        logger.error('Error sending invitation email', emailError)
+        return NextResponse.json({ error: 'Failed to send email' }, { status: 500 })
+      }
+    }
+
+    logger.info('Resent credential set invitation', {
+      credentialSetId: id,
+      invitationId,
+      userId: session.user.id,
+    })
+
+    return NextResponse.json({ success: true })
+  } catch (error) {
+    logger.error('Error resending invitation', error)
+    return NextResponse.json({ error: 'Failed to resend invitation' }, { status: 500 })
+  }
+}
diff --git a/apps/sim/app/api/credential-sets/[id]/invite/route.ts b/apps/sim/app/api/credential-sets/[id]/invite/route.ts
new file mode 100644
index 0000000000..3a2e59df5e
--- /dev/null
+++ b/apps/sim/app/api/credential-sets/[id]/invite/route.ts
@@ -0,0 +1,243 @@
+import { db } from '@sim/db'
+import { credentialSet, credentialSetInvitation, member, organization, user } from '@sim/db/schema'
+import { createLogger } from '@sim/logger'
+import { and, eq } from 'drizzle-orm'
+import { type NextRequest, NextResponse } from 'next/server'
+import { z } from 'zod'
+import { getEmailSubject, renderPollingGroupInvitationEmail } from '@/components/emails'
+import { getSession } from '@/lib/auth'
+import { hasCredentialSetsAccess } from '@/lib/billing'
+import { getBaseUrl } from '@/lib/core/utils/urls'
+import { sendEmail } from '@/lib/messaging/email/mailer'
+
+const logger = createLogger('CredentialSetInvite')
+
+const createInviteSchema = z.object({
+  email: z.string().email().optional(),
+})
+
+async function getCredentialSetWithAccess(credentialSetId: string, userId: string) {
+  const [set] = await db
+    .select({
+      id: credentialSet.id,
+      organizationId: credentialSet.organizationId,
+      name: credentialSet.name,
+      providerId: credentialSet.providerId,
+    })
+    .from(credentialSet)
+    .where(eq(credentialSet.id, credentialSetId))
+    .limit(1)
+
+  if (!set) return null
+
+  const [membership] = await db
+    .select({ role: member.role })
+    .from(member)
+    .where(and(eq(member.userId, userId), eq(member.organizationId, set.organizationId)))
+    .limit(1)
+
+  if (!membership) return null
+
+  return { set, role: membership.role }
+}
+
+export async function GET(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  const session = await getSession()
+
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  // Check plan access (team/enterprise) or env var override
+  const hasAccess = await hasCredentialSetsAccess(session.user.id)
+  if (!hasAccess) {
+    return NextResponse.json(
+      { error: 'Credential sets require a Team or Enterprise plan' },
+      { status: 403 }
+    )
+  }
+
+  const { id } = await params
+  const result = await getCredentialSetWithAccess(id, session.user.id)
+
+  if (!result) {
+    return NextResponse.json({ error: 'Credential set not found' }, { status: 404 })
+  }
+
+  const invitations = await db
+    .select()
+    .from(credentialSetInvitation)
+    .where(eq(credentialSetInvitation.credentialSetId, id))
+
+  return NextResponse.json({ invitations })
+}
+
+export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  const session = await getSession()
+
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  // Check plan access (team/enterprise) or env var override
+  const hasAccess = await hasCredentialSetsAccess(session.user.id)
+  if (!hasAccess) {
+    return NextResponse.json(
+      { error: 'Credential sets require a Team or Enterprise plan' },
+      { status: 403 }
+    )
+  }
+
+  const { id } = await params
+
+  try {
+    const result = await getCredentialSetWithAccess(id, session.user.id)
+
+    if (!result) {
+      return NextResponse.json({ error: 'Credential set not found' }, { status: 404 })
+    }
+
+    if (result.role !== 'admin' && result.role !== 'owner') {
+      return NextResponse.json({ error: 'Admin or owner permissions required' }, { status: 403 })
+    }
+
+    const body = await req.json()
+    const { email } = createInviteSchema.parse(body)
+
+    const token = crypto.randomUUID()
+    const expiresAt = new Date()
+    expiresAt.setDate(expiresAt.getDate() + 7)
+
+    const invitation = {
+      id: crypto.randomUUID(),
+      credentialSetId: id,
+      email: email || null,
+      token,
+      invitedBy: session.user.id,
+      status: 'pending' as const,
+      expiresAt,
+      createdAt: new Date(),
+    }
+
+    await db.insert(credentialSetInvitation).values(invitation)
+
+    const inviteUrl = `${getBaseUrl()}/credential-account/${token}`
+
+    // Send email if email address was provided
+    if (email) {
+      try {
+        // Get inviter name
+        const [inviter] = await db
+          .select({ name: user.name })
+          .from(user)
+          .where(eq(user.id, session.user.id))
+          .limit(1)
+
+        // Get organization name
+        const [org] = await db
+          .select({ name: organization.name })
+          .from(organization)
+          .where(eq(organization.id, result.set.organizationId))
+          .limit(1)
+
+        const provider = (result.set.providerId as 'google-email' | 'outlook') || 'google-email'
+        const emailHtml = await renderPollingGroupInvitationEmail({
+          inviterName: inviter?.name || 'A team member',
+          organizationName: org?.name || 'your organization',
+          pollingGroupName: result.set.name,
+          provider,
+          inviteLink: inviteUrl,
+        })
+
+        const emailResult = await sendEmail({
+          to: email,
+          subject: getEmailSubject('polling-group-invitation'),
+          html: emailHtml,
+          emailType: 'transactional',
+        })
+
+        if (!emailResult.success) {
+          logger.warn('Failed to send invitation email', {
+            email,
+            error: emailResult.message,
+          })
+        }
+      } catch (emailError) {
+        logger.error('Error sending invitation email', emailError)
+        // Don't fail the invitation creation if email fails
+      }
+    }
+
+    logger.info('Created credential set invitation', {
+      credentialSetId: id,
+      invitationId: invitation.id,
+      userId: session.user.id,
+      emailSent: !!email,
+    })
+
+    return NextResponse.json({
+      invitation: {
+        ...invitation,
+        inviteUrl,
+      },
+    })
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      return NextResponse.json({ error: error.errors[0].message }, { status: 400 })
+    }
+    logger.error('Error creating invitation', error)
+    return NextResponse.json({ error: 'Failed to create invitation' }, { status: 500 })
+  }
+}
+
+export async function DELETE(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  const session = await getSession()
+
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  // Check plan access (team/enterprise) or env var override
+  const hasAccess = await hasCredentialSetsAccess(session.user.id)
+  if (!hasAccess) {
+    return NextResponse.json(
+      { error: 'Credential sets require a Team or Enterprise plan' },
+      { status: 403 }
+    )
+  }
+
+  const { id } = await params
+  const { searchParams } = new URL(req.url)
+  const invitationId = searchParams.get('invitationId')
+
+  if (!invitationId) {
+    return NextResponse.json({ error: 'invitationId is required' }, { status: 400 })
+  }
+
+  try {
+    const result = await getCredentialSetWithAccess(id, session.user.id)
+
+    if (!result) {
+      return NextResponse.json({ error: 'Credential set not found' }, { status: 404 })
+    }
+
+    if (result.role !== 'admin' && result.role !== 'owner') {
+      return NextResponse.json({ error: 'Admin or owner permissions required' }, { status: 403 })
+    }
+
+    await db
+      .update(credentialSetInvitation)
+      .set({ status: 'cancelled' })
+      .where(
+        and(
+          eq(credentialSetInvitation.id, invitationId),
+          eq(credentialSetInvitation.credentialSetId, id)
+        )
+      )
+
+    return NextResponse.json({ success: true })
+  } catch (error) {
+    logger.error('Error cancelling invitation', error)
+    return NextResponse.json({ error: 'Failed to cancel invitation' }, { status: 500 })
+  }
+}
diff --git a/apps/sim/app/api/credential-sets/[id]/members/route.ts b/apps/sim/app/api/credential-sets/[id]/members/route.ts
new file mode 100644
index 0000000000..c09d39f868
--- /dev/null
+++ b/apps/sim/app/api/credential-sets/[id]/members/route.ts
@@ -0,0 +1,185 @@
+import { db } from '@sim/db'
+import { account, credentialSet, credentialSetMember, member, user } from '@sim/db/schema'
+import { createLogger } from '@sim/logger'
+import { and, eq, inArray } from 'drizzle-orm'
+import { type NextRequest, NextResponse } from 'next/server'
+import { getSession } from '@/lib/auth'
+import { hasCredentialSetsAccess } from '@/lib/billing'
+import { syncAllWebhooksForCredentialSet } from '@/lib/webhooks/utils.server'
+
+const logger = createLogger('CredentialSetMembers')
+
+async function getCredentialSetWithAccess(credentialSetId: string, userId: string) {
+  const [set] = await db
+    .select({
+      id: credentialSet.id,
+      organizationId: credentialSet.organizationId,
+      providerId: credentialSet.providerId,
+    })
+    .from(credentialSet)
+    .where(eq(credentialSet.id, credentialSetId))
+    .limit(1)
+
+  if (!set) return null
+
+  const [membership] = await db
+    .select({ role: member.role })
+    .from(member)
+    .where(and(eq(member.userId, userId), eq(member.organizationId, set.organizationId)))
+    .limit(1)
+
+  if (!membership) return null
+
+  return { set, role: membership.role }
+}
+
+export async function GET(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  const session = await getSession()
+
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  // Check plan access (team/enterprise) or env var override
+  const hasAccess = await hasCredentialSetsAccess(session.user.id)
+  if (!hasAccess) {
+    return NextResponse.json(
+      { error: 'Credential sets require a Team or Enterprise plan' },
+      { status: 403 }
+    )
+  }
+
+  const { id } = await params
+  const result = await getCredentialSetWithAccess(id, session.user.id)
+
+  if (!result) {
+    return NextResponse.json({ error: 'Credential set not found' }, { status: 404 })
+  }
+
+  const members = await db
+    .select({
+      id: credentialSetMember.id,
+      userId: credentialSetMember.userId,
+      status: credentialSetMember.status,
+      joinedAt: credentialSetMember.joinedAt,
+      createdAt: credentialSetMember.createdAt,
+      userName: user.name,
+      userEmail: user.email,
+      userImage: user.image,
+    })
+    .from(credentialSetMember)
+    .leftJoin(user, eq(credentialSetMember.userId, user.id))
+    .where(eq(credentialSetMember.credentialSetId, id))
+
+  // Get credentials for all active members filtered by the polling group's provider
+  const activeMembers = members.filter((m) => m.status === 'active')
+  const memberUserIds = activeMembers.map((m) => m.userId)
+
+  let credentials: { userId: string; providerId: string; accountId: string }[] = []
+  if (memberUserIds.length > 0 && result.set.providerId) {
+    credentials = await db
+      .select({
+        userId: account.userId,
+        providerId: account.providerId,
+        accountId: account.accountId,
+      })
+      .from(account)
+      .where(
+        and(inArray(account.userId, memberUserIds), eq(account.providerId, result.set.providerId))
+      )
+  }
+
+  // Group credentials by userId
+  const credentialsByUser = credentials.reduce(
+    (acc, cred) => {
+      if (!acc[cred.userId]) {
+        acc[cred.userId] = []
+      }
+      acc[cred.userId].push({
+        providerId: cred.providerId,
+        accountId: cred.accountId,
+      })
+      return acc
+    },
+    {} as Record<string, { providerId: string; accountId: string }[]>
+  )
+
+  // Attach credentials to members
+  const membersWithCredentials = members.map((m) => ({
+    ...m,
+    credentials: credentialsByUser[m.userId] || [],
+  }))
+
+  return NextResponse.json({ members: membersWithCredentials })
+}
+
+export async function DELETE(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  const session = await getSession()
+
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  // Check plan access (team/enterprise) or env var override
+  const hasAccess = await hasCredentialSetsAccess(session.user.id)
+  if (!hasAccess) {
+    return NextResponse.json(
+      { error: 'Credential sets require a Team or Enterprise plan' },
+      { status: 403 }
+    )
+  }
+
+  const { id } = await params
+  const { searchParams } = new URL(req.url)
+  const memberId = searchParams.get('memberId')
+
+  if (!memberId) {
+    return NextResponse.json({ error: 'memberId is required' }, { status: 400 })
+  }
+
+  try {
+    const result = await getCredentialSetWithAccess(id, session.user.id)
+
+    if (!result) {
+      return NextResponse.json({ error: 'Credential set not found' }, { status: 404 })
+    }
+
+    if (result.role !== 'admin' && result.role !== 'owner') {
+      return NextResponse.json({ error: 'Admin or owner permissions required' }, { status: 403 })
+    }
+
+    const [memberToRemove] = await db
+      .select()
+      .from(credentialSetMember)
+      .where(and(eq(credentialSetMember.id, memberId), eq(credentialSetMember.credentialSetId, id)))
+      .limit(1)
+
+    if (!memberToRemove) {
+      return NextResponse.json({ error: 'Member not found' }, { status: 404 })
+    }
+
+    const requestId = crypto.randomUUID().slice(0, 8)
+
+    // Use transaction to ensure member deletion + webhook sync are atomic
+    await db.transaction(async (tx) => {
+      await tx.delete(credentialSetMember).where(eq(credentialSetMember.id, memberId))
+
+      const syncResult = await syncAllWebhooksForCredentialSet(id, requestId, tx)
+      logger.info('Synced webhooks after member removed', {
+        credentialSetId: id,
+        ...syncResult,
+      })
+    })
+
+    logger.info('Removed member from credential set', {
+      credentialSetId: id,
+      memberId,
+      userId: session.user.id,
+    })
+
+    return NextResponse.json({ success: true })
+  } catch (error) {
+    logger.error('Error removing member from credential set', error)
+    return NextResponse.json({ error: 'Failed to remove member' }, { status: 500 })
+  }
+}
diff --git a/apps/sim/app/api/credential-sets/[id]/route.ts b/apps/sim/app/api/credential-sets/[id]/route.ts
new file mode 100644
index 0000000000..fb40336fd4
--- /dev/null
+++ b/apps/sim/app/api/credential-sets/[id]/route.ts
@@ -0,0 +1,183 @@
+import { db } from '@sim/db'
+import { credentialSet, credentialSetMember, member } from '@sim/db/schema'
+import { createLogger } from '@sim/logger'
+import { and, eq } from 'drizzle-orm'
+import { type NextRequest, NextResponse } from 'next/server'
+import { z } from 'zod'
+import { getSession } from '@/lib/auth'
+import { hasCredentialSetsAccess } from '@/lib/billing'
+
+const logger = createLogger('CredentialSet')
+
+const updateCredentialSetSchema = z.object({
+  name: z.string().trim().min(1).max(100).optional(),
+  description: z.string().max(500).nullable().optional(),
+})
+
+async function getCredentialSetWithAccess(credentialSetId: string, userId: string) {
+  const [set] = await db
+    .select({
+      id: credentialSet.id,
+      organizationId: credentialSet.organizationId,
+      name: credentialSet.name,
+      description: credentialSet.description,
+      providerId: credentialSet.providerId,
+      createdBy: credentialSet.createdBy,
+      createdAt: credentialSet.createdAt,
+      updatedAt: credentialSet.updatedAt,
+    })
+    .from(credentialSet)
+    .where(eq(credentialSet.id, credentialSetId))
+    .limit(1)
+
+  if (!set) return null
+
+  const [membership] = await db
+    .select({ role: member.role })
+    .from(member)
+    .where(and(eq(member.userId, userId), eq(member.organizationId, set.organizationId)))
+    .limit(1)
+
+  if (!membership) return null
+
+  return { set, role: membership.role }
+}
+
+export async function GET(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  const session = await getSession()
+
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  // Check plan access (team/enterprise) or env var override
+  const hasAccess = await hasCredentialSetsAccess(session.user.id)
+  if (!hasAccess) {
+    return NextResponse.json(
+      { error: 'Credential sets require a Team or Enterprise plan' },
+      { status: 403 }
+    )
+  }
+
+  const { id } = await params
+  const result = await getCredentialSetWithAccess(id, session.user.id)
+
+  if (!result) {
+    return NextResponse.json({ error: 'Credential set not found' }, { status: 404 })
+  }
+
+  return NextResponse.json({ credentialSet: result.set })
+}
+
+export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  const session = await getSession()
+
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  // Check plan access (team/enterprise) or env var override
+  const hasAccess = await hasCredentialSetsAccess(session.user.id)
+  if (!hasAccess) {
+    return NextResponse.json(
+      { error: 'Credential sets require a Team or Enterprise plan' },
+      { status: 403 }
+    )
+  }
+
+  const { id } = await params
+
+  try {
+    const result = await getCredentialSetWithAccess(id, session.user.id)
+
+    if (!result) {
+      return NextResponse.json({ error: 'Credential set not found' }, { status: 404 })
+    }
+
+    if (result.role !== 'admin' && result.role !== 'owner') {
+      return NextResponse.json({ error: 'Admin or owner permissions required' }, { status: 403 })
+    }
+
+    const body = await req.json()
+    const updates = updateCredentialSetSchema.parse(body)
+
+    if (updates.name) {
+      const existingSet = await db
+        .select({ id: credentialSet.id })
+        .from(credentialSet)
+        .where(
+          and(
+            eq(credentialSet.organizationId, result.set.organizationId),
+            eq(credentialSet.name, updates.name)
+          )
+        )
+        .limit(1)
+
+      if (existingSet.length > 0 && existingSet[0].id !== id) {
+        return NextResponse.json(
+          { error: 'A credential set with this name already exists' },
+          { status: 409 }
+        )
+      }
+    }
+
+    await db
+      .update(credentialSet)
+      .set({
+        ...updates,
+        updatedAt: new Date(),
+      })
+      .where(eq(credentialSet.id, id))
+
+    const [updated] = await db.select().from(credentialSet).where(eq(credentialSet.id, id)).limit(1)
+
+    return NextResponse.json({ credentialSet: updated })
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      return NextResponse.json({ error: error.errors[0].message }, { status: 400 })
+    }
+    logger.error('Error updating credential set', error)
+    return NextResponse.json({ error: 'Failed to update credential set' }, { status: 500 })
+  }
+}
+
+export async function DELETE(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  const session = await getSession()
+
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  // Check plan access (team/enterprise) or env var override
+  const hasAccess = await hasCredentialSetsAccess(session.user.id)
+  if (!hasAccess) {
+    return NextResponse.json(
+      { error: 'Credential sets require a Team or Enterprise plan' },
+      { status: 403 }
+    )
+  }
+
+  const { id } = await params
+
+  try {
+    const result = await getCredentialSetWithAccess(id, session.user.id)
+
+    if (!result) {
+      return NextResponse.json({ error: 'Credential set not found' }, { status: 404 })
+    }
+
+    if (result.role !== 'admin' && result.role !== 'owner') {
+      return NextResponse.json({ error: 'Admin or owner permissions required' }, { status: 403 })
+    }
+
+    await db.delete(credentialSetMember).where(eq(credentialSetMember.credentialSetId, id))
+    await db.delete(credentialSet).where(eq(credentialSet.id, id))
+
+    logger.info('Deleted credential set', { credentialSetId: id, userId: session.user.id })
+
+    return NextResponse.json({ success: true })
+  } catch (error) {
+    logger.error('Error deleting credential set', error)
+    return NextResponse.json({ error: 'Failed to delete credential set' }, { status: 500 })
+  }
+}
diff --git a/apps/sim/app/api/credential-sets/invitations/route.ts b/apps/sim/app/api/credential-sets/invitations/route.ts
new file mode 100644
index 0000000000..0a4df72315
--- /dev/null
+++ b/apps/sim/app/api/credential-sets/invitations/route.ts
@@ -0,0 +1,53 @@
+import { db } from '@sim/db'
+import { credentialSet, credentialSetInvitation, organization, user } from '@sim/db/schema'
+import { createLogger } from '@sim/logger'
+import { and, eq, gt, isNull, or } from 'drizzle-orm'
+import { NextResponse } from 'next/server'
+import { getSession } from '@/lib/auth'
+
+const logger = createLogger('CredentialSetInvitations')
+
+export async function GET() {
+  const session = await getSession()
+
+  if (!session?.user?.id || !session?.user?.email) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  try {
+    const invitations = await db
+      .select({
+        invitationId: credentialSetInvitation.id,
+        token: credentialSetInvitation.token,
+        status: credentialSetInvitation.status,
+        expiresAt: credentialSetInvitation.expiresAt,
+        createdAt: credentialSetInvitation.createdAt,
+        credentialSetId: credentialSet.id,
+        credentialSetName: credentialSet.name,
+        providerId: credentialSet.providerId,
+        organizationId: organization.id,
+        organizationName: organization.name,
+        invitedByName: user.name,
+        invitedByEmail: user.email,
+      })
+      .from(credentialSetInvitation)
+      .innerJoin(credentialSet, eq(credentialSetInvitation.credentialSetId, credentialSet.id))
+      .innerJoin(organization, eq(credentialSet.organizationId, organization.id))
+      .leftJoin(user, eq(credentialSetInvitation.invitedBy, user.id))
+      .where(
+        and(
+          or(
+            eq(credentialSetInvitation.email, session.user.email),
+            isNull(credentialSetInvitation.email)
+          ),
+          eq(credentialSetInvitation.status, 'pending'),
+          gt(credentialSetInvitation.expiresAt, new Date())
+        )
+      )
+
+    return NextResponse.json({ invitations })
+  } catch (error) {
+    logger.error('Error fetching credential set invitations', error)
+    return NextResponse.json({ error: 'Failed to fetch invitations' }, { status: 500 })
+  }
+}
diff --git a/apps/sim/app/api/credential-sets/invite/[token]/route.ts b/apps/sim/app/api/credential-sets/invite/[token]/route.ts
new file mode 100644
index 0000000000..c42fbecda5
--- /dev/null
+++ b/apps/sim/app/api/credential-sets/invite/[token]/route.ts
@@ -0,0 +1,196 @@
+import { db } from '@sim/db'
+import {
+  credentialSet,
+  credentialSetInvitation,
+  credentialSetMember,
+  organization,
+} from '@sim/db/schema'
+import { createLogger } from '@sim/logger'
+import { and, eq } from 'drizzle-orm'
+import { type NextRequest, NextResponse } from 'next/server'
+import { getSession } from '@/lib/auth'
+import { syncAllWebhooksForCredentialSet } from '@/lib/webhooks/utils.server'
+
+const logger = createLogger('CredentialSetInviteToken')
+
+export async function GET(req: NextRequest, { params }: { params: Promise<{ token: string }> }) {
+  const { token } = await params
+
+  const [invitation] = await db
+    .select({
+      id: credentialSetInvitation.id,
+      credentialSetId: credentialSetInvitation.credentialSetId,
+      email: credentialSetInvitation.email,
+      status: credentialSetInvitation.status,
+      expiresAt: credentialSetInvitation.expiresAt,
+      credentialSetName: credentialSet.name,
+      providerId: credentialSet.providerId,
+      organizationId: credentialSet.organizationId,
+      organizationName: organization.name,
+    })
+    .from(credentialSetInvitation)
+    .innerJoin(credentialSet, eq(credentialSetInvitation.credentialSetId, credentialSet.id))
+    .innerJoin(organization, eq(credentialSet.organizationId, organization.id))
+    .where(eq(credentialSetInvitation.token, token))
+    .limit(1)
+
+  if (!invitation) {
+    return NextResponse.json({ error: 'Invitation not found' }, { status: 404 })
+  }
+
+  if (invitation.status !== 'pending') {
+    return NextResponse.json({ error: 'Invitation is no longer valid' }, { status: 410 })
+  }
+
+  if (new Date() > invitation.expiresAt) {
+    await db
+      .update(credentialSetInvitation)
+      .set({ status: 'expired' })
+      .where(eq(credentialSetInvitation.id, invitation.id))
+
+    return NextResponse.json({ error: 'Invitation has expired' }, { status: 410 })
+  }
+
+  return NextResponse.json({
+    invitation: {
+      credentialSetName: invitation.credentialSetName,
+      organizationName: invitation.organizationName,
+      providerId: invitation.providerId,
+      email: invitation.email,
+    },
+  })
+}
+
+export async function POST(req: NextRequest, { params }: { params: Promise<{ token: string }> }) {
+  const { token } = await params
+
+  const session = await getSession()
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
+  }
+
+  try {
+    const [invitationData] = await db
+      .select({
+        id: credentialSetInvitation.id,
+        credentialSetId: credentialSetInvitation.credentialSetId,
+        email: credentialSetInvitation.email,
+        status: credentialSetInvitation.status,
+        expiresAt: credentialSetInvitation.expiresAt,
+        invitedBy: credentialSetInvitation.invitedBy,
+        providerId: credentialSet.providerId,
+      })
+      .from(credentialSetInvitation)
+      .innerJoin(credentialSet, eq(credentialSetInvitation.credentialSetId, credentialSet.id))
+      .where(eq(credentialSetInvitation.token, token))
+      .limit(1)
+
+    if (!invitationData) {
+      return NextResponse.json({ error: 'Invitation not found' }, { status: 404 })
+    }
+
+    const invitation = invitationData
+
+    if (invitation.status !== 'pending') {
+      return NextResponse.json({ error: 'Invitation is no longer valid' }, { status: 410 })
+    }
+
+    if (new Date() > invitation.expiresAt) {
+      await db
+        .update(credentialSetInvitation)
+        .set({ status: 'expired' })
+        .where(eq(credentialSetInvitation.id, invitation.id))
+
+      return NextResponse.json({ error: 'Invitation has expired' }, { status: 410 })
+    }
+
+    const existingMember = await db
+      .select()
+      .from(credentialSetMember)
+      .where(
+        and(
+          eq(credentialSetMember.credentialSetId, invitation.credentialSetId),
+          eq(credentialSetMember.userId, session.user.id)
+        )
+      )
+      .limit(1)
+
+    if (existingMember.length > 0) {
+      return NextResponse.json(
+        { error: 'Already a member of this credential set' },
+        { status: 409 }
+      )
+    }
+
+    const now = new Date()
+    const requestId = crypto.randomUUID().slice(0, 8)
+
+    // Use transaction to ensure membership + invitation update + webhook sync are atomic
+    await db.transaction(async (tx) => {
+      await tx.insert(credentialSetMember).values({
+        id: crypto.randomUUID(),
+        credentialSetId: invitation.credentialSetId,
+        userId: session.user.id,
+        status: 'active',
+        joinedAt: now,
+        invitedBy: invitation.invitedBy,
+        createdAt: now,
+        updatedAt: now,
+      })
+
+      await tx
+        .update(credentialSetInvitation)
+        .set({
+          status: 'accepted',
+          acceptedAt: now,
+          acceptedByUserId: session.user.id,
+        })
+        .where(eq(credentialSetInvitation.id, invitation.id))
+
+      // Clean up all other pending invitations for the same credential set and email
+      // This prevents duplicate invites from showing up after accepting one
+      if (invitation.email) {
+        await tx
+          .update(credentialSetInvitation)
+          .set({
+            status: 'accepted',
+            acceptedAt: now,
+            acceptedByUserId: session.user.id,
+          })
+          .where(
+            and(
+              eq(credentialSetInvitation.credentialSetId, invitation.credentialSetId),
+              eq(credentialSetInvitation.email, invitation.email),
+              eq(credentialSetInvitation.status, 'pending')
+            )
+          )
+      }
+
+      // Sync webhooks within the transaction
+      const syncResult = await syncAllWebhooksForCredentialSet(
+        invitation.credentialSetId,
+        requestId,
+        tx
+      )
+      logger.info('Synced webhooks after member joined', {
+        credentialSetId: invitation.credentialSetId,
+        ...syncResult,
+      })
+    })
+
+    logger.info('Accepted credential set invitation', {
+      invitationId: invitation.id,
+      credentialSetId: invitation.credentialSetId,
+      userId: session.user.id,
+    })
+
+    return NextResponse.json({
+      success: true,
+      credentialSetId: invitation.credentialSetId,
+      providerId: invitation.providerId,
+    })
+  } catch (error) {
+    logger.error('Error accepting invitation', error)
+    return NextResponse.json({ error: 'Failed to accept invitation' }, { status: 500 })
+  }
+}
diff --git a/apps/sim/app/api/credential-sets/memberships/route.ts b/apps/sim/app/api/credential-sets/memberships/route.ts
new file mode 100644
index 0000000000..5ce0384d4a
--- /dev/null
+++ b/apps/sim/app/api/credential-sets/memberships/route.ts
@@ -0,0 +1,115 @@
+import { db } from '@sim/db'
+import { credentialSet, credentialSetMember, organization } from '@sim/db/schema'
+import { createLogger } from '@sim/logger'
+import { and, eq } from 'drizzle-orm'
+import { type NextRequest, NextResponse } from 'next/server'
+import { getSession } from '@/lib/auth'
+import { syncAllWebhooksForCredentialSet } from '@/lib/webhooks/utils.server'
+
+const logger = createLogger('CredentialSetMemberships')
+
+export async function GET() {
+  const session = await getSession()
+
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  try {
+    const memberships = await db
+      .select({
+        membershipId: credentialSetMember.id,
+        status: credentialSetMember.status,
+        joinedAt: credentialSetMember.joinedAt,
+        credentialSetId: credentialSet.id,
+        credentialSetName: credentialSet.name,
+        credentialSetDescription: credentialSet.description,
+        providerId: credentialSet.providerId,
+        organizationId: organization.id,
+        organizationName: organization.name,
+      })
+      .from(credentialSetMember)
+      .innerJoin(credentialSet, eq(credentialSetMember.credentialSetId, credentialSet.id))
+      .innerJoin(organization, eq(credentialSet.organizationId, organization.id))
+      .where(eq(credentialSetMember.userId, session.user.id))
+
+    return NextResponse.json({ memberships })
+  } catch (error) {
+    logger.error('Error fetching credential set memberships', error)
+    return NextResponse.json({ error: 'Failed to fetch memberships' }, { status: 500 })
+  }
+}
+
+/**
+ * Leave a credential set (self-revocation).
+ * Sets status to 'revoked' immediately (blocks execution), then syncs webhooks to clean up.
+ */
+export async function DELETE(req: NextRequest) {
+  const session = await getSession()
+
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  const { searchParams } = new URL(req.url)
+  const credentialSetId = searchParams.get('credentialSetId')
+
+  if (!credentialSetId) {
+    return NextResponse.json({ error: 'credentialSetId is required' }, { status: 400 })
+  }
+
+  try {
+    const requestId = crypto.randomUUID().slice(0, 8)
+
+    // Use transaction to ensure revocation + webhook sync are atomic
+    await db.transaction(async (tx) => {
+      // Find and verify membership
+      const [membership] = await tx
+        .select()
+        .from(credentialSetMember)
+        .where(
+          and(
+            eq(credentialSetMember.credentialSetId, credentialSetId),
+            eq(credentialSetMember.userId, session.user.id)
+          )
+        )
+        .limit(1)
+
+      if (!membership) {
+        throw new Error('Not a member of this credential set')
+      }
+
+      if (membership.status === 'revoked') {
+        throw new Error('Already left this credential set')
+      }
+
+      // Set status to 'revoked' - this immediately blocks credential from being used
+      await tx
+        .update(credentialSetMember)
+        .set({
+          status: 'revoked',
+          updatedAt: new Date(),
+        })
+        .where(eq(credentialSetMember.id, membership.id))
+
+      // Sync webhooks to remove this user's credential webhooks
+      const syncResult = await syncAllWebhooksForCredentialSet(credentialSetId, requestId, tx)
+      logger.info('Synced webhooks after member left', {
+        credentialSetId,
+        userId: session.user.id,
+        ...syncResult,
+      })
+    })
+
+    logger.info('User left credential set', {
+      credentialSetId,
+      userId: session.user.id,
+    })
+
+    return NextResponse.json({ success: true })
+  } catch (error) {
+    const message = error instanceof Error ? error.message : 'Failed to leave credential set'
+    logger.error('Error leaving credential set', error)
+    return NextResponse.json({ error: message }, { status: 500 })
+  }
+}
diff --git a/apps/sim/app/api/credential-sets/route.ts b/apps/sim/app/api/credential-sets/route.ts
new file mode 100644
index 0000000000..68a5e5b9df
--- /dev/null
+++ b/apps/sim/app/api/credential-sets/route.ts
@@ -0,0 +1,176 @@
+import { db } from '@sim/db'
+import { credentialSet, credentialSetMember, member, organization, user } from '@sim/db/schema'
+import { createLogger } from '@sim/logger'
+import { and, count, desc, eq } from 'drizzle-orm'
+import { NextResponse } from 'next/server'
+import { z } from 'zod'
+import { getSession } from '@/lib/auth'
+import { hasCredentialSetsAccess } from '@/lib/billing'
+
+const logger = createLogger('CredentialSets')
+
+const createCredentialSetSchema = z.object({
+  organizationId: z.string().min(1),
+  name: z.string().trim().min(1).max(100),
+  description: z.string().max(500).optional(),
+  providerId: z.enum(['google-email', 'outlook']),
+})
+
+export async function GET(req: Request) {
+  const session = await getSession()
+
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  // Check plan access (team/enterprise) or env var override
+  const hasAccess = await hasCredentialSetsAccess(session.user.id)
+  if (!hasAccess) {
+    return NextResponse.json(
+      { error: 'Credential sets require a Team or Enterprise plan' },
+      { status: 403 }
+    )
+  }
+
+  const { searchParams } = new URL(req.url)
+  const organizationId = searchParams.get('organizationId')
+
+  if (!organizationId) {
+    return NextResponse.json({ error: 'organizationId is required' }, { status: 400 })
+  }
+
+  const membership = await db
+    .select({ id: member.id, role: member.role })
+    .from(member)
+    .where(and(eq(member.userId, session.user.id), eq(member.organizationId, organizationId)))
+    .limit(1)
+
+  if (membership.length === 0) {
+    return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
+  }
+
+  const sets = await db
+    .select({
+      id: credentialSet.id,
+      name: credentialSet.name,
+      description: credentialSet.description,
+      providerId: credentialSet.providerId,
+      createdBy: credentialSet.createdBy,
+      createdAt: credentialSet.createdAt,
+      updatedAt: credentialSet.updatedAt,
+      creatorName: user.name,
+      creatorEmail: user.email,
+    })
+    .from(credentialSet)
+    .leftJoin(user, eq(credentialSet.createdBy, user.id))
+    .where(eq(credentialSet.organizationId, organizationId))
+    .orderBy(desc(credentialSet.createdAt))
+
+  const setsWithCounts = await Promise.all(
+    sets.map(async (set) => {
+      const [memberCount] = await db
+        .select({ count: count() })
+        .from(credentialSetMember)
+        .where(
+          and(
+            eq(credentialSetMember.credentialSetId, set.id),
+            eq(credentialSetMember.status, 'active')
+          )
+        )
+
+      return {
+        ...set,
+        memberCount: memberCount?.count ?? 0,
+      }
+    })
+  )
+
+  return NextResponse.json({ credentialSets: setsWithCounts })
+}
+
+export async function POST(req: Request) {
+  const session = await getSession()
+
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  // Check plan access (team/enterprise) or env var override
+  const hasAccess = await hasCredentialSetsAccess(session.user.id)
+  if (!hasAccess) {
+    return NextResponse.json(
+      { error: 'Credential sets require a Team or Enterprise plan' },
+      { status: 403 }
+    )
+  }
+
+  try {
+    const body = await req.json()
+    const { organizationId, name, description, providerId } = createCredentialSetSchema.parse(body)
+
+    const membership = await db
+      .select({ id: member.id, role: member.role })
+      .from(member)
+      .where(and(eq(member.userId, session.user.id), eq(member.organizationId, organizationId)))
+      .limit(1)
+
+    const role = membership[0]?.role
+    if (membership.length === 0 || (role !== 'admin' && role !== 'owner')) {
+      return NextResponse.json(
+        { error: 'Admin or owner permissions required to create credential sets' },
+        { status: 403 }
+      )
+    }
+
+    const orgExists = await db
+      .select({ id: organization.id })
+      .from(organization)
+      .where(eq(organization.id, organizationId))
+      .limit(1)
+
+    if (orgExists.length === 0) {
+      return NextResponse.json({ error: 'Organization not found' }, { status: 404 })
+    }
+
+    const existingSet = await db
+      .select({ id: credentialSet.id })
+      .from(credentialSet)
+      .where(and(eq(credentialSet.organizationId, organizationId), eq(credentialSet.name, name)))
+      .limit(1)
+
+    if (existingSet.length > 0) {
+      return NextResponse.json(
+        { error: 'A credential set with this name already exists' },
+        { status: 409 }
+      )
+    }
+
+    const now = new Date()
+    const newCredentialSet = {
+      id: crypto.randomUUID(),
+      organizationId,
+      name,
+      description: description || null,
+      providerId,
+      createdBy: session.user.id,
+      createdAt: now,
+      updatedAt: now,
+    }
+
+    await db.insert(credentialSet).values(newCredentialSet)
+
+    logger.info('Created credential set', {
+      credentialSetId: newCredentialSet.id,
+      organizationId,
+      userId: session.user.id,
+    })
+
+    return NextResponse.json({ credentialSet: newCredentialSet }, { status: 201 })
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      return NextResponse.json({ error: error.errors[0].message }, { status: 400 })
+    }
+    logger.error('Error creating credential set', error)
+    return NextResponse.json({ error: 'Failed to create credential set' }, { status: 500 })
+  }
+}
diff --git a/apps/sim/app/api/knowledge/[id]/documents/route.ts b/apps/sim/app/api/knowledge/[id]/documents/route.ts
index 7aba07d610..e15fa02209 100644
--- a/apps/sim/app/api/knowledge/[id]/documents/route.ts
+++ b/apps/sim/app/api/knowledge/[id]/documents/route.ts
@@ -198,15 +198,14 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
           `[${requestId}] Starting controlled async processing of ${createdDocuments.length} documents`
         )
 
-        // Track bulk document upload
         try {
-          const { trackPlatformEvent } = await import('@/lib/core/telemetry')
-          trackPlatformEvent('platform.knowledge_base.documents_uploaded', {
-            'knowledge_base.id': knowledgeBaseId,
-            'documents.count': createdDocuments.length,
-            'documents.upload_type': 'bulk',
-            'processing.chunk_size': validatedData.processingOptions.chunkSize,
-            'processing.recipe': validatedData.processingOptions.recipe,
+          const { PlatformEvents } = await import('@/lib/core/telemetry')
+          PlatformEvents.knowledgeBaseDocumentsUploaded({
+            knowledgeBaseId,
+            documentsCount: createdDocuments.length,
+            uploadType: 'bulk',
+            chunkSize: validatedData.processingOptions.chunkSize,
+            recipe: validatedData.processingOptions.recipe,
           })
         } catch (_e) {
           // Silently fail
@@ -262,15 +261,14 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
           userId
         )
 
-        // Track single document upload
         try {
-          const { trackPlatformEvent } = await import('@/lib/core/telemetry')
-          trackPlatformEvent('platform.knowledge_base.documents_uploaded', {
-            'knowledge_base.id': knowledgeBaseId,
-            'documents.count': 1,
-            'documents.upload_type': 'single',
-            'document.mime_type': validatedData.mimeType,
-            'document.file_size': validatedData.fileSize,
+          const { PlatformEvents } = await import('@/lib/core/telemetry')
+          PlatformEvents.knowledgeBaseDocumentsUploaded({
+            knowledgeBaseId,
+            documentsCount: 1,
+            uploadType: 'single',
+            mimeType: validatedData.mimeType,
+            fileSize: validatedData.fileSize,
           })
         } catch (_e) {
           // Silently fail
diff --git a/apps/sim/app/api/knowledge/[id]/route.ts b/apps/sim/app/api/knowledge/[id]/route.ts
index a26273b4a4..778dd75905 100644
--- a/apps/sim/app/api/knowledge/[id]/route.ts
+++ b/apps/sim/app/api/knowledge/[id]/route.ts
@@ -2,6 +2,7 @@ import { createLogger } from '@sim/logger'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
+import { PlatformEvents } from '@/lib/core/telemetry'
 import { generateRequestId } from '@/lib/core/utils/request'
 import {
   deleteKnowledgeBase,
@@ -183,6 +184,14 @@ export async function DELETE(
 
     await deleteKnowledgeBase(id, requestId)
 
+    try {
+      PlatformEvents.knowledgeBaseDeleted({
+        knowledgeBaseId: id,
+      })
+    } catch {
+      // Telemetry should not fail the operation
+    }
+
     logger.info(`[${requestId}] Knowledge base deleted: ${id} for user ${session.user.id}`)
 
     return NextResponse.json({
diff --git a/apps/sim/app/api/knowledge/route.ts b/apps/sim/app/api/knowledge/route.ts
index 3910fca333..07d439fe8c 100644
--- a/apps/sim/app/api/knowledge/route.ts
+++ b/apps/sim/app/api/knowledge/route.ts
@@ -2,6 +2,7 @@ import { createLogger } from '@sim/logger'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
+import { PlatformEvents } from '@/lib/core/telemetry'
 import { generateRequestId } from '@/lib/core/utils/request'
 import { createKnowledgeBase, getKnowledgeBases } from '@/lib/knowledge/service'
 
@@ -94,6 +95,16 @@ export async function POST(req: NextRequest) {
 
       const newKnowledgeBase = await createKnowledgeBase(createData, requestId)
 
+      try {
+        PlatformEvents.knowledgeBaseCreated({
+          knowledgeBaseId: newKnowledgeBase.id,
+          name: validatedData.name,
+          workspaceId: validatedData.workspaceId,
+        })
+      } catch {
+        // Telemetry should not fail the operation
+      }
+
       logger.info(
         `[${requestId}] Knowledge base created: ${newKnowledgeBase.id} for user ${session.user.id}`
       )
diff --git a/apps/sim/app/api/knowledge/search/route.test.ts b/apps/sim/app/api/knowledge/search/route.test.ts
index 94f8a0a2b6..04259062e7 100644
--- a/apps/sim/app/api/knowledge/search/route.test.ts
+++ b/apps/sim/app/api/knowledge/search/route.test.ts
@@ -5,6 +5,7 @@
  *
  * @vitest-environment node
  */
+import { createEnvMock } from '@sim/testing'
 import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
 import {
   createMockRequest,
@@ -26,13 +27,7 @@ vi.mock('drizzle-orm', () => ({
 
 mockKnowledgeSchemas()
 
-vi.mock('@/lib/core/config/env', () => ({
-  env: {
-    OPENAI_API_KEY: 'test-api-key',
-  },
-  isTruthy: (value: string | boolean | number | undefined) =>
-    typeof value === 'string' ? value === 'true' || value === '1' : Boolean(value),
-}))
+vi.mock('@/lib/core/config/env', () => createEnvMock({ OPENAI_API_KEY: 'test-api-key' }))
 
 vi.mock('@/lib/core/utils/request', () => ({
   generateRequestId: vi.fn(() => 'test-request-id'),
diff --git a/apps/sim/app/api/knowledge/search/route.ts b/apps/sim/app/api/knowledge/search/route.ts
index 6e3f584029..fdfce836b5 100644
--- a/apps/sim/app/api/knowledge/search/route.ts
+++ b/apps/sim/app/api/knowledge/search/route.ts
@@ -1,6 +1,7 @@
 import { createLogger } from '@sim/logger'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
+import { PlatformEvents } from '@/lib/core/telemetry'
 import { generateRequestId } from '@/lib/core/utils/request'
 import { ALL_TAG_SLOTS } from '@/lib/knowledge/constants'
 import { getDocumentTagDefinitions } from '@/lib/knowledge/tags/service'
@@ -294,6 +295,16 @@ export async function POST(request: NextRequest) {
       const documentIds = results.map((result) => result.documentId)
       const documentNameMap = await getDocumentNamesByIds(documentIds)
 
+      try {
+        PlatformEvents.knowledgeBaseSearched({
+          knowledgeBaseId: accessibleKbIds[0],
+          resultsCount: results.length,
+          workspaceId: workspaceId || undefined,
+        })
+      } catch {
+        // Telemetry should not fail the operation
+      }
+
       return NextResponse.json({
         success: true,
         data: {
diff --git a/apps/sim/app/api/knowledge/search/utils.test.ts b/apps/sim/app/api/knowledge/search/utils.test.ts
index 53ceeaa0ae..e5ebe22a8e 100644
--- a/apps/sim/app/api/knowledge/search/utils.test.ts
+++ b/apps/sim/app/api/knowledge/search/utils.test.ts
@@ -4,6 +4,7 @@
  *
  * @vitest-environment node
  */
+import { createEnvMock } from '@sim/testing'
 import { beforeEach, describe, expect, it, vi } from 'vitest'
 
 vi.mock('drizzle-orm')
@@ -30,12 +31,7 @@ vi.stubGlobal(
   })
 )
 
-vi.mock('@/lib/core/config/env', () => ({
-  env: {},
-  getEnv: (key: string) => process.env[key],
-  isTruthy: (value: string | boolean | number | undefined) =>
-    typeof value === 'string' ? value === 'true' || value === '1' : Boolean(value),
-}))
+vi.mock('@/lib/core/config/env', () => createEnvMock())
 
 import {
   generateSearchEmbedding,
diff --git a/apps/sim/app/api/knowledge/utils.test.ts b/apps/sim/app/api/knowledge/utils.test.ts
index 9ae1372c0f..0e8debe701 100644
--- a/apps/sim/app/api/knowledge/utils.test.ts
+++ b/apps/sim/app/api/knowledge/utils.test.ts
@@ -6,6 +6,7 @@
  * This file contains unit tests for the knowledge base utility functions,
  * including access checks, document processing, and embedding generation.
  */
+import { createEnvMock } from '@sim/testing'
 import { beforeEach, describe, expect, it, vi } from 'vitest'
 
 vi.mock('drizzle-orm', () => ({
@@ -15,12 +16,7 @@ vi.mock('drizzle-orm', () => ({
   sql: (strings: TemplateStringsArray, ...expr: any[]) => ({ strings, expr }),
 }))
 
-vi.mock('@/lib/core/config/env', () => ({
-  env: { OPENAI_API_KEY: 'test-key' },
-  getEnv: (key: string) => process.env[key],
-  isTruthy: (value: string | boolean | number | undefined) =>
-    typeof value === 'string' ? value === 'true' || value === '1' : Boolean(value),
-}))
+vi.mock('@/lib/core/config/env', () => createEnvMock({ OPENAI_API_KEY: 'test-key' }))
 
 vi.mock('@/lib/knowledge/documents/utils', () => ({
   retryWithExponentialBackoff: (fn: any) => fn(),
diff --git a/apps/sim/app/api/mcp/servers/route.ts b/apps/sim/app/api/mcp/servers/route.ts
index 4ba367d133..8f304035b9 100644
--- a/apps/sim/app/api/mcp/servers/route.ts
+++ b/apps/sim/app/api/mcp/servers/route.ts
@@ -140,12 +140,12 @@ export const POST = withMcpAuth('write')(
       )
 
       try {
-        const { trackPlatformEvent } = await import('@/lib/core/telemetry')
-        trackPlatformEvent('platform.mcp.server_added', {
-          'mcp.server_id': serverId,
-          'mcp.server_name': body.name,
-          'mcp.transport': body.transport,
-          'workspace.id': workspaceId,
+        const { PlatformEvents } = await import('@/lib/core/telemetry')
+        PlatformEvents.mcpServerAdded({
+          serverId,
+          serverName: body.name,
+          transport: body.transport,
+          workspaceId,
         })
       } catch (_e) {
         // Silently fail
diff --git a/apps/sim/app/api/mcp/tools/execute/route.ts b/apps/sim/app/api/mcp/tools/execute/route.ts
index 1bcdf6488e..fe0736ba14 100644
--- a/apps/sim/app/api/mcp/tools/execute/route.ts
+++ b/apps/sim/app/api/mcp/tools/execute/route.ts
@@ -194,12 +194,12 @@ export const POST = withMcpAuth('read')(
       logger.info(`[${requestId}] Successfully executed tool ${toolName} on server ${serverId}`)
 
       try {
-        const { trackPlatformEvent } = await import('@/lib/core/telemetry')
-        trackPlatformEvent('platform.mcp.tool_executed', {
-          'mcp.server_id': serverId,
-          'mcp.tool_name': toolName,
-          'mcp.execution_status': 'success',
-          'workspace.id': workspaceId,
+        const { PlatformEvents } = await import('@/lib/core/telemetry')
+        PlatformEvents.mcpToolExecuted({
+          serverId,
+          toolName,
+          status: 'success',
+          workspaceId,
         })
       } catch {
         // Telemetry failure is non-critical
diff --git a/apps/sim/app/api/organizations/[id]/invitations/[invitationId]/route.ts b/apps/sim/app/api/organizations/[id]/invitations/[invitationId]/route.ts
index bf9332caa0..143a924cc3 100644
--- a/apps/sim/app/api/organizations/[id]/invitations/[invitationId]/route.ts
+++ b/apps/sim/app/api/organizations/[id]/invitations/[invitationId]/route.ts
@@ -15,8 +15,11 @@ import { createLogger } from '@sim/logger'
 import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
+import { getEmailSubject, renderInvitationEmail } from '@/components/emails'
 import { getSession } from '@/lib/auth'
 import { requireStripeClient } from '@/lib/billing/stripe-client'
+import { getBaseUrl } from '@/lib/core/utils/urls'
+import { sendEmail } from '@/lib/messaging/email/mailer'
 
 const logger = createLogger('OrganizationInvitation')
 
@@ -69,6 +72,102 @@ export async function GET(
   }
 }
 
+// Resend invitation
+export async function POST(
+  _request: NextRequest,
+  { params }: { params: Promise<{ id: string; invitationId: string }> }
+) {
+  const { id: organizationId, invitationId } = await params
+  const session = await getSession()
+
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  try {
+    // Verify user is admin/owner
+    const memberEntry = await db
+      .select()
+      .from(member)
+      .where(and(eq(member.organizationId, organizationId), eq(member.userId, session.user.id)))
+      .limit(1)
+
+    if (memberEntry.length === 0 || !['owner', 'admin'].includes(memberEntry[0].role)) {
+      return NextResponse.json({ error: 'Forbidden - Admin access required' }, { status: 403 })
+    }
+
+    const orgInvitation = await db
+      .select()
+      .from(invitation)
+      .where(and(eq(invitation.id, invitationId), eq(invitation.organizationId, organizationId)))
+      .then((rows) => rows[0])
+
+    if (!orgInvitation) {
+      return NextResponse.json({ error: 'Invitation not found' }, { status: 404 })
+    }
+
+    if (orgInvitation.status !== 'pending') {
+      return NextResponse.json({ error: 'Can only resend pending invitations' }, { status: 400 })
+    }
+
+    const org = await db
+      .select({ name: organization.name })
+      .from(organization)
+      .where(eq(organization.id, organizationId))
+      .then((rows) => rows[0])
+
+    const inviter = await db
+      .select({ name: user.name })
+      .from(user)
+      .where(eq(user.id, session.user.id))
+      .limit(1)
+
+    // Update expiration date
+    const newExpiresAt = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000) // 7 days
+    await db
+      .update(invitation)
+      .set({ expiresAt: newExpiresAt })
+      .where(eq(invitation.id, invitationId))
+
+    // Send email
+    const emailHtml = await renderInvitationEmail(
+      inviter[0]?.name || 'Someone',
+      org?.name || 'organization',
+      `${getBaseUrl()}/invite/${invitationId}`
+    )
+
+    const emailResult = await sendEmail({
+      to: orgInvitation.email,
+      subject: getEmailSubject('invitation'),
+      html: emailHtml,
+      emailType: 'transactional',
+    })
+
+    if (!emailResult.success) {
+      logger.error('Failed to resend invitation email', {
+        email: orgInvitation.email,
+        error: emailResult.message,
+      })
+      return NextResponse.json({ error: 'Failed to send invitation email' }, { status: 500 })
+    }
+
+    logger.info('Organization invitation resent', {
+      organizationId,
+      invitationId,
+      resentBy: session.user.id,
+      email: orgInvitation.email,
+    })
+
+    return NextResponse.json({
+      success: true,
+      message: 'Invitation resent successfully',
+    })
+  } catch (error) {
+    logger.error('Error resending organization invitation:', error)
+    return NextResponse.json({ error: 'Failed to resend invitation' }, { status: 500 })
+  }
+}
+
 export async function PUT(
   req: NextRequest,
   { params }: { params: Promise<{ id: string; invitationId: string }> }
diff --git a/apps/sim/app/api/providers/route.ts b/apps/sim/app/api/providers/route.ts
index a78a5f999d..5c5c6798b8 100644
--- a/apps/sim/app/api/providers/route.ts
+++ b/apps/sim/app/api/providers/route.ts
@@ -41,6 +41,9 @@ export async function POST(request: NextRequest) {
       vertexProject,
       vertexLocation,
       vertexCredential,
+      bedrockAccessKeyId,
+      bedrockSecretKey,
+      bedrockRegion,
       responseFormat,
       workflowId,
       workspaceId,
@@ -67,6 +70,9 @@ export async function POST(request: NextRequest) {
       hasVertexProject: !!vertexProject,
       hasVertexLocation: !!vertexLocation,
       hasVertexCredential: !!vertexCredential,
+      hasBedrockAccessKeyId: !!bedrockAccessKeyId,
+      hasBedrockSecretKey: !!bedrockSecretKey,
+      hasBedrockRegion: !!bedrockRegion,
       hasResponseFormat: !!responseFormat,
       workflowId,
       stream: !!stream,
@@ -116,6 +122,9 @@ export async function POST(request: NextRequest) {
       azureApiVersion,
       vertexProject,
       vertexLocation,
+      bedrockAccessKeyId,
+      bedrockSecretKey,
+      bedrockRegion,
       responseFormat,
       workflowId,
       workspaceId,
diff --git a/apps/sim/app/api/templates/[id]/use/route.ts b/apps/sim/app/api/templates/[id]/use/route.ts
index 26ab63a65a..4ad3bda21e 100644
--- a/apps/sim/app/api/templates/[id]/use/route.ts
+++ b/apps/sim/app/api/templates/[id]/use/route.ts
@@ -168,18 +168,15 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
       `[${requestId}] Successfully used template: ${id}, created workflow: ${newWorkflowId}`
     )
 
-    // Track template usage
     try {
-      const { trackPlatformEvent } = await import('@/lib/core/telemetry')
+      const { PlatformEvents } = await import('@/lib/core/telemetry')
       const templateState = templateData.state as any
-      trackPlatformEvent('platform.template.used', {
-        'template.id': id,
-        'template.name': templateData.name,
-        'workflow.created_id': newWorkflowId,
-        'workflow.blocks_count': templateState?.blocks
-          ? Object.keys(templateState.blocks).length
-          : 0,
-        'workspace.id': workspaceId,
+      PlatformEvents.templateUsed({
+        templateId: id,
+        templateName: templateData.name,
+        newWorkflowId,
+        blocksCount: templateState?.blocks ? Object.keys(templateState.blocks).length : 0,
+        workspaceId,
       })
     } catch (_e) {
       // Silently fail
diff --git a/apps/sim/app/api/v1/admin/byok/route.ts b/apps/sim/app/api/v1/admin/byok/route.ts
new file mode 100644
index 0000000000..8144993122
--- /dev/null
+++ b/apps/sim/app/api/v1/admin/byok/route.ts
@@ -0,0 +1,199 @@
+/**
+ * Admin BYOK Keys API
+ *
+ * GET /api/v1/admin/byok
+ *   List all BYOK keys with optional filtering.
+ *
+ *   Query Parameters:
+ *     - organizationId?: string - Filter by organization ID (finds all workspaces billed to this org)
+ *     - workspaceId?: string - Filter by specific workspace ID
+ *
+ *   Response: { data: AdminBYOKKey[], pagination: PaginationMeta }
+ *
+ * DELETE /api/v1/admin/byok
+ *   Delete BYOK keys for an organization or workspace.
+ *   Used when an enterprise plan churns to clean up BYOK keys.
+ *
+ *   Query Parameters:
+ *     - organizationId: string - Delete all BYOK keys for workspaces billed to this org
+ *     - workspaceId?: string - Delete keys for a specific workspace only (optional)
+ *
+ *   Response: { success: true, deletedCount: number, workspacesAffected: string[] }
+ */
+
+import { db } from '@sim/db'
+import { user, workspace, workspaceBYOKKeys } from '@sim/db/schema'
+import { createLogger } from '@sim/logger'
+import { eq, inArray, sql } from 'drizzle-orm'
+import { withAdminAuth } from '@/app/api/v1/admin/middleware'
+import {
+  badRequestResponse,
+  internalErrorResponse,
+  singleResponse,
+} from '@/app/api/v1/admin/responses'
+
+const logger = createLogger('AdminBYOKAPI')
+
+export interface AdminBYOKKey {
+  id: string
+  workspaceId: string
+  workspaceName: string
+  organizationId: string
+  providerId: string
+  createdAt: string
+  createdByUserId: string | null
+  createdByEmail: string | null
+}
+
+export const GET = withAdminAuth(async (request) => {
+  const url = new URL(request.url)
+  const organizationId = url.searchParams.get('organizationId')
+  const workspaceId = url.searchParams.get('workspaceId')
+
+  try {
+    let workspaceIds: string[] = []
+
+    if (workspaceId) {
+      workspaceIds = [workspaceId]
+    } else if (organizationId) {
+      const workspaces = await db
+        .select({ id: workspace.id })
+        .from(workspace)
+        .where(eq(workspace.billedAccountUserId, organizationId))
+
+      workspaceIds = workspaces.map((w) => w.id)
+    }
+
+    const query = db
+      .select({
+        id: workspaceBYOKKeys.id,
+        workspaceId: workspaceBYOKKeys.workspaceId,
+        workspaceName: workspace.name,
+        organizationId: workspace.billedAccountUserId,
+        providerId: workspaceBYOKKeys.providerId,
+        createdAt: workspaceBYOKKeys.createdAt,
+        createdByUserId: workspaceBYOKKeys.createdBy,
+        createdByEmail: user.email,
+      })
+      .from(workspaceBYOKKeys)
+      .innerJoin(workspace, eq(workspaceBYOKKeys.workspaceId, workspace.id))
+      .leftJoin(user, eq(workspaceBYOKKeys.createdBy, user.id))
+
+    let keys
+    if (workspaceIds.length > 0) {
+      keys = await query.where(inArray(workspaceBYOKKeys.workspaceId, workspaceIds))
+    } else {
+      keys = await query
+    }
+
+    const formattedKeys: AdminBYOKKey[] = keys.map((k) => ({
+      id: k.id,
+      workspaceId: k.workspaceId,
+      workspaceName: k.workspaceName,
+      organizationId: k.organizationId,
+      providerId: k.providerId,
+      createdAt: k.createdAt.toISOString(),
+      createdByUserId: k.createdByUserId,
+      createdByEmail: k.createdByEmail,
+    }))
+
+    logger.info('Admin API: Listed BYOK keys', {
+      organizationId,
+      workspaceId,
+      count: formattedKeys.length,
+    })
+
+    return singleResponse({
+      data: formattedKeys,
+      pagination: {
+        total: formattedKeys.length,
+        limit: formattedKeys.length,
+        offset: 0,
+        hasMore: false,
+      },
+    })
+  } catch (error) {
+    logger.error('Admin API: Failed to list BYOK keys', { error, organizationId, workspaceId })
+    return internalErrorResponse('Failed to list BYOK keys')
+  }
+})
+
+export const DELETE = withAdminAuth(async (request) => {
+  const url = new URL(request.url)
+  const organizationId = url.searchParams.get('organizationId')
+  const workspaceId = url.searchParams.get('workspaceId')
+  const reason = url.searchParams.get('reason') || 'Enterprise plan churn cleanup'
+
+  if (!organizationId && !workspaceId) {
+    return badRequestResponse('Either organizationId or workspaceId is required')
+  }
+
+  try {
+    let workspaceIds: string[] = []
+
+    if (workspaceId) {
+      workspaceIds = [workspaceId]
+    } else if (organizationId) {
+      const workspaces = await db
+        .select({ id: workspace.id })
+        .from(workspace)
+        .where(eq(workspace.billedAccountUserId, organizationId))
+
+      workspaceIds = workspaces.map((w) => w.id)
+    }
+
+    if (workspaceIds.length === 0) {
+      logger.info('Admin API: No workspaces found for BYOK cleanup', {
+        organizationId,
+        workspaceId,
+      })
+      return singleResponse({
+        success: true,
+        deletedCount: 0,
+        workspacesAffected: [],
+        message: 'No workspaces found for the given organization/workspace ID',
+      })
+    }
+
+    const countResult = await db
+      .select({ count: sql<number>`count(*)` })
+      .from(workspaceBYOKKeys)
+      .where(inArray(workspaceBYOKKeys.workspaceId, workspaceIds))
+
+    const totalToDelete = Number(countResult[0]?.count ?? 0)
+
+    if (totalToDelete === 0) {
+      logger.info('Admin API: No BYOK keys to delete', {
+        organizationId,
+        workspaceId,
+        workspaceIds,
+      })
+      return singleResponse({
+        success: true,
+        deletedCount: 0,
+        workspacesAffected: [],
+        message: 'No BYOK keys found for the specified workspaces',
+      })
+    }
+
+    await db.delete(workspaceBYOKKeys).where(inArray(workspaceBYOKKeys.workspaceId, workspaceIds))
+
+    logger.info('Admin API: Deleted BYOK keys', {
+      organizationId,
+      workspaceId,
+      workspaceIds,
+      deletedCount: totalToDelete,
+      reason,
+    })
+
+    return singleResponse({
+      success: true,
+      deletedCount: totalToDelete,
+      workspacesAffected: workspaceIds,
+      reason,
+    })
+  } catch (error) {
+    logger.error('Admin API: Failed to delete BYOK keys', { error, organizationId, workspaceId })
+    return internalErrorResponse('Failed to delete BYOK keys')
+  }
+})
diff --git a/apps/sim/app/api/v1/admin/index.ts b/apps/sim/app/api/v1/admin/index.ts
index 2d0afcce02..f41409bf90 100644
--- a/apps/sim/app/api/v1/admin/index.ts
+++ b/apps/sim/app/api/v1/admin/index.ts
@@ -51,6 +51,10 @@
  *   GET    /api/v1/admin/subscriptions                      - List all subscriptions
  *   GET    /api/v1/admin/subscriptions/:id                  - Get subscription details
  *   DELETE /api/v1/admin/subscriptions/:id                  - Cancel subscription (?atPeriodEnd=true for scheduled)
+ *
+ *   BYOK Keys:
+ *   GET    /api/v1/admin/byok                               - List BYOK keys (?organizationId=X or ?workspaceId=X)
+ *   DELETE /api/v1/admin/byok                               - Delete BYOK keys for org/workspace
  */
 
 export type { AdminAuthFailure, AdminAuthResult, AdminAuthSuccess } from '@/app/api/v1/admin/auth'
diff --git a/apps/sim/app/api/webhooks/[id]/route.ts b/apps/sim/app/api/webhooks/[id]/route.ts
index 6f7ffc3a3d..0cd31402df 100644
--- a/apps/sim/app/api/webhooks/[id]/route.ts
+++ b/apps/sim/app/api/webhooks/[id]/route.ts
@@ -1,10 +1,11 @@
 import { db } from '@sim/db'
 import { webhook, workflow } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
-import { eq } from 'drizzle-orm'
+import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { validateInteger } from '@/lib/core/security/input-validation'
+import { PlatformEvents } from '@/lib/core/telemetry'
 import { generateRequestId } from '@/lib/core/utils/request'
 import { getUserEntityPermissions } from '@/lib/workspaces/permissions/utils'
 
@@ -184,16 +185,28 @@ export async function PATCH(request: NextRequest, { params }: { params: Promise<
       hasFailedCountUpdate: failedCount !== undefined,
     })
 
-    // Update the webhook
+    // Merge providerConfig to preserve credential-related fields
+    let finalProviderConfig = webhooks[0].webhook.providerConfig
+    if (providerConfig !== undefined) {
+      const existingConfig = (webhooks[0].webhook.providerConfig as Record<string, unknown>) || {}
+      finalProviderConfig = {
+        ...resolvedProviderConfig,
+        credentialId: existingConfig.credentialId,
+        credentialSetId: existingConfig.credentialSetId,
+        userId: existingConfig.userId,
+        historyId: existingConfig.historyId,
+        lastCheckedTimestamp: existingConfig.lastCheckedTimestamp,
+        setupCompleted: existingConfig.setupCompleted,
+        externalId: existingConfig.externalId,
+      }
+    }
+
     const updatedWebhook = await db
       .update(webhook)
       .set({
         path: path !== undefined ? path : webhooks[0].webhook.path,
         provider: provider !== undefined ? provider : webhooks[0].webhook.provider,
-        providerConfig:
-          providerConfig !== undefined
-            ? resolvedProviderConfig
-            : webhooks[0].webhook.providerConfig,
+        providerConfig: finalProviderConfig,
         isActive: isActive !== undefined ? isActive : webhooks[0].webhook.isActive,
         failedCount: failedCount !== undefined ? failedCount : webhooks[0].webhook.failedCount,
         updatedAt: new Date(),
@@ -276,13 +289,67 @@ export async function DELETE(
     }
 
     const foundWebhook = webhookData.webhook
-
     const { cleanupExternalWebhook } = await import('@/lib/webhooks/provider-subscriptions')
-    await cleanupExternalWebhook(foundWebhook, webhookData.workflow, requestId)
 
-    await db.delete(webhook).where(eq(webhook.id, id))
+    const providerConfig = foundWebhook.providerConfig as Record<string, unknown> | null
+    const credentialSetId = providerConfig?.credentialSetId as string | undefined
+    const blockId = providerConfig?.blockId as string | undefined
+
+    if (credentialSetId && blockId) {
+      const allCredentialSetWebhooks = await db
+        .select()
+        .from(webhook)
+        .where(and(eq(webhook.workflowId, webhookData.workflow.id), eq(webhook.blockId, blockId)))
+
+      const webhooksToDelete = allCredentialSetWebhooks.filter((w) => {
+        const config = w.providerConfig as Record<string, unknown> | null
+        return config?.credentialSetId === credentialSetId
+      })
+
+      for (const w of webhooksToDelete) {
+        await cleanupExternalWebhook(w, webhookData.workflow, requestId)
+      }
+
+      const idsToDelete = webhooksToDelete.map((w) => w.id)
+      for (const wId of idsToDelete) {
+        await db.delete(webhook).where(eq(webhook.id, wId))
+      }
+
+      try {
+        for (const wId of idsToDelete) {
+          PlatformEvents.webhookDeleted({
+            webhookId: wId,
+            workflowId: webhookData.workflow.id,
+          })
+        }
+      } catch {
+        // Telemetry should not fail the operation
+      }
+
+      logger.info(
+        `[${requestId}] Successfully deleted ${idsToDelete.length} webhooks for credential set`,
+        {
+          credentialSetId,
+          blockId,
+          deletedIds: idsToDelete,
+        }
+      )
+    } else {
+      await cleanupExternalWebhook(foundWebhook, webhookData.workflow, requestId)
+      await db.delete(webhook).where(eq(webhook.id, id))
+
+      try {
+        PlatformEvents.webhookDeleted({
+          webhookId: id,
+          workflowId: webhookData.workflow.id,
+        })
+      } catch {
+        // Telemetry should not fail the operation
+      }
+
+      logger.info(`[${requestId}] Successfully deleted webhook: ${id}`)
+    }
 
-    logger.info(`[${requestId}] Successfully deleted webhook: ${id}`)
     return NextResponse.json({ success: true }, { status: 200 })
   } catch (error: any) {
     logger.error(`[${requestId}] Error deleting webhook`, {
diff --git a/apps/sim/app/api/webhooks/route.ts b/apps/sim/app/api/webhooks/route.ts
index 62ad40db06..a26fe9933b 100644
--- a/apps/sim/app/api/webhooks/route.ts
+++ b/apps/sim/app/api/webhooks/route.ts
@@ -5,6 +5,7 @@ import { and, desc, eq } from 'drizzle-orm'
 import { nanoid } from 'nanoid'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
+import { PlatformEvents } from '@/lib/core/telemetry'
 import { generateRequestId } from '@/lib/core/utils/request'
 import { getBaseUrl } from '@/lib/core/utils/urls'
 import { getUserEntityPermissions } from '@/lib/workspaces/permissions/utils'
@@ -262,6 +263,157 @@ export async function POST(request: NextRequest) {
       workflowRecord.workspaceId || undefined
     )
 
+    // --- Credential Set Handling ---
+    // For credential sets, we fan out to create one webhook per credential at save time.
+    // This applies to all OAuth-based triggers, not just polling ones.
+    // Check for credentialSetId directly (frontend may already extract it) or credential set value in credential fields
+    const rawCredentialId = (resolvedProviderConfig?.credentialId ||
+      resolvedProviderConfig?.triggerCredentials) as string | undefined
+    const directCredentialSetId = resolvedProviderConfig?.credentialSetId as string | undefined
+
+    if (directCredentialSetId || rawCredentialId) {
+      const { isCredentialSetValue, extractCredentialSetId } = await import('@/executor/constants')
+
+      const credentialSetId =
+        directCredentialSetId ||
+        (rawCredentialId && isCredentialSetValue(rawCredentialId)
+          ? extractCredentialSetId(rawCredentialId)
+          : null)
+
+      if (credentialSetId) {
+        logger.info(
+          `[${requestId}] Credential set detected for ${provider} trigger. Syncing webhooks for set ${credentialSetId}`
+        )
+
+        const { getProviderIdFromServiceId } = await import('@/lib/oauth')
+        const { syncWebhooksForCredentialSet, configureGmailPolling, configureOutlookPolling } =
+          await import('@/lib/webhooks/utils.server')
+
+        // Map provider to OAuth provider ID
+        const oauthProviderId = getProviderIdFromServiceId(provider)
+
+        const {
+          credentialId: _cId,
+          triggerCredentials: _tCred,
+          credentialSetId: _csId,
+          ...baseProviderConfig
+        } = resolvedProviderConfig
+
+        try {
+          const syncResult = await syncWebhooksForCredentialSet({
+            workflowId,
+            blockId,
+            provider,
+            basePath: finalPath,
+            credentialSetId,
+            oauthProviderId,
+            providerConfig: baseProviderConfig,
+            requestId,
+          })
+
+          if (syncResult.webhooks.length === 0) {
+            logger.error(
+              `[${requestId}] No webhooks created for credential set - no valid credentials found`
+            )
+            return NextResponse.json(
+              {
+                error: `No valid credentials found in credential set for ${provider}`,
+                details: 'Please ensure team members have connected their accounts',
+              },
+              { status: 400 }
+            )
+          }
+
+          // Configure each new webhook (for providers that need configuration)
+          const pollingProviders = ['gmail', 'outlook']
+          const needsConfiguration = pollingProviders.includes(provider)
+
+          if (needsConfiguration) {
+            const configureFunc =
+              provider === 'gmail' ? configureGmailPolling : configureOutlookPolling
+            const configureErrors: string[] = []
+
+            for (const wh of syncResult.webhooks) {
+              if (wh.isNew) {
+                // Fetch the webhook data for configuration
+                const webhookRows = await db
+                  .select()
+                  .from(webhook)
+                  .where(eq(webhook.id, wh.id))
+                  .limit(1)
+
+                if (webhookRows.length > 0) {
+                  const success = await configureFunc(webhookRows[0], requestId)
+                  if (!success) {
+                    configureErrors.push(
+                      `Failed to configure webhook for credential ${wh.credentialId}`
+                    )
+                    logger.warn(
+                      `[${requestId}] Failed to configure ${provider} polling for webhook ${wh.id}`
+                    )
+                  }
+                }
+              }
+            }
+
+            if (
+              configureErrors.length > 0 &&
+              configureErrors.length === syncResult.webhooks.length
+            ) {
+              // All configurations failed - roll back
+              logger.error(`[${requestId}] All webhook configurations failed, rolling back`)
+              for (const wh of syncResult.webhooks) {
+                await db.delete(webhook).where(eq(webhook.id, wh.id))
+              }
+              return NextResponse.json(
+                {
+                  error: `Failed to configure ${provider} polling`,
+                  details: 'Please check account permissions and try again',
+                },
+                { status: 500 }
+              )
+            }
+          }
+
+          logger.info(
+            `[${requestId}] Successfully synced ${syncResult.webhooks.length} webhooks for credential set ${credentialSetId}`
+          )
+
+          // Return the first webhook as the "primary" for the UI
+          // The UI will query by credentialSetId to get all of them
+          const primaryWebhookRows = await db
+            .select()
+            .from(webhook)
+            .where(eq(webhook.id, syncResult.webhooks[0].id))
+            .limit(1)
+
+          return NextResponse.json(
+            {
+              webhook: primaryWebhookRows[0],
+              credentialSetInfo: {
+                credentialSetId,
+                totalWebhooks: syncResult.webhooks.length,
+                created: syncResult.created,
+                updated: syncResult.updated,
+                deleted: syncResult.deleted,
+              },
+            },
+            { status: syncResult.created > 0 ? 201 : 200 }
+          )
+        } catch (err) {
+          logger.error(`[${requestId}] Error syncing webhooks for credential set`, err)
+          return NextResponse.json(
+            {
+              error: `Failed to configure ${provider} webhook`,
+              details: err instanceof Error ? err.message : 'Unknown error',
+            },
+            { status: 500 }
+          )
+        }
+      }
+    }
+    // --- End Credential Set Handling ---
+
     // Create external subscriptions before saving to DB to prevent orphaned records
     let externalSubscriptionId: string | undefined
     let externalSubscriptionCreated = false
@@ -422,6 +574,10 @@ export async function POST(request: NextRequest) {
             blockId,
             provider,
             providerConfig: resolvedProviderConfig,
+            credentialSetId:
+              ((resolvedProviderConfig as Record<string, unknown>)?.credentialSetId as
+                | string
+                | null) || null,
             isActive: true,
             updatedAt: new Date(),
           })
@@ -445,6 +601,10 @@ export async function POST(request: NextRequest) {
             path: finalPath,
             provider,
             providerConfig: resolvedProviderConfig,
+            credentialSetId:
+              ((resolvedProviderConfig as Record<string, unknown>)?.credentialSetId as
+                | string
+                | null) || null,
             isActive: true,
             createdAt: new Date(),
             updatedAt: new Date(),
@@ -584,7 +744,7 @@ export async function POST(request: NextRequest) {
     if (savedWebhook && provider === 'grain') {
       logger.info(`[${requestId}] Grain provider detected. Creating Grain webhook subscription.`)
       try {
-        const grainHookId = await createGrainWebhookSubscription(
+        const grainResult = await createGrainWebhookSubscription(
           request,
           {
             id: savedWebhook.id,
@@ -594,11 +754,12 @@ export async function POST(request: NextRequest) {
           requestId
         )
 
-        if (grainHookId) {
-          // Update the webhook record with the external Grain hook ID
+        if (grainResult) {
+          // Update the webhook record with the external Grain hook ID and event types for filtering
           const updatedConfig = {
             ...(savedWebhook.providerConfig as Record<string, any>),
-            externalId: grainHookId,
+            externalId: grainResult.id,
+            eventTypes: grainResult.eventTypes,
           }
           await db
             .update(webhook)
@@ -610,7 +771,8 @@ export async function POST(request: NextRequest) {
 
           savedWebhook.providerConfig = updatedConfig
           logger.info(`[${requestId}] Successfully created Grain webhook`, {
-            grainHookId,
+            grainHookId: grainResult.id,
+            eventTypes: grainResult.eventTypes,
             webhookId: savedWebhook.id,
           })
         }
@@ -631,6 +793,19 @@ export async function POST(request: NextRequest) {
     }
     // --- End Grain specific logic ---
 
+    if (!targetWebhookId && savedWebhook) {
+      try {
+        PlatformEvents.webhookCreated({
+          webhookId: savedWebhook.id,
+          workflowId: workflowId,
+          provider: provider || 'generic',
+          workspaceId: workflowRecord.workspaceId || undefined,
+        })
+      } catch {
+        // Telemetry should not fail the operation
+      }
+    }
+
     const status = targetWebhookId ? 200 : 201
     return NextResponse.json({ webhook: savedWebhook }, { status })
   } catch (error: any) {
@@ -1003,10 +1178,10 @@ async function createGrainWebhookSubscription(
   request: NextRequest,
   webhookData: any,
   requestId: string
-): Promise<string | undefined> {
+): Promise<{ id: string; eventTypes: string[] } | undefined> {
   try {
     const { path, providerConfig } = webhookData
-    const { apiKey, includeHighlights, includeParticipants, includeAiSummary } =
+    const { apiKey, triggerId, includeHighlights, includeParticipants, includeAiSummary } =
       providerConfig || {}
 
     if (!apiKey) {
@@ -1018,12 +1193,53 @@ async function createGrainWebhookSubscription(
       )
     }
 
+    // Map trigger IDs to Grain API hook_type (only 2 options: recording_added, upload_status)
+    const hookTypeMap: Record<string, string> = {
+      grain_webhook: 'recording_added',
+      grain_recording_created: 'recording_added',
+      grain_recording_updated: 'recording_added',
+      grain_highlight_created: 'recording_added',
+      grain_highlight_updated: 'recording_added',
+      grain_story_created: 'recording_added',
+      grain_upload_status: 'upload_status',
+    }
+
+    const eventTypeMap: Record<string, string[]> = {
+      grain_webhook: [],
+      grain_recording_created: ['recording_added'],
+      grain_recording_updated: ['recording_updated'],
+      grain_highlight_created: ['highlight_created'],
+      grain_highlight_updated: ['highlight_updated'],
+      grain_story_created: ['story_created'],
+      grain_upload_status: ['upload_status'],
+    }
+
+    const hookType = hookTypeMap[triggerId] ?? 'recording_added'
+    const eventTypes = eventTypeMap[triggerId] ?? []
+
+    if (!hookTypeMap[triggerId]) {
+      logger.warn(
+        `[${requestId}] Unknown triggerId for Grain: ${triggerId}, defaulting to recording_added`,
+        {
+          webhookId: webhookData.id,
+        }
+      )
+    }
+
+    logger.info(`[${requestId}] Creating Grain webhook`, {
+      triggerId,
+      hookType,
+      eventTypes,
+      webhookId: webhookData.id,
+    })
+
     const notificationUrl = `${getBaseUrl()}/api/webhooks/trigger/${path}`
 
     const grainApiUrl = 'https://api.grain.com/_/public-api/v2/hooks/create'
 
     const requestBody: Record<string, any> = {
       hook_url: notificationUrl,
+      hook_type: hookType,
     }
 
     // Build include object based on configuration
@@ -1053,8 +1269,10 @@ async function createGrainWebhookSubscription(
 
     const responseBody = await grainResponse.json()
 
-    if (!grainResponse.ok || responseBody.error) {
+    if (!grainResponse.ok || responseBody.error || responseBody.errors) {
+      logger.warn('[App] Grain response body:', responseBody)
       const errorMessage =
+        responseBody.errors?.detail ||
         responseBody.error?.message ||
         responseBody.error ||
         responseBody.message ||
@@ -1082,10 +1300,11 @@ async function createGrainWebhookSubscription(
       `[${requestId}] Successfully created webhook in Grain for webhook ${webhookData.id}.`,
       {
         grainWebhookId: responseBody.id,
+        eventTypes,
       }
     )
 
-    return responseBody.id
+    return { id: responseBody.id, eventTypes }
   } catch (error: any) {
     logger.error(
       `[${requestId}] Exception during Grain webhook creation for webhook ${webhookData.id}.`,
diff --git a/apps/sim/app/api/webhooks/trigger/[path]/route.test.ts b/apps/sim/app/api/webhooks/trigger/[path]/route.test.ts
index cdb17c5a81..fff521ca8f 100644
--- a/apps/sim/app/api/webhooks/trigger/[path]/route.test.ts
+++ b/apps/sim/app/api/webhooks/trigger/[path]/route.test.ts
@@ -157,6 +157,112 @@ vi.mock('@/lib/workflows/persistence/utils', () => ({
   blockExistsInDeployment: vi.fn().mockResolvedValue(true),
 }))
 
+vi.mock('@/lib/webhooks/processor', () => ({
+  findAllWebhooksForPath: vi.fn().mockImplementation(async (options: { path: string }) => {
+    // Filter webhooks by path from globalMockData
+    const matchingWebhooks = globalMockData.webhooks.filter(
+      (wh) => wh.path === options.path && wh.isActive
+    )
+
+    if (matchingWebhooks.length === 0) {
+      return []
+    }
+
+    // Return array of {webhook, workflow} objects
+    return matchingWebhooks.map((wh) => {
+      const matchingWorkflow = globalMockData.workflows.find((w) => w.id === wh.workflowId) || {
+        id: wh.workflowId || 'test-workflow-id',
+        userId: 'test-user-id',
+        workspaceId: 'test-workspace-id',
+      }
+      return {
+        webhook: wh,
+        workflow: matchingWorkflow,
+      }
+    })
+  }),
+  parseWebhookBody: vi.fn().mockImplementation(async (request: any) => {
+    try {
+      const cloned = request.clone()
+      const rawBody = await cloned.text()
+      const body = rawBody ? JSON.parse(rawBody) : {}
+      return { body, rawBody }
+    } catch {
+      return { body: {}, rawBody: '' }
+    }
+  }),
+  handleProviderChallenges: vi.fn().mockResolvedValue(null),
+  handleProviderReachabilityTest: vi.fn().mockReturnValue(null),
+  verifyProviderAuth: vi
+    .fn()
+    .mockImplementation(
+      async (
+        foundWebhook: any,
+        _foundWorkflow: any,
+        request: any,
+        _rawBody: string,
+        _requestId: string
+      ) => {
+        // Implement generic webhook auth verification for tests
+        if (foundWebhook.provider === 'generic') {
+          const providerConfig = foundWebhook.providerConfig || {}
+          if (providerConfig.requireAuth) {
+            const configToken = providerConfig.token
+            const secretHeaderName = providerConfig.secretHeaderName
+
+            if (configToken) {
+              let isTokenValid = false
+
+              if (secretHeaderName) {
+                // Custom header auth
+                const headerValue = request.headers.get(secretHeaderName.toLowerCase())
+                if (headerValue === configToken) {
+                  isTokenValid = true
+                }
+              } else {
+                // Bearer token auth
+                const authHeader = request.headers.get('authorization')
+                if (authHeader?.toLowerCase().startsWith('bearer ')) {
+                  const token = authHeader.substring(7)
+                  if (token === configToken) {
+                    isTokenValid = true
+                  }
+                }
+              }
+
+              if (!isTokenValid) {
+                const { NextResponse } = await import('next/server')
+                return new NextResponse('Unauthorized - Invalid authentication token', {
+                  status: 401,
+                })
+              }
+            } else {
+              // Auth required but no token configured
+              const { NextResponse } = await import('next/server')
+              return new NextResponse('Unauthorized - Authentication required but not configured', {
+                status: 401,
+              })
+            }
+          }
+        }
+        return null
+      }
+    ),
+  checkWebhookPreprocessing: vi.fn().mockResolvedValue(null),
+  formatProviderErrorResponse: vi.fn().mockImplementation((_webhook, error, status) => {
+    const { NextResponse } = require('next/server')
+    return NextResponse.json({ error }, { status })
+  }),
+  shouldSkipWebhookEvent: vi.fn().mockReturnValue(false),
+  handlePreDeploymentVerification: vi.fn().mockReturnValue(null),
+  queueWebhookExecution: vi.fn().mockImplementation(async () => {
+    // Call processWebhookMock so tests can verify it was called
+    processWebhookMock()
+    const { NextResponse } = await import('next/server')
+    return NextResponse.json({ message: 'Webhook processed' })
+  }),
+}))
+
 vi.mock('drizzle-orm/postgres-js', () => ({
   drizzle: vi.fn().mockReturnValue({}),
 }))
@@ -165,6 +271,10 @@ vi.mock('postgres', () => vi.fn().mockReturnValue({}))
 
 vi.mock('@sim/logger', () => loggerMock)
 
+vi.mock('@/lib/core/utils/request', () => ({
+  generateRequestId: vi.fn().mockReturnValue('test-request-id'),
+}))
+
 process.env.DATABASE_URL = 'postgresql://test:test@localhost:5432/test'
 
 import { POST } from '@/app/api/webhooks/trigger/[path]/route'
diff --git a/apps/sim/app/api/webhooks/trigger/[path]/route.ts b/apps/sim/app/api/webhooks/trigger/[path]/route.ts
index 96ad8492f1..f3aba1e7b4 100644
--- a/apps/sim/app/api/webhooks/trigger/[path]/route.ts
+++ b/apps/sim/app/api/webhooks/trigger/[path]/route.ts
@@ -3,11 +3,14 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { generateRequestId } from '@/lib/core/utils/request'
 import {
   checkWebhookPreprocessing,
-  findWebhookAndWorkflow,
+  findAllWebhooksForPath,
+  formatProviderErrorResponse,
+  handlePreDeploymentVerification,
   handleProviderChallenges,
   handleProviderReachabilityTest,
   parseWebhookBody,
   queueWebhookExecution,
+  shouldSkipWebhookEvent,
   verifyProviderAuth,
 } from '@/lib/webhooks/processor'
 import { blockExistsInDeployment } from '@/lib/workflows/persistence/utils'
@@ -22,19 +25,7 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
   const requestId = generateRequestId()
   const { path } = await params
 
-  // Handle Microsoft Graph subscription validation
-  const url = new URL(request.url)
-  const validationToken = url.searchParams.get('validationToken')
-
-  if (validationToken) {
-    logger.info(`[${requestId}] Microsoft Graph subscription validation for path: ${path}`)
-    return new NextResponse(validationToken, {
-      status: 200,
-      headers: { 'Content-Type': 'text/plain' },
-    })
-  }
-
-  // Handle other GET-based verifications if needed
+  // Handle provider-specific GET verifications (Microsoft Graph, WhatsApp, etc.)
   const challengeResponse = await handleProviderChallenges({}, request, requestId, path)
   if (challengeResponse) {
     return challengeResponse
@@ -50,26 +41,10 @@ export async function POST(
   const requestId = generateRequestId()
   const { path } = await params
 
-  // Log ALL incoming webhook requests for debugging
-  logger.info(`[${requestId}] Incoming webhook request`, {
-    path,
-    method: request.method,
-    headers: Object.fromEntries(request.headers.entries()),
-  })
-
-  // Handle Microsoft Graph subscription validation (some environments send POST with validationToken)
-  try {
-    const url = new URL(request.url)
-    const validationToken = url.searchParams.get('validationToken')
-    if (validationToken) {
-      logger.info(`[${requestId}] Microsoft Graph subscription validation (POST) for path: ${path}`)
-      return new NextResponse(validationToken, {
-        status: 200,
-        headers: { 'Content-Type': 'text/plain' },
-      })
-    }
-  } catch {
-    // ignore URL parsing errors; proceed to normal handling
+  // Handle provider challenges before body parsing (Microsoft Graph validationToken, etc.)
+  const earlyChallenge = await handleProviderChallenges({}, request, requestId, path)
+  if (earlyChallenge) {
+    return earlyChallenge
   }
 
   const parseResult = await parseWebhookBody(request, requestId)
@@ -86,118 +61,118 @@ export async function POST(
     return challengeResponse
   }
 
-  const findResult = await findWebhookAndWorkflow({ requestId, path })
+  // Find all webhooks for this path (supports credential set fan-out where multiple webhooks share a path)
+  const webhooksForPath = await findAllWebhooksForPath({ requestId, path })
 
-  if (!findResult) {
+  if (webhooksForPath.length === 0) {
     logger.warn(`[${requestId}] Webhook or workflow not found for path: ${path}`)
-
     return new NextResponse('Not Found', { status: 404 })
   }
 
-  const { webhook: foundWebhook, workflow: foundWorkflow } = findResult
-
-  // Log HubSpot webhook details for debugging
-  if (foundWebhook.provider === 'hubspot') {
-    const events = Array.isArray(body) ? body : [body]
-    const firstEvent = events[0]
-
-    logger.info(`[${requestId}] HubSpot webhook received`, {
-      path,
-      subscriptionType: firstEvent?.subscriptionType,
-      objectId: firstEvent?.objectId,
-      portalId: firstEvent?.portalId,
-      webhookId: foundWebhook.id,
-      workflowId: foundWorkflow.id,
-      triggerId: foundWebhook.providerConfig?.triggerId,
-      eventCount: events.length,
-    })
-  }
+  // Process each webhook
+  // For credential sets with shared paths, each webhook represents a different credential
+  const responses: NextResponse[] = []
+
+  for (const { webhook: foundWebhook, workflow: foundWorkflow } of webhooksForPath) {
+    const authError = await verifyProviderAuth(
+      foundWebhook,
+      foundWorkflow,
+      request,
+      rawBody,
+      requestId
+    )
+    if (authError) {
+      // For multi-webhook, log and continue to next webhook
+      if (webhooksForPath.length > 1) {
+        logger.warn(`[${requestId}] Auth failed for webhook ${foundWebhook.id}, continuing to next`)
+        continue
+      }
+      return authError
+    }
 
-  const authError = await verifyProviderAuth(
-    foundWebhook,
-    foundWorkflow,
-    request,
-    rawBody,
-    requestId
-  )
-  if (authError) {
-    return authError
-  }
+    const reachabilityResponse = handleProviderReachabilityTest(foundWebhook, body, requestId)
+    if (reachabilityResponse) {
+      // Reachability test should return immediately for the first webhook
+      return reachabilityResponse
+    }
 
-  const reachabilityResponse = handleProviderReachabilityTest(foundWebhook, body, requestId)
-  if (reachabilityResponse) {
-    return reachabilityResponse
-  }
+    let preprocessError: NextResponse | null = null
+    try {
+      preprocessError = await checkWebhookPreprocessing(foundWorkflow, foundWebhook, requestId)
+      if (preprocessError) {
+        if (webhooksForPath.length > 1) {
+          logger.warn(
+            `[${requestId}] Preprocessing failed for webhook ${foundWebhook.id}, continuing to next`
+          )
+          continue
+        }
+        return preprocessError
+      }
+    } catch (error) {
+      logger.error(`[${requestId}] Unexpected error during webhook preprocessing`, {
+        error: error instanceof Error ? error.message : String(error),
+        stack: error instanceof Error ? error.stack : undefined,
+        webhookId: foundWebhook.id,
+        workflowId: foundWorkflow.id,
+      })
 
-  let preprocessError: NextResponse | null = null
-  try {
-    preprocessError = await checkWebhookPreprocessing(foundWorkflow, foundWebhook, requestId)
-    if (preprocessError) {
-      return preprocessError
-    }
-  } catch (error) {
-    logger.error(`[${requestId}] Unexpected error during webhook preprocessing`, {
-      error: error instanceof Error ? error.message : String(error),
-      stack: error instanceof Error ? error.stack : undefined,
-      webhookId: foundWebhook.id,
-      workflowId: foundWorkflow.id,
-    })
+      if (webhooksForPath.length > 1) {
+        continue
+      }
 
-    if (foundWebhook.provider === 'microsoft-teams') {
-      return NextResponse.json(
-        {
-          type: 'message',
-          text: 'An unexpected error occurred during preprocessing',
-        },
-        { status: 500 }
+      return formatProviderErrorResponse(
+        foundWebhook,
+        'An unexpected error occurred during preprocessing',
+        500
       )
     }
 
-    return NextResponse.json(
-      { error: 'An unexpected error occurred during preprocessing' },
-      { status: 500 }
-    )
-  }
+    if (foundWebhook.blockId) {
+      const blockExists = await blockExistsInDeployment(foundWorkflow.id, foundWebhook.blockId)
+      if (!blockExists) {
+        const preDeploymentResponse = handlePreDeploymentVerification(foundWebhook, requestId)
+        if (preDeploymentResponse) {
+          return preDeploymentResponse
+        }
 
-  if (foundWebhook.blockId) {
-    const blockExists = await blockExistsInDeployment(foundWorkflow.id, foundWebhook.blockId)
-    if (!blockExists) {
-      // For Grain, if block doesn't exist in deployment, treat as verification request
-      // Grain validates webhook URLs during creation, and the block may not be deployed yet
-      if (foundWebhook.provider === 'grain') {
         logger.info(
-          `[${requestId}] Grain webhook verification - block not in deployment, returning 200 OK`
+          `[${requestId}] Trigger block ${foundWebhook.blockId} not found in deployment for workflow ${foundWorkflow.id}`
         )
-        return NextResponse.json({ status: 'ok', message: 'Webhook endpoint verified' })
+        if (webhooksForPath.length > 1) {
+          continue
+        }
+        return new NextResponse('Trigger block not found in deployment', { status: 404 })
       }
+    }
 
-      logger.info(
-        `[${requestId}] Trigger block ${foundWebhook.blockId} not found in deployment for workflow ${foundWorkflow.id}`
-      )
-      return new NextResponse('Trigger block not found in deployment', { status: 404 })
+    if (shouldSkipWebhookEvent(foundWebhook, body, requestId)) {
+      continue
     }
-  }
 
-  if (foundWebhook.provider === 'stripe') {
-    const providerConfig = (foundWebhook.providerConfig as Record<string, any>) || {}
-    const eventTypes = providerConfig.eventTypes
+    const response = await queueWebhookExecution(foundWebhook, foundWorkflow, body, request, {
+      requestId,
+      path,
+      testMode: false,
+      executionTarget: 'deployed',
+    })
+    responses.push(response)
+  }
 
-    if (eventTypes && Array.isArray(eventTypes) && eventTypes.length > 0) {
-      const eventType = body?.type
+  // Return the last successful response, or a combined response for multiple webhooks
+  if (responses.length === 0) {
+    return new NextResponse('No webhooks processed successfully', { status: 500 })
+  }
 
-      if (eventType && !eventTypes.includes(eventType)) {
-        logger.info(
-          `[${requestId}] Stripe event type '${eventType}' not in allowed list, skipping execution`
-        )
-        return new NextResponse('Event type filtered', { status: 200 })
-      }
-    }
+  if (responses.length === 1) {
+    return responses[0]
   }
 
-  return queueWebhookExecution(foundWebhook, foundWorkflow, body, request, {
-    requestId,
-    path,
-    testMode: false,
-    executionTarget: 'deployed',
+  // For multiple webhooks, return success if at least one succeeded
+  logger.info(
+    `[${requestId}] Processed ${responses.length} webhooks for path: ${path} (credential set fan-out)`
+  )
+  return NextResponse.json({
+    success: true,
+    webhooksProcessed: responses.length,
   })
 }
diff --git a/apps/sim/app/api/workflows/[id]/deploy/route.ts b/apps/sim/app/api/workflows/[id]/deploy/route.ts
index 09fc458f9b..1ba7647955 100644
--- a/apps/sim/app/api/workflows/[id]/deploy/route.ts
+++ b/apps/sim/app/api/workflows/[id]/deploy/route.ts
@@ -217,10 +217,8 @@ export async function DELETE(
     logger.info(`[${requestId}] Workflow undeployed successfully: ${id}`)
 
     try {
-      const { trackPlatformEvent } = await import('@/lib/core/telemetry')
-      trackPlatformEvent('platform.workflow.undeployed', {
-        'workflow.id': id,
-      })
+      const { PlatformEvents } = await import('@/lib/core/telemetry')
+      PlatformEvents.workflowUndeployed({ workflowId: id })
     } catch (_e) {
       // Silently fail
     }
diff --git a/apps/sim/app/api/workflows/[id]/duplicate/route.ts b/apps/sim/app/api/workflows/[id]/duplicate/route.ts
index 41ce249d0c..935dc4ed0f 100644
--- a/apps/sim/app/api/workflows/[id]/duplicate/route.ts
+++ b/apps/sim/app/api/workflows/[id]/duplicate/route.ts
@@ -2,6 +2,7 @@ import { createLogger } from '@sim/logger'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
+import { PlatformEvents } from '@/lib/core/telemetry'
 import { generateRequestId } from '@/lib/core/utils/request'
 import { duplicateWorkflow } from '@/lib/workflows/persistence/duplicate'
 
@@ -46,6 +47,16 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
       requestId,
     })
 
+    try {
+      PlatformEvents.workflowDuplicated({
+        sourceWorkflowId,
+        newWorkflowId: result.id,
+        workspaceId,
+      })
+    } catch {
+      // Telemetry should not fail the operation
+    }
+
     const elapsed = Date.now() - startTime
     logger.info(
       `[${requestId}] Successfully duplicated workflow ${sourceWorkflowId} to ${result.id} in ${elapsed}ms`
diff --git a/apps/sim/app/api/workflows/[id]/route.ts b/apps/sim/app/api/workflows/[id]/route.ts
index 92a19d41c7..968593e94f 100644
--- a/apps/sim/app/api/workflows/[id]/route.ts
+++ b/apps/sim/app/api/workflows/[id]/route.ts
@@ -8,6 +8,7 @@ import { authenticateApiKeyFromHeader, updateApiKeyLastUsed } from '@/lib/api-ke
 import { getSession } from '@/lib/auth'
 import { verifyInternalToken } from '@/lib/auth/internal'
 import { env } from '@/lib/core/config/env'
+import { PlatformEvents } from '@/lib/core/telemetry'
 import { generateRequestId } from '@/lib/core/utils/request'
 import { loadWorkflowFromNormalizedTables } from '@/lib/workflows/persistence/utils'
 import { getWorkflowAccessContext, getWorkflowById } from '@/lib/workflows/utils'
@@ -335,6 +336,15 @@ export async function DELETE(
 
     await db.delete(workflow).where(eq(workflow.id, workflowId))
 
+    try {
+      PlatformEvents.workflowDeleted({
+        workflowId,
+        workspaceId: workflowData.workspaceId || undefined,
+      })
+    } catch {
+      // Telemetry should not fail the operation
+    }
+
     const elapsed = Date.now() - startTime
     logger.info(`[${requestId}] Successfully deleted workflow ${workflowId} in ${elapsed}ms`)
 
diff --git a/apps/sim/app/api/workflows/[id]/state/route.ts b/apps/sim/app/api/workflows/[id]/state/route.ts
index 43957ad95a..2cadeff341 100644
--- a/apps/sim/app/api/workflows/[id]/state/route.ts
+++ b/apps/sim/app/api/workflows/[id]/state/route.ts
@@ -317,6 +317,8 @@ interface WebhookMetadata {
   providerConfig: Record<string, any>
 }
 
+const CREDENTIAL_SET_PREFIX = 'credentialSet:'
+
 function buildWebhookMetadata(block: BlockState): WebhookMetadata | null {
   const triggerId =
     getSubBlockValue<string>(block, 'triggerId') ||
@@ -328,9 +330,17 @@ function buildWebhookMetadata(block: BlockState): WebhookMetadata | null {
   const triggerDef = triggerId ? getTrigger(triggerId) : undefined
   const provider = triggerDef?.provider || null
 
+  // Handle credential sets vs individual credentials
+  const isCredentialSet = triggerCredentials?.startsWith(CREDENTIAL_SET_PREFIX)
+  const credentialSetId = isCredentialSet
+    ? triggerCredentials!.slice(CREDENTIAL_SET_PREFIX.length)
+    : undefined
+  const credentialId = isCredentialSet ? undefined : triggerCredentials
+
   const providerConfig = {
     ...(typeof triggerConfig === 'object' ? triggerConfig : {}),
-    ...(triggerCredentials ? { credentialId: triggerCredentials } : {}),
+    ...(credentialId ? { credentialId } : {}),
+    ...(credentialSetId ? { credentialSetId } : {}),
     ...(triggerId ? { triggerId } : {}),
   }
 
@@ -347,6 +357,54 @@ async function upsertWebhookRecord(
   webhookId: string,
   metadata: WebhookMetadata
 ): Promise<void> {
+  const providerConfig = metadata.providerConfig as Record<string, unknown>
+  const credentialSetId = providerConfig?.credentialSetId as string | undefined
+
+  // For credential sets, delegate to the sync function which handles fan-out
+  if (credentialSetId && metadata.provider) {
+    const { syncWebhooksForCredentialSet } = await import('@/lib/webhooks/utils.server')
+    const { getProviderIdFromServiceId } = await import('@/lib/oauth')
+
+    const oauthProviderId = getProviderIdFromServiceId(metadata.provider)
+    const requestId = crypto.randomUUID().slice(0, 8)
+
+    // Extract base config (without credential-specific fields)
+    const {
+      credentialId: _cId,
+      credentialSetId: _csId,
+      userId: _uId,
+      ...baseConfig
+    } = providerConfig
+
+    try {
+      await syncWebhooksForCredentialSet({
+        workflowId,
+        blockId: block.id,
+        provider: metadata.provider,
+        basePath: metadata.triggerPath,
+        credentialSetId,
+        oauthProviderId,
+        providerConfig: baseConfig as Record<string, any>,
+        requestId,
+      })
+
+      logger.info('Synced credential set webhooks during workflow save', {
+        workflowId,
+        blockId: block.id,
+        credentialSetId,
+      })
+    } catch (error) {
+      logger.error('Failed to sync credential set webhooks during workflow save', {
+        workflowId,
+        blockId: block.id,
+        credentialSetId,
+        error,
+      })
+    }
+    return
+  }
+
+  // For individual credentials, use the existing single webhook logic
   const [existing] = await db.select().from(webhook).where(eq(webhook.id, webhookId)).limit(1)
 
   if (existing) {
@@ -381,6 +439,7 @@ async function upsertWebhookRecord(
     path: metadata.triggerPath,
     provider: metadata.provider,
     providerConfig: metadata.providerConfig,
+    credentialSetId: null,
     isActive: true,
     createdAt: new Date(),
     updatedAt: new Date(),
diff --git a/apps/sim/app/api/workflows/route.ts b/apps/sim/app/api/workflows/route.ts
index 4ff9d99acc..7c905ab7e6 100644
--- a/apps/sim/app/api/workflows/route.ts
+++ b/apps/sim/app/api/workflows/route.ts
@@ -119,12 +119,12 @@ export async function POST(req: NextRequest) {
     logger.info(`[${requestId}] Creating workflow ${workflowId} for user ${session.user.id}`)
 
     import('@/lib/core/telemetry')
-      .then(({ trackPlatformEvent }) => {
-        trackPlatformEvent('platform.workflow.created', {
-          'workflow.id': workflowId,
-          'workflow.name': name,
-          'workflow.has_workspace': !!workspaceId,
-          'workflow.has_folder': !!folderId,
+      .then(({ PlatformEvents }) => {
+        PlatformEvents.workflowCreated({
+          workflowId,
+          name,
+          workspaceId: workspaceId || undefined,
+          folderId: folderId || undefined,
         })
       })
       .catch(() => {
diff --git a/apps/sim/app/api/workspaces/[id]/api-keys/route.ts b/apps/sim/app/api/workspaces/[id]/api-keys/route.ts
index 0944b15fe2..1232272366 100644
--- a/apps/sim/app/api/workspaces/[id]/api-keys/route.ts
+++ b/apps/sim/app/api/workspaces/[id]/api-keys/route.ts
@@ -7,6 +7,7 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { createApiKey, getApiKeyDisplayFormat } from '@/lib/api-key/auth'
 import { getSession } from '@/lib/auth'
+import { PlatformEvents } from '@/lib/core/telemetry'
 import { generateRequestId } from '@/lib/core/utils/request'
 import { getUserEntityPermissions } from '@/lib/workspaces/permissions/utils'
 
@@ -147,6 +148,15 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
         createdAt: apiKey.createdAt,
       })
 
+    try {
+      PlatformEvents.apiKeyGenerated({
+        userId: userId,
+        keyName: name,
+      })
+    } catch {
+      // Telemetry should not fail the operation
+    }
+
     logger.info(`[${requestId}] Created workspace API key: ${name} in workspace ${workspaceId}`)
 
     return NextResponse.json({
@@ -198,6 +208,17 @@ export async function DELETE(
         )
       )
 
+    try {
+      for (const keyId of keys) {
+        PlatformEvents.apiKeyRevoked({
+          userId: userId,
+          keyId: keyId,
+        })
+      }
+    } catch {
+      // Telemetry should not fail the operation
+    }
+
     logger.info(
       `[${requestId}] Deleted ${deletedCount} workspace API keys from workspace ${workspaceId}`
     )
diff --git a/apps/sim/app/api/workspaces/[id]/byok-keys/route.ts b/apps/sim/app/api/workspaces/[id]/byok-keys/route.ts
index 246cc6b245..84be273d12 100644
--- a/apps/sim/app/api/workspaces/[id]/byok-keys/route.ts
+++ b/apps/sim/app/api/workspaces/[id]/byok-keys/route.ts
@@ -6,6 +6,8 @@ import { nanoid } from 'nanoid'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
+import { isEnterpriseOrgAdminOrOwner } from '@/lib/billing/core/subscription'
+import { isHosted } from '@/lib/core/config/feature-flags'
 import { decryptSecret, encryptSecret } from '@/lib/core/security/encryption'
 import { generateRequestId } from '@/lib/core/utils/request'
 import { getUserEntityPermissions } from '@/lib/workspaces/permissions/utils'
@@ -56,6 +58,15 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
       return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
     }
 
+    let byokEnabled = true
+    if (isHosted) {
+      byokEnabled = await isEnterpriseOrgAdminOrOwner(userId)
+    }
+
+    if (!byokEnabled) {
+      return NextResponse.json({ keys: [], byokEnabled: false })
+    }
+
     const byokKeys = await db
       .select({
         id: workspaceBYOKKeys.id,
@@ -97,7 +108,7 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
       })
     )
 
-    return NextResponse.json({ keys: formattedKeys })
+    return NextResponse.json({ keys: formattedKeys, byokEnabled: true })
   } catch (error: unknown) {
     logger.error(`[${requestId}] BYOK keys GET error`, error)
     return NextResponse.json(
@@ -120,6 +131,20 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
 
     const userId = session.user.id
 
+    if (isHosted) {
+      const canManageBYOK = await isEnterpriseOrgAdminOrOwner(userId)
+      if (!canManageBYOK) {
+        logger.warn(`[${requestId}] User not authorized to manage BYOK keys`, { userId })
+        return NextResponse.json(
+          {
+            error:
+              'BYOK is an Enterprise-only feature. Only organization admins and owners can manage API keys.',
+          },
+          { status: 403 }
+        )
+      }
+    }
+
     const permission = await getUserEntityPermissions(userId, 'workspace', workspaceId)
     if (permission !== 'admin') {
       return NextResponse.json(
@@ -220,6 +245,20 @@ export async function DELETE(
 
     const userId = session.user.id
 
+    if (isHosted) {
+      const canManageBYOK = await isEnterpriseOrgAdminOrOwner(userId)
+      if (!canManageBYOK) {
+        logger.warn(`[${requestId}] User not authorized to manage BYOK keys`, { userId })
+        return NextResponse.json(
+          {
+            error:
+              'BYOK is an Enterprise-only feature. Only organization admins and owners can manage API keys.',
+          },
+          { status: 403 }
+        )
+      }
+    }
+
     const permission = await getUserEntityPermissions(userId, 'workspace', workspaceId)
     if (permission !== 'admin') {
       return NextResponse.json(
diff --git a/apps/sim/app/api/workspaces/invitations/route.ts b/apps/sim/app/api/workspaces/invitations/route.ts
index 19ee610878..06ad14d34d 100644
--- a/apps/sim/app/api/workspaces/invitations/route.ts
+++ b/apps/sim/app/api/workspaces/invitations/route.ts
@@ -14,6 +14,7 @@ import { and, eq, inArray } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { WorkspaceInvitationEmail } from '@/components/emails'
 import { getSession } from '@/lib/auth'
+import { PlatformEvents } from '@/lib/core/telemetry'
 import { getBaseUrl } from '@/lib/core/utils/urls'
 import { sendEmail } from '@/lib/messaging/email/mailer'
 import { getFromEmailAddress } from '@/lib/messaging/email/utils'
@@ -81,7 +82,6 @@ export async function POST(req: NextRequest) {
       return NextResponse.json({ error: 'Workspace ID and email are required' }, { status: 400 })
     }
 
-    // Validate permission type
     const validPermissions: PermissionType[] = ['admin', 'write', 'read']
     if (!validPermissions.includes(permission)) {
       return NextResponse.json(
@@ -90,7 +90,6 @@ export async function POST(req: NextRequest) {
       )
     }
 
-    // Check if user has admin permissions for this workspace
     const userPermission = await db
       .select()
       .from(permissions)
@@ -111,7 +110,6 @@ export async function POST(req: NextRequest) {
       )
     }
 
-    // Get the workspace details for the email
     const workspaceDetails = await db
       .select()
       .from(workspace)
@@ -122,8 +120,6 @@ export async function POST(req: NextRequest) {
       return NextResponse.json({ error: 'Workspace not found' }, { status: 404 })
     }
 
-    // Check if the user is already a member
-    // First find if a user with this email exists
     const existingUser = await db
       .select()
       .from(user)
@@ -131,7 +127,6 @@ export async function POST(req: NextRequest) {
       .then((rows) => rows[0])
 
     if (existingUser) {
-      // Check if the user already has permissions for this workspace
       const existingPermission = await db
         .select()
         .from(permissions)
@@ -155,7 +150,6 @@ export async function POST(req: NextRequest) {
       }
     }
 
-    // Check if there's already a pending invitation
     const existingInvitation = await db
       .select()
       .from(workspaceInvitation)
@@ -178,12 +172,10 @@ export async function POST(req: NextRequest) {
       )
     }
 
-    // Generate a unique token and set expiry date (1 week from now)
     const token = randomUUID()
     const expiresAt = new Date()
     expiresAt.setDate(expiresAt.getDate() + 7) // 7 days expiry
 
-    // Create the invitation
     const invitationData = {
       id: randomUUID(),
       workspaceId,
@@ -198,10 +190,19 @@ export async function POST(req: NextRequest) {
       updatedAt: new Date(),
     }
 
-    // Create invitation
     await db.insert(workspaceInvitation).values(invitationData)
 
-    // Send the invitation email
+    try {
+      PlatformEvents.workspaceMemberInvited({
+        workspaceId,
+        invitedBy: session.user.id,
+        inviteeEmail: email,
+        role: permission,
+      })
+    } catch {
+      // Telemetry should not fail the operation
+    }
+
     await sendInvitationEmail({
       to: email,
       inviterName: session.user.name || session.user.email || 'A user',
@@ -217,7 +218,6 @@ export async function POST(req: NextRequest) {
   }
 }
 
-// Helper function to send invitation email using the Resend API
 async function sendInvitationEmail({
   to,
   inviterName,
@@ -233,7 +233,6 @@ async function sendInvitationEmail({
 }) {
   try {
     const baseUrl = getBaseUrl()
-    // Use invitation ID in path, token in query parameter for security
     const invitationLink = `${baseUrl}/invite/${invitationId}?token=${token}`
 
     const emailHtml = await render(
@@ -263,6 +262,5 @@ async function sendInvitationEmail({
     }
   } catch (error) {
     logger.error('Error sending invitation email:', error)
-    // Continue even if email fails - the invitation is still created
   }
 }
diff --git a/apps/sim/app/api/workspaces/route.ts b/apps/sim/app/api/workspaces/route.ts
index 6b8c36ba31..f9172d9c30 100644
--- a/apps/sim/app/api/workspaces/route.ts
+++ b/apps/sim/app/api/workspaces/route.ts
@@ -5,6 +5,7 @@ import { and, desc, eq, isNull } from 'drizzle-orm'
 import { NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
+import { PlatformEvents } from '@/lib/core/telemetry'
 import { buildDefaultWorkflowArtifacts } from '@/lib/workflows/defaults'
 import { saveWorkflowToNormalizedTables } from '@/lib/workflows/persistence/utils'
 
@@ -22,7 +23,6 @@ export async function GET() {
     return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
   }
 
-  // Get all workspaces where the user has permissions
   const userWorkspaces = await db
     .select({
       workspace: workspace,
@@ -34,19 +34,15 @@ export async function GET() {
     .orderBy(desc(workspace.createdAt))
 
   if (userWorkspaces.length === 0) {
-    // Create a default workspace for the user
     const defaultWorkspace = await createDefaultWorkspace(session.user.id, session.user.name)
 
-    // Migrate existing workflows to the default workspace
     await migrateExistingWorkflows(session.user.id, defaultWorkspace.id)
 
     return NextResponse.json({ workspaces: [defaultWorkspace] })
   }
 
-  // If user has workspaces but might have orphaned workflows, migrate them
   await ensureWorkflowsHaveWorkspace(session.user.id, userWorkspaces[0].workspace.id)
 
-  // Format the response with permission information
   const workspacesWithPermissions = userWorkspaces.map(
     ({ workspace: workspaceDetails, permissionType }) => ({
       ...workspaceDetails,
@@ -78,24 +74,19 @@ export async function POST(req: Request) {
   }
 }
 
-// Helper function to create a default workspace
 async function createDefaultWorkspace(userId: string, userName?: string | null) {
-  // Extract first name only by splitting on spaces and taking the first part
   const firstName = userName?.split(' ')[0] || null
   const workspaceName = firstName ? `${firstName}'s Workspace` : 'My Workspace'
   return createWorkspace(userId, workspaceName)
 }
 
-// Helper function to create a workspace
 async function createWorkspace(userId: string, name: string) {
   const workspaceId = crypto.randomUUID()
   const workflowId = crypto.randomUUID()
   const now = new Date()
 
-  // Create the workspace and initial workflow in a transaction
   try {
     await db.transaction(async (tx) => {
-      // Create the workspace
       await tx.insert(workspace).values({
         id: workspaceId,
         name,
@@ -135,8 +126,6 @@ async function createWorkspace(userId: string, name: string) {
         variables: {},
       })
 
-      // No blocks are inserted - empty canvas
-
       logger.info(
         `Created workspace ${workspaceId} with initial workflow ${workflowId} for user ${userId}`
       )
@@ -153,7 +142,16 @@ async function createWorkspace(userId: string, name: string) {
     throw error
   }
 
-  // Return the workspace data directly instead of querying again
+  try {
+    PlatformEvents.workspaceCreated({
+      workspaceId,
+      userId,
+      name,
+    })
+  } catch {
+    // Telemetry should not fail the operation
+  }
+
   return {
     id: workspaceId,
     name,
@@ -166,9 +164,7 @@ async function createWorkspace(userId: string, name: string) {
   }
 }
 
-// Helper function to migrate existing workflows to a workspace
 async function migrateExistingWorkflows(userId: string, workspaceId: string) {
-  // Find all workflows that have no workspace ID
   const orphanedWorkflows = await db
     .select({ id: workflow.id })
     .from(workflow)
@@ -182,7 +178,6 @@ async function migrateExistingWorkflows(userId: string, workspaceId: string) {
     `Migrating ${orphanedWorkflows.length} workflows to workspace ${workspaceId} for user ${userId}`
   )
 
-  // Bulk update all orphaned workflows at once
   await db
     .update(workflow)
     .set({
@@ -192,16 +187,13 @@ async function migrateExistingWorkflows(userId: string, workspaceId: string) {
     .where(and(eq(workflow.userId, userId), isNull(workflow.workspaceId)))
 }
 
-// Helper function to ensure all workflows have a workspace
 async function ensureWorkflowsHaveWorkspace(userId: string, defaultWorkspaceId: string) {
-  // First check if there are any orphaned workflows
   const orphanedWorkflows = await db
     .select()
     .from(workflow)
     .where(and(eq(workflow.userId, userId), isNull(workflow.workspaceId)))
 
   if (orphanedWorkflows.length > 0) {
-    // Directly update any workflows that don't have a workspace ID in a single query
     await db
       .update(workflow)
       .set({
diff --git a/apps/sim/app/chat/[identifier]/chat.tsx b/apps/sim/app/chat/[identifier]/chat.tsx
index 0a39af6657..0a43ea1849 100644
--- a/apps/sim/app/chat/[identifier]/chat.tsx
+++ b/apps/sim/app/chat/[identifier]/chat.tsx
@@ -175,7 +175,6 @@ export default function ChatClient({ identifier }: { identifier: string }) {
       const distanceFromBottom = scrollHeight - scrollTop - clientHeight
       setShowScrollButton(distanceFromBottom > 100)
 
-      // Track if user is manually scrolling during streaming
       if (isStreamingResponse && !isUserScrollingRef.current) {
         setUserHasScrolled(true)
       }
@@ -191,13 +190,10 @@ export default function ChatClient({ identifier }: { identifier: string }) {
     return () => container.removeEventListener('scroll', handleScroll)
   }, [handleScroll])
 
-  // Reset user scroll tracking when streaming starts
   useEffect(() => {
     if (isStreamingResponse) {
-      // Reset userHasScrolled when streaming starts
       setUserHasScrolled(false)
 
-      // Give a small delay to distinguish between programmatic scroll and user scroll
       isUserScrollingRef.current = true
       setTimeout(() => {
         isUserScrollingRef.current = false
@@ -215,7 +211,6 @@ export default function ChatClient({ identifier }: { identifier: string }) {
       })
 
       if (!response.ok) {
-        // Check if auth is required
         if (response.status === 401) {
           const errorData = await response.json()
 
@@ -236,7 +231,6 @@ export default function ChatClient({ identifier }: { identifier: string }) {
         throw new Error(`Failed to load chat configuration: ${response.status}`)
       }
 
-      // Reset auth required state when authentication is successful
       setAuthRequired(null)
 
       const data = await response.json()
@@ -260,7 +254,6 @@ export default function ChatClient({ identifier }: { identifier: string }) {
     }
   }
 
-  // Fetch chat config on mount and generate new conversation ID
   useEffect(() => {
     fetchChatConfig()
     setConversationId(uuidv4())
@@ -285,7 +278,6 @@ export default function ChatClient({ identifier }: { identifier: string }) {
     }, 800)
   }
 
-  // Handle sending a message
   const handleSendMessage = async (
     messageParam?: string,
     isVoiceInput = false,
@@ -308,7 +300,6 @@ export default function ChatClient({ identifier }: { identifier: string }) {
       filesCount: files?.length,
     })
 
-    // Reset userHasScrolled when sending a new message
     setUserHasScrolled(false)
 
     const userMessage: ChatMessage = {
@@ -325,24 +316,20 @@ export default function ChatClient({ identifier }: { identifier: string }) {
       })),
     }
 
-    // Add the user's message to the chat
     setMessages((prev) => [...prev, userMessage])
     setInputValue('')
     setIsLoading(true)
 
-    // Scroll to show only the user's message and loading indicator
     setTimeout(() => {
       scrollToMessage(userMessage.id, true)
     }, 100)
 
-    // Create abort controller for request cancellation
     const abortController = new AbortController()
     const timeoutId = setTimeout(() => {
       abortController.abort()
     }, CHAT_REQUEST_TIMEOUT_MS)
 
     try {
-      // Send structured payload to maintain chat context
       const payload: any = {
         input:
           typeof userMessage.content === 'string'
@@ -351,7 +338,6 @@ export default function ChatClient({ identifier }: { identifier: string }) {
         conversationId,
       }
 
-      // Add files if present (convert to base64 for JSON transmission)
       if (files && files.length > 0) {
         payload.files = await Promise.all(
           files.map(async (file) => ({
@@ -379,7 +365,6 @@ export default function ChatClient({ identifier }: { identifier: string }) {
         signal: abortController.signal,
       })
 
-      // Clear timeout since request succeeded
       clearTimeout(timeoutId)
 
       if (!response.ok) {
@@ -392,7 +377,6 @@ export default function ChatClient({ identifier }: { identifier: string }) {
         throw new Error('Response body is missing')
       }
 
-      // Use the streaming hook with audio support
       const shouldPlayAudio = isVoiceInput || isVoiceFirstMode
       const audioHandler = shouldPlayAudio
         ? createAudioStreamHandler(
@@ -421,7 +405,6 @@ export default function ChatClient({ identifier }: { identifier: string }) {
         }
       )
     } catch (error: any) {
-      // Clear timeout in case of error
       clearTimeout(timeoutId)
 
       if (error.name === 'AbortError') {
@@ -442,7 +425,6 @@ export default function ChatClient({ identifier }: { identifier: string }) {
     }
   }
 
-  // Stop audio when component unmounts or when streaming is stopped
   useEffect(() => {
     return () => {
       stopAudio()
@@ -452,28 +434,23 @@ export default function ChatClient({ identifier }: { identifier: string }) {
     }
   }, [stopAudio])
 
-  // Voice interruption - stop audio when user starts speaking
   const handleVoiceInterruption = useCallback(() => {
     stopAudio()
 
-    // Stop any ongoing streaming response
     if (isStreamingResponse) {
       stopStreaming(setMessages)
     }
   }, [isStreamingResponse, stopStreaming, setMessages, stopAudio])
 
-  // Handle voice mode activation
   const handleVoiceStart = useCallback(() => {
     setIsVoiceFirstMode(true)
   }, [])
 
-  // Handle exiting voice mode
   const handleExitVoiceMode = useCallback(() => {
     setIsVoiceFirstMode(false)
-    stopAudio() // Stop any playing audio when exiting
+    stopAudio()
   }, [stopAudio])
 
-  // Handle voice transcript from voice-first interface
   const handleVoiceTranscript = useCallback(
     (transcript: string) => {
       logger.info('Received voice transcript:', transcript)
@@ -482,14 +459,11 @@ export default function ChatClient({ identifier }: { identifier: string }) {
     [handleSendMessage]
   )
 
-  // If error, show error message using the extracted component
   if (error) {
     return <ChatErrorState error={error} starCount={starCount} />
   }
 
-  // If authentication is required, use the extracted components
   if (authRequired) {
-    // Get title and description from the URL params or use defaults
     const title = new URLSearchParams(window.location.search).get('title') || 'chat'
     const primaryColor =
       new URLSearchParams(window.location.search).get('color') || 'var(--brand-primary-hover-hex)'
@@ -526,12 +500,10 @@ export default function ChatClient({ identifier }: { identifier: string }) {
     }
   }
 
-  // Loading state while fetching config using the extracted component
   if (!chatConfig) {
     return <ChatLoadingState />
   }
 
-  // Voice-first mode interface
   if (isVoiceFirstMode) {
     return (
       <VoiceInterface
@@ -551,7 +523,6 @@ export default function ChatClient({ identifier }: { identifier: string }) {
     )
   }
 
-  // Standard text-based chat interface
   return (
     <div className='fixed inset-0 z-[100] flex flex-col bg-white text-foreground'>
       {/* Header component */}
diff --git a/apps/sim/app/credential-account/[token]/page.tsx b/apps/sim/app/credential-account/[token]/page.tsx
new file mode 100644
index 0000000000..4bddd16265
--- /dev/null
+++ b/apps/sim/app/credential-account/[token]/page.tsx
@@ -0,0 +1,269 @@
+'use client'
+
+import { useCallback, useEffect, useState } from 'react'
+import { Mail } from 'lucide-react'
+import { useParams, useRouter } from 'next/navigation'
+import { GmailIcon, OutlookIcon } from '@/components/icons'
+import { client, useSession } from '@/lib/auth/auth-client'
+import { getProviderDisplayName, isPollingProvider } from '@/lib/credential-sets/providers'
+import { InviteLayout, InviteStatusCard } from '@/app/invite/components'
+
+interface InvitationInfo {
+  credentialSetName: string
+  organizationName: string
+  providerId: string | null
+  email: string | null
+}
+
+type AcceptedState = 'connecting' | 'already-connected'
+
+export default function CredentialAccountInvitePage() {
+  const params = useParams()
+  const router = useRouter()
+  const token = params.token as string
+
+  const { data: session, isPending: sessionLoading } = useSession()
+
+  const [invitation, setInvitation] = useState<InvitationInfo | null>(null)
+  const [loading, setLoading] = useState(true)
+  const [error, setError] = useState<string | null>(null)
+  const [accepting, setAccepting] = useState(false)
+  const [acceptedState, setAcceptedState] = useState<AcceptedState | null>(null)
+
+  useEffect(() => {
+    async function fetchInvitation() {
+      try {
+        const res = await fetch(`/api/credential-sets/invite/${token}`)
+        if (!res.ok) {
+          const data = await res.json()
+          setError(data.error || 'Failed to load invitation')
+          return
+        }
+        const data = await res.json()
+        setInvitation(data.invitation)
+      } catch {
+        setError('Failed to load invitation')
+      } finally {
+        setLoading(false)
+      }
+    }
+
+    fetchInvitation()
+  }, [token])
+
+  const handleAccept = useCallback(async () => {
+    if (!session?.user?.id) {
+      // Include invite_flow=true so the login page preserves callbackUrl when linking to signup
+      const callbackUrl = encodeURIComponent(`/credential-account/${token}`)
+      router.push(`/login?invite_flow=true&callbackUrl=${callbackUrl}`)
+      return
+    }
+
+    setAccepting(true)
+    try {
+      const res = await fetch(`/api/credential-sets/invite/${token}`, {
+        method: 'POST',
+      })
+
+      if (!res.ok) {
+        const data = await res.json()
+        setError(data.error || 'Failed to accept invitation')
+        return
+      }
+
+      const data = await res.json()
+      const credentialSetProviderId = data.providerId || invitation?.providerId
+
+      // Check if user already has this provider connected
+      let isAlreadyConnected = false
+      if (credentialSetProviderId && isPollingProvider(credentialSetProviderId)) {
+        try {
+          const connectionsRes = await fetch('/api/auth/oauth/connections')
+          if (connectionsRes.ok) {
+            const connectionsData = await connectionsRes.json()
+            const connections = connectionsData.connections || []
+            isAlreadyConnected = connections.some(
+              (conn: { provider: string; accounts?: { id: string }[] }) =>
+                conn.provider === credentialSetProviderId &&
+                conn.accounts &&
+                conn.accounts.length > 0
+            )
+          }
+        } catch {
+          // If we can't check connections, proceed with OAuth flow
+        }
+      }
+
+      if (isAlreadyConnected) {
+        // Already connected - redirect to workspace
+        setAcceptedState('already-connected')
+        setTimeout(() => {
+          router.push('/workspace')
+        }, 2000)
+      } else if (credentialSetProviderId && isPollingProvider(credentialSetProviderId)) {
+        // Not connected - start OAuth flow
+        setAcceptedState('connecting')
+
+        // Small delay to show success message before redirect
+        setTimeout(async () => {
+          try {
+            await client.oauth2.link({
+              providerId: credentialSetProviderId,
+              callbackURL: `${window.location.origin}/workspace`,
+            })
+          } catch (oauthError) {
+            // OAuth redirect will happen, this catch is for any pre-redirect errors
+            console.error('OAuth initiation error:', oauthError)
+            // If OAuth fails, redirect to workspace where they can connect manually
+            router.push('/workspace')
+          }
+        }, 1500)
+      } else {
+        // No provider specified - just redirect to workspace
+        router.push('/workspace')
+      }
+    } catch {
+      setError('Failed to accept invitation')
+    } finally {
+      setAccepting(false)
+    }
+  }, [session?.user?.id, token, router, invitation?.providerId])
+
+  const providerName = invitation?.providerId
+    ? getProviderDisplayName(invitation.providerId)
+    : 'email'
+
+  const ProviderIcon =
+    invitation?.providerId === 'outlook'
+      ? OutlookIcon
+      : invitation?.providerId === 'google-email'
+        ? GmailIcon
+        : Mail
+
+  const providerWithIcon = (
+    <span className='inline-flex items-baseline gap-1'>
+      <ProviderIcon className='inline-block h-4 w-4 translate-y-[2px]' />
+      {providerName}
+    </span>
+  )
+
+  const getCallbackUrl = () => `/credential-account/${token}`
+
+  if (loading || sessionLoading) {
+    return (
+      <InviteLayout>
+        <InviteStatusCard type='loading' title='' description='Loading invitation...' />
+      </InviteLayout>
+    )
+  }
+
+  if (error) {
+    return (
+      <InviteLayout>
+        <InviteStatusCard
+          type='error'
+          title='Unable to load invitation'
+          description={error}
+          icon='error'
+          actions={[
+            {
+              label: 'Return to Home',
+              onClick: () => router.push('/'),
+            },
+          ]}
+        />
+      </InviteLayout>
+    )
+  }
+
+  if (acceptedState === 'already-connected') {
+    return (
+      <InviteLayout>
+        <InviteStatusCard
+          type='success'
+          title="You're all set!"
+          description={`You've joined ${invitation?.credentialSetName}. Your ${providerName} account is already connected. Redirecting to workspace...`}
+          icon='success'
+        />
+      </InviteLayout>
+    )
+  }
+
+  if (acceptedState === 'connecting') {
+    return (
+      <InviteLayout>
+        <InviteStatusCard
+          type='loading'
+          title={`Connecting to ${providerName}...`}
+          description={`You've joined ${invitation?.credentialSetName}. You'll be redirected to connect your ${providerName} account.`}
+        />
+      </InviteLayout>
+    )
+  }
+
+  // Not logged in
+  if (!session?.user) {
+    const callbackUrl = encodeURIComponent(getCallbackUrl())
+
+    return (
+      <InviteLayout>
+        <InviteStatusCard
+          type='login'
+          title='Join Email Polling Group'
+          description={`You've been invited to join ${invitation?.credentialSetName} by ${invitation?.organizationName}. Sign in or create an account to accept this invitation.`}
+          icon='mail'
+          actions={[
+            {
+              label: 'Sign in',
+              onClick: () => router.push(`/login?callbackUrl=${callbackUrl}&invite_flow=true`),
+            },
+            {
+              label: 'Create an account',
+              onClick: () =>
+                router.push(`/signup?callbackUrl=${callbackUrl}&invite_flow=true&new=true`),
+              variant: 'outline' as const,
+            },
+            {
+              label: 'Return to Home',
+              onClick: () => router.push('/'),
+              variant: 'ghost' as const,
+            },
+          ]}
+        />
+      </InviteLayout>
+    )
+  }
+
+  // Logged in - show invitation
+  return (
+    <InviteLayout>
+      <InviteStatusCard
+        type='invitation'
+        title='Join Email Polling Group'
+        description={
+          <>
+            You've been invited to join {invitation?.credentialSetName} by{' '}
+            {invitation?.organizationName}.
+            {invitation?.providerId && (
+              <> You'll be asked to connect your {providerWithIcon} account after accepting.</>
+            )}
+          </>
+        }
+        icon='mail'
+        actions={[
+          {
+            label: `Accept & Connect ${providerName}`,
+            onClick: handleAccept,
+            disabled: accepting,
+            loading: accepting,
+          },
+          {
+            label: 'Return to Home',
+            onClick: () => router.push('/'),
+            variant: 'ghost' as const,
+          },
+        ]}
+      />
+    </InviteLayout>
+  )
+}
diff --git a/apps/sim/app/templates/[id]/template.tsx b/apps/sim/app/templates/[id]/template.tsx
index 55752a5531..fe26fd1558 100644
--- a/apps/sim/app/templates/[id]/template.tsx
+++ b/apps/sim/app/templates/[id]/template.tsx
@@ -36,7 +36,7 @@ import { useSession } from '@/lib/auth/auth-client'
 import { cn } from '@/lib/core/utils/cn'
 import { getBaseUrl } from '@/lib/core/utils/urls'
 import type { CredentialRequirement } from '@/lib/workflows/credentials/credential-extractor'
-import { WorkflowPreview } from '@/app/workspace/[workspaceId]/w/components/workflow-preview/workflow-preview'
+import { WorkflowPreview } from '@/app/workspace/[workspaceId]/w/components/preview'
 import { getBlock } from '@/blocks/registry'
 import { useStarTemplate, useTemplate } from '@/hooks/queries/templates'
 
diff --git a/apps/sim/app/templates/components/template-card.tsx b/apps/sim/app/templates/components/template-card.tsx
index 071d01b6e5..32daadfcf3 100644
--- a/apps/sim/app/templates/components/template-card.tsx
+++ b/apps/sim/app/templates/components/template-card.tsx
@@ -4,7 +4,7 @@ import { Star, User } from 'lucide-react'
 import { useParams, useRouter } from 'next/navigation'
 import { VerifiedBadge } from '@/components/ui/verified-badge'
 import { cn } from '@/lib/core/utils/cn'
-import { WorkflowPreview } from '@/app/workspace/[workspaceId]/w/components/workflow-preview/workflow-preview'
+import { WorkflowPreview } from '@/app/workspace/[workspaceId]/w/components/preview'
 import { getBlock } from '@/blocks/registry'
 import { useStarTemplate } from '@/hooks/queries/templates'
 import type { WorkflowState } from '@/stores/workflows/workflow/types'
diff --git a/apps/sim/app/workspace/[workspaceId]/logs/components/index.ts b/apps/sim/app/workspace/[workspaceId]/logs/components/index.ts
index cc6f091ed9..1a907cfd89 100644
--- a/apps/sim/app/workspace/[workspaceId]/logs/components/index.ts
+++ b/apps/sim/app/workspace/[workspaceId]/logs/components/index.ts
@@ -1,7 +1,7 @@
 export { Dashboard } from './dashboard'
 export { LogDetails } from './log-details'
+export { ExecutionSnapshot } from './log-details/components/execution-snapshot'
 export { FileCards } from './log-details/components/file-download'
-export { FrozenCanvas } from './log-details/components/frozen-canvas'
 export { TraceSpans } from './log-details/components/trace-spans'
 export { LogRowContextMenu } from './log-row-context-menu'
 export { LogsList } from './logs-list'
diff --git a/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/components/execution-snapshot/execution-snapshot.tsx b/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/components/execution-snapshot/execution-snapshot.tsx
new file mode 100644
index 0000000000..bfda572622
--- /dev/null
+++ b/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/components/execution-snapshot/execution-snapshot.tsx
@@ -0,0 +1,224 @@
+'use client'
+
+import { useEffect, useMemo, useState } from 'react'
+import { AlertCircle, Loader2 } from 'lucide-react'
+import { Modal, ModalBody, ModalContent, ModalHeader } from '@/components/emcn'
+import { redactApiKeys } from '@/lib/core/security/redaction'
+import { cn } from '@/lib/core/utils/cn'
+import {
+  BlockDetailsSidebar,
+  WorkflowPreview,
+} from '@/app/workspace/[workspaceId]/w/components/preview'
+import { useExecutionSnapshot } from '@/hooks/queries/logs'
+import type { WorkflowState } from '@/stores/workflows/workflow/types'
+
+interface TraceSpan {
+  blockId?: string
+  input?: unknown
+  output?: unknown
+  status?: string
+  duration?: number
+  children?: TraceSpan[]
+}
+
+interface BlockExecutionData {
+  input: unknown
+  output: unknown
+  status: string
+  durationMs: number
+}
+
+interface MigratedWorkflowState extends WorkflowState {
+  _migrated: true
+  _note?: string
+}
+
+function isMigratedWorkflowState(state: WorkflowState): state is MigratedWorkflowState {
+  return (state as MigratedWorkflowState)._migrated === true
+}
+
+interface ExecutionSnapshotProps {
+  executionId: string
+  traceSpans?: TraceSpan[]
+  className?: string
+  height?: string | number
+  width?: string | number
+  isModal?: boolean
+  isOpen?: boolean
+  onClose?: () => void
+}
+
+export function ExecutionSnapshot({
+  executionId,
+  traceSpans,
+  className,
+  height = '100%',
+  width = '100%',
+  isModal = false,
+  isOpen = false,
+  onClose = () => {},
+}: ExecutionSnapshotProps) {
+  const { data, isLoading, error } = useExecutionSnapshot(executionId)
+  const [pinnedBlockId, setPinnedBlockId] = useState<string | null>(null)
+
+  const blockExecutions = useMemo(() => {
+    if (!traceSpans || !Array.isArray(traceSpans)) return {}
+
+    const blockExecutionMap: Record<string, BlockExecutionData> = {}
+
+    const collectBlockSpans = (spans: TraceSpan[]): TraceSpan[] => {
+      const blockSpans: TraceSpan[] = []
+
+      for (const span of spans) {
+        if (span.blockId) {
+          blockSpans.push(span)
+        }
+        if (span.children && Array.isArray(span.children)) {
+          blockSpans.push(...collectBlockSpans(span.children))
+        }
+      }
+
+      return blockSpans
+    }
+
+    const allBlockSpans = collectBlockSpans(traceSpans)
+
+    for (const span of allBlockSpans) {
+      if (span.blockId && !blockExecutionMap[span.blockId]) {
+        blockExecutionMap[span.blockId] = {
+          input: redactApiKeys(span.input || {}),
+          output: redactApiKeys(span.output || {}),
+          status: span.status || 'unknown',
+          durationMs: span.duration || 0,
+        }
+      }
+    }
+
+    return blockExecutionMap
+  }, [traceSpans])
+
+  useEffect(() => {
+    setPinnedBlockId(null)
+  }, [executionId])
+
+  const workflowState = data?.workflowState as WorkflowState | undefined
+
+  const renderContent = () => {
+    if (isLoading) {
+      return (
+        <div
+          className={cn('flex items-center justify-center', className)}
+          style={{ height, width }}
+        >
+          <div className='flex items-center gap-[8px] text-[var(--text-secondary)]'>
+            <Loader2 className='h-[16px] w-[16px] animate-spin' />
+            <span className='text-[13px]'>Loading execution snapshot...</span>
+          </div>
+        </div>
+      )
+    }
+
+    if (error) {
+      return (
+        <div
+          className={cn('flex items-center justify-center', className)}
+          style={{ height, width }}
+        >
+          <div className='flex items-center gap-[8px] text-[var(--text-error)]'>
+            <AlertCircle className='h-[16px] w-[16px]' />
+            <span className='text-[13px]'>Failed to load execution snapshot: {error.message}</span>
+          </div>
+        </div>
+      )
+    }
+
+    if (!data || !workflowState) {
+      return (
+        <div
+          className={cn('flex items-center justify-center', className)}
+          style={{ height, width }}
+        >
+          <div className='flex items-center gap-[8px] text-[var(--text-secondary)]'>
+            <Loader2 className='h-[16px] w-[16px] animate-spin' />
+            <span className='text-[13px]'>Loading execution snapshot...</span>
+          </div>
+        </div>
+      )
+    }
+
+    if (isMigratedWorkflowState(workflowState)) {
+      return (
+        <div
+          className={cn('flex flex-col items-center justify-center gap-[16px] p-[32px]', className)}
+          style={{ height, width }}
+        >
+          <div className='flex items-center gap-[12px] text-[var(--text-warning)]'>
+            <AlertCircle className='h-[20px] w-[20px]' />
+            <span className='font-medium text-[15px]'>Logged State Not Found</span>
+          </div>
+          <div className='max-w-md text-center text-[13px] text-[var(--text-secondary)]'>
+            This log was migrated from the old logging system. The workflow state at execution time
+            is not available.
+          </div>
+          <div className='text-[12px] text-[var(--text-tertiary)]'>Note: {workflowState._note}</div>
+        </div>
+      )
+    }
+
+    return (
+      <div
+        style={{ height, width }}
+        className={cn(
+          'flex overflow-hidden rounded-[4px] border border-[var(--border)]',
+          className
+        )}
+      >
+        <div className='h-full flex-1'>
+          <WorkflowPreview
+            workflowState={workflowState}
+            showSubBlocks={true}
+            isPannable={true}
+            defaultPosition={{ x: 0, y: 0 }}
+            defaultZoom={0.8}
+            onNodeClick={(blockId) => {
+              setPinnedBlockId((prev) => (prev === blockId ? null : blockId))
+            }}
+            cursorStyle='pointer'
+            executedBlocks={blockExecutions}
+          />
+        </div>
+        {pinnedBlockId && workflowState.blocks[pinnedBlockId] && (
+          <BlockDetailsSidebar
+            block={workflowState.blocks[pinnedBlockId]}
+            executionData={blockExecutions[pinnedBlockId]}
+            allBlockExecutions={blockExecutions}
+            workflowBlocks={workflowState.blocks}
+            isExecutionMode
+          />
+        )}
+      </div>
+    )
+  }
+
+  if (isModal) {
+    return (
+      <Modal
+        open={isOpen}
+        onOpenChange={(open) => {
+          if (!open) {
+            setPinnedBlockId(null)
+            onClose()
+          }
+        }}
+      >
+        <ModalContent size='full' className='flex h-[90vh] flex-col'>
+          <ModalHeader>Workflow State</ModalHeader>
+
+          <ModalBody className='!p-0 min-h-0 flex-1'>{renderContent()}</ModalBody>
+        </ModalContent>
+      </Modal>
+    )
+  }
+
+  return renderContent()
+}
diff --git a/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/components/execution-snapshot/index.ts b/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/components/execution-snapshot/index.ts
new file mode 100644
index 0000000000..a80bf4e337
--- /dev/null
+++ b/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/components/execution-snapshot/index.ts
@@ -0,0 +1 @@
+export { ExecutionSnapshot } from './execution-snapshot'
diff --git a/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/components/frozen-canvas/frozen-canvas.tsx b/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/components/frozen-canvas/frozen-canvas.tsx
deleted file mode 100644
index b48bf8b63c..0000000000
--- a/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/components/frozen-canvas/frozen-canvas.tsx
+++ /dev/null
@@ -1,657 +0,0 @@
-'use client'
-
-import { useEffect, useState } from 'react'
-import { createLogger } from '@sim/logger'
-import {
-  AlertCircle,
-  ChevronDown,
-  ChevronLeft,
-  ChevronRight,
-  ChevronUp,
-  Clock,
-  DollarSign,
-  Hash,
-  Loader2,
-  Maximize2,
-  X,
-  Zap,
-} from 'lucide-react'
-import { Badge, Modal, ModalBody, ModalContent, ModalHeader } from '@/components/emcn'
-import { Card, CardContent, CardHeader, CardTitle } from '@/components/ui/card'
-import { redactApiKeys } from '@/lib/core/security/redaction'
-import { cn } from '@/lib/core/utils/cn'
-import { WorkflowPreview } from '@/app/workspace/[workspaceId]/w/components/workflow-preview/workflow-preview'
-import type { WorkflowState } from '@/stores/workflows/workflow/types'
-
-const logger = createLogger('FrozenCanvas')
-
-function ExpandableDataSection({ title, data }: { title: string; data: any }) {
-  const [isExpanded, setIsExpanded] = useState(false)
-  const [isModalOpen, setIsModalOpen] = useState(false)
-
-  const jsonString = JSON.stringify(data, null, 2)
-  const isLargeData = jsonString.length > 500 || jsonString.split('\n').length > 10
-
-  return (
-    <>
-      <div>
-        <div className='mb-[6px] flex items-center justify-between'>
-          <h4 className='font-medium text-[13px] text-[var(--text-primary)]'>{title}</h4>
-          <div className='flex items-center gap-[4px]'>
-            {isLargeData && (
-              <button
-                onClick={() => setIsModalOpen(true)}
-                className='rounded-[4px] p-[4px] text-[var(--text-secondary)] transition-colors hover:bg-[var(--surface-3)] hover:text-[var(--text-primary)]'
-                title='Expand in modal'
-                type='button'
-              >
-                <Maximize2 className='h-[14px] w-[14px]' />
-              </button>
-            )}
-            <button
-              onClick={() => setIsExpanded(!isExpanded)}
-              className='rounded-[4px] p-[4px] text-[var(--text-secondary)] transition-colors hover:bg-[var(--surface-3)] hover:text-[var(--text-primary)]'
-              type='button'
-            >
-              {isExpanded ? (
-                <ChevronUp className='h-[14px] w-[14px]' />
-              ) : (
-                <ChevronDown className='h-[14px] w-[14px]' />
-              )}
-            </button>
-          </div>
-        </div>
-        <div
-          className={cn(
-            'overflow-y-auto rounded-[4px] border border-[var(--border)] bg-[var(--surface-3)] p-[12px] font-mono text-[12px] transition-all duration-200',
-            isExpanded ? 'max-h-96' : 'max-h-32'
-          )}
-        >
-          <pre className='whitespace-pre-wrap break-words text-[var(--text-primary)]'>
-            {jsonString}
-          </pre>
-        </div>
-      </div>
-
-      {isModalOpen && (
-        <div className='fixed inset-0 z-[200] flex items-center justify-center bg-black/50'>
-          <div className='mx-[16px] flex h-[80vh] w-full max-w-4xl flex-col overflow-hidden rounded-[8px] border border-[var(--border)] bg-[var(--surface-1)] shadow-lg'>
-            <div className='flex items-center justify-between border-[var(--border)] border-b p-[16px]'>
-              <h3 className='font-medium text-[15px] text-[var(--text-primary)]'>{title}</h3>
-              <button
-                onClick={() => setIsModalOpen(false)}
-                className='rounded-[4px] p-[4px] text-[var(--text-secondary)] transition-colors hover:bg-[var(--surface-3)] hover:text-[var(--text-primary)]'
-                type='button'
-              >
-                <X className='h-[16px] w-[16px]' />
-              </button>
-            </div>
-            <div className='flex-1 overflow-auto p-[16px]'>
-              <pre className='whitespace-pre-wrap break-words font-mono text-[13px] text-[var(--text-primary)]'>
-                {jsonString}
-              </pre>
-            </div>
-          </div>
-        </div>
-      )}
-    </>
-  )
-}
-
-function formatExecutionData(executionData: any) {
-  const {
-    inputData,
-    outputData,
-    cost,
-    tokens,
-    durationMs,
-    status,
-    blockName,
-    blockType,
-    errorMessage,
-    errorStackTrace,
-  } = executionData
-
-  return {
-    blockName: blockName || 'Unknown Block',
-    blockType: blockType || 'unknown',
-    status,
-    duration: durationMs ? `${durationMs}ms` : 'N/A',
-    input: redactApiKeys(inputData || {}),
-    output: redactApiKeys(outputData || {}),
-    errorMessage,
-    errorStackTrace,
-    cost: cost
-      ? {
-          input: cost.input || 0,
-          output: cost.output || 0,
-          total: cost.total || 0,
-        }
-      : null,
-    tokens: tokens
-      ? {
-          input: tokens.input || tokens.prompt || 0,
-          output: tokens.output || tokens.completion || 0,
-          total: tokens.total || 0,
-        }
-      : null,
-  }
-}
-
-function getCurrentIterationData(blockExecutionData: any) {
-  if (blockExecutionData.iterations && Array.isArray(blockExecutionData.iterations)) {
-    const currentIndex = blockExecutionData.currentIteration ?? 0
-    return {
-      executionData: blockExecutionData.iterations[currentIndex],
-      currentIteration: currentIndex,
-      totalIterations: blockExecutionData.totalIterations ?? blockExecutionData.iterations.length,
-      hasMultipleIterations: blockExecutionData.iterations.length > 1,
-    }
-  }
-
-  return {
-    executionData: blockExecutionData,
-    currentIteration: 0,
-    totalIterations: 1,
-    hasMultipleIterations: false,
-  }
-}
-
-function PinnedLogs({
-  executionData,
-  blockId,
-  workflowState,
-  onClose,
-}: {
-  executionData: any | null
-  blockId: string
-  workflowState: any
-  onClose: () => void
-}) {
-  const [currentIterationIndex, setCurrentIterationIndex] = useState(0)
-
-  useEffect(() => {
-    setCurrentIterationIndex(0)
-  }, [executionData])
-
-  if (!executionData) {
-    const blockInfo = workflowState?.blocks?.[blockId]
-    const formatted = {
-      blockName: blockInfo?.name || 'Unknown Block',
-      blockType: blockInfo?.type || 'unknown',
-      status: 'not_executed',
-    }
-
-    return (
-      <Card className='fixed top-[16px] right-[16px] z-[100] max-h-[calc(100vh-8rem)] w-96 overflow-y-auto rounded-[8px] border border-[var(--border)] bg-[var(--surface-1)] shadow-lg'>
-        <CardHeader className='pb-[12px]'>
-          <div className='flex items-center justify-between'>
-            <CardTitle className='flex items-center gap-[8px] text-[15px] text-[var(--text-primary)]'>
-              <Zap className='h-[16px] w-[16px]' />
-              {formatted.blockName}
-            </CardTitle>
-            <button
-              onClick={onClose}
-              className='rounded-[4px] p-[4px] text-[var(--text-secondary)] transition-colors hover:bg-[var(--surface-3)] hover:text-[var(--text-primary)]'
-              type='button'
-            >
-              <X className='h-[16px] w-[16px]' />
-            </button>
-          </div>
-          <div className='flex items-center gap-[8px]'>
-            <Badge variant='gray-secondary'>{formatted.blockType}</Badge>
-            <Badge variant='outline'>not executed</Badge>
-          </div>
-        </CardHeader>
-
-        <CardContent className='space-y-[16px]'>
-          <div className='rounded-[4px] border border-[var(--border)] bg-[var(--surface-3)] p-[16px] text-center'>
-            <div className='text-[13px] text-[var(--text-secondary)]'>
-              This block was not executed because the workflow failed before reaching it.
-            </div>
-          </div>
-        </CardContent>
-      </Card>
-    )
-  }
-
-  const iterationInfo = getCurrentIterationData({
-    ...executionData,
-    currentIteration: currentIterationIndex,
-  })
-
-  const formatted = formatExecutionData(iterationInfo.executionData)
-  const totalIterations = executionData.iterations?.length || 1
-
-  const goToPreviousIteration = () => {
-    if (currentIterationIndex > 0) {
-      setCurrentIterationIndex(currentIterationIndex - 1)
-    }
-  }
-
-  const goToNextIteration = () => {
-    if (currentIterationIndex < totalIterations - 1) {
-      setCurrentIterationIndex(currentIterationIndex + 1)
-    }
-  }
-
-  return (
-    <Card className='fixed top-[16px] right-[16px] z-[100] max-h-[calc(100vh-8rem)] w-96 overflow-y-auto rounded-[8px] border border-[var(--border)] bg-[var(--surface-1)] shadow-lg'>
-      <CardHeader className='pb-[12px]'>
-        <div className='flex items-center justify-between'>
-          <CardTitle className='flex items-center gap-[8px] text-[15px] text-[var(--text-primary)]'>
-            <Zap className='h-[16px] w-[16px]' />
-            {formatted.blockName}
-          </CardTitle>
-          <button
-            onClick={onClose}
-            className='rounded-[4px] p-[4px] text-[var(--text-secondary)] transition-colors hover:bg-[var(--surface-3)] hover:text-[var(--text-primary)]'
-            type='button'
-          >
-            <X className='h-[16px] w-[16px]' />
-          </button>
-        </div>
-        <div className='flex items-center justify-between'>
-          <div className='flex items-center gap-[8px]'>
-            <Badge variant={formatted.status === 'success' ? 'default' : 'red'}>
-              {formatted.blockType}
-            </Badge>
-            <Badge variant='outline'>{formatted.status}</Badge>
-          </div>
-
-          {iterationInfo.hasMultipleIterations && (
-            <div className='flex items-center gap-[4px]'>
-              <button
-                onClick={goToPreviousIteration}
-                disabled={currentIterationIndex === 0}
-                className='rounded-[4px] p-[4px] text-[var(--text-secondary)] transition-colors hover:bg-[var(--surface-3)] hover:text-[var(--text-primary)] disabled:cursor-not-allowed disabled:opacity-50'
-                type='button'
-              >
-                <ChevronLeft className='h-[14px] w-[14px]' />
-              </button>
-              <span className='px-[8px] text-[12px] text-[var(--text-tertiary)]'>
-                {iterationInfo.totalIterations !== undefined
-                  ? `${currentIterationIndex + 1} / ${iterationInfo.totalIterations}`
-                  : `${currentIterationIndex + 1}`}
-              </span>
-              <button
-                onClick={goToNextIteration}
-                disabled={currentIterationIndex === totalIterations - 1}
-                className='rounded-[4px] p-[4px] text-[var(--text-secondary)] transition-colors hover:bg-[var(--surface-3)] hover:text-[var(--text-primary)] disabled:cursor-not-allowed disabled:opacity-50'
-                type='button'
-              >
-                <ChevronRight className='h-[14px] w-[14px]' />
-              </button>
-            </div>
-          )}
-        </div>
-      </CardHeader>
-
-      <CardContent className='space-y-[16px]'>
-        <div className='grid grid-cols-2 gap-[12px]'>
-          <div className='flex items-center gap-[8px]'>
-            <Clock className='h-[14px] w-[14px] text-[var(--text-secondary)]' />
-            <span className='text-[13px] text-[var(--text-primary)]'>{formatted.duration}</span>
-          </div>
-
-          {formatted.cost && formatted.cost.total > 0 && (
-            <div className='flex items-center gap-[8px]'>
-              <DollarSign className='h-[14px] w-[14px] text-[var(--text-secondary)]' />
-              <span className='text-[13px] text-[var(--text-primary)]'>
-                ${formatted.cost.total.toFixed(5)}
-              </span>
-            </div>
-          )}
-
-          {formatted.tokens && formatted.tokens.total > 0 && (
-            <div className='flex items-center gap-[8px]'>
-              <Hash className='h-[14px] w-[14px] text-[var(--text-secondary)]' />
-              <span className='text-[13px] text-[var(--text-primary)]'>
-                {formatted.tokens.total} tokens
-              </span>
-            </div>
-          )}
-        </div>
-
-        <ExpandableDataSection title='Input' data={formatted.input} />
-
-        <ExpandableDataSection title='Output' data={formatted.output} />
-
-        {formatted.cost && formatted.cost.total > 0 && (
-          <div>
-            <h4 className='mb-[6px] font-medium text-[13px] text-[var(--text-primary)]'>
-              Cost Breakdown
-            </h4>
-            <div className='space-y-[4px] rounded-[4px] border border-[var(--border)] bg-[var(--surface-3)] p-[12px] text-[13px]'>
-              <div className='flex justify-between text-[var(--text-primary)]'>
-                <span>Input:</span>
-                <span>${formatted.cost.input.toFixed(5)}</span>
-              </div>
-              <div className='flex justify-between text-[var(--text-primary)]'>
-                <span>Output:</span>
-                <span>${formatted.cost.output.toFixed(5)}</span>
-              </div>
-              <div className='flex justify-between border-[var(--border)] border-t pt-[4px] font-medium text-[var(--text-primary)]'>
-                <span>Total:</span>
-                <span>${formatted.cost.total.toFixed(5)}</span>
-              </div>
-            </div>
-          </div>
-        )}
-
-        {formatted.tokens && formatted.tokens.total > 0 && (
-          <div>
-            <h4 className='mb-[6px] font-medium text-[13px] text-[var(--text-primary)]'>
-              Token Usage
-            </h4>
-            <div className='space-y-[4px] rounded-[4px] border border-[var(--border)] bg-[var(--surface-3)] p-[12px] text-[13px]'>
-              <div className='flex justify-between text-[var(--text-primary)]'>
-                <span>Input:</span>
-                <span>{formatted.tokens.input}</span>
-              </div>
-              <div className='flex justify-between text-[var(--text-primary)]'>
-                <span>Output:</span>
-                <span>{formatted.tokens.output}</span>
-              </div>
-              <div className='flex justify-between border-[var(--border)] border-t pt-[4px] font-medium text-[var(--text-primary)]'>
-                <span>Total:</span>
-                <span>{formatted.tokens.total}</span>
-              </div>
-            </div>
-          </div>
-        )}
-      </CardContent>
-    </Card>
-  )
-}
-
-interface FrozenCanvasData {
-  executionId: string
-  workflowId: string
-  workflowState: WorkflowState
-  executionMetadata: {
-    trigger: string
-    startedAt: string
-    endedAt?: string
-    totalDurationMs?: number
-
-    cost: {
-      total: number | null
-      input: number | null
-      output: number | null
-    }
-    totalTokens: number | null
-  }
-}
-
-interface FrozenCanvasProps {
-  executionId: string
-  traceSpans?: any[]
-  className?: string
-  height?: string | number
-  width?: string | number
-  isModal?: boolean
-  isOpen?: boolean
-  onClose?: () => void
-}
-
-export function FrozenCanvas({
-  executionId,
-  traceSpans,
-  className,
-  height = '100%',
-  width = '100%',
-  isModal = false,
-  isOpen = false,
-  onClose,
-}: FrozenCanvasProps) {
-  const [data, setData] = useState<FrozenCanvasData | null>(null)
-  const [blockExecutions, setBlockExecutions] = useState<Record<string, any>>({})
-  const [loading, setLoading] = useState(true)
-  const [error, setError] = useState<string | null>(null)
-
-  const [pinnedBlockId, setPinnedBlockId] = useState<string | null>(null)
-
-  // Process traceSpans to create blockExecutions map
-  useEffect(() => {
-    if (traceSpans && Array.isArray(traceSpans)) {
-      const blockExecutionMap: Record<string, any> = {}
-
-      logger.debug('Processing trace spans for frozen canvas:', { traceSpans })
-
-      // Recursively collect all spans with blockId from the trace spans tree
-      const collectBlockSpans = (spans: any[]): any[] => {
-        const blockSpans: any[] = []
-
-        for (const span of spans) {
-          // If this span has a blockId, it's a block execution
-          if (span.blockId) {
-            blockSpans.push(span)
-          }
-
-          // Recursively check children
-          if (span.children && Array.isArray(span.children)) {
-            blockSpans.push(...collectBlockSpans(span.children))
-          }
-        }
-
-        return blockSpans
-      }
-
-      const allBlockSpans = collectBlockSpans(traceSpans)
-      logger.debug('Collected all block spans:', allBlockSpans)
-
-      // Group spans by blockId
-      const traceSpansByBlockId = allBlockSpans.reduce((acc: any, span: any) => {
-        if (span.blockId) {
-          if (!acc[span.blockId]) {
-            acc[span.blockId] = []
-          }
-          acc[span.blockId].push(span)
-        }
-        return acc
-      }, {})
-
-      logger.debug('Grouped trace spans by blockId:', traceSpansByBlockId)
-
-      for (const [blockId, spans] of Object.entries(traceSpansByBlockId)) {
-        const spanArray = spans as any[]
-
-        const iterations = spanArray.map((span: any) => {
-          // Extract error information from span output if status is error
-          let errorMessage = null
-          let errorStackTrace = null
-
-          if (span.status === 'error' && span.output) {
-            // Error information can be in different formats in the output
-            if (typeof span.output === 'string') {
-              errorMessage = span.output
-            } else if (span.output.error) {
-              errorMessage = span.output.error
-              errorStackTrace = span.output.stackTrace || span.output.stack
-            } else if (span.output.message) {
-              errorMessage = span.output.message
-              errorStackTrace = span.output.stackTrace || span.output.stack
-            } else {
-              // Fallback: stringify the entire output for error cases
-              errorMessage = JSON.stringify(span.output)
-            }
-          }
-
-          return {
-            id: span.id,
-            blockId: span.blockId,
-            blockName: span.name,
-            blockType: span.type,
-            status: span.status,
-            startedAt: span.startTime,
-            endedAt: span.endTime,
-            durationMs: span.duration,
-            inputData: span.input,
-            outputData: span.output,
-            errorMessage,
-            errorStackTrace,
-            cost: span.cost || {
-              input: null,
-              output: null,
-              total: null,
-            },
-            tokens: span.tokens || {
-              input: null,
-              output: null,
-              total: null,
-            },
-            modelUsed: span.model || null,
-            metadata: {},
-          }
-        })
-
-        blockExecutionMap[blockId] = {
-          iterations,
-          currentIteration: 0,
-          totalIterations: iterations.length,
-        }
-      }
-
-      setBlockExecutions(blockExecutionMap)
-    }
-  }, [traceSpans])
-
-  useEffect(() => {
-    const fetchData = async () => {
-      try {
-        setLoading(true)
-        setError(null)
-
-        const response = await fetch(`/api/logs/execution/${executionId}`)
-        if (!response.ok) {
-          throw new Error(`Failed to fetch frozen canvas data: ${response.statusText}`)
-        }
-
-        const result = await response.json()
-        setData(result)
-        logger.debug(`Loaded frozen canvas data for execution: ${executionId}`)
-      } catch (err) {
-        const errorMessage = err instanceof Error ? err.message : 'Unknown error'
-        logger.error('Failed to fetch frozen canvas data:', err)
-        setError(errorMessage)
-      } finally {
-        setLoading(false)
-      }
-    }
-
-    fetchData()
-  }, [executionId])
-
-  const renderContent = () => {
-    if (loading) {
-      return (
-        <div
-          className={cn('flex items-center justify-center', className)}
-          style={{ height, width }}
-        >
-          <div className='flex items-center gap-[8px] text-[var(--text-secondary)]'>
-            <Loader2 className='h-[16px] w-[16px] animate-spin' />
-            <span className='text-[13px]'>Loading frozen canvas...</span>
-          </div>
-        </div>
-      )
-    }
-
-    if (error) {
-      return (
-        <div
-          className={cn('flex items-center justify-center', className)}
-          style={{ height, width }}
-        >
-          <div className='flex items-center gap-[8px] text-[var(--text-error)]'>
-            <AlertCircle className='h-[16px] w-[16px]' />
-            <span className='text-[13px]'>Failed to load frozen canvas: {error}</span>
-          </div>
-        </div>
-      )
-    }
-
-    if (!data) {
-      return (
-        <div
-          className={cn('flex items-center justify-center', className)}
-          style={{ height, width }}
-        >
-          <div className='text-[13px] text-[var(--text-secondary)]'>No data available</div>
-        </div>
-      )
-    }
-
-    const isMigratedLog = (data.workflowState as any)?._migrated === true
-    if (isMigratedLog) {
-      return (
-        <div
-          className={cn('flex flex-col items-center justify-center gap-[16px] p-[32px]', className)}
-          style={{ height, width }}
-        >
-          <div className='flex items-center gap-[12px] text-[var(--text-warning)]'>
-            <AlertCircle className='h-[20px] w-[20px]' />
-            <span className='font-medium text-[15px]'>Logged State Not Found</span>
-          </div>
-          <div className='max-w-md text-center text-[13px] text-[var(--text-secondary)]'>
-            This log was migrated from the old logging system. The workflow state at execution time
-            is not available.
-          </div>
-          <div className='text-[12px] text-[var(--text-tertiary)]'>
-            Note: {(data.workflowState as any)?._note}
-          </div>
-        </div>
-      )
-    }
-
-    return (
-      <>
-        <div
-          style={{ height, width }}
-          className={cn('frozen-canvas-mode h-full w-full', className)}
-        >
-          <WorkflowPreview
-            workflowState={data.workflowState}
-            showSubBlocks={true}
-            isPannable={true}
-            defaultPosition={{ x: 0, y: 0 }}
-            defaultZoom={0.8}
-            onNodeClick={(blockId) => {
-              setPinnedBlockId(blockId)
-            }}
-          />
-        </div>
-
-        {pinnedBlockId && (
-          <PinnedLogs
-            executionData={blockExecutions[pinnedBlockId] || null}
-            blockId={pinnedBlockId}
-            workflowState={data.workflowState}
-            onClose={() => setPinnedBlockId(null)}
-          />
-        )}
-      </>
-    )
-  }
-
-  if (isModal) {
-    return (
-      <Modal open={isOpen} onOpenChange={onClose}>
-        <ModalContent size='xl' className='flex h-[90vh] flex-col'>
-          <ModalHeader>Workflow State</ModalHeader>
-
-          <ModalBody className='min-h-0 flex-1'>
-            <div className='flex h-full flex-col'>
-              <div className='min-h-0 flex-1 overflow-hidden rounded-[4px] border border-[var(--border)]'>
-                {renderContent()}
-              </div>
-            </div>
-          </ModalBody>
-        </ModalContent>
-      </Modal>
-    )
-  }
-
-  return renderContent()
-}
diff --git a/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/components/frozen-canvas/index.ts b/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/components/frozen-canvas/index.ts
deleted file mode 100644
index 7e9eba695b..0000000000
--- a/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/components/frozen-canvas/index.ts
+++ /dev/null
@@ -1 +0,0 @@
-export { FrozenCanvas } from './frozen-canvas'
diff --git a/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/log-details.tsx b/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/log-details.tsx
index 611f1b8976..000e1be1ad 100644
--- a/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/log-details.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/log-details.tsx
@@ -5,7 +5,11 @@ import { ChevronUp, X } from 'lucide-react'
 import { Button, Eye } from '@/components/emcn'
 import { ScrollArea } from '@/components/ui/scroll-area'
 import { BASE_EXECUTION_CHARGE } from '@/lib/billing/constants'
-import { FileCards, FrozenCanvas, TraceSpans } from '@/app/workspace/[workspaceId]/logs/components'
+import {
+  ExecutionSnapshot,
+  FileCards,
+  TraceSpans,
+} from '@/app/workspace/[workspaceId]/logs/components'
 import { useLogDetailsResize } from '@/app/workspace/[workspaceId]/logs/hooks'
 import {
   formatDate,
@@ -49,7 +53,7 @@ export const LogDetails = memo(function LogDetails({
   hasNext = false,
   hasPrev = false,
 }: LogDetailsProps) {
-  const [isFrozenCanvasOpen, setIsFrozenCanvasOpen] = useState(false)
+  const [isExecutionSnapshotOpen, setIsExecutionSnapshotOpen] = useState(false)
   const scrollAreaRef = useRef<HTMLDivElement>(null)
   const panelWidth = useLogDetailsUIStore((state) => state.panelWidth)
   const { handleMouseDown } = useLogDetailsResize()
@@ -266,7 +270,7 @@ export const LogDetails = memo(function LogDetails({
                       Workflow State
                     </span>
                     <button
-                      onClick={() => setIsFrozenCanvasOpen(true)}
+                      onClick={() => setIsExecutionSnapshotOpen(true)}
                       className='flex items-center justify-between rounded-[6px] bg-[var(--surface-1)] px-[10px] py-[8px] transition-colors hover:bg-[var(--surface-4)]'
                     >
                       <span className='font-medium text-[12px] text-[var(--text-secondary)]'>
@@ -363,12 +367,12 @@ export const LogDetails = memo(function LogDetails({
 
         {/* Frozen Canvas Modal */}
         {log?.executionId && (
-          <FrozenCanvas
+          <ExecutionSnapshot
             executionId={log.executionId}
             traceSpans={log.executionData?.traceSpans}
             isModal
-            isOpen={isFrozenCanvasOpen}
-            onClose={() => setIsFrozenCanvasOpen(false)}
+            isOpen={isExecutionSnapshotOpen}
+            onClose={() => setIsExecutionSnapshotOpen(false)}
           />
         )}
       </div>
diff --git a/apps/sim/app/workspace/[workspaceId]/logs/components/log-row-context-menu/log-row-context-menu.tsx b/apps/sim/app/workspace/[workspaceId]/logs/components/log-row-context-menu/log-row-context-menu.tsx
index 9bdfbd1cba..f25a71732f 100644
--- a/apps/sim/app/workspace/[workspaceId]/logs/components/log-row-context-menu/log-row-context-menu.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/logs/components/log-row-context-menu/log-row-context-menu.tsx
@@ -18,6 +18,7 @@ interface LogRowContextMenuProps {
   log: WorkflowLog | null
   onCopyExecutionId: () => void
   onOpenWorkflow: () => void
+  onOpenPreview: () => void
   onToggleWorkflowFilter: () => void
   onClearAllFilters: () => void
   isFilteredByThisWorkflow: boolean
@@ -36,6 +37,7 @@ export function LogRowContextMenu({
   log,
   onCopyExecutionId,
   onOpenWorkflow,
+  onOpenPreview,
   onToggleWorkflowFilter,
   onClearAllFilters,
   isFilteredByThisWorkflow,
@@ -78,6 +80,15 @@ export function LogRowContextMenu({
         >
           Open Workflow
         </PopoverItem>
+        <PopoverItem
+          disabled={!hasExecutionId}
+          onClick={() => {
+            onOpenPreview()
+            onClose()
+          }}
+        >
+          Open Preview
+        </PopoverItem>
 
         {/* Filter actions */}
         <PopoverDivider />
diff --git a/apps/sim/app/workspace/[workspaceId]/logs/logs.tsx b/apps/sim/app/workspace/[workspaceId]/logs/logs.tsx
index eb2abd939c..a2ea88d338 100644
--- a/apps/sim/app/workspace/[workspaceId]/logs/logs.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/logs/logs.tsx
@@ -18,6 +18,7 @@ import type { WorkflowLog } from '@/stores/logs/filters/types'
 import { useUserPermissionsContext } from '../providers/workspace-permissions-provider'
 import {
   Dashboard,
+  ExecutionSnapshot,
   LogDetails,
   LogRowContextMenu,
   LogsList,
@@ -59,8 +60,7 @@ export default function Logs() {
     setWorkspaceId(workspaceId)
   }, [workspaceId, setWorkspaceId])
 
-  const [selectedLog, setSelectedLog] = useState<WorkflowLog | null>(null)
-  const [selectedLogIndex, setSelectedLogIndex] = useState<number>(-1)
+  const [selectedLogId, setSelectedLogId] = useState<string | null>(null)
   const [isSidebarOpen, setIsSidebarOpen] = useState(false)
   const selectedRowRef = useRef<HTMLTableRowElement | null>(null)
   const loaderRef = useRef<HTMLDivElement>(null)
@@ -90,6 +90,12 @@ export default function Logs() {
   const [contextMenuLog, setContextMenuLog] = useState<WorkflowLog | null>(null)
   const contextMenuRef = useRef<HTMLDivElement>(null)
 
+  const [isPreviewOpen, setIsPreviewOpen] = useState(false)
+  const [previewLogId, setPreviewLogId] = useState<string | null>(null)
+
+  const activeLogId = isPreviewOpen ? previewLogId : selectedLogId
+  const activeLogQuery = useLogDetail(activeLogId ?? undefined)
+
   const logFilters = useMemo(
     () => ({
       timeRange,
@@ -129,19 +135,23 @@ export default function Logs() {
     refetchInterval: isLive ? 5000 : false,
   })
 
-  const logDetailQuery = useLogDetail(selectedLog?.id)
-
-  const mergedSelectedLog = useMemo(() => {
-    if (!selectedLog) return null
-    if (!logDetailQuery.data) return selectedLog
-    return { ...selectedLog, ...logDetailQuery.data }
-  }, [selectedLog, logDetailQuery.data])
-
   const logs = useMemo(() => {
     if (!logsQuery.data?.pages) return []
     return logsQuery.data.pages.flatMap((page) => page.logs)
   }, [logsQuery.data?.pages])
 
+  const selectedLogIndex = useMemo(
+    () => (selectedLogId ? logs.findIndex((l) => l.id === selectedLogId) : -1),
+    [logs, selectedLogId]
+  )
+  const selectedLogFromList = selectedLogIndex >= 0 ? logs[selectedLogIndex] : null
+
+  const selectedLog = useMemo(() => {
+    if (!selectedLogFromList) return null
+    if (!activeLogQuery.data || isPreviewOpen) return selectedLogFromList
+    return { ...selectedLogFromList, ...activeLogQuery.data }
+  }, [selectedLogFromList, activeLogQuery.data, isPreviewOpen])
+
   useFolders(workspaceId)
 
   useEffect(() => {
@@ -150,89 +160,40 @@ export default function Logs() {
     }
   }, [debouncedSearchQuery, setStoreSearchQuery])
 
-  const prevSelectedLogRef = useRef<WorkflowLog | null>(null)
-
-  useEffect(() => {
-    if (!selectedLog?.id || logs.length === 0) return
-
-    const updatedLog = logs.find((l) => l.id === selectedLog.id)
-    if (!updatedLog) return
-
-    const prevLog = prevSelectedLogRef.current
-
-    const hasStatusChange =
-      prevLog?.id === updatedLog.id &&
-      (updatedLog.duration !== prevLog.duration || updatedLog.status !== prevLog.status)
-
-    if (updatedLog !== selectedLog) {
-      setSelectedLog(updatedLog)
-      prevSelectedLogRef.current = updatedLog
-    }
-
-    const newIndex = logs.findIndex((l) => l.id === selectedLog.id)
-    if (newIndex !== selectedLogIndex) {
-      setSelectedLogIndex(newIndex)
-    }
-
-    if (hasStatusChange) {
-      logDetailQuery.refetch()
-    }
-  }, [logs, selectedLog?.id, selectedLogIndex, logDetailQuery])
-
   useEffect(() => {
-    if (!isLive || !selectedLog?.id) return
-
-    const interval = setInterval(() => {
-      logDetailQuery.refetch()
-    }, 5000)
-
+    if (!isLive || !selectedLogId) return
+    const interval = setInterval(() => activeLogQuery.refetch(), 5000)
     return () => clearInterval(interval)
-  }, [isLive, selectedLog?.id, logDetailQuery])
+  }, [isLive, selectedLogId, activeLogQuery])
 
   const handleLogClick = useCallback(
     (log: WorkflowLog) => {
-      if (selectedLog?.id === log.id && isSidebarOpen) {
+      if (selectedLogId === log.id && isSidebarOpen) {
         setIsSidebarOpen(false)
-        setSelectedLog(null)
-        setSelectedLogIndex(-1)
-        prevSelectedLogRef.current = null
+        setSelectedLogId(null)
         return
       }
-
-      setSelectedLog(log)
-      prevSelectedLogRef.current = log
-      const index = logs.findIndex((l) => l.id === log.id)
-      setSelectedLogIndex(index)
+      setSelectedLogId(log.id)
       setIsSidebarOpen(true)
     },
-    [selectedLog?.id, isSidebarOpen, logs]
+    [selectedLogId, isSidebarOpen]
   )
 
   const handleNavigateNext = useCallback(() => {
     if (selectedLogIndex < logs.length - 1) {
-      const nextIndex = selectedLogIndex + 1
-      setSelectedLogIndex(nextIndex)
-      const nextLog = logs[nextIndex]
-      setSelectedLog(nextLog)
-      prevSelectedLogRef.current = nextLog
+      setSelectedLogId(logs[selectedLogIndex + 1].id)
     }
   }, [selectedLogIndex, logs])
 
   const handleNavigatePrev = useCallback(() => {
     if (selectedLogIndex > 0) {
-      const prevIndex = selectedLogIndex - 1
-      setSelectedLogIndex(prevIndex)
-      const prevLog = logs[prevIndex]
-      setSelectedLog(prevLog)
-      prevSelectedLogRef.current = prevLog
+      setSelectedLogId(logs[selectedLogIndex - 1].id)
     }
   }, [selectedLogIndex, logs])
 
   const handleCloseSidebar = useCallback(() => {
     setIsSidebarOpen(false)
-    setSelectedLog(null)
-    setSelectedLogIndex(-1)
-    prevSelectedLogRef.current = null
+    setSelectedLogId(null)
   }, [])
 
   const handleLogContextMenu = useCallback((e: React.MouseEvent, log: WorkflowLog) => {
@@ -271,6 +232,13 @@ export default function Logs() {
     setSearchQuery('')
   }, [resetFilters, setSearchQuery])
 
+  const handleOpenPreview = useCallback(() => {
+    if (contextMenuLog?.id) {
+      setPreviewLogId(contextMenuLog.id)
+      setIsPreviewOpen(true)
+    }
+  }, [contextMenuLog])
+
   const contextMenuWorkflowId = contextMenuLog?.workflow?.id || contextMenuLog?.workflowId
   const isFilteredByThisWorkflow = Boolean(
     contextMenuWorkflowId && workflowIds.length === 1 && workflowIds[0] === contextMenuWorkflowId
@@ -298,10 +266,10 @@ export default function Logs() {
     setIsVisuallyRefreshing(true)
     setTimeout(() => setIsVisuallyRefreshing(false), REFRESH_SPINNER_DURATION_MS)
     logsQuery.refetch()
-    if (selectedLog?.id) {
-      logDetailQuery.refetch()
+    if (selectedLogId) {
+      activeLogQuery.refetch()
     }
-  }, [logsQuery, logDetailQuery, selectedLog?.id])
+  }, [logsQuery, activeLogQuery, selectedLogId])
 
   const handleToggleLive = useCallback(() => {
     const newIsLive = !isLive
@@ -393,9 +361,7 @@ export default function Logs() {
 
       if (selectedLogIndex === -1 && (e.key === 'ArrowUp' || e.key === 'ArrowDown')) {
         e.preventDefault()
-        setSelectedLogIndex(0)
-        setSelectedLog(logs[0])
-        prevSelectedLogRef.current = logs[0]
+        setSelectedLogId(logs[0].id)
         return
       }
 
@@ -409,7 +375,7 @@ export default function Logs() {
         handleNavigateNext()
       }
 
-      if (e.key === 'Enter' && selectedLog) {
+      if (e.key === 'Enter' && selectedLogId) {
         e.preventDefault()
         setIsSidebarOpen(!isSidebarOpen)
       }
@@ -417,7 +383,7 @@ export default function Logs() {
 
     window.addEventListener('keydown', handleKeyDown)
     return () => window.removeEventListener('keydown', handleKeyDown)
-  }, [logs, selectedLogIndex, isSidebarOpen, selectedLog, handleNavigateNext, handleNavigatePrev])
+  }, [logs, selectedLogIndex, isSidebarOpen, selectedLogId, handleNavigateNext, handleNavigatePrev])
 
   const isDashboardView = viewMode === 'dashboard'
 
@@ -509,7 +475,7 @@ export default function Logs() {
                 ) : (
                   <LogsList
                     logs={logs}
-                    selectedLogId={selectedLog?.id ?? null}
+                    selectedLogId={selectedLogId}
                     onLogClick={handleLogClick}
                     onLogContextMenu={handleLogContextMenu}
                     selectedRowRef={selectedRowRef}
@@ -524,7 +490,7 @@ export default function Logs() {
 
             {/* Log Details - rendered inside table container */}
             <LogDetails
-              log={mergedSelectedLog}
+              log={selectedLog}
               isOpen={isSidebarOpen}
               onClose={handleCloseSidebar}
               onNavigateNext={handleNavigateNext}
@@ -550,11 +516,25 @@ export default function Logs() {
         log={contextMenuLog}
         onCopyExecutionId={handleCopyExecutionId}
         onOpenWorkflow={handleOpenWorkflow}
+        onOpenPreview={handleOpenPreview}
         onToggleWorkflowFilter={handleToggleWorkflowFilter}
         onClearAllFilters={handleClearAllFilters}
         isFilteredByThisWorkflow={isFilteredByThisWorkflow}
         hasActiveFilters={filtersActive}
       />
+
+      {isPreviewOpen && activeLogQuery.data?.executionId && (
+        <ExecutionSnapshot
+          executionId={activeLogQuery.data.executionId}
+          traceSpans={activeLogQuery.data.executionData?.traceSpans}
+          isModal
+          isOpen={isPreviewOpen}
+          onClose={() => {
+            setIsPreviewOpen(false)
+            setPreviewLogId(null)
+          }}
+        />
+      )}
     </div>
   )
 }
diff --git a/apps/sim/app/workspace/[workspaceId]/templates/components/template-card.tsx b/apps/sim/app/workspace/[workspaceId]/templates/components/template-card.tsx
index 1b75649229..730c82e54d 100644
--- a/apps/sim/app/workspace/[workspaceId]/templates/components/template-card.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/templates/components/template-card.tsx
@@ -1,16 +1,13 @@
 import { memo, useCallback, useEffect, useMemo, useRef, useState } from 'react'
-import { createLogger } from '@sim/logger'
 import { Star, User } from 'lucide-react'
 import { useParams, useRouter } from 'next/navigation'
 import { VerifiedBadge } from '@/components/ui/verified-badge'
 import { cn } from '@/lib/core/utils/cn'
-import { WorkflowPreview } from '@/app/workspace/[workspaceId]/w/components/workflow-preview/workflow-preview'
+import { WorkflowPreview } from '@/app/workspace/[workspaceId]/w/components/preview'
 import { getBlock } from '@/blocks/registry'
 import { useStarTemplate } from '@/hooks/queries/templates'
 import type { WorkflowState } from '@/stores/workflows/workflow/types'
 
-const logger = createLogger('TemplateCard')
-
 interface TemplateCardProps {
   id: string
   title: string
diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/chat/chat.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/chat/chat.tsx
index 0ad5e42f07..5af836d845 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/chat/chat.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/chat/chat.tsx
@@ -473,6 +473,7 @@ export function Chat() {
   /**
    * Processes streaming response from workflow execution
    * Reads the stream chunk by chunk and updates the message content in real-time
+   * When the final event arrives, extracts any additional selected outputs (model, tokens, toolCalls)
    * @param stream - ReadableStream containing the workflow execution response
    * @param responseMessageId - ID of the message to update with streamed content
    */
@@ -529,6 +530,35 @@ export function Chat() {
                   return
                 }
 
+                if (
+                  selectedOutputs.length > 0 &&
+                  'logs' in result &&
+                  Array.isArray(result.logs) &&
+                  activeWorkflowId
+                ) {
+                  const additionalOutputs: string[] = []
+
+                  for (const outputId of selectedOutputs) {
+                    const blockId = extractBlockIdFromOutputId(outputId)
+                    const path = extractPathFromOutputId(outputId, blockId)
+
+                    if (path === 'content') continue
+
+                    const outputValue = extractOutputFromLogs(result.logs as BlockLog[], outputId)
+                    if (outputValue !== undefined) {
+                      const formattedValue =
+                        typeof outputValue === 'string' ? outputValue : JSON.stringify(outputValue)
+                      if (formattedValue) {
+                        additionalOutputs.push(`**${path}:** ${formattedValue}`)
+                      }
+                    }
+                  }
+
+                  if (additionalOutputs.length > 0) {
+                    appendMessageContent(responseMessageId, `\n\n${additionalOutputs.join('\n\n')}`)
+                  }
+                }
+
                 finalizeMessageStream(responseMessageId)
               } else if (contentChunk) {
                 accumulatedContent += contentChunk
@@ -552,7 +582,7 @@ export function Chat() {
         focusInput(100)
       }
     },
-    [appendMessageContent, finalizeMessageStream, focusInput]
+    [appendMessageContent, finalizeMessageStream, focusInput, selectedOutputs, activeWorkflowId]
   )
 
   /**
@@ -564,7 +594,6 @@ export function Chat() {
       if (!result || !activeWorkflowId) return
       if (typeof result !== 'object') return
 
-      // Handle streaming response
       if ('stream' in result && result.stream instanceof ReadableStream) {
         const responseMessageId = crypto.randomUUID()
         addMessage({
@@ -578,7 +607,6 @@ export function Chat() {
         return
       }
 
-      // Handle success with logs
       if ('success' in result && result.success && 'logs' in result && Array.isArray(result.logs)) {
         selectedOutputs
           .map((outputId) => extractOutputFromLogs(result.logs as BlockLog[], outputId))
@@ -596,7 +624,6 @@ export function Chat() {
         return
       }
 
-      // Handle error response
       if ('success' in result && !result.success) {
         const errorMessage =
           'error' in result && typeof result.error === 'string'
@@ -622,7 +649,6 @@ export function Chat() {
 
     const sentMessage = chatMessage.trim()
 
-    // Update prompt history (only if new unique message)
     if (sentMessage && promptHistory[promptHistory.length - 1] !== sentMessage) {
       setPromptHistory((prev) => [...prev, sentMessage])
     }
@@ -631,10 +657,8 @@ export function Chat() {
     const conversationId = getConversationId(activeWorkflowId)
 
     try {
-      // Process file attachments
       const attachmentsWithData = await processFileAttachments(chatFiles)
 
-      // Add user message
       const messageContent =
         sentMessage || (chatFiles.length > 0 ? `Uploaded ${chatFiles.length} file(s)` : '')
       addMessage({
@@ -644,7 +668,6 @@ export function Chat() {
         attachments: attachmentsWithData,
       })
 
-      // Prepare workflow input
       const workflowInput: {
         input: string
         conversationId: string
@@ -667,13 +690,11 @@ export function Chat() {
         }
       }
 
-      // Clear input and files
       setChatMessage('')
       clearFiles()
       clearErrors()
       focusInput(10)
 
-      // Execute workflow
       const result = await handleRunWorkflow(workflowInput)
       handleWorkflowResponse(result)
     } catch (error) {
diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/cursors/cursors.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/cursors/cursors.tsx
index 23de16a25b..1cd5831b69 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/cursors/cursors.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/cursors/cursors.tsx
@@ -3,8 +3,8 @@
 import { memo, useMemo } from 'react'
 import { useViewport } from 'reactflow'
 import { useSession } from '@/lib/auth/auth-client'
+import { getUserColor } from '@/lib/workspaces/colors'
 import { usePreventZoom } from '@/app/workspace/[workspaceId]/w/[workflowId]/hooks'
-import { getUserColor } from '@/app/workspace/[workspaceId]/w/utils/get-user-color'
 import { useSocket } from '@/app/workspace/providers/socket-provider'
 
 interface CursorPoint {
diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/deploy/components/deploy-modal/components/general/general.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/deploy/components/deploy-modal/components/general/general.tsx
index 129c92fc33..1b931fee56 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/deploy/components/deploy-modal/components/general/general.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/deploy/components/deploy-modal/components/general/general.tsx
@@ -1,7 +1,8 @@
 'use client'
 
-import { useCallback, useEffect, useMemo, useRef, useState } from 'react'
+import { useCallback, useEffect, useMemo, useState } from 'react'
 import { createLogger } from '@sim/logger'
+import { Maximize2 } from 'lucide-react'
 import {
   Button,
   Label,
@@ -10,10 +11,15 @@ import {
   ModalContent,
   ModalFooter,
   ModalHeader,
+  Tooltip,
 } from '@/components/emcn'
 import { Skeleton } from '@/components/ui'
 import type { WorkflowDeploymentVersionResponse } from '@/lib/workflows/persistence/utils'
-import { WorkflowPreview } from '@/app/workspace/[workspaceId]/w/components/workflow-preview/workflow-preview'
+import {
+  BlockDetailsSidebar,
+  WorkflowPreview,
+} from '@/app/workspace/[workspaceId]/w/components/preview'
+import { useDeploymentVersionState, useRevertToVersion } from '@/hooks/queries/workflows'
 import type { WorkflowState } from '@/stores/workflows/workflow/types'
 import { Versions } from './components'
 
@@ -49,48 +55,26 @@ export function GeneralDeploy({
   const [previewMode, setPreviewMode] = useState<PreviewMode>('active')
   const [showLoadDialog, setShowLoadDialog] = useState(false)
   const [showPromoteDialog, setShowPromoteDialog] = useState(false)
+  const [showExpandedPreview, setShowExpandedPreview] = useState(false)
+  const [expandedSelectedBlockId, setExpandedSelectedBlockId] = useState<string | null>(null)
   const [versionToLoad, setVersionToLoad] = useState<number | null>(null)
   const [versionToPromote, setVersionToPromote] = useState<number | null>(null)
 
-  const versionCacheRef = useRef<Map<number, WorkflowState>>(new Map())
-  const [, forceUpdate] = useState({})
-
   const selectedVersionInfo = versions.find((v) => v.version === selectedVersion)
   const versionToPromoteInfo = versions.find((v) => v.version === versionToPromote)
   const versionToLoadInfo = versions.find((v) => v.version === versionToLoad)
 
-  const cachedSelectedState =
-    selectedVersion !== null ? versionCacheRef.current.get(selectedVersion) : null
-
-  const fetchSelectedVersionState = useCallback(
-    async (version: number) => {
-      if (!workflowId) return
-      if (versionCacheRef.current.has(version)) return
+  const { data: selectedVersionState } = useDeploymentVersionState(workflowId, selectedVersion)
 
-      try {
-        const res = await fetch(`/api/workflows/${workflowId}/deployments/${version}`)
-        if (res.ok) {
-          const data = await res.json()
-          if (data.deployedState) {
-            versionCacheRef.current.set(version, data.deployedState)
-            forceUpdate({})
-          }
-        }
-      } catch (error) {
-        logger.error('Error fetching version state:', error)
-      }
-    },
-    [workflowId]
-  )
+  const revertMutation = useRevertToVersion()
 
   useEffect(() => {
     if (selectedVersion !== null) {
-      fetchSelectedVersionState(selectedVersion)
       setPreviewMode('selected')
     } else {
       setPreviewMode('active')
     }
-  }, [selectedVersion, fetchSelectedVersionState])
+  }, [selectedVersion])
 
   const handleSelectVersion = useCallback((version: number | null) => {
     setSelectedVersion(version)
@@ -109,20 +93,12 @@ export function GeneralDeploy({
   const confirmLoadDeployment = async () => {
     if (!workflowId || versionToLoad === null) return
 
-    // Close modal immediately for snappy UX
     setShowLoadDialog(false)
     const version = versionToLoad
     setVersionToLoad(null)
 
     try {
-      const response = await fetch(`/api/workflows/${workflowId}/deployments/${version}/revert`, {
-        method: 'POST',
-      })
-
-      if (!response.ok) {
-        throw new Error('Failed to load deployment')
-      }
-
+      await revertMutation.mutateAsync({ workflowId, version })
       onLoadDeploymentComplete()
     } catch (error) {
       logger.error('Failed to load deployment:', error)
@@ -132,7 +108,6 @@ export function GeneralDeploy({
   const confirmPromoteToLive = async () => {
     if (versionToPromote === null) return
 
-    // Close modal immediately for snappy UX
     setShowPromoteDialog(false)
     const version = versionToPromote
     setVersionToPromote(null)
@@ -145,15 +120,14 @@ export function GeneralDeploy({
   }
 
   const workflowToShow = useMemo(() => {
-    if (previewMode === 'selected' && cachedSelectedState) {
-      return cachedSelectedState
+    if (previewMode === 'selected' && selectedVersionState) {
+      return selectedVersionState
     }
     return deployedState
-  }, [previewMode, cachedSelectedState, deployedState])
+  }, [previewMode, selectedVersionState, deployedState])
 
   const showToggle = selectedVersion !== null && deployedState
 
-  // Only show skeleton on initial load when we have no deployed data
   const hasDeployedData = deployedState && Object.keys(deployedState.blocks || {}).length > 0
   const showLoadingSkeleton = isLoadingDeployedState && !hasDeployedData
 
@@ -219,15 +193,31 @@ export function GeneralDeploy({
             }}
           >
             {workflowToShow ? (
-              <WorkflowPreview
-                workflowState={workflowToShow}
-                showSubBlocks={true}
-                height='100%'
-                width='100%'
-                isPannable={true}
-                defaultPosition={{ x: 0, y: 0 }}
-                defaultZoom={0.6}
-              />
+              <>
+                <WorkflowPreview
+                  workflowState={workflowToShow}
+                  showSubBlocks={true}
+                  height='100%'
+                  width='100%'
+                  isPannable={true}
+                  defaultPosition={{ x: 0, y: 0 }}
+                  defaultZoom={0.6}
+                />
+                <Tooltip.Root>
+                  <Tooltip.Trigger asChild>
+                    <Button
+                      type='button'
+                      variant='default'
+                      size='sm'
+                      onClick={() => setShowExpandedPreview(true)}
+                      className='absolute top-[8px] right-[8px] z-10'
+                    >
+                      <Maximize2 className='h-[14px] w-[14px]' />
+                    </Button>
+                  </Tooltip.Trigger>
+                  <Tooltip.Content side='bottom'>Expand preview</Tooltip.Content>
+                </Tooltip.Root>
+              </>
             ) : (
               <div className='flex h-full items-center justify-center text-[#8D8D8D] text-[13px]'>
                 Deploy your workflow to see a preview
@@ -304,6 +294,51 @@ export function GeneralDeploy({
           </ModalFooter>
         </ModalContent>
       </Modal>
+
+      {workflowToShow && (
+        <Modal
+          open={showExpandedPreview}
+          onOpenChange={(open) => {
+            if (!open) {
+              setExpandedSelectedBlockId(null)
+            }
+            setShowExpandedPreview(open)
+          }}
+        >
+          <ModalContent size='full' className='flex h-[90vh] flex-col'>
+            <ModalHeader>
+              {previewMode === 'selected' && selectedVersionInfo
+                ? selectedVersionInfo.name || `v${selectedVersion}`
+                : 'Live Workflow'}
+            </ModalHeader>
+            <ModalBody className='!p-0 min-h-0 flex-1'>
+              <div className='flex h-full w-full overflow-hidden'>
+                <div className='h-full flex-1'>
+                  <WorkflowPreview
+                    workflowState={workflowToShow}
+                    showSubBlocks={true}
+                    isPannable={true}
+                    defaultPosition={{ x: 0, y: 0 }}
+                    defaultZoom={0.6}
+                    onNodeClick={(blockId) => {
+                      setExpandedSelectedBlockId(
+                        expandedSelectedBlockId === blockId ? null : blockId
+                      )
+                    }}
+                    cursorStyle='pointer'
+                  />
+                </div>
+                {expandedSelectedBlockId && workflowToShow.blocks?.[expandedSelectedBlockId] && (
+                  <BlockDetailsSidebar
+                    block={workflowToShow.blocks[expandedSelectedBlockId]}
+                    onClose={() => setExpandedSelectedBlockId(null)}
+                  />
+                )}
+              </div>
+            </ModalBody>
+          </ModalContent>
+        </Modal>
+      )}
     </>
   )
 }
diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/deploy/components/deploy-modal/components/template/template.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/deploy/components/deploy-modal/components/template/template.tsx
index f5b15f522c..3bd4301250 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/deploy/components/deploy-modal/components/template/template.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/deploy/components/deploy-modal/components/template/template.tsx
@@ -18,7 +18,7 @@ import { Skeleton, TagInput } from '@/components/ui'
 import { useSession } from '@/lib/auth/auth-client'
 import { cn } from '@/lib/core/utils/cn'
 import { captureAndUploadOGImage, OG_IMAGE_HEIGHT, OG_IMAGE_WIDTH } from '@/lib/og'
-import { WorkflowPreview } from '@/app/workspace/[workspaceId]/w/components/workflow-preview/workflow-preview'
+import { WorkflowPreview } from '@/app/workspace/[workspaceId]/w/components/preview'
 import {
   useCreateTemplate,
   useDeleteTemplate,
diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/credential-selector/credential-selector.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/credential-selector/credential-selector.tsx
index d902200dd2..4a4f112e23 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/credential-selector/credential-selector.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/credential-selector/credential-selector.tsx
@@ -2,8 +2,10 @@
 
 import { useCallback, useEffect, useMemo, useState } from 'react'
 import { createLogger } from '@sim/logger'
-import { ExternalLink } from 'lucide-react'
+import { ExternalLink, Users } from 'lucide-react'
 import { Button, Combobox } from '@/components/emcn/components'
+import { getSubscriptionStatus } from '@/lib/billing/client'
+import { getPollingProviderFromOAuth } from '@/lib/credential-sets/providers'
 import {
   getCanonicalScopesForProvider,
   getProviderIdFromServiceId,
@@ -15,7 +17,11 @@ import { OAuthRequiredModal } from '@/app/workspace/[workspaceId]/w/[workflowId]
 import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-depends-on-gate'
 import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value'
 import type { SubBlockConfig } from '@/blocks/types'
+import { CREDENTIAL, CREDENTIAL_SET } from '@/executor/constants'
+import { useCredentialSets } from '@/hooks/queries/credential-sets'
 import { useOAuthCredentialDetail, useOAuthCredentials } from '@/hooks/queries/oauth-credentials'
+import { useOrganizations } from '@/hooks/queries/organization'
+import { useSubscriptionData } from '@/hooks/queries/subscription'
 import { getMissingRequiredScopes } from '@/hooks/use-oauth-scope-status'
 import { useWorkflowRegistry } from '@/stores/workflows/registry/store'
 
@@ -45,6 +51,19 @@ export function CredentialSelector({
   const requiredScopes = subBlock.requiredScopes || []
   const label = subBlock.placeholder || 'Select credential'
   const serviceId = subBlock.serviceId || ''
+  const supportsCredentialSets = subBlock.supportsCredentialSets || false
+
+  const { data: organizationsData } = useOrganizations()
+  const { data: subscriptionData } = useSubscriptionData()
+  const activeOrganization = organizationsData?.activeOrganization
+  const subscriptionStatus = getSubscriptionStatus(subscriptionData?.data)
+  const hasTeamPlan = subscriptionStatus.isTeam || subscriptionStatus.isEnterprise
+  const canUseCredentialSets = supportsCredentialSets && hasTeamPlan && !!activeOrganization?.id
+
+  const { data: credentialSets = [] } = useCredentialSets(
+    activeOrganization?.id,
+    canUseCredentialSets
+  )
 
   const { depsSatisfied, dependsOn } = useDependsOnGate(blockId, subBlock, { disabled, isPreview })
   const hasDependencies = dependsOn.length > 0
@@ -52,7 +71,12 @@ export function CredentialSelector({
   const effectiveDisabled = disabled || (hasDependencies && !depsSatisfied)
 
   const effectiveValue = isPreview && previewValue !== undefined ? previewValue : storeValue
-  const selectedId = typeof effectiveValue === 'string' ? effectiveValue : ''
+  const rawSelectedId = typeof effectiveValue === 'string' ? effectiveValue : ''
+  const isCredentialSetSelected = rawSelectedId.startsWith(CREDENTIAL_SET.PREFIX)
+  const selectedId = isCredentialSetSelected ? '' : rawSelectedId
+  const selectedCredentialSetId = isCredentialSetSelected
+    ? rawSelectedId.slice(CREDENTIAL_SET.PREFIX.length)
+    : ''
 
   const effectiveProviderId = useMemo(
     () => getProviderIdFromServiceId(serviceId) as OAuthProvider,
@@ -87,11 +111,20 @@ export function CredentialSelector({
   const hasForeignMeta = foreignCredentials.length > 0
   const isForeign = Boolean(selectedId && !selectedCredential && hasForeignMeta)
 
+  const selectedCredentialSet = useMemo(
+    () => credentialSets.find((cs) => cs.id === selectedCredentialSetId),
+    [credentialSets, selectedCredentialSetId]
+  )
+
+  const isForeignCredentialSet = Boolean(isCredentialSetSelected && !selectedCredentialSet)
+
   const resolvedLabel = useMemo(() => {
+    if (selectedCredentialSet) return selectedCredentialSet.name
+    if (isForeignCredentialSet) return CREDENTIAL.FOREIGN_LABEL
     if (selectedCredential) return selectedCredential.name
-    if (isForeign) return 'Saved by collaborator'
+    if (isForeign) return CREDENTIAL.FOREIGN_LABEL
     return ''
-  }, [selectedCredential, isForeign])
+  }, [selectedCredentialSet, isForeignCredentialSet, selectedCredential, isForeign])
 
   useEffect(() => {
     if (!isEditing) {
@@ -148,6 +181,15 @@ export function CredentialSelector({
     [isPreview, setStoreValue]
   )
 
+  const handleCredentialSetSelect = useCallback(
+    (credentialSetId: string) => {
+      if (isPreview) return
+      setStoreValue(`${CREDENTIAL_SET.PREFIX}${credentialSetId}`)
+      setIsEditing(false)
+    },
+    [isPreview, setStoreValue]
+  )
+
   const handleAddCredential = useCallback(() => {
     setShowOAuthModal(true)
   }, [])
@@ -176,7 +218,56 @@ export function CredentialSelector({
       .join(' ')
   }, [])
 
-  const comboboxOptions = useMemo(() => {
+  const { comboboxOptions, comboboxGroups } = useMemo(() => {
+    const pollingProviderId = getPollingProviderFromOAuth(effectiveProviderId)
+    // Handle both old ('gmail') and new ('google-email') provider IDs for backwards compatibility
+    const matchesProvider = (csProviderId: string | null) => {
+      if (!csProviderId || !pollingProviderId) return false
+      if (csProviderId === pollingProviderId) return true
+      // Handle legacy 'gmail' mapping to 'google-email'
+      if (pollingProviderId === 'google-email' && csProviderId === 'gmail') return true
+      return false
+    }
+    const filteredCredentialSets = pollingProviderId
+      ? credentialSets.filter((cs) => matchesProvider(cs.providerId))
+      : []
+
+    if (canUseCredentialSets && filteredCredentialSets.length > 0) {
+      const groups = []
+
+      groups.push({
+        section: 'Polling Groups',
+        items: filteredCredentialSets.map((cs) => ({
+          label: cs.name,
+          value: `${CREDENTIAL_SET.PREFIX}${cs.id}`,
+        })),
+      })
+
+      const credentialItems = credentials.map((cred) => ({
+        label: cred.name,
+        value: cred.id,
+      }))
+
+      if (credentialItems.length > 0) {
+        groups.push({
+          section: 'Personal Credential',
+          items: credentialItems,
+        })
+      } else {
+        groups.push({
+          section: 'Personal Credential',
+          items: [
+            {
+              label: `Connect ${getProviderName(provider)} account`,
+              value: '__connect_account__',
+            },
+          ],
+        })
+      }
+
+      return { comboboxOptions: [], comboboxGroups: groups }
+    }
+
     const options = credentials.map((cred) => ({
       label: cred.name,
       value: cred.id,
@@ -189,14 +280,32 @@ export function CredentialSelector({
       })
     }
 
-    return options
-  }, [credentials, provider, getProviderName])
+    return { comboboxOptions: options, comboboxGroups: undefined }
+  }, [
+    credentials,
+    provider,
+    effectiveProviderId,
+    getProviderName,
+    canUseCredentialSets,
+    credentialSets,
+  ])
 
   const selectedCredentialProvider = selectedCredential?.provider ?? provider
 
   const overlayContent = useMemo(() => {
     if (!inputValue) return null
 
+    if (isCredentialSetSelected && selectedCredentialSet) {
+      return (
+        <div className='flex w-full items-center truncate'>
+          <div className='mr-2 flex-shrink-0 opacity-90'>
+            <Users className='h-3 w-3' />
+          </div>
+          <span className='truncate'>{inputValue}</span>
+        </div>
+      )
+    }
+
     return (
       <div className='flex w-full items-center truncate'>
         <div className='mr-2 flex-shrink-0 opacity-90'>
@@ -205,7 +314,13 @@ export function CredentialSelector({
         <span className='truncate'>{inputValue}</span>
       </div>
     )
-  }, [getProviderIcon, inputValue, selectedCredentialProvider])
+  }, [
+    getProviderIcon,
+    inputValue,
+    selectedCredentialProvider,
+    isCredentialSetSelected,
+    selectedCredentialSet,
+  ])
 
   const handleComboboxChange = useCallback(
     (value: string) => {
@@ -214,6 +329,16 @@ export function CredentialSelector({
         return
       }
 
+      if (value.startsWith(CREDENTIAL_SET.PREFIX)) {
+        const credentialSetId = value.slice(CREDENTIAL_SET.PREFIX.length)
+        const matchedSet = credentialSets.find((cs) => cs.id === credentialSetId)
+        if (matchedSet) {
+          setInputValue(matchedSet.name)
+          handleCredentialSetSelect(credentialSetId)
+          return
+        }
+      }
+
       const matchedCred = credentials.find((c) => c.id === value)
       if (matchedCred) {
         setInputValue(matchedCred.name)
@@ -224,15 +349,16 @@ export function CredentialSelector({
       setIsEditing(true)
       setInputValue(value)
     },
-    [credentials, handleAddCredential, handleSelect]
+    [credentials, credentialSets, handleAddCredential, handleSelect, handleCredentialSetSelect]
   )
 
   return (
     <div>
       <Combobox
         options={comboboxOptions}
+        groups={comboboxGroups}
         value={inputValue}
-        selectedValue={selectedId}
+        selectedValue={rawSelectedId}
         onChange={handleComboboxChange}
         onOpenChange={handleOpenChange}
         placeholder={
@@ -240,10 +366,10 @@ export function CredentialSelector({
         }
         disabled={effectiveDisabled}
         editable={true}
-        filterOptions={true}
+        filterOptions={!isForeign && !isForeignCredentialSet}
         isLoading={credentialsLoading}
         overlayContent={overlayContent}
-        className={selectedId ? 'pl-[28px]' : ''}
+        className={selectedId || isCredentialSetSelected ? 'pl-[28px]' : ''}
       />
 
       {needsUpdate && (
diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/long-input/long-input.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/long-input/long-input.tsx
index 541fb538aa..2cd1b039b3 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/long-input/long-input.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/long-input/long-input.tsx
@@ -332,7 +332,10 @@ export function LongInput({
               />
               <div
                 ref={overlayRef}
-                className='pointer-events-none absolute inset-0 box-border overflow-auto whitespace-pre-wrap break-words border border-transparent bg-transparent px-[8px] py-[8px] font-medium font-sans text-sm'
+                className={cn(
+                  'pointer-events-none absolute inset-0 box-border overflow-auto whitespace-pre-wrap break-words border border-transparent bg-transparent px-[8px] py-[8px] font-medium font-sans text-sm',
+                  (isPreview || disabled) && 'opacity-50'
+                )}
                 style={{
                   fontFamily: 'inherit',
                   lineHeight: 'inherit',
diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/short-input/short-input.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/short-input/short-input.tsx
index 3bca388f34..b2027a361d 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/short-input/short-input.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/short-input/short-input.tsx
@@ -374,7 +374,8 @@ export function ShortInput({
                   ref={overlayRef}
                   className={cn(
                     'pointer-events-none absolute inset-0 flex items-center overflow-x-auto bg-transparent px-[8px] py-[6px] font-medium font-sans text-foreground text-sm [-ms-overflow-style:none] [scrollbar-width:none] [&::-webkit-scrollbar]:hidden',
-                    showCopyButton ? 'pr-14' : 'pr-3'
+                    showCopyButton ? 'pr-14' : 'pr-3',
+                    (isPreview || disabled) && 'opacity-50'
                   )}
                 >
                   <div className='min-w-fit whitespace-pre'>{formattedText}</div>
diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/slider-input/slider-input.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/slider-input/slider-input.tsx
index 8b947a6af3..673669356e 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/slider-input/slider-input.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/slider-input/slider-input.tsx
@@ -1,5 +1,6 @@
 import { useEffect } from 'react'
 import { Slider } from '@/components/emcn/components/slider/slider'
+import { cn } from '@/lib/core/utils/cn'
 import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/hooks/use-sub-block-value'
 
 interface SliderInputProps {
@@ -58,15 +59,17 @@ export function SliderInput({
 
   const percentage = ((normalizedValue - min) / (max - min)) * 100
 
+  const isDisabled = isPreview || disabled
+
   return (
-    <div className='relative pt-2 pb-[22px]'>
+    <div className={cn('relative pt-2 pb-[22px]', isDisabled && 'opacity-50')}>
       <Slider
         value={[normalizedValue]}
         min={min}
         max={max}
         step={integer ? 1 : step}
         onValueChange={handleValueChange}
-        disabled={isPreview || disabled}
+        disabled={isDisabled}
       />
       <div
         className='absolute top-6 text-muted-foreground text-sm'
diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tool-input/components/tool-credential-selector.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tool-input/components/tool-credential-selector.tsx
index 761935d7d3..d202efb775 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tool-input/components/tool-credential-selector.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tool-input/components/tool-credential-selector.tsx
@@ -10,6 +10,7 @@ import {
   parseProvider,
 } from '@/lib/oauth'
 import { OAuthRequiredModal } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/credential-selector/components/oauth-required-modal'
+import { CREDENTIAL } from '@/executor/constants'
 import { useOAuthCredentialDetail, useOAuthCredentials } from '@/hooks/queries/oauth-credentials'
 import { getMissingRequiredScopes } from '@/hooks/use-oauth-scope-status'
 import { useWorkflowRegistry } from '@/stores/workflows/registry/store'
@@ -95,7 +96,7 @@ export function ToolCredentialSelector({
 
   const resolvedLabel = useMemo(() => {
     if (selectedCredential) return selectedCredential.name
-    if (isForeign) return 'Saved by collaborator'
+    if (isForeign) return CREDENTIAL.FOREIGN_LABEL
     return ''
   }, [selectedCredential, isForeign])
 
@@ -210,7 +211,7 @@ export function ToolCredentialSelector({
         placeholder={label}
         disabled={disabled}
         editable={true}
-        filterOptions={true}
+        filterOptions={!isForeign}
         isLoading={credentialsLoading}
         overlayContent={overlayContent}
         className={selectedId ? 'pl-[28px]' : ''}
diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/workflow-block.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/workflow-block.tsx
index 1d7ead5c53..42b8484dc1 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/workflow-block.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/workflow-block.tsx
@@ -949,7 +949,9 @@ export const WorkflowBlock = memo(function WorkflowBlock({
           </div>
         )}
 
-        <ActionBar blockId={id} blockType={type} disabled={!userPermissions.canEdit} />
+        {!data.isPreview && (
+          <ActionBar blockId={id} blockType={type} disabled={!userPermissions.canEdit} />
+        )}
 
         {shouldShowDefaultHandles && <Connections blockId={id} />}
 
diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-edge/workflow-edge.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-edge/workflow-edge.tsx
index 14e64108c8..02d31bd926 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-edge/workflow-edge.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-edge/workflow-edge.tsx
@@ -55,9 +55,11 @@ const WorkflowEdgeComponent = ({
 
   const dataSourceHandle = (data as { sourceHandle?: string } | undefined)?.sourceHandle
   const isErrorEdge = (sourceHandle ?? dataSourceHandle) === 'error'
-  const edgeRunStatus = lastRunEdges.get(id)
+  const previewExecutionStatus = (
+    data as { executionStatus?: 'success' | 'error' | 'not-executed' } | undefined
+  )?.executionStatus
+  const edgeRunStatus = previewExecutionStatus || lastRunEdges.get(id)
 
-  // Memoize diff status calculation to avoid recomputing on every render
   const edgeDiffStatus = useMemo((): EdgeDiffStatus => {
     if (data?.isDeleted) return 'deleted'
     if (!diffAnalysis?.edge_diff || !isDiffReady) return null
@@ -84,21 +86,39 @@ const WorkflowEdgeComponent = ({
     targetHandle,
   ])
 
-  // Memoize edge style to prevent object recreation
   const edgeStyle = useMemo(() => {
     let color = 'var(--workflow-edge)'
-    if (edgeDiffStatus === 'deleted') color = 'var(--text-error)'
-    else if (isErrorEdge) color = 'var(--text-error)'
-    else if (edgeDiffStatus === 'new') color = 'var(--brand-tertiary)'
-    else if (edgeRunStatus === 'success') color = 'var(--border-success)'
-    else if (edgeRunStatus === 'error') color = 'var(--text-error)'
+    let opacity = 1
+
+    if (edgeDiffStatus === 'deleted') {
+      color = 'var(--text-error)'
+      opacity = 0.7
+    } else if (isErrorEdge) {
+      color = 'var(--text-error)'
+    } else if (edgeDiffStatus === 'new') {
+      color = 'var(--brand-tertiary)'
+    } else if (edgeRunStatus === 'success') {
+      color = 'var(--border-success)'
+    } else if (edgeRunStatus === 'error') {
+      color = 'var(--text-error)'
+    }
+
+    if (isSelected) {
+      opacity = 0.5
+    }
 
     return {
       ...(style ?? {}),
-      strokeWidth: edgeDiffStatus ? 3 : isSelected ? 2.5 : 2,
+      strokeWidth: edgeDiffStatus
+        ? 3
+        : edgeRunStatus === 'success' || edgeRunStatus === 'error'
+          ? 2.5
+          : isSelected
+            ? 2.5
+            : 2,
       stroke: color,
       strokeDasharray: edgeDiffStatus === 'deleted' ? '10,5' : undefined,
-      opacity: edgeDiffStatus === 'deleted' ? 0.7 : isSelected ? 0.5 : 1,
+      opacity,
     }
   }, [style, edgeDiffStatus, isSelected, isErrorEdge, edgeRunStatus])
 
@@ -137,7 +157,6 @@ const WorkflowEdgeComponent = ({
               e.stopPropagation()
 
               if (data?.onDelete) {
-                // Pass this specific edge's ID to the delete function
                 data.onDelete(id)
               }
             }}
diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/hooks/use-workflow-execution.ts b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/hooks/use-workflow-execution.ts
index 61af9f0624..07cfd79fc2 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/hooks/use-workflow-execution.ts
+++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/hooks/use-workflow-execution.ts
@@ -885,6 +885,7 @@ export function useWorkflowExecution() {
 
       const activeBlocksSet = new Set<string>()
       const streamedContent = new Map<string, string>()
+      const accumulatedBlockLogs: BlockLog[] = []
 
       // Execute the workflow
       try {
@@ -933,14 +934,30 @@ export function useWorkflowExecution() {
 
               // Edges already tracked in onBlockStarted, no need to track again
 
+              const startedAt = new Date(Date.now() - data.durationMs).toISOString()
+              const endedAt = new Date().toISOString()
+
+              // Accumulate block log for the execution result
+              accumulatedBlockLogs.push({
+                blockId: data.blockId,
+                blockName: data.blockName || 'Unknown Block',
+                blockType: data.blockType || 'unknown',
+                input: data.input || {},
+                output: data.output,
+                success: true,
+                durationMs: data.durationMs,
+                startedAt,
+                endedAt,
+              })
+
               // Add to console
               addConsole({
                 input: data.input || {},
                 output: data.output,
                 success: true,
                 durationMs: data.durationMs,
-                startedAt: new Date(Date.now() - data.durationMs).toISOString(),
-                endedAt: new Date().toISOString(),
+                startedAt,
+                endedAt,
                 workflowId: activeWorkflowId,
                 blockId: data.blockId,
                 executionId: executionId || uuidv4(),
@@ -967,6 +984,24 @@ export function useWorkflowExecution() {
 
               // Track failed block execution in run path
               setBlockRunStatus(data.blockId, 'error')
+
+              const startedAt = new Date(Date.now() - data.durationMs).toISOString()
+              const endedAt = new Date().toISOString()
+
+              // Accumulate block error log for the execution result
+              accumulatedBlockLogs.push({
+                blockId: data.blockId,
+                blockName: data.blockName || 'Unknown Block',
+                blockType: data.blockType || 'unknown',
+                input: data.input || {},
+                output: {},
+                success: false,
+                error: data.error,
+                durationMs: data.durationMs,
+                startedAt,
+                endedAt,
+              })
+
               // Add error to console
               addConsole({
                 input: data.input || {},
@@ -974,8 +1009,8 @@ export function useWorkflowExecution() {
                 success: false,
                 error: data.error,
                 durationMs: data.durationMs,
-                startedAt: new Date(Date.now() - data.durationMs).toISOString(),
-                endedAt: new Date().toISOString(),
+                startedAt,
+                endedAt,
                 workflowId: activeWorkflowId,
                 blockId: data.blockId,
                 executionId: executionId || uuidv4(),
@@ -1029,7 +1064,7 @@ export function useWorkflowExecution() {
                   startTime: data.startTime,
                   endTime: data.endTime,
                 },
-                logs: [],
+                logs: accumulatedBlockLogs,
               }
             },
 
@@ -1041,7 +1076,7 @@ export function useWorkflowExecution() {
                 metadata: {
                   duration: data.duration,
                 },
-                logs: [],
+                logs: accumulatedBlockLogs,
               }
 
               // Only add workflow-level error if no blocks have executed yet
diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/utils/workflow-execution-utils.ts b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/utils/workflow-execution-utils.ts
index e19068fac3..c072628253 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/utils/workflow-execution-utils.ts
+++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/utils/workflow-execution-utils.ts
@@ -31,7 +31,6 @@ export async function executeWorkflowWithFullLogging(
   const { setActiveBlocks, setBlockRunStatus, setEdgeRunStatus } = useExecutionStore.getState()
   const workflowEdges = useWorkflowStore.getState().edges
 
-  // Track active blocks for pulsing animation
   const activeBlocksSet = new Set<string>()
 
   const payload: any = {
@@ -59,7 +58,6 @@ export async function executeWorkflowWithFullLogging(
     throw new Error('No response body')
   }
 
-  // Parse SSE stream
   const reader = response.body.getReader()
   const decoder = new TextDecoder()
   let buffer = ''
@@ -89,11 +87,9 @@ export async function executeWorkflowWithFullLogging(
 
           switch (event.type) {
             case 'block:started': {
-              // Add block to active set for pulsing animation
               activeBlocksSet.add(event.data.blockId)
               setActiveBlocks(new Set(activeBlocksSet))
 
-              // Track edges that led to this block as soon as execution starts
               const incomingEdges = workflowEdges.filter(
                 (edge) => edge.target === event.data.blockId
               )
@@ -104,11 +100,9 @@ export async function executeWorkflowWithFullLogging(
             }
 
             case 'block:completed':
-              // Remove block from active set
               activeBlocksSet.delete(event.data.blockId)
               setActiveBlocks(new Set(activeBlocksSet))
 
-              // Track successful block execution in run path
               setBlockRunStatus(event.data.blockId, 'success')
 
               addConsole({
@@ -134,11 +128,9 @@ export async function executeWorkflowWithFullLogging(
               break
 
             case 'block:error':
-              // Remove block from active set
               activeBlocksSet.delete(event.data.blockId)
               setActiveBlocks(new Set(activeBlocksSet))
 
-              // Track failed block execution in run path
               setBlockRunStatus(event.data.blockId, 'error')
 
               addConsole({
@@ -183,7 +175,6 @@ export async function executeWorkflowWithFullLogging(
     }
   } finally {
     reader.releaseLock()
-    // Clear active blocks when execution ends
     setActiveBlocks(new Set())
   }
 
diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/workflow.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/workflow.tsx
index 7b4b56ff47..b906664058 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/workflow.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/workflow.tsx
@@ -1337,6 +1337,11 @@ const WorkflowContent = React.memo(() => {
         const baseName = type === 'loop' ? 'Loop' : 'Parallel'
         const name = getUniqueBlockName(baseName, blocks)
 
+        const autoConnectEdge = tryCreateAutoConnectEdge(basePosition, id, {
+          blockType: type,
+          targetParentId: null,
+        })
+
         addBlock(
           id,
           type,
@@ -1349,7 +1354,7 @@ const WorkflowContent = React.memo(() => {
           },
           undefined,
           undefined,
-          undefined
+          autoConnectEdge
         )
 
         return
@@ -1368,6 +1373,12 @@ const WorkflowContent = React.memo(() => {
       const baseName = defaultTriggerName || blockConfig.name
       const name = getUniqueBlockName(baseName, blocks)
 
+      const autoConnectEdge = tryCreateAutoConnectEdge(basePosition, id, {
+        blockType: type,
+        enableTriggerMode,
+        targetParentId: null,
+      })
+
       addBlock(
         id,
         type,
@@ -1376,7 +1387,7 @@ const WorkflowContent = React.memo(() => {
         undefined,
         undefined,
         undefined,
-        undefined,
+        autoConnectEdge,
         enableTriggerMode
       )
     }
@@ -1395,6 +1406,7 @@ const WorkflowContent = React.memo(() => {
     addBlock,
     effectivePermissions.canEdit,
     checkTriggerConstraints,
+    tryCreateAutoConnectEdge,
   ])
 
   /**
diff --git a/apps/sim/app/workspace/[workspaceId]/w/components/preview/components/block-details-sidebar.tsx b/apps/sim/app/workspace/[workspaceId]/w/components/preview/components/block-details-sidebar.tsx
new file mode 100644
index 0000000000..2db914d741
--- /dev/null
+++ b/apps/sim/app/workspace/[workspaceId]/w/components/preview/components/block-details-sidebar.tsx
@@ -0,0 +1,680 @@
+'use client'
+
+import { useEffect, useMemo, useState } from 'react'
+import { ChevronDown as ChevronDownIcon, X } from 'lucide-react'
+import { ReactFlowProvider } from 'reactflow'
+import { Badge, Button, ChevronDown, Code } from '@/components/emcn'
+import { cn } from '@/lib/core/utils/cn'
+import { extractReferencePrefixes } from '@/lib/workflows/sanitization/references'
+import { SubBlock } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components'
+import { getBlock } from '@/blocks'
+import type { BlockConfig, BlockIcon, SubBlockConfig } from '@/blocks/types'
+import { normalizeName } from '@/executor/constants'
+import { navigatePath } from '@/executor/variables/resolvers/reference'
+import type { BlockState } from '@/stores/workflows/workflow/types'
+
+/**
+ * Evaluate whether a subblock's condition is met based on current values.
+ */
+function evaluateCondition(
+  condition: SubBlockConfig['condition'],
+  subBlockValues: Record<string, { value: unknown } | unknown>
+): boolean {
+  if (!condition) return true
+
+  const actualCondition = typeof condition === 'function' ? condition() : condition
+
+  const fieldValueObj = subBlockValues[actualCondition.field]
+  const fieldValue =
+    fieldValueObj && typeof fieldValueObj === 'object' && 'value' in fieldValueObj
+      ? (fieldValueObj as { value: unknown }).value
+      : fieldValueObj
+
+  const conditionValues = Array.isArray(actualCondition.value)
+    ? actualCondition.value
+    : [actualCondition.value]
+
+  let isMatch = conditionValues.some((v) => v === fieldValue)
+
+  if (actualCondition.not) {
+    isMatch = !isMatch
+  }
+
+  if (actualCondition.and && isMatch) {
+    const andFieldValueObj = subBlockValues[actualCondition.and.field]
+    const andFieldValue =
+      andFieldValueObj && typeof andFieldValueObj === 'object' && 'value' in andFieldValueObj
+        ? (andFieldValueObj as { value: unknown }).value
+        : andFieldValueObj
+
+    const andConditionValues = Array.isArray(actualCondition.and.value)
+      ? actualCondition.and.value
+      : [actualCondition.and.value]
+
+    let andMatch = andConditionValues.some((v) => v === andFieldValue)
+
+    if (actualCondition.and.not) {
+      andMatch = !andMatch
+    }
+
+    isMatch = isMatch && andMatch
+  }
+
+  return isMatch
+}
+
+/**
+ * Format a value for display as JSON string
+ */
+function formatValueAsJson(value: unknown): string {
+  if (value === null || value === undefined || value === '') {
+    return '—'
+  }
+  if (typeof value === 'object') {
+    try {
+      return JSON.stringify(value, null, 2)
+    } catch {
+      return String(value)
+    }
+  }
+  return String(value)
+}
+
+interface ResolvedConnection {
+  blockId: string
+  blockName: string
+  blockType: string
+  fields: Array<{ path: string; value: string; tag: string }>
+}
+
+/**
+ * Extract all variable references from nested subblock values
+ */
+function extractAllReferencesFromSubBlocks(subBlockValues: Record<string, unknown>): string[] {
+  const refs = new Set<string>()
+
+  const processValue = (value: unknown) => {
+    if (typeof value === 'string') {
+      const extracted = extractReferencePrefixes(value)
+      extracted.forEach((ref) => refs.add(ref.raw))
+    } else if (Array.isArray(value)) {
+      value.forEach(processValue)
+    } else if (value && typeof value === 'object') {
+      if ('value' in value) {
+        processValue((value as { value: unknown }).value)
+      } else {
+        Object.values(value).forEach(processValue)
+      }
+    }
+  }
+
+  Object.values(subBlockValues).forEach(processValue)
+  return Array.from(refs)
+}
+
+/**
+ * Format a value for inline display (single line, truncated)
+ */
+function formatInlineValue(value: unknown): string {
+  if (value === null || value === undefined) return 'null'
+  if (typeof value === 'string') return value
+  if (typeof value === 'number' || typeof value === 'boolean') return String(value)
+  if (typeof value === 'object') {
+    try {
+      return JSON.stringify(value)
+    } catch {
+      return String(value)
+    }
+  }
+  return String(value)
+}
+
+interface ExecutionDataSectionProps {
+  title: string
+  data: unknown
+  isError?: boolean
+}
+
+/**
+ * Collapsible section for execution data (input/output)
+ * Uses Code.Viewer for proper syntax highlighting matching the logs UI
+ */
+function ExecutionDataSection({ title, data, isError = false }: ExecutionDataSectionProps) {
+  const [isExpanded, setIsExpanded] = useState(false)
+
+  const jsonString = useMemo(() => {
+    if (!data) return ''
+    return formatValueAsJson(data)
+  }, [data])
+
+  const isEmpty = jsonString === '—' || jsonString === ''
+
+  return (
+    <div className='flex min-w-0 flex-col gap-[8px] overflow-hidden'>
+      <div
+        className='group flex cursor-pointer items-center justify-between'
+        onClick={() => setIsExpanded(!isExpanded)}
+        onKeyDown={(e) => {
+          if (e.key === 'Enter' || e.key === ' ') {
+            e.preventDefault()
+            setIsExpanded(!isExpanded)
+          }
+        }}
+        role='button'
+        tabIndex={0}
+        aria-expanded={isExpanded}
+        aria-label={`${isExpanded ? 'Collapse' : 'Expand'} ${title.toLowerCase()}`}
+      >
+        <span
+          className={cn(
+            'font-medium text-[12px] transition-colors',
+            isError
+              ? 'text-[var(--text-error)]'
+              : 'text-[var(--text-tertiary)] group-hover:text-[var(--text-primary)]'
+          )}
+        >
+          {title}
+        </span>
+        <ChevronDown
+          className={cn(
+            'h-[10px] w-[10px] text-[var(--text-tertiary)] transition-colors transition-transform group-hover:text-[var(--text-primary)]'
+          )}
+          style={{
+            transform: isExpanded ? 'rotate(180deg)' : 'rotate(0deg)',
+          }}
+        />
+      </div>
+
+      {isExpanded && (
+        <>
+          {isEmpty ? (
+            <div className='rounded-[6px] bg-[var(--surface-3)] px-[10px] py-[8px]'>
+              <span className='text-[12px] text-[var(--text-tertiary)]'>No data</span>
+            </div>
+          ) : (
+            <Code.Viewer
+              code={jsonString}
+              language='json'
+              className='!bg-[var(--surface-3)] min-h-0 max-w-full rounded-[6px] border-0 [word-break:break-all]'
+              wrapText
+            />
+          )}
+        </>
+      )}
+    </div>
+  )
+}
+
+/**
+ * Section showing resolved variable references - styled like the connections section in editor
+ */
+function ResolvedConnectionsSection({ connections }: { connections: ResolvedConnection[] }) {
+  const [isCollapsed, setIsCollapsed] = useState(false)
+  const [expandedBlocks, setExpandedBlocks] = useState<Set<string>>(new Set())
+
+  useEffect(() => {
+    setExpandedBlocks(new Set(connections.map((c) => c.blockId)))
+  }, [connections])
+
+  if (connections.length === 0) return null
+
+  const toggleBlock = (blockId: string) => {
+    setExpandedBlocks((prev) => {
+      const next = new Set(prev)
+      if (next.has(blockId)) {
+        next.delete(blockId)
+      } else {
+        next.add(blockId)
+      }
+      return next
+    })
+  }
+
+  return (
+    <div className='flex flex-shrink-0 flex-col border-[var(--border)] border-t'>
+      {/* Header with Chevron */}
+      <div
+        className='flex flex-shrink-0 cursor-pointer items-center gap-[8px] px-[10px] pt-[5px] pb-[5px]'
+        onClick={() => setIsCollapsed(!isCollapsed)}
+        onKeyDown={(e) => {
+          if (e.key === 'Enter' || e.key === ' ') {
+            e.preventDefault()
+            setIsCollapsed(!isCollapsed)
+          }
+        }}
+        role='button'
+        tabIndex={0}
+        aria-label={isCollapsed ? 'Expand connections' : 'Collapse connections'}
+      >
+        <ChevronDownIcon
+          className={cn('h-[14px] w-[14px] transition-transform', !isCollapsed && 'rotate-180')}
+        />
+        <div className='font-medium text-[13px] text-[var(--text-primary)]'>Connections</div>
+      </div>
+
+      {/* Content - styled like ConnectionBlocks */}
+      {!isCollapsed && (
+        <div className='space-y-[2px] px-[6px] pb-[8px]'>
+          {connections.map((connection) => {
+            const blockConfig = getBlock(connection.blockType)
+            const Icon = blockConfig?.icon
+            const bgColor = blockConfig?.bgColor || '#6B7280'
+            const isExpanded = expandedBlocks.has(connection.blockId)
+            const hasFields = connection.fields.length > 0
+
+            return (
+              <div key={connection.blockId} className='mb-[2px] last:mb-0'>
+                {/* Block header - styled like ConnectionItem */}
+                <div
+                  className={cn(
+                    'group flex h-[26px] items-center gap-[8px] rounded-[8px] px-[6px] text-[14px] hover:bg-[var(--surface-6)] dark:hover:bg-[var(--surface-5)]',
+                    hasFields && 'cursor-pointer'
+                  )}
+                  onClick={() => hasFields && toggleBlock(connection.blockId)}
+                >
+                  <div
+                    className='relative flex h-[14px] w-[14px] flex-shrink-0 items-center justify-center overflow-hidden rounded-[4px]'
+                    style={{ background: bgColor }}
+                  >
+                    {Icon && (
+                      <Icon
+                        className={cn(
+                          'text-white transition-transform duration-200',
+                          hasFields && 'group-hover:scale-110',
+                          '!h-[9px] !w-[9px]'
+                        )}
+                      />
+                    )}
+                  </div>
+                  <span
+                    className={cn(
+                      'truncate font-medium',
+                      'text-[var(--text-secondary)] group-hover:text-[var(--text-primary)]'
+                    )}
+                  >
+                    {connection.blockName}
+                  </span>
+                  {hasFields && (
+                    <ChevronDownIcon
+                      className={cn(
+                        'h-3.5 w-3.5 flex-shrink-0 transition-transform duration-100',
+                        'text-[var(--text-secondary)] group-hover:text-[var(--text-primary)]',
+                        isExpanded && 'rotate-180'
+                      )}
+                    />
+                  )}
+                </div>
+
+                {/* Fields - styled like FieldItem but showing resolved values */}
+                {isExpanded && hasFields && (
+                  <div className='relative mt-[2px] ml-[12px] space-y-[2px] pl-[10px]'>
+                    <div className='pointer-events-none absolute top-[4px] bottom-[4px] left-0 w-px bg-[var(--border)]' />
+                    {connection.fields.map((field) => (
+                      <div
+                        key={field.tag}
+                        className='group flex h-[26px] items-center gap-[8px] rounded-[8px] px-[6px] text-[14px] hover:bg-[var(--surface-6)] dark:hover:bg-[var(--surface-5)]'
+                      >
+                        <span
+                          className={cn(
+                            'flex-shrink-0 font-medium',
+                            'text-[var(--text-secondary)] group-hover:text-[var(--text-primary)]'
+                          )}
+                        >
+                          {field.path}
+                        </span>
+                        <span className='min-w-0 flex-1 truncate text-[var(--text-tertiary)]'>
+                          {field.value}
+                        </span>
+                      </div>
+                    ))}
+                  </div>
+                )}
+              </div>
+            )
+          })}
+        </div>
+      )}
+    </div>
+  )
+}
+
+/**
+ * Icon component for rendering block icons
+ */
+function IconComponent({
+  icon: Icon,
+  className,
+}: {
+  icon: BlockIcon | undefined
+  className?: string
+}) {
+  if (!Icon) return null
+  return <Icon className={className} />
+}
+
+interface ExecutionData {
+  input?: unknown
+  output?: unknown
+  status?: string
+  durationMs?: number
+}
+
+interface BlockDetailsSidebarProps {
+  block: BlockState
+  executionData?: ExecutionData
+  /** All block execution data for resolving variable references */
+  allBlockExecutions?: Record<string, ExecutionData>
+  /** All workflow blocks for mapping block names to IDs */
+  workflowBlocks?: Record<string, BlockState>
+  /** When true, shows "Not Executed" badge if no executionData is provided */
+  isExecutionMode?: boolean
+  /** Optional close handler - if not provided, no close button is shown */
+  onClose?: () => void
+}
+
+/**
+ * Format duration for display
+ */
+function formatDuration(ms: number): string {
+  if (ms < 1000) return `${ms}ms`
+  return `${(ms / 1000).toFixed(2)}s`
+}
+
+/**
+ * Readonly sidebar panel showing block configuration using SubBlock components.
+ */
+function BlockDetailsSidebarContent({
+  block,
+  executionData,
+  allBlockExecutions,
+  workflowBlocks,
+  isExecutionMode = false,
+  onClose,
+}: BlockDetailsSidebarProps) {
+  const blockConfig = getBlock(block.type) as BlockConfig | undefined
+  const subBlockValues = block.subBlocks || {}
+
+  const blockNameToId = useMemo(() => {
+    const map = new Map<string, string>()
+    if (workflowBlocks) {
+      for (const [blockId, blockData] of Object.entries(workflowBlocks)) {
+        if (blockData.name) {
+          map.set(normalizeName(blockData.name), blockId)
+        }
+      }
+    }
+    return map
+  }, [workflowBlocks])
+
+  const resolveReference = useMemo(() => {
+    return (reference: string): unknown => {
+      if (!allBlockExecutions || !workflowBlocks) return undefined
+      if (!reference.startsWith('<') || !reference.endsWith('>')) return undefined
+
+      const inner = reference.slice(1, -1) // Remove < and >
+      const parts = inner.split('.')
+      if (parts.length < 1) return undefined
+
+      const [blockName, ...pathParts] = parts
+      const normalizedBlockName = normalizeName(blockName)
+
+      const blockId = blockNameToId.get(normalizedBlockName)
+      if (!blockId) return undefined
+
+      const blockExecution = allBlockExecutions[blockId]
+      if (!blockExecution?.output) return undefined
+
+      if (pathParts.length === 0) {
+        return blockExecution.output
+      }
+
+      return navigatePath(blockExecution.output, pathParts)
+    }
+  }, [allBlockExecutions, workflowBlocks, blockNameToId])
+
+  // Group resolved variables by source block for display
+  const resolvedConnections = useMemo((): ResolvedConnection[] => {
+    if (!allBlockExecutions || !workflowBlocks) return []
+
+    const allRefs = extractAllReferencesFromSubBlocks(subBlockValues)
+    const seen = new Set<string>()
+    const blockMap = new Map<string, ResolvedConnection>()
+
+    for (const ref of allRefs) {
+      if (seen.has(ref)) continue
+
+      // Parse reference: <blockName.path.to.value>
+      const inner = ref.slice(1, -1)
+      const parts = inner.split('.')
+      if (parts.length < 1) continue
+
+      const [blockName, ...pathParts] = parts
+      const normalizedBlockName = normalizeName(blockName)
+      const blockId = blockNameToId.get(normalizedBlockName)
+      if (!blockId) continue
+
+      const sourceBlock = workflowBlocks[blockId]
+      if (!sourceBlock) continue
+
+      const resolvedValue = resolveReference(ref)
+      if (resolvedValue === undefined) continue
+
+      seen.add(ref)
+
+      // Get or create block entry
+      if (!blockMap.has(blockId)) {
+        blockMap.set(blockId, {
+          blockId,
+          blockName: sourceBlock.name || blockName,
+          blockType: sourceBlock.type,
+          fields: [],
+        })
+      }
+
+      const connection = blockMap.get(blockId)!
+      connection.fields.push({
+        path: pathParts.join('.') || 'output',
+        value: formatInlineValue(resolvedValue),
+        tag: ref,
+      })
+    }
+
+    return Array.from(blockMap.values())
+  }, [subBlockValues, allBlockExecutions, workflowBlocks, blockNameToId, resolveReference])
+
+  if (!blockConfig) {
+    return (
+      <div className='flex h-full w-80 flex-col overflow-hidden rounded-r-[8px] border-[var(--border)] border-l bg-[var(--surface-1)]'>
+        <div className='flex items-center gap-[8px] bg-[var(--surface-4)] px-[12px] py-[8px]'>
+          <div className='flex h-[18px] w-[18px] items-center justify-center rounded-[4px] bg-[var(--surface-3)]' />
+          <span className='font-medium text-[14px] text-[var(--text-primary)]'>
+            {block.name || 'Unknown Block'}
+          </span>
+        </div>
+        <div className='p-[12px]'>
+          <p className='text-[13px] text-[var(--text-secondary)]'>Block configuration not found.</p>
+        </div>
+      </div>
+    )
+  }
+
+  const visibleSubBlocks = blockConfig.subBlocks.filter((subBlock) => {
+    if (subBlock.hidden || subBlock.hideFromPreview) return false
+    if (subBlock.mode === 'trigger') return false
+    if (subBlock.condition) {
+      return evaluateCondition(subBlock.condition, subBlockValues)
+    }
+    return true
+  })
+
+  const statusVariant =
+    executionData?.status === 'error'
+      ? 'red'
+      : executionData?.status === 'success'
+        ? 'green'
+        : 'gray'
+
+  return (
+    <div className='flex h-full w-80 flex-col overflow-hidden rounded-r-[8px] border-[var(--border)] border-l bg-[var(--surface-1)]'>
+      {/* Header - styled like editor */}
+      <div className='flex flex-shrink-0 items-center gap-[8px] bg-[var(--surface-4)] px-[12px] py-[8px]'>
+        <div
+          className='flex h-[18px] w-[18px] flex-shrink-0 items-center justify-center rounded-[4px]'
+          style={{ backgroundColor: blockConfig.bgColor }}
+        >
+          <IconComponent
+            icon={blockConfig.icon}
+            className='h-[12px] w-[12px] text-[var(--white)]'
+          />
+        </div>
+        <span className='min-w-0 flex-1 truncate font-medium text-[14px] text-[var(--text-primary)]'>
+          {block.name || blockConfig.name}
+        </span>
+        {block.enabled === false && (
+          <Badge variant='red' size='sm'>
+            Disabled
+          </Badge>
+        )}
+        {onClose && (
+          <Button variant='ghost' className='!p-[4px] flex-shrink-0' onClick={onClose}>
+            <X className='h-[14px] w-[14px]' />
+          </Button>
+        )}
+      </div>
+
+      {/* Scrollable content */}
+      <div className='flex-1 overflow-y-auto'>
+        {/* Not Executed Banner - shown when in execution mode but block wasn't executed */}
+        {isExecutionMode && !executionData && (
+          <div className='flex min-w-0 flex-col gap-[8px] overflow-hidden border-[var(--border)] border-b px-[12px] py-[10px]'>
+            <div className='flex items-center justify-between'>
+              <Badge variant='gray-secondary' size='sm' dot>
+                Not Executed
+              </Badge>
+            </div>
+          </div>
+        )}
+
+        {/* Execution Input/Output (if provided) */}
+        {executionData &&
+        (executionData.input !== undefined || executionData.output !== undefined) ? (
+          <div className='flex min-w-0 flex-col gap-[8px] overflow-hidden border-[var(--border)] border-b px-[12px] py-[10px]'>
+            {/* Execution Status & Duration Header */}
+            {(executionData.status || executionData.durationMs !== undefined) && (
+              <div className='flex items-center justify-between'>
+                {executionData.status && (
+                  <Badge variant={statusVariant} size='sm' dot>
+                    <span className='capitalize'>{executionData.status}</span>
+                  </Badge>
+                )}
+                {executionData.durationMs !== undefined && (
+                  <span className='font-medium text-[12px] text-[var(--text-tertiary)]'>
+                    {formatDuration(executionData.durationMs)}
+                  </span>
+                )}
+              </div>
+            )}
+
+            {/* Divider between Status/Duration and Input/Output */}
+            {(executionData.status || executionData.durationMs !== undefined) &&
+              (executionData.input !== undefined || executionData.output !== undefined) && (
+                <div className='border-[var(--border)] border-t border-dashed' />
+              )}
+
+            {/* Input Section */}
+            {executionData.input !== undefined && (
+              <ExecutionDataSection title='Input' data={executionData.input} />
+            )}
+
+            {/* Divider between Input and Output */}
+            {executionData.input !== undefined && executionData.output !== undefined && (
+              <div className='border-[var(--border)] border-t border-dashed' />
+            )}
+
+            {/* Output Section */}
+            {executionData.output !== undefined && (
+              <ExecutionDataSection
+                title={executionData.status === 'error' ? 'Error' : 'Output'}
+                data={executionData.output}
+                isError={executionData.status === 'error'}
+              />
+            )}
+          </div>
+        ) : null}
+
+        {/* Subblock Values - Using SubBlock components in preview mode */}
+        <div className='readonly-preview px-[8px] py-[8px]'>
+          {/* CSS override to show full opacity and prevent interaction instead of dimmed disabled state */}
+          <style>{`
+            .readonly-preview,
+            .readonly-preview * {
+              cursor: default !important;
+            }
+            .readonly-preview [disabled],
+            .readonly-preview [data-disabled],
+            .readonly-preview input,
+            .readonly-preview textarea,
+            .readonly-preview [role="combobox"],
+            .readonly-preview [role="slider"],
+            .readonly-preview [role="switch"],
+            .readonly-preview [role="checkbox"] {
+              opacity: 1 !important;
+              pointer-events: none;
+            }
+            .readonly-preview .opacity-50 {
+              opacity: 1 !important;
+            }
+          `}</style>
+          {visibleSubBlocks.length > 0 ? (
+            <div className='flex flex-col'>
+              {visibleSubBlocks.map((subBlockConfig, index) => (
+                <div key={subBlockConfig.id} className='subblock-row'>
+                  <SubBlock
+                    blockId={block.id}
+                    config={subBlockConfig}
+                    isPreview={true}
+                    subBlockValues={subBlockValues}
+                    disabled={true}
+                  />
+                  {index < visibleSubBlocks.length - 1 && (
+                    <div className='subblock-divider px-[2px] pt-[16px] pb-[13px]'>
+                      <div
+                        className='h-[1.25px]'
+                        style={{
+                          backgroundImage:
+                            'repeating-linear-gradient(to right, var(--border) 0px, var(--border) 6px, transparent 6px, transparent 12px)',
+                        }}
+                      />
+                    </div>
+                  )}
+                </div>
+              ))}
+            </div>
+          ) : (
+            <div className='py-[16px] text-center'>
+              <p className='text-[13px] text-[var(--text-secondary)]'>
+                No configurable fields for this block.
+              </p>
+            </div>
+          )}
+        </div>
+      </div>
+
+      {/* Resolved Variables Section - Pinned at bottom, outside scrollable area */}
+      {resolvedConnections.length > 0 && (
+        <ResolvedConnectionsSection connections={resolvedConnections} />
+      )}
+    </div>
+  )
+}
+
+/**
+ * Block details sidebar wrapped in ReactFlowProvider for hook compatibility.
+ */
+export function BlockDetailsSidebar(props: BlockDetailsSidebarProps) {
+  return (
+    <ReactFlowProvider>
+      <BlockDetailsSidebarContent {...props} />
+    </ReactFlowProvider>
+  )
+}
diff --git a/apps/sim/app/workspace/[workspaceId]/w/components/workflow-preview/workflow-preview-block.tsx b/apps/sim/app/workspace/[workspaceId]/w/components/preview/components/block.tsx
similarity index 95%
rename from apps/sim/app/workspace/[workspaceId]/w/components/workflow-preview/workflow-preview-block.tsx
rename to apps/sim/app/workspace/[workspaceId]/w/components/preview/components/block.tsx
index d8986c7c47..423ad95032 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/components/workflow-preview/workflow-preview-block.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/components/preview/components/block.tsx
@@ -3,7 +3,7 @@
 import { memo, useMemo } from 'react'
 import { Handle, type NodeProps, Position } from 'reactflow'
 import { HANDLE_POSITIONS } from '@/lib/workflows/blocks/block-dimensions'
-import { getBlock } from '@/blocks/registry'
+import { getBlock } from '@/blocks'
 
 interface WorkflowPreviewBlockData {
   type: string
@@ -29,10 +29,8 @@ function WorkflowPreviewBlockInner({ data }: NodeProps<WorkflowPreviewBlockData>
   }
 
   const IconComponent = blockConfig.icon
-  // Hide input handle for triggers, starters, or blocks in trigger mode
   const isStarterOrTrigger = blockConfig.category === 'triggers' || type === 'starter' || isTrigger
 
-  // Get visible subblocks from config (no fetching, just config structure)
   const visibleSubBlocks = useMemo(() => {
     if (!blockConfig.subBlocks) return []
 
@@ -48,7 +46,6 @@ function WorkflowPreviewBlockInner({ data }: NodeProps<WorkflowPreviewBlockData>
   const hasSubBlocks = visibleSubBlocks.length > 0
   const showErrorRow = !isStarterOrTrigger
 
-  // Handle styles based on orientation
   const horizontalHandleClass = '!border-none !bg-[var(--surface-7)] !h-5 !w-[7px] !rounded-[2px]'
   const verticalHandleClass = '!border-none !bg-[var(--surface-7)] !h-[7px] !w-5 !rounded-[2px]'
 
diff --git a/apps/sim/app/workspace/[workspaceId]/w/components/workflow-preview/workflow-preview-subflow.tsx b/apps/sim/app/workspace/[workspaceId]/w/components/preview/components/subflow.tsx
similarity index 96%
rename from apps/sim/app/workspace/[workspaceId]/w/components/workflow-preview/workflow-preview-subflow.tsx
rename to apps/sim/app/workspace/[workspaceId]/w/components/preview/components/subflow.tsx
index a292d661ea..67befddbda 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/components/workflow-preview/workflow-preview-subflow.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/components/preview/components/subflow.tsx
@@ -26,11 +26,9 @@ function WorkflowPreviewSubflowInner({ data }: NodeProps<WorkflowPreviewSubflowD
   const blockIconBg = isLoop ? '#2FB3FF' : '#FEE12B'
   const blockName = name || (isLoop ? 'Loop' : 'Parallel')
 
-  // Handle IDs matching the actual subflow component
   const startHandleId = isLoop ? 'loop-start-source' : 'parallel-start-source'
   const endHandleId = isLoop ? 'loop-end-source' : 'parallel-end-source'
 
-  // Handle styles matching the workflow-block component
   const leftHandleClass =
     '!z-[10] !border-none !bg-[var(--workflow-edge)] !h-5 !w-[7px] !rounded-l-[2px] !rounded-r-none'
   const rightHandleClass =
diff --git a/apps/sim/app/workspace/[workspaceId]/w/components/preview/index.ts b/apps/sim/app/workspace/[workspaceId]/w/components/preview/index.ts
new file mode 100644
index 0000000000..4c959e26d3
--- /dev/null
+++ b/apps/sim/app/workspace/[workspaceId]/w/components/preview/index.ts
@@ -0,0 +1,2 @@
+export { BlockDetailsSidebar } from './components/block-details-sidebar'
+export { WorkflowPreview } from './preview'
diff --git a/apps/sim/app/workspace/[workspaceId]/w/components/workflow-preview/workflow-preview.tsx b/apps/sim/app/workspace/[workspaceId]/w/components/preview/preview.tsx
similarity index 79%
rename from apps/sim/app/workspace/[workspaceId]/w/components/workflow-preview/workflow-preview.tsx
rename to apps/sim/app/workspace/[workspaceId]/w/components/preview/preview.tsx
index 4521cdc254..b617d3da59 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/components/workflow-preview/workflow-preview.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/components/preview/preview.tsx
@@ -18,13 +18,16 @@ import { NoteBlock } from '@/app/workspace/[workspaceId]/w/[workflowId]/componen
 import { SubflowNodeComponent } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/subflows/subflow-node'
 import { WorkflowBlock } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/workflow-block'
 import { WorkflowEdge } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-edge/workflow-edge'
-import { WorkflowPreviewBlock } from '@/app/workspace/[workspaceId]/w/components/workflow-preview/workflow-preview-block'
-import { WorkflowPreviewSubflow } from '@/app/workspace/[workspaceId]/w/components/workflow-preview/workflow-preview-subflow'
+import { WorkflowPreviewBlock } from '@/app/workspace/[workspaceId]/w/components/preview/components/block'
+import { WorkflowPreviewSubflow } from '@/app/workspace/[workspaceId]/w/components/preview/components/subflow'
 import { getBlock } from '@/blocks'
 import type { WorkflowState } from '@/stores/workflows/workflow/types'
 
 const logger = createLogger('WorkflowPreview')
 
+/** Execution status for edges/nodes in the preview */
+type ExecutionStatus = 'success' | 'error' | 'not-executed'
+
 interface WorkflowPreviewProps {
   workflowState: WorkflowState
   showSubBlocks?: boolean
@@ -40,6 +43,8 @@ interface WorkflowPreviewProps {
   lightweight?: boolean
   /** Cursor style to show when hovering the canvas */
   cursorStyle?: 'default' | 'pointer' | 'grab'
+  /** Map of executed block IDs to their status for highlighting the execution path */
+  executedBlocks?: Record<string, { status: string }>
 }
 
 /**
@@ -105,10 +110,9 @@ export function WorkflowPreview({
   onNodeClick,
   lightweight = false,
   cursorStyle = 'grab',
+  executedBlocks,
 }: WorkflowPreviewProps) {
-  // Use lightweight node types for better performance in template cards
   const nodeTypes = lightweight ? lightweightNodeTypes : fullNodeTypes
-  // Check if the workflow state is valid
   const isValidWorkflowState = workflowState?.blocks && workflowState.edges
 
   const blocksStructure = useMemo(() => {
@@ -178,9 +182,7 @@ export function WorkflowPreview({
 
       const absolutePosition = calculateAbsolutePosition(block, workflowState.blocks)
 
-      // Lightweight mode: create minimal node data for performance
       if (lightweight) {
-        // Handle loops and parallels as subflow nodes
         if (block.type === 'loop' || block.type === 'parallel') {
           nodeArray.push({
             id: blockId,
@@ -197,7 +199,6 @@ export function WorkflowPreview({
           return
         }
 
-        // Regular blocks
         nodeArray.push({
           id: blockId,
           type: 'workflowBlock',
@@ -214,10 +215,9 @@ export function WorkflowPreview({
         return
       }
 
-      // Full mode: create detailed node data for interactive previews
       if (block.type === 'loop') {
         nodeArray.push({
-          id: block.id,
+          id: blockId,
           type: 'subflowNode',
           position: absolutePosition,
           parentId: block.data?.parentId,
@@ -238,7 +238,7 @@ export function WorkflowPreview({
 
       if (block.type === 'parallel') {
         nodeArray.push({
-          id: block.id,
+          id: blockId,
           type: 'subflowNode',
           position: absolutePosition,
           parentId: block.data?.parentId,
@@ -265,11 +265,31 @@ export function WorkflowPreview({
 
       const nodeType = block.type === 'note' ? 'noteBlock' : 'workflowBlock'
 
+      let executionStatus: ExecutionStatus | undefined
+      if (executedBlocks) {
+        const blockExecution = executedBlocks[blockId]
+        if (blockExecution) {
+          if (blockExecution.status === 'error') {
+            executionStatus = 'error'
+          } else if (blockExecution.status === 'success') {
+            executionStatus = 'success'
+          } else {
+            executionStatus = 'not-executed'
+          }
+        } else {
+          executionStatus = 'not-executed'
+        }
+      }
+
       nodeArray.push({
         id: blockId,
         type: nodeType,
         position: absolutePosition,
         draggable: false,
+        className:
+          executionStatus && executionStatus !== 'not-executed'
+            ? `execution-${executionStatus}`
+            : undefined,
         data: {
           type: block.type,
           config: blockConfig,
@@ -278,43 +298,9 @@ export function WorkflowPreview({
           canEdit: false,
           isPreview: true,
           subBlockValues: block.subBlocks ?? {},
+          executionStatus,
         },
       })
-
-      if (block.type === 'loop') {
-        const childBlocks = Object.entries(workflowState.blocks || {}).filter(
-          ([_, childBlock]) => childBlock.data?.parentId === blockId
-        )
-
-        childBlocks.forEach(([childId, childBlock]) => {
-          const childConfig = getBlock(childBlock.type)
-
-          if (childConfig) {
-            const childNodeType = childBlock.type === 'note' ? 'noteBlock' : 'workflowBlock'
-
-            nodeArray.push({
-              id: childId,
-              type: childNodeType,
-              position: {
-                x: block.position.x + 50,
-                y: block.position.y + (childBlock.position?.y || 100),
-              },
-              data: {
-                type: childBlock.type,
-                config: childConfig,
-                name: childBlock.name,
-                blockState: childBlock,
-                showSubBlocks,
-                isChild: true,
-                parentId: blockId,
-                canEdit: false,
-                isPreview: true,
-              },
-              draggable: false,
-            })
-          }
-        })
-      }
     })
 
     return nodeArray
@@ -326,21 +312,42 @@ export function WorkflowPreview({
     workflowState.blocks,
     isValidWorkflowState,
     lightweight,
+    executedBlocks,
   ])
 
   const edges: Edge[] = useMemo(() => {
     if (!isValidWorkflowState) return []
 
-    return (workflowState.edges || []).map((edge) => ({
-      id: edge.id,
-      source: edge.source,
-      target: edge.target,
-      sourceHandle: edge.sourceHandle,
-      targetHandle: edge.targetHandle,
-    }))
-  }, [edgesStructure, workflowState.edges, isValidWorkflowState])
+    return (workflowState.edges || []).map((edge) => {
+      let executionStatus: ExecutionStatus | undefined
+      if (executedBlocks) {
+        const sourceExecuted = executedBlocks[edge.source]
+        const targetExecuted = executedBlocks[edge.target]
+
+        if (sourceExecuted && targetExecuted) {
+          if (targetExecuted.status === 'error') {
+            executionStatus = 'error'
+          } else if (sourceExecuted.status === 'success' && targetExecuted.status === 'success') {
+            executionStatus = 'success'
+          } else {
+            executionStatus = 'not-executed'
+          }
+        } else {
+          executionStatus = 'not-executed'
+        }
+      }
+
+      return {
+        id: edge.id,
+        source: edge.source,
+        target: edge.target,
+        sourceHandle: edge.sourceHandle,
+        targetHandle: edge.targetHandle,
+        data: executionStatus ? { executionStatus } : undefined,
+      }
+    })
+  }, [edgesStructure, workflowState.edges, isValidWorkflowState, executedBlocks])
 
-  // Handle migrated logs that don't have complete workflow state
   if (!isValidWorkflowState) {
     return (
       <div
@@ -363,13 +370,19 @@ export function WorkflowPreview({
         style={{ height, width, backgroundColor: 'var(--bg)' }}
         className={cn('preview-mode', className)}
       >
-        {cursorStyle && (
-          <style>{`
-            .preview-mode .react-flow__pane {
-              cursor: ${cursorStyle} !important;
-            }
-          `}</style>
-        )}
+        <style>{`
+          ${cursorStyle ? `.preview-mode .react-flow__pane { cursor: ${cursorStyle} !important; }` : ''}
+
+          /* Execution status styling for nodes */
+          .preview-mode .react-flow__node.execution-success {
+            border-radius: 8px;
+            box-shadow: 0 0 0 4px var(--border-success);
+          }
+          .preview-mode .react-flow__node.execution-error {
+            border-radius: 8px;
+            box-shadow: 0 0 0 4px var(--text-error);
+          }
+        `}</style>
         <ReactFlow
           nodes={nodes}
           edges={edges}
diff --git a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/byok/byok.tsx b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/byok/byok.tsx
index 956c41365d..357af5a67b 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/byok/byok.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/byok/byok.tsx
@@ -2,7 +2,7 @@
 
 import { useState } from 'react'
 import { createLogger } from '@sim/logger'
-import { Eye, EyeOff } from 'lucide-react'
+import { Crown, Eye, EyeOff } from 'lucide-react'
 import { useParams } from 'next/navigation'
 import {
   Button,
@@ -81,7 +81,9 @@ export function BYOK() {
   const params = useParams()
   const workspaceId = (params?.workspaceId as string) || ''
 
-  const { data: keys = [], isLoading } = useBYOKKeys(workspaceId)
+  const { data, isLoading } = useBYOKKeys(workspaceId)
+  const keys = data?.keys ?? []
+  const byokEnabled = data?.byokEnabled ?? true
   const upsertKey = useUpsertBYOKKey()
   const deleteKey = useDeleteBYOKKey()
 
@@ -96,6 +98,31 @@ export function BYOK() {
     return keys.find((k) => k.providerId === providerId)
   }
 
+  // Show enterprise-only gate if BYOK is not enabled
+  if (!isLoading && !byokEnabled) {
+    return (
+      <div className='flex h-full flex-col items-center justify-center gap-[16px] py-[32px]'>
+        <div className='flex h-[48px] w-[48px] items-center justify-center rounded-full bg-[var(--surface-6)]'>
+          <Crown className='h-[24px] w-[24px] text-[var(--amber-9)]' />
+        </div>
+        <div className='flex flex-col items-center gap-[8px] text-center'>
+          <h3 className='font-medium text-[15px] text-[var(--text-primary)]'>Enterprise Feature</h3>
+          <p className='max-w-[320px] text-[13px] text-[var(--text-secondary)]'>
+            Bring Your Own Key (BYOK) is available exclusively on the Enterprise plan. Upgrade to
+            use your own API keys and eliminate the 2x cost multiplier.
+          </p>
+        </div>
+        <Button
+          variant='primary'
+          className='!bg-[var(--brand-tertiary-2)] !text-[var(--text-inverse)] hover:!bg-[var(--brand-tertiary-2)]/90'
+          onClick={() => window.open('https://sim.ai/enterprise', '_blank')}
+        >
+          Contact Sales
+        </Button>
+      </div>
+    )
+  }
+
   const handleSave = async () => {
     if (!editingProvider || !apiKeyInput.trim()) return
 
diff --git a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/credential-sets/credential-sets.tsx b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/credential-sets/credential-sets.tsx
new file mode 100644
index 0000000000..79f3cf895a
--- /dev/null
+++ b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/credential-sets/credential-sets.tsx
@@ -0,0 +1,1170 @@
+'use client'
+
+import { type KeyboardEvent, useCallback, useMemo, useRef, useState } from 'react'
+import { createLogger } from '@sim/logger'
+import { Paperclip, Plus, Search, X } from 'lucide-react'
+import {
+  Avatar,
+  AvatarFallback,
+  AvatarImage,
+  Badge,
+  Button,
+  Input,
+  Label,
+  Modal,
+  ModalBody,
+  ModalContent,
+  ModalFooter,
+  ModalHeader,
+} from '@/components/emcn'
+import { GmailIcon, OutlookIcon } from '@/components/icons'
+import { Input as BaseInput, Skeleton } from '@/components/ui'
+import { useSession } from '@/lib/auth/auth-client'
+import { getSubscriptionStatus } from '@/lib/billing/client'
+import { cn } from '@/lib/core/utils/cn'
+import { getProviderDisplayName, type PollingProvider } from '@/lib/credential-sets/providers'
+import { quickValidateEmail } from '@/lib/messaging/email/validation'
+import { getUserColor } from '@/lib/workspaces/colors'
+import { getUserRole } from '@/lib/workspaces/organization'
+import { EmailTag } from '@/app/workspace/[workspaceId]/w/components/sidebar/components/workspace-header/components/invite-modal'
+import {
+  type CredentialSet,
+  useAcceptCredentialSetInvitation,
+  useCancelCredentialSetInvitation,
+  useCreateCredentialSet,
+  useCreateCredentialSetInvitation,
+  useCredentialSetInvitations,
+  useCredentialSetInvitationsDetail,
+  useCredentialSetMembers,
+  useCredentialSetMemberships,
+  useCredentialSets,
+  useDeleteCredentialSet,
+  useLeaveCredentialSet,
+  useRemoveCredentialSetMember,
+  useResendCredentialSetInvitation,
+} from '@/hooks/queries/credential-sets'
+import { useOrganizations } from '@/hooks/queries/organization'
+import { useSubscriptionData } from '@/hooks/queries/subscription'
+
+const logger = createLogger('EmailPolling')
+
+function CredentialSetsSkeleton() {
+  return (
+    <div className='flex h-full flex-col gap-[16px]'>
+      <div className='flex flex-col gap-[8px]'>
+        <Skeleton className='h-[14px] w-[100px]' />
+        <div className='flex items-center justify-between'>
+          <div className='flex items-center gap-[12px]'>
+            <Skeleton className='h-9 w-9 rounded-[6px]' />
+            <div className='flex flex-col gap-[4px]'>
+              <Skeleton className='h-[14px] w-[120px]' />
+              <Skeleton className='h-[12px] w-[80px]' />
+            </div>
+          </div>
+          <Skeleton className='h-[32px] w-[60px] rounded-[6px]' />
+        </div>
+      </div>
+      <div className='flex flex-col gap-[8px]'>
+        <Skeleton className='h-[14px] w-[60px]' />
+        <div className='flex items-center justify-between'>
+          <div className='flex items-center gap-[12px]'>
+            <Skeleton className='h-9 w-9 rounded-[6px]' />
+            <div className='flex flex-col gap-[4px]'>
+              <Skeleton className='h-[14px] w-[140px]' />
+              <Skeleton className='h-[12px] w-[100px]' />
+            </div>
+          </div>
+          <Skeleton className='h-[32px] w-[80px] rounded-[6px]' />
+        </div>
+      </div>
+    </div>
+  )
+}
+
+export function CredentialSets() {
+  const { data: session } = useSession()
+  const { data: organizationsData } = useOrganizations()
+  const { data: subscriptionData } = useSubscriptionData()
+
+  const activeOrganization = organizationsData?.activeOrganization
+  const subscriptionStatus = getSubscriptionStatus(subscriptionData?.data)
+  const hasTeamPlan = subscriptionStatus.isTeam || subscriptionStatus.isEnterprise
+  const userRole = getUserRole(activeOrganization, session?.user?.email)
+  const isAdmin = userRole === 'admin' || userRole === 'owner'
+  const canManageCredentialSets = hasTeamPlan && isAdmin && !!activeOrganization?.id
+
+  const { data: memberships = [], isPending: membershipsLoading } = useCredentialSetMemberships()
+  const { data: invitations = [], isPending: invitationsLoading } = useCredentialSetInvitations()
+  const { data: ownedSets = [], isPending: ownedSetsLoading } = useCredentialSets(
+    activeOrganization?.id,
+    canManageCredentialSets
+  )
+
+  const acceptInvitation = useAcceptCredentialSetInvitation()
+  const createCredentialSet = useCreateCredentialSet()
+  const createInvitation = useCreateCredentialSetInvitation()
+
+  const [searchTerm, setSearchTerm] = useState('')
+  const [showCreateModal, setShowCreateModal] = useState(false)
+  const [viewingSet, setViewingSet] = useState<CredentialSet | null>(null)
+  const [newSetName, setNewSetName] = useState('')
+  const [newSetDescription, setNewSetDescription] = useState('')
+  const [newSetProvider, setNewSetProvider] = useState<PollingProvider>('google-email')
+  const [createError, setCreateError] = useState<string | null>(null)
+  const [emails, setEmails] = useState<string[]>([])
+  const [invalidEmails, setInvalidEmails] = useState<string[]>([])
+  const [duplicateEmails, setDuplicateEmails] = useState<string[]>([])
+  const [inputValue, setInputValue] = useState('')
+  const [isDragging, setIsDragging] = useState(false)
+  const fileInputRef = useRef<HTMLInputElement>(null)
+  const [leavingMembership, setLeavingMembership] = useState<{
+    credentialSetId: string
+    name: string
+  } | null>(null)
+
+  const { data: members = [], isPending: membersLoading } = useCredentialSetMembers(viewingSet?.id)
+  const { data: pendingInvitations = [], isPending: pendingInvitationsLoading } =
+    useCredentialSetInvitationsDetail(viewingSet?.id)
+  const removeMember = useRemoveCredentialSetMember()
+  const leaveCredentialSet = useLeaveCredentialSet()
+  const deleteCredentialSet = useDeleteCredentialSet()
+  const cancelInvitation = useCancelCredentialSetInvitation()
+  const resendInvitation = useResendCredentialSetInvitation()
+
+  const [deletingSet, setDeletingSet] = useState<{ id: string; name: string } | null>(null)
+  const [deletingSetIds, setDeletingSetIds] = useState<Set<string>>(new Set())
+  const [cancellingInvitations, setCancellingInvitations] = useState<Set<string>>(new Set())
+  const [resendingInvitations, setResendingInvitations] = useState<Set<string>>(new Set())
+  const [resendCooldowns, setResendCooldowns] = useState<Record<string, number>>({})
+
+  const extractEmailsFromText = useCallback((text: string): string[] => {
+    const emailRegex = /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g
+    const matches = text.match(emailRegex) || []
+    return [...new Set(matches.map((e) => e.toLowerCase()))]
+  }, [])
+
+  const addEmail = useCallback(
+    (email: string) => {
+      if (!email.trim()) return false
+
+      const normalized = email.trim().toLowerCase()
+      const validation = quickValidateEmail(normalized)
+      const isValid = validation.isValid
+
+      if (
+        emails.includes(normalized) ||
+        invalidEmails.includes(normalized) ||
+        duplicateEmails.includes(normalized)
+      ) {
+        return false
+      }
+
+      const isPendingInvitation = pendingInvitations.some(
+        (inv) => inv.email?.toLowerCase() === normalized
+      )
+      if (isPendingInvitation) {
+        setDuplicateEmails((prev) => {
+          if (prev.includes(normalized)) return prev
+          return [...prev, normalized]
+        })
+        setInputValue('')
+        return false
+      }
+
+      const isActiveMember = members.some(
+        (m) => m.userEmail?.toLowerCase() === normalized && m.status === 'active'
+      )
+      if (isActiveMember) {
+        setDuplicateEmails((prev) => {
+          if (prev.includes(normalized)) return prev
+          return [...prev, normalized]
+        })
+        setInputValue('')
+        return false
+      }
+
+      if (!isValid) {
+        setInvalidEmails((prev) => {
+          if (prev.includes(normalized)) return prev
+          return [...prev, normalized]
+        })
+        setInputValue('')
+        return false
+      }
+
+      setEmails((prev) => {
+        if (prev.includes(normalized)) return prev
+        return [...prev, normalized]
+      })
+      setInputValue('')
+      return true
+    },
+    [emails, invalidEmails, duplicateEmails, pendingInvitations, members]
+  )
+
+  const removeEmail = useCallback((index: number) => {
+    setEmails((prev) => prev.filter((_, i) => i !== index))
+  }, [])
+
+  const removeInvalidEmail = useCallback((index: number) => {
+    setInvalidEmails((prev) => prev.filter((_, i) => i !== index))
+  }, [])
+
+  const removeDuplicateEmail = useCallback((index: number) => {
+    setDuplicateEmails((prev) => prev.filter((_, i) => i !== index))
+  }, [])
+
+  const handleEmailKeyDown = useCallback(
+    (e: KeyboardEvent<HTMLInputElement>) => {
+      if (e.key === 'Enter') {
+        e.preventDefault()
+        if (inputValue.trim()) {
+          addEmail(inputValue)
+        }
+        return
+      }
+
+      if ([',', ' '].includes(e.key) && inputValue.trim()) {
+        e.preventDefault()
+        addEmail(inputValue)
+      }
+
+      if (e.key === 'Backspace' && !inputValue) {
+        if (duplicateEmails.length > 0) {
+          removeDuplicateEmail(duplicateEmails.length - 1)
+        } else if (invalidEmails.length > 0) {
+          removeInvalidEmail(invalidEmails.length - 1)
+        } else if (emails.length > 0) {
+          removeEmail(emails.length - 1)
+        }
+      }
+    },
+    [
+      inputValue,
+      addEmail,
+      duplicateEmails,
+      invalidEmails,
+      emails,
+      removeDuplicateEmail,
+      removeInvalidEmail,
+      removeEmail,
+    ]
+  )
+
+  const handleEmailPaste = useCallback(
+    (e: React.ClipboardEvent<HTMLInputElement>) => {
+      e.preventDefault()
+      const pastedText = e.clipboardData.getData('text')
+      const pastedEmails = extractEmailsFromText(pastedText)
+
+      pastedEmails.forEach((email) => {
+        addEmail(email)
+      })
+    },
+    [addEmail, extractEmailsFromText]
+  )
+
+  const handleFileDrop = useCallback(
+    async (file: File) => {
+      try {
+        const text = await file.text()
+        const extractedEmails = extractEmailsFromText(text)
+        extractedEmails.forEach((email) => {
+          addEmail(email)
+        })
+      } catch (error) {
+        logger.error('Error reading dropped file', error)
+      }
+    },
+    [extractEmailsFromText, addEmail]
+  )
+
+  const handleDragOver = useCallback((e: React.DragEvent) => {
+    e.preventDefault()
+    e.stopPropagation()
+    e.dataTransfer.dropEffect = 'copy'
+    setIsDragging(true)
+  }, [])
+
+  const handleDragLeave = useCallback((e: React.DragEvent) => {
+    e.preventDefault()
+    e.stopPropagation()
+    setIsDragging(false)
+  }, [])
+
+  const handleDrop = useCallback(
+    async (e: React.DragEvent) => {
+      e.preventDefault()
+      e.stopPropagation()
+      setIsDragging(false)
+
+      const files = Array.from(e.dataTransfer.files)
+      const validFiles = files.filter(
+        (f) =>
+          f.type === 'text/csv' ||
+          f.type === 'text/plain' ||
+          f.name.endsWith('.csv') ||
+          f.name.endsWith('.txt')
+      )
+
+      for (const file of validFiles) {
+        await handleFileDrop(file)
+      }
+    },
+    [handleFileDrop]
+  )
+
+  const handleFileInputChange = useCallback(
+    async (e: React.ChangeEvent<HTMLInputElement>) => {
+      const files = e.target.files
+      if (!files) return
+
+      for (const file of Array.from(files)) {
+        await handleFileDrop(file)
+      }
+
+      // Reset input so the same file can be selected again
+      e.target.value = ''
+    },
+    [handleFileDrop]
+  )
+
+  const handleRemoveMember = useCallback(
+    async (memberId: string) => {
+      if (!viewingSet) return
+      try {
+        await removeMember.mutateAsync({
+          credentialSetId: viewingSet.id,
+          memberId,
+        })
+      } catch (error) {
+        logger.error('Failed to remove member', error)
+      }
+    },
+    [viewingSet, removeMember]
+  )
+
+  const handleLeave = useCallback((credentialSetId: string, name: string) => {
+    setLeavingMembership({ credentialSetId, name })
+  }, [])
+
+  const confirmLeave = useCallback(async () => {
+    if (!leavingMembership) return
+    try {
+      await leaveCredentialSet.mutateAsync(leavingMembership.credentialSetId)
+      setLeavingMembership(null)
+    } catch (error) {
+      logger.error('Failed to leave polling group', error)
+    }
+  }, [leavingMembership, leaveCredentialSet])
+
+  const handleAcceptInvitation = useCallback(
+    async (token: string) => {
+      try {
+        await acceptInvitation.mutateAsync(token)
+      } catch (error) {
+        logger.error('Failed to accept invitation', error)
+      }
+    },
+    [acceptInvitation]
+  )
+
+  const handleCreateCredentialSet = useCallback(async () => {
+    if (!newSetName.trim() || !activeOrganization?.id) return
+    setCreateError(null)
+    try {
+      const result = await createCredentialSet.mutateAsync({
+        organizationId: activeOrganization.id,
+        name: newSetName.trim(),
+        description: newSetDescription.trim() || undefined,
+        providerId: newSetProvider,
+      })
+      setShowCreateModal(false)
+      setNewSetName('')
+      setNewSetDescription('')
+      setNewSetProvider('google-email')
+
+      // Open detail view for the newly created group
+      if (result?.credentialSet) {
+        setViewingSet(result.credentialSet)
+      }
+    } catch (error) {
+      logger.error('Failed to create polling group', error)
+      if (error instanceof Error) {
+        setCreateError(error.message)
+      } else {
+        setCreateError('Failed to create polling group')
+      }
+    }
+  }, [newSetName, newSetDescription, newSetProvider, activeOrganization?.id, createCredentialSet])
+
+  const handleInviteMembers = useCallback(async () => {
+    if (!viewingSet?.id) return
+
+    // Add any pending input value first
+    if (inputValue.trim()) {
+      addEmail(inputValue)
+    }
+
+    if (emails.length === 0) return
+
+    try {
+      for (const email of emails) {
+        await createInvitation.mutateAsync({
+          credentialSetId: viewingSet.id,
+          email,
+        })
+      }
+      setEmails([])
+      setInvalidEmails([])
+      setDuplicateEmails([])
+      setInputValue('')
+    } catch (error) {
+      logger.error('Failed to create invitations', error)
+    }
+  }, [viewingSet?.id, emails, inputValue, addEmail, createInvitation])
+
+  const handleCloseCreateModal = useCallback(() => {
+    setShowCreateModal(false)
+    setNewSetName('')
+    setNewSetDescription('')
+    setNewSetProvider('google-email')
+    setCreateError(null)
+  }, [])
+
+  const handleBackToList = useCallback(() => {
+    setViewingSet(null)
+    setEmails([])
+    setInvalidEmails([])
+    setDuplicateEmails([])
+    setInputValue('')
+  }, [])
+
+  const handleCancelInvitation = useCallback(
+    async (invitationId: string) => {
+      if (!viewingSet?.id) return
+
+      setCancellingInvitations((prev) => new Set([...prev, invitationId]))
+      try {
+        await cancelInvitation.mutateAsync({
+          credentialSetId: viewingSet.id,
+          invitationId,
+        })
+      } catch (error) {
+        logger.error('Failed to cancel invitation', error)
+      } finally {
+        setCancellingInvitations((prev) => {
+          const next = new Set(prev)
+          next.delete(invitationId)
+          return next
+        })
+      }
+    },
+    [viewingSet?.id, cancelInvitation]
+  )
+
+  const handleResendInvitation = useCallback(
+    async (invitationId: string, email: string) => {
+      if (!viewingSet?.id) return
+
+      const secondsLeft = resendCooldowns[invitationId]
+      if (secondsLeft && secondsLeft > 0) return
+
+      setResendingInvitations((prev) => new Set([...prev, invitationId]))
+      try {
+        await resendInvitation.mutateAsync({
+          credentialSetId: viewingSet.id,
+          invitationId,
+          email,
+        })
+
+        // Start 60s cooldown
+        setResendCooldowns((prev) => ({ ...prev, [invitationId]: 60 }))
+        const interval = setInterval(() => {
+          setResendCooldowns((prev) => {
+            const current = prev[invitationId]
+            if (current === undefined) return prev
+            if (current <= 1) {
+              const next = { ...prev }
+              delete next[invitationId]
+              clearInterval(interval)
+              return next
+            }
+            return { ...prev, [invitationId]: current - 1 }
+          })
+        }, 1000)
+      } catch (error) {
+        logger.error('Failed to resend invitation', error)
+      } finally {
+        setResendingInvitations((prev) => {
+          const next = new Set(prev)
+          next.delete(invitationId)
+          return next
+        })
+      }
+    },
+    [viewingSet?.id, resendInvitation, resendCooldowns]
+  )
+
+  const handleDeleteClick = useCallback((set: CredentialSet) => {
+    setDeletingSet({ id: set.id, name: set.name })
+  }, [])
+
+  const confirmDelete = useCallback(async () => {
+    if (!deletingSet || !activeOrganization?.id) return
+    setDeletingSetIds((prev) => new Set(prev).add(deletingSet.id))
+    try {
+      await deleteCredentialSet.mutateAsync({
+        credentialSetId: deletingSet.id,
+        organizationId: activeOrganization.id,
+      })
+      setDeletingSet(null)
+    } catch (error) {
+      logger.error('Failed to delete polling group', error)
+    } finally {
+      setDeletingSetIds((prev) => {
+        const next = new Set(prev)
+        next.delete(deletingSet.id)
+        return next
+      })
+    }
+  }, [deletingSet, activeOrganization?.id, deleteCredentialSet])
+
+  const getProviderIcon = (providerId: string | null) => {
+    if (providerId === 'outlook') return <OutlookIcon className='h-4 w-4' />
+    return <GmailIcon className='h-4 w-4' />
+  }
+
+  // All hooks must be called before any early returns
+  const activeMemberships = useMemo(
+    () => memberships.filter((m) => m.status === 'active'),
+    [memberships]
+  )
+
+  const filteredInvitations = useMemo(() => {
+    if (!searchTerm.trim()) return invitations
+    const searchLower = searchTerm.toLowerCase()
+    return invitations.filter(
+      (inv) =>
+        inv.credentialSetName.toLowerCase().includes(searchLower) ||
+        inv.organizationName.toLowerCase().includes(searchLower)
+    )
+  }, [invitations, searchTerm])
+
+  const filteredMemberships = useMemo(() => {
+    if (!searchTerm.trim()) return activeMemberships
+    const searchLower = searchTerm.toLowerCase()
+    return activeMemberships.filter(
+      (m) =>
+        m.credentialSetName.toLowerCase().includes(searchLower) ||
+        m.organizationName.toLowerCase().includes(searchLower)
+    )
+  }, [activeMemberships, searchTerm])
+
+  const filteredOwnedSets = useMemo(() => {
+    if (!searchTerm.trim()) return ownedSets
+    const searchLower = searchTerm.toLowerCase()
+    return ownedSets.filter((set) => set.name.toLowerCase().includes(searchLower))
+  }, [ownedSets, searchTerm])
+
+  const hasNoContent =
+    invitations.length === 0 && activeMemberships.length === 0 && ownedSets.length === 0
+  const hasNoResults =
+    searchTerm.trim() &&
+    filteredInvitations.length === 0 &&
+    filteredMemberships.length === 0 &&
+    filteredOwnedSets.length === 0 &&
+    !hasNoContent
+
+  // Early returns AFTER all hooks
+  if (membershipsLoading || invitationsLoading) {
+    return <CredentialSetsSkeleton />
+  }
+
+  // Detail view for a polling group
+  if (viewingSet) {
+    const activeMembers = members.filter((m) => m.status === 'active')
+    const totalCount = activeMembers.length + pendingInvitations.length
+
+    return (
+      <>
+        <div className='flex h-full flex-col gap-[16px]'>
+          <div className='min-h-0 flex-1 overflow-y-auto'>
+            <div className='flex flex-col gap-[16px]'>
+              {/* Group Info */}
+              <div className='flex items-center gap-[16px]'>
+                <div className='flex items-center gap-[8px]'>
+                  <span className='font-medium text-[13px] text-[var(--text-primary)]'>
+                    Group Name
+                  </span>
+                  <span className='text-[13px] text-[var(--text-secondary)]'>
+                    {viewingSet.name}
+                  </span>
+                </div>
+                <div className='h-4 w-px bg-[var(--border)]' />
+                <div className='flex items-center gap-[8px]'>
+                  <span className='font-medium text-[13px] text-[var(--text-primary)]'>
+                    Provider
+                  </span>
+                  <div className='flex items-center gap-[6px]'>
+                    {getProviderIcon(viewingSet.providerId)}
+                    <span className='text-[13px] text-[var(--text-secondary)]'>
+                      {getProviderDisplayName(viewingSet.providerId as PollingProvider)}
+                    </span>
+                  </div>
+                </div>
+              </div>
+
+              {/* Invite Section - Email Tags Input */}
+              <div className='flex items-center gap-[8px]'>
+                <input
+                  ref={fileInputRef}
+                  type='file'
+                  accept='.csv,.txt,text/csv,text/plain'
+                  onChange={handleFileInputChange}
+                  className='hidden'
+                />
+                <div
+                  onDragOver={handleDragOver}
+                  onDragLeave={handleDragLeave}
+                  onDrop={handleDrop}
+                  className={cn(
+                    'relative flex min-h-9 flex-1 flex-wrap items-center gap-x-[8px] gap-y-[4px] rounded-[4px] border border-[var(--border-1)] bg-[var(--surface-4)] px-[6px] py-[4px] transition-colors focus-within:outline-none',
+                    isDragging && 'border-[var(--border)] border-dashed bg-[var(--surface-5)]'
+                  )}
+                >
+                  {isDragging && (
+                    <div className='absolute inset-0 flex items-center justify-center rounded-[4px] bg-[var(--surface-5)]/90'>
+                      <span className='text-[13px] text-[var(--text-tertiary)]'>
+                        Drop file here
+                      </span>
+                    </div>
+                  )}
+                  {invalidEmails.map((email, index) => (
+                    <EmailTag
+                      key={`invalid-${index}`}
+                      email={email}
+                      onRemove={() => removeInvalidEmail(index)}
+                      disabled={createInvitation.isPending}
+                      isInvalid={true}
+                    />
+                  ))}
+                  {duplicateEmails.map((email, index) => (
+                    <div
+                      key={`duplicate-${index}`}
+                      className='flex w-auto items-center gap-[4px] rounded-[4px] border border-amber-500 bg-amber-500/10 px-[6px] py-[2px] text-[12px] text-amber-600 dark:bg-amber-500/20 dark:text-amber-400'
+                    >
+                      <span className='max-w-[200px] truncate'>{email}</span>
+                      <span className='text-[11px] opacity-70'>duplicate</span>
+                      {!createInvitation.isPending && (
+                        <button
+                          type='button'
+                          onClick={() => removeDuplicateEmail(index)}
+                          className='flex-shrink-0 text-amber-600 transition-colors hover:text-amber-700 focus:outline-none dark:text-amber-400 dark:hover:text-amber-300'
+                          aria-label={`Remove ${email}`}
+                        >
+                          <X className='h-[12px] w-[12px] translate-y-[0.2px]' />
+                        </button>
+                      )}
+                    </div>
+                  ))}
+                  {emails.map((email, index) => (
+                    <EmailTag
+                      key={`valid-${index}`}
+                      email={email}
+                      onRemove={() => removeEmail(index)}
+                      disabled={createInvitation.isPending}
+                    />
+                  ))}
+                  <div className='relative flex flex-1 items-center'>
+                    <input
+                      type='text'
+                      value={inputValue}
+                      onChange={(e) => setInputValue(e.target.value)}
+                      onKeyDown={handleEmailKeyDown}
+                      onPaste={handleEmailPaste}
+                      onBlur={() => inputValue.trim() && addEmail(inputValue)}
+                      placeholder={
+                        emails.length > 0 || invalidEmails.length > 0 || duplicateEmails.length > 0
+                          ? 'Add another email'
+                          : 'Enter email addresses'
+                      }
+                      className='h-6 min-w-[140px] flex-1 border-none bg-transparent p-0 pl-[4px] text-[13px] outline-none placeholder:text-[var(--text-tertiary)]'
+                      disabled={createInvitation.isPending}
+                    />
+                    <button
+                      type='button'
+                      onClick={() => fileInputRef.current?.click()}
+                      className='ml-[4px] flex-shrink-0 text-[var(--text-tertiary)] transition-colors hover:text-[var(--text-secondary)]'
+                    >
+                      <Paperclip className='h-[14px] w-[14px]' strokeWidth={2} />
+                    </button>
+                  </div>
+                </div>
+                <Button
+                  variant='default'
+                  onClick={handleInviteMembers}
+                  disabled={
+                    createInvitation.isPending || (emails.length === 0 && !inputValue.trim())
+                  }
+                >
+                  {createInvitation.isPending ? 'Sending...' : 'Invite'}
+                </Button>
+              </div>
+
+              {/* Members List - styled like team members */}
+              <div className='flex flex-col gap-[16px]'>
+                <h4 className='font-medium text-[14px] text-[var(--text-primary)]'>Members</h4>
+
+                {membersLoading || pendingInvitationsLoading ? (
+                  <div className='flex flex-col gap-[16px]'>
+                    {[1, 2].map((i) => (
+                      <div key={i} className='flex items-center justify-between'>
+                        <div className='flex items-center gap-[12px]'>
+                          <Skeleton className='h-8 w-8 rounded-full' />
+                          <div className='flex flex-col gap-[4px]'>
+                            <Skeleton className='h-[14px] w-[100px]' />
+                            <Skeleton className='h-[12px] w-[150px]' />
+                          </div>
+                        </div>
+                      </div>
+                    ))}
+                  </div>
+                ) : totalCount === 0 ? (
+                  <p className='text-[13px] text-[var(--text-muted)]'>
+                    No members yet. Send invitations above.
+                  </p>
+                ) : (
+                  <div className='flex flex-col gap-[16px]'>
+                    {/* Active Members */}
+                    {activeMembers.map((member) => {
+                      const name = member.userName || 'Unknown'
+                      const avatarInitial = name.charAt(0).toUpperCase()
+
+                      return (
+                        <div key={member.id} className='flex items-center justify-between'>
+                          <div className='flex flex-1 items-center gap-[12px]'>
+                            <Avatar size='sm'>
+                              {member.userImage && (
+                                <AvatarImage src={member.userImage} alt={name} />
+                              )}
+                              <AvatarFallback
+                                style={{
+                                  background: getUserColor(member.userId || member.userEmail || ''),
+                                }}
+                                className='border-0 text-white'
+                              >
+                                {avatarInitial}
+                              </AvatarFallback>
+                            </Avatar>
+
+                            <div className='min-w-0'>
+                              <div className='flex items-center gap-[8px]'>
+                                <span className='truncate font-medium text-[14px] text-[var(--text-primary)]'>
+                                  {name}
+                                </span>
+                                {member.credentials.length === 0 && (
+                                  <Badge variant='red' size='sm'>
+                                    Disconnected
+                                  </Badge>
+                                )}
+                              </div>
+                              <div className='truncate text-[12px] text-[var(--text-muted)]'>
+                                {member.userEmail}
+                              </div>
+                            </div>
+                          </div>
+
+                          <div className='ml-[16px] flex items-center gap-[4px]'>
+                            <Button
+                              variant='destructive'
+                              onClick={() => handleRemoveMember(member.id)}
+                              disabled={removeMember.isPending}
+                              className='h-8'
+                            >
+                              Remove
+                            </Button>
+                          </div>
+                        </div>
+                      )
+                    })}
+
+                    {/* Pending Invitations */}
+                    {pendingInvitations.map((invitation) => {
+                      const email = invitation.email || 'Unknown'
+                      const emailPrefix = email.split('@')[0]
+                      const avatarInitial = emailPrefix.charAt(0).toUpperCase()
+
+                      return (
+                        <div key={invitation.id} className='flex items-center justify-between'>
+                          <div className='flex flex-1 items-center gap-[12px]'>
+                            <Avatar size='sm'>
+                              <AvatarFallback
+                                style={{ background: getUserColor(email) }}
+                                className='border-0 text-white'
+                              >
+                                {avatarInitial}
+                              </AvatarFallback>
+                            </Avatar>
+
+                            <div className='min-w-0'>
+                              <div className='flex items-center gap-[8px]'>
+                                <span className='truncate font-medium text-[14px] text-[var(--text-primary)]'>
+                                  {emailPrefix}
+                                </span>
+                                <Badge variant='gray-secondary' size='sm'>
+                                  Pending
+                                </Badge>
+                              </div>
+                              <div className='truncate text-[12px] text-[var(--text-muted)]'>
+                                {email}
+                              </div>
+                            </div>
+                          </div>
+
+                          <div className='ml-[16px] flex items-center gap-[4px]'>
+                            <Button
+                              variant='ghost'
+                              onClick={() => handleResendInvitation(invitation.id, email)}
+                              disabled={
+                                resendingInvitations.has(invitation.id) ||
+                                (resendCooldowns[invitation.id] ?? 0) > 0
+                              }
+                              className='h-8'
+                            >
+                              {resendingInvitations.has(invitation.id)
+                                ? 'Sending...'
+                                : resendCooldowns[invitation.id]
+                                  ? `Resend (${resendCooldowns[invitation.id]}s)`
+                                  : 'Resend'}
+                            </Button>
+                            <Button
+                              variant='ghost'
+                              onClick={() => handleCancelInvitation(invitation.id)}
+                              disabled={cancellingInvitations.has(invitation.id)}
+                              className='h-8'
+                            >
+                              {cancellingInvitations.has(invitation.id)
+                                ? 'Cancelling...'
+                                : 'Cancel'}
+                            </Button>
+                          </div>
+                        </div>
+                      )
+                    })}
+                  </div>
+                )}
+              </div>
+            </div>
+          </div>
+
+          {/* Footer Actions */}
+          <div className='mt-auto flex items-center justify-end'>
+            <Button onClick={handleBackToList} variant='tertiary'>
+              Back
+            </Button>
+          </div>
+        </div>
+      </>
+    )
+  }
+
+  return (
+    <>
+      <div className='flex h-full flex-col gap-[16px]'>
+        <div className='flex items-center gap-[8px]'>
+          <div className='flex flex-1 items-center gap-[8px] rounded-[8px] border border-[var(--border)] bg-transparent px-[8px] py-[5px] transition-colors duration-100 dark:bg-[var(--surface-4)] dark:hover:border-[var(--border-1)] dark:hover:bg-[var(--surface-5)]'>
+            <Search
+              className='h-[14px] w-[14px] flex-shrink-0 text-[var(--text-tertiary)]'
+              strokeWidth={2}
+            />
+            <BaseInput
+              placeholder='Search polling groups...'
+              value={searchTerm}
+              onChange={(e) => setSearchTerm(e.target.value)}
+              className='h-auto flex-1 border-0 bg-transparent p-0 font-base leading-none placeholder:text-[var(--text-tertiary)] focus-visible:ring-0 focus-visible:ring-offset-0'
+            />
+          </div>
+          {canManageCredentialSets && (
+            <Button variant='tertiary' onClick={() => setShowCreateModal(true)}>
+              <Plus className='mr-[6px] h-[13px] w-[13px]' />
+              Create
+            </Button>
+          )}
+        </div>
+
+        <div className='relative min-h-0 flex-1 overflow-y-auto'>
+          {hasNoContent && !canManageCredentialSets ? (
+            <div className='absolute inset-0 flex items-center justify-center text-[13px] text-[var(--text-muted)]'>
+              You're not a member of any polling groups yet. When someone invites you, it will
+              appear here.
+            </div>
+          ) : hasNoResults ? (
+            <div className='py-[16px] text-center text-[13px] text-[var(--text-muted)]'>
+              No results found matching "{searchTerm}"
+            </div>
+          ) : (
+            <div className='flex flex-col gap-[16px]'>
+              {filteredInvitations.length > 0 && (
+                <div className='flex flex-col gap-[8px]'>
+                  <div className='font-medium text-[13px] text-[var(--text-secondary)]'>
+                    Pending Invitations
+                  </div>
+                  {filteredInvitations.map((invitation) => (
+                    <div
+                      key={invitation.invitationId}
+                      className='flex items-center justify-between'
+                    >
+                      <div className='flex items-center gap-[12px]'>
+                        <div className='flex h-9 w-9 items-center justify-center rounded-[6px] bg-[var(--surface-5)]'>
+                          {getProviderIcon(invitation.providerId)}
+                        </div>
+                        <div className='flex flex-col'>
+                          <span className='font-medium text-[14px]'>
+                            {invitation.credentialSetName}
+                          </span>
+                          <span className='text-[13px] text-[var(--text-muted)]'>
+                            {invitation.organizationName}
+                          </span>
+                        </div>
+                      </div>
+                      <Button
+                        variant='tertiary'
+                        onClick={() => handleAcceptInvitation(invitation.token)}
+                        disabled={acceptInvitation.isPending}
+                      >
+                        {acceptInvitation.isPending ? 'Accepting...' : 'Accept'}
+                      </Button>
+                    </div>
+                  ))}
+                </div>
+              )}
+
+              {filteredMemberships.length > 0 && (
+                <div className='flex flex-col gap-[8px]'>
+                  <div className='font-medium text-[13px] text-[var(--text-secondary)]'>
+                    My Memberships
+                  </div>
+                  {filteredMemberships.map((membership) => (
+                    <div
+                      key={membership.membershipId}
+                      className='flex items-center justify-between'
+                    >
+                      <div className='flex items-center gap-[12px]'>
+                        <div className='flex h-9 w-9 items-center justify-center rounded-[6px] bg-[var(--surface-5)]'>
+                          {getProviderIcon(membership.providerId)}
+                        </div>
+                        <div className='flex flex-col'>
+                          <span className='font-medium text-[14px]'>
+                            {membership.credentialSetName}
+                          </span>
+                          <span className='text-[13px] text-[var(--text-muted)]'>
+                            {membership.organizationName}
+                          </span>
+                        </div>
+                      </div>
+                      <Button
+                        variant='ghost'
+                        onClick={() =>
+                          handleLeave(membership.credentialSetId, membership.credentialSetName)
+                        }
+                        disabled={leaveCredentialSet.isPending}
+                      >
+                        Leave
+                      </Button>
+                    </div>
+                  ))}
+                </div>
+              )}
+
+              {canManageCredentialSets &&
+                (filteredOwnedSets.length > 0 ||
+                  ownedSetsLoading ||
+                  (!searchTerm.trim() && ownedSets.length === 0)) && (
+                  <div className='flex flex-col gap-[8px]'>
+                    <div className='font-medium text-[13px] text-[var(--text-secondary)]'>
+                      Manage
+                    </div>
+                    {ownedSetsLoading ? (
+                      <>
+                        {[1, 2].map((i) => (
+                          <div key={i} className='flex items-center justify-between'>
+                            <div className='flex items-center gap-[12px]'>
+                              <Skeleton className='h-9 w-9 rounded-[6px]' />
+                              <div className='flex flex-col gap-[4px]'>
+                                <Skeleton className='h-[14px] w-[120px]' />
+                                <Skeleton className='h-[12px] w-[80px]' />
+                              </div>
+                            </div>
+                          </div>
+                        ))}
+                      </>
+                    ) : !searchTerm.trim() && ownedSets.length === 0 ? (
+                      <div className='text-[13px] text-[var(--text-muted)]'>
+                        No polling groups created yet
+                      </div>
+                    ) : (
+                      filteredOwnedSets.map((set) => (
+                        <div key={set.id} className='flex items-center justify-between'>
+                          <div className='flex items-center gap-[12px]'>
+                            <div className='flex h-9 w-9 items-center justify-center rounded-[6px] bg-[var(--surface-5)]'>
+                              {getProviderIcon(set.providerId)}
+                            </div>
+                            <div className='flex flex-col'>
+                              <span className='font-medium text-[14px]'>{set.name}</span>
+                              <span className='text-[13px] text-[var(--text-muted)]'>
+                                {set.memberCount} member{set.memberCount !== 1 ? 's' : ''}
+                              </span>
+                            </div>
+                          </div>
+                          <div className='flex items-center gap-[8px]'>
+                            <Button variant='ghost' onClick={() => setViewingSet(set)}>
+                              Details
+                            </Button>
+                            <Button
+                              variant='destructive'
+                              onClick={() => handleDeleteClick(set)}
+                              disabled={deletingSetIds.has(set.id)}
+                            >
+                              {deletingSetIds.has(set.id) ? 'Deleting...' : 'Delete'}
+                            </Button>
+                          </div>
+                        </div>
+                      ))
+                    )}
+                  </div>
+                )}
+            </div>
+          )}
+        </div>
+      </div>
+
+      {/* Create Polling Group Modal */}
+      <Modal open={showCreateModal} onOpenChange={handleCloseCreateModal}>
+        <ModalContent className='w-[400px]'>
+          <ModalHeader>Create Polling Group</ModalHeader>
+          <ModalBody>
+            <div className='flex flex-col gap-[12px]'>
+              <div className='flex flex-col gap-[4px]'>
+                <Label>Name</Label>
+                <Input
+                  value={newSetName}
+                  onChange={(e) => {
+                    setNewSetName(e.target.value)
+                    if (createError) setCreateError(null)
+                  }}
+                  placeholder='e.g., Marketing Team'
+                />
+              </div>
+              <div className='flex flex-col gap-[4px]'>
+                <Label>Description (optional)</Label>
+                <Input
+                  value={newSetDescription}
+                  onChange={(e) => setNewSetDescription(e.target.value)}
+                  placeholder='e.g., Poll emails for marketing automations'
+                />
+              </div>
+              <div className='flex flex-col gap-[4px]'>
+                <Label>Email Provider</Label>
+                <div className='inline-flex gap-[2px]'>
+                  <Button
+                    variant={newSetProvider === 'google-email' ? 'active' : 'default'}
+                    onClick={() => setNewSetProvider('google-email')}
+                    className={cn(
+                      'rounded-r-none px-[8px] py-[4px] text-[12px]',
+                      newSetProvider === 'google-email' &&
+                        'bg-[var(--border-1)] hover:bg-[var(--border-1)] dark:bg-[var(--surface-5)] dark:hover:bg-[var(--border-1)]'
+                    )}
+                  >
+                    Gmail
+                  </Button>
+                  <Button
+                    variant={newSetProvider === 'outlook' ? 'active' : 'default'}
+                    onClick={() => setNewSetProvider('outlook')}
+                    className={cn(
+                      'rounded-l-none px-[8px] py-[4px] text-[12px]',
+                      newSetProvider === 'outlook' &&
+                        'bg-[var(--border-1)] hover:bg-[var(--border-1)] dark:bg-[var(--surface-5)] dark:hover:bg-[var(--border-1)]'
+                    )}
+                  >
+                    Outlook
+                  </Button>
+                </div>
+                <p className='mt-[4px] text-[11px] text-[var(--text-tertiary)]'>
+                  Members will connect their {getProviderDisplayName(newSetProvider)} account
+                </p>
+              </div>
+              {createError && <p className='text-[12px] text-[var(--text-error)]'>{createError}</p>}
+            </div>
+          </ModalBody>
+          <ModalFooter>
+            <Button variant='default' onClick={handleCloseCreateModal}>
+              Cancel
+            </Button>
+            <Button
+              variant='tertiary'
+              onClick={handleCreateCredentialSet}
+              disabled={!newSetName.trim() || createCredentialSet.isPending}
+            >
+              {createCredentialSet.isPending ? 'Creating...' : 'Create'}
+            </Button>
+          </ModalFooter>
+        </ModalContent>
+      </Modal>
+
+      {/* Leave Confirmation Modal */}
+      <Modal open={!!leavingMembership} onOpenChange={() => setLeavingMembership(null)}>
+        <ModalContent className='w-[400px]'>
+          <ModalHeader>Leave Polling Group</ModalHeader>
+          <ModalBody>
+            <p className='text-[12px] text-[var(--text-secondary)]'>
+              Are you sure you want to leave{' '}
+              <span className='font-medium text-[var(--text-primary)]'>
+                {leavingMembership?.name}
+              </span>
+              ? Your email account will no longer be polled in workflows using this group.
+            </p>
+          </ModalBody>
+          <ModalFooter>
+            <Button variant='default' onClick={() => setLeavingMembership(null)}>
+              Cancel
+            </Button>
+            <Button
+              variant='destructive'
+              onClick={confirmLeave}
+              disabled={leaveCredentialSet.isPending}
+            >
+              {leaveCredentialSet.isPending ? 'Leaving...' : 'Leave'}
+            </Button>
+          </ModalFooter>
+        </ModalContent>
+      </Modal>
+
+      {/* Delete Confirmation Modal */}
+      <Modal open={!!deletingSet} onOpenChange={() => setDeletingSet(null)}>
+        <ModalContent className='w-[400px]'>
+          <ModalHeader>Delete Polling Group</ModalHeader>
+          <ModalBody>
+            <p className='text-[12px] text-[var(--text-secondary)]'>
+              Are you sure you want to delete{' '}
+              <span className='font-medium text-[var(--text-primary)]'>{deletingSet?.name}</span>?{' '}
+              <span className='text-[var(--text-error)]'>This action cannot be undone.</span>
+            </p>
+          </ModalBody>
+          <ModalFooter>
+            <Button variant='default' onClick={() => setDeletingSet(null)}>
+              Cancel
+            </Button>
+            <Button
+              variant='destructive'
+              onClick={confirmDelete}
+              disabled={deleteCredentialSet.isPending}
+            >
+              {deleteCredentialSet.isPending ? 'Deleting...' : 'Delete'}
+            </Button>
+          </ModalFooter>
+        </ModalContent>
+      </Modal>
+    </>
+  )
+}
diff --git a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/general/general.tsx b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/general/general.tsx
index d8ad59069d..3e78cf5185 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/general/general.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/general/general.tsx
@@ -480,7 +480,7 @@ export function General({ onOpenChange }: GeneralProps) {
       </div>
 
       <div className='flex items-center justify-between'>
-        <Label htmlFor='auto-connect'>Auto-connect on drag</Label>
+        <Label htmlFor='auto-connect'>Auto-connect on drop</Label>
         <Switch
           id='auto-connect'
           checked={settings?.autoConnect ?? true}
diff --git a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/index.ts b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/index.ts
index 2c4d03228d..af86138a71 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/index.ts
+++ b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/index.ts
@@ -1,6 +1,7 @@
 export { ApiKeys } from './api-keys/api-keys'
 export { BYOK } from './byok/byok'
 export { Copilot } from './copilot/copilot'
+export { CredentialSets } from './credential-sets/credential-sets'
 export { CustomTools } from './custom-tools/custom-tools'
 export { EnvironmentVariables } from './environment/environment'
 export { Files as FileUploads } from './files/files'
diff --git a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/team-management/components/member-invitation-card/member-invitation-card.tsx b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/team-management/components/member-invitation-card/member-invitation-card.tsx
index 6d3edbd64f..e176e813e5 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/team-management/components/member-invitation-card/member-invitation-card.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/team-management/components/member-invitation-card/member-invitation-card.tsx
@@ -1,7 +1,7 @@
 'use client'
 
 import React, { useMemo, useState } from 'react'
-import { CheckCircle, ChevronDown } from 'lucide-react'
+import { ChevronDown } from 'lucide-react'
 import {
   Button,
   Checkbox,
@@ -302,14 +302,11 @@ export function MemberInvitationCard({
 
         {/* Success message */}
         {inviteSuccess && (
-          <div className='flex items-start gap-[8px] rounded-[6px] bg-green-500/10 px-[10px] py-[8px] text-green-600 dark:text-green-400'>
-            <CheckCircle className='h-4 w-4 flex-shrink-0' />
-            <p className='text-[12px]'>
-              Invitation sent successfully
-              {selectedCount > 0 &&
-                ` with access to ${selectedCount} workspace${selectedCount !== 1 ? 's' : ''}`}
-            </p>
-          </div>
+          <p className='text-[11px] text-[var(--text-success)] leading-tight'>
+            Invitation sent successfully
+            {selectedCount > 0 &&
+              ` with access to ${selectedCount} workspace${selectedCount !== 1 ? 's' : ''}`}
+          </p>
         )}
       </div>
     </div>
diff --git a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/team-management/components/team-members/team-members.tsx b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/team-management/components/team-members/team-members.tsx
index d5d1016b59..4e62f6e462 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/team-management/components/team-members/team-members.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/team-management/components/team-members/team-members.tsx
@@ -3,9 +3,13 @@
 import { useState } from 'react'
 import { createLogger } from '@sim/logger'
 import { Avatar, AvatarFallback, AvatarImage, Badge, Button } from '@/components/emcn'
+import { getUserColor } from '@/lib/workspaces/colors'
 import type { Invitation, Member, Organization } from '@/lib/workspaces/organization'
-import { getUserColor } from '@/app/workspace/[workspaceId]/w/utils/get-user-color'
-import { useCancelInvitation, useOrganizationMembers } from '@/hooks/queries/organization'
+import {
+  useCancelInvitation,
+  useOrganizationMembers,
+  useResendInvitation,
+} from '@/hooks/queries/organization'
 
 const logger = createLogger('TeamMembers')
 
@@ -46,12 +50,16 @@ export function TeamMembers({
   onRemoveMember,
 }: TeamMembersProps) {
   const [cancellingInvitations, setCancellingInvitations] = useState<Set<string>>(new Set())
+  const [resendingInvitations, setResendingInvitations] = useState<Set<string>>(new Set())
+  const [resentInvitations, setResentInvitations] = useState<Set<string>>(new Set())
+  const [resendCooldowns, setResendCooldowns] = useState<Record<string, number>>({})
 
   const { data: memberUsageResponse, isLoading: isLoadingUsage } = useOrganizationMembers(
     organization?.id || ''
   )
 
   const cancelInvitationMutation = useCancelInvitation()
+  const resendInvitationMutation = useResendInvitation()
 
   const memberUsageData: Record<string, number> = {}
   if (memberUsageResponse?.data) {
@@ -140,6 +148,54 @@ export function TeamMembers({
     }
   }
 
+  const handleResendInvitation = async (invitationId: string) => {
+    if (!organization?.id) return
+
+    const secondsLeft = resendCooldowns[invitationId]
+    if (secondsLeft && secondsLeft > 0) return
+
+    setResendingInvitations((prev) => new Set([...prev, invitationId]))
+    try {
+      await resendInvitationMutation.mutateAsync({
+        invitationId,
+        orgId: organization.id,
+      })
+
+      setResentInvitations((prev) => new Set([...prev, invitationId]))
+      setTimeout(() => {
+        setResentInvitations((prev) => {
+          const next = new Set(prev)
+          next.delete(invitationId)
+          return next
+        })
+      }, 4000)
+
+      // Start 60s cooldown
+      setResendCooldowns((prev) => ({ ...prev, [invitationId]: 60 }))
+      const interval = setInterval(() => {
+        setResendCooldowns((prev) => {
+          const current = prev[invitationId]
+          if (current === undefined) return prev
+          if (current <= 1) {
+            const next = { ...prev }
+            delete next[invitationId]
+            clearInterval(interval)
+            return next
+          }
+          return { ...prev, [invitationId]: current - 1 }
+        })
+      }, 1000)
+    } catch (error) {
+      logger.error('Failed to resend invitation', { error })
+    } finally {
+      setResendingInvitations((prev) => {
+        const next = new Set(prev)
+        next.delete(invitationId)
+        return next
+      })
+    }
+  }
+
   return (
     <div className='flex flex-col gap-[16px]'>
       {/* Header */}
@@ -148,13 +204,13 @@ export function TeamMembers({
       </div>
 
       {/* Members list */}
-      <div className='flex flex-col gap-[16px]'>
+      <div className='flex flex-col gap-[8px]'>
         {teamItems.map((item) => (
           <div key={item.id} className='flex items-center justify-between'>
             {/* Left section: Avatar + Name/Role + Action buttons */}
             <div className='flex flex-1 items-center gap-[12px]'>
               {/* Avatar */}
-              <Avatar size='sm'>
+              <Avatar className='h-9 w-9'>
                 {item.avatarUrl && <AvatarImage src={item.avatarUrl} alt={item.name} />}
                 <AvatarFallback
                   style={{ background: getUserColor(item.userId || item.email) }}
@@ -179,32 +235,60 @@ export function TeamMembers({
                     </Badge>
                   )}
                   {item.type === 'invitation' && (
-                    <Badge variant='amber' size='sm'>
+                    <Badge variant='gray-secondary' size='sm'>
                       Pending
                     </Badge>
                   )}
                 </div>
-                <div className='truncate text-[12px] text-[var(--text-muted)]'>{item.email}</div>
+                <div className='truncate text-[13px] text-[var(--text-muted)]'>{item.email}</div>
               </div>
 
-              {/* Action buttons */}
-              {isAdminOrOwner && (
-                <>
-                  {/* Admin/Owner can remove other members */}
-                  {item.type === 'member' &&
-                    item.role !== 'owner' &&
-                    item.email !== currentUserEmail && (
-                      <Button
-                        variant='ghost'
-                        onClick={() => onRemoveMember(item.member)}
-                        className='h-8'
-                      >
-                        Remove
-                      </Button>
-                    )}
-
-                  {/* Admin can cancel invitations */}
-                  {item.type === 'invitation' && (
+              {/* Action buttons for members */}
+              {isAdminOrOwner &&
+                item.type === 'member' &&
+                item.role !== 'owner' &&
+                item.email !== currentUserEmail && (
+                  <Button
+                    variant='ghost'
+                    onClick={() => onRemoveMember(item.member)}
+                    className='h-8'
+                  >
+                    Remove
+                  </Button>
+                )}
+            </div>
+
+            {/* Right section */}
+            {isAdminOrOwner && (
+              <div className='ml-[16px] flex flex-col items-end'>
+                {item.type === 'member' ? (
+                  <>
+                    <div className='text-[12px] text-[var(--text-muted)]'>Usage</div>
+                    <div className='font-medium text-[12px] text-[var(--text-primary)] tabular-nums'>
+                      {isLoadingUsage ? (
+                        <span className='inline-block h-3 w-12 animate-pulse rounded-[4px] bg-[var(--surface-4)]' />
+                      ) : (
+                        item.usage
+                      )}
+                    </div>
+                  </>
+                ) : (
+                  <div className='flex items-center gap-[4px]'>
+                    <Button
+                      variant='ghost'
+                      onClick={() => handleResendInvitation(item.invitation.id)}
+                      disabled={
+                        resendingInvitations.has(item.invitation.id) ||
+                        (resendCooldowns[item.invitation.id] ?? 0) > 0
+                      }
+                      className='h-8'
+                    >
+                      {resendingInvitations.has(item.invitation.id)
+                        ? 'Sending...'
+                        : resendCooldowns[item.invitation.id]
+                          ? `Resend (${resendCooldowns[item.invitation.id]}s)`
+                          : 'Resend'}
+                    </Button>
                     <Button
                       variant='ghost'
                       onClick={() => handleCancelInvitation(item.invitation.id)}
@@ -213,22 +297,8 @@ export function TeamMembers({
                     >
                       {cancellingInvitations.has(item.invitation.id) ? 'Cancelling...' : 'Cancel'}
                     </Button>
-                  )}
-                </>
-              )}
-            </div>
-
-            {/* Right section: Usage column (right-aligned) */}
-            {isAdminOrOwner && (
-              <div className='ml-[16px] flex flex-col items-end'>
-                <div className='text-[12px] text-[var(--text-muted)]'>Usage</div>
-                <div className='font-medium text-[12px] text-[var(--text-primary)] tabular-nums'>
-                  {isLoadingUsage && item.type === 'member' ? (
-                    <span className='inline-block h-3 w-12 animate-pulse rounded-[4px] bg-[var(--surface-4)]' />
-                  ) : (
-                    item.usage
-                  )}
-                </div>
+                  </div>
+                )}
               </div>
             )}
           </div>
diff --git a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/settings-modal.tsx b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/settings-modal.tsx
index b6521f7434..63c6748519 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/settings-modal.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/settings-modal.tsx
@@ -4,7 +4,7 @@ import { useCallback, useEffect, useMemo, useRef, useState } from 'react'
 import * as DialogPrimitive from '@radix-ui/react-dialog'
 import * as VisuallyHidden from '@radix-ui/react-visually-hidden'
 import { useQueryClient } from '@tanstack/react-query'
-import { Files, KeySquare, LogIn, Server, Settings, User, Users, Wrench } from 'lucide-react'
+import { Files, KeySquare, LogIn, Mail, Server, Settings, User, Users, Wrench } from 'lucide-react'
 import {
   Card,
   Connections,
@@ -32,6 +32,7 @@ import {
   ApiKeys,
   BYOK,
   Copilot,
+  CredentialSets,
   CustomTools,
   EnvironmentVariables,
   FileUploads,
@@ -52,6 +53,7 @@ import { useSettingsModalStore } from '@/stores/settings-modal/store'
 
 const isBillingEnabled = isTruthy(getEnv('NEXT_PUBLIC_BILLING_ENABLED'))
 const isSSOEnabled = isTruthy(getEnv('NEXT_PUBLIC_SSO_ENABLED'))
+const isCredentialSetsEnabled = isTruthy(getEnv('NEXT_PUBLIC_CREDENTIAL_SETS_ENABLED'))
 
 interface SettingsModalProps {
   open: boolean
@@ -63,6 +65,7 @@ type SettingsSection =
   | 'environment'
   | 'template-profile'
   | 'integrations'
+  | 'credential-sets'
   | 'apikeys'
   | 'byok'
   | 'files'
@@ -84,8 +87,8 @@ type NavigationItem = {
   hideWhenBillingDisabled?: boolean
   requiresTeam?: boolean
   requiresEnterprise?: boolean
-  requiresOwner?: boolean
   requiresHosted?: boolean
+  selfHostedOverride?: boolean
 }
 
 const sectionConfig: { key: NavigationSection; title: string }[] = [
@@ -111,11 +114,20 @@ const allNavigationItems: NavigationItem[] = [
     icon: Users,
     section: 'subscription',
     hideWhenBillingDisabled: true,
+    requiresHosted: true,
     requiresTeam: true,
   },
   { id: 'integrations', label: 'Integrations', icon: Connections, section: 'tools' },
   { id: 'custom-tools', label: 'Custom Tools', icon: Wrench, section: 'tools' },
   { id: 'mcp', label: 'MCP Tools', icon: McpIcon, section: 'tools' },
+  {
+    id: 'credential-sets',
+    label: 'Email Polling',
+    icon: Mail,
+    section: 'system',
+    requiresHosted: true,
+    selfHostedOverride: isCredentialSetsEnabled,
+  },
   { id: 'environment', label: 'Environment', icon: FolderCode, section: 'system' },
   { id: 'apikeys', label: 'API Keys', icon: Key, section: 'system' },
   { id: 'workflow-mcp-servers', label: 'Deployed MCPs', icon: Server, section: 'system' },
@@ -125,6 +137,7 @@ const allNavigationItems: NavigationItem[] = [
     icon: KeySquare,
     section: 'system',
     requiresHosted: true,
+    requiresEnterprise: true,
   },
   {
     id: 'copilot',
@@ -139,9 +152,9 @@ const allNavigationItems: NavigationItem[] = [
     label: 'Single Sign-On',
     icon: LogIn,
     section: 'system',
-    requiresTeam: true,
+    requiresHosted: true,
     requiresEnterprise: true,
-    requiresOwner: true,
+    selfHostedOverride: isSSOEnabled,
   },
 ]
 
@@ -164,8 +177,9 @@ export function SettingsModal({ open, onOpenChange }: SettingsModalProps) {
   const userRole = getUserRole(activeOrganization, userEmail)
   const isOwner = userRole === 'owner'
   const isAdmin = userRole === 'admin'
-  const canManageSSO = isOwner || isAdmin
+  const isOrgAdminOrOwner = isOwner || isAdmin
   const subscriptionStatus = getSubscriptionStatus(subscriptionData?.data)
+  const hasTeamPlan = subscriptionStatus.isTeam || subscriptionStatus.isEnterprise
   const hasEnterprisePlan = subscriptionStatus.isEnterprise
   const hasOrganization = !!activeOrganization?.id
 
@@ -183,29 +197,19 @@ export function SettingsModal({ open, onOpenChange }: SettingsModalProps) {
         return false
       }
 
-      // SSO has special logic that must be checked before requiresTeam
-      if (item.id === 'sso') {
-        if (isHosted) {
-          return hasOrganization && hasEnterprisePlan && canManageSSO
+      if (item.selfHostedOverride && !isHosted) {
+        if (item.id === 'sso') {
+          const hasProviders = (ssoProvidersData?.providers?.length ?? 0) > 0
+          return !hasProviders || isSSOProviderOwner === true
         }
-        // For self-hosted, only show SSO tab if explicitly enabled via environment variable
-        if (!isSSOEnabled) return false
-        // Show tab if user is the SSO provider owner, or if no providers exist yet (to allow initial setup)
-        const hasProviders = (ssoProvidersData?.providers?.length ?? 0) > 0
-        return !hasProviders || isSSOProviderOwner === true
+        return true
       }
 
-      if (item.requiresTeam) {
-        const isMember = userRole === 'member' || isAdmin
-        const hasTeamPlan = subscriptionStatus.isTeam || subscriptionStatus.isEnterprise
-
-        if (isMember) return true
-        if (isOwner && hasTeamPlan) return true
-
+      if (item.requiresTeam && (!hasTeamPlan || !isOrgAdminOrOwner)) {
         return false
       }
 
-      if (item.requiresEnterprise && !hasEnterprisePlan) {
+      if (item.requiresEnterprise && (!hasEnterprisePlan || !isOrgAdminOrOwner)) {
         return false
       }
 
@@ -213,24 +217,17 @@ export function SettingsModal({ open, onOpenChange }: SettingsModalProps) {
         return false
       }
 
-      if (item.requiresOwner && !isOwner) {
-        return false
-      }
-
       return true
     })
   }, [
     hasOrganization,
+    hasTeamPlan,
     hasEnterprisePlan,
-    canManageSSO,
+    isOrgAdminOrOwner,
     isSSOProviderOwner,
     isSSOEnabled,
     ssoProvidersData?.providers?.length,
     isOwner,
-    isAdmin,
-    userRole,
-    subscriptionStatus.isTeam,
-    subscriptionStatus.isEnterprise,
   ])
 
   // Memoized callbacks to prevent infinite loops in child components
@@ -462,6 +459,7 @@ export function SettingsModal({ open, onOpenChange }: SettingsModalProps) {
                 registerCloseHandler={registerIntegrationsCloseHandler}
               />
             )}
+            {activeSection === 'credential-sets' && <CredentialSets />}
             {activeSection === 'apikeys' && <ApiKeys onOpenChange={onOpenChange} />}
             {activeSection === 'files' && <FileUploads />}
             {isBillingEnabled && activeSection === 'subscription' && <Subscription />}
diff --git a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workflow-list/components/workflow-item/avatars/avatars.tsx b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workflow-list/components/workflow-item/avatars/avatars.tsx
index 410722f3d5..685787bc92 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workflow-list/components/workflow-item/avatars/avatars.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workflow-list/components/workflow-item/avatars/avatars.tsx
@@ -4,7 +4,7 @@ import { type CSSProperties, useEffect, useMemo, useState } from 'react'
 import Image from 'next/image'
 import { Tooltip } from '@/components/emcn'
 import { useSession } from '@/lib/auth/auth-client'
-import { getUserColor } from '@/app/workspace/[workspaceId]/w/utils/get-user-color'
+import { getUserColor } from '@/lib/workspaces/colors'
 import { useSocket } from '@/app/workspace/providers/socket-provider'
 
 interface AvatarsProps {
diff --git a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workspace-header/components/invite-modal/components/index.ts b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workspace-header/components/invite-modal/components/index.ts
deleted file mode 100644
index da6e909475..0000000000
--- a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workspace-header/components/invite-modal/components/index.ts
+++ /dev/null
@@ -1,5 +0,0 @@
-export * from './email-tag'
-export * from './permission-selector'
-export * from './permissions-table'
-export * from './permissions-table-skeleton'
-export * from './types'
diff --git a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workspace-header/components/invite-modal/index.ts b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workspace-header/components/invite-modal/index.ts
new file mode 100644
index 0000000000..dccad2d109
--- /dev/null
+++ b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workspace-header/components/invite-modal/index.ts
@@ -0,0 +1,6 @@
+export { EmailTag } from './components/email-tag'
+export { PermissionSelector } from './components/permission-selector'
+export { PermissionsTable } from './components/permissions-table'
+export { PermissionsTableSkeleton } from './components/permissions-table-skeleton'
+export type { PermissionType, UserPermissions } from './components/types'
+export { InviteModal } from './invite-modal'
diff --git a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workspace-header/components/invite-modal/invite-modal.tsx b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workspace-header/components/invite-modal/invite-modal.tsx
index 62450150f7..fe4f670b7e 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workspace-header/components/invite-modal/invite-modal.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workspace-header/components/invite-modal/invite-modal.tsx
@@ -2,6 +2,7 @@
 
 import React, { type KeyboardEvent, useCallback, useEffect, useRef, useState } from 'react'
 import { createLogger } from '@sim/logger'
+import { Paperclip, X } from 'lucide-react'
 import { useParams } from 'next/navigation'
 import {
   Button,
@@ -17,9 +18,10 @@ import { useSession } from '@/lib/auth/auth-client'
 import { cn } from '@/lib/core/utils/cn'
 import { quickValidateEmail } from '@/lib/messaging/email/validation'
 import { useWorkspacePermissionsContext } from '@/app/workspace/[workspaceId]/providers/workspace-permissions-provider'
+import { EmailTag } from '@/app/workspace/[workspaceId]/w/components/sidebar/components/workspace-header/components/invite-modal/components/email-tag'
+import { PermissionsTable } from '@/app/workspace/[workspaceId]/w/components/sidebar/components/workspace-header/components/invite-modal/components/permissions-table'
 import { API_ENDPOINTS } from '@/stores/constants'
-import type { PermissionType, UserPermissions } from './components'
-import { EmailTag, PermissionsTable } from './components'
+import type { PermissionType, UserPermissions } from './components/types'
 
 const logger = createLogger('InviteModal')
 
@@ -40,9 +42,12 @@ interface PendingInvitation {
 
 export function InviteModal({ open, onOpenChange, workspaceName }: InviteModalProps) {
   const formRef = useRef<HTMLFormElement>(null)
+  const fileInputRef = useRef<HTMLInputElement>(null)
   const [inputValue, setInputValue] = useState('')
   const [emails, setEmails] = useState<string[]>([])
   const [invalidEmails, setInvalidEmails] = useState<string[]>([])
+  const [duplicateEmails, setDuplicateEmails] = useState<string[]>([])
+  const [isDragging, setIsDragging] = useState(false)
   const [userPermissions, setUserPermissions] = useState<UserPermissions[]>([])
   const [pendingInvitations, setPendingInvitations] = useState<UserPermissions[]>([])
   const [isPendingInvitationsLoading, setIsPendingInvitationsLoading] = useState(false)
@@ -134,13 +139,20 @@ export function InviteModal({ open, onOpenChange, workspaceName }: InviteModalPr
       const validation = quickValidateEmail(normalized)
       const isValid = validation.isValid
 
-      if (emails.includes(normalized) || invalidEmails.includes(normalized)) {
+      if (
+        emails.includes(normalized) ||
+        invalidEmails.includes(normalized) ||
+        duplicateEmails.includes(normalized)
+      ) {
         return false
       }
 
       const hasPendingInvitation = pendingInvitations.some((inv) => inv.email === normalized)
       if (hasPendingInvitation) {
-        setErrorMessage(`${normalized} already has a pending invitation`)
+        setDuplicateEmails((prev) => {
+          if (prev.includes(normalized)) return prev
+          return [...prev, normalized]
+        })
         setInputValue('')
         return false
       }
@@ -149,7 +161,10 @@ export function InviteModal({ open, onOpenChange, workspaceName }: InviteModalPr
         (user) => user.email === normalized
       )
       if (isExistingMember) {
-        setErrorMessage(`${normalized} is already a member of this workspace`)
+        setDuplicateEmails((prev) => {
+          if (prev.includes(normalized)) return prev
+          return [...prev, normalized]
+        })
         setInputValue('')
         return false
       }
@@ -161,13 +176,19 @@ export function InviteModal({ open, onOpenChange, workspaceName }: InviteModalPr
       }
 
       if (!isValid) {
-        setInvalidEmails((prev) => [...prev, normalized])
+        setInvalidEmails((prev) => {
+          if (prev.includes(normalized)) return prev
+          return [...prev, normalized]
+        })
         setInputValue('')
         return false
       }
 
       setErrorMessage(null)
-      setEmails((prev) => [...prev, normalized])
+      setEmails((prev) => {
+        if (prev.includes(normalized)) return prev
+        return [...prev, normalized]
+      })
 
       setUserPermissions((prev) => [
         ...prev,
@@ -180,7 +201,14 @@ export function InviteModal({ open, onOpenChange, workspaceName }: InviteModalPr
       setInputValue('')
       return true
     },
-    [emails, invalidEmails, pendingInvitations, workspacePermissions?.users, session?.user?.email]
+    [
+      emails,
+      invalidEmails,
+      duplicateEmails,
+      pendingInvitations,
+      workspacePermissions?.users,
+      session?.user?.email,
+    ]
   )
 
   const removeEmail = useCallback(
@@ -196,6 +224,80 @@ export function InviteModal({ open, onOpenChange, workspaceName }: InviteModalPr
     setInvalidEmails((prev) => prev.filter((_, i) => i !== index))
   }, [])
 
+  const removeDuplicateEmail = useCallback((index: number) => {
+    setDuplicateEmails((prev) => prev.filter((_, i) => i !== index))
+  }, [])
+
+  const extractEmailsFromText = useCallback((text: string): string[] => {
+    const emailRegex = /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g
+    const matches = text.match(emailRegex) || []
+    return [...new Set(matches.map((e) => e.toLowerCase()))]
+  }, [])
+
+  const handleFileDrop = useCallback(
+    async (file: File) => {
+      try {
+        const text = await file.text()
+        const extractedEmails = extractEmailsFromText(text)
+        extractedEmails.forEach((email) => {
+          addEmail(email)
+        })
+      } catch (error) {
+        logger.error('Error reading dropped file', error)
+      }
+    },
+    [extractEmailsFromText, addEmail]
+  )
+
+  const handleDragOver = useCallback((e: React.DragEvent) => {
+    e.preventDefault()
+    e.stopPropagation()
+    e.dataTransfer.dropEffect = 'copy'
+    setIsDragging(true)
+  }, [])
+
+  const handleDragLeave = useCallback((e: React.DragEvent) => {
+    e.preventDefault()
+    e.stopPropagation()
+    setIsDragging(false)
+  }, [])
+
+  const handleDrop = useCallback(
+    async (e: React.DragEvent) => {
+      e.preventDefault()
+      e.stopPropagation()
+      setIsDragging(false)
+
+      const files = Array.from(e.dataTransfer.files)
+      const validFiles = files.filter(
+        (f) =>
+          f.type === 'text/csv' ||
+          f.type === 'text/plain' ||
+          f.name.endsWith('.csv') ||
+          f.name.endsWith('.txt')
+      )
+
+      for (const file of validFiles) {
+        await handleFileDrop(file)
+      }
+    },
+    [handleFileDrop]
+  )
+
+  const handleFileInputChange = useCallback(
+    async (e: React.ChangeEvent<HTMLInputElement>) => {
+      const files = e.target.files
+      if (!files) return
+
+      for (const file of Array.from(files)) {
+        await handleFileDrop(file)
+      }
+
+      e.target.value = ''
+    },
+    [handleFileDrop]
+  )
+
   const handlePermissionChange = useCallback(
     (identifier: string, permissionType: PermissionType) => {
       const existingUser = workspacePermissions?.users?.find((user) => user.userId === identifier)
@@ -204,11 +306,9 @@ export function InviteModal({ open, onOpenChange, workspaceName }: InviteModalPr
         setExistingUserPermissionChanges((prev) => {
           const newChanges = { ...prev }
 
-          // If the new permission matches the original, remove the change entry
           if (existingUser.permissionType === permissionType) {
             delete newChanges[identifier]
           } else {
-            // Otherwise, track the change
             newChanges[identifier] = { permissionType }
           }
 
@@ -297,7 +397,6 @@ export function InviteModal({ open, onOpenChange, workspaceName }: InviteModalPr
     setErrorMessage(null)
 
     try {
-      // Verify the user exists in workspace permissions
       const userRecord = workspacePermissions?.users?.find(
         (user) => user.userId === memberToRemove.userId
       )
@@ -322,7 +421,6 @@ export function InviteModal({ open, onOpenChange, workspaceName }: InviteModalPr
         throw new Error(data.error || 'Failed to remove member')
       }
 
-      // Update the workspace permissions to remove the user
       if (workspacePermissions) {
         const updatedUsers = workspacePermissions.users.filter(
           (user) => user.userId !== memberToRemove.userId
@@ -333,7 +431,6 @@ export function InviteModal({ open, onOpenChange, workspaceName }: InviteModalPr
         })
       }
 
-      // Clear any pending changes for this user
       setExistingUserPermissionChanges((prev) => {
         const updated = { ...prev }
         delete updated[memberToRemove.userId]
@@ -384,7 +481,6 @@ export function InviteModal({ open, onOpenChange, workspaceName }: InviteModalPr
         throw new Error(data.error || 'Failed to cancel invitation')
       }
 
-      // Remove the invitation from the pending invitations list
       setPendingInvitations((prev) =>
         prev.filter((inv) => inv.invitationId !== invitationToRemove.invitationId)
       )
@@ -452,7 +548,6 @@ export function InviteModal({ open, onOpenChange, workspaceName }: InviteModalPr
           delete next[invitationId]
           return next
         })
-        // Start 60s cooldown
         setResendCooldowns((prev) => ({ ...prev, [invitationId]: 60 }))
         const interval = setInterval(() => {
           setResendCooldowns((prev) => {
@@ -474,40 +569,52 @@ export function InviteModal({ open, onOpenChange, workspaceName }: InviteModalPr
 
   const handleKeyDown = useCallback(
     (e: KeyboardEvent<HTMLInputElement>) => {
-      if (['Enter', ',', ' '].includes(e.key) && inputValue.trim()) {
+      if (e.key === 'Enter') {
+        e.preventDefault()
+        if (inputValue.trim()) {
+          addEmail(inputValue)
+        }
+        return
+      }
+
+      if ([',', ' '].includes(e.key) && inputValue.trim()) {
         e.preventDefault()
         addEmail(inputValue)
       }
 
       if (e.key === 'Backspace' && !inputValue) {
-        if (invalidEmails.length > 0) {
+        if (duplicateEmails.length > 0) {
+          removeDuplicateEmail(duplicateEmails.length - 1)
+        } else if (invalidEmails.length > 0) {
           removeInvalidEmail(invalidEmails.length - 1)
         } else if (emails.length > 0) {
           removeEmail(emails.length - 1)
         }
       }
     },
-    [inputValue, addEmail, invalidEmails, emails, removeInvalidEmail, removeEmail]
+    [
+      inputValue,
+      addEmail,
+      duplicateEmails,
+      invalidEmails,
+      emails,
+      removeDuplicateEmail,
+      removeInvalidEmail,
+      removeEmail,
+    ]
   )
 
   const handlePaste = useCallback(
     (e: React.ClipboardEvent<HTMLInputElement>) => {
       e.preventDefault()
       const pastedText = e.clipboardData.getData('text')
-      const pastedEmails = pastedText.split(/[\s,;]+/).filter(Boolean)
+      const pastedEmails = extractEmailsFromText(pastedText)
 
-      let addedCount = 0
       pastedEmails.forEach((email) => {
-        if (addEmail(email)) {
-          addedCount++
-        }
+        addEmail(email)
       })
-
-      if (addedCount === 0 && pastedEmails.length === 1) {
-        setInputValue(inputValue + pastedEmails[0])
-      }
     },
-    [addEmail, inputValue]
+    [addEmail, extractEmailsFromText]
   )
 
   const handleSubmit = useCallback(
@@ -518,7 +625,6 @@ export function InviteModal({ open, onOpenChange, workspaceName }: InviteModalPr
         addEmail(inputValue)
       }
 
-      // Clear messages at start of submission
       setErrorMessage(null)
       setSuccessMessage(null)
 
@@ -644,10 +750,11 @@ export function InviteModal({ open, onOpenChange, workspaceName }: InviteModalPr
   )
 
   const resetState = useCallback(() => {
-    // Batch state updates using React's automatic batching in React 18+
     setInputValue('')
     setEmails([])
     setInvalidEmails([])
+    setDuplicateEmails([])
+    setIsDragging(false)
     setUserPermissions([])
     setPendingInvitations([])
     setIsPendingInvitationsLoading(false)
@@ -718,7 +825,29 @@ export function InviteModal({ open, onOpenChange, workspaceName }: InviteModalPr
                   tabIndex={-1}
                   readOnly
                 />
-                <div className='scrollbar-hide flex max-h-32 min-h-9 flex-wrap items-center gap-x-[8px] gap-y-[4px] overflow-y-auto rounded-[4px] border border-[var(--border-1)] bg-[var(--surface-4)] px-[6px] py-[4px] focus-within:outline-none'>
+                <input
+                  ref={fileInputRef}
+                  type='file'
+                  accept='.csv,.txt,text/csv,text/plain'
+                  onChange={handleFileInputChange}
+                  className='hidden'
+                />
+                <div
+                  onDragOver={handleDragOver}
+                  onDragLeave={handleDragLeave}
+                  onDrop={handleDrop}
+                  className={cn(
+                    'scrollbar-hide relative flex max-h-32 min-h-9 flex-wrap items-center gap-x-[8px] gap-y-[4px] overflow-y-auto rounded-[4px] border border-[var(--border-1)] bg-[var(--surface-4)] px-[6px] py-[4px] transition-colors focus-within:outline-none',
+                    isDragging && 'border-[var(--border)] border-dashed bg-[var(--surface-5)]'
+                  )}
+                >
+                  {isDragging && (
+                    <div className='absolute inset-0 flex items-center justify-center rounded-[4px] bg-[var(--surface-5)]/90'>
+                      <span className='text-[13px] text-[var(--text-tertiary)]'>
+                        Drop file here
+                      </span>
+                    </div>
+                  )}
                   {invalidEmails.map((email, index) => (
                     <EmailTag
                       key={`invalid-${index}`}
@@ -728,6 +857,25 @@ export function InviteModal({ open, onOpenChange, workspaceName }: InviteModalPr
                       isInvalid={true}
                     />
                   ))}
+                  {duplicateEmails.map((email, index) => (
+                    <div
+                      key={`duplicate-${index}`}
+                      className='flex w-auto items-center gap-[4px] rounded-[4px] border border-amber-500 bg-amber-500/10 px-[6px] py-[2px] text-[12px] text-amber-600 dark:bg-amber-500/20 dark:text-amber-400'
+                    >
+                      <span className='max-w-[200px] truncate'>{email}</span>
+                      <span className='text-[11px] opacity-70'>duplicate</span>
+                      {!isSubmitting && userPerms.canAdmin && (
+                        <button
+                          type='button'
+                          onClick={() => removeDuplicateEmail(index)}
+                          className='flex-shrink-0 text-amber-600 transition-colors hover:text-amber-700 focus:outline-none dark:text-amber-400 dark:hover:text-amber-300'
+                          aria-label={`Remove ${email}`}
+                        >
+                          <X className='h-[12px] w-[12px] translate-y-[0.2px]' />
+                        </button>
+                      )}
+                    </div>
+                  ))}
                   {emails.map((email, index) => (
                     <EmailTag
                       key={`valid-${index}`}
@@ -736,36 +884,52 @@ export function InviteModal({ open, onOpenChange, workspaceName }: InviteModalPr
                       disabled={isSubmitting || !userPerms.canAdmin}
                     />
                   ))}
-                  <Input
-                    id='invite-field'
-                    name='invite_search_field'
-                    type='text'
-                    value={inputValue}
-                    onChange={(e) => setInputValue(e.target.value)}
-                    onKeyDown={handleKeyDown}
-                    onPaste={handlePaste}
-                    onBlur={() => inputValue.trim() && addEmail(inputValue)}
-                    placeholder={
-                      !userPerms.canAdmin
-                        ? 'Only administrators can invite new members'
-                        : emails.length > 0 || invalidEmails.length > 0
-                          ? 'Add another email'
-                          : 'Enter emails'
-                    }
-                    className={cn(
-                      'h-6 min-w-[180px] flex-1 border-none bg-transparent p-0 text-[13px] focus-visible:ring-0 focus-visible:ring-offset-0',
-                      emails.length > 0 || invalidEmails.length > 0 ? 'pl-[4px]' : 'pl-[4px]'
+                  <div className='relative flex flex-1 items-center'>
+                    <Input
+                      id='invite-field'
+                      name='invite_search_field'
+                      type='text'
+                      value={inputValue}
+                      onChange={(e) => setInputValue(e.target.value)}
+                      onKeyDown={handleKeyDown}
+                      onPaste={handlePaste}
+                      onBlur={() => inputValue.trim() && addEmail(inputValue)}
+                      placeholder={
+                        !userPerms.canAdmin
+                          ? 'Only administrators can invite new members'
+                          : emails.length > 0 ||
+                              invalidEmails.length > 0 ||
+                              duplicateEmails.length > 0
+                            ? 'Add another email'
+                            : 'Enter emails'
+                      }
+                      className={cn(
+                        'h-6 min-w-[140px] flex-1 border-none bg-transparent p-0 text-[13px] focus-visible:ring-0 focus-visible:ring-offset-0',
+                        emails.length > 0 || invalidEmails.length > 0 || duplicateEmails.length > 0
+                          ? 'pl-[4px]'
+                          : 'pl-[4px]'
+                      )}
+                      autoFocus={userPerms.canAdmin}
+                      disabled={isSubmitting || !userPerms.canAdmin}
+                      autoComplete='off'
+                      autoCorrect='off'
+                      autoCapitalize='off'
+                      spellCheck={false}
+                      data-lpignore='true'
+                      data-form-type='other'
+                      aria-autocomplete='none'
+                    />
+                    {userPerms.canAdmin && (
+                      <button
+                        type='button'
+                        onClick={() => fileInputRef.current?.click()}
+                        className='ml-[4px] flex-shrink-0 text-[var(--text-tertiary)] transition-colors hover:text-[var(--text-secondary)]'
+                        disabled={isSubmitting}
+                      >
+                        <Paperclip className='h-[14px] w-[14px]' strokeWidth={2} />
+                      </button>
                     )}
-                    autoFocus={userPerms.canAdmin}
-                    disabled={isSubmitting || !userPerms.canAdmin}
-                    autoComplete='off'
-                    autoCorrect='off'
-                    autoCapitalize='off'
-                    spellCheck={false}
-                    data-lpignore='true'
-                    data-form-type='other'
-                    aria-autocomplete='none'
-                  />
+                  </div>
                 </div>
               </div>
               {errorMessage && (
diff --git a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workspace-header/workspace-header.tsx b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workspace-header/workspace-header.tsx
index 7a908c333e..37c3a9b0e5 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workspace-header/workspace-header.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workspace-header/workspace-header.tsx
@@ -17,7 +17,7 @@ import {
 } from '@/components/emcn'
 import { ContextMenu } from '@/app/workspace/[workspaceId]/w/components/sidebar/components/workflow-list/components/context-menu/context-menu'
 import { DeleteModal } from '@/app/workspace/[workspaceId]/w/components/sidebar/components/workflow-list/components/delete-modal/delete-modal'
-import { InviteModal } from '@/app/workspace/[workspaceId]/w/components/sidebar/components/workspace-header/components/invite-modal/invite-modal'
+import { InviteModal } from '@/app/workspace/[workspaceId]/w/components/sidebar/components/workspace-header/components/invite-modal'
 
 const logger = createLogger('WorkspaceHeader')
 
diff --git a/apps/sim/app/workspace/[workspaceId]/w/utils/get-user-color.ts b/apps/sim/app/workspace/[workspaceId]/w/utils/get-user-color.ts
deleted file mode 100644
index 95e99c0919..0000000000
--- a/apps/sim/app/workspace/[workspaceId]/w/utils/get-user-color.ts
+++ /dev/null
@@ -1,54 +0,0 @@
-/**
- * User color palette matching terminal.tsx RUN_ID_COLORS
- * These colors are used consistently across cursors, avatars, and terminal run IDs
- */
-export const USER_COLORS = [
-  '#4ADE80', // Green
-  '#F472B6', // Pink
-  '#60C5FF', // Blue
-  '#FF8533', // Orange
-  '#C084FC', // Purple
-  '#FCD34D', // Yellow
-] as const
-
-/**
- * Hash a user ID to generate a consistent numeric index
- *
- * @param userId - The user ID to hash
- * @returns A positive integer
- */
-function hashUserId(userId: string): number {
-  return Math.abs(Array.from(userId).reduce((acc, char) => acc + char.charCodeAt(0), 0))
-}
-
-/**
- * Gets a consistent color for a user based on their ID.
- * The same user will always get the same color across cursors, avatars, and terminal.
- *
- * @param userId - The unique user identifier
- * @returns A hex color string
- */
-export function getUserColor(userId: string): string {
-  const hash = hashUserId(userId)
-  return USER_COLORS[hash % USER_COLORS.length]
-}
-
-/**
- * Creates a stable mapping of user IDs to color indices for a list of users.
- * Useful when you need to maintain consistent color assignments across renders.
- *
- * @param userIds - Array of user IDs to map
- * @returns Map of user ID to color index
- */
-export function createUserColorMap(userIds: string[]): Map<string, number> {
-  const colorMap = new Map<string, number>()
-  let colorIndex = 0
-
-  for (const userId of userIds) {
-    if (!colorMap.has(userId)) {
-      colorMap.set(userId, colorIndex++)
-    }
-  }
-
-  return colorMap
-}
diff --git a/apps/sim/background/webhook-execution.ts b/apps/sim/background/webhook-execution.ts
index 20389689f5..b0447e8a00 100644
--- a/apps/sim/background/webhook-execution.ts
+++ b/apps/sim/background/webhook-execution.ts
@@ -95,6 +95,7 @@ export type WebhookExecutionPayload = {
   testMode?: boolean
   executionTarget?: 'deployed' | 'live'
   credentialId?: string
+  credentialAccountUserId?: string
 }
 
 export async function executeWebhookJob(payload: WebhookExecutionPayload) {
@@ -241,6 +242,7 @@ async function executeWebhookJobInternal(
           useDraftState: false,
           startTime: new Date().toISOString(),
           isClientSession: false,
+          credentialAccountUserId: payload.credentialAccountUserId,
           workflowStateOverride: {
             blocks,
             edges,
@@ -499,6 +501,7 @@ async function executeWebhookJobInternal(
       useDraftState: false,
       startTime: new Date().toISOString(),
       isClientSession: false,
+      credentialAccountUserId: payload.credentialAccountUserId,
       workflowStateOverride: {
         blocks,
         edges,
@@ -508,7 +511,9 @@ async function executeWebhookJobInternal(
       },
     }
 
-    const snapshot = new ExecutionSnapshot(metadata, workflow, input || {}, workflowVariables, [])
+    const triggerInput = input || {}
+
+    const snapshot = new ExecutionSnapshot(metadata, workflow, triggerInput, workflowVariables, [])
 
     const executionResult = await executeWorkflowCore({
       snapshot,
diff --git a/apps/sim/blocks/blocks/agent.ts b/apps/sim/blocks/blocks/agent.ts
index 06f81a4768..88b727415a 100644
--- a/apps/sim/blocks/blocks/agent.ts
+++ b/apps/sim/blocks/blocks/agent.ts
@@ -94,7 +94,6 @@ export const AgentBlock: BlockConfig<AgentResponse> = {
       placeholder: 'Type or select a model...',
       required: true,
       defaultValue: 'claude-sonnet-4-5',
-      searchable: true,
       options: () => {
         const providersState = useProvidersStore.getState()
         const baseModels = providersState.providers.base.models
@@ -329,6 +328,43 @@ export const AgentBlock: BlockConfig<AgentResponse> = {
         value: providers.vertex.models,
       },
     },
+    {
+      id: 'bedrockAccessKeyId',
+      title: 'AWS Access Key ID',
+      type: 'short-input',
+      password: true,
+      placeholder: 'Enter your AWS Access Key ID',
+      connectionDroppable: false,
+      required: true,
+      condition: {
+        field: 'model',
+        value: providers.bedrock.models,
+      },
+    },
+    {
+      id: 'bedrockSecretKey',
+      title: 'AWS Secret Access Key',
+      type: 'short-input',
+      password: true,
+      placeholder: 'Enter your AWS Secret Access Key',
+      connectionDroppable: false,
+      required: true,
+      condition: {
+        field: 'model',
+        value: providers.bedrock.models,
+      },
+    },
+    {
+      id: 'bedrockRegion',
+      title: 'AWS Region',
+      type: 'short-input',
+      placeholder: 'us-east-1',
+      connectionDroppable: false,
+      condition: {
+        field: 'model',
+        value: providers.bedrock.models,
+      },
+    },
     {
       id: 'tools',
       title: 'Tools',
@@ -343,11 +379,11 @@ export const AgentBlock: BlockConfig<AgentResponse> = {
       password: true,
       connectionDroppable: false,
       required: true,
-      // Hide API key for hosted models, Ollama models, vLLM models, and Vertex models (uses OAuth)
+      // Hide API key for hosted models, Ollama models, vLLM models, Vertex models (uses OAuth), and Bedrock (uses AWS credentials)
       condition: isHosted
         ? {
             field: 'model',
-            value: [...getHostedModels(), ...providers.vertex.models],
+            value: [...getHostedModels(), ...providers.vertex.models, ...providers.bedrock.models],
             not: true, // Show for all models EXCEPT those listed
           }
         : () => ({
@@ -356,8 +392,9 @@ export const AgentBlock: BlockConfig<AgentResponse> = {
               ...getCurrentOllamaModels(),
               ...getCurrentVLLMModels(),
               ...providers.vertex.models,
+              ...providers.bedrock.models,
             ],
-            not: true, // Show for all models EXCEPT Ollama, vLLM, and Vertex models
+            not: true, // Show for all models EXCEPT Ollama, vLLM, Vertex, and Bedrock models
           }),
     },
     {
@@ -634,6 +671,9 @@ Example 3 (Array Input):
     azureApiVersion: { type: 'string', description: 'Azure API version' },
     vertexProject: { type: 'string', description: 'Google Cloud project ID for Vertex AI' },
     vertexLocation: { type: 'string', description: 'Google Cloud location for Vertex AI' },
+    bedrockAccessKeyId: { type: 'string', description: 'AWS Access Key ID for Bedrock' },
+    bedrockSecretKey: { type: 'string', description: 'AWS Secret Access Key for Bedrock' },
+    bedrockRegion: { type: 'string', description: 'AWS region for Bedrock' },
     responseFormat: {
       type: 'json',
       description: 'JSON response format schema',
diff --git a/apps/sim/blocks/blocks/evaluator.ts b/apps/sim/blocks/blocks/evaluator.ts
index 402957bbdb..5d584d171e 100644
--- a/apps/sim/blocks/blocks/evaluator.ts
+++ b/apps/sim/blocks/blocks/evaluator.ts
@@ -1,27 +1,14 @@
 import { createLogger } from '@sim/logger'
 import { ChartBarIcon } from '@/components/icons'
-import { isHosted } from '@/lib/core/config/feature-flags'
 import type { BlockConfig, ParamType } from '@/blocks/types'
+import { getProviderCredentialSubBlocks, PROVIDER_CREDENTIAL_INPUTS } from '@/blocks/utils'
 import type { ProviderId } from '@/providers/types'
-import {
-  getBaseModelProviders,
-  getHostedModels,
-  getProviderIcon,
-  providers,
-} from '@/providers/utils'
+import { getBaseModelProviders, getProviderIcon } from '@/providers/utils'
 import { useProvidersStore } from '@/stores/providers/store'
 import type { ToolResponse } from '@/tools/types'
 
 const logger = createLogger('EvaluatorBlock')
 
-const getCurrentOllamaModels = () => {
-  return useProvidersStore.getState().providers.ollama.models
-}
-
-const getCurrentVLLMModels = () => {
-  return useProvidersStore.getState().providers.vllm.models
-}
-
 interface Metric {
   name: string
   description: string
@@ -204,91 +191,7 @@ export const EvaluatorBlock: BlockConfig<EvaluatorResponse> = {
         })
       },
     },
-    {
-      id: 'vertexCredential',
-      title: 'Google Cloud Account',
-      type: 'oauth-input',
-      serviceId: 'vertex-ai',
-      requiredScopes: ['https://www.googleapis.com/auth/cloud-platform'],
-      placeholder: 'Select Google Cloud account',
-      required: true,
-      condition: {
-        field: 'model',
-        value: providers.vertex.models,
-      },
-    },
-    {
-      id: 'apiKey',
-      title: 'API Key',
-      type: 'short-input',
-      placeholder: 'Enter your API key',
-      password: true,
-      connectionDroppable: false,
-      required: true,
-      // Hide API key for hosted models, Ollama models, vLLM models, and Vertex models (uses OAuth)
-      condition: isHosted
-        ? {
-            field: 'model',
-            value: [...getHostedModels(), ...providers.vertex.models],
-            not: true, // Show for all models EXCEPT those listed
-          }
-        : () => ({
-            field: 'model',
-            value: [
-              ...getCurrentOllamaModels(),
-              ...getCurrentVLLMModels(),
-              ...providers.vertex.models,
-            ],
-            not: true, // Show for all models EXCEPT Ollama, vLLM, and Vertex models
-          }),
-    },
-    {
-      id: 'azureEndpoint',
-      title: 'Azure OpenAI Endpoint',
-      type: 'short-input',
-      password: true,
-      placeholder: 'https://your-resource.openai.azure.com',
-      connectionDroppable: false,
-      condition: {
-        field: 'model',
-        value: providers['azure-openai'].models,
-      },
-    },
-    {
-      id: 'azureApiVersion',
-      title: 'Azure API Version',
-      type: 'short-input',
-      placeholder: '2024-07-01-preview',
-      connectionDroppable: false,
-      condition: {
-        field: 'model',
-        value: providers['azure-openai'].models,
-      },
-    },
-    {
-      id: 'vertexProject',
-      title: 'Vertex AI Project',
-      type: 'short-input',
-      placeholder: 'your-gcp-project-id',
-      connectionDroppable: false,
-      required: true,
-      condition: {
-        field: 'model',
-        value: providers.vertex.models,
-      },
-    },
-    {
-      id: 'vertexLocation',
-      title: 'Vertex AI Location',
-      type: 'short-input',
-      placeholder: 'us-central1',
-      connectionDroppable: false,
-      required: true,
-      condition: {
-        field: 'model',
-        value: providers.vertex.models,
-      },
-    },
+    ...getProviderCredentialSubBlocks(),
     {
       id: 'temperature',
       title: 'Temperature',
@@ -403,21 +306,7 @@ export const EvaluatorBlock: BlockConfig<EvaluatorResponse> = {
       },
     },
     model: { type: 'string' as ParamType, description: 'AI model to use' },
-    apiKey: { type: 'string' as ParamType, description: 'Provider API key' },
-    azureEndpoint: { type: 'string' as ParamType, description: 'Azure OpenAI endpoint URL' },
-    azureApiVersion: { type: 'string' as ParamType, description: 'Azure API version' },
-    vertexProject: {
-      type: 'string' as ParamType,
-      description: 'Google Cloud project ID for Vertex AI',
-    },
-    vertexLocation: {
-      type: 'string' as ParamType,
-      description: 'Google Cloud location for Vertex AI',
-    },
-    vertexCredential: {
-      type: 'string' as ParamType,
-      description: 'Google Cloud OAuth credential ID for Vertex AI',
-    },
+    ...PROVIDER_CREDENTIAL_INPUTS,
     temperature: {
       type: 'number' as ParamType,
       description: 'Response randomness level (low for consistent evaluation)',
diff --git a/apps/sim/blocks/blocks/guardrails.ts b/apps/sim/blocks/blocks/guardrails.ts
index 39914ced74..4ccf1ccecf 100644
--- a/apps/sim/blocks/blocks/guardrails.ts
+++ b/apps/sim/blocks/blocks/guardrails.ts
@@ -1,15 +1,10 @@
 import { ShieldCheckIcon } from '@/components/icons'
-import { isHosted } from '@/lib/core/config/feature-flags'
 import type { BlockConfig } from '@/blocks/types'
-import { getHostedModels, getProviderIcon } from '@/providers/utils'
+import { getProviderCredentialSubBlocks, PROVIDER_CREDENTIAL_INPUTS } from '@/blocks/utils'
+import { getProviderIcon } from '@/providers/utils'
 import { useProvidersStore } from '@/stores/providers/store'
 import type { ToolResponse } from '@/tools/types'
 
-const getCurrentOllamaModels = () => {
-  const providersState = useProvidersStore.getState()
-  return providersState.providers.ollama.models
-}
-
 export interface GuardrailsResponse extends ToolResponse {
   output: {
     passed: boolean
@@ -120,8 +115,11 @@ Return ONLY the regex pattern - no explanations, no quotes, no forward slashes,
         const providersState = useProvidersStore.getState()
         const baseModels = providersState.providers.base.models
         const ollamaModels = providersState.providers.ollama.models
+        const vllmModels = providersState.providers.vllm.models
         const openrouterModels = providersState.providers.openrouter.models
-        const allModels = Array.from(new Set([...baseModels, ...ollamaModels, ...openrouterModels]))
+        const allModels = Array.from(
+          new Set([...baseModels, ...ollamaModels, ...vllmModels, ...openrouterModels])
+        )
 
         return allModels.map((model) => {
           const icon = getProviderIcon(model)
@@ -160,44 +158,19 @@ Return ONLY the regex pattern - no explanations, no quotes, no forward slashes,
         value: ['hallucination'],
       },
     },
-    {
-      id: 'apiKey',
-      title: 'API Key',
-      type: 'short-input',
-      placeholder: 'Enter your API key',
-      password: true,
-      connectionDroppable: false,
-      required: true,
-      // Show API key field only for hallucination validation
-      // Hide for hosted models and Ollama models
-      condition: () => {
-        const baseCondition = {
-          field: 'validationType' as const,
-          value: ['hallucination'],
-        }
-
-        if (isHosted) {
-          // In hosted mode, hide for hosted models
-          return {
-            ...baseCondition,
-            and: {
-              field: 'model' as const,
-              value: getHostedModels(),
-              not: true, // Show for all models EXCEPT hosted ones
-            },
+    // Provider credential subblocks - only shown for hallucination validation
+    ...getProviderCredentialSubBlocks().map((subBlock) => ({
+      ...subBlock,
+      // Combine with hallucination condition
+      condition: subBlock.condition
+        ? {
+            field: 'validationType' as const,
+            value: ['hallucination'],
+            and:
+              typeof subBlock.condition === 'function' ? subBlock.condition() : subBlock.condition,
           }
-        }
-        // In self-hosted mode, hide for Ollama models
-        return {
-          ...baseCondition,
-          and: {
-            field: 'model' as const,
-            value: getCurrentOllamaModels(),
-            not: true, // Show for all models EXCEPT Ollama ones
-          },
-        }
-      },
-    },
+        : { field: 'validationType' as const, value: ['hallucination'] },
+    })),
     {
       id: 'piiEntityTypes',
       title: 'PII Types to Detect',
@@ -332,10 +305,7 @@ Return ONLY the regex pattern - no explanations, no quotes, no forward slashes,
       type: 'string',
       description: 'LLM model for hallucination scoring (default: gpt-4o-mini)',
     },
-    apiKey: {
-      type: 'string',
-      description: 'API key for LLM provider (optional if using hosted)',
-    },
+    ...PROVIDER_CREDENTIAL_INPUTS,
     piiEntityTypes: {
       type: 'json',
       description: 'PII entity types to detect (array of strings, empty = detect all)',
diff --git a/apps/sim/blocks/blocks/linear.ts b/apps/sim/blocks/blocks/linear.ts
index 6b88caac6b..3eedb35c5e 100644
--- a/apps/sim/blocks/blocks/linear.ts
+++ b/apps/sim/blocks/blocks/linear.ts
@@ -77,7 +77,6 @@ export const LinearBlock: BlockConfig<LinearResponse> = {
         // Project Update Operations
         { label: 'Create Project Update', id: 'linear_create_project_update' },
         { label: 'List Project Updates', id: 'linear_list_project_updates' },
-        { label: 'Create Project Link', id: 'linear_create_project_link' },
         // Notification Operations
         { label: 'List Notifications', id: 'linear_list_notifications' },
         { label: 'Update Notification', id: 'linear_update_notification' },
@@ -227,6 +226,7 @@ export const LinearBlock: BlockConfig<LinearResponse> = {
           'linear_update_project',
           'linear_archive_project',
           'linear_delete_project',
+          'linear_create_project_update',
           'linear_list_project_updates',
         ],
       },
@@ -239,6 +239,7 @@ export const LinearBlock: BlockConfig<LinearResponse> = {
           'linear_update_project',
           'linear_archive_project',
           'linear_delete_project',
+          'linear_create_project_update',
           'linear_list_project_updates',
           'linear_list_project_labels',
         ],
@@ -261,7 +262,6 @@ export const LinearBlock: BlockConfig<LinearResponse> = {
           'linear_delete_project',
           'linear_create_project_update',
           'linear_list_project_updates',
-          'linear_create_project_link',
         ],
       },
       condition: {
@@ -275,7 +275,6 @@ export const LinearBlock: BlockConfig<LinearResponse> = {
           'linear_delete_project',
           'linear_create_project_update',
           'linear_list_project_updates',
-          'linear_create_project_link',
           'linear_list_project_labels',
         ],
       },
@@ -625,7 +624,7 @@ Return ONLY the date string in YYYY-MM-DD format - no explanations, no quotes, n
       required: true,
       condition: {
         field: 'operation',
-        value: ['linear_create_attachment', 'linear_create_project_link'],
+        value: ['linear_create_attachment'],
       },
     },
     // Attachment title
@@ -1221,6 +1220,36 @@ Return ONLY the date string in YYYY-MM-DD format - no explanations, no quotes, n
         value: ['linear_create_project_status'],
       },
     },
+    {
+      id: 'projectStatusType',
+      title: 'Status Type',
+      type: 'dropdown',
+      options: [
+        { label: 'Backlog', id: 'backlog' },
+        { label: 'Planned', id: 'planned' },
+        { label: 'Started', id: 'started' },
+        { label: 'Paused', id: 'paused' },
+        { label: 'Completed', id: 'completed' },
+        { label: 'Canceled', id: 'canceled' },
+      ],
+      value: () => 'started',
+      required: true,
+      condition: {
+        field: 'operation',
+        value: ['linear_create_project_status'],
+      },
+    },
+    {
+      id: 'projectStatusPosition',
+      title: 'Position',
+      type: 'short-input',
+      placeholder: 'Enter position (e.g. 0, 1, 2...)',
+      required: true,
+      condition: {
+        field: 'operation',
+        value: ['linear_create_project_status'],
+      },
+    },
     {
       id: 'projectStatusId',
       title: 'Status ID',
@@ -1326,7 +1355,6 @@ Return ONLY the date string in YYYY-MM-DD format - no explanations, no quotes, n
       'linear_list_favorites',
       'linear_create_project_update',
       'linear_list_project_updates',
-      'linear_create_project_link',
       'linear_list_notifications',
       'linear_update_notification',
       'linear_create_customer',
@@ -1772,17 +1800,6 @@ Return ONLY the date string in YYYY-MM-DD format - no explanations, no quotes, n
               projectId: effectiveProjectId,
             }
 
-          case 'linear_create_project_link':
-            if (!effectiveProjectId || !params.url?.trim()) {
-              throw new Error('Project ID and URL are required.')
-            }
-            return {
-              ...baseParams,
-              projectId: effectiveProjectId,
-              url: params.url.trim(),
-              label: params.name,
-            }
-
           case 'linear_list_notifications':
             return baseParams
 
@@ -2033,22 +2050,22 @@ Return ONLY the date string in YYYY-MM-DD format - no explanations, no quotes, n
             }
 
           case 'linear_add_label_to_project':
-            if (!effectiveProjectId || !params.projectLabelId?.trim()) {
+            if (!params.projectIdForMilestone?.trim() || !params.projectLabelId?.trim()) {
               throw new Error('Project ID and label ID are required.')
             }
             return {
               ...baseParams,
-              projectId: effectiveProjectId,
+              projectId: params.projectIdForMilestone.trim(),
               labelId: params.projectLabelId.trim(),
             }
 
           case 'linear_remove_label_from_project':
-            if (!effectiveProjectId || !params.projectLabelId?.trim()) {
+            if (!params.projectIdForMilestone?.trim() || !params.projectLabelId?.trim()) {
               throw new Error('Project ID and label ID are required.')
             }
             return {
               ...baseParams,
-              projectId: effectiveProjectId,
+              projectId: params.projectIdForMilestone.trim(),
               labelId: params.projectLabelId.trim(),
             }
 
@@ -2097,13 +2114,20 @@ Return ONLY the date string in YYYY-MM-DD format - no explanations, no quotes, n
 
           // Project Status Operations
           case 'linear_create_project_status':
-            if (!params.projectStatusName?.trim() || !params.statusColor?.trim()) {
-              throw new Error('Project status name and color are required.')
+            if (
+              !params.projectStatusName?.trim() ||
+              !params.projectStatusType?.trim() ||
+              !params.statusColor?.trim() ||
+              !params.projectStatusPosition?.trim()
+            ) {
+              throw new Error('Project status name, type, color, and position are required.')
             }
             return {
               ...baseParams,
               name: params.projectStatusName.trim(),
+              type: params.projectStatusType.trim(),
               color: params.statusColor.trim(),
+              position: Number.parseFloat(params.projectStatusPosition.trim()),
               description: params.projectStatusDescription?.trim() || undefined,
               indefinite: params.projectStatusIndefinite === 'true',
             }
@@ -2270,7 +2294,6 @@ Return ONLY the date string in YYYY-MM-DD format - no explanations, no quotes, n
     // Project update outputs
     update: { type: 'json', description: 'Project update data' },
     updates: { type: 'json', description: 'Project updates list' },
-    link: { type: 'json', description: 'Project link data' },
     // Notification outputs
     notification: { type: 'json', description: 'Notification data' },
     notifications: { type: 'json', description: 'Notifications list' },
diff --git a/apps/sim/blocks/blocks/router.ts b/apps/sim/blocks/blocks/router.ts
index 727c3c4682..ae6672a309 100644
--- a/apps/sim/blocks/blocks/router.ts
+++ b/apps/sim/blocks/blocks/router.ts
@@ -1,24 +1,11 @@
 import { ConnectIcon } from '@/components/icons'
-import { isHosted } from '@/lib/core/config/feature-flags'
 import { AuthMode, type BlockConfig } from '@/blocks/types'
+import { getProviderCredentialSubBlocks, PROVIDER_CREDENTIAL_INPUTS } from '@/blocks/utils'
 import type { ProviderId } from '@/providers/types'
-import {
-  getBaseModelProviders,
-  getHostedModels,
-  getProviderIcon,
-  providers,
-} from '@/providers/utils'
+import { getBaseModelProviders, getProviderIcon } from '@/providers/utils'
 import { useProvidersStore } from '@/stores/providers/store'
 import type { ToolResponse } from '@/tools/types'
 
-const getCurrentOllamaModels = () => {
-  return useProvidersStore.getState().providers.ollama.models
-}
-
-const getCurrentVLLMModels = () => {
-  return useProvidersStore.getState().providers.vllm.models
-}
-
 interface RouterResponse extends ToolResponse {
   output: {
     prompt: string
@@ -168,23 +155,6 @@ const getModelOptions = () => {
   })
 }
 
-/**
- * Helper to get API key condition for both router versions.
- */
-const getApiKeyCondition = () => {
-  return isHosted
-    ? {
-        field: 'model',
-        value: [...getHostedModels(), ...providers.vertex.models],
-        not: true,
-      }
-    : () => ({
-        field: 'model',
-        value: [...getCurrentOllamaModels(), ...getCurrentVLLMModels(), ...providers.vertex.models],
-        not: true,
-      })
-}
-
 /**
  * Legacy Router Block (block-based routing).
  * Hidden from toolbar but still supported for existing workflows.
@@ -221,76 +191,7 @@ export const RouterBlock: BlockConfig<RouterResponse> = {
       defaultValue: 'claude-sonnet-4-5',
       options: getModelOptions,
     },
-    {
-      id: 'vertexCredential',
-      title: 'Google Cloud Account',
-      type: 'oauth-input',
-      serviceId: 'vertex-ai',
-      requiredScopes: ['https://www.googleapis.com/auth/cloud-platform'],
-      placeholder: 'Select Google Cloud account',
-      required: true,
-      condition: {
-        field: 'model',
-        value: providers.vertex.models,
-      },
-    },
-    {
-      id: 'apiKey',
-      title: 'API Key',
-      type: 'short-input',
-      placeholder: 'Enter your API key',
-      password: true,
-      connectionDroppable: false,
-      required: true,
-      condition: getApiKeyCondition(),
-    },
-    {
-      id: 'azureEndpoint',
-      title: 'Azure OpenAI Endpoint',
-      type: 'short-input',
-      password: true,
-      placeholder: 'https://your-resource.openai.azure.com',
-      connectionDroppable: false,
-      condition: {
-        field: 'model',
-        value: providers['azure-openai'].models,
-      },
-    },
-    {
-      id: 'azureApiVersion',
-      title: 'Azure API Version',
-      type: 'short-input',
-      placeholder: '2024-07-01-preview',
-      connectionDroppable: false,
-      condition: {
-        field: 'model',
-        value: providers['azure-openai'].models,
-      },
-    },
-    {
-      id: 'vertexProject',
-      title: 'Vertex AI Project',
-      type: 'short-input',
-      placeholder: 'your-gcp-project-id',
-      connectionDroppable: false,
-      required: true,
-      condition: {
-        field: 'model',
-        value: providers.vertex.models,
-      },
-    },
-    {
-      id: 'vertexLocation',
-      title: 'Vertex AI Location',
-      type: 'short-input',
-      placeholder: 'us-central1',
-      connectionDroppable: false,
-      required: true,
-      condition: {
-        field: 'model',
-        value: providers.vertex.models,
-      },
-    },
+    ...getProviderCredentialSubBlocks(),
     {
       id: 'temperature',
       title: 'Temperature',
@@ -335,15 +236,7 @@ export const RouterBlock: BlockConfig<RouterResponse> = {
   inputs: {
     prompt: { type: 'string', description: 'Routing prompt content' },
     model: { type: 'string', description: 'AI model to use' },
-    apiKey: { type: 'string', description: 'Provider API key' },
-    azureEndpoint: { type: 'string', description: 'Azure OpenAI endpoint URL' },
-    azureApiVersion: { type: 'string', description: 'Azure API version' },
-    vertexProject: { type: 'string', description: 'Google Cloud project ID for Vertex AI' },
-    vertexLocation: { type: 'string', description: 'Google Cloud location for Vertex AI' },
-    vertexCredential: {
-      type: 'string',
-      description: 'Google Cloud OAuth credential ID for Vertex AI',
-    },
+    ...PROVIDER_CREDENTIAL_INPUTS,
     temperature: {
       type: 'number',
       description: 'Response randomness level (low for consistent routing)',
@@ -422,76 +315,7 @@ export const RouterV2Block: BlockConfig<RouterV2Response> = {
       defaultValue: 'claude-sonnet-4-5',
       options: getModelOptions,
     },
-    {
-      id: 'vertexCredential',
-      title: 'Google Cloud Account',
-      type: 'oauth-input',
-      serviceId: 'vertex-ai',
-      requiredScopes: ['https://www.googleapis.com/auth/cloud-platform'],
-      placeholder: 'Select Google Cloud account',
-      required: true,
-      condition: {
-        field: 'model',
-        value: providers.vertex.models,
-      },
-    },
-    {
-      id: 'apiKey',
-      title: 'API Key',
-      type: 'short-input',
-      placeholder: 'Enter your API key',
-      password: true,
-      connectionDroppable: false,
-      required: true,
-      condition: getApiKeyCondition(),
-    },
-    {
-      id: 'azureEndpoint',
-      title: 'Azure OpenAI Endpoint',
-      type: 'short-input',
-      password: true,
-      placeholder: 'https://your-resource.openai.azure.com',
-      connectionDroppable: false,
-      condition: {
-        field: 'model',
-        value: providers['azure-openai'].models,
-      },
-    },
-    {
-      id: 'azureApiVersion',
-      title: 'Azure API Version',
-      type: 'short-input',
-      placeholder: '2024-07-01-preview',
-      connectionDroppable: false,
-      condition: {
-        field: 'model',
-        value: providers['azure-openai'].models,
-      },
-    },
-    {
-      id: 'vertexProject',
-      title: 'Vertex AI Project',
-      type: 'short-input',
-      placeholder: 'your-gcp-project-id',
-      connectionDroppable: false,
-      required: true,
-      condition: {
-        field: 'model',
-        value: providers.vertex.models,
-      },
-    },
-    {
-      id: 'vertexLocation',
-      title: 'Vertex AI Location',
-      type: 'short-input',
-      placeholder: 'us-central1',
-      connectionDroppable: false,
-      required: true,
-      condition: {
-        field: 'model',
-        value: providers.vertex.models,
-      },
-    },
+    ...getProviderCredentialSubBlocks(),
   ],
   tools: {
     access: [
@@ -520,15 +344,7 @@ export const RouterV2Block: BlockConfig<RouterV2Response> = {
     context: { type: 'string', description: 'Context for routing decision' },
     routes: { type: 'json', description: 'Route definitions with descriptions' },
     model: { type: 'string', description: 'AI model to use' },
-    apiKey: { type: 'string', description: 'Provider API key' },
-    azureEndpoint: { type: 'string', description: 'Azure OpenAI endpoint URL' },
-    azureApiVersion: { type: 'string', description: 'Azure API version' },
-    vertexProject: { type: 'string', description: 'Google Cloud project ID for Vertex AI' },
-    vertexLocation: { type: 'string', description: 'Google Cloud location for Vertex AI' },
-    vertexCredential: {
-      type: 'string',
-      description: 'Google Cloud OAuth credential ID for Vertex AI',
-    },
+    ...PROVIDER_CREDENTIAL_INPUTS,
   },
   outputs: {
     context: { type: 'string', description: 'Context used for routing' },
diff --git a/apps/sim/blocks/blocks/translate.ts b/apps/sim/blocks/blocks/translate.ts
index 44c646608a..d0d6477651 100644
--- a/apps/sim/blocks/blocks/translate.ts
+++ b/apps/sim/blocks/blocks/translate.ts
@@ -1,17 +1,9 @@
 import { TranslateIcon } from '@/components/icons'
-import { isHosted } from '@/lib/core/config/feature-flags'
 import { AuthMode, type BlockConfig } from '@/blocks/types'
-import { getHostedModels, getProviderIcon, providers } from '@/providers/utils'
+import { getProviderCredentialSubBlocks, PROVIDER_CREDENTIAL_INPUTS } from '@/blocks/utils'
+import { getProviderIcon } from '@/providers/utils'
 import { useProvidersStore } from '@/stores/providers/store'
 
-const getCurrentOllamaModels = () => {
-  return useProvidersStore.getState().providers.ollama.models
-}
-
-const getCurrentVLLMModels = () => {
-  return useProvidersStore.getState().providers.vllm.models
-}
-
 const getTranslationPrompt = (targetLanguage: string) =>
   `Translate the following text into ${targetLanguage || 'English'}. Output ONLY the translated text with no additional commentary, explanations, or notes.`
 
@@ -59,91 +51,7 @@ export const TranslateBlock: BlockConfig = {
         })
       },
     },
-    {
-      id: 'vertexCredential',
-      title: 'Google Cloud Account',
-      type: 'oauth-input',
-      serviceId: 'vertex-ai',
-      requiredScopes: ['https://www.googleapis.com/auth/cloud-platform'],
-      placeholder: 'Select Google Cloud account',
-      required: true,
-      condition: {
-        field: 'model',
-        value: providers.vertex.models,
-      },
-    },
-    {
-      id: 'apiKey',
-      title: 'API Key',
-      type: 'short-input',
-      placeholder: 'Enter your API key',
-      password: true,
-      connectionDroppable: false,
-      required: true,
-      // Hide API key for hosted models, Ollama models, vLLM models, and Vertex models (uses OAuth)
-      condition: isHosted
-        ? {
-            field: 'model',
-            value: [...getHostedModels(), ...providers.vertex.models],
-            not: true, // Show for all models EXCEPT those listed
-          }
-        : () => ({
-            field: 'model',
-            value: [
-              ...getCurrentOllamaModels(),
-              ...getCurrentVLLMModels(),
-              ...providers.vertex.models,
-            ],
-            not: true, // Show for all models EXCEPT Ollama, vLLM, and Vertex models
-          }),
-    },
-    {
-      id: 'azureEndpoint',
-      title: 'Azure OpenAI Endpoint',
-      type: 'short-input',
-      password: true,
-      placeholder: 'https://your-resource.openai.azure.com',
-      connectionDroppable: false,
-      condition: {
-        field: 'model',
-        value: providers['azure-openai'].models,
-      },
-    },
-    {
-      id: 'azureApiVersion',
-      title: 'Azure API Version',
-      type: 'short-input',
-      placeholder: '2024-07-01-preview',
-      connectionDroppable: false,
-      condition: {
-        field: 'model',
-        value: providers['azure-openai'].models,
-      },
-    },
-    {
-      id: 'vertexProject',
-      title: 'Vertex AI Project',
-      type: 'short-input',
-      placeholder: 'your-gcp-project-id',
-      connectionDroppable: false,
-      required: true,
-      condition: {
-        field: 'model',
-        value: providers.vertex.models,
-      },
-    },
-    {
-      id: 'vertexLocation',
-      title: 'Vertex AI Location',
-      type: 'short-input',
-      placeholder: 'us-central1',
-      connectionDroppable: false,
-      required: true,
-      condition: {
-        field: 'model',
-        value: providers.vertex.models,
-      },
-    },
+    ...getProviderCredentialSubBlocks(),
     {
       id: 'systemPrompt',
       title: 'System Prompt',
@@ -168,21 +76,15 @@ export const TranslateBlock: BlockConfig = {
         vertexProject: params.vertexProject,
         vertexLocation: params.vertexLocation,
         vertexCredential: params.vertexCredential,
+        bedrockRegion: params.bedrockRegion,
+        bedrockSecretKey: params.bedrockSecretKey,
       }),
     },
   },
   inputs: {
     context: { type: 'string', description: 'Text to translate' },
     targetLanguage: { type: 'string', description: 'Target language' },
-    apiKey: { type: 'string', description: 'Provider API key' },
-    azureEndpoint: { type: 'string', description: 'Azure OpenAI endpoint URL' },
-    azureApiVersion: { type: 'string', description: 'Azure API version' },
-    vertexProject: { type: 'string', description: 'Google Cloud project ID for Vertex AI' },
-    vertexLocation: { type: 'string', description: 'Google Cloud location for Vertex AI' },
-    vertexCredential: {
-      type: 'string',
-      description: 'Google Cloud OAuth credential ID for Vertex AI',
-    },
+    ...PROVIDER_CREDENTIAL_INPUTS,
     systemPrompt: { type: 'string', description: 'Translation instructions' },
   },
   outputs: {
diff --git a/apps/sim/blocks/types.ts b/apps/sim/blocks/types.ts
index fd2fe4f1ee..28605a440d 100644
--- a/apps/sim/blocks/types.ts
+++ b/apps/sim/blocks/types.ts
@@ -254,6 +254,8 @@ export interface SubBlockConfig {
   // OAuth specific properties - serviceId is the canonical identifier for OAuth services
   serviceId?: string
   requiredScopes?: string[]
+  // Whether this credential selector supports credential sets (for trigger blocks)
+  supportsCredentialSets?: boolean
   // File selector specific properties
   mimeType?: string
   // File upload specific properties
diff --git a/apps/sim/blocks/utils.ts b/apps/sim/blocks/utils.ts
index 8a96ca2ae0..6d75c58619 100644
--- a/apps/sim/blocks/utils.ts
+++ b/apps/sim/blocks/utils.ts
@@ -1,4 +1,7 @@
+import { isHosted } from '@/lib/core/config/feature-flags'
 import type { BlockOutput, OutputFieldDefinition, SubBlockConfig } from '@/blocks/types'
+import { getHostedModels, providers } from '@/providers/utils'
+import { useProvidersStore } from '@/stores/providers/store'
 
 /**
  * Checks if a field is included in the dependsOn config.
@@ -37,3 +40,177 @@ export function resolveOutputType(
 
   return resolvedOutputs
 }
+
+/**
+ * Helper to get current Ollama models from store
+ */
+const getCurrentOllamaModels = () => {
+  return useProvidersStore.getState().providers.ollama.models
+}
+
+/**
+ * Helper to get current vLLM models from store
+ */
+const getCurrentVLLMModels = () => {
+  return useProvidersStore.getState().providers.vllm.models
+}
+
+/**
+ * Get the API key condition for provider credential subblocks.
+ * Handles hosted vs self-hosted environments and excludes providers that don't need API key.
+ */
+export function getApiKeyCondition() {
+  return isHosted
+    ? {
+        field: 'model',
+        value: [...getHostedModels(), ...providers.vertex.models, ...providers.bedrock.models],
+        not: true,
+      }
+    : () => ({
+        field: 'model',
+        value: [
+          ...getCurrentOllamaModels(),
+          ...getCurrentVLLMModels(),
+          ...providers.vertex.models,
+          ...providers.bedrock.models,
+        ],
+        not: true,
+      })
+}
+
+/**
+ * Returns the standard provider credential subblocks used by LLM-based blocks.
+ * This includes: Vertex AI OAuth, API Key, Azure OpenAI, Vertex AI config, and Bedrock config.
+ *
+ * Usage: Spread into your block's subBlocks array after block-specific fields
+ */
+export function getProviderCredentialSubBlocks(): SubBlockConfig[] {
+  return [
+    {
+      id: 'vertexCredential',
+      title: 'Google Cloud Account',
+      type: 'oauth-input',
+      serviceId: 'vertex-ai',
+      requiredScopes: ['https://www.googleapis.com/auth/cloud-platform'],
+      placeholder: 'Select Google Cloud account',
+      required: true,
+      condition: {
+        field: 'model',
+        value: providers.vertex.models,
+      },
+    },
+    {
+      id: 'apiKey',
+      title: 'API Key',
+      type: 'short-input',
+      placeholder: 'Enter your API key',
+      password: true,
+      connectionDroppable: false,
+      required: true,
+      condition: getApiKeyCondition(),
+    },
+    {
+      id: 'azureEndpoint',
+      title: 'Azure OpenAI Endpoint',
+      type: 'short-input',
+      password: true,
+      placeholder: 'https://your-resource.openai.azure.com',
+      connectionDroppable: false,
+      condition: {
+        field: 'model',
+        value: providers['azure-openai'].models,
+      },
+    },
+    {
+      id: 'azureApiVersion',
+      title: 'Azure API Version',
+      type: 'short-input',
+      placeholder: '2024-07-01-preview',
+      connectionDroppable: false,
+      condition: {
+        field: 'model',
+        value: providers['azure-openai'].models,
+      },
+    },
+    {
+      id: 'vertexProject',
+      title: 'Vertex AI Project',
+      type: 'short-input',
+      placeholder: 'your-gcp-project-id',
+      connectionDroppable: false,
+      required: true,
+      condition: {
+        field: 'model',
+        value: providers.vertex.models,
+      },
+    },
+    {
+      id: 'vertexLocation',
+      title: 'Vertex AI Location',
+      type: 'short-input',
+      placeholder: 'us-central1',
+      connectionDroppable: false,
+      required: true,
+      condition: {
+        field: 'model',
+        value: providers.vertex.models,
+      },
+    },
+    {
+      id: 'bedrockAccessKeyId',
+      title: 'AWS Access Key ID',
+      type: 'short-input',
+      password: true,
+      placeholder: 'Enter your AWS Access Key ID',
+      connectionDroppable: false,
+      required: true,
+      condition: {
+        field: 'model',
+        value: providers.bedrock.models,
+      },
+    },
+    {
+      id: 'bedrockSecretKey',
+      title: 'AWS Secret Access Key',
+      type: 'short-input',
+      password: true,
+      placeholder: 'Enter your AWS Secret Access Key',
+      connectionDroppable: false,
+      required: true,
+      condition: {
+        field: 'model',
+        value: providers.bedrock.models,
+      },
+    },
+    {
+      id: 'bedrockRegion',
+      title: 'AWS Region',
+      type: 'short-input',
+      placeholder: 'us-east-1',
+      connectionDroppable: false,
+      condition: {
+        field: 'model',
+        value: providers.bedrock.models,
+      },
+    },
+  ]
+}
+
+/**
+ * Returns the standard input definitions for provider credentials.
+ * Use this in your block's inputs definition.
+ */
+export const PROVIDER_CREDENTIAL_INPUTS = {
+  apiKey: { type: 'string', description: 'Provider API key' },
+  azureEndpoint: { type: 'string', description: 'Azure OpenAI endpoint URL' },
+  azureApiVersion: { type: 'string', description: 'Azure API version' },
+  vertexProject: { type: 'string', description: 'Google Cloud project ID for Vertex AI' },
+  vertexLocation: { type: 'string', description: 'Google Cloud location for Vertex AI' },
+  vertexCredential: {
+    type: 'string',
+    description: 'Google Cloud OAuth credential ID for Vertex AI',
+  },
+  bedrockAccessKeyId: { type: 'string', description: 'AWS Access Key ID for Bedrock' },
+  bedrockSecretKey: { type: 'string', description: 'AWS Secret Access Key for Bedrock' },
+  bedrockRegion: { type: 'string', description: 'AWS region for Bedrock' },
+} as const
diff --git a/apps/sim/components/emails/invitations/index.ts b/apps/sim/components/emails/invitations/index.ts
index 2133bad90d..6fa64cdc31 100644
--- a/apps/sim/components/emails/invitations/index.ts
+++ b/apps/sim/components/emails/invitations/index.ts
@@ -1,3 +1,4 @@
 export { BatchInvitationEmail } from './batch-invitation-email'
 export { InvitationEmail } from './invitation-email'
+export { PollingGroupInvitationEmail } from './polling-group-invitation-email'
 export { WorkspaceInvitationEmail } from './workspace-invitation-email'
diff --git a/apps/sim/components/emails/invitations/polling-group-invitation-email.tsx b/apps/sim/components/emails/invitations/polling-group-invitation-email.tsx
new file mode 100644
index 0000000000..e87436a154
--- /dev/null
+++ b/apps/sim/components/emails/invitations/polling-group-invitation-email.tsx
@@ -0,0 +1,52 @@
+import { Link, Text } from '@react-email/components'
+import { baseStyles } from '@/components/emails/_styles'
+import { EmailLayout } from '@/components/emails/components'
+import { getBrandConfig } from '@/lib/branding/branding'
+
+interface PollingGroupInvitationEmailProps {
+  inviterName?: string
+  organizationName?: string
+  pollingGroupName?: string
+  provider?: 'google-email' | 'outlook'
+  inviteLink?: string
+}
+
+export function PollingGroupInvitationEmail({
+  inviterName = 'A team member',
+  organizationName = 'an organization',
+  pollingGroupName = 'a polling group',
+  provider = 'google-email',
+  inviteLink = '',
+}: PollingGroupInvitationEmailProps) {
+  const brand = getBrandConfig()
+  const providerName = provider === 'google-email' ? 'Gmail' : 'Outlook'
+
+  return (
+    <EmailLayout preview={`You've been invited to join ${pollingGroupName} on ${brand.name}`}>
+      <Text style={baseStyles.paragraph}>Hello,</Text>
+      <Text style={baseStyles.paragraph}>
+        <strong>{inviterName}</strong> from <strong>{organizationName}</strong> has invited you to
+        join the polling group <strong>{pollingGroupName}</strong> on {brand.name}.
+      </Text>
+
+      <Text style={baseStyles.paragraph}>
+        By accepting this invitation, your {providerName} account will be connected to enable email
+        polling for automated workflows.
+      </Text>
+
+      <Link href={inviteLink} style={{ textDecoration: 'none' }}>
+        <Text style={baseStyles.button}>Accept Invitation</Text>
+      </Link>
+
+      {/* Divider */}
+      <div style={baseStyles.divider} />
+
+      <Text style={{ ...baseStyles.footerText, textAlign: 'left' }}>
+        This invitation expires in 7 days. If you weren't expecting this email, you can safely
+        ignore it.
+      </Text>
+    </EmailLayout>
+  )
+}
+
+export default PollingGroupInvitationEmail
diff --git a/apps/sim/components/emails/render.ts b/apps/sim/components/emails/render.ts
index bd18eeedca..90522246aa 100644
--- a/apps/sim/components/emails/render.ts
+++ b/apps/sim/components/emails/render.ts
@@ -12,6 +12,7 @@ import { CareersConfirmationEmail, CareersSubmissionEmail } from '@/components/e
 import {
   BatchInvitationEmail,
   InvitationEmail,
+  PollingGroupInvitationEmail,
   WorkspaceInvitationEmail,
 } from '@/components/emails/invitations'
 import { HelpConfirmationEmail } from '@/components/emails/support'
@@ -184,6 +185,24 @@ export async function renderWorkspaceInvitationEmail(
   )
 }
 
+export async function renderPollingGroupInvitationEmail(params: {
+  inviterName: string
+  organizationName: string
+  pollingGroupName: string
+  provider: 'google-email' | 'outlook'
+  inviteLink: string
+}): Promise<string> {
+  return await render(
+    PollingGroupInvitationEmail({
+      inviterName: params.inviterName,
+      organizationName: params.organizationName,
+      pollingGroupName: params.pollingGroupName,
+      provider: params.provider,
+      inviteLink: params.inviteLink,
+    })
+  )
+}
+
 export async function renderPaymentFailedEmail(params: {
   userName?: string
   amountDue: number
diff --git a/apps/sim/components/emails/subjects.ts b/apps/sim/components/emails/subjects.ts
index 26f451270b..bf8b9197b5 100644
--- a/apps/sim/components/emails/subjects.ts
+++ b/apps/sim/components/emails/subjects.ts
@@ -8,6 +8,7 @@ export type EmailSubjectType =
   | 'reset-password'
   | 'invitation'
   | 'batch-invitation'
+  | 'polling-group-invitation'
   | 'help-confirmation'
   | 'enterprise-subscription'
   | 'usage-threshold'
@@ -38,6 +39,8 @@ export function getEmailSubject(type: EmailSubjectType): string {
       return `You've been invited to join a team on ${brandName}`
     case 'batch-invitation':
       return `You've been invited to join a team and workspaces on ${brandName}`
+    case 'polling-group-invitation':
+      return `You've been invited to join an email polling group on ${brandName}`
     case 'help-confirmation':
       return 'Your request has been received'
     case 'enterprise-subscription':
diff --git a/apps/sim/components/emcn/components/checkbox/checkbox.tsx b/apps/sim/components/emcn/components/checkbox/checkbox.tsx
index 6e5b6f64c7..c32ba636c3 100644
--- a/apps/sim/components/emcn/components/checkbox/checkbox.tsx
+++ b/apps/sim/components/emcn/components/checkbox/checkbox.tsx
@@ -23,7 +23,7 @@ import { cn } from '@/lib/core/utils/cn'
  * ```
  */
 const checkboxVariants = cva(
-  'peer shrink-0 rounded-sm border border-[var(--border-1)] bg-[var(--surface-4)] ring-offset-background transition-colors hover:border-[var(--border-muted)] hover:bg-[var(--surface-7)] focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 disabled:cursor-not-allowed disabled:opacity-50 data-[state=checked]:border-[var(--text-muted)] data-[state=checked]:bg-[var(--text-muted)] data-[state=checked]:text-white dark:bg-[var(--surface-5)] dark:data-[state=checked]:border-[var(--surface-7)] dark:data-[state=checked]:bg-[var(--surface-7)] dark:data-[state=checked]:text-[var(--text-primary)] dark:hover:border-[var(--surface-7)] dark:hover:bg-[var(--border-1)]',
+  'peer shrink-0 rounded-sm border border-[var(--border-1)] bg-[var(--surface-4)] ring-offset-background transition-colors hover:border-[var(--border-muted)] hover:bg-[var(--surface-7)] focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 data-[disabled]:cursor-not-allowed data-[disabled]:opacity-50 data-[state=checked]:border-[var(--text-muted)] data-[state=checked]:bg-[var(--text-muted)] data-[state=checked]:text-white dark:bg-[var(--surface-5)] dark:data-[state=checked]:border-[var(--surface-7)] dark:data-[state=checked]:bg-[var(--surface-7)] dark:data-[state=checked]:text-[var(--text-primary)] dark:hover:border-[var(--surface-7)] dark:hover:bg-[var(--border-1)]',
   {
     variants: {
       size: {
diff --git a/apps/sim/components/emcn/components/combobox/combobox.tsx b/apps/sim/components/emcn/components/combobox/combobox.tsx
index b72db43c00..19dc56a343 100644
--- a/apps/sim/components/emcn/components/combobox/combobox.tsx
+++ b/apps/sim/components/emcn/components/combobox/combobox.tsx
@@ -467,7 +467,12 @@ const Combobox = forwardRef<HTMLDivElement, ComboboxProps>(
                     {...inputProps}
                   />
                   {(overlayContent || SelectedIcon) && (
-                    <div className='pointer-events-none absolute top-0 right-[42px] bottom-0 left-0 flex items-center bg-transparent px-[8px] py-[6px] font-medium font-sans text-sm'>
+                    <div
+                      className={cn(
+                        'pointer-events-none absolute top-0 right-[42px] bottom-0 left-0 flex items-center bg-transparent px-[8px] py-[6px] font-medium font-sans text-sm',
+                        disabled && 'opacity-50'
+                      )}
+                    >
                       {overlayContent ? (
                         overlayContent
                       ) : (
@@ -505,6 +510,7 @@ const Combobox = forwardRef<HTMLDivElement, ComboboxProps>(
                   className={cn(
                     comboboxVariants({ variant, size }),
                     'relative cursor-pointer items-center justify-between',
+                    disabled && 'cursor-not-allowed opacity-50',
                     className
                   )}
                   onClick={handleToggle}
diff --git a/apps/sim/components/emcn/components/date-picker/date-picker.tsx b/apps/sim/components/emcn/components/date-picker/date-picker.tsx
index 3196852bde..1fb2616dad 100644
--- a/apps/sim/components/emcn/components/date-picker/date-picker.tsx
+++ b/apps/sim/components/emcn/components/date-picker/date-picker.tsx
@@ -844,6 +844,7 @@ const DatePicker = React.forwardRef<HTMLDivElement, DatePickerProps>((props, ref
             className={cn(
               datePickerVariants({ variant, size }),
               'relative cursor-pointer items-center justify-between',
+              disabled && 'cursor-not-allowed opacity-50',
               className
             )}
             onClick={handleTriggerClick}
diff --git a/apps/sim/components/emcn/components/slider/slider.tsx b/apps/sim/components/emcn/components/slider/slider.tsx
index d6ccc54b72..71a84a9120 100644
--- a/apps/sim/components/emcn/components/slider/slider.tsx
+++ b/apps/sim/components/emcn/components/slider/slider.tsx
@@ -16,12 +16,13 @@ export interface SliderProps extends React.ComponentPropsWithoutRef<typeof Slide
  * ```
  */
 const Slider = React.forwardRef<React.ElementRef<typeof SliderPrimitive.Root>, SliderProps>(
-  ({ className, ...props }, ref) => (
+  ({ className, disabled, ...props }, ref) => (
     <SliderPrimitive.Root
       ref={ref}
+      disabled={disabled}
       className={cn(
         'relative flex w-full touch-none select-none items-center',
-        'disabled:cursor-not-allowed disabled:opacity-50',
+        'data-[disabled]:cursor-not-allowed data-[disabled]:opacity-50',
         className
       )}
       {...props}
diff --git a/apps/sim/components/emcn/components/switch/switch.tsx b/apps/sim/components/emcn/components/switch/switch.tsx
index e8b6728e2f..c9fc422615 100644
--- a/apps/sim/components/emcn/components/switch/switch.tsx
+++ b/apps/sim/components/emcn/components/switch/switch.tsx
@@ -12,10 +12,12 @@ import { cn } from '@/lib/core/utils/cn'
 const Switch = React.forwardRef<
   React.ElementRef<typeof SwitchPrimitives.Root>,
   React.ComponentPropsWithoutRef<typeof SwitchPrimitives.Root>
->(({ className, ...props }, ref) => (
+>(({ className, disabled, ...props }, ref) => (
   <SwitchPrimitives.Root
+    disabled={disabled}
     className={cn(
-      'peer inline-flex h-[17px] w-[30px] shrink-0 cursor-pointer items-center rounded-[20px] transition-colors focus-visible:outline-none disabled:cursor-not-allowed disabled:opacity-50',
+      'peer inline-flex h-[17px] w-[30px] shrink-0 cursor-pointer items-center rounded-[20px] transition-colors focus-visible:outline-none',
+      'data-[disabled]:cursor-not-allowed data-[disabled]:opacity-50',
       'bg-[var(--border-1)] data-[state=checked]:bg-[var(--text-primary)]',
       className
     )}
diff --git a/apps/sim/components/icons.tsx b/apps/sim/components/icons.tsx
index 192905bead..de0ab92021 100644
--- a/apps/sim/components/icons.tsx
+++ b/apps/sim/components/icons.tsx
@@ -4575,3 +4575,22 @@ export function FirefliesIcon(props: SVGProps<SVGSVGElement>) {
     </svg>
   )
 }
+
+export function BedrockIcon(props: SVGProps<SVGSVGElement>) {
+  return (
+    <svg {...props} viewBox='0 0 24 24' xmlns='http://www.w3.org/2000/svg'>
+      <defs>
+        <linearGradient id='bedrock_gradient' x1='80%' x2='20%' y1='20%' y2='80%'>
+          <stop offset='0%' stopColor='#6350FB' />
+          <stop offset='50%' stopColor='#3D8FFF' />
+          <stop offset='100%' stopColor='#9AD8F8' />
+        </linearGradient>
+      </defs>
+      <path
+        d='M13.05 15.513h3.08c.214 0 .389.177.389.394v1.82a1.704 1.704 0 011.296 1.661c0 .943-.755 1.708-1.685 1.708-.931 0-1.686-.765-1.686-1.708 0-.807.554-1.484 1.297-1.662v-1.425h-2.69v4.663a.395.395 0 01-.188.338l-2.69 1.641a.385.385 0 01-.405-.002l-4.926-3.086a.395.395 0 01-.185-.336V16.3L2.196 14.87A.395.395 0 012 14.555L2 14.528V9.406c0-.14.073-.27.192-.34l2.465-1.462V4.448c0-.129.062-.249.165-.322l.021-.014L9.77 1.058a.385.385 0 01.407 0l2.69 1.675a.395.395 0 01.185.336V7.6h3.856V5.683a1.704 1.704 0 01-1.296-1.662c0-.943.755-1.708 1.685-1.708.931 0 1.685.765 1.685 1.708 0 .807-.553 1.484-1.296 1.662v2.311a.391.391 0 01-.389.394h-4.245v1.806h6.624a1.69 1.69 0 011.64-1.313c.93 0 1.685.764 1.685 1.707 0 .943-.754 1.708-1.685 1.708a1.69 1.69 0 01-1.64-1.314H13.05v1.937h4.953l.915 1.18a1.66 1.66 0 01.84-.227c.931 0 1.685.764 1.685 1.707 0 .943-.754 1.708-1.685 1.708-.93 0-1.685-.765-1.685-1.708 0-.346.102-.668.276-.937l-.724-.935H13.05v1.806zM9.973 1.856L7.93 3.122V6.09h-.778V3.604L5.435 4.669v2.945l2.11 1.36L9.712 7.61V5.334h.778V7.83c0 .136-.07.263-.184.335L7.963 9.638v2.081l1.422 1.009-.446.646-1.406-.998-1.53 1.005-.423-.66 1.605-1.055v-1.99L5.038 8.29l-2.26 1.34v1.676l1.972-1.189.398.677-2.37 1.429V14.3l2.166 1.258 2.27-1.368.397.677-2.176 1.311V19.3l1.876 1.175 2.365-1.426.398.678-2.017 1.216 1.918 1.201 2.298-1.403v-5.78l-4.758 2.893-.4-.675 5.158-3.136V3.289L9.972 1.856zM16.13 18.47a.913.913 0 00-.908.92c0 .507.406.918.908.918a.913.913 0 00.907-.919.913.913 0 00-.907-.92zm3.63-3.81a.913.913 0 00-.908.92c0 .508.406.92.907.92a.913.913 0 00.908-.92.913.913 0 00-.908-.92zm1.555-4.99a.913.913 0 00-.908.92c0 .507.407.918.908.918a.913.913 0 00.907-.919.913.913 0 00-.907-.92zM17.296 3.1a.913.913 0 00-.907.92c0 .508.406.92.907.92a.913.913 0 00.908-.92.913.913 0 00-.908-.92z'
+        fill='url(#bedrock_gradient)'
+        fillRule='nonzero'
+      />
+    </svg>
+  )
+}
diff --git a/apps/sim/executor/constants.ts b/apps/sim/executor/constants.ts
index ca6be4c3ec..f483bbfc78 100644
--- a/apps/sim/executor/constants.ts
+++ b/apps/sim/executor/constants.ts
@@ -181,6 +181,22 @@ export const MCP = {
   TOOL_PREFIX: 'mcp-',
 } as const
 
+export const CREDENTIAL_SET = {
+  PREFIX: 'credentialSet:',
+} as const
+
+export const CREDENTIAL = {
+  FOREIGN_LABEL: 'Saved by collaborator',
+} as const
+
+export function isCredentialSetValue(value: string | null | undefined): boolean {
+  return typeof value === 'string' && value.startsWith(CREDENTIAL_SET.PREFIX)
+}
+
+export function extractCredentialSetId(value: string): string {
+  return value.slice(CREDENTIAL_SET.PREFIX.length)
+}
+
 export const MEMORY = {
   DEFAULT_SLIDING_WINDOW_SIZE: 10,
   DEFAULT_SLIDING_WINDOW_TOKENS: 4000,
diff --git a/apps/sim/executor/execution/block-executor.ts b/apps/sim/executor/execution/block-executor.ts
index 1860dbc9fc..b454eca5c1 100644
--- a/apps/sim/executor/execution/block-executor.ts
+++ b/apps/sim/executor/execution/block-executor.ts
@@ -339,7 +339,7 @@ export class BlockExecutor {
 
     if (isTrigger) {
       const filtered: NormalizedBlockOutput = {}
-      const internalKeys = ['webhook', 'workflowId', 'input']
+      const internalKeys = ['webhook', 'workflowId']
       for (const [key, value] of Object.entries(output)) {
         if (internalKeys.includes(key)) continue
         filtered[key] = value
diff --git a/apps/sim/executor/execution/types.ts b/apps/sim/executor/execution/types.ts
index e4a6a53283..38d403f042 100644
--- a/apps/sim/executor/execution/types.ts
+++ b/apps/sim/executor/execution/types.ts
@@ -17,6 +17,7 @@ export interface ExecutionMetadata {
   isClientSession?: boolean
   pendingBlocks?: string[]
   resumeFromSnapshot?: boolean
+  credentialAccountUserId?: string
   workflowStateOverride?: {
     blocks: Record<string, any>
     edges: Edge[]
diff --git a/apps/sim/executor/handlers/agent/agent-handler.ts b/apps/sim/executor/handlers/agent/agent-handler.ts
index 392a99da9a..2337cf4fb7 100644
--- a/apps/sim/executor/handlers/agent/agent-handler.ts
+++ b/apps/sim/executor/handlers/agent/agent-handler.ts
@@ -928,6 +928,9 @@ export class AgentBlockHandler implements BlockHandler {
       vertexProject: inputs.vertexProject,
       vertexLocation: inputs.vertexLocation,
       vertexCredential: inputs.vertexCredential,
+      bedrockAccessKeyId: inputs.bedrockAccessKeyId,
+      bedrockSecretKey: inputs.bedrockSecretKey,
+      bedrockRegion: inputs.bedrockRegion,
       responseFormat,
       workflowId: ctx.workflowId,
       workspaceId: ctx.workspaceId,
@@ -1029,6 +1032,9 @@ export class AgentBlockHandler implements BlockHandler {
       azureApiVersion: providerRequest.azureApiVersion,
       vertexProject: providerRequest.vertexProject,
       vertexLocation: providerRequest.vertexLocation,
+      bedrockAccessKeyId: providerRequest.bedrockAccessKeyId,
+      bedrockSecretKey: providerRequest.bedrockSecretKey,
+      bedrockRegion: providerRequest.bedrockRegion,
       responseFormat: providerRequest.responseFormat,
       workflowId: providerRequest.workflowId,
       workspaceId: ctx.workspaceId,
diff --git a/apps/sim/executor/handlers/agent/types.ts b/apps/sim/executor/handlers/agent/types.ts
index 60694171ba..c3050f3a08 100644
--- a/apps/sim/executor/handlers/agent/types.ts
+++ b/apps/sim/executor/handlers/agent/types.ts
@@ -22,6 +22,9 @@ export interface AgentInputs {
   vertexProject?: string
   vertexLocation?: string
   vertexCredential?: string
+  bedrockAccessKeyId?: string
+  bedrockSecretKey?: string
+  bedrockRegion?: string
   reasoningEffort?: string
   verbosity?: string
 }
diff --git a/apps/sim/executor/handlers/evaluator/evaluator-handler.ts b/apps/sim/executor/handlers/evaluator/evaluator-handler.ts
index e7a768ee33..c53486ec5b 100644
--- a/apps/sim/executor/handlers/evaluator/evaluator-handler.ts
+++ b/apps/sim/executor/handlers/evaluator/evaluator-handler.ts
@@ -32,6 +32,9 @@ export class EvaluatorBlockHandler implements BlockHandler {
       vertexProject: inputs.vertexProject,
       vertexLocation: inputs.vertexLocation,
       vertexCredential: inputs.vertexCredential,
+      bedrockAccessKeyId: inputs.bedrockAccessKeyId,
+      bedrockSecretKey: inputs.bedrockSecretKey,
+      bedrockRegion: inputs.bedrockRegion,
     }
     const providerId = getProviderFromModel(evaluatorConfig.model)
 
@@ -128,6 +131,12 @@ export class EvaluatorBlockHandler implements BlockHandler {
         providerRequest.azureApiVersion = inputs.azureApiVersion
       }
 
+      if (providerId === 'bedrock') {
+        providerRequest.bedrockAccessKeyId = evaluatorConfig.bedrockAccessKeyId
+        providerRequest.bedrockSecretKey = evaluatorConfig.bedrockSecretKey
+        providerRequest.bedrockRegion = evaluatorConfig.bedrockRegion
+      }
+
       const response = await fetch(url.toString(), {
         method: 'POST',
         headers: {
diff --git a/apps/sim/executor/handlers/router/router-handler.ts b/apps/sim/executor/handlers/router/router-handler.ts
index 55524b7050..b00cc0f6ea 100644
--- a/apps/sim/executor/handlers/router/router-handler.ts
+++ b/apps/sim/executor/handlers/router/router-handler.ts
@@ -68,6 +68,9 @@ export class RouterBlockHandler implements BlockHandler {
       vertexProject: inputs.vertexProject,
       vertexLocation: inputs.vertexLocation,
       vertexCredential: inputs.vertexCredential,
+      bedrockAccessKeyId: inputs.bedrockAccessKeyId,
+      bedrockSecretKey: inputs.bedrockSecretKey,
+      bedrockRegion: inputs.bedrockRegion,
     }
 
     const providerId = getProviderFromModel(routerConfig.model)
@@ -104,6 +107,12 @@ export class RouterBlockHandler implements BlockHandler {
         providerRequest.azureApiVersion = inputs.azureApiVersion
       }
 
+      if (providerId === 'bedrock') {
+        providerRequest.bedrockAccessKeyId = routerConfig.bedrockAccessKeyId
+        providerRequest.bedrockSecretKey = routerConfig.bedrockSecretKey
+        providerRequest.bedrockRegion = routerConfig.bedrockRegion
+      }
+
       const response = await fetch(url.toString(), {
         method: 'POST',
         headers: {
@@ -197,6 +206,9 @@ export class RouterBlockHandler implements BlockHandler {
       vertexProject: inputs.vertexProject,
       vertexLocation: inputs.vertexLocation,
       vertexCredential: inputs.vertexCredential,
+      bedrockAccessKeyId: inputs.bedrockAccessKeyId,
+      bedrockSecretKey: inputs.bedrockSecretKey,
+      bedrockRegion: inputs.bedrockRegion,
     }
 
     const providerId = getProviderFromModel(routerConfig.model)
@@ -233,6 +245,12 @@ export class RouterBlockHandler implements BlockHandler {
         providerRequest.azureApiVersion = inputs.azureApiVersion
       }
 
+      if (providerId === 'bedrock') {
+        providerRequest.bedrockAccessKeyId = routerConfig.bedrockAccessKeyId
+        providerRequest.bedrockSecretKey = routerConfig.bedrockSecretKey
+        providerRequest.bedrockRegion = routerConfig.bedrockRegion
+      }
+
       const response = await fetch(url.toString(), {
         method: 'POST',
         headers: {
diff --git a/apps/sim/executor/types.ts b/apps/sim/executor/types.ts
index f33b49195f..9c266e8b40 100644
--- a/apps/sim/executor/types.ts
+++ b/apps/sim/executor/types.ts
@@ -124,6 +124,7 @@ export interface ExecutionMetadata {
   isDebugSession?: boolean
   context?: ExecutionContext
   workflowConnections?: Array<{ source: string; target: string }>
+  credentialAccountUserId?: string
   status?: 'running' | 'paused' | 'completed'
   pausePoints?: string[]
   resumeChain?: {
diff --git a/apps/sim/hooks/queries/byok-keys.ts b/apps/sim/hooks/queries/byok-keys.ts
index 88b255de9d..36ec66827c 100644
--- a/apps/sim/hooks/queries/byok-keys.ts
+++ b/apps/sim/hooks/queries/byok-keys.ts
@@ -15,18 +15,26 @@ export interface BYOKKey {
   updatedAt: string
 }
 
+export interface BYOKKeysResponse {
+  keys: BYOKKey[]
+  byokEnabled: boolean
+}
+
 export const byokKeysKeys = {
   all: ['byok-keys'] as const,
   workspace: (workspaceId: string) => [...byokKeysKeys.all, 'workspace', workspaceId] as const,
 }
 
-async function fetchBYOKKeys(workspaceId: string): Promise<BYOKKey[]> {
+async function fetchBYOKKeys(workspaceId: string): Promise<BYOKKeysResponse> {
   const response = await fetch(API_ENDPOINTS.WORKSPACE_BYOK_KEYS(workspaceId))
   if (!response.ok) {
     throw new Error(`Failed to load BYOK keys: ${response.statusText}`)
   }
-  const { keys } = await response.json()
-  return keys
+  const data = await response.json()
+  return {
+    keys: data.keys ?? [],
+    byokEnabled: data.byokEnabled ?? true,
+  }
 }
 
 export function useBYOKKeys(workspaceId: string) {
@@ -36,6 +44,7 @@ export function useBYOKKeys(workspaceId: string) {
     enabled: !!workspaceId,
     staleTime: 60 * 1000,
     placeholderData: keepPreviousData,
+    select: (data) => data,
   })
 }
 
diff --git a/apps/sim/hooks/queries/credential-sets.ts b/apps/sim/hooks/queries/credential-sets.ts
new file mode 100644
index 0000000000..33da082f75
--- /dev/null
+++ b/apps/sim/hooks/queries/credential-sets.ts
@@ -0,0 +1,370 @@
+import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query'
+import { fetchJson } from '@/hooks/selectors/helpers'
+
+export interface CredentialSet {
+  id: string
+  name: string
+  description: string | null
+  providerId: string | null
+  createdBy: string
+  createdAt: string
+  updatedAt: string
+  creatorName: string | null
+  creatorEmail: string | null
+  memberCount: number
+}
+
+export interface CredentialSetMembership {
+  membershipId: string
+  status: string
+  joinedAt: string | null
+  credentialSetId: string
+  credentialSetName: string
+  credentialSetDescription: string | null
+  providerId: string | null
+  organizationId: string
+  organizationName: string
+}
+
+export interface CredentialSetInvitation {
+  invitationId: string
+  token: string
+  status: string
+  expiresAt: string
+  createdAt: string
+  credentialSetId: string
+  credentialSetName: string
+  providerId: string | null
+  organizationId: string
+  organizationName: string
+  invitedByName: string | null
+  invitedByEmail: string | null
+}
+
+interface CredentialSetsResponse {
+  credentialSets?: CredentialSet[]
+}
+
+interface MembershipsResponse {
+  memberships?: CredentialSetMembership[]
+}
+
+interface InvitationsResponse {
+  invitations?: CredentialSetInvitation[]
+}
+
+export const credentialSetKeys = {
+  all: ['credentialSets'] as const,
+  list: (organizationId?: string) => ['credentialSets', 'list', organizationId ?? 'none'] as const,
+  detail: (id?: string) => ['credentialSets', 'detail', id ?? 'none'] as const,
+  memberships: () => ['credentialSets', 'memberships'] as const,
+  invitations: () => ['credentialSets', 'invitations'] as const,
+}
+
+export async function fetchCredentialSets(organizationId: string): Promise<CredentialSet[]> {
+  if (!organizationId) return []
+  const data = await fetchJson<CredentialSetsResponse>('/api/credential-sets', {
+    searchParams: { organizationId },
+  })
+  return data.credentialSets ?? []
+}
+
+export function useCredentialSets(organizationId?: string, enabled = true) {
+  return useQuery<CredentialSet[]>({
+    queryKey: credentialSetKeys.list(organizationId),
+    queryFn: () => fetchCredentialSets(organizationId ?? ''),
+    enabled: Boolean(organizationId) && enabled,
+    staleTime: 60 * 1000,
+  })
+}
+
+interface CredentialSetDetailResponse {
+  credentialSet?: CredentialSet
+}
+
+export async function fetchCredentialSetById(id: string): Promise<CredentialSet | null> {
+  if (!id) return null
+  const data = await fetchJson<CredentialSetDetailResponse>(`/api/credential-sets/${id}`)
+  return data.credentialSet ?? null
+}
+
+export function useCredentialSetDetail(id?: string, enabled = true) {
+  return useQuery<CredentialSet | null>({
+    queryKey: credentialSetKeys.detail(id),
+    queryFn: () => fetchCredentialSetById(id ?? ''),
+    enabled: Boolean(id) && enabled,
+    staleTime: 60 * 1000,
+  })
+}
+
+export function useCredentialSetMemberships() {
+  return useQuery<CredentialSetMembership[]>({
+    queryKey: credentialSetKeys.memberships(),
+    queryFn: async () => {
+      const data = await fetchJson<MembershipsResponse>('/api/credential-sets/memberships')
+      return data.memberships ?? []
+    },
+    staleTime: 60 * 1000,
+  })
+}
+
+export function useCredentialSetInvitations() {
+  return useQuery<CredentialSetInvitation[]>({
+    queryKey: credentialSetKeys.invitations(),
+    queryFn: async () => {
+      const data = await fetchJson<InvitationsResponse>('/api/credential-sets/invitations')
+      return data.invitations ?? []
+    },
+    staleTime: 30 * 1000,
+  })
+}
+
+export function useAcceptCredentialSetInvitation() {
+  const queryClient = useQueryClient()
+
+  return useMutation({
+    mutationFn: async (token: string) => {
+      const response = await fetch(`/api/credential-sets/invite/${token}`, {
+        method: 'POST',
+      })
+      if (!response.ok) {
+        const data = await response.json()
+        throw new Error(data.error || 'Failed to accept invitation')
+      }
+      return response.json()
+    },
+    onSuccess: () => {
+      queryClient.invalidateQueries({ queryKey: credentialSetKeys.memberships() })
+      queryClient.invalidateQueries({ queryKey: credentialSetKeys.invitations() })
+    },
+  })
+}
+
+export interface CreateCredentialSetData {
+  organizationId: string
+  name: string
+  description?: string
+  providerId?: string
+}
+
+export function useCreateCredentialSet() {
+  const queryClient = useQueryClient()
+
+  return useMutation({
+    mutationFn: async (data: CreateCredentialSetData) => {
+      const response = await fetch('/api/credential-sets', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(data),
+      })
+      if (!response.ok) {
+        const result = await response.json()
+        throw new Error(result.error || 'Failed to create credential set')
+      }
+      return response.json()
+    },
+    onSuccess: (_data, variables) => {
+      queryClient.invalidateQueries({ queryKey: credentialSetKeys.list(variables.organizationId) })
+    },
+  })
+}
+
+export function useCreateCredentialSetInvitation() {
+  const queryClient = useQueryClient()
+
+  return useMutation({
+    mutationFn: async (data: { credentialSetId: string; email?: string }) => {
+      const response = await fetch(`/api/credential-sets/${data.credentialSetId}/invite`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ email: data.email }),
+      })
+      if (!response.ok) {
+        const result = await response.json()
+        throw new Error(result.error || 'Failed to create invitation')
+      }
+      return response.json()
+    },
+    onSuccess: () => {
+      queryClient.invalidateQueries({ queryKey: credentialSetKeys.all })
+    },
+  })
+}
+
+export interface CredentialSetMember {
+  id: string
+  userId: string
+  status: string
+  joinedAt: string | null
+  createdAt: string
+  userName: string | null
+  userEmail: string | null
+  userImage: string | null
+  credentials: { providerId: string; accountId: string }[]
+}
+
+interface MembersResponse {
+  members?: CredentialSetMember[]
+}
+
+export function useCredentialSetMembers(credentialSetId?: string) {
+  return useQuery<CredentialSetMember[]>({
+    queryKey: [...credentialSetKeys.detail(credentialSetId), 'members'],
+    queryFn: async () => {
+      const data = await fetchJson<MembersResponse>(
+        `/api/credential-sets/${credentialSetId}/members`
+      )
+      return data.members ?? []
+    },
+    enabled: Boolean(credentialSetId),
+    staleTime: 30 * 1000,
+  })
+}
+
+export function useRemoveCredentialSetMember() {
+  const queryClient = useQueryClient()
+
+  return useMutation({
+    mutationFn: async (data: { credentialSetId: string; memberId: string }) => {
+      const response = await fetch(
+        `/api/credential-sets/${data.credentialSetId}/members?memberId=${data.memberId}`,
+        { method: 'DELETE' }
+      )
+      if (!response.ok) {
+        const result = await response.json()
+        throw new Error(result.error || 'Failed to remove member')
+      }
+      return response.json()
+    },
+    onSuccess: (_data, variables) => {
+      queryClient.invalidateQueries({
+        queryKey: [...credentialSetKeys.detail(variables.credentialSetId), 'members'],
+      })
+      queryClient.invalidateQueries({ queryKey: credentialSetKeys.all })
+    },
+  })
+}
+
+export function useLeaveCredentialSet() {
+  const queryClient = useQueryClient()
+
+  return useMutation({
+    mutationFn: async (credentialSetId: string) => {
+      const response = await fetch(
+        `/api/credential-sets/memberships?credentialSetId=${credentialSetId}`,
+        { method: 'DELETE' }
+      )
+      if (!response.ok) {
+        const data = await response.json()
+        throw new Error(data.error || 'Failed to leave credential set')
+      }
+      return response.json()
+    },
+    onSuccess: () => {
+      queryClient.invalidateQueries({ queryKey: credentialSetKeys.memberships() })
+    },
+  })
+}
+
+export interface DeleteCredentialSetParams {
+  credentialSetId: string
+  organizationId: string
+}
+
+export function useDeleteCredentialSet() {
+  const queryClient = useQueryClient()
+
+  return useMutation({
+    mutationFn: async ({ credentialSetId }: DeleteCredentialSetParams) => {
+      const response = await fetch(`/api/credential-sets/${credentialSetId}`, {
+        method: 'DELETE',
+      })
+      if (!response.ok) {
+        const data = await response.json()
+        throw new Error(data.error || 'Failed to delete credential set')
+      }
+      return response.json()
+    },
+    onSuccess: (_data, variables) => {
+      queryClient.invalidateQueries({
+        queryKey: credentialSetKeys.list(variables.organizationId),
+      })
+      queryClient.invalidateQueries({ queryKey: credentialSetKeys.memberships() })
+    },
+  })
+}
+
+export interface CredentialSetInvitationDetail {
+  id: string
+  credentialSetId: string
+  email: string | null
+  token: string
+  status: string
+  expiresAt: string
+  createdAt: string
+  invitedBy: string
+}
+
+interface InvitationsDetailResponse {
+  invitations?: CredentialSetInvitationDetail[]
+}
+
+export function useCredentialSetInvitationsDetail(credentialSetId?: string) {
+  return useQuery<CredentialSetInvitationDetail[]>({
+    queryKey: [...credentialSetKeys.detail(credentialSetId), 'invitations'],
+    queryFn: async () => {
+      const data = await fetchJson<InvitationsDetailResponse>(
+        `/api/credential-sets/${credentialSetId}/invite`
+      )
+      return (data.invitations ?? []).filter((inv) => inv.status === 'pending')
+    },
+    enabled: Boolean(credentialSetId),
+    staleTime: 30 * 1000,
+  })
+}
+
+export function useCancelCredentialSetInvitation() {
+  const queryClient = useQueryClient()
+
+  return useMutation({
+    mutationFn: async (data: { credentialSetId: string; invitationId: string }) => {
+      const response = await fetch(
+        `/api/credential-sets/${data.credentialSetId}/invite?invitationId=${data.invitationId}`,
+        { method: 'DELETE' }
+      )
+      if (!response.ok) {
+        const result = await response.json()
+        throw new Error(result.error || 'Failed to cancel invitation')
+      }
+      return response.json()
+    },
+    onSuccess: (_data, variables) => {
+      queryClient.invalidateQueries({
+        queryKey: [...credentialSetKeys.detail(variables.credentialSetId), 'invitations'],
+      })
+    },
+  })
+}
+
+export function useResendCredentialSetInvitation() {
+  const queryClient = useQueryClient()
+
+  return useMutation({
+    mutationFn: async (data: { credentialSetId: string; invitationId: string; email: string }) => {
+      const response = await fetch(
+        `/api/credential-sets/${data.credentialSetId}/invite/${data.invitationId}`,
+        { method: 'POST' }
+      )
+      if (!response.ok) {
+        const result = await response.json()
+        throw new Error(result.error || 'Failed to resend invitation')
+      }
+      return response.json()
+    },
+    onSuccess: (_data, variables) => {
+      queryClient.invalidateQueries({
+        queryKey: [...credentialSetKeys.detail(variables.credentialSetId), 'invitations'],
+      })
+    },
+  })
+}
diff --git a/apps/sim/hooks/queries/logs.ts b/apps/sim/hooks/queries/logs.ts
index c9db54a362..9325ae0992 100644
--- a/apps/sim/hooks/queries/logs.ts
+++ b/apps/sim/hooks/queries/logs.ts
@@ -12,6 +12,9 @@ export const logKeys = {
   detail: (logId: string | undefined) => [...logKeys.details(), logId ?? ''] as const,
   dashboard: (workspaceId: string | undefined, filters: Record<string, unknown>) =>
     [...logKeys.all, 'dashboard', workspaceId ?? '', filters] as const,
+  executionSnapshots: () => [...logKeys.all, 'executionSnapshot'] as const,
+  executionSnapshot: (executionId: string | undefined) =>
+    [...logKeys.executionSnapshots(), executionId ?? ''] as const,
 }
 
 interface LogFilters {
@@ -196,3 +199,45 @@ export function useDashboardLogs(
     placeholderData: keepPreviousData,
   })
 }
+
+export interface ExecutionSnapshotData {
+  executionId: string
+  workflowId: string
+  workflowState: Record<string, unknown>
+  executionMetadata: {
+    trigger: string
+    startedAt: string
+    endedAt?: string
+    totalDurationMs?: number
+    cost: {
+      total: number | null
+      input: number | null
+      output: number | null
+    }
+    totalTokens: number | null
+  }
+}
+
+async function fetchExecutionSnapshot(executionId: string): Promise<ExecutionSnapshotData> {
+  const response = await fetch(`/api/logs/execution/${executionId}`)
+
+  if (!response.ok) {
+    throw new Error(`Failed to fetch execution snapshot: ${response.statusText}`)
+  }
+
+  const data = await response.json()
+  if (!data) {
+    throw new Error('No execution snapshot data returned')
+  }
+
+  return data
+}
+
+export function useExecutionSnapshot(executionId: string | undefined) {
+  return useQuery({
+    queryKey: logKeys.executionSnapshot(executionId),
+    queryFn: () => fetchExecutionSnapshot(executionId as string),
+    enabled: Boolean(executionId),
+    staleTime: 5 * 60 * 1000, // 5 minutes - execution snapshots don't change
+  })
+}
diff --git a/apps/sim/hooks/queries/oauth-credentials.ts b/apps/sim/hooks/queries/oauth-credentials.ts
index f692321653..414fae2d9c 100644
--- a/apps/sim/hooks/queries/oauth-credentials.ts
+++ b/apps/sim/hooks/queries/oauth-credentials.ts
@@ -1,5 +1,7 @@
 import { useQuery } from '@tanstack/react-query'
 import type { Credential } from '@/lib/oauth'
+import { CREDENTIAL, CREDENTIAL_SET } from '@/executor/constants'
+import { useCredentialSetDetail } from '@/hooks/queries/credential-sets'
 import { fetchJson } from '@/hooks/selectors/helpers'
 
 interface CredentialListResponse {
@@ -61,14 +63,28 @@ export function useOAuthCredentialDetail(
 }
 
 export function useCredentialName(credentialId?: string, providerId?: string, workflowId?: string) {
+  // Check if this is a credential set value
+  const isCredentialSet = credentialId?.startsWith(CREDENTIAL_SET.PREFIX) ?? false
+  const credentialSetId = isCredentialSet
+    ? credentialId?.slice(CREDENTIAL_SET.PREFIX.length)
+    : undefined
+
+  // Fetch credential set by ID directly
+  const { data: credentialSetData, isFetching: credentialSetLoading } = useCredentialSetDetail(
+    credentialSetId,
+    isCredentialSet
+  )
+
   const { data: credentials = [], isFetching: credentialsLoading } = useOAuthCredentials(
     providerId,
-    Boolean(providerId)
+    Boolean(providerId) && !isCredentialSet
   )
 
   const selectedCredential = credentials.find((cred) => cred.id === credentialId)
 
-  const shouldFetchDetail = Boolean(credentialId && !selectedCredential && providerId && workflowId)
+  const shouldFetchDetail = Boolean(
+    credentialId && !selectedCredential && providerId && workflowId && !isCredentialSet
+  )
 
   const { data: foreignCredentials = [], isFetching: foreignLoading } = useOAuthCredentialDetail(
     shouldFetchDetail ? credentialId : undefined,
@@ -77,12 +93,17 @@ export function useCredentialName(credentialId?: string, providerId?: string, wo
   )
 
   const hasForeignMeta = foreignCredentials.length > 0
+  const isForeignCredentialSet = isCredentialSet && !credentialSetData && !credentialSetLoading
 
-  const displayName = selectedCredential?.name ?? (hasForeignMeta ? 'Saved by collaborator' : null)
+  const displayName =
+    credentialSetData?.name ??
+    selectedCredential?.name ??
+    (hasForeignMeta ? CREDENTIAL.FOREIGN_LABEL : null) ??
+    (isForeignCredentialSet ? CREDENTIAL.FOREIGN_LABEL : null)
 
   return {
     displayName,
-    isLoading: credentialsLoading || foreignLoading,
+    isLoading: credentialsLoading || foreignLoading || (isCredentialSet && credentialSetLoading),
     hasForeignMeta,
   }
 }
diff --git a/apps/sim/hooks/queries/organization.ts b/apps/sim/hooks/queries/organization.ts
index e3ed5b4c6d..7f4fbe7ee4 100644
--- a/apps/sim/hooks/queries/organization.ts
+++ b/apps/sim/hooks/queries/organization.ts
@@ -363,6 +363,32 @@ export function useCancelInvitation() {
   })
 }
 
+/**
+ * Resend invitation mutation
+ */
+interface ResendInvitationParams {
+  invitationId: string
+  orgId: string
+}
+
+export function useResendInvitation() {
+  return useMutation({
+    mutationFn: async ({ invitationId, orgId }: ResendInvitationParams) => {
+      const response = await fetch(`/api/organizations/${orgId}/invitations/${invitationId}`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+      })
+
+      if (!response.ok) {
+        const error = await response.json()
+        throw new Error(error.message || 'Failed to resend invitation')
+      }
+
+      return response.json()
+    },
+  })
+}
+
 /**
  * Update seats mutation (handles both add and reduce)
  */
diff --git a/apps/sim/hooks/queries/workflows.ts b/apps/sim/hooks/queries/workflows.ts
index a9ca5d21e6..881a0a9939 100644
--- a/apps/sim/hooks/queries/workflows.ts
+++ b/apps/sim/hooks/queries/workflows.ts
@@ -13,6 +13,7 @@ import {
   getNextWorkflowColor,
 } from '@/stores/workflows/registry/utils'
 import { useSubBlockStore } from '@/stores/workflows/subblock/store'
+import type { WorkflowState } from '@/stores/workflows/workflow/types'
 
 const logger = createLogger('WorkflowQueries')
 
@@ -20,6 +21,9 @@ export const workflowKeys = {
   all: ['workflows'] as const,
   lists: () => [...workflowKeys.all, 'list'] as const,
   list: (workspaceId: string | undefined) => [...workflowKeys.lists(), workspaceId ?? ''] as const,
+  deploymentVersions: () => [...workflowKeys.all, 'deploymentVersion'] as const,
+  deploymentVersion: (workflowId: string | undefined, version: number | undefined) =>
+    [...workflowKeys.deploymentVersions(), workflowId ?? '', version ?? 0] as const,
 }
 
 function mapWorkflow(workflow: any): WorkflowMetadata {
@@ -339,3 +343,60 @@ export function useDuplicateWorkflowMutation() {
     },
   })
 }
+
+interface DeploymentVersionStateResponse {
+  deployedState: WorkflowState
+}
+
+async function fetchDeploymentVersionState(
+  workflowId: string,
+  version: number
+): Promise<WorkflowState> {
+  const response = await fetch(`/api/workflows/${workflowId}/deployments/${version}`)
+
+  if (!response.ok) {
+    throw new Error(`Failed to fetch deployment version: ${response.statusText}`)
+  }
+
+  const data: DeploymentVersionStateResponse = await response.json()
+  if (!data.deployedState) {
+    throw new Error('No deployed state returned')
+  }
+
+  return data.deployedState
+}
+
+/**
+ * Hook for fetching the workflow state of a specific deployment version.
+ * Used in the deploy modal to preview historical versions.
+ */
+export function useDeploymentVersionState(workflowId: string | null, version: number | null) {
+  return useQuery({
+    queryKey: workflowKeys.deploymentVersion(workflowId ?? undefined, version ?? undefined),
+    queryFn: () => fetchDeploymentVersionState(workflowId as string, version as number),
+    enabled: Boolean(workflowId) && version !== null,
+    staleTime: 5 * 60 * 1000, // 5 minutes - deployment versions don't change
+  })
+}
+
+interface RevertToVersionVariables {
+  workflowId: string
+  version: number
+}
+
+/**
+ * Mutation hook for reverting (loading) a deployment version into the current workflow.
+ */
+export function useRevertToVersion() {
+  return useMutation({
+    mutationFn: async ({ workflowId, version }: RevertToVersionVariables): Promise<void> => {
+      const response = await fetch(`/api/workflows/${workflowId}/deployments/${version}/revert`, {
+        method: 'POST',
+      })
+
+      if (!response.ok) {
+        throw new Error('Failed to load deployment')
+      }
+    },
+  })
+}
diff --git a/apps/sim/hooks/use-webhook-management.ts b/apps/sim/hooks/use-webhook-management.ts
index 3e81c35ced..e71a0cedb3 100644
--- a/apps/sim/hooks/use-webhook-management.ts
+++ b/apps/sim/hooks/use-webhook-management.ts
@@ -10,6 +10,8 @@ import { getTrigger, isTriggerValid } from '@/triggers'
 
 const logger = createLogger('useWebhookManagement')
 
+const CREDENTIAL_SET_PREFIX = 'credentialSet:'
+
 interface UseWebhookManagementProps {
   blockId: string
   triggerId?: string
@@ -169,7 +171,22 @@ export function useWebhookManagement({
             if (webhook.providerConfig) {
               const effectiveTriggerId = resolveEffectiveTriggerId(blockId, triggerId, webhook)
 
-              useSubBlockStore.getState().setValue(blockId, 'triggerConfig', webhook.providerConfig)
+              // Filter out runtime/system fields from providerConfig before storing as triggerConfig
+              // These fields are managed by the system and should not be included in change detection
+              const {
+                credentialId: _credId,
+                credentialSetId: _credSetId,
+                userId: _userId,
+                historyId: _historyId,
+                lastCheckedTimestamp: _lastChecked,
+                setupCompleted: _setupCompleted,
+                externalId: _externalId,
+                triggerId: _triggerId,
+                blockId: _blockId,
+                ...userConfigurableFields
+              } = webhook.providerConfig as Record<string, unknown>
+
+              useSubBlockStore.getState().setValue(blockId, 'triggerConfig', userConfigurableFields)
 
               if (effectiveTriggerId) {
                 populateTriggerFieldsFromConfig(blockId, webhook.providerConfig, effectiveTriggerId)
@@ -220,9 +237,17 @@ export function useWebhookManagement({
     }
 
     const triggerConfig = useSubBlockStore.getState().getValue(blockId, 'triggerConfig')
+
+    const isCredentialSet = selectedCredentialId?.startsWith(CREDENTIAL_SET_PREFIX)
+    const credentialSetId = isCredentialSet
+      ? selectedCredentialId!.slice(CREDENTIAL_SET_PREFIX.length)
+      : undefined
+    const credentialId = isCredentialSet ? undefined : selectedCredentialId
+
     const webhookConfig = {
       ...(triggerConfig || {}),
-      ...(selectedCredentialId ? { credentialId: selectedCredentialId } : {}),
+      ...(credentialId ? { credentialId } : {}),
+      ...(credentialSetId ? { credentialSetId } : {}),
       triggerId: effectiveTriggerId,
     }
 
@@ -279,13 +304,20 @@ export function useWebhookManagement({
   ): Promise<boolean> => {
     const triggerConfig = useSubBlockStore.getState().getValue(blockId, 'triggerConfig')
 
+    const isCredentialSet = selectedCredentialId?.startsWith(CREDENTIAL_SET_PREFIX)
+    const credentialSetId = isCredentialSet
+      ? selectedCredentialId!.slice(CREDENTIAL_SET_PREFIX.length)
+      : undefined
+    const credentialId = isCredentialSet ? undefined : selectedCredentialId
+
     const response = await fetch(`/api/webhooks/${webhookIdToUpdate}`, {
       method: 'PATCH',
       headers: { 'Content-Type': 'application/json' },
       body: JSON.stringify({
         providerConfig: {
           ...triggerConfig,
-          ...(selectedCredentialId ? { credentialId: selectedCredentialId } : {}),
+          ...(credentialId ? { credentialId } : {}),
+          ...(credentialSetId ? { credentialSetId } : {}),
           triggerId: effectiveTriggerId,
         },
       }),
diff --git a/apps/sim/instrumentation-node.ts b/apps/sim/instrumentation-node.ts
index 5ac6d02f61..c1d1f4bad8 100644
--- a/apps/sim/instrumentation-node.ts
+++ b/apps/sim/instrumentation-node.ts
@@ -2,7 +2,9 @@
  * Sim OpenTelemetry - Server-side Instrumentation
  */
 
+import type { Attributes, Context, Link, SpanKind } from '@opentelemetry/api'
 import { DiagConsoleLogger, DiagLogLevel, diag } from '@opentelemetry/api'
+import type { Sampler, SamplingResult } from '@opentelemetry/sdk-trace-base'
 import { createLogger } from '@sim/logger'
 import { env } from './lib/core/config/env'
 
@@ -24,8 +26,25 @@ const DEFAULT_TELEMETRY_CONFIG = {
 }
 
 /**
- * Initialize OpenTelemetry SDK with proper configuration
+ * Span name prefixes we want to KEEP
  */
+const ALLOWED_SPAN_PREFIXES = [
+  'platform.', // Our platform events
+  'gen_ai.', // GenAI semantic convention spans
+  'workflow.', // Workflow execution spans
+  'block.', // Block execution spans
+  'http.client.', // Our API block HTTP calls
+  'function.', // Function block execution
+  'router.', // Router block evaluation
+  'condition.', // Condition block evaluation
+  'loop.', // Loop block execution
+  'parallel.', // Parallel block execution
+]
+
+function isBusinessSpan(spanName: string): boolean {
+  return ALLOWED_SPAN_PREFIXES.some((prefix) => spanName.startsWith(prefix))
+}
+
 async function initializeOpenTelemetry() {
   try {
     if (env.NEXT_TELEMETRY_DISABLED === '1') {
@@ -52,18 +71,43 @@ async function initializeOpenTelemetry() {
     )
     const { OTLPTraceExporter } = await import('@opentelemetry/exporter-trace-otlp-http')
     const { BatchSpanProcessor } = await import('@opentelemetry/sdk-trace-node')
-    const { ParentBasedSampler, TraceIdRatioBasedSampler } = await import(
+    const { ParentBasedSampler, TraceIdRatioBasedSampler, SamplingDecision } = await import(
       '@opentelemetry/sdk-trace-base'
     )
 
+    const createBusinessSpanSampler = (baseSampler: Sampler): Sampler => ({
+      shouldSample(
+        context: Context,
+        traceId: string,
+        spanName: string,
+        spanKind: SpanKind,
+        attributes: Attributes,
+        links: Link[]
+      ): SamplingResult {
+        if (attributes['next.span_type']) {
+          return { decision: SamplingDecision.NOT_RECORD }
+        }
+
+        if (isBusinessSpan(spanName)) {
+          return baseSampler.shouldSample(context, traceId, spanName, spanKind, attributes, links)
+        }
+
+        return { decision: SamplingDecision.NOT_RECORD }
+      },
+
+      toString(): string {
+        return `BusinessSpanSampler{baseSampler=${baseSampler.toString()}}`
+      },
+    })
+
     const exporter = new OTLPTraceExporter({
       url: telemetryConfig.endpoint,
       headers: {},
-      timeoutMillis: Math.min(telemetryConfig.batchSettings.exportTimeoutMillis, 10000), // Max 10s
+      timeoutMillis: Math.min(telemetryConfig.batchSettings.exportTimeoutMillis, 10000),
       keepAlive: false,
     })
 
-    const spanProcessor = new BatchSpanProcessor(exporter, {
+    const batchProcessor = new BatchSpanProcessor(exporter, {
       maxQueueSize: telemetryConfig.batchSettings.maxQueueSize,
       maxExportBatchSize: telemetryConfig.batchSettings.maxExportBatchSize,
       scheduledDelayMillis: telemetryConfig.batchSettings.scheduledDelayMillis,
@@ -82,13 +126,14 @@ async function initializeOpenTelemetry() {
       })
     )
 
-    const sampler = new ParentBasedSampler({
-      root: new TraceIdRatioBasedSampler(0.1), // 10% sampling for root spans
+    const baseSampler = new ParentBasedSampler({
+      root: new TraceIdRatioBasedSampler(0.1),
     })
+    const sampler = createBusinessSpanSampler(baseSampler)
 
     const sdk = new NodeSDK({
       resource,
-      spanProcessor,
+      spanProcessor: batchProcessor,
       sampler,
       traceExporter: exporter,
     })
@@ -107,7 +152,7 @@ async function initializeOpenTelemetry() {
     process.on('SIGTERM', shutdownHandler)
     process.on('SIGINT', shutdownHandler)
 
-    logger.info('OpenTelemetry instrumentation initialized')
+    logger.info('OpenTelemetry instrumentation initialized with business span filtering')
   } catch (error) {
     logger.error('Failed to initialize OpenTelemetry instrumentation', error)
   }
diff --git a/apps/sim/lib/api-key/byok.ts b/apps/sim/lib/api-key/byok.ts
index 458da3452a..34c589c21a 100644
--- a/apps/sim/lib/api-key/byok.ts
+++ b/apps/sim/lib/api-key/byok.ts
@@ -2,7 +2,12 @@ import { db } from '@sim/db'
 import { workspaceBYOKKeys } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
 import { and, eq } from 'drizzle-orm'
+import { isWorkspaceOnEnterprisePlan } from '@/lib/billing'
+import { getRotatingApiKey } from '@/lib/core/config/api-keys'
+import { isHosted } from '@/lib/core/config/feature-flags'
 import { decryptSecret } from '@/lib/core/security/encryption'
+import { getHostedModels } from '@/providers/models'
+import { useProvidersStore } from '@/stores/providers/store'
 
 const logger = createLogger('BYOKKeys')
 
@@ -51,9 +56,6 @@ export async function getApiKeyWithBYOK(
   workspaceId: string | undefined | null,
   userProvidedKey?: string
 ): Promise<{ apiKey: string; isBYOK: boolean }> {
-  const { isHosted } = await import('@/lib/core/config/feature-flags')
-  const { useProvidersStore } = await import('@/stores/providers/store')
-
   const isOllamaModel =
     provider === 'ollama' || useProvidersStore.getState().providers.ollama.models.includes(model)
   if (isOllamaModel) {
@@ -66,6 +68,11 @@ export async function getApiKeyWithBYOK(
     return { apiKey: userProvidedKey || 'empty', isBYOK: false }
   }
 
+  const isBedrockModel = provider === 'bedrock' || model.startsWith('bedrock/')
+  if (isBedrockModel) {
+    return { apiKey: 'bedrock-uses-own-credentials', isBYOK: false }
+  }
+
   const isOpenAIModel = provider === 'openai'
   const isClaudeModel = provider === 'anthropic'
   const isGeminiModel = provider === 'google'
@@ -78,23 +85,27 @@ export async function getApiKeyWithBYOK(
     workspaceId &&
     (isOpenAIModel || isClaudeModel || isGeminiModel || isMistralModel)
   ) {
-    const { getHostedModels } = await import('@/providers/models')
     const hostedModels = getHostedModels()
     const isModelHosted = hostedModels.some((m) => m.toLowerCase() === model.toLowerCase())
 
     logger.debug('BYOK check', { provider, model, workspaceId, isHosted, isModelHosted })
 
     if (isModelHosted || isMistralModel) {
-      const byokResult = await getBYOKKey(workspaceId, byokProviderId)
-      if (byokResult) {
-        logger.info('Using BYOK key', { provider, model, workspaceId })
-        return byokResult
+      const hasEnterprise = await isWorkspaceOnEnterprisePlan(workspaceId)
+
+      if (hasEnterprise) {
+        const byokResult = await getBYOKKey(workspaceId, byokProviderId)
+        if (byokResult) {
+          logger.info('Using BYOK key', { provider, model, workspaceId })
+          return byokResult
+        }
+        logger.debug('No BYOK key found, falling back', { provider, model, workspaceId })
+      } else {
+        logger.debug('Workspace not on enterprise plan, skipping BYOK', { workspaceId })
       }
-      logger.debug('No BYOK key found, falling back', { provider, model, workspaceId })
 
       if (isModelHosted) {
         try {
-          const { getRotatingApiKey } = await import('@/lib/core/config/api-keys')
           const serverKey = getRotatingApiKey(isGeminiModel ? 'gemini' : provider)
           return { apiKey: serverKey, isBYOK: false }
         } catch (_error) {
diff --git a/apps/sim/lib/auth/auth.ts b/apps/sim/lib/auth/auth.ts
index 3922c4f0b5..43e4c919ad 100644
--- a/apps/sim/lib/auth/auth.ts
+++ b/apps/sim/lib/auth/auth.ts
@@ -47,14 +47,17 @@ import { env } from '@/lib/core/config/env'
 import {
   isAuthDisabled,
   isBillingEnabled,
+  isEmailPasswordEnabled,
   isEmailVerificationEnabled,
   isHosted,
   isRegistrationDisabled,
 } from '@/lib/core/config/feature-flags'
+import { PlatformEvents } from '@/lib/core/telemetry'
 import { getBaseUrl } from '@/lib/core/utils/urls'
 import { sendEmail } from '@/lib/messaging/email/mailer'
 import { getFromEmailAddress, getPersonalEmailFrom } from '@/lib/messaging/email/utils'
 import { quickValidateEmail } from '@/lib/messaging/email/validation'
+import { syncAllWebhooksForCredentialSet } from '@/lib/webhooks/utils.server'
 import { createAnonymousSession, ensureAnonymousUserExists } from './anonymous'
 import { SSO_TRUSTED_PROVIDERS } from './sso/constants'
 
@@ -96,6 +99,15 @@ export const auth = betterAuth({
             userId: user.id,
           })
 
+          try {
+            PlatformEvents.userSignedUp({
+              userId: user.id,
+              authMethod: 'email',
+            })
+          } catch {
+            // Telemetry should not fail the operation
+          }
+
           try {
             await handleNewUser(user.id)
           } catch (error) {
@@ -188,6 +200,49 @@ export const auth = betterAuth({
               })
               .where(eq(schema.account.id, existing.id))
 
+            // Sync webhooks for credential sets after reconnecting
+            const requestId = crypto.randomUUID().slice(0, 8)
+            const userMemberships = await db
+              .select({
+                credentialSetId: schema.credentialSetMember.credentialSetId,
+                providerId: schema.credentialSet.providerId,
+              })
+              .from(schema.credentialSetMember)
+              .innerJoin(
+                schema.credentialSet,
+                eq(schema.credentialSetMember.credentialSetId, schema.credentialSet.id)
+              )
+              .where(
+                and(
+                  eq(schema.credentialSetMember.userId, account.userId),
+                  eq(schema.credentialSetMember.status, 'active')
+                )
+              )
+
+            for (const membership of userMemberships) {
+              if (membership.providerId === account.providerId) {
+                try {
+                  await syncAllWebhooksForCredentialSet(membership.credentialSetId, requestId)
+                  logger.info(
+                    '[account.create.before] Synced webhooks after credential reconnect',
+                    {
+                      credentialSetId: membership.credentialSetId,
+                      providerId: account.providerId,
+                    }
+                  )
+                } catch (error) {
+                  logger.error(
+                    '[account.create.before] Failed to sync webhooks after credential reconnect',
+                    {
+                      credentialSetId: membership.credentialSetId,
+                      providerId: account.providerId,
+                      error,
+                    }
+                  )
+                }
+              }
+            }
+
             return false
           }
 
@@ -235,6 +290,55 @@ export const auth = betterAuth({
               await db.update(schema.account).set(updates).where(eq(schema.account.id, account.id))
             }
           }
+
+          // Sync webhooks for credential sets after connecting a new credential
+          const requestId = crypto.randomUUID().slice(0, 8)
+          const userMemberships = await db
+            .select({
+              credentialSetId: schema.credentialSetMember.credentialSetId,
+              providerId: schema.credentialSet.providerId,
+            })
+            .from(schema.credentialSetMember)
+            .innerJoin(
+              schema.credentialSet,
+              eq(schema.credentialSetMember.credentialSetId, schema.credentialSet.id)
+            )
+            .where(
+              and(
+                eq(schema.credentialSetMember.userId, account.userId),
+                eq(schema.credentialSetMember.status, 'active')
+              )
+            )
+
+          for (const membership of userMemberships) {
+            if (membership.providerId === account.providerId) {
+              try {
+                await syncAllWebhooksForCredentialSet(membership.credentialSetId, requestId)
+                logger.info('[account.create.after] Synced webhooks after credential connect', {
+                  credentialSetId: membership.credentialSetId,
+                  providerId: account.providerId,
+                })
+              } catch (error) {
+                logger.error(
+                  '[account.create.after] Failed to sync webhooks after credential connect',
+                  {
+                    credentialSetId: membership.credentialSetId,
+                    providerId: account.providerId,
+                    error,
+                  }
+                )
+              }
+            }
+          }
+
+          try {
+            PlatformEvents.oauthConnected({
+              userId: account.userId,
+              provider: account.providerId,
+            })
+          } catch {
+            // Telemetry should not fail the operation
+          }
         },
       },
     },
@@ -377,6 +481,12 @@ export const auth = betterAuth({
       if (ctx.path.startsWith('/sign-up') && isRegistrationDisabled)
         throw new Error('Registration is disabled, please contact your admin.')
 
+      if (!isEmailPasswordEnabled) {
+        const emailPasswordPaths = ['/sign-in/email', '/sign-up/email', '/email-otp']
+        if (emailPasswordPaths.some((path) => ctx.path.startsWith(path)))
+          throw new Error('Email/password authentication is disabled. Please use SSO to sign in.')
+      }
+
       if (
         (ctx.path.startsWith('/sign-in') || ctx.path.startsWith('/sign-up')) &&
         (env.ALLOWED_LOGIN_EMAILS || env.ALLOWED_LOGIN_DOMAINS)
diff --git a/apps/sim/lib/billing/core/plan.ts b/apps/sim/lib/billing/core/plan.ts
new file mode 100644
index 0000000000..073a9a6a36
--- /dev/null
+++ b/apps/sim/lib/billing/core/plan.ts
@@ -0,0 +1,53 @@
+import { db } from '@sim/db'
+import { member, subscription } from '@sim/db/schema'
+import { createLogger } from '@sim/logger'
+import { and, eq, inArray } from 'drizzle-orm'
+import { checkEnterprisePlan, checkProPlan, checkTeamPlan } from '@/lib/billing/subscriptions/utils'
+
+const logger = createLogger('PlanLookup')
+
+/**
+ * Get the highest priority active subscription for a user
+ * Priority: Enterprise > Team > Pro > Free
+ */
+export async function getHighestPrioritySubscription(userId: string) {
+  try {
+    const personalSubs = await db
+      .select()
+      .from(subscription)
+      .where(and(eq(subscription.referenceId, userId), eq(subscription.status, 'active')))
+
+    const memberships = await db
+      .select({ organizationId: member.organizationId })
+      .from(member)
+      .where(eq(member.userId, userId))
+
+    const orgIds = memberships.map((m: { organizationId: string }) => m.organizationId)
+
+    let orgSubs: typeof personalSubs = []
+    if (orgIds.length > 0) {
+      orgSubs = await db
+        .select()
+        .from(subscription)
+        .where(and(inArray(subscription.referenceId, orgIds), eq(subscription.status, 'active')))
+    }
+
+    const allSubs = [...personalSubs, ...orgSubs]
+
+    if (allSubs.length === 0) return null
+
+    const enterpriseSub = allSubs.find((s) => checkEnterprisePlan(s))
+    if (enterpriseSub) return enterpriseSub
+
+    const teamSub = allSubs.find((s) => checkTeamPlan(s))
+    if (teamSub) return teamSub
+
+    const proSub = allSubs.find((s) => checkProPlan(s))
+    if (proSub) return proSub
+
+    return null
+  } catch (error) {
+    logger.error('Error getting highest priority subscription', { error, userId })
+    return null
+  }
+}
diff --git a/apps/sim/lib/billing/core/subscription.ts b/apps/sim/lib/billing/core/subscription.ts
index 9b5f4047bd..c1d5f7e3a0 100644
--- a/apps/sim/lib/billing/core/subscription.ts
+++ b/apps/sim/lib/billing/core/subscription.ts
@@ -1,7 +1,9 @@
 import { db } from '@sim/db'
-import { member, subscription, user, userStats } from '@sim/db/schema'
+import { member, subscription, user, userStats, workspace } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
-import { and, eq, inArray } from 'drizzle-orm'
+import { and, eq } from 'drizzle-orm'
+import { getHighestPrioritySubscription } from '@/lib/billing/core/plan'
+import { getUserUsageLimit } from '@/lib/billing/core/usage'
 import {
   checkEnterprisePlan,
   checkProPlan,
@@ -10,65 +12,17 @@ import {
   getPerUserMinimumLimit,
 } from '@/lib/billing/subscriptions/utils'
 import type { UserSubscriptionState } from '@/lib/billing/types'
-import { isProd } from '@/lib/core/config/feature-flags'
+import {
+  isCredentialSetsEnabled,
+  isHosted,
+  isProd,
+  isSsoEnabled,
+} from '@/lib/core/config/feature-flags'
 import { getBaseUrl } from '@/lib/core/utils/urls'
 
 const logger = createLogger('SubscriptionCore')
 
-/**
- * Core subscription management - single source of truth
- * Consolidates logic from both lib/subscription.ts and lib/subscription/subscription.ts
- */
-
-/**
- * Get the highest priority active subscription for a user
- * Priority: Enterprise > Team > Pro > Free
- */
-export async function getHighestPrioritySubscription(userId: string) {
-  try {
-    // Get direct subscriptions
-    const personalSubs = await db
-      .select()
-      .from(subscription)
-      .where(and(eq(subscription.referenceId, userId), eq(subscription.status, 'active')))
-
-    // Get organization memberships
-    const memberships = await db
-      .select({ organizationId: member.organizationId })
-      .from(member)
-      .where(eq(member.userId, userId))
-
-    const orgIds = memberships.map((m: { organizationId: string }) => m.organizationId)
-
-    // Get organization subscriptions
-    let orgSubs: any[] = []
-    if (orgIds.length > 0) {
-      orgSubs = await db
-        .select()
-        .from(subscription)
-        .where(and(inArray(subscription.referenceId, orgIds), eq(subscription.status, 'active')))
-    }
-
-    const allSubs = [...personalSubs, ...orgSubs]
-
-    if (allSubs.length === 0) return null
-
-    // Return highest priority subscription
-    const enterpriseSub = allSubs.find((s) => checkEnterprisePlan(s))
-    if (enterpriseSub) return enterpriseSub
-
-    const teamSub = allSubs.find((s) => checkTeamPlan(s))
-    if (teamSub) return teamSub
-
-    const proSub = allSubs.find((s) => checkProPlan(s))
-    if (proSub) return proSub
-
-    return null
-  } catch (error) {
-    logger.error('Error getting highest priority subscription', { error, userId })
-    return null
-  }
-}
+export { getHighestPrioritySubscription }
 
 /**
  * Check if user is on Pro plan (direct or via organization)
@@ -144,6 +98,224 @@ export async function isEnterprisePlan(userId: string): Promise<boolean> {
   }
 }
 
+/**
+ * Check if user is an admin or owner of an enterprise organization
+ * Returns true if:
+ * - User is a member of an enterprise organization AND
+ * - User's role in that organization is 'owner' or 'admin'
+ *
+ * In non-production environments, returns true for convenience.
+ */
+export async function isEnterpriseOrgAdminOrOwner(userId: string): Promise<boolean> {
+  try {
+    if (!isProd) {
+      return true
+    }
+
+    const [memberRecord] = await db
+      .select({
+        organizationId: member.organizationId,
+        role: member.role,
+      })
+      .from(member)
+      .where(eq(member.userId, userId))
+      .limit(1)
+
+    if (!memberRecord) {
+      return false
+    }
+
+    if (memberRecord.role !== 'owner' && memberRecord.role !== 'admin') {
+      return false
+    }
+
+    const [orgSub] = await db
+      .select()
+      .from(subscription)
+      .where(
+        and(
+          eq(subscription.referenceId, memberRecord.organizationId),
+          eq(subscription.status, 'active')
+        )
+      )
+      .limit(1)
+
+    const isEnterprise = orgSub && checkEnterprisePlan(orgSub)
+
+    if (isEnterprise) {
+      logger.info('User is enterprise org admin/owner', {
+        userId,
+        organizationId: memberRecord.organizationId,
+        role: memberRecord.role,
+      })
+    }
+
+    return !!isEnterprise
+  } catch (error) {
+    logger.error('Error checking enterprise org admin/owner status', { error, userId })
+    return false
+  }
+}
+
+/**
+ * Check if user is an admin or owner of a team or enterprise organization
+ * Returns true if:
+ * - User is a member of a team/enterprise organization AND
+ * - User's role in that organization is 'owner' or 'admin'
+ *
+ * In non-production environments, returns true for convenience.
+ */
+export async function isTeamOrgAdminOrOwner(userId: string): Promise<boolean> {
+  try {
+    if (!isProd) {
+      return true
+    }
+
+    const [memberRecord] = await db
+      .select({
+        organizationId: member.organizationId,
+        role: member.role,
+      })
+      .from(member)
+      .where(eq(member.userId, userId))
+      .limit(1)
+
+    if (!memberRecord) {
+      return false
+    }
+
+    if (memberRecord.role !== 'owner' && memberRecord.role !== 'admin') {
+      return false
+    }
+
+    const [orgSub] = await db
+      .select()
+      .from(subscription)
+      .where(
+        and(
+          eq(subscription.referenceId, memberRecord.organizationId),
+          eq(subscription.status, 'active')
+        )
+      )
+      .limit(1)
+
+    const hasTeamPlan = orgSub && (checkTeamPlan(orgSub) || checkEnterprisePlan(orgSub))
+
+    if (hasTeamPlan) {
+      logger.info('User is team org admin/owner', {
+        userId,
+        organizationId: memberRecord.organizationId,
+        role: memberRecord.role,
+        plan: orgSub.plan,
+      })
+    }
+
+    return !!hasTeamPlan
+  } catch (error) {
+    logger.error('Error checking team org admin/owner status', { error, userId })
+    return false
+  }
+}
+
+/**
+ * Check if a workspace has access to enterprise features (BYOK)
+ * Used at execution time to determine if BYOK keys should be used
+ * Returns true if workspace's billed account is on enterprise plan
+ */
+export async function isWorkspaceOnEnterprisePlan(workspaceId: string): Promise<boolean> {
+  try {
+    if (!isProd) {
+      return true
+    }
+
+    const [ws] = await db
+      .select({ billedAccountUserId: workspace.billedAccountUserId })
+      .from(workspace)
+      .where(eq(workspace.id, workspaceId))
+      .limit(1)
+
+    if (!ws) {
+      return false
+    }
+
+    return isEnterprisePlan(ws.billedAccountUserId)
+  } catch (error) {
+    logger.error('Error checking workspace enterprise status', { error, workspaceId })
+    return false
+  }
+}
+
+/**
+ * Check if an organization has team or enterprise plan
+ * Used at execution time (e.g., polling services) to check org billing directly
+ */
+export async function isOrganizationOnTeamOrEnterprisePlan(
+  organizationId: string
+): Promise<boolean> {
+  try {
+    if (!isProd) {
+      return true
+    }
+
+    if (isCredentialSetsEnabled && !isHosted) {
+      return true
+    }
+
+    const [orgSub] = await db
+      .select()
+      .from(subscription)
+      .where(and(eq(subscription.referenceId, organizationId), eq(subscription.status, 'active')))
+      .limit(1)
+
+    return !!orgSub && (checkTeamPlan(orgSub) || checkEnterprisePlan(orgSub))
+  } catch (error) {
+    logger.error('Error checking organization plan status', { error, organizationId })
+    return false
+  }
+}
+
+/**
+ * Check if user has access to credential sets (email polling) feature
+ * Returns true if:
+ * - CREDENTIAL_SETS_ENABLED env var is set (self-hosted override), OR
+ * - User is admin/owner of a team/enterprise organization
+ *
+ * In non-production environments, returns true for convenience.
+ */
+export async function hasCredentialSetsAccess(userId: string): Promise<boolean> {
+  try {
+    if (isCredentialSetsEnabled && !isHosted) {
+      return true
+    }
+
+    return isTeamOrgAdminOrOwner(userId)
+  } catch (error) {
+    logger.error('Error checking credential sets access', { error, userId })
+    return false
+  }
+}
+
+/**
+ * Check if user has access to SSO feature
+ * Returns true if:
+ * - SSO_ENABLED env var is set (self-hosted override), OR
+ * - User is admin/owner of an enterprise organization
+ *
+ * In non-production environments, returns true for convenience.
+ */
+export async function hasSSOAccess(userId: string): Promise<boolean> {
+  try {
+    if (isSsoEnabled && !isHosted) {
+      return true
+    }
+
+    return isEnterpriseOrgAdminOrOwner(userId)
+  } catch (error) {
+    logger.error('Error checking SSO access', { error, userId })
+    return false
+  }
+}
+
 /**
  * Check if user has exceeded their cost limit based on current period usage
  */
@@ -160,7 +332,6 @@ export async function hasExceededCostLimit(userId: string): Promise<boolean> {
     if (subscription) {
       // Team/Enterprise: Use organization limit
       if (subscription.plan === 'team' || subscription.plan === 'enterprise') {
-        const { getUserUsageLimit } = await import('@/lib/billing/core/usage')
         limit = await getUserUsageLimit(userId)
         logger.info('Using organization limit', {
           userId,
@@ -221,14 +392,16 @@ export async function getUserSubscriptionState(userId: string): Promise<UserSubs
     // Determine plan types based on subscription (avoid redundant DB calls)
     const isPro =
       !isProd ||
-      (subscription &&
+      !!(
+        subscription &&
         (checkProPlan(subscription) ||
           checkTeamPlan(subscription) ||
-          checkEnterprisePlan(subscription)))
+          checkEnterprisePlan(subscription))
+      )
     const isTeam =
       !isProd ||
-      (subscription && (checkTeamPlan(subscription) || checkEnterprisePlan(subscription)))
-    const isEnterprise = !isProd || (subscription && checkEnterprisePlan(subscription))
+      !!(subscription && (checkTeamPlan(subscription) || checkEnterprisePlan(subscription)))
+    const isEnterprise = !isProd || !!(subscription && checkEnterprisePlan(subscription))
     const isFree = !isPro && !isTeam && !isEnterprise
 
     // Determine plan name
@@ -244,7 +417,6 @@ export async function getUserSubscriptionState(userId: string): Promise<UserSubs
       if (subscription) {
         // Team/Enterprise: Use organization limit
         if (subscription.plan === 'team' || subscription.plan === 'enterprise') {
-          const { getUserUsageLimit } = await import('@/lib/billing/core/usage')
           limit = await getUserUsageLimit(userId)
         } else {
           // Pro/Free: Use individual limit
diff --git a/apps/sim/lib/billing/core/usage.ts b/apps/sim/lib/billing/core/usage.ts
index f0c1f4b781..85977b8dbc 100644
--- a/apps/sim/lib/billing/core/usage.ts
+++ b/apps/sim/lib/billing/core/usage.ts
@@ -7,7 +7,7 @@ import {
   renderFreeTierUpgradeEmail,
   renderUsageThresholdEmail,
 } from '@/components/emails'
-import { getHighestPrioritySubscription } from '@/lib/billing/core/subscription'
+import { getHighestPrioritySubscription } from '@/lib/billing/core/plan'
 import {
   canEditUsageLimit,
   getFreeTierLimit,
diff --git a/apps/sim/lib/billing/index.ts b/apps/sim/lib/billing/index.ts
index cfa17f8785..bd2ee20111 100644
--- a/apps/sim/lib/billing/index.ts
+++ b/apps/sim/lib/billing/index.ts
@@ -10,9 +10,15 @@ export * from '@/lib/billing/core/subscription'
 export {
   getHighestPrioritySubscription as getActiveSubscription,
   getUserSubscriptionState as getSubscriptionState,
+  hasCredentialSetsAccess,
+  hasSSOAccess,
+  isEnterpriseOrgAdminOrOwner,
   isEnterprisePlan as hasEnterprisePlan,
+  isOrganizationOnTeamOrEnterprisePlan,
   isProPlan as hasProPlan,
+  isTeamOrgAdminOrOwner,
   isTeamPlan as hasTeamPlan,
+  isWorkspaceOnEnterprisePlan,
   sendPlanWelcomeEmail,
 } from '@/lib/billing/core/subscription'
 export * from '@/lib/billing/core/usage'
diff --git a/apps/sim/lib/core/config/env.ts b/apps/sim/lib/core/config/env.ts
index 56bc8ebee7..8f2eb0e7a9 100644
--- a/apps/sim/lib/core/config/env.ts
+++ b/apps/sim/lib/core/config/env.ts
@@ -20,6 +20,7 @@ export const env = createEnv({
     BETTER_AUTH_URL:                       z.string().url(),                       // Base URL for Better Auth service
     BETTER_AUTH_SECRET:                    z.string().min(32),                     // Secret key for Better Auth JWT signing
     DISABLE_REGISTRATION:                  z.boolean().optional(),                 // Flag to disable new user registration
+    EMAIL_PASSWORD_SIGNUP_ENABLED:         z.boolean().optional().default(true),   // Enable email/password authentication (server-side enforcement)
     DISABLE_AUTH:                          z.boolean().optional(),                 // Bypass authentication entirely (self-hosted only, creates anonymous session)
     ALLOWED_LOGIN_EMAILS:                  z.string().optional(),                  // Comma-separated list of allowed email addresses for login
     ALLOWED_LOGIN_DOMAINS:                 z.string().optional(),                  // Comma-separated list of allowed email domains for login
@@ -247,6 +248,9 @@ export const env = createEnv({
     E2B_ENABLED:                           z.string().optional(),                  // Enable E2B remote code execution
     E2B_API_KEY:                           z.string().optional(),                  // E2B API key for sandbox creation
 
+    // Credential Sets (Email Polling) - for self-hosted deployments
+    CREDENTIAL_SETS_ENABLED:               z.boolean().optional(),                 // Enable credential sets on self-hosted (bypasses plan requirements)
+
     // SSO Configuration (for script-based registration)
     SSO_ENABLED:                           z.boolean().optional(),                 // Enable SSO functionality
     SSO_PROVIDER_TYPE:                     z.enum(['oidc', 'saml']).optional(),    // [REQUIRED] SSO provider type
@@ -324,6 +328,7 @@ export const env = createEnv({
     // Feature Flags
     NEXT_PUBLIC_TRIGGER_DEV_ENABLED:       z.boolean().optional(),                 // Client-side gate for async executions UI
     NEXT_PUBLIC_SSO_ENABLED:               z.boolean().optional(),                 // Enable SSO login UI components
+    NEXT_PUBLIC_CREDENTIAL_SETS_ENABLED:   z.boolean().optional(),                 // Enable credential sets (email polling) on self-hosted
     NEXT_PUBLIC_EMAIL_PASSWORD_SIGNUP_ENABLED: z.boolean().optional().default(true), // Control visibility of email/password login forms
   },
 
@@ -352,6 +357,7 @@ export const env = createEnv({
     NEXT_PUBLIC_BRAND_BACKGROUND_COLOR: process.env.NEXT_PUBLIC_BRAND_BACKGROUND_COLOR,
     NEXT_PUBLIC_TRIGGER_DEV_ENABLED: process.env.NEXT_PUBLIC_TRIGGER_DEV_ENABLED,
     NEXT_PUBLIC_SSO_ENABLED: process.env.NEXT_PUBLIC_SSO_ENABLED,
+    NEXT_PUBLIC_CREDENTIAL_SETS_ENABLED: process.env.NEXT_PUBLIC_CREDENTIAL_SETS_ENABLED,
     NEXT_PUBLIC_EMAIL_PASSWORD_SIGNUP_ENABLED: process.env.NEXT_PUBLIC_EMAIL_PASSWORD_SIGNUP_ENABLED,
     NEXT_PUBLIC_E2B_ENABLED: process.env.NEXT_PUBLIC_E2B_ENABLED,
     NEXT_PUBLIC_COPILOT_TRAINING_ENABLED: process.env.NEXT_PUBLIC_COPILOT_TRAINING_ENABLED,
diff --git a/apps/sim/lib/core/config/feature-flags.ts b/apps/sim/lib/core/config/feature-flags.ts
index 61e12732fa..dc5af8a78b 100644
--- a/apps/sim/lib/core/config/feature-flags.ts
+++ b/apps/sim/lib/core/config/feature-flags.ts
@@ -1,7 +1,7 @@
 /**
  * Environment utility functions for consistent environment detection across the application
  */
-import { env, getEnv, isTruthy } from './env'
+import { env, getEnv, isFalsy, isTruthy } from './env'
 
 /**
  * Is the application running in production mode
@@ -65,6 +65,11 @@ if (isTruthy(env.DISABLE_AUTH)) {
  */
 export const isRegistrationDisabled = isTruthy(env.DISABLE_REGISTRATION)
 
+/**
+ * Is email/password authentication enabled (defaults to true)
+ */
+export const isEmailPasswordEnabled = !isFalsy(env.EMAIL_PASSWORD_SIGNUP_ENABLED)
+
 /**
  * Is Trigger.dev enabled for async job processing
  */
@@ -75,6 +80,12 @@ export const isTriggerDevEnabled = isTruthy(env.TRIGGER_DEV_ENABLED)
  */
 export const isSsoEnabled = isTruthy(env.SSO_ENABLED)
 
+/**
+ * Is credential sets (email polling) enabled via env var override
+ * This bypasses plan requirements for self-hosted deployments
+ */
+export const isCredentialSetsEnabled = isTruthy(env.CREDENTIAL_SETS_ENABLED)
+
 /**
  * Is E2B enabled for remote code execution
  */
diff --git a/apps/sim/lib/core/security/csp.test.ts b/apps/sim/lib/core/security/csp.test.ts
index bd51015471..e36344eb4d 100644
--- a/apps/sim/lib/core/security/csp.test.ts
+++ b/apps/sim/lib/core/security/csp.test.ts
@@ -1,7 +1,8 @@
+import { createEnvMock } from '@sim/testing'
 import { afterEach, describe, expect, it, vi } from 'vitest'
 
-vi.mock('@/lib/core/config/env', () => ({
-  env: {
+vi.mock('@/lib/core/config/env', () =>
+  createEnvMock({
     NEXT_PUBLIC_APP_URL: 'https://example.com',
     NEXT_PUBLIC_SOCKET_URL: 'https://socket.example.com',
     OLLAMA_URL: 'http://localhost:11434',
@@ -13,20 +14,8 @@ vi.mock('@/lib/core/config/env', () => ({
     NEXT_PUBLIC_BRAND_FAVICON_URL: 'https://brand.example.com/favicon.ico',
     NEXT_PUBLIC_PRIVACY_URL: 'https://legal.example.com/privacy',
     NEXT_PUBLIC_TERMS_URL: 'https://legal.example.com/terms',
-  },
-  getEnv: vi.fn((key: string) => {
-    const envMap: Record<string, string> = {
-      NEXT_PUBLIC_APP_URL: 'https://example.com',
-      NEXT_PUBLIC_SOCKET_URL: 'https://socket.example.com',
-      OLLAMA_URL: 'http://localhost:11434',
-      NEXT_PUBLIC_BRAND_LOGO_URL: 'https://brand.example.com/logo.png',
-      NEXT_PUBLIC_BRAND_FAVICON_URL: 'https://brand.example.com/favicon.ico',
-      NEXT_PUBLIC_PRIVACY_URL: 'https://legal.example.com/privacy',
-      NEXT_PUBLIC_TERMS_URL: 'https://legal.example.com/terms',
-    }
-    return envMap[key] || ''
-  }),
-}))
+  })
+)
 
 vi.mock('@/lib/core/config/feature-flags', () => ({
   isDev: false,
diff --git a/apps/sim/lib/core/security/encryption.test.ts b/apps/sim/lib/core/security/encryption.test.ts
index 0e54d21dec..67540e5cac 100644
--- a/apps/sim/lib/core/security/encryption.test.ts
+++ b/apps/sim/lib/core/security/encryption.test.ts
@@ -6,6 +6,10 @@ const mockEnv = vi.hoisted(() => ({
 
 vi.mock('@/lib/core/config/env', () => ({
   env: mockEnv,
+  isTruthy: (value: string | boolean | number | undefined) =>
+    typeof value === 'string' ? value.toLowerCase() === 'true' || value === '1' : Boolean(value),
+  isFalsy: (value: string | boolean | number | undefined) =>
+    typeof value === 'string' ? value.toLowerCase() === 'false' || value === '0' : value === false,
 }))
 
 vi.mock('@sim/logger', () => ({
diff --git a/apps/sim/lib/core/security/input-validation.test.ts b/apps/sim/lib/core/security/input-validation.test.ts
index b61882e2c6..78268de85b 100644
--- a/apps/sim/lib/core/security/input-validation.test.ts
+++ b/apps/sim/lib/core/security/input-validation.test.ts
@@ -595,26 +595,6 @@ describe('validateUrlWithDNS', () => {
       expect(result.isValid).toBe(false)
     })
   })
-
-  describe('DNS resolution', () => {
-    it('should accept valid public URLs and return resolved IP', async () => {
-      const result = await validateUrlWithDNS('https://example.com')
-      expect(result.isValid).toBe(true)
-      expect(result.resolvedIP).toBeDefined()
-      expect(result.originalHostname).toBe('example.com')
-    })
-
-    it('should reject URLs that resolve to private IPs', async () => {
-      const result = await validateUrlWithDNS('https://localhost.localdomain')
-      expect(result.isValid).toBe(false)
-    })
-
-    it('should reject unresolvable hostnames', async () => {
-      const result = await validateUrlWithDNS('https://this-domain-does-not-exist-xyz123.invalid')
-      expect(result.isValid).toBe(false)
-      expect(result.error).toContain('could not be resolved')
-    })
-  })
 })
 
 describe('createPinnedUrl', () => {
diff --git a/apps/sim/lib/core/telemetry.ts b/apps/sim/lib/core/telemetry.ts
index dc2c60e3a2..c12fe1303a 100644
--- a/apps/sim/lib/core/telemetry.ts
+++ b/apps/sim/lib/core/telemetry.ts
@@ -449,3 +449,505 @@ export function trackPlatformEvent(
     // Silently fail
   }
 }
+
+// ============================================================================
+// PLATFORM TELEMETRY EVENTS
+// ============================================================================
+//
+// Naming Convention:
+//   Event:     platform.{resource}.{past_tense_action}
+//   Attribute: {resource}.{attribute_name}
+//
+// Examples:
+//   Event:     platform.user.signed_up
+//   Attribute: user.id, user.auth_method, workspace.id
+//
+// Categories:
+//   - User/Auth:      platform.user.*
+//   - Workspace:      platform.workspace.*
+//   - Workflow:       platform.workflow.*
+//   - Knowledge Base: platform.knowledge_base.*
+//   - MCP:            platform.mcp.*
+//   - API Keys:       platform.api_key.*
+//   - OAuth:          platform.oauth.*
+//   - Webhook:        platform.webhook.*
+//   - Billing:        platform.billing.*
+//   - Template:       platform.template.*
+// ============================================================================
+
+/**
+ * Platform Events - Typed event tracking helpers
+ * These provide type-safe, consistent telemetry across the platform
+ */
+export const PlatformEvents = {
+  /**
+   * Track user sign up
+   */
+  userSignedUp: (attrs: {
+    userId: string
+    authMethod: 'email' | 'oauth' | 'sso'
+    provider?: string
+  }) => {
+    trackPlatformEvent('platform.user.signed_up', {
+      'user.id': attrs.userId,
+      'user.auth_method': attrs.authMethod,
+      ...(attrs.provider && { 'user.auth_provider': attrs.provider }),
+    })
+  },
+
+  /**
+   * Track user sign in
+   */
+  userSignedIn: (attrs: {
+    userId: string
+    authMethod: 'email' | 'oauth' | 'sso'
+    provider?: string
+  }) => {
+    trackPlatformEvent('platform.user.signed_in', {
+      'user.id': attrs.userId,
+      'user.auth_method': attrs.authMethod,
+      ...(attrs.provider && { 'user.auth_provider': attrs.provider }),
+    })
+  },
+
+  /**
+   * Track password reset requested
+   */
+  passwordResetRequested: (attrs: { userId: string }) => {
+    trackPlatformEvent('platform.user.password_reset_requested', {
+      'user.id': attrs.userId,
+    })
+  },
+
+  /**
+   * Track workspace created
+   */
+  workspaceCreated: (attrs: { workspaceId: string; userId: string; name: string }) => {
+    trackPlatformEvent('platform.workspace.created', {
+      'workspace.id': attrs.workspaceId,
+      'workspace.name': attrs.name,
+      'user.id': attrs.userId,
+    })
+  },
+
+  /**
+   * Track member invited to workspace
+   */
+  workspaceMemberInvited: (attrs: {
+    workspaceId: string
+    invitedBy: string
+    inviteeEmail: string
+    role: string
+  }) => {
+    trackPlatformEvent('platform.workspace.member_invited', {
+      'workspace.id': attrs.workspaceId,
+      'user.id': attrs.invitedBy,
+      'invitation.role': attrs.role,
+    })
+  },
+
+  /**
+   * Track member joined workspace
+   */
+  workspaceMemberJoined: (attrs: { workspaceId: string; userId: string; role: string }) => {
+    trackPlatformEvent('platform.workspace.member_joined', {
+      'workspace.id': attrs.workspaceId,
+      'user.id': attrs.userId,
+      'member.role': attrs.role,
+    })
+  },
+
+  /**
+   * Track workflow created
+   */
+  workflowCreated: (attrs: {
+    workflowId: string
+    name: string
+    workspaceId?: string
+    folderId?: string
+  }) => {
+    trackPlatformEvent('platform.workflow.created', {
+      'workflow.id': attrs.workflowId,
+      'workflow.name': attrs.name,
+      'workflow.has_workspace': !!attrs.workspaceId,
+      'workflow.has_folder': !!attrs.folderId,
+    })
+  },
+
+  /**
+   * Track workflow deleted
+   */
+  workflowDeleted: (attrs: { workflowId: string; workspaceId?: string }) => {
+    trackPlatformEvent('platform.workflow.deleted', {
+      'workflow.id': attrs.workflowId,
+      ...(attrs.workspaceId && { 'workspace.id': attrs.workspaceId }),
+    })
+  },
+
+  /**
+   * Track workflow duplicated
+   */
+  workflowDuplicated: (attrs: {
+    sourceWorkflowId: string
+    newWorkflowId: string
+    workspaceId?: string
+  }) => {
+    trackPlatformEvent('platform.workflow.duplicated', {
+      'workflow.source_id': attrs.sourceWorkflowId,
+      'workflow.new_id': attrs.newWorkflowId,
+      ...(attrs.workspaceId && { 'workspace.id': attrs.workspaceId }),
+    })
+  },
+
+  /**
+   * Track workflow deployed
+   */
+  workflowDeployed: (attrs: {
+    workflowId: string
+    workflowName: string
+    blocksCount: number
+    edgesCount: number
+    version: number
+    loopsCount?: number
+    parallelsCount?: number
+    blockTypes?: string
+  }) => {
+    trackPlatformEvent('platform.workflow.deployed', {
+      'workflow.id': attrs.workflowId,
+      'workflow.name': attrs.workflowName,
+      'workflow.blocks_count': attrs.blocksCount,
+      'workflow.edges_count': attrs.edgesCount,
+      'deployment.version': attrs.version,
+      ...(attrs.loopsCount !== undefined && { 'workflow.loops_count': attrs.loopsCount }),
+      ...(attrs.parallelsCount !== undefined && {
+        'workflow.parallels_count': attrs.parallelsCount,
+      }),
+      ...(attrs.blockTypes && { 'workflow.block_types': attrs.blockTypes }),
+    })
+  },
+
+  /**
+   * Track workflow undeployed
+   */
+  workflowUndeployed: (attrs: { workflowId: string }) => {
+    trackPlatformEvent('platform.workflow.undeployed', {
+      'workflow.id': attrs.workflowId,
+    })
+  },
+
+  /**
+   * Track workflow executed
+   */
+  workflowExecuted: (attrs: {
+    workflowId: string
+    durationMs: number
+    status: 'success' | 'error' | 'cancelled' | 'paused'
+    trigger: string
+    blocksExecuted: number
+    hasErrors: boolean
+    totalCost?: number
+    errorMessage?: string
+  }) => {
+    trackPlatformEvent('platform.workflow.executed', {
+      'workflow.id': attrs.workflowId,
+      'execution.duration_ms': attrs.durationMs,
+      'execution.status': attrs.status,
+      'execution.trigger': attrs.trigger,
+      'execution.blocks_executed': attrs.blocksExecuted,
+      'execution.has_errors': attrs.hasErrors,
+      ...(attrs.totalCost !== undefined && { 'execution.total_cost': attrs.totalCost }),
+      ...(attrs.errorMessage && { 'execution.error_message': attrs.errorMessage }),
+    })
+  },
+
+  /**
+   * Track knowledge base created
+   */
+  knowledgeBaseCreated: (attrs: {
+    knowledgeBaseId: string
+    name: string
+    workspaceId?: string
+  }) => {
+    trackPlatformEvent('platform.knowledge_base.created', {
+      'knowledge_base.id': attrs.knowledgeBaseId,
+      'knowledge_base.name': attrs.name,
+      ...(attrs.workspaceId && { 'workspace.id': attrs.workspaceId }),
+    })
+  },
+
+  /**
+   * Track knowledge base deleted
+   */
+  knowledgeBaseDeleted: (attrs: { knowledgeBaseId: string }) => {
+    trackPlatformEvent('platform.knowledge_base.deleted', {
+      'knowledge_base.id': attrs.knowledgeBaseId,
+    })
+  },
+
+  /**
+   * Track documents uploaded to knowledge base
+   */
+  knowledgeBaseDocumentsUploaded: (attrs: {
+    knowledgeBaseId: string
+    documentsCount: number
+    uploadType: 'single' | 'bulk'
+    chunkSize?: number
+    recipe?: string
+    mimeType?: string
+    fileSize?: number
+  }) => {
+    trackPlatformEvent('platform.knowledge_base.documents_uploaded', {
+      'knowledge_base.id': attrs.knowledgeBaseId,
+      'documents.count': attrs.documentsCount,
+      'documents.upload_type': attrs.uploadType,
+      ...(attrs.chunkSize !== undefined && { 'processing.chunk_size': attrs.chunkSize }),
+      ...(attrs.recipe && { 'processing.recipe': attrs.recipe }),
+      ...(attrs.mimeType && { 'document.mime_type': attrs.mimeType }),
+      ...(attrs.fileSize !== undefined && { 'document.file_size': attrs.fileSize }),
+    })
+  },
+
+  /**
+   * Track knowledge base searched
+   */
+  knowledgeBaseSearched: (attrs: {
+    knowledgeBaseId: string
+    resultsCount: number
+    workspaceId?: string
+  }) => {
+    trackPlatformEvent('platform.knowledge_base.searched', {
+      'knowledge_base.id': attrs.knowledgeBaseId,
+      'search.results_count': attrs.resultsCount,
+      ...(attrs.workspaceId && { 'workspace.id': attrs.workspaceId }),
+    })
+  },
+
+  /**
+   * Track API key generated
+   */
+  apiKeyGenerated: (attrs: { userId: string; keyName?: string }) => {
+    trackPlatformEvent('platform.api_key.generated', {
+      'user.id': attrs.userId,
+      ...(attrs.keyName && { 'api_key.name': attrs.keyName }),
+    })
+  },
+
+  /**
+   * Track API key revoked
+   */
+  apiKeyRevoked: (attrs: { userId: string; keyId: string }) => {
+    trackPlatformEvent('platform.api_key.revoked', {
+      'user.id': attrs.userId,
+      'api_key.id': attrs.keyId,
+    })
+  },
+
+  /**
+   * Track OAuth provider connected
+   */
+  oauthConnected: (attrs: { userId: string; provider: string; workspaceId?: string }) => {
+    trackPlatformEvent('platform.oauth.connected', {
+      'user.id': attrs.userId,
+      'oauth.provider': attrs.provider,
+      ...(attrs.workspaceId && { 'workspace.id': attrs.workspaceId }),
+    })
+  },
+
+  /**
+   * Track OAuth provider disconnected
+   */
+  oauthDisconnected: (attrs: { userId: string; provider: string }) => {
+    trackPlatformEvent('platform.oauth.disconnected', {
+      'user.id': attrs.userId,
+      'oauth.provider': attrs.provider,
+    })
+  },
+
+  /**
+   * Track credential set created
+   */
+  credentialSetCreated: (attrs: { credentialSetId: string; userId: string; name: string }) => {
+    trackPlatformEvent('platform.credential_set.created', {
+      'credential_set.id': attrs.credentialSetId,
+      'credential_set.name': attrs.name,
+      'user.id': attrs.userId,
+    })
+  },
+
+  /**
+   * Track webhook created
+   */
+  webhookCreated: (attrs: {
+    webhookId: string
+    workflowId: string
+    provider: string
+    workspaceId?: string
+  }) => {
+    trackPlatformEvent('platform.webhook.created', {
+      'webhook.id': attrs.webhookId,
+      'workflow.id': attrs.workflowId,
+      'webhook.provider': attrs.provider,
+      ...(attrs.workspaceId && { 'workspace.id': attrs.workspaceId }),
+    })
+  },
+
+  /**
+   * Track webhook deleted
+   */
+  webhookDeleted: (attrs: { webhookId: string; workflowId: string }) => {
+    trackPlatformEvent('platform.webhook.deleted', {
+      'webhook.id': attrs.webhookId,
+      'workflow.id': attrs.workflowId,
+    })
+  },
+
+  /**
+   * Track webhook triggered
+   */
+  webhookTriggered: (attrs: {
+    webhookId: string
+    workflowId: string
+    provider: string
+    success: boolean
+  }) => {
+    trackPlatformEvent('platform.webhook.triggered', {
+      'webhook.id': attrs.webhookId,
+      'workflow.id': attrs.workflowId,
+      'webhook.provider': attrs.provider,
+      'webhook.trigger_success': attrs.success,
+    })
+  },
+
+  /**
+   * Track MCP server added
+   */
+  mcpServerAdded: (attrs: {
+    serverId: string
+    serverName: string
+    transport: string
+    workspaceId: string
+  }) => {
+    trackPlatformEvent('platform.mcp.server_added', {
+      'mcp.server_id': attrs.serverId,
+      'mcp.server_name': attrs.serverName,
+      'mcp.transport': attrs.transport,
+      'workspace.id': attrs.workspaceId,
+    })
+  },
+
+  /**
+   * Track MCP tool executed
+   */
+  mcpToolExecuted: (attrs: {
+    serverId: string
+    toolName: string
+    status: 'success' | 'error'
+    workspaceId: string
+  }) => {
+    trackPlatformEvent('platform.mcp.tool_executed', {
+      'mcp.server_id': attrs.serverId,
+      'mcp.tool_name': attrs.toolName,
+      'mcp.execution_status': attrs.status,
+      'workspace.id': attrs.workspaceId,
+    })
+  },
+
+  /**
+   * Track template used
+   */
+  templateUsed: (attrs: {
+    templateId: string
+    templateName: string
+    newWorkflowId: string
+    blocksCount: number
+    workspaceId: string
+  }) => {
+    trackPlatformEvent('platform.template.used', {
+      'template.id': attrs.templateId,
+      'template.name': attrs.templateName,
+      'workflow.created_id': attrs.newWorkflowId,
+      'workflow.blocks_count': attrs.blocksCount,
+      'workspace.id': attrs.workspaceId,
+    })
+  },
+
+  /**
+   * Track subscription created
+   */
+  subscriptionCreated: (attrs: {
+    userId: string
+    plan: string
+    interval: 'monthly' | 'yearly'
+  }) => {
+    trackPlatformEvent('platform.billing.subscription_created', {
+      'user.id': attrs.userId,
+      'billing.plan': attrs.plan,
+      'billing.interval': attrs.interval,
+    })
+  },
+
+  /**
+   * Track subscription changed
+   */
+  subscriptionChanged: (attrs: {
+    userId: string
+    previousPlan: string
+    newPlan: string
+    changeType: 'upgrade' | 'downgrade'
+  }) => {
+    trackPlatformEvent('platform.billing.subscription_changed', {
+      'user.id': attrs.userId,
+      'billing.previous_plan': attrs.previousPlan,
+      'billing.new_plan': attrs.newPlan,
+      'billing.change_type': attrs.changeType,
+    })
+  },
+
+  /**
+   * Track subscription cancelled
+   */
+  subscriptionCancelled: (attrs: { userId: string; plan: string }) => {
+    trackPlatformEvent('platform.billing.subscription_cancelled', {
+      'user.id': attrs.userId,
+      'billing.plan': attrs.plan,
+    })
+  },
+
+  /**
+   * Track folder created
+   */
+  folderCreated: (attrs: { folderId: string; name: string; workspaceId: string }) => {
+    trackPlatformEvent('platform.folder.created', {
+      'folder.id': attrs.folderId,
+      'folder.name': attrs.name,
+      'workspace.id': attrs.workspaceId,
+    })
+  },
+
+  /**
+   * Track folder deleted
+   */
+  folderDeleted: (attrs: { folderId: string; workspaceId: string }) => {
+    trackPlatformEvent('platform.folder.deleted', {
+      'folder.id': attrs.folderId,
+      'workspace.id': attrs.workspaceId,
+    })
+  },
+
+  /**
+   * Track chat deployed (workflow deployed as chat interface)
+   */
+  chatDeployed: (attrs: {
+    chatId: string
+    workflowId: string
+    authType: 'public' | 'password' | 'email' | 'sso'
+    hasOutputConfigs: boolean
+  }) => {
+    trackPlatformEvent('platform.chat.deployed', {
+      'chat.id': attrs.chatId,
+      'workflow.id': attrs.workflowId,
+      'chat.auth_type': attrs.authType,
+      'chat.has_output_configs': attrs.hasOutputConfigs,
+    })
+  },
+}
diff --git a/apps/sim/lib/credential-sets/providers.ts b/apps/sim/lib/credential-sets/providers.ts
new file mode 100644
index 0000000000..4de42ffb78
--- /dev/null
+++ b/apps/sim/lib/credential-sets/providers.ts
@@ -0,0 +1,27 @@
+export type PollingProvider = 'google-email' | 'outlook'
+
+export const POLLING_PROVIDERS: Record<PollingProvider, { displayName: string }> = {
+  'google-email': { displayName: 'Gmail' },
+  outlook: { displayName: 'Outlook' },
+}
+
+export function getProviderDisplayName(providerId: string): string {
+  if (providerId === 'google-email') return 'Gmail'
+  if (providerId === 'outlook') return 'Outlook'
+  return providerId
+}
+
+export function isPollingProvider(provider: string): provider is PollingProvider {
+  return provider === 'google-email' || provider === 'outlook'
+}
+
+/**
+ * Maps an OAuth provider ID to its corresponding polling provider ID.
+ * Since credential sets now store the OAuth provider ID directly, this is primarily
+ * used in the credential selector to match OAuth providers to credential sets.
+ */
+export function getPollingProviderFromOAuth(oauthProviderId: string): PollingProvider | null {
+  if (oauthProviderId === 'google-email') return 'google-email'
+  if (oauthProviderId === 'outlook') return 'outlook'
+  return null
+}
diff --git a/apps/sim/lib/logs/execution/logging-session.ts b/apps/sim/lib/logs/execution/logging-session.ts
index d618be12bc..fd3ae55bab 100644
--- a/apps/sim/lib/logs/execution/logging-session.ts
+++ b/apps/sim/lib/logs/execution/logging-session.ts
@@ -289,12 +289,12 @@ export class LoggingSession {
 
       this.completed = true
 
-      // Track workflow execution outcome
       if (traceSpans && traceSpans.length > 0) {
         try {
-          const { trackPlatformEvent } = await import('@/lib/core/telemetry')
+          const { PlatformEvents, createOTelSpansForWorkflowExecution } = await import(
+            '@/lib/core/telemetry'
+          )
 
-          // Determine status from trace spans
           const hasErrors = traceSpans.some((span: any) => {
             const checkForErrors = (s: any): boolean => {
               if (s.status === 'error') return true
@@ -306,14 +306,27 @@ export class LoggingSession {
             return checkForErrors(span)
           })
 
-          trackPlatformEvent('platform.workflow.executed', {
-            'workflow.id': this.workflowId,
-            'execution.duration_ms': duration,
-            'execution.status': hasErrors ? 'error' : 'success',
-            'execution.trigger': this.triggerType,
-            'execution.blocks_executed': traceSpans.length,
-            'execution.has_errors': hasErrors,
-            'execution.total_cost': costSummary.totalCost || 0,
+          PlatformEvents.workflowExecuted({
+            workflowId: this.workflowId,
+            durationMs: duration,
+            status: hasErrors ? 'error' : 'success',
+            trigger: this.triggerType,
+            blocksExecuted: traceSpans.length,
+            hasErrors,
+            totalCost: costSummary.totalCost || 0,
+          })
+
+          const startTime = new Date(new Date(endTime).getTime() - duration).toISOString()
+          createOTelSpansForWorkflowExecution({
+            workflowId: this.workflowId,
+            workflowName: this.workflowState?.metadata?.name,
+            executionId: this.executionId,
+            traceSpans,
+            trigger: this.triggerType,
+            startTime,
+            endTime,
+            totalDurationMs: duration,
+            status: hasErrors ? 'error' : 'success',
           })
         } catch (_e) {
           // Silently fail
@@ -324,7 +337,6 @@ export class LoggingSession {
         logger.debug(`[${this.requestId}] Completed logging for execution ${this.executionId}`)
       }
     } catch (error) {
-      // Always log completion failures with full details - these should not be silent
       logger.error(`Failed to complete logging for execution ${this.executionId}:`, {
         requestId: this.requestId,
         workflowId: this.workflowId,
@@ -332,7 +344,6 @@ export class LoggingSession {
         error: error instanceof Error ? error.message : String(error),
         stack: error instanceof Error ? error.stack : undefined,
       })
-      // Rethrow so safeComplete can decide what to do
       throw error
     }
   }
@@ -404,17 +415,31 @@ export class LoggingSession {
 
       this.completed = true
 
-      // Track workflow execution error outcome
       try {
-        const { trackPlatformEvent } = await import('@/lib/core/telemetry')
-        trackPlatformEvent('platform.workflow.executed', {
-          'workflow.id': this.workflowId,
-          'execution.duration_ms': Math.max(1, durationMs),
-          'execution.status': 'error',
-          'execution.trigger': this.triggerType,
-          'execution.blocks_executed': spans.length,
-          'execution.has_errors': true,
-          'execution.error_message': message,
+        const { PlatformEvents, createOTelSpansForWorkflowExecution } = await import(
+          '@/lib/core/telemetry'
+        )
+        PlatformEvents.workflowExecuted({
+          workflowId: this.workflowId,
+          durationMs: Math.max(1, durationMs),
+          status: 'error',
+          trigger: this.triggerType,
+          blocksExecuted: spans.length,
+          hasErrors: true,
+          errorMessage: message,
+        })
+
+        createOTelSpansForWorkflowExecution({
+          workflowId: this.workflowId,
+          workflowName: this.workflowState?.metadata?.name,
+          executionId: this.executionId,
+          traceSpans: spans,
+          trigger: this.triggerType,
+          startTime: startTime.toISOString(),
+          endTime: endTime.toISOString(),
+          totalDurationMs: Math.max(1, durationMs),
+          status: 'error',
+          error: message,
         })
       } catch (_e) {
         // Silently fail
@@ -426,7 +451,6 @@ export class LoggingSession {
         )
       }
     } catch (enhancedError) {
-      // Always log completion failures with full details
       logger.error(`Failed to complete error logging for execution ${this.executionId}:`, {
         requestId: this.requestId,
         workflowId: this.workflowId,
@@ -434,7 +458,6 @@ export class LoggingSession {
         error: enhancedError instanceof Error ? enhancedError.message : String(enhancedError),
         stack: enhancedError instanceof Error ? enhancedError.stack : undefined,
       })
-      // Rethrow so safeCompleteWithError can decide what to do
       throw enhancedError
     }
   }
@@ -477,15 +500,32 @@ export class LoggingSession {
       this.completed = true
 
       try {
-        const { trackPlatformEvent } = await import('@/lib/core/telemetry')
-        trackPlatformEvent('platform.workflow.executed', {
-          'workflow.id': this.workflowId,
-          'execution.duration_ms': Math.max(1, durationMs),
-          'execution.status': 'cancelled',
-          'execution.trigger': this.triggerType,
-          'execution.blocks_executed': traceSpans?.length || 0,
-          'execution.has_errors': false,
+        const { PlatformEvents, createOTelSpansForWorkflowExecution } = await import(
+          '@/lib/core/telemetry'
+        )
+        PlatformEvents.workflowExecuted({
+          workflowId: this.workflowId,
+          durationMs: Math.max(1, durationMs),
+          status: 'cancelled',
+          trigger: this.triggerType,
+          blocksExecuted: traceSpans?.length || 0,
+          hasErrors: false,
         })
+
+        if (traceSpans && traceSpans.length > 0) {
+          const startTime = new Date(endTime.getTime() - Math.max(1, durationMs))
+          createOTelSpansForWorkflowExecution({
+            workflowId: this.workflowId,
+            workflowName: this.workflowState?.metadata?.name,
+            executionId: this.executionId,
+            traceSpans,
+            trigger: this.triggerType,
+            startTime: startTime.toISOString(),
+            endTime: endTime.toISOString(),
+            totalDurationMs: Math.max(1, durationMs),
+            status: 'success', // Cancelled executions are not errors
+          })
+        }
       } catch (_e) {
         // Silently fail
       }
@@ -540,16 +580,33 @@ export class LoggingSession {
       })
 
       try {
-        const { trackPlatformEvent } = await import('@/lib/core/telemetry')
-        trackPlatformEvent('platform.workflow.executed', {
-          'workflow.id': this.workflowId,
-          'execution.duration_ms': Math.max(1, durationMs),
-          'execution.status': 'paused',
-          'execution.trigger': this.triggerType,
-          'execution.blocks_executed': traceSpans?.length || 0,
-          'execution.has_errors': false,
-          'execution.total_cost': costSummary.totalCost || 0,
+        const { PlatformEvents, createOTelSpansForWorkflowExecution } = await import(
+          '@/lib/core/telemetry'
+        )
+        PlatformEvents.workflowExecuted({
+          workflowId: this.workflowId,
+          durationMs: Math.max(1, durationMs),
+          status: 'paused',
+          trigger: this.triggerType,
+          blocksExecuted: traceSpans?.length || 0,
+          hasErrors: false,
+          totalCost: costSummary.totalCost || 0,
         })
+
+        if (traceSpans && traceSpans.length > 0) {
+          const startTime = new Date(endTime.getTime() - Math.max(1, durationMs))
+          createOTelSpansForWorkflowExecution({
+            workflowId: this.workflowId,
+            workflowName: this.workflowState?.metadata?.name,
+            executionId: this.executionId,
+            traceSpans,
+            trigger: this.triggerType,
+            startTime: startTime.toISOString(),
+            endTime: endTime.toISOString(),
+            totalDurationMs: Math.max(1, durationMs),
+            status: 'success', // Paused executions are not errors
+          })
+        }
       } catch (_e) {}
 
       if (this.requestId) {
diff --git a/apps/sim/lib/messaging/email/mailer.test.ts b/apps/sim/lib/messaging/email/mailer.test.ts
index a5921eb008..9ea8e5d871 100644
--- a/apps/sim/lib/messaging/email/mailer.test.ts
+++ b/apps/sim/lib/messaging/email/mailer.test.ts
@@ -1,3 +1,4 @@
+import { createEnvMock } from '@sim/testing'
 import { beforeEach, describe, expect, it, type Mock, vi } from 'vitest'
 
 /**
@@ -44,15 +45,15 @@ vi.mock('@/lib/messaging/email/unsubscribe', () => ({
 }))
 
 // Mock env with valid API keys so the clients get initialized
-vi.mock('@/lib/core/config/env', () => ({
-  env: {
+vi.mock('@/lib/core/config/env', () =>
+  createEnvMock({
     RESEND_API_KEY: 'test-api-key',
     AZURE_ACS_CONNECTION_STRING: 'test-azure-connection-string',
     AZURE_COMMUNICATION_EMAIL_DOMAIN: 'test.azurecomm.net',
     NEXT_PUBLIC_APP_URL: 'https://test.sim.ai',
     FROM_EMAIL_ADDRESS: 'Sim <noreply@sim.ai>',
-  },
-}))
+  })
+)
 
 // Mock URL utilities
 vi.mock('@/lib/core/utils/urls', () => ({
diff --git a/apps/sim/lib/messaging/email/unsubscribe.test.ts b/apps/sim/lib/messaging/email/unsubscribe.test.ts
index b456e79c05..578976da57 100644
--- a/apps/sim/lib/messaging/email/unsubscribe.test.ts
+++ b/apps/sim/lib/messaging/email/unsubscribe.test.ts
@@ -1,3 +1,4 @@
+import { createEnvMock } from '@sim/testing'
 import { beforeEach, describe, expect, it, vi } from 'vitest'
 import type { EmailType } from '@/lib/messaging/email/mailer'
 
@@ -25,14 +26,7 @@ vi.mock('drizzle-orm', () => ({
   eq: vi.fn((a, b) => ({ type: 'eq', left: a, right: b })),
 }))
 
-vi.mock('@/lib/core/config/env', () => ({
-  env: {
-    BETTER_AUTH_SECRET: 'test-secret-key',
-  },
-  isTruthy: (value: string | boolean | number | undefined) =>
-    typeof value === 'string' ? value === 'true' || value === '1' : Boolean(value),
-  getEnv: (variable: string) => process.env[variable],
-}))
+vi.mock('@/lib/core/config/env', () => createEnvMock({ BETTER_AUTH_SECRET: 'test-secret-key' }))
 
 vi.mock('@sim/logger', () => ({
   createLogger: () => ({
diff --git a/apps/sim/lib/messaging/email/utils.test.ts b/apps/sim/lib/messaging/email/utils.test.ts
index c58010be34..2d398a5492 100644
--- a/apps/sim/lib/messaging/email/utils.test.ts
+++ b/apps/sim/lib/messaging/email/utils.test.ts
@@ -1,3 +1,4 @@
+import { createEnvMock } from '@sim/testing'
 import { describe, expect, it, vi } from 'vitest'
 
 /**
@@ -8,12 +9,12 @@ import { describe, expect, it, vi } from 'vitest'
  */
 
 // Set up mocks at module level - these will be used for all tests in this file
-vi.mock('@/lib/core/config/env', () => ({
-  env: {
+vi.mock('@/lib/core/config/env', () =>
+  createEnvMock({
     FROM_EMAIL_ADDRESS: 'Sim <noreply@sim.ai>',
     EMAIL_DOMAIN: 'example.com',
-  },
-}))
+  })
+)
 
 vi.mock('@/lib/core/utils/urls', () => ({
   getEmailDomain: vi.fn().mockReturnValue('fallback.com'),
diff --git a/apps/sim/lib/oauth/oauth.test.ts b/apps/sim/lib/oauth/oauth.test.ts
index 85a31d5286..5373ccccf2 100644
--- a/apps/sim/lib/oauth/oauth.test.ts
+++ b/apps/sim/lib/oauth/oauth.test.ts
@@ -1,8 +1,8 @@
-import { createMockFetch, loggerMock } from '@sim/testing'
+import { createEnvMock, createMockFetch, loggerMock } from '@sim/testing'
 import { describe, expect, it, vi } from 'vitest'
 
-vi.mock('@/lib/core/config/env', () => ({
-  env: {
+vi.mock('@/lib/core/config/env', () =>
+  createEnvMock({
     GOOGLE_CLIENT_ID: 'google_client_id',
     GOOGLE_CLIENT_SECRET: 'google_client_secret',
     GITHUB_CLIENT_ID: 'github_client_id',
@@ -49,8 +49,8 @@ vi.mock('@/lib/core/config/env', () => ({
     WORDPRESS_CLIENT_SECRET: 'wordpress_client_secret',
     SPOTIFY_CLIENT_ID: 'spotify_client_id',
     SPOTIFY_CLIENT_SECRET: 'spotify_client_secret',
-  },
-}))
+  })
+)
 
 vi.mock('@sim/logger', () => loggerMock)
 
diff --git a/apps/sim/lib/webhooks/gmail-polling-service.ts b/apps/sim/lib/webhooks/gmail-polling-service.ts
index cc62c30afc..bb54e4c3e3 100644
--- a/apps/sim/lib/webhooks/gmail-polling-service.ts
+++ b/apps/sim/lib/webhooks/gmail-polling-service.ts
@@ -1,8 +1,9 @@
 import { db } from '@sim/db'
-import { account, webhook, workflow } from '@sim/db/schema'
+import { account, credentialSet, webhook, workflow } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
 import { and, eq, sql } from 'drizzle-orm'
 import { nanoid } from 'nanoid'
+import { isOrganizationOnTeamOrEnterprisePlan } from '@/lib/billing'
 import { pollingIdempotency } from '@/lib/core/idempotency/service'
 import { getBaseUrl } from '@/lib/core/utils/urls'
 import { getOAuthToken, refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
@@ -143,15 +144,42 @@ export async function pollGmailWebhooks() {
         const metadata = webhookData.providerConfig as any
         const credentialId: string | undefined = metadata?.credentialId
         const userId: string | undefined = metadata?.userId
+        const credentialSetId: string | undefined = metadata?.credentialSetId
 
         if (!credentialId && !userId) {
-          logger.error(`[${requestId}] Missing credentialId and userId for webhook ${webhookId}`)
+          logger.error(`[${requestId}] Missing credential info for webhook ${webhookId}`)
           await markWebhookFailed(webhookId)
           failureCount++
           return
         }
 
+        if (credentialSetId) {
+          const [cs] = await db
+            .select({ organizationId: credentialSet.organizationId })
+            .from(credentialSet)
+            .where(eq(credentialSet.id, credentialSetId))
+            .limit(1)
+
+          if (cs?.organizationId) {
+            const hasAccess = await isOrganizationOnTeamOrEnterprisePlan(cs.organizationId)
+            if (!hasAccess) {
+              logger.error(
+                `[${requestId}] Polling Group plan restriction: Your current plan does not support Polling Groups. Upgrade to Team or Enterprise to use this feature.`,
+                {
+                  webhookId,
+                  credentialSetId,
+                  organizationId: cs.organizationId,
+                }
+              )
+              await markWebhookFailed(webhookId)
+              failureCount++
+              return
+            }
+          }
+        }
+
         let accessToken: string | null = null
+
         if (credentialId) {
           const rows = await db.select().from(account).where(eq(account.id, credentialId)).limit(1)
           if (rows.length === 0) {
@@ -165,13 +193,12 @@ export async function pollGmailWebhooks() {
           const ownerUserId = rows[0].userId
           accessToken = await refreshAccessTokenIfNeeded(credentialId, ownerUserId, requestId)
         } else if (userId) {
+          // Legacy fallback for webhooks without credentialId
           accessToken = await getOAuthToken(userId, 'google-email')
         }
 
         if (!accessToken) {
-          logger.error(
-            `[${requestId}] Failed to get Gmail access token for webhook ${webhookId} (cred or fallback)`
-          )
+          logger.error(`[${requestId}] Failed to get Gmail access token for webhook ${webhookId}`)
           await markWebhookFailed(webhookId)
           failureCount++
           return
diff --git a/apps/sim/lib/webhooks/outlook-polling-service.ts b/apps/sim/lib/webhooks/outlook-polling-service.ts
index 68f93385ac..b594ef47d9 100644
--- a/apps/sim/lib/webhooks/outlook-polling-service.ts
+++ b/apps/sim/lib/webhooks/outlook-polling-service.ts
@@ -1,9 +1,10 @@
 import { db } from '@sim/db'
-import { account, webhook, workflow } from '@sim/db/schema'
+import { account, credentialSet, webhook, workflow } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
 import { and, eq, sql } from 'drizzle-orm'
 import { htmlToText } from 'html-to-text'
 import { nanoid } from 'nanoid'
+import { isOrganizationOnTeamOrEnterprisePlan } from '@/lib/billing'
 import { pollingIdempotency } from '@/lib/core/idempotency'
 import { getBaseUrl } from '@/lib/core/utils/urls'
 import { getOAuthToken, refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
@@ -192,6 +193,7 @@ export async function pollOutlookWebhooks() {
         const metadata = webhookData.providerConfig as any
         const credentialId: string | undefined = metadata?.credentialId
         const userId: string | undefined = metadata?.userId
+        const credentialSetId: string | undefined = metadata?.credentialSetId
 
         if (!credentialId && !userId) {
           logger.error(`[${requestId}] Missing credentialId and userId for webhook ${webhookId}`)
@@ -200,6 +202,31 @@ export async function pollOutlookWebhooks() {
           return
         }
 
+        if (credentialSetId) {
+          const [cs] = await db
+            .select({ organizationId: credentialSet.organizationId })
+            .from(credentialSet)
+            .where(eq(credentialSet.id, credentialSetId))
+            .limit(1)
+
+          if (cs?.organizationId) {
+            const hasAccess = await isOrganizationOnTeamOrEnterprisePlan(cs.organizationId)
+            if (!hasAccess) {
+              logger.error(
+                `[${requestId}] Polling Group plan restriction: Your current plan does not support Polling Groups. Upgrade to Team or Enterprise to use this feature.`,
+                {
+                  webhookId,
+                  credentialSetId,
+                  organizationId: cs.organizationId,
+                }
+              )
+              await markWebhookFailed(webhookId)
+              failureCount++
+              return
+            }
+          }
+        }
+
         let accessToken: string | null = null
         if (credentialId) {
           const rows = await db.select().from(account).where(eq(account.id, credentialId)).limit(1)
@@ -359,7 +386,19 @@ async function fetchNewOutlookEmails(
     const data = await response.json()
     const emails = data.value || []
 
-    const filteredEmails = filterEmailsByFolder(emails, config)
+    let resolvedFolderIds: Map<string, string> | undefined
+    if (config.folderIds && config.folderIds.length > 0) {
+      const hasWellKnownFolders = config.folderIds.some(isWellKnownFolderName)
+      if (hasWellKnownFolders) {
+        resolvedFolderIds = await resolveWellKnownFolderIds(
+          accessToken,
+          config.folderIds,
+          requestId
+        )
+      }
+    }
+
+    const filteredEmails = filterEmailsByFolder(emails, config, resolvedFolderIds)
 
     logger.info(
       `[${requestId}] Fetched ${emails.length} emails, ${filteredEmails.length} after filtering`
@@ -373,18 +412,103 @@ async function fetchNewOutlookEmails(
   }
 }
 
+const OUTLOOK_WELL_KNOWN_FOLDERS = new Set([
+  'inbox',
+  'drafts',
+  'sentitems',
+  'deleteditems',
+  'junkemail',
+  'archive',
+  'outbox',
+])
+
+function isWellKnownFolderName(folderId: string): boolean {
+  return OUTLOOK_WELL_KNOWN_FOLDERS.has(folderId.toLowerCase())
+}
+
+async function resolveWellKnownFolderId(
+  accessToken: string,
+  folderName: string,
+  requestId: string
+): Promise<string | null> {
+  try {
+    const response = await fetch(`https://graph.microsoft.com/v1.0/me/mailFolders/${folderName}`, {
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+        'Content-Type': 'application/json',
+      },
+    })
+
+    if (!response.ok) {
+      logger.warn(
+        `[${requestId}] Failed to resolve well-known folder '${folderName}': ${response.status}`
+      )
+      return null
+    }
+
+    const folder = await response.json()
+    return folder.id || null
+  } catch (error) {
+    logger.error(`[${requestId}] Error resolving well-known folder '${folderName}':`, error)
+    return null
+  }
+}
+
+async function resolveWellKnownFolderIds(
+  accessToken: string,
+  folderIds: string[],
+  requestId: string
+): Promise<Map<string, string>> {
+  const resolvedIds = new Map<string, string>()
+
+  const wellKnownFolders = folderIds.filter(isWellKnownFolderName)
+  if (wellKnownFolders.length === 0) {
+    return resolvedIds
+  }
+
+  const resolutions = await Promise.all(
+    wellKnownFolders.map(async (folderName) => {
+      const actualId = await resolveWellKnownFolderId(accessToken, folderName, requestId)
+      return { folderName, actualId }
+    })
+  )
+
+  for (const { folderName, actualId } of resolutions) {
+    if (actualId) {
+      resolvedIds.set(folderName.toLowerCase(), actualId)
+    }
+  }
+
+  logger.info(
+    `[${requestId}] Resolved ${resolvedIds.size}/${wellKnownFolders.length} well-known folders`
+  )
+
+  return resolvedIds
+}
+
 function filterEmailsByFolder(
   emails: OutlookEmail[],
-  config: OutlookWebhookConfig
+  config: OutlookWebhookConfig,
+  resolvedFolderIds?: Map<string, string>
 ): OutlookEmail[] {
   if (!config.folderIds || !config.folderIds.length) {
     return emails
   }
 
+  const actualFolderIds = config.folderIds.map((configFolder) => {
+    if (resolvedFolderIds && isWellKnownFolderName(configFolder)) {
+      const resolvedId = resolvedFolderIds.get(configFolder.toLowerCase())
+      if (resolvedId) {
+        return resolvedId
+      }
+    }
+    return configFolder
+  })
+
   return emails.filter((email) => {
     const emailFolderId = email.parentFolderId
-    const hasMatchingFolder = config.folderIds!.some((configFolder) =>
-      emailFolderId.toLowerCase().includes(configFolder.toLowerCase())
+    const hasMatchingFolder = actualFolderIds.some(
+      (folderId) => emailFolderId.toLowerCase() === folderId.toLowerCase()
     )
 
     return config.folderFilterBehavior === 'INCLUDE' ? hasMatchingFolder : !hasMatchingFolder
diff --git a/apps/sim/lib/webhooks/processor.ts b/apps/sim/lib/webhooks/processor.ts
index 800c15c236..5d7d847658 100644
--- a/apps/sim/lib/webhooks/processor.ts
+++ b/apps/sim/lib/webhooks/processor.ts
@@ -1,10 +1,12 @@
 import { db, webhook, workflow } from '@sim/db'
+import { credentialSet, subscription } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
 import { tasks } from '@trigger.dev/sdk'
 import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { v4 as uuidv4 } from 'uuid'
-import { isTriggerDevEnabled } from '@/lib/core/config/feature-flags'
+import { checkEnterprisePlan, checkTeamPlan } from '@/lib/billing/subscriptions/utils'
+import { isProd, isTriggerDevEnabled } from '@/lib/core/config/feature-flags'
 import { preprocessExecution } from '@/lib/execution/preprocessing'
 import { convertSquareBracketsToTwiML } from '@/lib/webhooks/utils'
 import {
@@ -40,6 +42,48 @@ function getExternalUrl(request: NextRequest): string {
   return request.url
 }
 
+async function verifyCredentialSetBilling(credentialSetId: string): Promise<{
+  valid: boolean
+  error?: string
+}> {
+  if (!isProd) {
+    return { valid: true }
+  }
+
+  const [set] = await db
+    .select({ organizationId: credentialSet.organizationId })
+    .from(credentialSet)
+    .where(eq(credentialSet.id, credentialSetId))
+    .limit(1)
+
+  if (!set) {
+    return { valid: false, error: 'Credential set not found' }
+  }
+
+  const [orgSub] = await db
+    .select()
+    .from(subscription)
+    .where(and(eq(subscription.referenceId, set.organizationId), eq(subscription.status, 'active')))
+    .limit(1)
+
+  if (!orgSub) {
+    return {
+      valid: false,
+      error: 'Credential sets require a Team or Enterprise plan. Please upgrade to continue.',
+    }
+  }
+
+  const hasTeamPlan = checkTeamPlan(orgSub) || checkEnterprisePlan(orgSub)
+  if (!hasTeamPlan) {
+    return {
+      valid: false,
+      error: 'Credential sets require a Team or Enterprise plan. Please upgrade to continue.',
+    }
+  }
+
+  return { valid: true }
+}
+
 export async function parseWebhookBody(
   request: NextRequest,
   requestId: string
@@ -109,6 +153,17 @@ export async function handleProviderChallenges(
   }
 
   const url = new URL(request.url)
+
+  // Microsoft Graph subscription validation (can come as GET or POST)
+  const validationToken = url.searchParams.get('validationToken')
+  if (validationToken) {
+    logger.info(`[${requestId}] Microsoft Graph subscription validation for path: ${path}`)
+    return new NextResponse(validationToken, {
+      status: 200,
+      headers: { 'Content-Type': 'text/plain' },
+    })
+  }
+
   const mode = url.searchParams.get('hub.mode')
   const token = url.searchParams.get('hub.verify_token')
   const challenge = url.searchParams.get('hub.challenge')
@@ -149,6 +204,74 @@ export function handleProviderReachabilityTest(
   return null
 }
 
+/**
+ * Format error response based on provider requirements.
+ * Some providers (like Microsoft Teams) require specific response formats.
+ */
+export function formatProviderErrorResponse(
+  webhook: any,
+  error: string,
+  status: number
+): NextResponse {
+  if (webhook.provider === 'microsoft-teams') {
+    return NextResponse.json({ type: 'message', text: error }, { status })
+  }
+  return NextResponse.json({ error }, { status })
+}
+
+/**
+ * Check if a webhook event should be skipped based on provider-specific filtering.
+ * Returns true if the event should be skipped, false if it should be processed.
+ */
+export function shouldSkipWebhookEvent(webhook: any, body: any, requestId: string): boolean {
+  const providerConfig = (webhook.providerConfig as Record<string, any>) || {}
+
+  if (webhook.provider === 'stripe') {
+    const eventTypes = providerConfig.eventTypes
+    if (eventTypes && Array.isArray(eventTypes) && eventTypes.length > 0) {
+      const eventType = body?.type
+      if (eventType && !eventTypes.includes(eventType)) {
+        logger.info(
+          `[${requestId}] Stripe event type '${eventType}' not in allowed list for webhook ${webhook.id}, skipping`
+        )
+        return true
+      }
+    }
+  }
+
+  if (webhook.provider === 'grain') {
+    const eventTypes = providerConfig.eventTypes
+    if (eventTypes && Array.isArray(eventTypes) && eventTypes.length > 0) {
+      const eventType = body?.type
+      if (eventType && !eventTypes.includes(eventType)) {
+        logger.info(
+          `[${requestId}] Grain event type '${eventType}' not in allowed list for webhook ${webhook.id}, skipping`
+        )
+        return true
+      }
+    }
+  }
+
+  return false
+}
+
+/** Providers that validate webhook URLs during creation, before workflow deployment */
+const PROVIDERS_WITH_PRE_DEPLOYMENT_VERIFICATION = new Set(['grain'])
+
+/** Returns 200 OK for providers that validate URLs before the workflow is deployed */
+export function handlePreDeploymentVerification(
+  webhook: any,
+  requestId: string
+): NextResponse | null {
+  if (PROVIDERS_WITH_PRE_DEPLOYMENT_VERIFICATION.has(webhook.provider)) {
+    logger.info(
+      `[${requestId}] ${webhook.provider} webhook - block not in deployment, returning 200 OK for URL validation`
+    )
+    return NextResponse.json({ status: 'ok', message: 'Webhook endpoint verified' })
+  }
+  return null
+}
+
 export async function findWebhookAndWorkflow(
   options: WebhookProcessorOptions
 ): Promise<{ webhook: any; workflow: any } | null> {
@@ -193,6 +316,37 @@ export async function findWebhookAndWorkflow(
   return null
 }
 
+/**
+ * Find ALL webhooks matching a path.
+ * Used for credential sets where multiple webhooks share the same path.
+ */
+export async function findAllWebhooksForPath(
+  options: WebhookProcessorOptions
+): Promise<Array<{ webhook: any; workflow: any }>> {
+  if (!options.path) {
+    return []
+  }
+
+  const results = await db
+    .select({
+      webhook: webhook,
+      workflow: workflow,
+    })
+    .from(webhook)
+    .innerJoin(workflow, eq(webhook.workflowId, workflow.id))
+    .where(and(eq(webhook.path, options.path), eq(webhook.isActive, true)))
+
+  if (results.length === 0) {
+    logger.warn(`[${options.requestId}] No active webhooks found for path: ${options.path}`)
+  } else if (results.length > 1) {
+    logger.info(
+      `[${options.requestId}] Found ${results.length} webhooks for path: ${options.path} (credential set fan-out)`
+    )
+  }
+
+  return results
+}
+
 /**
  * Resolve {{VARIABLE}} references in a string value
  * @param value - String that may contain {{VARIABLE}} references
@@ -774,9 +928,22 @@ export async function queueWebhookExecution(
       }
     }
 
-    // Extract credentialId from webhook config for credential-based webhooks
+    // Extract credentialId from webhook config
+    // Note: Each webhook now has its own credentialId (credential sets are fanned out at save time)
     const providerConfig = (foundWebhook.providerConfig as Record<string, any>) || {}
     const credentialId = providerConfig.credentialId as string | undefined
+    const credentialSetId = providerConfig.credentialSetId as string | undefined
+
+    // Verify billing for credential sets
+    if (credentialSetId) {
+      const billingCheck = await verifyCredentialSetBilling(credentialSetId)
+      if (!billingCheck.valid) {
+        logger.warn(
+          `[${options.requestId}] Credential set billing check failed: ${billingCheck.error}`
+        )
+        return NextResponse.json({ error: billingCheck.error }, { status: 403 })
+      }
+    }
 
     const payload = {
       webhookId: foundWebhook.id,
diff --git a/apps/sim/lib/webhooks/utils.server.ts b/apps/sim/lib/webhooks/utils.server.ts
index e22ddd1251..02fbac769b 100644
--- a/apps/sim/lib/webhooks/utils.server.ts
+++ b/apps/sim/lib/webhooks/utils.server.ts
@@ -4,6 +4,7 @@ import { createLogger } from '@sim/logger'
 import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { createPinnedUrl, validateUrlWithDNS } from '@/lib/core/security/input-validation'
+import type { DbOrTx } from '@/lib/db/types'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 
 const logger = createLogger('WebhookUtils')
@@ -2477,7 +2478,313 @@ export interface AirtableChange {
 }
 
 /**
- * Configure Gmail polling for a webhook
+ * Result of syncing webhooks for a credential set
+ */
+export interface CredentialSetWebhookSyncResult {
+  webhooks: Array<{
+    id: string
+    credentialId: string
+    isNew: boolean
+  }>
+  created: number
+  updated: number
+  deleted: number
+}
+
+/**
+ * Sync webhooks for a credential set.
+ *
+ * For credential sets, we create one webhook per credential in the set.
+ * Each webhook has its own state and credentialId.
+ *
+ * Path strategy:
+ * - Polling triggers (gmail, outlook): unique paths per credential (for independent polling)
+ * - External triggers (slack, etc.): shared path (external service sends to one URL)
+ *
+ * This function:
+ * 1. Gets all credentials in the credential set
+ * 2. Gets existing webhooks for this workflow+block with this credentialSetId
+ * 3. Creates webhooks for new credentials
+ * 4. Updates config for existing webhooks (preserving state)
+ * 5. Deletes webhooks for credentials no longer in the set
+ */
+export async function syncWebhooksForCredentialSet(params: {
+  workflowId: string
+  blockId: string
+  provider: string
+  basePath: string
+  credentialSetId: string
+  oauthProviderId: string
+  providerConfig: Record<string, any>
+  requestId: string
+  tx?: DbOrTx
+}): Promise<CredentialSetWebhookSyncResult> {
+  const {
+    workflowId,
+    blockId,
+    provider,
+    basePath,
+    credentialSetId,
+    oauthProviderId,
+    providerConfig,
+    requestId,
+    tx,
+  } = params
+
+  const dbCtx = tx ?? db
+
+  const syncLogger = createLogger('CredentialSetWebhookSync')
+  syncLogger.info(
+    `[${requestId}] Syncing webhooks for credential set ${credentialSetId}, provider ${provider}`
+  )
+
+  const { getCredentialsForCredentialSet } = await import('@/app/api/auth/oauth/utils')
+  const { nanoid } = await import('nanoid')
+
+  // Polling providers get unique paths per credential (for independent state)
+  // External webhook providers share the same path (external service sends to one URL)
+  const pollingProviders = ['gmail', 'outlook', 'rss', 'imap']
+  const useUniquePaths = pollingProviders.includes(provider)
+
+  const credentials = await getCredentialsForCredentialSet(credentialSetId, oauthProviderId)
+
+  if (credentials.length === 0) {
+    syncLogger.warn(
+      `[${requestId}] No credentials found in credential set ${credentialSetId} for provider ${oauthProviderId}`
+    )
+    return { webhooks: [], created: 0, updated: 0, deleted: 0 }
+  }
+
+  syncLogger.info(
+    `[${requestId}] Found ${credentials.length} credentials in set ${credentialSetId}`
+  )
+
+  // Get existing webhooks for this workflow+block that belong to this credential set
+  const existingWebhooks = await dbCtx
+    .select()
+    .from(webhook)
+    .where(and(eq(webhook.workflowId, workflowId), eq(webhook.blockId, blockId)))
+
+  // Filter to only webhooks belonging to this credential set
+  const credentialSetWebhooks = existingWebhooks.filter((wh) => {
+    const config = wh.providerConfig as Record<string, any>
+    return config?.credentialSetId === credentialSetId
+  })
+
+  syncLogger.info(
+    `[${requestId}] Found ${credentialSetWebhooks.length} existing webhooks for credential set`
+  )
+
+  // Build maps for efficient lookup
+  const existingByCredentialId = new Map<string, (typeof credentialSetWebhooks)[number]>()
+  for (const wh of credentialSetWebhooks) {
+    const config = wh.providerConfig as Record<string, any>
+    if (config?.credentialId) {
+      existingByCredentialId.set(config.credentialId, wh)
+    }
+  }
+
+  const credentialIdsInSet = new Set(credentials.map((c) => c.credentialId))
+
+  const result: CredentialSetWebhookSyncResult = {
+    webhooks: [],
+    created: 0,
+    updated: 0,
+    deleted: 0,
+  }
+
+  // Process each credential in the set
+  for (const cred of credentials) {
+    const existingWebhook = existingByCredentialId.get(cred.credentialId)
+
+    if (existingWebhook) {
+      // Update existing webhook - preserve state fields
+      const existingConfig = existingWebhook.providerConfig as Record<string, any>
+
+      const updatedConfig = {
+        ...providerConfig,
+        basePath, // Store basePath for reliable reconstruction during membership sync
+        credentialId: cred.credentialId,
+        credentialSetId: credentialSetId,
+        // Preserve state fields from existing config
+        historyId: existingConfig.historyId,
+        lastCheckedTimestamp: existingConfig.lastCheckedTimestamp,
+        setupCompleted: existingConfig.setupCompleted,
+        externalId: existingConfig.externalId,
+        userId: cred.userId,
+      }
+
+      await dbCtx
+        .update(webhook)
+        .set({
+          providerConfig: updatedConfig,
+          isActive: true,
+          updatedAt: new Date(),
+        })
+        .where(eq(webhook.id, existingWebhook.id))
+
+      result.webhooks.push({
+        id: existingWebhook.id,
+        credentialId: cred.credentialId,
+        isNew: false,
+      })
+      result.updated++
+
+      syncLogger.debug(
+        `[${requestId}] Updated webhook ${existingWebhook.id} for credential ${cred.credentialId}`
+      )
+    } else {
+      // Create new webhook for this credential
+      const webhookId = nanoid()
+      const webhookPath = useUniquePaths ? `${basePath}-${cred.credentialId.slice(0, 8)}` : basePath
+
+      const newConfig = {
+        ...providerConfig,
+        basePath, // Store basePath for reliable reconstruction during membership sync
+        credentialId: cred.credentialId,
+        credentialSetId: credentialSetId,
+        userId: cred.userId,
+      }
+
+      await dbCtx.insert(webhook).values({
+        id: webhookId,
+        workflowId,
+        blockId,
+        path: webhookPath,
+        provider,
+        providerConfig: newConfig,
+        credentialSetId, // Indexed column for efficient credential set queries
+        isActive: true,
+        createdAt: new Date(),
+        updatedAt: new Date(),
+      })
+
+      result.webhooks.push({
+        id: webhookId,
+        credentialId: cred.credentialId,
+        isNew: true,
+      })
+      result.created++
+
+      syncLogger.debug(
+        `[${requestId}] Created webhook ${webhookId} for credential ${cred.credentialId}`
+      )
+    }
+  }
+
+  // Delete webhooks for credentials no longer in the set
+  for (const [credentialId, existingWebhook] of existingByCredentialId) {
+    if (!credentialIdsInSet.has(credentialId)) {
+      await dbCtx.delete(webhook).where(eq(webhook.id, existingWebhook.id))
+      result.deleted++
+
+      syncLogger.debug(
+        `[${requestId}] Deleted webhook ${existingWebhook.id} for removed credential ${credentialId}`
+      )
+    }
+  }
+
+  syncLogger.info(
+    `[${requestId}] Credential set webhook sync complete: ${result.created} created, ${result.updated} updated, ${result.deleted} deleted`
+  )
+
+  return result
+}
+
+/**
+ * Sync all webhooks that use a specific credential set.
+ * Called when credential set membership changes (member added/removed).
+ *
+ * This finds all workflows with webhooks using this credential set and resyncs them.
+ */
+export async function syncAllWebhooksForCredentialSet(
+  credentialSetId: string,
+  requestId: string,
+  tx?: DbOrTx
+): Promise<{ workflowsUpdated: number; totalCreated: number; totalDeleted: number }> {
+  const dbCtx = tx ?? db
+  const syncLogger = createLogger('CredentialSetMembershipSync')
+  syncLogger.info(`[${requestId}] Syncing all webhooks for credential set ${credentialSetId}`)
+
+  const { getProviderIdFromServiceId } = await import('@/lib/oauth')
+
+  // Find all webhooks that use this credential set using the indexed column
+  const webhooksForSet = await dbCtx
+    .select()
+    .from(webhook)
+    .where(eq(webhook.credentialSetId, credentialSetId))
+
+  if (webhooksForSet.length === 0) {
+    syncLogger.info(`[${requestId}] No webhooks found using credential set ${credentialSetId}`)
+    return { workflowsUpdated: 0, totalCreated: 0, totalDeleted: 0 }
+  }
+
+  // Group webhooks by workflow+block to find unique triggers
+  const triggerGroups = new Map<string, (typeof webhooksForSet)[number]>()
+  for (const wh of webhooksForSet) {
+    const key = `${wh.workflowId}:${wh.blockId}`
+    // Keep the first webhook as representative (they all have same config)
+    if (!triggerGroups.has(key)) {
+      triggerGroups.set(key, wh)
+    }
+  }
+
+  syncLogger.info(
+    `[${requestId}] Found ${triggerGroups.size} triggers using credential set ${credentialSetId}`
+  )
+
+  let workflowsUpdated = 0
+  let totalCreated = 0
+  let totalDeleted = 0
+
+  for (const [key, representativeWebhook] of triggerGroups) {
+    if (!representativeWebhook.provider) {
+      syncLogger.warn(`[${requestId}] Skipping webhook without provider: ${key}`)
+      continue
+    }
+
+    const config = representativeWebhook.providerConfig as Record<string, any>
+    const oauthProviderId = getProviderIdFromServiceId(representativeWebhook.provider)
+
+    const { credentialId: _cId, userId: _uId, basePath: _bp, ...baseConfig } = config
+    // Use stored basePath if available, otherwise fall back to blockId (for legacy webhooks)
+    const basePath = config.basePath || representativeWebhook.blockId || representativeWebhook.path
+
+    try {
+      const result = await syncWebhooksForCredentialSet({
+        workflowId: representativeWebhook.workflowId,
+        blockId: representativeWebhook.blockId || '',
+        provider: representativeWebhook.provider,
+        basePath,
+        credentialSetId,
+        oauthProviderId,
+        providerConfig: baseConfig,
+        requestId,
+        tx: dbCtx,
+      })
+
+      workflowsUpdated++
+      totalCreated += result.created
+      totalDeleted += result.deleted
+
+      syncLogger.debug(
+        `[${requestId}] Synced webhooks for ${key}: ${result.created} created, ${result.deleted} deleted`
+      )
+    } catch (error) {
+      syncLogger.error(`[${requestId}] Error syncing webhooks for ${key}`, error)
+    }
+  }
+
+  syncLogger.info(
+    `[${requestId}] Credential set membership sync complete: ${workflowsUpdated} workflows updated, ${totalCreated} webhooks created, ${totalDeleted} webhooks deleted`
+  )
+
+  return { workflowsUpdated, totalCreated, totalDeleted }
+}
+
+/**
+ * Configure Gmail polling for a webhook.
+ * Each webhook has its own credentialId (credential sets are fanned out at save time).
  */
 export async function configureGmailPolling(webhookData: any, requestId: string): Promise<boolean> {
   const logger = createLogger('GmailWebhookSetup')
@@ -2492,7 +2799,7 @@ export async function configureGmailPolling(webhookData: any, requestId: string)
       return false
     }
 
-    // Get userId from credential
+    // Verify credential exists and get userId
     const rows = await db.select().from(account).where(eq(account.id, credentialId)).limit(1)
     if (rows.length === 0) {
       logger.error(
@@ -2502,6 +2809,8 @@ export async function configureGmailPolling(webhookData: any, requestId: string)
     }
 
     const effectiveUserId = rows[0].userId
+
+    // Verify token can be refreshed
     const accessToken = await refreshAccessTokenIfNeeded(credentialId, effectiveUserId, requestId)
     if (!accessToken) {
       logger.error(
@@ -2528,14 +2837,14 @@ export async function configureGmailPolling(webhookData: any, requestId: string)
         providerConfig: {
           ...providerConfig,
           userId: effectiveUserId,
-          ...(credentialId ? { credentialId } : {}),
+          credentialId,
           maxEmailsPerPoll,
           pollingInterval,
           markAsRead: providerConfig.markAsRead || false,
           includeRawEmail: providerConfig.includeRawEmail || false,
           labelIds: providerConfig.labelIds || ['INBOX'],
           labelFilterBehavior: providerConfig.labelFilterBehavior || 'INCLUDE',
-          lastCheckedTimestamp: now.toISOString(),
+          lastCheckedTimestamp: providerConfig.lastCheckedTimestamp || now.toISOString(),
           setupCompleted: true,
         },
         updatedAt: now,
@@ -2557,7 +2866,8 @@ export async function configureGmailPolling(webhookData: any, requestId: string)
 }
 
 /**
- * Configure Outlook polling for a webhook
+ * Configure Outlook polling for a webhook.
+ * Each webhook has its own credentialId (credential sets are fanned out at save time).
  */
 export async function configureOutlookPolling(
   webhookData: any,
@@ -2575,7 +2885,7 @@ export async function configureOutlookPolling(
       return false
     }
 
-    // Get userId from credential
+    // Verify credential exists and get userId
     const rows = await db.select().from(account).where(eq(account.id, credentialId)).limit(1)
     if (rows.length === 0) {
       logger.error(
@@ -2585,6 +2895,8 @@ export async function configureOutlookPolling(
     }
 
     const effectiveUserId = rows[0].userId
+
+    // Verify token can be refreshed
     const accessToken = await refreshAccessTokenIfNeeded(credentialId, effectiveUserId, requestId)
     if (!accessToken) {
       logger.error(
@@ -2593,30 +2905,28 @@ export async function configureOutlookPolling(
       return false
     }
 
-    const providerCfg = (webhookData.providerConfig as Record<string, any>) || {}
-
     const now = new Date()
 
     await db
       .update(webhook)
       .set({
         providerConfig: {
-          ...providerCfg,
+          ...providerConfig,
           userId: effectiveUserId,
-          ...(credentialId ? { credentialId } : {}),
+          credentialId,
           maxEmailsPerPoll:
-            typeof providerCfg.maxEmailsPerPoll === 'string'
-              ? Number.parseInt(providerCfg.maxEmailsPerPoll, 10) || 25
-              : providerCfg.maxEmailsPerPoll || 25,
+            typeof providerConfig.maxEmailsPerPoll === 'string'
+              ? Number.parseInt(providerConfig.maxEmailsPerPoll, 10) || 25
+              : providerConfig.maxEmailsPerPoll || 25,
           pollingInterval:
-            typeof providerCfg.pollingInterval === 'string'
-              ? Number.parseInt(providerCfg.pollingInterval, 10) || 5
-              : providerCfg.pollingInterval || 5,
-          markAsRead: providerCfg.markAsRead || false,
-          includeRawEmail: providerCfg.includeRawEmail || false,
-          folderIds: providerCfg.folderIds || ['inbox'],
-          folderFilterBehavior: providerCfg.folderFilterBehavior || 'INCLUDE',
-          lastCheckedTimestamp: now.toISOString(),
+            typeof providerConfig.pollingInterval === 'string'
+              ? Number.parseInt(providerConfig.pollingInterval, 10) || 5
+              : providerConfig.pollingInterval || 5,
+          markAsRead: providerConfig.markAsRead || false,
+          includeRawEmail: providerConfig.includeRawEmail || false,
+          folderIds: providerConfig.folderIds || ['inbox'],
+          folderFilterBehavior: providerConfig.folderFilterBehavior || 'INCLUDE',
+          lastCheckedTimestamp: providerConfig.lastCheckedTimestamp || now.toISOString(),
           setupCompleted: true,
         },
         updatedAt: now,
diff --git a/apps/sim/lib/workflows/persistence/utils.ts b/apps/sim/lib/workflows/persistence/utils.ts
index 96481c586d..b115321202 100644
--- a/apps/sim/lib/workflows/persistence/utils.ts
+++ b/apps/sim/lib/workflows/persistence/utils.ts
@@ -430,6 +430,7 @@ export async function saveWorkflowToNormalizedTables(
               path: wh.path,
               provider: wh.provider,
               providerConfig: wh.providerConfig,
+              credentialSetId: wh.credentialSetId,
               isActive: wh.isActive,
               createdAt: wh.createdAt,
               updatedAt: new Date(),
@@ -564,10 +565,9 @@ export async function deployWorkflow(params: {
 
     logger.info(`Deployed workflow ${workflowId} as v${deployedVersion}`)
 
-    // Track deployment telemetry if workflow name is provided
     if (workflowName) {
       try {
-        const { trackPlatformEvent } = await import('@/lib/core/telemetry')
+        const { PlatformEvents } = await import('@/lib/core/telemetry')
 
         const blockTypeCounts: Record<string, number> = {}
         for (const block of Object.values(currentState.blocks)) {
@@ -575,15 +575,15 @@ export async function deployWorkflow(params: {
           blockTypeCounts[blockType] = (blockTypeCounts[blockType] || 0) + 1
         }
 
-        trackPlatformEvent('platform.workflow.deployed', {
-          'workflow.id': workflowId,
-          'workflow.name': workflowName,
-          'workflow.blocks_count': Object.keys(currentState.blocks).length,
-          'workflow.edges_count': currentState.edges.length,
-          'workflow.loops_count': Object.keys(currentState.loops).length,
-          'workflow.parallels_count': Object.keys(currentState.parallels).length,
-          'workflow.block_types': JSON.stringify(blockTypeCounts),
-          'deployment.version': deployedVersion,
+        PlatformEvents.workflowDeployed({
+          workflowId,
+          workflowName,
+          blocksCount: Object.keys(currentState.blocks).length,
+          edgesCount: currentState.edges.length,
+          version: deployedVersion,
+          loopsCount: Object.keys(currentState.loops).length,
+          parallelsCount: Object.keys(currentState.parallels).length,
+          blockTypes: JSON.stringify(blockTypeCounts),
         })
       } catch (telemetryError) {
         logger.warn(`Failed to track deployment telemetry for ${workflowId}`, telemetryError)
diff --git a/apps/sim/lib/workspaces/presence-colors.ts b/apps/sim/lib/workspaces/colors.ts
similarity index 65%
rename from apps/sim/lib/workspaces/presence-colors.ts
rename to apps/sim/lib/workspaces/colors.ts
index 022db7e764..e7141128ea 100644
--- a/apps/sim/lib/workspaces/presence-colors.ts
+++ b/apps/sim/lib/workspaces/colors.ts
@@ -7,6 +7,19 @@ const APP_COLORS = [
   { from: '#F59E0B', to: '#F97316' }, // amber to orange
 ]
 
+/**
+ * User color palette matching terminal.tsx RUN_ID_COLORS
+ * These colors are used consistently across cursors, avatars, and terminal run IDs
+ */
+export const USER_COLORS = [
+  '#4ADE80', // Green
+  '#F472B6', // Pink
+  '#60C5FF', // Blue
+  '#FF8533', // Orange
+  '#C084FC', // Purple
+  '#FCD34D', // Yellow
+] as const
+
 interface PresenceColorPalette {
   gradient: string
   accentColor: string
@@ -80,3 +93,35 @@ export function getPresenceColors(
     baseColor: colorPair.from,
   }
 }
+
+/**
+ * Gets a consistent color for a user based on their ID.
+ * The same user will always get the same color across cursors, avatars, and terminal.
+ *
+ * @param userId - The unique user identifier
+ * @returns A hex color string
+ */
+export function getUserColor(userId: string): string {
+  const hash = hashIdentifier(userId)
+  return USER_COLORS[hash % USER_COLORS.length]
+}
+
+/**
+ * Creates a stable mapping of user IDs to color indices for a list of users.
+ * Useful when you need to maintain consistent color assignments across renders.
+ *
+ * @param userIds - Array of user IDs to map
+ * @returns Map of user ID to color index
+ */
+export function createUserColorMap(userIds: string[]): Map<string, number> {
+  const colorMap = new Map<string, number>()
+  let colorIndex = 0
+
+  for (const userId of userIds) {
+    if (!colorMap.has(userId)) {
+      colorMap.set(userId, colorIndex++)
+    }
+  }
+
+  return colorMap
+}
diff --git a/apps/sim/package.json b/apps/sim/package.json
index c6daca4e98..9dc7abd47c 100644
--- a/apps/sim/package.json
+++ b/apps/sim/package.json
@@ -11,7 +11,7 @@
     "dev": "next dev --port 3000",
     "dev:webpack": "next dev --webpack",
     "dev:sockets": "bun run socket/index.ts",
-    "dev:full": "concurrently -n \"App,Realtime\" -c \"cyan,magenta\" \"bun run dev\" \"bun run dev:sockets\"",
+    "dev:full": "bunx concurrently -n \"App,Realtime\" -c \"cyan,magenta\" \"bun run dev\" \"bun run dev:sockets\"",
     "build": "next build",
     "start": "next start",
     "prepare": "cd ../.. && bun husky",
@@ -24,6 +24,7 @@
   },
   "dependencies": {
     "@anthropic-ai/sdk": "^0.39.0",
+    "@aws-sdk/client-bedrock-runtime": "3.940.0",
     "@aws-sdk/client-dynamodb": "3.940.0",
     "@aws-sdk/client-rds-data": "3.940.0",
     "@aws-sdk/client-s3": "^3.779.0",
diff --git a/apps/sim/providers/bedrock/index.ts b/apps/sim/providers/bedrock/index.ts
new file mode 100644
index 0000000000..63816267dd
--- /dev/null
+++ b/apps/sim/providers/bedrock/index.ts
@@ -0,0 +1,905 @@
+import {
+  type Message as BedrockMessage,
+  BedrockRuntimeClient,
+  type ContentBlock,
+  type ConversationRole,
+  ConverseCommand,
+  ConverseStreamCommand,
+  type SystemContentBlock,
+  type Tool,
+  type ToolConfiguration,
+  type ToolResultBlock,
+  type ToolUseBlock,
+} from '@aws-sdk/client-bedrock-runtime'
+import { createLogger } from '@sim/logger'
+import type { StreamingExecution } from '@/executor/types'
+import { MAX_TOOL_ITERATIONS } from '@/providers'
+import {
+  checkForForcedToolUsage,
+  createReadableStreamFromBedrockStream,
+  generateToolUseId,
+  getBedrockInferenceProfileId,
+} from '@/providers/bedrock/utils'
+import { getProviderDefaultModel, getProviderModels } from '@/providers/models'
+import type {
+  ProviderConfig,
+  ProviderRequest,
+  ProviderResponse,
+  TimeSegment,
+} from '@/providers/types'
+import {
+  calculateCost,
+  prepareToolExecution,
+  prepareToolsWithUsageControl,
+} from '@/providers/utils'
+import { executeTool } from '@/tools'
+
+const logger = createLogger('BedrockProvider')
+
+export const bedrockProvider: ProviderConfig = {
+  id: 'bedrock',
+  name: 'AWS Bedrock',
+  description: 'AWS Bedrock foundation models',
+  version: '1.0.0',
+  models: getProviderModels('bedrock'),
+  defaultModel: getProviderDefaultModel('bedrock'),
+
+  executeRequest: async (
+    request: ProviderRequest
+  ): Promise<ProviderResponse | StreamingExecution> => {
+    if (!request.bedrockAccessKeyId) {
+      throw new Error('AWS Access Key ID is required for Bedrock')
+    }
+
+    if (!request.bedrockSecretKey) {
+      throw new Error('AWS Secret Access Key is required for Bedrock')
+    }
+
+    const region = request.bedrockRegion || 'us-east-1'
+    const bedrockModelId = getBedrockInferenceProfileId(request.model, region)
+
+    logger.info('Bedrock request', {
+      requestModel: request.model,
+      inferenceProfileId: bedrockModelId,
+      region,
+    })
+
+    const client = new BedrockRuntimeClient({
+      region,
+      credentials: {
+        accessKeyId: request.bedrockAccessKeyId || '',
+        secretAccessKey: request.bedrockSecretKey || '',
+      },
+    })
+
+    const messages: BedrockMessage[] = []
+    const systemContent: SystemContentBlock[] = []
+
+    if (request.systemPrompt) {
+      systemContent.push({ text: request.systemPrompt })
+    }
+
+    if (request.context) {
+      messages.push({
+        role: 'user' as ConversationRole,
+        content: [{ text: request.context }],
+      })
+    }
+
+    if (request.messages) {
+      for (const msg of request.messages) {
+        if (msg.role === 'function' || msg.role === 'tool') {
+          const toolResultBlock: ToolResultBlock = {
+            toolUseId: msg.tool_call_id || msg.name || generateToolUseId('tool'),
+            content: [{ text: msg.content || '' }],
+          }
+          messages.push({
+            role: 'user' as ConversationRole,
+            content: [{ toolResult: toolResultBlock }],
+          })
+        } else if (msg.function_call || msg.tool_calls) {
+          const toolCall = msg.function_call || msg.tool_calls?.[0]?.function
+          if (toolCall) {
+            const toolUseBlock: ToolUseBlock = {
+              toolUseId: msg.tool_calls?.[0]?.id || generateToolUseId(toolCall.name),
+              name: toolCall.name,
+              input: JSON.parse(toolCall.arguments),
+            }
+            messages.push({
+              role: 'assistant' as ConversationRole,
+              content: [{ toolUse: toolUseBlock }],
+            })
+          }
+        } else {
+          const role: ConversationRole = msg.role === 'assistant' ? 'assistant' : 'user'
+          messages.push({
+            role,
+            content: [{ text: msg.content || '' }],
+          })
+        }
+      }
+    }
+
+    if (messages.length === 0) {
+      messages.push({
+        role: 'user' as ConversationRole,
+        content: [{ text: request.systemPrompt || 'Hello' }],
+      })
+      systemContent.length = 0
+    }
+
+    let structuredOutputTool: Tool | undefined
+    const structuredOutputToolName = 'structured_output'
+
+    if (request.responseFormat) {
+      const schema = request.responseFormat.schema || request.responseFormat
+      const schemaName = request.responseFormat.name || 'response'
+
+      structuredOutputTool = {
+        toolSpec: {
+          name: structuredOutputToolName,
+          description: `Output the response as structured JSON matching the ${schemaName} schema. You MUST call this tool to provide your final response.`,
+          inputSchema: {
+            json: schema,
+          },
+        },
+      }
+
+      logger.info(`Using Tool Use approach for structured outputs: ${schemaName}`)
+    }
+
+    let bedrockTools: Tool[] | undefined
+    let toolChoice: any = { auto: {} }
+    let preparedTools: ReturnType<typeof prepareToolsWithUsageControl> | null = null
+
+    if (request.tools?.length) {
+      bedrockTools = request.tools.map((tool) => ({
+        toolSpec: {
+          name: tool.id,
+          description: tool.description,
+          inputSchema: {
+            json: {
+              type: 'object',
+              properties: tool.parameters.properties,
+              required: tool.parameters.required,
+            },
+          },
+        },
+      }))
+
+      try {
+        preparedTools = prepareToolsWithUsageControl(
+          bedrockTools.map((t) => ({
+            name: t.toolSpec?.name || '',
+            description: t.toolSpec?.description || '',
+            input_schema: t.toolSpec?.inputSchema?.json,
+          })),
+          request.tools,
+          logger,
+          'bedrock'
+        )
+
+        const { tools: filteredTools, toolChoice: tc } = preparedTools
+
+        if (filteredTools?.length) {
+          bedrockTools = filteredTools.map((t: any) => ({
+            toolSpec: {
+              name: t.name,
+              description: t.description,
+              inputSchema: { json: t.input_schema },
+            },
+          }))
+
+          if (typeof tc === 'object' && tc !== null) {
+            if (tc.type === 'tool' && tc.name) {
+              toolChoice = { tool: { name: tc.name } }
+              logger.info(`Using Bedrock tool_choice format: force tool "${tc.name}"`)
+            } else if (tc.type === 'function' && tc.function?.name) {
+              toolChoice = { tool: { name: tc.function.name } }
+              logger.info(`Using Bedrock tool_choice format: force tool "${tc.function.name}"`)
+            } else {
+              toolChoice = { auto: {} }
+            }
+          } else if (tc === 'none') {
+            toolChoice = undefined
+            bedrockTools = undefined
+          } else {
+            toolChoice = { auto: {} }
+          }
+        }
+      } catch (error) {
+        logger.error('Error in prepareToolsWithUsageControl:', { error })
+        toolChoice = { auto: {} }
+      }
+    } else if (structuredOutputTool) {
+      bedrockTools = [structuredOutputTool]
+      toolChoice = { tool: { name: structuredOutputToolName } }
+      logger.info('Using structured_output tool as only tool (forced)')
+    }
+
+    const hasToolContentInMessages = messages.some((msg) =>
+      msg.content?.some(
+        (block) =>
+          ('toolUse' in block && block.toolUse) || ('toolResult' in block && block.toolResult)
+      )
+    )
+
+    const toolConfig: ToolConfiguration | undefined = bedrockTools?.length
+      ? {
+          tools: bedrockTools,
+          toolChoice,
+        }
+      : hasToolContentInMessages && request.tools?.length
+        ? {
+            tools: request.tools.map((tool) => ({
+              toolSpec: {
+                name: tool.id,
+                description: tool.description,
+                inputSchema: {
+                  json: {
+                    type: 'object',
+                    properties: tool.parameters.properties,
+                    required: tool.parameters.required,
+                  },
+                },
+              },
+            })),
+            toolChoice: { auto: {} },
+          }
+        : undefined
+
+    if (hasToolContentInMessages && !toolConfig) {
+      throw new Error(
+        'Messages contain tool use/result blocks but no tools were provided. ' +
+          'Bedrock requires toolConfig when processing messages with tool content.'
+      )
+    }
+
+    const systemPromptWithSchema = systemContent
+
+    const inferenceConfig = {
+      temperature: Number.parseFloat(String(request.temperature ?? 0.7)),
+      maxTokens: Number.parseInt(String(request.maxTokens)) || 4096,
+    }
+
+    const shouldStreamToolCalls = request.streamToolCalls ?? false
+
+    if (request.stream && (!bedrockTools || bedrockTools.length === 0)) {
+      logger.info('Using streaming response for Bedrock request (no tools)')
+
+      const providerStartTime = Date.now()
+      const providerStartTimeISO = new Date(providerStartTime).toISOString()
+
+      const command = new ConverseStreamCommand({
+        modelId: bedrockModelId,
+        messages,
+        system: systemPromptWithSchema.length > 0 ? systemPromptWithSchema : undefined,
+        inferenceConfig,
+      })
+
+      const streamResponse = await client.send(command)
+
+      if (!streamResponse.stream) {
+        throw new Error('No stream returned from Bedrock')
+      }
+
+      const streamingResult = {
+        stream: createReadableStreamFromBedrockStream(streamResponse.stream, (content, usage) => {
+          streamingResult.execution.output.content = content
+          streamingResult.execution.output.tokens = {
+            input: usage.inputTokens,
+            output: usage.outputTokens,
+            total: usage.inputTokens + usage.outputTokens,
+          }
+
+          const costResult = calculateCost(request.model, usage.inputTokens, usage.outputTokens)
+          streamingResult.execution.output.cost = {
+            input: costResult.input,
+            output: costResult.output,
+            total: costResult.total,
+          }
+
+          const streamEndTime = Date.now()
+          const streamEndTimeISO = new Date(streamEndTime).toISOString()
+
+          if (streamingResult.execution.output.providerTiming) {
+            streamingResult.execution.output.providerTiming.endTime = streamEndTimeISO
+            streamingResult.execution.output.providerTiming.duration =
+              streamEndTime - providerStartTime
+
+            if (streamingResult.execution.output.providerTiming.timeSegments?.[0]) {
+              streamingResult.execution.output.providerTiming.timeSegments[0].endTime =
+                streamEndTime
+              streamingResult.execution.output.providerTiming.timeSegments[0].duration =
+                streamEndTime - providerStartTime
+            }
+          }
+        }),
+        execution: {
+          success: true,
+          output: {
+            content: '',
+            model: request.model,
+            tokens: { input: 0, output: 0, total: 0 },
+            toolCalls: undefined,
+            providerTiming: {
+              startTime: providerStartTimeISO,
+              endTime: new Date().toISOString(),
+              duration: Date.now() - providerStartTime,
+              timeSegments: [
+                {
+                  type: 'model',
+                  name: 'Streaming response',
+                  startTime: providerStartTime,
+                  endTime: Date.now(),
+                  duration: Date.now() - providerStartTime,
+                },
+              ],
+            },
+            cost: {
+              total: 0.0,
+              input: 0.0,
+              output: 0.0,
+            },
+          },
+          logs: [],
+          metadata: {
+            startTime: providerStartTimeISO,
+            endTime: new Date().toISOString(),
+            duration: Date.now() - providerStartTime,
+          },
+          isStreaming: true,
+        },
+      }
+
+      return streamingResult as StreamingExecution
+    }
+
+    const providerStartTime = Date.now()
+    const providerStartTimeISO = new Date(providerStartTime).toISOString()
+
+    try {
+      const initialCallTime = Date.now()
+      const originalToolChoice = toolChoice
+      const forcedTools = preparedTools?.forcedTools || []
+      let usedForcedTools: string[] = []
+
+      const command = new ConverseCommand({
+        modelId: bedrockModelId,
+        messages,
+        system: systemPromptWithSchema.length > 0 ? systemPromptWithSchema : undefined,
+        inferenceConfig,
+        toolConfig,
+      })
+
+      let currentResponse = await client.send(command)
+      const firstResponseTime = Date.now() - initialCallTime
+
+      let content = ''
+      let hasExtractedStructuredOutput = false
+      if (currentResponse.output?.message?.content) {
+        const structuredOutputCall = currentResponse.output.message.content.find(
+          (block): block is ContentBlock & { toolUse: ToolUseBlock } =>
+            'toolUse' in block && block.toolUse?.name === structuredOutputToolName
+        )
+
+        if (structuredOutputCall && structuredOutputTool) {
+          content = JSON.stringify(structuredOutputCall.toolUse.input, null, 2)
+          hasExtractedStructuredOutput = true
+          logger.info('Extracted structured output from tool call')
+        } else {
+          const textBlocks = currentResponse.output.message.content.filter(
+            (block): block is ContentBlock & { text: string } => 'text' in block
+          )
+          content = textBlocks.map((block) => block.text).join('\n')
+        }
+      }
+
+      const tokens = {
+        input: currentResponse.usage?.inputTokens || 0,
+        output: currentResponse.usage?.outputTokens || 0,
+        total:
+          (currentResponse.usage?.inputTokens || 0) + (currentResponse.usage?.outputTokens || 0),
+      }
+
+      const initialCost = calculateCost(
+        request.model,
+        currentResponse.usage?.inputTokens || 0,
+        currentResponse.usage?.outputTokens || 0
+      )
+      const cost = {
+        input: initialCost.input,
+        output: initialCost.output,
+        total: initialCost.total,
+      }
+
+      const toolCalls: any[] = []
+      const toolResults: any[] = []
+      const currentMessages = [...messages]
+      let iterationCount = 0
+      let hasUsedForcedTool = false
+      let modelTime = firstResponseTime
+      let toolsTime = 0
+
+      const timeSegments: TimeSegment[] = [
+        {
+          type: 'model',
+          name: 'Initial response',
+          startTime: initialCallTime,
+          endTime: initialCallTime + firstResponseTime,
+          duration: firstResponseTime,
+        },
+      ]
+
+      const initialToolUseContentBlocks = (currentResponse.output?.message?.content || []).filter(
+        (block): block is ContentBlock & { toolUse: ToolUseBlock } => 'toolUse' in block
+      )
+      const toolUseBlocks = initialToolUseContentBlocks.map((block) => ({
+        name: block.toolUse.name || '',
+      }))
+
+      const firstCheckResult = checkForForcedToolUsage(
+        toolUseBlocks,
+        originalToolChoice,
+        forcedTools,
+        usedForcedTools
+      )
+      if (firstCheckResult) {
+        hasUsedForcedTool = firstCheckResult.hasUsedForcedTool
+        usedForcedTools = firstCheckResult.usedForcedTools
+      }
+
+      while (iterationCount < MAX_TOOL_ITERATIONS) {
+        const textContentBlocks = (currentResponse.output?.message?.content || []).filter(
+          (block): block is ContentBlock & { text: string } => 'text' in block
+        )
+        const textContent = textContentBlocks.map((block) => block.text).join('\n')
+
+        if (textContent) {
+          content = textContent
+        }
+
+        const toolUseContentBlocks = (currentResponse.output?.message?.content || []).filter(
+          (block): block is ContentBlock & { toolUse: ToolUseBlock } => 'toolUse' in block
+        )
+        const currentToolUses = toolUseContentBlocks.map((block) => block.toolUse)
+
+        if (!currentToolUses || currentToolUses.length === 0) {
+          break
+        }
+
+        const toolsStartTime = Date.now()
+
+        const toolExecutionPromises = currentToolUses.map(async (toolUse: ToolUseBlock) => {
+          const toolCallStartTime = Date.now()
+          const toolName = toolUse.name || ''
+          const toolArgs = (toolUse.input as Record<string, any>) || {}
+          const toolUseId = toolUse.toolUseId || generateToolUseId(toolName)
+
+          try {
+            const tool = request.tools?.find((t) => t.id === toolName)
+            if (!tool) return null
+
+            const { toolParams, executionParams } = prepareToolExecution(tool, toolArgs, request)
+            const result = await executeTool(toolName, executionParams, true)
+            const toolCallEndTime = Date.now()
+
+            return {
+              toolUseId,
+              toolName,
+              toolArgs,
+              toolParams,
+              result,
+              startTime: toolCallStartTime,
+              endTime: toolCallEndTime,
+              duration: toolCallEndTime - toolCallStartTime,
+            }
+          } catch (error) {
+            const toolCallEndTime = Date.now()
+            logger.error('Error processing tool call:', { error, toolName })
+
+            return {
+              toolUseId,
+              toolName,
+              toolArgs,
+              toolParams: {},
+              result: {
+                success: false,
+                output: undefined,
+                error: error instanceof Error ? error.message : 'Tool execution failed',
+              },
+              startTime: toolCallStartTime,
+              endTime: toolCallEndTime,
+              duration: toolCallEndTime - toolCallStartTime,
+            }
+          }
+        })
+
+        const executionResults = await Promise.allSettled(toolExecutionPromises)
+
+        const assistantContent: ContentBlock[] = currentToolUses.map((toolUse: ToolUseBlock) => ({
+          toolUse: {
+            toolUseId: toolUse.toolUseId,
+            name: toolUse.name,
+            input: toolUse.input,
+          },
+        }))
+        currentMessages.push({
+          role: 'assistant' as ConversationRole,
+          content: assistantContent,
+        })
+
+        const toolResultContent: ContentBlock[] = []
+
+        for (const settledResult of executionResults) {
+          if (settledResult.status === 'rejected' || !settledResult.value) continue
+
+          const {
+            toolUseId,
+            toolName,
+            toolArgs,
+            toolParams,
+            result,
+            startTime,
+            endTime,
+            duration,
+          } = settledResult.value
+
+          timeSegments.push({
+            type: 'tool',
+            name: toolName,
+            startTime,
+            endTime,
+            duration,
+          })
+
+          let resultContent: any
+          if (result.success) {
+            toolResults.push(result.output)
+            resultContent = result.output
+          } else {
+            resultContent = {
+              error: true,
+              message: result.error || 'Tool execution failed',
+              tool: toolName,
+            }
+          }
+
+          toolCalls.push({
+            name: toolName,
+            arguments: toolParams,
+            startTime: new Date(startTime).toISOString(),
+            endTime: new Date(endTime).toISOString(),
+            duration,
+            result: resultContent,
+            success: result.success,
+          })
+
+          const toolResultBlock: ToolResultBlock = {
+            toolUseId,
+            content: [{ text: JSON.stringify(resultContent) }],
+          }
+          toolResultContent.push({ toolResult: toolResultBlock })
+        }
+
+        if (toolResultContent.length > 0) {
+          currentMessages.push({
+            role: 'user' as ConversationRole,
+            content: toolResultContent,
+          })
+        }
+
+        const thisToolsTime = Date.now() - toolsStartTime
+        toolsTime += thisToolsTime
+
+        let nextToolChoice = toolChoice
+        if (typeof originalToolChoice === 'object' && hasUsedForcedTool && forcedTools.length > 0) {
+          const remainingTools = forcedTools.filter((tool) => !usedForcedTools.includes(tool))
+
+          if (remainingTools.length > 0) {
+            nextToolChoice = { tool: { name: remainingTools[0] } }
+            logger.info(`Forcing next tool: ${remainingTools[0]}`)
+          } else {
+            nextToolChoice = { auto: {} }
+            logger.info('All forced tools have been used, switching to auto')
+          }
+        } else if (hasUsedForcedTool && typeof originalToolChoice === 'object') {
+          nextToolChoice = { auto: {} }
+          logger.info('Switching to auto tool choice after forced tool was used')
+        }
+
+        const nextModelStartTime = Date.now()
+
+        const nextCommand = new ConverseCommand({
+          modelId: bedrockModelId,
+          messages: currentMessages,
+          system: systemPromptWithSchema.length > 0 ? systemPromptWithSchema : undefined,
+          inferenceConfig,
+          toolConfig: bedrockTools?.length
+            ? { tools: bedrockTools, toolChoice: nextToolChoice }
+            : undefined,
+        })
+
+        currentResponse = await client.send(nextCommand)
+
+        const nextToolUseContentBlocks = (currentResponse.output?.message?.content || []).filter(
+          (block): block is ContentBlock & { toolUse: ToolUseBlock } => 'toolUse' in block
+        )
+        const nextToolUseBlocks = nextToolUseContentBlocks.map((block) => ({
+          name: block.toolUse.name || '',
+        }))
+
+        const nextCheckResult = checkForForcedToolUsage(
+          nextToolUseBlocks,
+          nextToolChoice,
+          forcedTools,
+          usedForcedTools
+        )
+        if (nextCheckResult) {
+          hasUsedForcedTool = nextCheckResult.hasUsedForcedTool
+          usedForcedTools = nextCheckResult.usedForcedTools
+        }
+
+        const nextModelEndTime = Date.now()
+        const thisModelTime = nextModelEndTime - nextModelStartTime
+
+        timeSegments.push({
+          type: 'model',
+          name: `Model response (iteration ${iterationCount + 1})`,
+          startTime: nextModelStartTime,
+          endTime: nextModelEndTime,
+          duration: thisModelTime,
+        })
+
+        modelTime += thisModelTime
+
+        if (currentResponse.usage) {
+          tokens.input += currentResponse.usage.inputTokens || 0
+          tokens.output += currentResponse.usage.outputTokens || 0
+          tokens.total +=
+            (currentResponse.usage.inputTokens || 0) + (currentResponse.usage.outputTokens || 0)
+
+          const iterationCost = calculateCost(
+            request.model,
+            currentResponse.usage.inputTokens || 0,
+            currentResponse.usage.outputTokens || 0
+          )
+          cost.input += iterationCost.input
+          cost.output += iterationCost.output
+          cost.total += iterationCost.total
+        }
+
+        iterationCount++
+      }
+
+      if (structuredOutputTool && request.tools?.length) {
+        logger.info('Making final call with forced structured_output tool')
+
+        const structuredOutputStartTime = Date.now()
+
+        const structuredOutputCommand = new ConverseCommand({
+          modelId: bedrockModelId,
+          messages: currentMessages,
+          system: systemPromptWithSchema.length > 0 ? systemPromptWithSchema : undefined,
+          inferenceConfig,
+          toolConfig: {
+            tools: [structuredOutputTool],
+            toolChoice: { tool: { name: structuredOutputToolName } },
+          },
+        })
+
+        const structuredResponse = await client.send(structuredOutputCommand)
+        const structuredOutputEndTime = Date.now()
+
+        timeSegments.push({
+          type: 'model',
+          name: 'Structured output extraction',
+          startTime: structuredOutputStartTime,
+          endTime: structuredOutputEndTime,
+          duration: structuredOutputEndTime - structuredOutputStartTime,
+        })
+
+        modelTime += structuredOutputEndTime - structuredOutputStartTime
+
+        const structuredOutputCall = structuredResponse.output?.message?.content?.find(
+          (block): block is ContentBlock & { toolUse: ToolUseBlock } =>
+            'toolUse' in block && block.toolUse?.name === structuredOutputToolName
+        )
+
+        if (structuredOutputCall) {
+          content = JSON.stringify(structuredOutputCall.toolUse.input, null, 2)
+          hasExtractedStructuredOutput = true
+          logger.info('Extracted structured output from forced tool call')
+        } else {
+          logger.warn('Structured output tool was forced but no tool call found in response')
+        }
+
+        if (structuredResponse.usage) {
+          tokens.input += structuredResponse.usage.inputTokens || 0
+          tokens.output += structuredResponse.usage.outputTokens || 0
+          tokens.total +=
+            (structuredResponse.usage.inputTokens || 0) +
+            (structuredResponse.usage.outputTokens || 0)
+
+          const structuredCost = calculateCost(
+            request.model,
+            structuredResponse.usage.inputTokens || 0,
+            structuredResponse.usage.outputTokens || 0
+          )
+          cost.input += structuredCost.input
+          cost.output += structuredCost.output
+          cost.total += structuredCost.total
+        }
+      }
+
+      const providerEndTime = Date.now()
+      const providerEndTimeISO = new Date(providerEndTime).toISOString()
+      const totalDuration = providerEndTime - providerStartTime
+
+      if (request.stream && !shouldStreamToolCalls && !hasExtractedStructuredOutput) {
+        logger.info('Using streaming for final Bedrock response after tool processing')
+
+        const messagesHaveToolContent = currentMessages.some((msg) =>
+          msg.content?.some(
+            (block) =>
+              ('toolUse' in block && block.toolUse) || ('toolResult' in block && block.toolResult)
+          )
+        )
+
+        const streamToolConfig: ToolConfiguration | undefined =
+          messagesHaveToolContent && request.tools?.length
+            ? {
+                tools: request.tools.map((tool) => ({
+                  toolSpec: {
+                    name: tool.id,
+                    description: tool.description,
+                    inputSchema: {
+                      json: {
+                        type: 'object',
+                        properties: tool.parameters.properties,
+                        required: tool.parameters.required,
+                      },
+                    },
+                  },
+                })),
+                toolChoice: { auto: {} },
+              }
+            : undefined
+
+        const streamCommand = new ConverseStreamCommand({
+          modelId: bedrockModelId,
+          messages: currentMessages,
+          system: systemPromptWithSchema.length > 0 ? systemPromptWithSchema : undefined,
+          inferenceConfig,
+          toolConfig: streamToolConfig,
+        })
+
+        const streamResponse = await client.send(streamCommand)
+
+        if (!streamResponse.stream) {
+          throw new Error('No stream returned from Bedrock')
+        }
+
+        const streamingResult = {
+          stream: createReadableStreamFromBedrockStream(
+            streamResponse.stream,
+            (streamContent, usage) => {
+              streamingResult.execution.output.content = streamContent
+              streamingResult.execution.output.tokens = {
+                input: tokens.input + usage.inputTokens,
+                output: tokens.output + usage.outputTokens,
+                total: tokens.total + usage.inputTokens + usage.outputTokens,
+              }
+
+              const streamCost = calculateCost(request.model, usage.inputTokens, usage.outputTokens)
+              streamingResult.execution.output.cost = {
+                input: cost.input + streamCost.input,
+                output: cost.output + streamCost.output,
+                total: cost.total + streamCost.total,
+              }
+
+              const streamEndTime = Date.now()
+              const streamEndTimeISO = new Date(streamEndTime).toISOString()
+
+              if (streamingResult.execution.output.providerTiming) {
+                streamingResult.execution.output.providerTiming.endTime = streamEndTimeISO
+                streamingResult.execution.output.providerTiming.duration =
+                  streamEndTime - providerStartTime
+              }
+            }
+          ),
+          execution: {
+            success: true,
+            output: {
+              content: '',
+              model: request.model,
+              tokens: {
+                input: tokens.input,
+                output: tokens.output,
+                total: tokens.total,
+              },
+              toolCalls:
+                toolCalls.length > 0
+                  ? {
+                      list: toolCalls,
+                      count: toolCalls.length,
+                    }
+                  : undefined,
+              providerTiming: {
+                startTime: providerStartTimeISO,
+                endTime: new Date().toISOString(),
+                duration: Date.now() - providerStartTime,
+                modelTime,
+                toolsTime,
+                firstResponseTime,
+                iterations: iterationCount + 1,
+                timeSegments,
+              },
+              cost: {
+                input: cost.input,
+                output: cost.output,
+                total: cost.total,
+              },
+            },
+            logs: [],
+            metadata: {
+              startTime: providerStartTimeISO,
+              endTime: new Date().toISOString(),
+              duration: Date.now() - providerStartTime,
+            },
+            isStreaming: true,
+          },
+        }
+
+        return streamingResult as StreamingExecution
+      }
+
+      return {
+        content,
+        model: request.model,
+        tokens,
+        toolCalls:
+          toolCalls.length > 0
+            ? toolCalls.map((tc) => ({
+                name: tc.name,
+                arguments: tc.arguments as Record<string, any>,
+                startTime: tc.startTime,
+                endTime: tc.endTime,
+                duration: tc.duration,
+                result: tc.result,
+              }))
+            : undefined,
+        toolResults: toolResults.length > 0 ? toolResults : undefined,
+        timing: {
+          startTime: providerStartTimeISO,
+          endTime: providerEndTimeISO,
+          duration: totalDuration,
+          modelTime,
+          toolsTime,
+          firstResponseTime,
+          iterations: iterationCount + 1,
+          timeSegments,
+        },
+      }
+    } catch (error) {
+      const providerEndTime = Date.now()
+      const providerEndTimeISO = new Date(providerEndTime).toISOString()
+      const totalDuration = providerEndTime - providerStartTime
+
+      logger.error('Error in Bedrock request:', {
+        error,
+        duration: totalDuration,
+      })
+
+      const enhancedError = new Error(error instanceof Error ? error.message : String(error))
+      // @ts-ignore
+      enhancedError.timing = {
+        startTime: providerStartTimeISO,
+        endTime: providerEndTimeISO,
+        duration: totalDuration,
+      }
+
+      throw enhancedError
+    }
+  },
+}
diff --git a/apps/sim/providers/bedrock/utils.ts b/apps/sim/providers/bedrock/utils.ts
new file mode 100644
index 0000000000..0b92f247b4
--- /dev/null
+++ b/apps/sim/providers/bedrock/utils.ts
@@ -0,0 +1,108 @@
+import type { ConverseStreamOutput } from '@aws-sdk/client-bedrock-runtime'
+import { createLogger } from '@sim/logger'
+import { trackForcedToolUsage } from '@/providers/utils'
+
+const logger = createLogger('BedrockUtils')
+
+export interface BedrockStreamUsage {
+  inputTokens: number
+  outputTokens: number
+}
+
+export function createReadableStreamFromBedrockStream(
+  bedrockStream: AsyncIterable<ConverseStreamOutput>,
+  onComplete?: (content: string, usage: BedrockStreamUsage) => void
+): ReadableStream<Uint8Array> {
+  let fullContent = ''
+  let inputTokens = 0
+  let outputTokens = 0
+
+  return new ReadableStream({
+    async start(controller) {
+      try {
+        for await (const event of bedrockStream) {
+          if (event.contentBlockDelta?.delta?.text) {
+            const text = event.contentBlockDelta.delta.text
+            fullContent += text
+            controller.enqueue(new TextEncoder().encode(text))
+          } else if (event.metadata?.usage) {
+            inputTokens = event.metadata.usage.inputTokens ?? 0
+            outputTokens = event.metadata.usage.outputTokens ?? 0
+          }
+        }
+
+        if (onComplete) {
+          onComplete(fullContent, { inputTokens, outputTokens })
+        }
+
+        controller.close()
+      } catch (err) {
+        controller.error(err)
+      }
+    },
+  })
+}
+
+export function checkForForcedToolUsage(
+  toolUseBlocks: Array<{ name: string }>,
+  toolChoice: any,
+  forcedTools: string[],
+  usedForcedTools: string[]
+): { hasUsedForcedTool: boolean; usedForcedTools: string[] } | null {
+  if (typeof toolChoice === 'object' && toolChoice !== null && toolUseBlocks.length > 0) {
+    const adaptedToolCalls = toolUseBlocks.map((tool) => ({ name: tool.name }))
+    const adaptedToolChoice = toolChoice.tool
+      ? { function: { name: toolChoice.tool.name } }
+      : toolChoice
+
+    return trackForcedToolUsage(
+      adaptedToolCalls,
+      adaptedToolChoice,
+      logger,
+      'bedrock',
+      forcedTools,
+      usedForcedTools
+    )
+  }
+  return null
+}
+
+export function generateToolUseId(toolName: string): string {
+  return `${toolName}-${Date.now()}-${Math.random().toString(36).substring(2, 7)}`
+}
+
+/**
+ * Converts a model ID to the Bedrock inference profile format.
+ * AWS Bedrock requires inference profile IDs (e.g., us.anthropic.claude-...)
+ * for on-demand invocation of newer models.
+ *
+ * @param modelId - The model ID (e.g., "bedrock/anthropic.claude-sonnet-4-5-20250929-v1:0")
+ * @param region - The AWS region (e.g., "us-east-1")
+ * @returns The inference profile ID (e.g., "us.anthropic.claude-sonnet-4-5-20250929-v1:0")
+ */
+export function getBedrockInferenceProfileId(modelId: string, region: string): string {
+  const baseModelId = modelId.startsWith('bedrock/') ? modelId.slice(8) : modelId
+
+  if (/^(us-gov|us|eu|apac|au|ca|jp|global)\./.test(baseModelId)) {
+    return baseModelId
+  }
+
+  let inferencePrefix: string
+  if (region.startsWith('us-gov-')) {
+    inferencePrefix = 'us-gov'
+  } else if (region.startsWith('us-') || region.startsWith('ca-')) {
+    inferencePrefix = 'us'
+  } else if (region.startsWith('eu-') || region === 'il-central-1') {
+    inferencePrefix = 'eu'
+  } else if (region.startsWith('ap-') || region.startsWith('me-')) {
+    inferencePrefix = 'apac'
+  } else if (region.startsWith('sa-')) {
+    inferencePrefix = 'us'
+  } else if (region.startsWith('af-')) {
+    inferencePrefix = 'eu'
+  } else {
+    inferencePrefix = 'us'
+  }
+
+  return `${inferencePrefix}.${baseModelId}`
+}
diff --git a/apps/sim/providers/models.ts b/apps/sim/providers/models.ts
index 668e98e23e..eb655e66fb 100644
--- a/apps/sim/providers/models.ts
+++ b/apps/sim/providers/models.ts
@@ -11,6 +11,7 @@ import type React from 'react'
 import {
   AnthropicIcon,
   AzureIcon,
+  BedrockIcon,
   CerebrasIcon,
   DeepseekIcon,
   GeminiIcon,
@@ -1632,6 +1633,408 @@ export const PROVIDER_DEFINITIONS: Record<string, ProviderDefinition> = {
     contextInformationAvailable: false,
     models: [], // Populated dynamically
   },
+  bedrock: {
+    id: 'bedrock',
+    name: 'AWS Bedrock',
+    description: 'AWS Bedrock foundation models',
+    defaultModel: 'bedrock/anthropic.claude-sonnet-4-5-20250929-v1:0',
+    modelPatterns: [/^bedrock\//],
+    icon: BedrockIcon,
+    capabilities: {
+      temperature: { min: 0, max: 1 },
+      toolUsageControl: true,
+    },
+    models: [
+      {
+        id: 'bedrock/anthropic.claude-opus-4-5-20251101-v1:0',
+        pricing: {
+          input: 5.0,
+          output: 25.0,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+          nativeStructuredOutputs: true,
+        },
+        contextWindow: 200000,
+      },
+      {
+        id: 'bedrock/anthropic.claude-sonnet-4-5-20250929-v1:0',
+        pricing: {
+          input: 3.0,
+          output: 15.0,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+          nativeStructuredOutputs: true,
+        },
+        contextWindow: 200000,
+      },
+      {
+        id: 'bedrock/anthropic.claude-haiku-4-5-20251001-v1:0',
+        pricing: {
+          input: 1.0,
+          output: 5.0,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+          nativeStructuredOutputs: true,
+        },
+        contextWindow: 200000,
+      },
+      {
+        id: 'bedrock/anthropic.claude-opus-4-1-20250805-v1:0',
+        pricing: {
+          input: 15.0,
+          output: 75.0,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+          nativeStructuredOutputs: true,
+        },
+        contextWindow: 200000,
+      },
+      {
+        id: 'bedrock/amazon.nova-2-pro-v1:0',
+        pricing: {
+          input: 1.0,
+          output: 4.0,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 1000000,
+      },
+      {
+        id: 'bedrock/amazon.nova-2-lite-v1:0',
+        pricing: {
+          input: 0.08,
+          output: 0.32,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 1000000,
+      },
+      {
+        id: 'bedrock/amazon.nova-premier-v1:0',
+        pricing: {
+          input: 2.5,
+          output: 10.0,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 1000000,
+      },
+      {
+        id: 'bedrock/amazon.nova-pro-v1:0',
+        pricing: {
+          input: 0.8,
+          output: 3.2,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 300000,
+      },
+      {
+        id: 'bedrock/amazon.nova-lite-v1:0',
+        pricing: {
+          input: 0.06,
+          output: 0.24,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 300000,
+      },
+      {
+        id: 'bedrock/amazon.nova-micro-v1:0',
+        pricing: {
+          input: 0.035,
+          output: 0.14,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 128000,
+      },
+      {
+        id: 'bedrock/meta.llama4-maverick-17b-instruct-v1:0',
+        pricing: {
+          input: 0.24,
+          output: 0.97,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 1000000,
+      },
+      {
+        id: 'bedrock/meta.llama4-scout-17b-instruct-v1:0',
+        pricing: {
+          input: 0.18,
+          output: 0.72,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 3500000,
+      },
+      {
+        id: 'bedrock/meta.llama3-3-70b-instruct-v1:0',
+        pricing: {
+          input: 0.72,
+          output: 0.72,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 128000,
+      },
+      {
+        id: 'bedrock/meta.llama3-2-90b-instruct-v1:0',
+        pricing: {
+          input: 2.0,
+          output: 2.0,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 128000,
+      },
+      {
+        id: 'bedrock/meta.llama3-2-11b-instruct-v1:0',
+        pricing: {
+          input: 0.16,
+          output: 0.16,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 128000,
+      },
+      {
+        id: 'bedrock/meta.llama3-2-3b-instruct-v1:0',
+        pricing: {
+          input: 0.15,
+          output: 0.15,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 128000,
+      },
+      {
+        id: 'bedrock/meta.llama3-2-1b-instruct-v1:0',
+        pricing: {
+          input: 0.1,
+          output: 0.1,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 128000,
+      },
+      {
+        id: 'bedrock/meta.llama3-1-405b-instruct-v1:0',
+        pricing: {
+          input: 5.32,
+          output: 16.0,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 128000,
+      },
+      {
+        id: 'bedrock/meta.llama3-1-70b-instruct-v1:0',
+        pricing: {
+          input: 2.65,
+          output: 3.5,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 128000,
+      },
+      {
+        id: 'bedrock/meta.llama3-1-8b-instruct-v1:0',
+        pricing: {
+          input: 0.3,
+          output: 0.6,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 128000,
+      },
+      {
+        id: 'bedrock/mistral.mistral-large-3-675b-instruct',
+        pricing: {
+          input: 2.0,
+          output: 6.0,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 128000,
+      },
+      {
+        id: 'bedrock/mistral.mistral-large-2411-v1:0',
+        pricing: {
+          input: 2.0,
+          output: 6.0,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 128000,
+      },
+      {
+        id: 'bedrock/mistral.mistral-large-2407-v1:0',
+        pricing: {
+          input: 4.0,
+          output: 12.0,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 128000,
+      },
+      {
+        id: 'bedrock/mistral.pixtral-large-2502-v1:0',
+        pricing: {
+          input: 2.0,
+          output: 6.0,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 128000,
+      },
+      {
+        id: 'bedrock/mistral.magistral-small-2509',
+        pricing: {
+          input: 0.5,
+          output: 1.5,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 128000,
+      },
+      {
+        id: 'bedrock/mistral.ministral-3-14b-instruct',
+        pricing: {
+          input: 0.2,
+          output: 0.2,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 128000,
+      },
+      {
+        id: 'bedrock/mistral.ministral-3-8b-instruct',
+        pricing: {
+          input: 0.1,
+          output: 0.1,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 128000,
+      },
+      {
+        id: 'bedrock/mistral.ministral-3-3b-instruct',
+        pricing: {
+          input: 0.04,
+          output: 0.04,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 128000,
+      },
+      {
+        id: 'bedrock/mistral.mixtral-8x7b-instruct-v0:1',
+        pricing: {
+          input: 0.45,
+          output: 0.7,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 32000,
+      },
+      {
+        id: 'bedrock/amazon.titan-text-premier-v1:0',
+        pricing: {
+          input: 0.5,
+          output: 1.5,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 32000,
+      },
+      {
+        id: 'bedrock/cohere.command-r-plus-v1:0',
+        pricing: {
+          input: 3.0,
+          output: 15.0,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 128000,
+      },
+      {
+        id: 'bedrock/cohere.command-r-v1:0',
+        pricing: {
+          input: 0.5,
+          output: 1.5,
+          updatedAt: '2026-01-07',
+        },
+        capabilities: {
+          temperature: { min: 0, max: 1 },
+        },
+        contextWindow: 128000,
+      },
+    ],
+  },
 }
 
 export function getProviderModels(providerId: string): string[] {
diff --git a/apps/sim/providers/registry.ts b/apps/sim/providers/registry.ts
index ed30f35900..1b12656b91 100644
--- a/apps/sim/providers/registry.ts
+++ b/apps/sim/providers/registry.ts
@@ -1,6 +1,7 @@
 import { createLogger } from '@sim/logger'
 import { anthropicProvider } from '@/providers/anthropic'
 import { azureOpenAIProvider } from '@/providers/azure-openai'
+import { bedrockProvider } from '@/providers/bedrock'
 import { cerebrasProvider } from '@/providers/cerebras'
 import { deepseekProvider } from '@/providers/deepseek'
 import { googleProvider } from '@/providers/google'
@@ -30,6 +31,7 @@ const providerRegistry: Record<ProviderId, ProviderConfig> = {
   'azure-openai': azureOpenAIProvider,
   openrouter: openRouterProvider,
   ollama: ollamaProvider,
+  bedrock: bedrockProvider,
 }
 
 export async function getProviderExecutor(
diff --git a/apps/sim/providers/types.ts b/apps/sim/providers/types.ts
index e3b593aef2..3522a6f026 100644
--- a/apps/sim/providers/types.ts
+++ b/apps/sim/providers/types.ts
@@ -14,10 +14,8 @@ export type ProviderId =
   | 'ollama'
   | 'openrouter'
   | 'vllm'
+  | 'bedrock'
 
-/**
- * Model pricing information per million tokens
- */
 export interface ModelPricing {
   input: number // Per 1M tokens
   cachedInput?: number // Per 1M tokens (if supported)
@@ -163,6 +161,9 @@ export interface ProviderRequest {
   azureApiVersion?: string
   vertexProject?: string
   vertexLocation?: string
+  bedrockAccessKeyId?: string
+  bedrockSecretKey?: string
+  bedrockRegion?: string
   reasoningEffort?: string
   verbosity?: string
   thinkingLevel?: string
diff --git a/apps/sim/providers/utils.ts b/apps/sim/providers/utils.ts
index cb5042c9a9..1826bb40cd 100644
--- a/apps/sim/providers/utils.ts
+++ b/apps/sim/providers/utils.ts
@@ -88,6 +88,7 @@ export const providers: Record<ProviderId, ProviderMetadata> = {
   'azure-openai': buildProviderMetadata('azure-openai'),
   openrouter: buildProviderMetadata('openrouter'),
   ollama: buildProviderMetadata('ollama'),
+  bedrock: buildProviderMetadata('bedrock'),
 }
 
 export function updateOllamaProviderModels(models: string[]): void {
@@ -622,6 +623,12 @@ export function getApiKey(provider: string, model: string, userProvidedKey?: str
     return userProvidedKey || 'empty'
   }
 
+  // Bedrock uses its own credentials (bedrockAccessKeyId/bedrockSecretKey), not apiKey
+  const isBedrockModel = provider === 'bedrock' || model.startsWith('bedrock/')
+  if (isBedrockModel) {
+    return 'bedrock-uses-own-credentials'
+  }
+
   const isOpenAIModel = provider === 'openai'
   const isClaudeModel = provider === 'anthropic'
   const isGeminiModel = provider === 'google'
diff --git a/apps/sim/tools/grain/create_hook.ts b/apps/sim/tools/grain/create_hook.ts
index b1b4709f24..9ce40e5307 100644
--- a/apps/sim/tools/grain/create_hook.ts
+++ b/apps/sim/tools/grain/create_hook.ts
@@ -20,6 +20,12 @@ export const grainCreateHookTool: ToolConfig<GrainCreateHookParams, GrainCreateH
       visibility: 'user-or-llm',
       description: 'Webhook endpoint URL (must respond 2xx)',
     },
+    hookType: {
+      type: 'string',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'Type of webhook: "recording_added" or "upload_status"',
+    },
     filterBeforeDatetime: {
       type: 'string',
       required: false,
@@ -81,6 +87,7 @@ export const grainCreateHookTool: ToolConfig<GrainCreateHookParams, GrainCreateH
     body: (params) => {
       const body: Record<string, any> = {
         hook_url: params.hookUrl,
+        hook_type: params.hookType,
       }
 
       const filter: Record<string, any> = {}
@@ -147,6 +154,10 @@ export const grainCreateHookTool: ToolConfig<GrainCreateHookParams, GrainCreateH
       type: 'string',
       description: 'The webhook URL',
     },
+    hook_type: {
+      type: 'string',
+      description: 'Type of hook: recording_added or upload_status',
+    },
     filter: {
       type: 'object',
       description: 'Applied filters',
diff --git a/apps/sim/tools/grain/list_hooks.ts b/apps/sim/tools/grain/list_hooks.ts
index 73e0fbb33b..ee01b77a44 100644
--- a/apps/sim/tools/grain/list_hooks.ts
+++ b/apps/sim/tools/grain/list_hooks.ts
@@ -51,6 +51,7 @@ export const grainListHooksTool: ToolConfig<GrainListHooksParams, GrainListHooks
           id: { type: 'string', description: 'Hook UUID' },
           enabled: { type: 'boolean', description: 'Whether hook is active' },
           hook_url: { type: 'string', description: 'Webhook URL' },
+          hook_type: { type: 'string', description: 'Type: recording_added or upload_status' },
           filter: { type: 'object', description: 'Applied filters' },
           include: { type: 'object', description: 'Included fields' },
           inserted_at: { type: 'string', description: 'Creation timestamp' },
diff --git a/apps/sim/tools/grain/types.ts b/apps/sim/tools/grain/types.ts
index 584b86a408..8b9b11857e 100644
--- a/apps/sim/tools/grain/types.ts
+++ b/apps/sim/tools/grain/types.ts
@@ -95,6 +95,7 @@ export interface GrainHook {
   id: string
   enabled: boolean
   hook_url: string
+  hook_type: 'recording_added' | 'upload_status'
   filter: GrainRecordingFilter
   include: GrainRecordingInclude
   inserted_at: string
@@ -192,6 +193,7 @@ export interface GrainListMeetingTypesResponse extends ToolResponse {
 export interface GrainCreateHookParams {
   apiKey: string
   hookUrl: string
+  hookType: 'recording_added' | 'upload_status'
   filterBeforeDatetime?: string
   filterAfterDatetime?: string
   filterParticipantScope?: 'internal' | 'external'
diff --git a/apps/sim/tools/index.ts b/apps/sim/tools/index.ts
index f92f451807..5d91854c74 100644
--- a/apps/sim/tools/index.ts
+++ b/apps/sim/tools/index.ts
@@ -253,9 +253,8 @@ export async function executeTool(
       try {
         const baseUrl = getBaseUrl()
 
-        // Prepare the token payload
         const tokenPayload: OAuthTokenPayload = {
-          credentialId: contextParams.credential,
+          credentialId: contextParams.credential as string,
         }
 
         // Add workflowId if it exists in params, context, or executionContext
diff --git a/apps/sim/tools/linear/create_project_label.ts b/apps/sim/tools/linear/create_project_label.ts
index b074b3133d..35cb27a52e 100644
--- a/apps/sim/tools/linear/create_project_label.ts
+++ b/apps/sim/tools/linear/create_project_label.ts
@@ -19,12 +19,6 @@ export const linearCreateProjectLabelTool: ToolConfig<
   },
 
   params: {
-    projectId: {
-      type: 'string',
-      required: true,
-      visibility: 'user-only',
-      description: 'The project for this label',
-    },
     name: {
       type: 'string',
       required: true,
@@ -71,7 +65,6 @@ export const linearCreateProjectLabelTool: ToolConfig<
     },
     body: (params) => {
       const input: Record<string, any> = {
-        projectId: params.projectId,
         name: params.name,
       }
 
diff --git a/apps/sim/tools/linear/create_project_link.ts b/apps/sim/tools/linear/create_project_link.ts
deleted file mode 100644
index 00032b4283..0000000000
--- a/apps/sim/tools/linear/create_project_link.ts
+++ /dev/null
@@ -1,123 +0,0 @@
-import type {
-  LinearCreateProjectLinkParams,
-  LinearCreateProjectLinkResponse,
-} from '@/tools/linear/types'
-import type { ToolConfig } from '@/tools/types'
-
-export const linearCreateProjectLinkTool: ToolConfig<
-  LinearCreateProjectLinkParams,
-  LinearCreateProjectLinkResponse
-> = {
-  id: 'linear_create_project_link',
-  name: 'Linear Create Project Link',
-  description: 'Add an external link to a project in Linear',
-  version: '1.0.0',
-
-  oauth: {
-    required: true,
-    provider: 'linear',
-  },
-
-  params: {
-    projectId: {
-      type: 'string',
-      required: true,
-      visibility: 'user-or-llm',
-      description: 'Project ID to add link to',
-    },
-    url: {
-      type: 'string',
-      required: true,
-      visibility: 'user-or-llm',
-      description: 'URL of the external link',
-    },
-    label: {
-      type: 'string',
-      required: false,
-      visibility: 'user-or-llm',
-      description: 'Link label/title',
-    },
-  },
-
-  request: {
-    url: 'https://api.linear.app/graphql',
-    method: 'POST',
-    headers: (params) => {
-      if (!params.accessToken) {
-        throw new Error('Missing access token for Linear API request')
-      }
-      return {
-        'Content-Type': 'application/json',
-        Authorization: `Bearer ${params.accessToken}`,
-      }
-    },
-    body: (params) => {
-      const input: Record<string, any> = {
-        projectId: params.projectId,
-        url: params.url,
-      }
-
-      if (params.label != null && params.label !== '') input.label = params.label
-
-      return {
-        query: `
-          mutation CreateProjectLink($input: ProjectLinkCreateInput!) {
-            projectLinkCreate(input: $input) {
-              success
-              projectLink {
-                id
-                url
-                label
-                createdAt
-              }
-            }
-          }
-        `,
-        variables: {
-          input,
-        },
-      }
-    },
-  },
-
-  transformResponse: async (response) => {
-    const data = await response.json()
-
-    if (data.errors) {
-      return {
-        success: false,
-        error: data.errors[0]?.message || 'Failed to create project link',
-        output: {},
-      }
-    }
-
-    const result = data.data.projectLinkCreate
-    if (!result.success) {
-      return {
-        success: false,
-        error: 'Project link creation was not successful',
-        output: {},
-      }
-    }
-
-    return {
-      success: true,
-      output: {
-        link: result.projectLink,
-      },
-    }
-  },
-
-  outputs: {
-    link: {
-      type: 'object',
-      description: 'The created project link',
-      properties: {
-        id: { type: 'string', description: 'Link ID' },
-        url: { type: 'string', description: 'Link URL' },
-        label: { type: 'string', description: 'Link label' },
-        createdAt: { type: 'string', description: 'Creation timestamp' },
-      },
-    },
-  },
-}
diff --git a/apps/sim/tools/linear/create_project_status.ts b/apps/sim/tools/linear/create_project_status.ts
index 709f16cf7d..0e782422a1 100644
--- a/apps/sim/tools/linear/create_project_status.ts
+++ b/apps/sim/tools/linear/create_project_status.ts
@@ -19,17 +19,18 @@ export const linearCreateProjectStatusTool: ToolConfig<
   },
 
   params: {
-    projectId: {
+    name: {
       type: 'string',
       required: true,
-      visibility: 'user-only',
-      description: 'The project to create the status for',
+      visibility: 'user-or-llm',
+      description: 'Project status name',
     },
-    name: {
+    type: {
       type: 'string',
       required: true,
       visibility: 'user-or-llm',
-      description: 'Project status name',
+      description:
+        'Status type: "backlog", "planned", "started", "paused", "completed", or "canceled"',
     },
     color: {
       type: 'string',
@@ -37,6 +38,12 @@ export const linearCreateProjectStatusTool: ToolConfig<
       visibility: 'user-or-llm',
       description: 'Status color (hex code)',
     },
+    position: {
+      type: 'number',
+      required: true,
+      visibility: 'user-or-llm',
+      description: 'Position in status list (e.g. 0, 1, 2...)',
+    },
     description: {
       type: 'string',
       required: false,
@@ -49,12 +56,6 @@ export const linearCreateProjectStatusTool: ToolConfig<
       visibility: 'user-or-llm',
       description: 'Whether the status is indefinite',
     },
-    position: {
-      type: 'number',
-      required: false,
-      visibility: 'user-or-llm',
-      description: 'Position in status list',
-    },
   },
 
   request: {
@@ -71,9 +72,10 @@ export const linearCreateProjectStatusTool: ToolConfig<
     },
     body: (params) => {
       const input: Record<string, any> = {
-        projectId: params.projectId,
         name: params.name,
+        type: params.type,
         color: params.color,
+        position: params.position,
       }
 
       if (params.description != null && params.description !== '') {
@@ -82,9 +84,6 @@ export const linearCreateProjectStatusTool: ToolConfig<
       if (params.indefinite != null) {
         input.indefinite = params.indefinite
       }
-      if (params.position != null) {
-        input.position = params.position
-      }
 
       return {
         query: `
diff --git a/apps/sim/tools/linear/index.ts b/apps/sim/tools/linear/index.ts
index ed0adfdf80..ab7cfaaac3 100644
--- a/apps/sim/tools/linear/index.ts
+++ b/apps/sim/tools/linear/index.ts
@@ -16,7 +16,6 @@ import { linearCreateIssueRelationTool } from '@/tools/linear/create_issue_relat
 import { linearCreateLabelTool } from '@/tools/linear/create_label'
 import { linearCreateProjectTool } from '@/tools/linear/create_project'
 import { linearCreateProjectLabelTool } from '@/tools/linear/create_project_label'
-import { linearCreateProjectLinkTool } from '@/tools/linear/create_project_link'
 import { linearCreateProjectMilestoneTool } from '@/tools/linear/create_project_milestone'
 import { linearCreateProjectStatusTool } from '@/tools/linear/create_project_status'
 import { linearCreateProjectUpdateTool } from '@/tools/linear/create_project_update'
@@ -138,7 +137,6 @@ export {
   linearListFavoritesTool,
   linearCreateProjectUpdateTool,
   linearListProjectUpdatesTool,
-  linearCreateProjectLinkTool,
   linearListNotificationsTool,
   linearUpdateNotificationTool,
   linearCreateCustomerTool,
diff --git a/apps/sim/tools/linear/types.ts b/apps/sim/tools/linear/types.ts
index de57c0ffff..b29e3187d4 100644
--- a/apps/sim/tools/linear/types.ts
+++ b/apps/sim/tools/linear/types.ts
@@ -454,13 +454,6 @@ export interface LinearListProjectUpdatesParams {
   accessToken?: string
 }
 
-export interface LinearCreateProjectLinkParams {
-  projectId: string
-  url: string
-  label?: string
-  accessToken?: string
-}
-
 export interface LinearListNotificationsParams {
   first?: number
   after?: string
@@ -843,19 +836,6 @@ export interface LinearListProjectUpdatesResponse extends ToolResponse {
   }
 }
 
-export interface LinearProjectLink {
-  id: string
-  url: string
-  label: string
-  createdAt: string
-}
-
-export interface LinearCreateProjectLinkResponse extends ToolResponse {
-  output: {
-    link?: LinearProjectLink
-  }
-}
-
 export interface LinearNotification {
   id: string
   type: string
@@ -1205,7 +1185,6 @@ export interface LinearProjectLabel {
 }
 
 export interface LinearCreateProjectLabelParams {
-  projectId: string
   name: string
   color?: string
   description?: string
@@ -1358,12 +1337,12 @@ export interface LinearProjectStatus {
 }
 
 export interface LinearCreateProjectStatusParams {
-  projectId: string
   name: string
+  type: 'backlog' | 'planned' | 'started' | 'paused' | 'completed' | 'canceled'
   color: string
+  position: number
   description?: string
   indefinite?: boolean
-  position?: number
   accessToken?: string
 }
 
@@ -1468,7 +1447,6 @@ export type LinearResponse =
   | LinearListFavoritesResponse
   | LinearCreateProjectUpdateResponse
   | LinearListProjectUpdatesResponse
-  | LinearCreateProjectLinkResponse
   | LinearListNotificationsResponse
   | LinearUpdateNotificationResponse
   | LinearCreateCustomerResponse
diff --git a/apps/sim/tools/llm/chat.ts b/apps/sim/tools/llm/chat.ts
index a6863dafb5..ac45f63ef4 100644
--- a/apps/sim/tools/llm/chat.ts
+++ b/apps/sim/tools/llm/chat.ts
@@ -16,6 +16,9 @@ interface LLMChatParams {
   vertexProject?: string
   vertexLocation?: string
   vertexCredential?: string
+  bedrockAccessKeyId?: string
+  bedrockSecretKey?: string
+  bedrockRegion?: string
 }
 
 interface LLMChatResponse extends ToolResponse {
@@ -98,6 +101,24 @@ export const llmChatTool: ToolConfig<LLMChatParams, LLMChatResponse> = {
       visibility: 'hidden',
       description: 'Google Cloud OAuth credential ID for Vertex AI',
     },
+    bedrockAccessKeyId: {
+      type: 'string',
+      required: false,
+      visibility: 'hidden',
+      description: 'AWS Access Key ID for Bedrock',
+    },
+    bedrockSecretKey: {
+      type: 'string',
+      required: false,
+      visibility: 'hidden',
+      description: 'AWS Secret Access Key for Bedrock',
+    },
+    bedrockRegion: {
+      type: 'string',
+      required: false,
+      visibility: 'hidden',
+      description: 'AWS region for Bedrock (defaults to us-east-1)',
+    },
   },
 
   request: {
@@ -122,6 +143,9 @@ export const llmChatTool: ToolConfig<LLMChatParams, LLMChatResponse> = {
         vertexProject: params.vertexProject,
         vertexLocation: params.vertexLocation,
         vertexCredential: params.vertexCredential,
+        bedrockAccessKeyId: params.bedrockAccessKeyId,
+        bedrockSecretKey: params.bedrockSecretKey,
+        bedrockRegion: params.bedrockRegion,
       }
     },
   },
diff --git a/apps/sim/tools/registry.ts b/apps/sim/tools/registry.ts
index 157325374b..6d8cb9ec2a 100644
--- a/apps/sim/tools/registry.ts
+++ b/apps/sim/tools/registry.ts
@@ -567,7 +567,6 @@ import {
   linearCreateIssueTool,
   linearCreateLabelTool,
   linearCreateProjectLabelTool,
-  linearCreateProjectLinkTool,
   linearCreateProjectMilestoneTool,
   linearCreateProjectStatusTool,
   linearCreateProjectTool,
@@ -2187,7 +2186,6 @@ export const tools: Record<string, ToolConfig> = {
   linear_list_favorites: linearListFavoritesTool,
   linear_create_project_update: linearCreateProjectUpdateTool,
   linear_list_project_updates: linearListProjectUpdatesTool,
-  linear_create_project_link: linearCreateProjectLinkTool,
   linear_list_notifications: linearListNotificationsTool,
   linear_update_notification: linearUpdateNotificationTool,
   linear_create_customer: linearCreateCustomerTool,
diff --git a/apps/sim/tools/types.ts b/apps/sim/tools/types.ts
index 36f7cf366a..44071a2001 100644
--- a/apps/sim/tools/types.ts
+++ b/apps/sim/tools/types.ts
@@ -122,7 +122,9 @@ export interface TableRow {
 }
 
 export interface OAuthTokenPayload {
-  credentialId: string
+  credentialId?: string
+  credentialAccountUserId?: string
+  providerId?: string
   workflowId?: string
 }
 
diff --git a/apps/sim/triggers/gmail/poller.ts b/apps/sim/triggers/gmail/poller.ts
index 54f0e297d9..ee8a8c9471 100644
--- a/apps/sim/triggers/gmail/poller.ts
+++ b/apps/sim/triggers/gmail/poller.ts
@@ -1,10 +1,28 @@
 import { createLogger } from '@sim/logger'
 import { GmailIcon } from '@/components/icons'
+import { isCredentialSetValue } from '@/executor/constants'
 import { useSubBlockStore } from '@/stores/workflows/subblock/store'
 import type { TriggerConfig } from '@/triggers/types'
 
 const logger = createLogger('GmailPollingTrigger')
 
+// Gmail system labels that exist for all accounts (used as defaults for credential sets)
+const GMAIL_SYSTEM_LABELS = [
+  { id: 'INBOX', label: 'Inbox' },
+  { id: 'SENT', label: 'Sent' },
+  { id: 'DRAFT', label: 'Drafts' },
+  { id: 'SPAM', label: 'Spam' },
+  { id: 'TRASH', label: 'Trash' },
+  { id: 'STARRED', label: 'Starred' },
+  { id: 'IMPORTANT', label: 'Important' },
+  { id: 'UNREAD', label: 'Unread' },
+  { id: 'CATEGORY_PERSONAL', label: 'Category: Personal' },
+  { id: 'CATEGORY_SOCIAL', label: 'Category: Social' },
+  { id: 'CATEGORY_PROMOTIONS', label: 'Category: Promotions' },
+  { id: 'CATEGORY_UPDATES', label: 'Category: Updates' },
+  { id: 'CATEGORY_FORUMS', label: 'Category: Forums' },
+]
+
 export const gmailPollingTrigger: TriggerConfig = {
   id: 'gmail_poller',
   name: 'Gmail Email Trigger',
@@ -23,6 +41,7 @@ export const gmailPollingTrigger: TriggerConfig = {
       requiredScopes: [],
       required: true,
       mode: 'trigger',
+      supportsCredentialSets: true,
     },
     {
       id: 'labelIds',
@@ -41,6 +60,10 @@ export const gmailPollingTrigger: TriggerConfig = {
           // Return a sentinel to prevent infinite retry loops when credential is missing
           throw new Error('No Gmail credential selected')
         }
+        // Return default system labels for credential sets (can't fetch user-specific labels for a pool)
+        if (isCredentialSetValue(credentialId)) {
+          return GMAIL_SYSTEM_LABELS
+        }
         try {
           const response = await fetch(`/api/tools/gmail/labels?credentialId=${credentialId}`)
           if (!response.ok) {
diff --git a/apps/sim/triggers/outlook/poller.ts b/apps/sim/triggers/outlook/poller.ts
index e298fdb53d..9f3d9b09b1 100644
--- a/apps/sim/triggers/outlook/poller.ts
+++ b/apps/sim/triggers/outlook/poller.ts
@@ -1,10 +1,22 @@
 import { createLogger } from '@sim/logger'
 import { OutlookIcon } from '@/components/icons'
+import { isCredentialSetValue } from '@/executor/constants'
 import { useSubBlockStore } from '@/stores/workflows/subblock/store'
 import type { TriggerConfig } from '@/triggers/types'
 
 const logger = createLogger('OutlookPollingTrigger')
 
+// Outlook well-known folders that exist for all accounts (used as defaults for credential sets)
+const OUTLOOK_SYSTEM_FOLDERS = [
+  { id: 'inbox', label: 'Inbox' },
+  { id: 'drafts', label: 'Drafts' },
+  { id: 'sentitems', label: 'Sent Items' },
+  { id: 'deleteditems', label: 'Deleted Items' },
+  { id: 'junkemail', label: 'Junk Email' },
+  { id: 'archive', label: 'Archive' },
+  { id: 'outbox', label: 'Outbox' },
+]
+
 export const outlookPollingTrigger: TriggerConfig = {
   id: 'outlook_poller',
   name: 'Outlook Email Trigger',
@@ -23,6 +35,7 @@ export const outlookPollingTrigger: TriggerConfig = {
       requiredScopes: [],
       required: true,
       mode: 'trigger',
+      supportsCredentialSets: true,
     },
     {
       id: 'folderIds',
@@ -40,6 +53,10 @@ export const outlookPollingTrigger: TriggerConfig = {
         if (!credentialId) {
           throw new Error('No Outlook credential selected')
         }
+        // Return default system folders for credential sets (can't fetch user-specific folders for a pool)
+        if (isCredentialSetValue(credentialId)) {
+          return OUTLOOK_SYSTEM_FOLDERS
+        }
         try {
           const response = await fetch(`/api/tools/outlook/folders?credentialId=${credentialId}`)
           if (!response.ok) {
diff --git a/bun.lock b/bun.lock
index d62ed31d02..47bad97dd4 100644
--- a/bun.lock
+++ b/bun.lock
@@ -1,6 +1,5 @@
 {
   "lockfileVersion": 1,
-  "configVersion": 0,
   "workspaces": {
     "": {
       "name": "simstudio",
@@ -54,6 +53,7 @@
       "version": "0.1.0",
       "dependencies": {
         "@anthropic-ai/sdk": "^0.39.0",
+        "@aws-sdk/client-bedrock-runtime": "3.940.0",
         "@aws-sdk/client-dynamodb": "3.940.0",
         "@aws-sdk/client-rds-data": "3.940.0",
         "@aws-sdk/client-s3": "^3.779.0",
@@ -378,6 +378,8 @@
 
     "@aws-crypto/util": ["@aws-crypto/util@5.2.0", "", { "dependencies": { "@aws-sdk/types": "^3.222.0", "@smithy/util-utf8": "^2.0.0", "tslib": "^2.6.2" } }, "sha512-4RkU9EsI6ZpBve5fseQlGNUWKMa1RLPQ1dnjnQoe07ldfIzcsGb5hC5W0Dm7u423KWzawlrpbjXBrXCEv9zazQ=="],
 
+    "@aws-sdk/client-bedrock-runtime": ["@aws-sdk/client-bedrock-runtime@3.940.0", "", { "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", "@aws-sdk/core": "3.940.0", "@aws-sdk/credential-provider-node": "3.940.0", "@aws-sdk/eventstream-handler-node": "3.936.0", "@aws-sdk/middleware-eventstream": "3.936.0", "@aws-sdk/middleware-host-header": "3.936.0", "@aws-sdk/middleware-logger": "3.936.0", "@aws-sdk/middleware-recursion-detection": "3.936.0", "@aws-sdk/middleware-user-agent": "3.940.0", "@aws-sdk/middleware-websocket": "3.936.0", "@aws-sdk/region-config-resolver": "3.936.0", "@aws-sdk/token-providers": "3.940.0", "@aws-sdk/types": "3.936.0", "@aws-sdk/util-endpoints": "3.936.0", "@aws-sdk/util-user-agent-browser": "3.936.0", "@aws-sdk/util-user-agent-node": "3.940.0", "@smithy/config-resolver": "^4.4.3", "@smithy/core": "^3.18.5", "@smithy/eventstream-serde-browser": "^4.2.5", "@smithy/eventstream-serde-config-resolver": "^4.3.5", "@smithy/eventstream-serde-node": "^4.2.5", "@smithy/fetch-http-handler": "^5.3.6", "@smithy/hash-node": "^4.2.5", "@smithy/invalid-dependency": "^4.2.5", "@smithy/middleware-content-length": "^4.2.5", "@smithy/middleware-endpoint": "^4.3.12", "@smithy/middleware-retry": "^4.4.12", "@smithy/middleware-serde": "^4.2.6", "@smithy/middleware-stack": "^4.2.5", "@smithy/node-config-provider": "^4.3.5", "@smithy/node-http-handler": "^4.4.5", "@smithy/protocol-http": "^5.3.5", "@smithy/smithy-client": "^4.9.8", "@smithy/types": "^4.9.0", "@smithy/url-parser": "^4.2.5", "@smithy/util-base64": "^4.3.0", "@smithy/util-body-length-browser": "^4.2.0", "@smithy/util-body-length-node": "^4.2.1", "@smithy/util-defaults-mode-browser": "^4.3.11", "@smithy/util-defaults-mode-node": "^4.2.14", "@smithy/util-endpoints": "^3.2.5", "@smithy/util-middleware": "^4.2.5", "@smithy/util-retry": "^4.2.5", "@smithy/util-stream": "^4.5.6", "@smithy/util-utf8": "^4.2.0", "tslib": "^2.6.2" } }, "sha512-Gs6UUQP1zt8vahOxJ3BADcb3B+2KldUNA3bKa+KdK58de7N7tLJFJfZuXhFGGtwyNPh1aw6phtdP6dauq3OLWA=="],
+
     "@aws-sdk/client-dynamodb": ["@aws-sdk/client-dynamodb@3.940.0", "", { "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", "@aws-sdk/core": "3.940.0", "@aws-sdk/credential-provider-node": "3.940.0", "@aws-sdk/middleware-endpoint-discovery": "3.936.0", "@aws-sdk/middleware-host-header": "3.936.0", "@aws-sdk/middleware-logger": "3.936.0", "@aws-sdk/middleware-recursion-detection": "3.936.0", "@aws-sdk/middleware-user-agent": "3.940.0", "@aws-sdk/region-config-resolver": "3.936.0", "@aws-sdk/types": "3.936.0", "@aws-sdk/util-endpoints": "3.936.0", "@aws-sdk/util-user-agent-browser": "3.936.0", "@aws-sdk/util-user-agent-node": "3.940.0", "@smithy/config-resolver": "^4.4.3", "@smithy/core": "^3.18.5", "@smithy/fetch-http-handler": "^5.3.6", "@smithy/hash-node": "^4.2.5", "@smithy/invalid-dependency": "^4.2.5", "@smithy/middleware-content-length": "^4.2.5", "@smithy/middleware-endpoint": "^4.3.12", "@smithy/middleware-retry": "^4.4.12", "@smithy/middleware-serde": "^4.2.6", "@smithy/middleware-stack": "^4.2.5", "@smithy/node-config-provider": "^4.3.5", "@smithy/node-http-handler": "^4.4.5", "@smithy/protocol-http": "^5.3.5", "@smithy/smithy-client": "^4.9.8", "@smithy/types": "^4.9.0", "@smithy/url-parser": "^4.2.5", "@smithy/util-base64": "^4.3.0", "@smithy/util-body-length-browser": "^4.2.0", "@smithy/util-body-length-node": "^4.2.1", "@smithy/util-defaults-mode-browser": "^4.3.11", "@smithy/util-defaults-mode-node": "^4.2.14", "@smithy/util-endpoints": "^3.2.5", "@smithy/util-middleware": "^4.2.5", "@smithy/util-retry": "^4.2.5", "@smithy/util-utf8": "^4.2.0", "@smithy/util-waiter": "^4.2.5", "tslib": "^2.6.2" } }, "sha512-u2sXsNJazJbuHeWICvsj6RvNyJh3isedEfPvB21jK/kxcriK+dE/izlKC2cyxUjERCmku0zTFNzY9FhrLbYHjQ=="],
 
     "@aws-sdk/client-rds-data": ["@aws-sdk/client-rds-data@3.940.0", "", { "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", "@aws-sdk/core": "3.940.0", "@aws-sdk/credential-provider-node": "3.940.0", "@aws-sdk/middleware-host-header": "3.936.0", "@aws-sdk/middleware-logger": "3.936.0", "@aws-sdk/middleware-recursion-detection": "3.936.0", "@aws-sdk/middleware-user-agent": "3.940.0", "@aws-sdk/region-config-resolver": "3.936.0", "@aws-sdk/types": "3.936.0", "@aws-sdk/util-endpoints": "3.936.0", "@aws-sdk/util-user-agent-browser": "3.936.0", "@aws-sdk/util-user-agent-node": "3.940.0", "@smithy/config-resolver": "^4.4.3", "@smithy/core": "^3.18.5", "@smithy/fetch-http-handler": "^5.3.6", "@smithy/hash-node": "^4.2.5", "@smithy/invalid-dependency": "^4.2.5", "@smithy/middleware-content-length": "^4.2.5", "@smithy/middleware-endpoint": "^4.3.12", "@smithy/middleware-retry": "^4.4.12", "@smithy/middleware-serde": "^4.2.6", "@smithy/middleware-stack": "^4.2.5", "@smithy/node-config-provider": "^4.3.5", "@smithy/node-http-handler": "^4.4.5", "@smithy/protocol-http": "^5.3.5", "@smithy/smithy-client": "^4.9.8", "@smithy/types": "^4.9.0", "@smithy/url-parser": "^4.2.5", "@smithy/util-base64": "^4.3.0", "@smithy/util-body-length-browser": "^4.2.0", "@smithy/util-body-length-node": "^4.2.1", "@smithy/util-defaults-mode-browser": "^4.3.11", "@smithy/util-defaults-mode-node": "^4.2.14", "@smithy/util-endpoints": "^3.2.5", "@smithy/util-middleware": "^4.2.5", "@smithy/util-retry": "^4.2.5", "@smithy/util-utf8": "^4.2.0", "tslib": "^2.6.2" } }, "sha512-68NH61MvS48CVPfzBNCPdCG4KnNjM+Uj/3DSw7rT9PJvdML9ARS4M2Uqco9POPw+Aj20KBumsEUd6FMVcYBXAA=="],
@@ -412,12 +414,16 @@
 
     "@aws-sdk/endpoint-cache": ["@aws-sdk/endpoint-cache@3.893.0", "", { "dependencies": { "mnemonist": "0.38.3", "tslib": "^2.6.2" } }, "sha512-KSwTfyLZyNLszz5f/yoLC+LC+CRKpeJii/+zVAy7JUOQsKhSykiRUPYUx7o2Sdc4oJfqqUl26A/jSttKYnYtAA=="],
 
+    "@aws-sdk/eventstream-handler-node": ["@aws-sdk/eventstream-handler-node@3.936.0", "", { "dependencies": { "@aws-sdk/types": "3.936.0", "@smithy/eventstream-codec": "^4.2.5", "@smithy/types": "^4.9.0", "tslib": "^2.6.2" } }, "sha512-4zIbhdRmol2KosIHmU31ATvNP0tkJhDlRj9GuawVJoEnMvJA1pd2U3SRdiOImJU3j8pT46VeS4YMmYxfjGHByg=="],
+
     "@aws-sdk/lib-dynamodb": ["@aws-sdk/lib-dynamodb@3.940.0", "", { "dependencies": { "@aws-sdk/core": "3.940.0", "@aws-sdk/util-dynamodb": "3.940.0", "@smithy/core": "^3.18.5", "@smithy/smithy-client": "^4.9.8", "@smithy/types": "^4.9.0", "tslib": "^2.6.2" }, "peerDependencies": { "@aws-sdk/client-dynamodb": "^3.940.0" } }, "sha512-5ApYAix2wvJuMszj1lrpg8lm4ipoZMFO8crxtzsdAvxM8TV5bKSRQQ2GA3CMIODrBuSzpXvWueHHrfkx05ZAQw=="],
 
     "@aws-sdk/middleware-bucket-endpoint": ["@aws-sdk/middleware-bucket-endpoint@3.957.0", "", { "dependencies": { "@aws-sdk/types": "3.957.0", "@aws-sdk/util-arn-parser": "3.957.0", "@smithy/node-config-provider": "^4.3.7", "@smithy/protocol-http": "^5.3.7", "@smithy/types": "^4.11.0", "@smithy/util-config-provider": "^4.2.0", "tslib": "^2.6.2" } }, "sha512-iczcn/QRIBSpvsdAS/rbzmoBpleX1JBjXvCynMbDceVLBIcVrwT1hXECrhtIC2cjh4HaLo9ClAbiOiWuqt+6MA=="],
 
     "@aws-sdk/middleware-endpoint-discovery": ["@aws-sdk/middleware-endpoint-discovery@3.936.0", "", { "dependencies": { "@aws-sdk/endpoint-cache": "3.893.0", "@aws-sdk/types": "3.936.0", "@smithy/node-config-provider": "^4.3.5", "@smithy/protocol-http": "^5.3.5", "@smithy/types": "^4.9.0", "tslib": "^2.6.2" } }, "sha512-wNJZ8PDw0eQK2x4z1q8JqiDvw9l9xd36EoklVT2CIBt8FnqGdrMGjAx93RRbH3G6Fmvwoe+D3VJXbWHBlhD0Bw=="],
 
+    "@aws-sdk/middleware-eventstream": ["@aws-sdk/middleware-eventstream@3.936.0", "", { "dependencies": { "@aws-sdk/types": "3.936.0", "@smithy/protocol-http": "^5.3.5", "@smithy/types": "^4.9.0", "tslib": "^2.6.2" } }, "sha512-XQSH8gzLkk8CDUDxyt4Rdm9owTpRIPdtg2yw9Y2Wl5iSI55YQSiC3x8nM3c4Y4WqReJprunFPK225ZUDoYCfZA=="],
+
     "@aws-sdk/middleware-expect-continue": ["@aws-sdk/middleware-expect-continue@3.957.0", "", { "dependencies": { "@aws-sdk/types": "3.957.0", "@smithy/protocol-http": "^5.3.7", "@smithy/types": "^4.11.0", "tslib": "^2.6.2" } }, "sha512-AlbK3OeVNwZZil0wlClgeI/ISlOt/SPUxBsIns876IFaVu/Pj3DgImnYhpcJuFRek4r4XM51xzIaGQXM6GDHGg=="],
 
     "@aws-sdk/middleware-flexible-checksums": ["@aws-sdk/middleware-flexible-checksums@3.957.0", "", { "dependencies": { "@aws-crypto/crc32": "5.2.0", "@aws-crypto/crc32c": "5.2.0", "@aws-crypto/util": "5.2.0", "@aws-sdk/core": "3.957.0", "@aws-sdk/crc64-nvme": "3.957.0", "@aws-sdk/types": "3.957.0", "@smithy/is-array-buffer": "^4.2.0", "@smithy/node-config-provider": "^4.3.7", "@smithy/protocol-http": "^5.3.7", "@smithy/types": "^4.11.0", "@smithy/util-middleware": "^4.2.7", "@smithy/util-stream": "^4.5.8", "@smithy/util-utf8": "^4.2.0", "tslib": "^2.6.2" } }, "sha512-iJpeVR5V8se1hl2pt+k8bF/e9JO4KWgPCMjg8BtRspNtKIUGy7j6msYvbDixaKZaF2Veg9+HoYcOhwnZumjXSA=="],
@@ -438,6 +444,8 @@
 
     "@aws-sdk/middleware-user-agent": ["@aws-sdk/middleware-user-agent@3.940.0", "", { "dependencies": { "@aws-sdk/core": "3.940.0", "@aws-sdk/types": "3.936.0", "@aws-sdk/util-endpoints": "3.936.0", "@smithy/core": "^3.18.5", "@smithy/protocol-http": "^5.3.5", "@smithy/types": "^4.9.0", "tslib": "^2.6.2" } }, "sha512-nJbLrUj6fY+l2W2rIB9P4Qvpiy0tnTdg/dmixRxrU1z3e8wBdspJlyE+AZN4fuVbeL6rrRrO/zxQC1bB3cw5IA=="],
 
+    "@aws-sdk/middleware-websocket": ["@aws-sdk/middleware-websocket@3.936.0", "", { "dependencies": { "@aws-sdk/types": "3.936.0", "@aws-sdk/util-format-url": "3.936.0", "@smithy/eventstream-codec": "^4.2.5", "@smithy/eventstream-serde-browser": "^4.2.5", "@smithy/fetch-http-handler": "^5.3.6", "@smithy/protocol-http": "^5.3.5", "@smithy/signature-v4": "^5.3.5", "@smithy/types": "^4.9.0", "@smithy/util-hex-encoding": "^4.2.0", "tslib": "^2.6.2" } }, "sha512-bPe3rqeugyj/MmjP0yBSZox2v1Wa8Dv39KN+RxVbQroLO8VUitBo6xyZ0oZebhZ5sASwSg58aDcMlX0uFLQnTA=="],
+
     "@aws-sdk/nested-clients": ["@aws-sdk/nested-clients@3.940.0", "", { "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", "@aws-sdk/core": "3.940.0", "@aws-sdk/middleware-host-header": "3.936.0", "@aws-sdk/middleware-logger": "3.936.0", "@aws-sdk/middleware-recursion-detection": "3.936.0", "@aws-sdk/middleware-user-agent": "3.940.0", "@aws-sdk/region-config-resolver": "3.936.0", "@aws-sdk/types": "3.936.0", "@aws-sdk/util-endpoints": "3.936.0", "@aws-sdk/util-user-agent-browser": "3.936.0", "@aws-sdk/util-user-agent-node": "3.940.0", "@smithy/config-resolver": "^4.4.3", "@smithy/core": "^3.18.5", "@smithy/fetch-http-handler": "^5.3.6", "@smithy/hash-node": "^4.2.5", "@smithy/invalid-dependency": "^4.2.5", "@smithy/middleware-content-length": "^4.2.5", "@smithy/middleware-endpoint": "^4.3.12", "@smithy/middleware-retry": "^4.4.12", "@smithy/middleware-serde": "^4.2.6", "@smithy/middleware-stack": "^4.2.5", "@smithy/node-config-provider": "^4.3.5", "@smithy/node-http-handler": "^4.4.5", "@smithy/protocol-http": "^5.3.5", "@smithy/smithy-client": "^4.9.8", "@smithy/types": "^4.9.0", "@smithy/url-parser": "^4.2.5", "@smithy/util-base64": "^4.3.0", "@smithy/util-body-length-browser": "^4.2.0", "@smithy/util-body-length-node": "^4.2.1", "@smithy/util-defaults-mode-browser": "^4.3.11", "@smithy/util-defaults-mode-node": "^4.2.14", "@smithy/util-endpoints": "^3.2.5", "@smithy/util-middleware": "^4.2.5", "@smithy/util-retry": "^4.2.5", "@smithy/util-utf8": "^4.2.0", "tslib": "^2.6.2" } }, "sha512-x0mdv6DkjXqXEcQj3URbCltEzW6hoy/1uIL+i8gExP6YKrnhiZ7SzuB4gPls2UOpK5UqLiqXjhRLfBb1C9i4Dw=="],
 
     "@aws-sdk/region-config-resolver": ["@aws-sdk/region-config-resolver@3.936.0", "", { "dependencies": { "@aws-sdk/types": "3.936.0", "@smithy/config-resolver": "^4.4.3", "@smithy/node-config-provider": "^4.3.5", "@smithy/types": "^4.9.0", "tslib": "^2.6.2" } }, "sha512-wOKhzzWsshXGduxO4pqSiNyL9oUtk4BEvjWm9aaq6Hmfdoydq6v6t0rAGHWPjFwy9z2haovGRi3C8IxdMB4muw=="],
@@ -3650,6 +3658,8 @@
 
     "@aws-sdk/middleware-ssec/@aws-sdk/types": ["@aws-sdk/types@3.957.0", "", { "dependencies": { "@smithy/types": "^4.11.0", "tslib": "^2.6.2" } }, "sha512-wzWC2Nrt859ABk6UCAVY/WYEbAd7FjkdrQL6m24+tfmWYDNRByTJ9uOgU/kw9zqLCAwb//CPvrJdhqjTznWXAg=="],
 
+    "@aws-sdk/middleware-websocket/@aws-sdk/util-format-url": ["@aws-sdk/util-format-url@3.936.0", "", { "dependencies": { "@aws-sdk/types": "3.936.0", "@smithy/querystring-builder": "^4.2.5", "@smithy/types": "^4.9.0", "tslib": "^2.6.2" } }, "sha512-MS5eSEtDUFIAMHrJaMERiHAvDPdfxc/T869ZjDNFAIiZhyc037REw0aoTNeimNXDNy2txRNZJaAUn/kE4RwN+g=="],
+
     "@aws-sdk/s3-request-presigner/@aws-sdk/types": ["@aws-sdk/types@3.957.0", "", { "dependencies": { "@smithy/types": "^4.11.0", "tslib": "^2.6.2" } }, "sha512-wzWC2Nrt859ABk6UCAVY/WYEbAd7FjkdrQL6m24+tfmWYDNRByTJ9uOgU/kw9zqLCAwb//CPvrJdhqjTznWXAg=="],
 
     "@aws-sdk/signature-v4-multi-region/@aws-sdk/types": ["@aws-sdk/types@3.957.0", "", { "dependencies": { "@smithy/types": "^4.11.0", "tslib": "^2.6.2" } }, "sha512-wzWC2Nrt859ABk6UCAVY/WYEbAd7FjkdrQL6m24+tfmWYDNRByTJ9uOgU/kw9zqLCAwb//CPvrJdhqjTznWXAg=="],
diff --git a/helm/sim/README.md b/helm/sim/README.md
index fd6a452941..0c33120539 100644
--- a/helm/sim/README.md
+++ b/helm/sim/README.md
@@ -39,6 +39,8 @@ The chart includes several pre-configured values files for different scenarios:
 | `values-azure.yaml` | Azure AKS optimized | Azure Kubernetes Service |
 | `values-aws.yaml` | AWS EKS optimized | Amazon Elastic Kubernetes Service |
 | `values-gcp.yaml` | GCP GKE optimized | Google Kubernetes Engine |
+| `values-external-secrets.yaml` | External Secrets Operator integration | Using Azure Key Vault, AWS Secrets Manager, Vault |
+| `values-existing-secret.yaml` | Pre-existing Kubernetes secrets | GitOps, Sealed Secrets, manual secret management |
 
 ### Development Environment
 
@@ -623,6 +625,111 @@ To uninstall/delete the release:
 helm uninstall sim
 ```
 
+## External Secret Management
+
+The chart supports integration with external secret management systems for production-grade secret handling. This enables you to store secrets in secure vaults and have them automatically synced to Kubernetes.
+
+### Option 1: External Secrets Operator (Recommended)
+
+[External Secrets Operator](https://external-secrets.io/) is the industry-standard solution for syncing secrets from external stores like Azure Key Vault, AWS Secrets Manager, HashiCorp Vault, and GCP Secret Manager.
+
+**Prerequisites:**
+```bash
+# Install External Secrets Operator
+helm repo add external-secrets https://charts.external-secrets.io
+helm install external-secrets external-secrets/external-secrets \
+  -n external-secrets --create-namespace
+```
+
+**Configuration:**
+```yaml
+externalSecrets:
+  enabled: true
+  refreshInterval: "1h"
+  secretStoreRef:
+    name: "my-secret-store"
+    kind: "ClusterSecretStore"
+  remoteRefs:
+    app:
+      BETTER_AUTH_SECRET: "sim/app/better-auth-secret"
+      ENCRYPTION_KEY: "sim/app/encryption-key"
+      INTERNAL_API_SECRET: "sim/app/internal-api-secret"
+    postgresql:
+      password: "sim/postgresql/password"
+```
+
+See `examples/values-external-secrets.yaml` for complete examples including SecretStore configurations for Azure, AWS, GCP, and Vault.
+
+### Option 2: Pre-Existing Kubernetes Secrets
+
+Reference secrets you've created manually, via GitOps (Sealed Secrets, SOPS), or through other automation.
+
+**Configuration:**
+```yaml
+app:
+  secrets:
+    existingSecret:
+      enabled: true
+      name: "my-app-secrets"
+
+postgresql:
+  auth:
+    existingSecret:
+      enabled: true
+      name: "my-postgresql-secret"
+      passwordKey: "POSTGRES_PASSWORD"
+
+externalDatabase:
+  existingSecret:
+    enabled: true
+    name: "my-external-db-secret"
+    passwordKey: "password"
+```
+
+**Create secrets manually:**
+```bash
+# Generate secure values
+BETTER_AUTH_SECRET=$(openssl rand -hex 32)
+ENCRYPTION_KEY=$(openssl rand -hex 32)
+INTERNAL_API_SECRET=$(openssl rand -hex 32)
+POSTGRES_PASSWORD=$(openssl rand -base64 16 | tr -d '/+=')
+
+# Create app secrets
+kubectl create secret generic my-app-secrets \
+  --namespace sim \
+  --from-literal=BETTER_AUTH_SECRET="$BETTER_AUTH_SECRET" \
+  --from-literal=ENCRYPTION_KEY="$ENCRYPTION_KEY" \
+  --from-literal=INTERNAL_API_SECRET="$INTERNAL_API_SECRET"
+
+# Create PostgreSQL secret
+kubectl create secret generic my-postgresql-secret \
+  --namespace sim \
+  --from-literal=POSTGRES_PASSWORD="$POSTGRES_PASSWORD"
+```
+
+See `examples/values-existing-secret.yaml` for more details.
+
+### External Secrets Parameters
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `app.secrets.existingSecret.enabled` | Use existing secret for app credentials | `false` |
+| `app.secrets.existingSecret.name` | Name of existing secret | `""` |
+| `app.secrets.existingSecret.keys` | Key name mappings | See values.yaml |
+| `postgresql.auth.existingSecret.enabled` | Use existing secret for PostgreSQL | `false` |
+| `postgresql.auth.existingSecret.name` | Name of existing secret | `""` |
+| `postgresql.auth.existingSecret.passwordKey` | Key containing password | `"POSTGRES_PASSWORD"` |
+| `externalDatabase.existingSecret.enabled` | Use existing secret for external DB | `false` |
+| `externalDatabase.existingSecret.name` | Name of existing secret | `""` |
+| `externalDatabase.existingSecret.passwordKey` | Key containing password | `"EXTERNAL_DB_PASSWORD"` |
+| `externalSecrets.enabled` | Enable External Secrets Operator integration | `false` |
+| `externalSecrets.refreshInterval` | How often to sync secrets | `"1h"` |
+| `externalSecrets.secretStoreRef.name` | Name of SecretStore/ClusterSecretStore | `""` |
+| `externalSecrets.secretStoreRef.kind` | Kind of store | `"ClusterSecretStore"` |
+| `externalSecrets.remoteRefs.app.*` | Remote paths for app secrets | See values.yaml |
+| `externalSecrets.remoteRefs.postgresql.password` | Remote path for PostgreSQL password | `""` |
+| `externalSecrets.remoteRefs.externalDatabase.password` | Remote path for external DB password | `""` |
+
 ## Security Considerations
 
 ### Production Secrets
diff --git a/helm/sim/examples/values-existing-secret.yaml b/helm/sim/examples/values-existing-secret.yaml
new file mode 100644
index 0000000000..4f686256cf
--- /dev/null
+++ b/helm/sim/examples/values-existing-secret.yaml
@@ -0,0 +1,54 @@
+# Using pre-existing Kubernetes secrets for Sim
+# For GitOps, Sealed Secrets, or manual secret management
+
+# Prerequisites:
+# Create your secrets before installing (see examples at bottom of file)
+
+app:
+  enabled: true
+  replicaCount: 2
+  secrets:
+    existingSecret:
+      enabled: true
+      name: "sim-app-secrets"
+  env:
+    NEXT_PUBLIC_APP_URL: "https://sim.example.com"
+    BETTER_AUTH_URL: "https://sim.example.com"
+    NEXT_PUBLIC_SOCKET_URL: "wss://sim-ws.example.com"
+    NODE_ENV: "production"
+
+realtime:
+  enabled: true
+  replicaCount: 2
+  env:
+    NEXT_PUBLIC_APP_URL: "https://sim.example.com"
+    BETTER_AUTH_URL: "https://sim.example.com"
+    NEXT_PUBLIC_SOCKET_URL: "wss://sim-ws.example.com"
+    ALLOWED_ORIGINS: "https://sim.example.com"
+    NODE_ENV: "production"
+
+postgresql:
+  enabled: true
+  auth:
+    username: postgres
+    database: sim
+    existingSecret:
+      enabled: true
+      name: "sim-postgresql-secret"
+      passwordKey: "POSTGRES_PASSWORD"
+
+# ---
+# Create secrets before installing:
+# ---
+
+# kubectl create secret generic sim-app-secrets \
+#   --namespace sim \
+#   --from-literal=BETTER_AUTH_SECRET="$(openssl rand -hex 32)" \
+#   --from-literal=ENCRYPTION_KEY="$(openssl rand -hex 32)" \
+#   --from-literal=INTERNAL_API_SECRET="$(openssl rand -hex 32)" \
+#   --from-literal=CRON_SECRET="$(openssl rand -hex 32)" \
+#   --from-literal=API_ENCRYPTION_KEY="$(openssl rand -hex 32)"
+
+# kubectl create secret generic sim-postgresql-secret \
+#   --namespace sim \
+#   --from-literal=POSTGRES_PASSWORD="$(openssl rand -base64 16 | tr -d '/+=')"
diff --git a/helm/sim/examples/values-external-secrets.yaml b/helm/sim/examples/values-external-secrets.yaml
new file mode 100644
index 0000000000..5aa36bc3ac
--- /dev/null
+++ b/helm/sim/examples/values-external-secrets.yaml
@@ -0,0 +1,94 @@
+# External Secrets Operator integration for Sim
+# Syncs secrets from Azure Key Vault, AWS Secrets Manager, HashiCorp Vault, etc.
+
+# Prerequisites:
+# 1. Install ESO: helm install external-secrets external-secrets/external-secrets -n external-secrets --create-namespace
+# 2. Create a SecretStore/ClusterSecretStore for your provider (see examples at bottom of file)
+
+externalSecrets:
+  enabled: true
+  apiVersion: "v1"
+  refreshInterval: "1h"
+  secretStoreRef:
+    name: "sim-secret-store"
+    kind: "ClusterSecretStore"
+  remoteRefs:
+    app:
+      BETTER_AUTH_SECRET: "sim/app/better-auth-secret"
+      ENCRYPTION_KEY: "sim/app/encryption-key"
+      INTERNAL_API_SECRET: "sim/app/internal-api-secret"
+      CRON_SECRET: "sim/app/cron-secret"
+      API_ENCRYPTION_KEY: "sim/app/api-encryption-key"
+    postgresql:
+      password: "sim/postgresql/password"
+
+app:
+  enabled: true
+  replicaCount: 2
+  env:
+    NEXT_PUBLIC_APP_URL: "https://sim.example.com"
+    BETTER_AUTH_URL: "https://sim.example.com"
+    NEXT_PUBLIC_SOCKET_URL: "wss://sim-ws.example.com"
+    NODE_ENV: "production"
+
+realtime:
+  enabled: true
+  replicaCount: 2
+  env:
+    NEXT_PUBLIC_APP_URL: "https://sim.example.com"
+    BETTER_AUTH_URL: "https://sim.example.com"
+    NEXT_PUBLIC_SOCKET_URL: "wss://sim-ws.example.com"
+    ALLOWED_ORIGINS: "https://sim.example.com"
+    NODE_ENV: "production"
+
+postgresql:
+  enabled: true
+  auth:
+    username: postgres
+    database: sim
+
+# ---
+# SecretStore Examples (apply one of these to your cluster before installing)
+# ---
+
+# Azure Key Vault (Workload Identity):
+# apiVersion: external-secrets.io/v1beta1
+# kind: ClusterSecretStore
+# metadata:
+#   name: sim-secret-store
+# spec:
+#   provider:
+#     azurekv:
+#       authType: WorkloadIdentity
+#       vaultUrl: "https://your-keyvault.vault.azure.net"
+#       serviceAccountRef:
+#         name: external-secrets-sa
+#         namespace: external-secrets
+
+# AWS Secrets Manager (IRSA):
+# apiVersion: external-secrets.io/v1beta1
+# kind: ClusterSecretStore
+# metadata:
+#   name: sim-secret-store
+# spec:
+#   provider:
+#     aws:
+#       service: SecretsManager
+#       region: us-east-1
+#       role: arn:aws:iam::123456789012:role/external-secrets-role
+
+# HashiCorp Vault (Kubernetes Auth):
+# apiVersion: external-secrets.io/v1beta1
+# kind: ClusterSecretStore
+# metadata:
+#   name: sim-secret-store
+# spec:
+#   provider:
+#     vault:
+#       server: "https://vault.example.com"
+#       path: "secret"
+#       version: "v2"
+#       auth:
+#         kubernetes:
+#           mountPath: "kubernetes"
+#           role: "external-secrets"
diff --git a/helm/sim/templates/_helpers.tpl b/helm/sim/templates/_helpers.tpl
index 9966b14937..e1bee30491 100644
--- a/helm/sim/templates/_helpers.tpl
+++ b/helm/sim/templates/_helpers.tpl
@@ -181,8 +181,15 @@ Database URL for internal PostgreSQL
 
 {{/*
 Validate required secrets and reject default placeholder values
+Skip validation when using existing secrets or External Secrets Operator
 */}}
 {{- define "sim.validateSecrets" -}}
+{{- $useExistingAppSecret := and .Values.app.secrets .Values.app.secrets.existingSecret .Values.app.secrets.existingSecret.enabled }}
+{{- $useExternalSecrets := and .Values.externalSecrets .Values.externalSecrets.enabled }}
+{{- $useExistingPostgresSecret := and .Values.postgresql.auth.existingSecret .Values.postgresql.auth.existingSecret.enabled }}
+{{- $useExistingExternalDbSecret := and .Values.externalDatabase.existingSecret .Values.externalDatabase.existingSecret.enabled }}
+{{- /* App secrets validation - skip if using existing secret or ESO */ -}}
+{{- if not (or $useExistingAppSecret $useExternalSecrets) }}
 {{- if and .Values.app.enabled (not .Values.app.env.BETTER_AUTH_SECRET) }}
 {{- fail "app.env.BETTER_AUTH_SECRET is required for production deployment" }}
 {{- end }}
@@ -198,15 +205,21 @@ Validate required secrets and reject default placeholder values
 {{- if and .Values.realtime.enabled (eq .Values.realtime.env.BETTER_AUTH_SECRET "CHANGE-ME-32-CHAR-SECRET-FOR-PRODUCTION-USE") }}
 {{- fail "realtime.env.BETTER_AUTH_SECRET must not use the default placeholder value. Generate a secure secret with: openssl rand -hex 32" }}
 {{- end }}
+{{- end }}
+{{- /* PostgreSQL password validation - skip if using existing secret or ESO */ -}}
+{{- if not (or $useExistingPostgresSecret $useExternalSecrets) }}
 {{- if and .Values.postgresql.enabled (not .Values.postgresql.auth.password) }}
 {{- fail "postgresql.auth.password is required when using internal PostgreSQL" }}
 {{- end }}
 {{- if and .Values.postgresql.enabled (eq .Values.postgresql.auth.password "CHANGE-ME-SECURE-PASSWORD") }}
 {{- fail "postgresql.auth.password must not use the default placeholder value. Set a secure password for production" }}
 {{- end }}
-{{- if and .Values.postgresql.enabled (not (regexMatch "^[a-zA-Z0-9._-]+$" .Values.postgresql.auth.password)) }}
+{{- if and .Values.postgresql.enabled .Values.postgresql.auth.password (not (regexMatch "^[a-zA-Z0-9._-]+$" .Values.postgresql.auth.password)) }}
 {{- fail "postgresql.auth.password must only contain alphanumeric characters, hyphens, underscores, or periods to ensure DATABASE_URL compatibility. Generate with: openssl rand -base64 16 | tr -d '/+='" }}
 {{- end }}
+{{- end }}
+{{- /* External database password validation - skip if using existing secret or ESO */ -}}
+{{- if not (or $useExistingExternalDbSecret $useExternalSecrets) }}
 {{- if and .Values.externalDatabase.enabled (not .Values.externalDatabase.password) }}
 {{- fail "externalDatabase.password is required when using external database" }}
 {{- end }}
@@ -214,6 +227,103 @@ Validate required secrets and reject default placeholder values
 {{- fail "externalDatabase.password must only contain alphanumeric characters, hyphens, underscores, or periods to ensure DATABASE_URL compatibility." }}
 {{- end }}
 {{- end }}
+{{- end }}
+
+{{/*
+Get the app secrets name
+Returns the name of the secret containing app credentials (auth, encryption keys)
+*/}}
+{{- define "sim.appSecretName" -}}
+{{- if and .Values.app.secrets .Values.app.secrets.existingSecret .Values.app.secrets.existingSecret.enabled -}}
+{{- .Values.app.secrets.existingSecret.name -}}
+{{- else -}}
+{{- printf "%s-app-secrets" (include "sim.fullname" .) -}}
+{{- end -}}
+{{- end }}
+
+{{/*
+Get the PostgreSQL secret name
+Returns the name of the secret containing PostgreSQL password
+*/}}
+{{- define "sim.postgresqlSecretName" -}}
+{{- if and .Values.postgresql.auth.existingSecret .Values.postgresql.auth.existingSecret.enabled -}}
+{{- .Values.postgresql.auth.existingSecret.name -}}
+{{- else -}}
+{{- printf "%s-postgresql-secret" (include "sim.fullname" .) -}}
+{{- end -}}
+{{- end }}
+
+{{/*
+Get the PostgreSQL password key name
+Returns the key name in the secret that contains the password
+*/}}
+{{- define "sim.postgresqlPasswordKey" -}}
+{{- if and .Values.postgresql.auth.existingSecret .Values.postgresql.auth.existingSecret.enabled -}}
+{{- .Values.postgresql.auth.existingSecret.passwordKey | default "POSTGRES_PASSWORD" -}}
+{{- else -}}
+{{- print "POSTGRES_PASSWORD" -}}
+{{- end -}}
+{{- end }}
+
+{{/*
+Get the external database secret name
+Returns the name of the secret containing external database password
+*/}}
+{{- define "sim.externalDbSecretName" -}}
+{{- if and .Values.externalDatabase.existingSecret .Values.externalDatabase.existingSecret.enabled -}}
+{{- .Values.externalDatabase.existingSecret.name -}}
+{{- else -}}
+{{- printf "%s-external-db-secret" (include "sim.fullname" .) -}}
+{{- end -}}
+{{- end }}
+
+{{/*
+Get the external database password key name
+Returns the key name in the secret that contains the password
+*/}}
+{{- define "sim.externalDbPasswordKey" -}}
+{{- if and .Values.externalDatabase.existingSecret .Values.externalDatabase.existingSecret.enabled -}}
+{{- .Values.externalDatabase.existingSecret.passwordKey | default "EXTERNAL_DB_PASSWORD" -}}
+{{- else -}}
+{{- print "EXTERNAL_DB_PASSWORD" -}}
+{{- end -}}
+{{- end }}
+
+{{/*
+Check if app secrets should be created by the chart
+Returns true if we should create the app secrets (not using existing or ESO)
+*/}}
+{{- define "sim.createAppSecrets" -}}
+{{- $useExistingAppSecret := and .Values.app.secrets .Values.app.secrets.existingSecret .Values.app.secrets.existingSecret.enabled }}
+{{- $useExternalSecrets := and .Values.externalSecrets .Values.externalSecrets.enabled }}
+{{- if not (or $useExistingAppSecret $useExternalSecrets) -}}
+true
+{{- end -}}
+{{- end }}
+
+{{/*
+Check if PostgreSQL secret should be created by the chart
+Returns true if we should create the PostgreSQL secret (not using existing or ESO)
+*/}}
+{{- define "sim.createPostgresqlSecret" -}}
+{{- $useExistingSecret := and .Values.postgresql.auth.existingSecret .Values.postgresql.auth.existingSecret.enabled }}
+{{- $useExternalSecrets := and .Values.externalSecrets .Values.externalSecrets.enabled }}
+{{- if not (or $useExistingSecret $useExternalSecrets) -}}
+true
+{{- end -}}
+{{- end }}
+
+{{/*
+Check if external database secret should be created by the chart
+Returns true if we should create the external database secret (not using existing or ESO)
+*/}}
+{{- define "sim.createExternalDbSecret" -}}
+{{- $useExistingSecret := and .Values.externalDatabase.existingSecret .Values.externalDatabase.existingSecret.enabled }}
+{{- $useExternalSecrets := and .Values.externalSecrets .Values.externalSecrets.enabled }}
+{{- if not (or $useExistingSecret $useExternalSecrets) -}}
+true
+{{- end -}}
+{{- end }}
 
 {{/*
 Ollama URL
diff --git a/helm/sim/templates/deployment-app.yaml b/helm/sim/templates/deployment-app.yaml
index 6433e82ea0..04eedd755d 100644
--- a/helm/sim/templates/deployment-app.yaml
+++ b/helm/sim/templates/deployment-app.yaml
@@ -44,15 +44,14 @@ spec:
               cd /app/packages/db
               export DATABASE_URL="{{ include "sim.databaseUrl" . }}"
               bun run db:migrate
-          {{- if .Values.postgresql.enabled }}
           envFrom:
+            {{- if .Values.postgresql.enabled }}
             - secretRef:
-                name: {{ include "sim.fullname" . }}-postgresql-secret
-          {{- else if .Values.externalDatabase.enabled }}
-          envFrom:
+                name: {{ include "sim.postgresqlSecretName" . }}
+            {{- else if .Values.externalDatabase.enabled }}
             - secretRef:
-                name: {{ include "sim.fullname" . }}-external-db-secret
-          {{- end }}
+                name: {{ include "sim.externalDbSecretName" . }}
+            {{- end }}
           {{- include "sim.resources" .Values.migrations | nindent 10 }}
           {{- include "sim.securityContext" .Values.migrations | nindent 10 }}
       {{- end }}
@@ -89,15 +88,18 @@ spec:
             {{- with .Values.extraEnvVars }}
             {{- toYaml . | nindent 12 }}
             {{- end }}
-          {{- if .Values.postgresql.enabled }}
           envFrom:
+            # App secrets (authentication, encryption keys)
             - secretRef:
-                name: {{ include "sim.fullname" . }}-postgresql-secret
-          {{- else if .Values.externalDatabase.enabled }}
-          envFrom:
+                name: {{ include "sim.appSecretName" . }}
+            # Database secrets
+            {{- if .Values.postgresql.enabled }}
             - secretRef:
-                name: {{ include "sim.fullname" . }}-external-db-secret
-          {{- end }}
+                name: {{ include "sim.postgresqlSecretName" . }}
+            {{- else if .Values.externalDatabase.enabled }}
+            - secretRef:
+                name: {{ include "sim.externalDbSecretName" . }}
+            {{- end }}
           {{- if .Values.app.livenessProbe }}
           livenessProbe:
             {{- toYaml .Values.app.livenessProbe | nindent 12 }}
diff --git a/helm/sim/templates/deployment-realtime.yaml b/helm/sim/templates/deployment-realtime.yaml
index b951aee167..746516594e 100644
--- a/helm/sim/templates/deployment-realtime.yaml
+++ b/helm/sim/templates/deployment-realtime.yaml
@@ -62,15 +62,18 @@ spec:
             {{- with .Values.extraEnvVars }}
             {{- toYaml . | nindent 12 }}
             {{- end }}
-          {{- if .Values.postgresql.enabled }}
           envFrom:
+            # App secrets (authentication keys shared with main app)
             - secretRef:
-                name: {{ include "sim.fullname" . }}-postgresql-secret
-          {{- else if .Values.externalDatabase.enabled }}
-          envFrom:
+                name: {{ include "sim.appSecretName" . }}
+            # Database secrets
+            {{- if .Values.postgresql.enabled }}
             - secretRef:
-                name: {{ include "sim.fullname" . }}-external-db-secret
-          {{- end }}
+                name: {{ include "sim.postgresqlSecretName" . }}
+            {{- else if .Values.externalDatabase.enabled }}
+            - secretRef:
+                name: {{ include "sim.externalDbSecretName" . }}
+            {{- end }}
           {{- if .Values.realtime.livenessProbe }}
           livenessProbe:
             {{- toYaml .Values.realtime.livenessProbe | nindent 12 }}
diff --git a/helm/sim/templates/external-db-secret.yaml b/helm/sim/templates/external-db-secret.yaml
index 7cfa527f64..4a7e3c5f76 100644
--- a/helm/sim/templates/external-db-secret.yaml
+++ b/helm/sim/templates/external-db-secret.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.externalDatabase.enabled }}
+{{- if and .Values.externalDatabase.enabled (include "sim.createExternalDbSecret" .) }}
 ---
 # Secret for external database credentials
 apiVersion: v1
diff --git a/helm/sim/templates/external-secret-app.yaml b/helm/sim/templates/external-secret-app.yaml
new file mode 100644
index 0000000000..3377901fcc
--- /dev/null
+++ b/helm/sim/templates/external-secret-app.yaml
@@ -0,0 +1,44 @@
+{{- if and .Values.externalSecrets.enabled .Values.app.enabled }}
+# ExternalSecret for app credentials (syncs from external secret managers)
+apiVersion: external-secrets.io/{{ .Values.externalSecrets.apiVersion | default "v1" }}
+kind: ExternalSecret
+metadata:
+  name: {{ include "sim.fullname" . }}-app-secrets
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "sim.app.labels" . | nindent 4 }}
+spec:
+  refreshInterval: {{ .Values.externalSecrets.refreshInterval | quote }}
+  secretStoreRef:
+    name: {{ required "externalSecrets.secretStoreRef.name is required when externalSecrets.enabled=true" .Values.externalSecrets.secretStoreRef.name }}
+    kind: {{ .Values.externalSecrets.secretStoreRef.kind | default "ClusterSecretStore" }}
+  target:
+    name: {{ include "sim.fullname" . }}-app-secrets
+    creationPolicy: Owner
+  data:
+    {{- if .Values.externalSecrets.remoteRefs.app.BETTER_AUTH_SECRET }}
+    - secretKey: BETTER_AUTH_SECRET
+      remoteRef:
+        key: {{ .Values.externalSecrets.remoteRefs.app.BETTER_AUTH_SECRET }}
+    {{- end }}
+    {{- if .Values.externalSecrets.remoteRefs.app.ENCRYPTION_KEY }}
+    - secretKey: ENCRYPTION_KEY
+      remoteRef:
+        key: {{ .Values.externalSecrets.remoteRefs.app.ENCRYPTION_KEY }}
+    {{- end }}
+    {{- if .Values.externalSecrets.remoteRefs.app.INTERNAL_API_SECRET }}
+    - secretKey: INTERNAL_API_SECRET
+      remoteRef:
+        key: {{ .Values.externalSecrets.remoteRefs.app.INTERNAL_API_SECRET }}
+    {{- end }}
+    {{- if .Values.externalSecrets.remoteRefs.app.CRON_SECRET }}
+    - secretKey: CRON_SECRET
+      remoteRef:
+        key: {{ .Values.externalSecrets.remoteRefs.app.CRON_SECRET }}
+    {{- end }}
+    {{- if .Values.externalSecrets.remoteRefs.app.API_ENCRYPTION_KEY }}
+    - secretKey: API_ENCRYPTION_KEY
+      remoteRef:
+        key: {{ .Values.externalSecrets.remoteRefs.app.API_ENCRYPTION_KEY }}
+    {{- end }}
+{{- end }}
diff --git a/helm/sim/templates/external-secret-external-db.yaml b/helm/sim/templates/external-secret-external-db.yaml
new file mode 100644
index 0000000000..d1cde291aa
--- /dev/null
+++ b/helm/sim/templates/external-secret-external-db.yaml
@@ -0,0 +1,23 @@
+{{- if and .Values.externalSecrets.enabled .Values.externalDatabase.enabled .Values.externalSecrets.remoteRefs.externalDatabase.password }}
+# ExternalSecret for external database password (syncs from external secret managers)
+apiVersion: external-secrets.io/{{ .Values.externalSecrets.apiVersion | default "v1" }}
+kind: ExternalSecret
+metadata:
+  name: {{ include "sim.fullname" . }}-external-db-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "sim.labels" . | nindent 4 }}
+    app.kubernetes.io/component: external-database
+spec:
+  refreshInterval: {{ .Values.externalSecrets.refreshInterval | quote }}
+  secretStoreRef:
+    name: {{ required "externalSecrets.secretStoreRef.name is required when externalSecrets.enabled=true" .Values.externalSecrets.secretStoreRef.name }}
+    kind: {{ .Values.externalSecrets.secretStoreRef.kind | default "ClusterSecretStore" }}
+  target:
+    name: {{ include "sim.fullname" . }}-external-db-secret
+    creationPolicy: Owner
+  data:
+    - secretKey: EXTERNAL_DB_PASSWORD
+      remoteRef:
+        key: {{ .Values.externalSecrets.remoteRefs.externalDatabase.password }}
+{{- end }}
diff --git a/helm/sim/templates/external-secret-postgresql.yaml b/helm/sim/templates/external-secret-postgresql.yaml
new file mode 100644
index 0000000000..d8796077d9
--- /dev/null
+++ b/helm/sim/templates/external-secret-postgresql.yaml
@@ -0,0 +1,22 @@
+{{- if and .Values.externalSecrets.enabled .Values.postgresql.enabled .Values.externalSecrets.remoteRefs.postgresql.password }}
+# ExternalSecret for PostgreSQL password (syncs from external secret managers)
+apiVersion: external-secrets.io/{{ .Values.externalSecrets.apiVersion | default "v1" }}
+kind: ExternalSecret
+metadata:
+  name: {{ include "sim.fullname" . }}-postgresql-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "sim.postgresql.labels" . | nindent 4 }}
+spec:
+  refreshInterval: {{ .Values.externalSecrets.refreshInterval | quote }}
+  secretStoreRef:
+    name: {{ required "externalSecrets.secretStoreRef.name is required when externalSecrets.enabled=true" .Values.externalSecrets.secretStoreRef.name }}
+    kind: {{ .Values.externalSecrets.secretStoreRef.kind | default "ClusterSecretStore" }}
+  target:
+    name: {{ include "sim.fullname" . }}-postgresql-secret
+    creationPolicy: Owner
+  data:
+    - secretKey: POSTGRES_PASSWORD
+      remoteRef:
+        key: {{ .Values.externalSecrets.remoteRefs.postgresql.password }}
+{{- end }}
diff --git a/helm/sim/templates/secrets-app.yaml b/helm/sim/templates/secrets-app.yaml
new file mode 100644
index 0000000000..29a9d065f2
--- /dev/null
+++ b/helm/sim/templates/secrets-app.yaml
@@ -0,0 +1,27 @@
+{{- if and .Values.app.enabled (include "sim.createAppSecrets" .) }}
+# Secret for app credentials (authentication, encryption keys)
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "sim.fullname" . }}-app-secrets
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "sim.app.labels" . | nindent 4 }}
+type: Opaque
+stringData:
+  {{- if .Values.app.env.BETTER_AUTH_SECRET }}
+  BETTER_AUTH_SECRET: {{ .Values.app.env.BETTER_AUTH_SECRET | quote }}
+  {{- end }}
+  {{- if .Values.app.env.ENCRYPTION_KEY }}
+  ENCRYPTION_KEY: {{ .Values.app.env.ENCRYPTION_KEY | quote }}
+  {{- end }}
+  {{- if .Values.app.env.INTERNAL_API_SECRET }}
+  INTERNAL_API_SECRET: {{ .Values.app.env.INTERNAL_API_SECRET | quote }}
+  {{- end }}
+  {{- if .Values.app.env.CRON_SECRET }}
+  CRON_SECRET: {{ .Values.app.env.CRON_SECRET | quote }}
+  {{- end }}
+  {{- if .Values.app.env.API_ENCRYPTION_KEY }}
+  API_ENCRYPTION_KEY: {{ .Values.app.env.API_ENCRYPTION_KEY | quote }}
+  {{- end }}
+{{- end }}
diff --git a/helm/sim/templates/statefulset-postgresql.yaml b/helm/sim/templates/statefulset-postgresql.yaml
index f9283b6141..b9f25d9211 100644
--- a/helm/sim/templates/statefulset-postgresql.yaml
+++ b/helm/sim/templates/statefulset-postgresql.yaml
@@ -65,6 +65,7 @@ data:
   POSTGRES_USER: {{ .Values.postgresql.auth.username | quote }}
   PGDATA: "/var/lib/postgresql/data/pgdata"
 
+{{- if (include "sim.createPostgresqlSecret" .) }}
 ---
 # Secret for PostgreSQL password
 apiVersion: v1
@@ -77,6 +78,7 @@ metadata:
 type: Opaque
 data:
   POSTGRES_PASSWORD: {{ .Values.postgresql.auth.password | b64enc }}
+{{- end }}
 
 ---
 # StatefulSet for PostgreSQL
@@ -128,7 +130,7 @@ spec:
             - configMapRef:
                 name: {{ include "sim.fullname" . }}-postgresql-env
             - secretRef:
-                name: {{ include "sim.fullname" . }}-postgresql-secret
+                name: {{ include "sim.postgresqlSecretName" . }}
           {{- if .Values.postgresql.livenessProbe }}
           livenessProbe:
             {{- toYaml .Values.postgresql.livenessProbe | nindent 12 }}
diff --git a/helm/sim/values.schema.json b/helm/sim/values.schema.json
index 6aa96f1c2b..9eb8fe8ec9 100644
--- a/helm/sim/values.schema.json
+++ b/helm/sim/values.schema.json
@@ -81,18 +81,39 @@
             }
           }
         },
+        "secrets": {
+          "type": "object",
+          "description": "Secret management configuration",
+          "properties": {
+            "existingSecret": {
+              "type": "object",
+              "properties": {
+                "enabled": {
+                  "type": "boolean",
+                  "description": "Use an existing secret instead of creating one"
+                },
+                "name": {
+                  "type": "string",
+                  "description": "Name of the existing Kubernetes secret"
+                },
+                "keys": {
+                  "type": "object",
+                  "description": "Key name mappings in the existing secret"
+                }
+              }
+            }
+          }
+        },
         "env": {
           "type": "object",
           "properties": {
             "BETTER_AUTH_SECRET": {
               "type": "string",
-              "minLength": 32,
-              "description": "Auth secret (minimum 32 characters required)"
+              "description": "Auth secret (minimum 32 characters required when not using existingSecret)"
             },
             "ENCRYPTION_KEY": {
               "type": "string",
-              "minLength": 32,
-              "description": "Encryption key (minimum 32 characters required)"
+              "description": "Encryption key (minimum 32 characters required when not using existingSecret)"
             },
             "NEXT_PUBLIC_APP_URL": {
               "type": "string",
@@ -329,8 +350,7 @@
           "properties": {
             "BETTER_AUTH_SECRET": {
               "type": "string",
-              "minLength": 32,
-              "description": "Auth secret (minimum 32 characters required)"
+              "description": "Auth secret (minimum 32 characters required when not using existingSecret)"
             },
             "NEXT_PUBLIC_APP_URL": {
               "type": "string",
@@ -431,11 +451,25 @@
             },
             "password": {
               "type": "string",
-              "minLength": 8,
-              "not": {
-                "const": "CHANGE-ME-SECURE-PASSWORD"
-              },
-              "description": "PostgreSQL password (minimum 8 characters, must not be default placeholder)"
+              "description": "PostgreSQL password (minimum 8 characters when not using existingSecret)"
+            },
+            "existingSecret": {
+              "type": "object",
+              "description": "Use an existing secret for PostgreSQL credentials",
+              "properties": {
+                "enabled": {
+                  "type": "boolean",
+                  "description": "Use an existing secret instead of creating one"
+                },
+                "name": {
+                  "type": "string",
+                  "description": "Name of the existing Kubernetes secret"
+                },
+                "passwordKey": {
+                  "type": "string",
+                  "description": "Key in the secret containing the password"
+                }
+              }
             }
           }
         }
@@ -475,6 +509,24 @@
           "type": "string",
           "enum": ["disable", "allow", "prefer", "require", "verify-ca", "verify-full"],
           "description": "SSL mode for database connection"
+        },
+        "existingSecret": {
+          "type": "object",
+          "description": "Use an existing secret for external database credentials",
+          "properties": {
+            "enabled": {
+              "type": "boolean",
+              "description": "Use an existing secret instead of creating one"
+            },
+            "name": {
+              "type": "string",
+              "description": "Name of the existing Kubernetes secret"
+            },
+            "passwordKey": {
+              "type": "string",
+              "description": "Key in the secret containing the password"
+            }
+          }
         }
       },
       "if": {
@@ -821,6 +873,61 @@
         }
       }
     },
+    "externalSecrets": {
+      "type": "object",
+      "description": "External Secrets Operator integration",
+      "properties": {
+        "enabled": {
+          "type": "boolean",
+          "description": "Enable External Secrets Operator integration"
+        },
+        "apiVersion": {
+          "type": "string",
+          "enum": ["v1", "v1beta1"],
+          "description": "ESO API version - use v1 for ESO v0.17+ (recommended), v1beta1 for older versions"
+        },
+        "refreshInterval": {
+          "type": "string",
+          "description": "How often to sync secrets from external store"
+        },
+        "secretStoreRef": {
+          "type": "object",
+          "properties": {
+            "name": {
+              "type": "string",
+              "description": "Name of the SecretStore or ClusterSecretStore"
+            },
+            "kind": {
+              "type": "string",
+              "enum": ["SecretStore", "ClusterSecretStore"],
+              "description": "Kind of the store"
+            }
+          }
+        },
+        "remoteRefs": {
+          "type": "object",
+          "description": "Remote key paths in external secret store",
+          "properties": {
+            "app": {
+              "type": "object",
+              "additionalProperties": { "type": "string" }
+            },
+            "postgresql": {
+              "type": "object",
+              "properties": {
+                "password": { "type": "string" }
+              }
+            },
+            "externalDatabase": {
+              "type": "object",
+              "properties": {
+                "password": { "type": "string" }
+              }
+            }
+          }
+        }
+      }
+    },
     "ingress": {
       "type": "object",
       "properties": {
diff --git a/helm/sim/values.yaml b/helm/sim/values.yaml
index 788d900cbd..24e794a9ca 100644
--- a/helm/sim/values.yaml
+++ b/helm/sim/values.yaml
@@ -16,16 +16,16 @@ global:
 app:
   # Enable/disable the main application
   enabled: true
-  
+
   # Image configuration
   image:
     repository: simstudioai/simstudio
     tag: latest
     pullPolicy: Always
-  
+
   # Number of replicas
   replicaCount: 1
-  
+
   # Resource limits and requests
   resources:
     limits:
@@ -34,19 +34,37 @@ app:
     requests:
       memory: "2Gi"
       cpu: "1000m"
-  
+
   # Node selector for pod scheduling (leave empty to allow scheduling on any node)
   nodeSelector: {}
-  
+
   # Pod security context
   podSecurityContext:
     fsGroup: 1001
-  
+
   # Container security context
   securityContext:
     runAsNonRoot: true
     runAsUser: 1001
-  
+
+  # Secret management configuration
+  # Use this to reference pre-existing Kubernetes secrets instead of defining values directly
+  # This enables integration with External Secrets Operator, HashiCorp Vault, Azure Key Vault, etc.
+  secrets:
+    existingSecret:
+      # Set to true to use an existing secret instead of creating one from values
+      enabled: false
+      # Name of the existing Kubernetes secret containing app credentials
+      name: ""
+      # Key mappings - specify the key names in your existing secret
+      # Only needed if your secret uses different key names than the defaults
+      keys:
+        BETTER_AUTH_SECRET: "BETTER_AUTH_SECRET"
+        ENCRYPTION_KEY: "ENCRYPTION_KEY"
+        INTERNAL_API_SECRET: "INTERNAL_API_SECRET"
+        CRON_SECRET: "CRON_SECRET"
+        API_ENCRYPTION_KEY: "API_ENCRYPTION_KEY"
+
   # Environment variables
   env:
     # Application URLs
@@ -118,7 +136,9 @@ app:
 
     # Registration Control
     DISABLE_REGISTRATION: ""                              # Set to "true" to disable new user signups
-    
+    EMAIL_PASSWORD_SIGNUP_ENABLED: ""                     # Set to "false" to disable email/password login (SSO-only mode, server-side enforcement)
+    NEXT_PUBLIC_EMAIL_PASSWORD_SIGNUP_ENABLED: ""         # Set to "false" to hide email/password login form (UI-side)
+
     # Access Control (leave empty if not restricting login)
     ALLOWED_LOGIN_EMAILS: ""                             # Comma-separated list of allowed email addresses for login
     ALLOWED_LOGIN_DOMAINS: ""                            # Comma-separated list of allowed email domains for login
@@ -305,6 +325,12 @@ postgresql:
     username: postgres
     password: ""  # REQUIRED - set via --set flag or external secret manager
     database: sim
+    # Use an existing secret for PostgreSQL credentials
+    # This enables integration with External Secrets Operator, HashiCorp Vault, etc.
+    existingSecret:
+      enabled: false
+      name: ""           # Name of existing Kubernetes secret
+      passwordKey: "POSTGRES_PASSWORD"  # Key in the secret containing the password
   
   # Node selector for database pod scheduling (leave empty to allow scheduling on any node)
   nodeSelector: {}
@@ -387,17 +413,24 @@ postgresql:
 externalDatabase:
   # Enable to use an external database instead of the internal PostgreSQL instance
   enabled: false
-  
+
   # Database connection details
   host: "external-db.example.com"
   port: 5432
   username: postgres
   password: ""
   database: sim
-  
+
   # SSL configuration
   sslMode: require
 
+  # Use an existing secret for external database credentials
+  # This enables integration with External Secrets Operator, HashiCorp Vault, etc.
+  existingSecret:
+    enabled: false
+    name: ""           # Name of existing Kubernetes secret
+    passwordKey: "EXTERNAL_DB_PASSWORD"  # Key in the secret containing the password
+
 # Ollama local AI models configuration
 ollama:
   # Enable/disable Ollama deployment
@@ -1013,4 +1046,51 @@ copilot:
     
     # Job configuration
     backoffLimit: 3
-    restartPolicy: OnFailure
\ No newline at end of file
+    restartPolicy: OnFailure
+
+# External Secrets Operator integration
+# Use this to automatically sync secrets from external secret managers (Azure Key Vault, AWS Secrets Manager, etc.)
+# Prerequisites: Install External Secrets Operator in your cluster first
+# See: https://external-secrets.io/latest/introduction/getting-started/
+externalSecrets:
+  # Enable External Secrets Operator integration
+  enabled: false
+
+  # ESO API version - use "v1" for ESO v0.17+ (recommended), "v1beta1" for older versions
+  apiVersion: "v1"
+
+  # How often to sync secrets from the external store
+  refreshInterval: "1h"
+
+  # Reference to the SecretStore or ClusterSecretStore
+  secretStoreRef:
+    # Name of the SecretStore or ClusterSecretStore resource
+    name: ""
+    # Kind of the store: "SecretStore" (namespaced) or "ClusterSecretStore" (cluster-wide)
+    kind: "ClusterSecretStore"
+
+  # Remote references - paths/keys in your external secret store
+  # These map to the secrets that will be created in Kubernetes
+  remoteRefs:
+    # App secrets (authentication, encryption keys)
+    app:
+      # Path to BETTER_AUTH_SECRET in external store (e.g., "sim/app/better-auth-secret")
+      BETTER_AUTH_SECRET: ""
+      # Path to ENCRYPTION_KEY in external store
+      ENCRYPTION_KEY: ""
+      # Path to INTERNAL_API_SECRET in external store
+      INTERNAL_API_SECRET: ""
+      # Path to CRON_SECRET in external store (optional)
+      CRON_SECRET: ""
+      # Path to API_ENCRYPTION_KEY in external store (optional)
+      API_ENCRYPTION_KEY: ""
+
+    # PostgreSQL password (for internal PostgreSQL)
+    postgresql:
+      # Path to PostgreSQL password in external store (e.g., "sim/postgresql/password")
+      password: ""
+
+    # External database password (when using managed database services)
+    externalDatabase:
+      # Path to external database password in external store
+      password: ""
\ No newline at end of file
diff --git a/packages/db/migrations/0135_stormy_puff_adder.sql b/packages/db/migrations/0135_stormy_puff_adder.sql
new file mode 100644
index 0000000000..1e4e248529
--- /dev/null
+++ b/packages/db/migrations/0135_stormy_puff_adder.sql
@@ -0,0 +1,61 @@
+CREATE TYPE "public"."credential_set_invitation_status" AS ENUM('pending', 'accepted', 'expired', 'cancelled');--> statement-breakpoint
+CREATE TYPE "public"."credential_set_member_status" AS ENUM('active', 'pending', 'revoked');--> statement-breakpoint
+CREATE TABLE "credential_set" (
+	"id" text PRIMARY KEY NOT NULL,
+	"organization_id" text NOT NULL,
+	"name" text NOT NULL,
+	"description" text,
+	"provider_id" text NOT NULL,
+	"created_by" text NOT NULL,
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	"updated_at" timestamp DEFAULT now() NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE "credential_set_invitation" (
+	"id" text PRIMARY KEY NOT NULL,
+	"credential_set_id" text NOT NULL,
+	"email" text,
+	"token" text NOT NULL,
+	"invited_by" text NOT NULL,
+	"status" "credential_set_invitation_status" DEFAULT 'pending' NOT NULL,
+	"expires_at" timestamp NOT NULL,
+	"accepted_at" timestamp,
+	"accepted_by_user_id" text,
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	CONSTRAINT "credential_set_invitation_token_unique" UNIQUE("token")
+);
+--> statement-breakpoint
+CREATE TABLE "credential_set_member" (
+	"id" text PRIMARY KEY NOT NULL,
+	"credential_set_id" text NOT NULL,
+	"user_id" text NOT NULL,
+	"status" "credential_set_member_status" DEFAULT 'pending' NOT NULL,
+	"joined_at" timestamp,
+	"invited_by" text,
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	"updated_at" timestamp DEFAULT now() NOT NULL
+);
+--> statement-breakpoint
+ALTER TABLE "webhook" ADD COLUMN "credential_set_id" text;--> statement-breakpoint
+ALTER TABLE "credential_set" ADD CONSTRAINT "credential_set_organization_id_organization_id_fk" FOREIGN KEY ("organization_id") REFERENCES "public"."organization"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "credential_set" ADD CONSTRAINT "credential_set_created_by_user_id_fk" FOREIGN KEY ("created_by") REFERENCES "public"."user"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "credential_set_invitation" ADD CONSTRAINT "credential_set_invitation_credential_set_id_credential_set_id_fk" FOREIGN KEY ("credential_set_id") REFERENCES "public"."credential_set"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "credential_set_invitation" ADD CONSTRAINT "credential_set_invitation_invited_by_user_id_fk" FOREIGN KEY ("invited_by") REFERENCES "public"."user"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "credential_set_invitation" ADD CONSTRAINT "credential_set_invitation_accepted_by_user_id_user_id_fk" FOREIGN KEY ("accepted_by_user_id") REFERENCES "public"."user"("id") ON DELETE set null ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "credential_set_member" ADD CONSTRAINT "credential_set_member_credential_set_id_credential_set_id_fk" FOREIGN KEY ("credential_set_id") REFERENCES "public"."credential_set"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "credential_set_member" ADD CONSTRAINT "credential_set_member_user_id_user_id_fk" FOREIGN KEY ("user_id") REFERENCES "public"."user"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "credential_set_member" ADD CONSTRAINT "credential_set_member_invited_by_user_id_fk" FOREIGN KEY ("invited_by") REFERENCES "public"."user"("id") ON DELETE set null ON UPDATE no action;--> statement-breakpoint
+CREATE INDEX "credential_set_organization_id_idx" ON "credential_set" USING btree ("organization_id");--> statement-breakpoint
+CREATE INDEX "credential_set_created_by_idx" ON "credential_set" USING btree ("created_by");--> statement-breakpoint
+CREATE UNIQUE INDEX "credential_set_org_name_unique" ON "credential_set" USING btree ("organization_id","name");--> statement-breakpoint
+CREATE INDEX "credential_set_provider_id_idx" ON "credential_set" USING btree ("provider_id");--> statement-breakpoint
+CREATE INDEX "credential_set_invitation_set_id_idx" ON "credential_set_invitation" USING btree ("credential_set_id");--> statement-breakpoint
+CREATE INDEX "credential_set_invitation_token_idx" ON "credential_set_invitation" USING btree ("token");--> statement-breakpoint
+CREATE INDEX "credential_set_invitation_status_idx" ON "credential_set_invitation" USING btree ("status");--> statement-breakpoint
+CREATE INDEX "credential_set_invitation_expires_at_idx" ON "credential_set_invitation" USING btree ("expires_at");--> statement-breakpoint
+CREATE INDEX "credential_set_member_set_id_idx" ON "credential_set_member" USING btree ("credential_set_id");--> statement-breakpoint
+CREATE INDEX "credential_set_member_user_id_idx" ON "credential_set_member" USING btree ("user_id");--> statement-breakpoint
+CREATE UNIQUE INDEX "credential_set_member_unique" ON "credential_set_member" USING btree ("credential_set_id","user_id");--> statement-breakpoint
+CREATE INDEX "credential_set_member_status_idx" ON "credential_set_member" USING btree ("status");--> statement-breakpoint
+ALTER TABLE "webhook" ADD CONSTRAINT "webhook_credential_set_id_credential_set_id_fk" FOREIGN KEY ("credential_set_id") REFERENCES "public"."credential_set"("id") ON DELETE set null ON UPDATE no action;--> statement-breakpoint
+CREATE INDEX "webhook_credential_set_id_idx" ON "webhook" USING btree ("credential_set_id");
\ No newline at end of file
diff --git a/packages/db/migrations/0136_pretty_jack_flag.sql b/packages/db/migrations/0136_pretty_jack_flag.sql
new file mode 100644
index 0000000000..51f0f8437b
--- /dev/null
+++ b/packages/db/migrations/0136_pretty_jack_flag.sql
@@ -0,0 +1,2 @@
+DROP INDEX "member_user_id_idx";--> statement-breakpoint
+CREATE UNIQUE INDEX "member_user_id_unique" ON "member" USING btree ("user_id");
\ No newline at end of file
diff --git a/packages/db/migrations/meta/0135_snapshot.json b/packages/db/migrations/meta/0135_snapshot.json
new file mode 100644
index 0000000000..26f9899a23
--- /dev/null
+++ b/packages/db/migrations/meta/0135_snapshot.json
@@ -0,0 +1,9333 @@
+{
+  "id": "27c797c9-6ab1-4fe8-96ae-9242c4d427f0",
+  "prevId": "30899c79-8b72-46e7-a7b0-d9fe760c59ea",
+  "version": "7",
+  "dialect": "postgresql",
+  "tables": {
+    "public.account": {
+      "name": "account",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "provider_id": {
+          "name": "provider_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "access_token": {
+          "name": "access_token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "refresh_token": {
+          "name": "refresh_token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "id_token": {
+          "name": "id_token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "access_token_expires_at": {
+          "name": "access_token_expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "refresh_token_expires_at": {
+          "name": "refresh_token_expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "scope": {
+          "name": "scope",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "password": {
+          "name": "password",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "account_user_id_idx": {
+          "name": "account_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "idx_account_on_account_id_provider_id": {
+          "name": "idx_account_on_account_id_provider_id",
+          "columns": [
+            {
+              "expression": "account_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "provider_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "account_user_provider_account_unique": {
+          "name": "account_user_provider_account_unique",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "provider_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "account_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "account_user_id_user_id_fk": {
+          "name": "account_user_id_user_id_fk",
+          "tableFrom": "account",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.api_key": {
+      "name": "api_key",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'personal'"
+        },
+        "last_used": {
+          "name": "last_used",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "api_key_workspace_type_idx": {
+          "name": "api_key_workspace_type_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "api_key_user_type_idx": {
+          "name": "api_key_user_type_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "api_key_user_id_user_id_fk": {
+          "name": "api_key_user_id_user_id_fk",
+          "tableFrom": "api_key",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "api_key_workspace_id_workspace_id_fk": {
+          "name": "api_key_workspace_id_workspace_id_fk",
+          "tableFrom": "api_key",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "api_key_created_by_user_id_fk": {
+          "name": "api_key_created_by_user_id_fk",
+          "tableFrom": "api_key",
+          "tableTo": "user",
+          "columnsFrom": ["created_by"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "api_key_key_unique": {
+          "name": "api_key_key_unique",
+          "nullsNotDistinct": false,
+          "columns": ["key"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {
+        "workspace_type_check": {
+          "name": "workspace_type_check",
+          "value": "(type = 'workspace' AND workspace_id IS NOT NULL) OR (type = 'personal' AND workspace_id IS NULL)"
+        }
+      },
+      "isRLSEnabled": false
+    },
+    "public.chat": {
+      "name": "chat",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "identifier": {
+          "name": "identifier",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "title": {
+          "name": "title",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "is_active": {
+          "name": "is_active",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "customizations": {
+          "name": "customizations",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'{}'"
+        },
+        "auth_type": {
+          "name": "auth_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'public'"
+        },
+        "password": {
+          "name": "password",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "allowed_emails": {
+          "name": "allowed_emails",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'[]'"
+        },
+        "output_configs": {
+          "name": "output_configs",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'[]'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "identifier_idx": {
+          "name": "identifier_idx",
+          "columns": [
+            {
+              "expression": "identifier",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "chat_workflow_id_workflow_id_fk": {
+          "name": "chat_workflow_id_workflow_id_fk",
+          "tableFrom": "chat",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "chat_user_id_user_id_fk": {
+          "name": "chat_user_id_user_id_fk",
+          "tableFrom": "chat",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.copilot_chats": {
+      "name": "copilot_chats",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true,
+          "default": "gen_random_uuid()"
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "title": {
+          "name": "title",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "messages": {
+          "name": "messages",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'[]'"
+        },
+        "model": {
+          "name": "model",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'claude-3-7-sonnet-latest'"
+        },
+        "conversation_id": {
+          "name": "conversation_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "preview_yaml": {
+          "name": "preview_yaml",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "plan_artifact": {
+          "name": "plan_artifact",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "config": {
+          "name": "config",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "copilot_chats_user_id_idx": {
+          "name": "copilot_chats_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_chats_workflow_id_idx": {
+          "name": "copilot_chats_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_chats_user_workflow_idx": {
+          "name": "copilot_chats_user_workflow_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_chats_created_at_idx": {
+          "name": "copilot_chats_created_at_idx",
+          "columns": [
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_chats_updated_at_idx": {
+          "name": "copilot_chats_updated_at_idx",
+          "columns": [
+            {
+              "expression": "updated_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "copilot_chats_user_id_user_id_fk": {
+          "name": "copilot_chats_user_id_user_id_fk",
+          "tableFrom": "copilot_chats",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "copilot_chats_workflow_id_workflow_id_fk": {
+          "name": "copilot_chats_workflow_id_workflow_id_fk",
+          "tableFrom": "copilot_chats",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.copilot_feedback": {
+      "name": "copilot_feedback",
+      "schema": "",
+      "columns": {
+        "feedback_id": {
+          "name": "feedback_id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true,
+          "default": "gen_random_uuid()"
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "chat_id": {
+          "name": "chat_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "user_query": {
+          "name": "user_query",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "agent_response": {
+          "name": "agent_response",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "is_positive": {
+          "name": "is_positive",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "feedback": {
+          "name": "feedback",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "workflow_yaml": {
+          "name": "workflow_yaml",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "copilot_feedback_user_id_idx": {
+          "name": "copilot_feedback_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_feedback_chat_id_idx": {
+          "name": "copilot_feedback_chat_id_idx",
+          "columns": [
+            {
+              "expression": "chat_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_feedback_user_chat_idx": {
+          "name": "copilot_feedback_user_chat_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "chat_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_feedback_is_positive_idx": {
+          "name": "copilot_feedback_is_positive_idx",
+          "columns": [
+            {
+              "expression": "is_positive",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_feedback_created_at_idx": {
+          "name": "copilot_feedback_created_at_idx",
+          "columns": [
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "copilot_feedback_user_id_user_id_fk": {
+          "name": "copilot_feedback_user_id_user_id_fk",
+          "tableFrom": "copilot_feedback",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "copilot_feedback_chat_id_copilot_chats_id_fk": {
+          "name": "copilot_feedback_chat_id_copilot_chats_id_fk",
+          "tableFrom": "copilot_feedback",
+          "tableTo": "copilot_chats",
+          "columnsFrom": ["chat_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.credential_set": {
+      "name": "credential_set",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "organization_id": {
+          "name": "organization_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "provider_id": {
+          "name": "provider_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "credential_set_organization_id_idx": {
+          "name": "credential_set_organization_id_idx",
+          "columns": [
+            {
+              "expression": "organization_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_set_created_by_idx": {
+          "name": "credential_set_created_by_idx",
+          "columns": [
+            {
+              "expression": "created_by",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_set_org_name_unique": {
+          "name": "credential_set_org_name_unique",
+          "columns": [
+            {
+              "expression": "organization_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "name",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_set_provider_id_idx": {
+          "name": "credential_set_provider_id_idx",
+          "columns": [
+            {
+              "expression": "provider_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "credential_set_organization_id_organization_id_fk": {
+          "name": "credential_set_organization_id_organization_id_fk",
+          "tableFrom": "credential_set",
+          "tableTo": "organization",
+          "columnsFrom": ["organization_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "credential_set_created_by_user_id_fk": {
+          "name": "credential_set_created_by_user_id_fk",
+          "tableFrom": "credential_set",
+          "tableTo": "user",
+          "columnsFrom": ["created_by"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.credential_set_invitation": {
+      "name": "credential_set_invitation",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "credential_set_id": {
+          "name": "credential_set_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "email": {
+          "name": "email",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "token": {
+          "name": "token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "invited_by": {
+          "name": "invited_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "credential_set_invitation_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "accepted_at": {
+          "name": "accepted_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "accepted_by_user_id": {
+          "name": "accepted_by_user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "credential_set_invitation_set_id_idx": {
+          "name": "credential_set_invitation_set_id_idx",
+          "columns": [
+            {
+              "expression": "credential_set_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_set_invitation_token_idx": {
+          "name": "credential_set_invitation_token_idx",
+          "columns": [
+            {
+              "expression": "token",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_set_invitation_status_idx": {
+          "name": "credential_set_invitation_status_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_set_invitation_expires_at_idx": {
+          "name": "credential_set_invitation_expires_at_idx",
+          "columns": [
+            {
+              "expression": "expires_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "credential_set_invitation_credential_set_id_credential_set_id_fk": {
+          "name": "credential_set_invitation_credential_set_id_credential_set_id_fk",
+          "tableFrom": "credential_set_invitation",
+          "tableTo": "credential_set",
+          "columnsFrom": ["credential_set_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "credential_set_invitation_invited_by_user_id_fk": {
+          "name": "credential_set_invitation_invited_by_user_id_fk",
+          "tableFrom": "credential_set_invitation",
+          "tableTo": "user",
+          "columnsFrom": ["invited_by"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "credential_set_invitation_accepted_by_user_id_user_id_fk": {
+          "name": "credential_set_invitation_accepted_by_user_id_user_id_fk",
+          "tableFrom": "credential_set_invitation",
+          "tableTo": "user",
+          "columnsFrom": ["accepted_by_user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "credential_set_invitation_token_unique": {
+          "name": "credential_set_invitation_token_unique",
+          "nullsNotDistinct": false,
+          "columns": ["token"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.credential_set_member": {
+      "name": "credential_set_member",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "credential_set_id": {
+          "name": "credential_set_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "credential_set_member_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "joined_at": {
+          "name": "joined_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "invited_by": {
+          "name": "invited_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "credential_set_member_set_id_idx": {
+          "name": "credential_set_member_set_id_idx",
+          "columns": [
+            {
+              "expression": "credential_set_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_set_member_user_id_idx": {
+          "name": "credential_set_member_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_set_member_unique": {
+          "name": "credential_set_member_unique",
+          "columns": [
+            {
+              "expression": "credential_set_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_set_member_status_idx": {
+          "name": "credential_set_member_status_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "credential_set_member_credential_set_id_credential_set_id_fk": {
+          "name": "credential_set_member_credential_set_id_credential_set_id_fk",
+          "tableFrom": "credential_set_member",
+          "tableTo": "credential_set",
+          "columnsFrom": ["credential_set_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "credential_set_member_user_id_user_id_fk": {
+          "name": "credential_set_member_user_id_user_id_fk",
+          "tableFrom": "credential_set_member",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "credential_set_member_invited_by_user_id_fk": {
+          "name": "credential_set_member_invited_by_user_id_fk",
+          "tableFrom": "credential_set_member",
+          "tableTo": "user",
+          "columnsFrom": ["invited_by"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.custom_tools": {
+      "name": "custom_tools",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "title": {
+          "name": "title",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "schema": {
+          "name": "schema",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "code": {
+          "name": "code",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "custom_tools_workspace_id_idx": {
+          "name": "custom_tools_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "custom_tools_workspace_title_unique": {
+          "name": "custom_tools_workspace_title_unique",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "title",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "custom_tools_workspace_id_workspace_id_fk": {
+          "name": "custom_tools_workspace_id_workspace_id_fk",
+          "tableFrom": "custom_tools",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "custom_tools_user_id_user_id_fk": {
+          "name": "custom_tools_user_id_user_id_fk",
+          "tableFrom": "custom_tools",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.docs_embeddings": {
+      "name": "docs_embeddings",
+      "schema": "",
+      "columns": {
+        "chunk_id": {
+          "name": "chunk_id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true,
+          "default": "gen_random_uuid()"
+        },
+        "chunk_text": {
+          "name": "chunk_text",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "source_document": {
+          "name": "source_document",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "source_link": {
+          "name": "source_link",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "header_text": {
+          "name": "header_text",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "header_level": {
+          "name": "header_level",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "token_count": {
+          "name": "token_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "embedding": {
+          "name": "embedding",
+          "type": "vector(1536)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "embedding_model": {
+          "name": "embedding_model",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'text-embedding-3-small'"
+        },
+        "metadata": {
+          "name": "metadata",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "chunk_text_tsv": {
+          "name": "chunk_text_tsv",
+          "type": "tsvector",
+          "primaryKey": false,
+          "notNull": false,
+          "generated": {
+            "as": "to_tsvector('english', \"docs_embeddings\".\"chunk_text\")",
+            "type": "stored"
+          }
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "docs_emb_source_document_idx": {
+          "name": "docs_emb_source_document_idx",
+          "columns": [
+            {
+              "expression": "source_document",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "docs_emb_header_level_idx": {
+          "name": "docs_emb_header_level_idx",
+          "columns": [
+            {
+              "expression": "header_level",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "docs_emb_source_header_idx": {
+          "name": "docs_emb_source_header_idx",
+          "columns": [
+            {
+              "expression": "source_document",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "header_level",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "docs_emb_model_idx": {
+          "name": "docs_emb_model_idx",
+          "columns": [
+            {
+              "expression": "embedding_model",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "docs_emb_created_at_idx": {
+          "name": "docs_emb_created_at_idx",
+          "columns": [
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "docs_embedding_vector_hnsw_idx": {
+          "name": "docs_embedding_vector_hnsw_idx",
+          "columns": [
+            {
+              "expression": "embedding",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last",
+              "opclass": "vector_cosine_ops"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "hnsw",
+          "with": {
+            "m": 16,
+            "ef_construction": 64
+          }
+        },
+        "docs_emb_metadata_gin_idx": {
+          "name": "docs_emb_metadata_gin_idx",
+          "columns": [
+            {
+              "expression": "metadata",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "gin",
+          "with": {}
+        },
+        "docs_emb_chunk_text_fts_idx": {
+          "name": "docs_emb_chunk_text_fts_idx",
+          "columns": [
+            {
+              "expression": "chunk_text_tsv",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "gin",
+          "with": {}
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {
+        "docs_embedding_not_null_check": {
+          "name": "docs_embedding_not_null_check",
+          "value": "\"embedding\" IS NOT NULL"
+        },
+        "docs_header_level_check": {
+          "name": "docs_header_level_check",
+          "value": "\"header_level\" >= 1 AND \"header_level\" <= 6"
+        }
+      },
+      "isRLSEnabled": false
+    },
+    "public.document": {
+      "name": "document",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "knowledge_base_id": {
+          "name": "knowledge_base_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "filename": {
+          "name": "filename",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "file_url": {
+          "name": "file_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "file_size": {
+          "name": "file_size",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "mime_type": {
+          "name": "mime_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "chunk_count": {
+          "name": "chunk_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "token_count": {
+          "name": "token_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "character_count": {
+          "name": "character_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "processing_status": {
+          "name": "processing_status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "processing_started_at": {
+          "name": "processing_started_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "processing_completed_at": {
+          "name": "processing_completed_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "processing_error": {
+          "name": "processing_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "deleted_at": {
+          "name": "deleted_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag1": {
+          "name": "tag1",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag2": {
+          "name": "tag2",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag3": {
+          "name": "tag3",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag4": {
+          "name": "tag4",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag5": {
+          "name": "tag5",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag6": {
+          "name": "tag6",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag7": {
+          "name": "tag7",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number1": {
+          "name": "number1",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number2": {
+          "name": "number2",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number3": {
+          "name": "number3",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number4": {
+          "name": "number4",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number5": {
+          "name": "number5",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "date1": {
+          "name": "date1",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "date2": {
+          "name": "date2",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "boolean1": {
+          "name": "boolean1",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "boolean2": {
+          "name": "boolean2",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "boolean3": {
+          "name": "boolean3",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "uploaded_at": {
+          "name": "uploaded_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "doc_kb_id_idx": {
+          "name": "doc_kb_id_idx",
+          "columns": [
+            {
+              "expression": "knowledge_base_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_filename_idx": {
+          "name": "doc_filename_idx",
+          "columns": [
+            {
+              "expression": "filename",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_processing_status_idx": {
+          "name": "doc_processing_status_idx",
+          "columns": [
+            {
+              "expression": "knowledge_base_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "processing_status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_tag1_idx": {
+          "name": "doc_tag1_idx",
+          "columns": [
+            {
+              "expression": "tag1",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_tag2_idx": {
+          "name": "doc_tag2_idx",
+          "columns": [
+            {
+              "expression": "tag2",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_tag3_idx": {
+          "name": "doc_tag3_idx",
+          "columns": [
+            {
+              "expression": "tag3",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_tag4_idx": {
+          "name": "doc_tag4_idx",
+          "columns": [
+            {
+              "expression": "tag4",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_tag5_idx": {
+          "name": "doc_tag5_idx",
+          "columns": [
+            {
+              "expression": "tag5",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_tag6_idx": {
+          "name": "doc_tag6_idx",
+          "columns": [
+            {
+              "expression": "tag6",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_tag7_idx": {
+          "name": "doc_tag7_idx",
+          "columns": [
+            {
+              "expression": "tag7",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_number1_idx": {
+          "name": "doc_number1_idx",
+          "columns": [
+            {
+              "expression": "number1",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_number2_idx": {
+          "name": "doc_number2_idx",
+          "columns": [
+            {
+              "expression": "number2",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_number3_idx": {
+          "name": "doc_number3_idx",
+          "columns": [
+            {
+              "expression": "number3",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_number4_idx": {
+          "name": "doc_number4_idx",
+          "columns": [
+            {
+              "expression": "number4",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_number5_idx": {
+          "name": "doc_number5_idx",
+          "columns": [
+            {
+              "expression": "number5",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_date1_idx": {
+          "name": "doc_date1_idx",
+          "columns": [
+            {
+              "expression": "date1",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_date2_idx": {
+          "name": "doc_date2_idx",
+          "columns": [
+            {
+              "expression": "date2",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_boolean1_idx": {
+          "name": "doc_boolean1_idx",
+          "columns": [
+            {
+              "expression": "boolean1",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_boolean2_idx": {
+          "name": "doc_boolean2_idx",
+          "columns": [
+            {
+              "expression": "boolean2",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_boolean3_idx": {
+          "name": "doc_boolean3_idx",
+          "columns": [
+            {
+              "expression": "boolean3",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "document_knowledge_base_id_knowledge_base_id_fk": {
+          "name": "document_knowledge_base_id_knowledge_base_id_fk",
+          "tableFrom": "document",
+          "tableTo": "knowledge_base",
+          "columnsFrom": ["knowledge_base_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.embedding": {
+      "name": "embedding",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "knowledge_base_id": {
+          "name": "knowledge_base_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "document_id": {
+          "name": "document_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "chunk_index": {
+          "name": "chunk_index",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "chunk_hash": {
+          "name": "chunk_hash",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "content": {
+          "name": "content",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "content_length": {
+          "name": "content_length",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "token_count": {
+          "name": "token_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "embedding": {
+          "name": "embedding",
+          "type": "vector(1536)",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "embedding_model": {
+          "name": "embedding_model",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'text-embedding-3-small'"
+        },
+        "start_offset": {
+          "name": "start_offset",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "end_offset": {
+          "name": "end_offset",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "tag1": {
+          "name": "tag1",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag2": {
+          "name": "tag2",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag3": {
+          "name": "tag3",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag4": {
+          "name": "tag4",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag5": {
+          "name": "tag5",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag6": {
+          "name": "tag6",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag7": {
+          "name": "tag7",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number1": {
+          "name": "number1",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number2": {
+          "name": "number2",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number3": {
+          "name": "number3",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number4": {
+          "name": "number4",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number5": {
+          "name": "number5",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "date1": {
+          "name": "date1",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "date2": {
+          "name": "date2",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "boolean1": {
+          "name": "boolean1",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "boolean2": {
+          "name": "boolean2",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "boolean3": {
+          "name": "boolean3",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "content_tsv": {
+          "name": "content_tsv",
+          "type": "tsvector",
+          "primaryKey": false,
+          "notNull": false,
+          "generated": {
+            "as": "to_tsvector('english', \"embedding\".\"content\")",
+            "type": "stored"
+          }
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "emb_kb_id_idx": {
+          "name": "emb_kb_id_idx",
+          "columns": [
+            {
+              "expression": "knowledge_base_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_doc_id_idx": {
+          "name": "emb_doc_id_idx",
+          "columns": [
+            {
+              "expression": "document_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_doc_chunk_idx": {
+          "name": "emb_doc_chunk_idx",
+          "columns": [
+            {
+              "expression": "document_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "chunk_index",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_kb_model_idx": {
+          "name": "emb_kb_model_idx",
+          "columns": [
+            {
+              "expression": "knowledge_base_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "embedding_model",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_kb_enabled_idx": {
+          "name": "emb_kb_enabled_idx",
+          "columns": [
+            {
+              "expression": "knowledge_base_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "enabled",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_doc_enabled_idx": {
+          "name": "emb_doc_enabled_idx",
+          "columns": [
+            {
+              "expression": "document_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "enabled",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "embedding_vector_hnsw_idx": {
+          "name": "embedding_vector_hnsw_idx",
+          "columns": [
+            {
+              "expression": "embedding",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last",
+              "opclass": "vector_cosine_ops"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "hnsw",
+          "with": {
+            "m": 16,
+            "ef_construction": 64
+          }
+        },
+        "emb_tag1_idx": {
+          "name": "emb_tag1_idx",
+          "columns": [
+            {
+              "expression": "tag1",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_tag2_idx": {
+          "name": "emb_tag2_idx",
+          "columns": [
+            {
+              "expression": "tag2",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_tag3_idx": {
+          "name": "emb_tag3_idx",
+          "columns": [
+            {
+              "expression": "tag3",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_tag4_idx": {
+          "name": "emb_tag4_idx",
+          "columns": [
+            {
+              "expression": "tag4",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_tag5_idx": {
+          "name": "emb_tag5_idx",
+          "columns": [
+            {
+              "expression": "tag5",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_tag6_idx": {
+          "name": "emb_tag6_idx",
+          "columns": [
+            {
+              "expression": "tag6",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_tag7_idx": {
+          "name": "emb_tag7_idx",
+          "columns": [
+            {
+              "expression": "tag7",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_number1_idx": {
+          "name": "emb_number1_idx",
+          "columns": [
+            {
+              "expression": "number1",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_number2_idx": {
+          "name": "emb_number2_idx",
+          "columns": [
+            {
+              "expression": "number2",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_number3_idx": {
+          "name": "emb_number3_idx",
+          "columns": [
+            {
+              "expression": "number3",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_number4_idx": {
+          "name": "emb_number4_idx",
+          "columns": [
+            {
+              "expression": "number4",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_number5_idx": {
+          "name": "emb_number5_idx",
+          "columns": [
+            {
+              "expression": "number5",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_date1_idx": {
+          "name": "emb_date1_idx",
+          "columns": [
+            {
+              "expression": "date1",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_date2_idx": {
+          "name": "emb_date2_idx",
+          "columns": [
+            {
+              "expression": "date2",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_boolean1_idx": {
+          "name": "emb_boolean1_idx",
+          "columns": [
+            {
+              "expression": "boolean1",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_boolean2_idx": {
+          "name": "emb_boolean2_idx",
+          "columns": [
+            {
+              "expression": "boolean2",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_boolean3_idx": {
+          "name": "emb_boolean3_idx",
+          "columns": [
+            {
+              "expression": "boolean3",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_content_fts_idx": {
+          "name": "emb_content_fts_idx",
+          "columns": [
+            {
+              "expression": "content_tsv",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "gin",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "embedding_knowledge_base_id_knowledge_base_id_fk": {
+          "name": "embedding_knowledge_base_id_knowledge_base_id_fk",
+          "tableFrom": "embedding",
+          "tableTo": "knowledge_base",
+          "columnsFrom": ["knowledge_base_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "embedding_document_id_document_id_fk": {
+          "name": "embedding_document_id_document_id_fk",
+          "tableFrom": "embedding",
+          "tableTo": "document",
+          "columnsFrom": ["document_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {
+        "embedding_not_null_check": {
+          "name": "embedding_not_null_check",
+          "value": "\"embedding\" IS NOT NULL"
+        }
+      },
+      "isRLSEnabled": false
+    },
+    "public.environment": {
+      "name": "environment",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "variables": {
+          "name": "variables",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "environment_user_id_user_id_fk": {
+          "name": "environment_user_id_user_id_fk",
+          "tableFrom": "environment",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "environment_user_id_unique": {
+          "name": "environment_user_id_unique",
+          "nullsNotDistinct": false,
+          "columns": ["user_id"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.idempotency_key": {
+      "name": "idempotency_key",
+      "schema": "",
+      "columns": {
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "namespace": {
+          "name": "namespace",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'default'"
+        },
+        "result": {
+          "name": "result",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "idempotency_key_namespace_unique": {
+          "name": "idempotency_key_namespace_unique",
+          "columns": [
+            {
+              "expression": "key",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "namespace",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "idempotency_key_created_at_idx": {
+          "name": "idempotency_key_created_at_idx",
+          "columns": [
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "idempotency_key_namespace_idx": {
+          "name": "idempotency_key_namespace_idx",
+          "columns": [
+            {
+              "expression": "namespace",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.invitation": {
+      "name": "invitation",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "email": {
+          "name": "email",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "inviter_id": {
+          "name": "inviter_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "organization_id": {
+          "name": "organization_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "role": {
+          "name": "role",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "invitation_email_idx": {
+          "name": "invitation_email_idx",
+          "columns": [
+            {
+              "expression": "email",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "invitation_organization_id_idx": {
+          "name": "invitation_organization_id_idx",
+          "columns": [
+            {
+              "expression": "organization_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "invitation_inviter_id_user_id_fk": {
+          "name": "invitation_inviter_id_user_id_fk",
+          "tableFrom": "invitation",
+          "tableTo": "user",
+          "columnsFrom": ["inviter_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "invitation_organization_id_organization_id_fk": {
+          "name": "invitation_organization_id_organization_id_fk",
+          "tableFrom": "invitation",
+          "tableTo": "organization",
+          "columnsFrom": ["organization_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.knowledge_base": {
+      "name": "knowledge_base",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "token_count": {
+          "name": "token_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "embedding_model": {
+          "name": "embedding_model",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'text-embedding-3-small'"
+        },
+        "embedding_dimension": {
+          "name": "embedding_dimension",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 1536
+        },
+        "chunking_config": {
+          "name": "chunking_config",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{\"maxSize\": 1024, \"minSize\": 1, \"overlap\": 200}'"
+        },
+        "deleted_at": {
+          "name": "deleted_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "kb_user_id_idx": {
+          "name": "kb_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "kb_workspace_id_idx": {
+          "name": "kb_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "kb_user_workspace_idx": {
+          "name": "kb_user_workspace_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "kb_deleted_at_idx": {
+          "name": "kb_deleted_at_idx",
+          "columns": [
+            {
+              "expression": "deleted_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "knowledge_base_user_id_user_id_fk": {
+          "name": "knowledge_base_user_id_user_id_fk",
+          "tableFrom": "knowledge_base",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "knowledge_base_workspace_id_workspace_id_fk": {
+          "name": "knowledge_base_workspace_id_workspace_id_fk",
+          "tableFrom": "knowledge_base",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.knowledge_base_tag_definitions": {
+      "name": "knowledge_base_tag_definitions",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "knowledge_base_id": {
+          "name": "knowledge_base_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "tag_slot": {
+          "name": "tag_slot",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "display_name": {
+          "name": "display_name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "field_type": {
+          "name": "field_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'text'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "kb_tag_definitions_kb_slot_idx": {
+          "name": "kb_tag_definitions_kb_slot_idx",
+          "columns": [
+            {
+              "expression": "knowledge_base_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "tag_slot",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "kb_tag_definitions_kb_display_name_idx": {
+          "name": "kb_tag_definitions_kb_display_name_idx",
+          "columns": [
+            {
+              "expression": "knowledge_base_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "display_name",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "kb_tag_definitions_kb_id_idx": {
+          "name": "kb_tag_definitions_kb_id_idx",
+          "columns": [
+            {
+              "expression": "knowledge_base_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "knowledge_base_tag_definitions_knowledge_base_id_knowledge_base_id_fk": {
+          "name": "knowledge_base_tag_definitions_knowledge_base_id_knowledge_base_id_fk",
+          "tableFrom": "knowledge_base_tag_definitions",
+          "tableTo": "knowledge_base",
+          "columnsFrom": ["knowledge_base_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.mcp_servers": {
+      "name": "mcp_servers",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "transport": {
+          "name": "transport",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "url": {
+          "name": "url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "headers": {
+          "name": "headers",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'{}'"
+        },
+        "timeout": {
+          "name": "timeout",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 30000
+        },
+        "retries": {
+          "name": "retries",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 3
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "last_connected": {
+          "name": "last_connected",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "connection_status": {
+          "name": "connection_status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'disconnected'"
+        },
+        "last_error": {
+          "name": "last_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "status_config": {
+          "name": "status_config",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'{}'"
+        },
+        "tool_count": {
+          "name": "tool_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 0
+        },
+        "last_tools_refresh": {
+          "name": "last_tools_refresh",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "total_requests": {
+          "name": "total_requests",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 0
+        },
+        "last_used": {
+          "name": "last_used",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "deleted_at": {
+          "name": "deleted_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "mcp_servers_workspace_enabled_idx": {
+          "name": "mcp_servers_workspace_enabled_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "enabled",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "mcp_servers_workspace_deleted_idx": {
+          "name": "mcp_servers_workspace_deleted_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "deleted_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "mcp_servers_workspace_id_workspace_id_fk": {
+          "name": "mcp_servers_workspace_id_workspace_id_fk",
+          "tableFrom": "mcp_servers",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "mcp_servers_created_by_user_id_fk": {
+          "name": "mcp_servers_created_by_user_id_fk",
+          "tableFrom": "mcp_servers",
+          "tableTo": "user",
+          "columnsFrom": ["created_by"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.member": {
+      "name": "member",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "organization_id": {
+          "name": "organization_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "role": {
+          "name": "role",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "member_user_id_idx": {
+          "name": "member_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "member_organization_id_idx": {
+          "name": "member_organization_id_idx",
+          "columns": [
+            {
+              "expression": "organization_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "member_user_id_user_id_fk": {
+          "name": "member_user_id_user_id_fk",
+          "tableFrom": "member",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "member_organization_id_organization_id_fk": {
+          "name": "member_organization_id_organization_id_fk",
+          "tableFrom": "member",
+          "tableTo": "organization",
+          "columnsFrom": ["organization_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.memory": {
+      "name": "memory",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "data": {
+          "name": "data",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "deleted_at": {
+          "name": "deleted_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "memory_key_idx": {
+          "name": "memory_key_idx",
+          "columns": [
+            {
+              "expression": "key",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "memory_workspace_idx": {
+          "name": "memory_workspace_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "memory_workspace_key_idx": {
+          "name": "memory_workspace_key_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "key",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "memory_workspace_id_workspace_id_fk": {
+          "name": "memory_workspace_id_workspace_id_fk",
+          "tableFrom": "memory",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.organization": {
+      "name": "organization",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "slug": {
+          "name": "slug",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "logo": {
+          "name": "logo",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "metadata": {
+          "name": "metadata",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "org_usage_limit": {
+          "name": "org_usage_limit",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "storage_used_bytes": {
+          "name": "storage_used_bytes",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "departed_member_usage": {
+          "name": "departed_member_usage",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "credit_balance": {
+          "name": "credit_balance",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.paused_executions": {
+      "name": "paused_executions",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "execution_id": {
+          "name": "execution_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "execution_snapshot": {
+          "name": "execution_snapshot",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "pause_points": {
+          "name": "pause_points",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "total_pause_count": {
+          "name": "total_pause_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "resumed_count": {
+          "name": "resumed_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'paused'"
+        },
+        "metadata": {
+          "name": "metadata",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'::jsonb"
+        },
+        "paused_at": {
+          "name": "paused_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "paused_executions_workflow_id_idx": {
+          "name": "paused_executions_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "paused_executions_status_idx": {
+          "name": "paused_executions_status_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "paused_executions_execution_id_unique": {
+          "name": "paused_executions_execution_id_unique",
+          "columns": [
+            {
+              "expression": "execution_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "paused_executions_workflow_id_workflow_id_fk": {
+          "name": "paused_executions_workflow_id_workflow_id_fk",
+          "tableFrom": "paused_executions",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.permissions": {
+      "name": "permissions",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "entity_type": {
+          "name": "entity_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "entity_id": {
+          "name": "entity_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "permission_type": {
+          "name": "permission_type",
+          "type": "permission_type",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "permissions_user_id_idx": {
+          "name": "permissions_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "permissions_entity_idx": {
+          "name": "permissions_entity_idx",
+          "columns": [
+            {
+              "expression": "entity_type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "entity_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "permissions_user_entity_type_idx": {
+          "name": "permissions_user_entity_type_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "entity_type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "permissions_user_entity_permission_idx": {
+          "name": "permissions_user_entity_permission_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "entity_type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "permission_type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "permissions_user_entity_idx": {
+          "name": "permissions_user_entity_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "entity_type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "entity_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "permissions_unique_constraint": {
+          "name": "permissions_unique_constraint",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "entity_type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "entity_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "permissions_user_id_user_id_fk": {
+          "name": "permissions_user_id_user_id_fk",
+          "tableFrom": "permissions",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.rate_limit_bucket": {
+      "name": "rate_limit_bucket",
+      "schema": "",
+      "columns": {
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "tokens": {
+          "name": "tokens",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "last_refill_at": {
+          "name": "last_refill_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.resume_queue": {
+      "name": "resume_queue",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "paused_execution_id": {
+          "name": "paused_execution_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "parent_execution_id": {
+          "name": "parent_execution_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "new_execution_id": {
+          "name": "new_execution_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "context_id": {
+          "name": "context_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "resume_input": {
+          "name": "resume_input",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "queued_at": {
+          "name": "queued_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "claimed_at": {
+          "name": "claimed_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "completed_at": {
+          "name": "completed_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "failure_reason": {
+          "name": "failure_reason",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "resume_queue_parent_status_idx": {
+          "name": "resume_queue_parent_status_idx",
+          "columns": [
+            {
+              "expression": "parent_execution_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "queued_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "resume_queue_new_execution_idx": {
+          "name": "resume_queue_new_execution_idx",
+          "columns": [
+            {
+              "expression": "new_execution_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "resume_queue_paused_execution_id_paused_executions_id_fk": {
+          "name": "resume_queue_paused_execution_id_paused_executions_id_fk",
+          "tableFrom": "resume_queue",
+          "tableTo": "paused_executions",
+          "columnsFrom": ["paused_execution_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.session": {
+      "name": "session",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "token": {
+          "name": "token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "ip_address": {
+          "name": "ip_address",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "user_agent": {
+          "name": "user_agent",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "active_organization_id": {
+          "name": "active_organization_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "session_user_id_idx": {
+          "name": "session_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "session_token_idx": {
+          "name": "session_token_idx",
+          "columns": [
+            {
+              "expression": "token",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "session_user_id_user_id_fk": {
+          "name": "session_user_id_user_id_fk",
+          "tableFrom": "session",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "session_active_organization_id_organization_id_fk": {
+          "name": "session_active_organization_id_organization_id_fk",
+          "tableFrom": "session",
+          "tableTo": "organization",
+          "columnsFrom": ["active_organization_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "session_token_unique": {
+          "name": "session_token_unique",
+          "nullsNotDistinct": false,
+          "columns": ["token"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.settings": {
+      "name": "settings",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "theme": {
+          "name": "theme",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'system'"
+        },
+        "auto_connect": {
+          "name": "auto_connect",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "telemetry_enabled": {
+          "name": "telemetry_enabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "email_preferences": {
+          "name": "email_preferences",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "billing_usage_notifications_enabled": {
+          "name": "billing_usage_notifications_enabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "show_training_controls": {
+          "name": "show_training_controls",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "super_user_mode_enabled": {
+          "name": "super_user_mode_enabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "error_notifications_enabled": {
+          "name": "error_notifications_enabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "snap_to_grid_size": {
+          "name": "snap_to_grid_size",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "copilot_enabled_models": {
+          "name": "copilot_enabled_models",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "copilot_auto_allowed_tools": {
+          "name": "copilot_auto_allowed_tools",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'[]'"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "settings_user_id_user_id_fk": {
+          "name": "settings_user_id_user_id_fk",
+          "tableFrom": "settings",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "settings_user_id_unique": {
+          "name": "settings_user_id_unique",
+          "nullsNotDistinct": false,
+          "columns": ["user_id"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.sso_provider": {
+      "name": "sso_provider",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "issuer": {
+          "name": "issuer",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "domain": {
+          "name": "domain",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "oidc_config": {
+          "name": "oidc_config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "saml_config": {
+          "name": "saml_config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "provider_id": {
+          "name": "provider_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "organization_id": {
+          "name": "organization_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "sso_provider_provider_id_idx": {
+          "name": "sso_provider_provider_id_idx",
+          "columns": [
+            {
+              "expression": "provider_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "sso_provider_domain_idx": {
+          "name": "sso_provider_domain_idx",
+          "columns": [
+            {
+              "expression": "domain",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "sso_provider_user_id_idx": {
+          "name": "sso_provider_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "sso_provider_organization_id_idx": {
+          "name": "sso_provider_organization_id_idx",
+          "columns": [
+            {
+              "expression": "organization_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "sso_provider_user_id_user_id_fk": {
+          "name": "sso_provider_user_id_user_id_fk",
+          "tableFrom": "sso_provider",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "sso_provider_organization_id_organization_id_fk": {
+          "name": "sso_provider_organization_id_organization_id_fk",
+          "tableFrom": "sso_provider",
+          "tableTo": "organization",
+          "columnsFrom": ["organization_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.subscription": {
+      "name": "subscription",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "plan": {
+          "name": "plan",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "reference_id": {
+          "name": "reference_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "stripe_customer_id": {
+          "name": "stripe_customer_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "stripe_subscription_id": {
+          "name": "stripe_subscription_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "period_start": {
+          "name": "period_start",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "period_end": {
+          "name": "period_end",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "cancel_at_period_end": {
+          "name": "cancel_at_period_end",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "seats": {
+          "name": "seats",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "trial_start": {
+          "name": "trial_start",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "trial_end": {
+          "name": "trial_end",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "metadata": {
+          "name": "metadata",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "subscription_reference_status_idx": {
+          "name": "subscription_reference_status_idx",
+          "columns": [
+            {
+              "expression": "reference_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {
+        "check_enterprise_metadata": {
+          "name": "check_enterprise_metadata",
+          "value": "plan != 'enterprise' OR metadata IS NOT NULL"
+        }
+      },
+      "isRLSEnabled": false
+    },
+    "public.template_creators": {
+      "name": "template_creators",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "reference_type": {
+          "name": "reference_type",
+          "type": "template_creator_type",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "reference_id": {
+          "name": "reference_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "profile_image_url": {
+          "name": "profile_image_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "details": {
+          "name": "details",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "verified": {
+          "name": "verified",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "template_creators_reference_idx": {
+          "name": "template_creators_reference_idx",
+          "columns": [
+            {
+              "expression": "reference_type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "reference_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "template_creators_reference_id_idx": {
+          "name": "template_creators_reference_id_idx",
+          "columns": [
+            {
+              "expression": "reference_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "template_creators_created_by_idx": {
+          "name": "template_creators_created_by_idx",
+          "columns": [
+            {
+              "expression": "created_by",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "template_creators_created_by_user_id_fk": {
+          "name": "template_creators_created_by_user_id_fk",
+          "tableFrom": "template_creators",
+          "tableTo": "user",
+          "columnsFrom": ["created_by"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.template_stars": {
+      "name": "template_stars",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "template_id": {
+          "name": "template_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "starred_at": {
+          "name": "starred_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "template_stars_user_id_idx": {
+          "name": "template_stars_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "template_stars_template_id_idx": {
+          "name": "template_stars_template_id_idx",
+          "columns": [
+            {
+              "expression": "template_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "template_stars_user_template_idx": {
+          "name": "template_stars_user_template_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "template_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "template_stars_template_user_idx": {
+          "name": "template_stars_template_user_idx",
+          "columns": [
+            {
+              "expression": "template_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "template_stars_starred_at_idx": {
+          "name": "template_stars_starred_at_idx",
+          "columns": [
+            {
+              "expression": "starred_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "template_stars_template_starred_at_idx": {
+          "name": "template_stars_template_starred_at_idx",
+          "columns": [
+            {
+              "expression": "template_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "starred_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "template_stars_user_template_unique": {
+          "name": "template_stars_user_template_unique",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "template_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "template_stars_user_id_user_id_fk": {
+          "name": "template_stars_user_id_user_id_fk",
+          "tableFrom": "template_stars",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "template_stars_template_id_templates_id_fk": {
+          "name": "template_stars_template_id_templates_id_fk",
+          "tableFrom": "template_stars",
+          "tableTo": "templates",
+          "columnsFrom": ["template_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.templates": {
+      "name": "templates",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "details": {
+          "name": "details",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "creator_id": {
+          "name": "creator_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "views": {
+          "name": "views",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "stars": {
+          "name": "stars",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "status": {
+          "name": "status",
+          "type": "template_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "tags": {
+          "name": "tags",
+          "type": "text[]",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'::text[]"
+        },
+        "required_credentials": {
+          "name": "required_credentials",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'[]'"
+        },
+        "state": {
+          "name": "state",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "og_image_url": {
+          "name": "og_image_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "templates_status_idx": {
+          "name": "templates_status_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "templates_creator_id_idx": {
+          "name": "templates_creator_id_idx",
+          "columns": [
+            {
+              "expression": "creator_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "templates_views_idx": {
+          "name": "templates_views_idx",
+          "columns": [
+            {
+              "expression": "views",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "templates_stars_idx": {
+          "name": "templates_stars_idx",
+          "columns": [
+            {
+              "expression": "stars",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "templates_status_views_idx": {
+          "name": "templates_status_views_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "views",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "templates_status_stars_idx": {
+          "name": "templates_status_stars_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "stars",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "templates_created_at_idx": {
+          "name": "templates_created_at_idx",
+          "columns": [
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "templates_updated_at_idx": {
+          "name": "templates_updated_at_idx",
+          "columns": [
+            {
+              "expression": "updated_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "templates_workflow_id_workflow_id_fk": {
+          "name": "templates_workflow_id_workflow_id_fk",
+          "tableFrom": "templates",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        },
+        "templates_creator_id_template_creators_id_fk": {
+          "name": "templates_creator_id_template_creators_id_fk",
+          "tableFrom": "templates",
+          "tableTo": "template_creators",
+          "columnsFrom": ["creator_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.usage_log": {
+      "name": "usage_log",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "category": {
+          "name": "category",
+          "type": "usage_log_category",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "source": {
+          "name": "source",
+          "type": "usage_log_source",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "metadata": {
+          "name": "metadata",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "cost": {
+          "name": "cost",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "execution_id": {
+          "name": "execution_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "usage_log_user_created_at_idx": {
+          "name": "usage_log_user_created_at_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "usage_log_source_idx": {
+          "name": "usage_log_source_idx",
+          "columns": [
+            {
+              "expression": "source",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "usage_log_workspace_id_idx": {
+          "name": "usage_log_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "usage_log_workflow_id_idx": {
+          "name": "usage_log_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "usage_log_user_id_user_id_fk": {
+          "name": "usage_log_user_id_user_id_fk",
+          "tableFrom": "usage_log",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "usage_log_workspace_id_workspace_id_fk": {
+          "name": "usage_log_workspace_id_workspace_id_fk",
+          "tableFrom": "usage_log",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        },
+        "usage_log_workflow_id_workflow_id_fk": {
+          "name": "usage_log_workflow_id_workflow_id_fk",
+          "tableFrom": "usage_log",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.user": {
+      "name": "user",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "email": {
+          "name": "email",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "email_verified": {
+          "name": "email_verified",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "image": {
+          "name": "image",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "stripe_customer_id": {
+          "name": "stripe_customer_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "is_super_user": {
+          "name": "is_super_user",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "user_email_unique": {
+          "name": "user_email_unique",
+          "nullsNotDistinct": false,
+          "columns": ["email"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.user_stats": {
+      "name": "user_stats",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "total_manual_executions": {
+          "name": "total_manual_executions",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "total_api_calls": {
+          "name": "total_api_calls",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "total_webhook_triggers": {
+          "name": "total_webhook_triggers",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "total_scheduled_executions": {
+          "name": "total_scheduled_executions",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "total_chat_executions": {
+          "name": "total_chat_executions",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "total_tokens_used": {
+          "name": "total_tokens_used",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "total_cost": {
+          "name": "total_cost",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "current_usage_limit": {
+          "name": "current_usage_limit",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'20'"
+        },
+        "usage_limit_updated_at": {
+          "name": "usage_limit_updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "now()"
+        },
+        "current_period_cost": {
+          "name": "current_period_cost",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "last_period_cost": {
+          "name": "last_period_cost",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'0'"
+        },
+        "billed_overage_this_period": {
+          "name": "billed_overage_this_period",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "pro_period_cost_snapshot": {
+          "name": "pro_period_cost_snapshot",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'0'"
+        },
+        "credit_balance": {
+          "name": "credit_balance",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "total_copilot_cost": {
+          "name": "total_copilot_cost",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "current_period_copilot_cost": {
+          "name": "current_period_copilot_cost",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "last_period_copilot_cost": {
+          "name": "last_period_copilot_cost",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'0'"
+        },
+        "total_copilot_tokens": {
+          "name": "total_copilot_tokens",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "total_copilot_calls": {
+          "name": "total_copilot_calls",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "storage_used_bytes": {
+          "name": "storage_used_bytes",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "last_active": {
+          "name": "last_active",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "billing_blocked": {
+          "name": "billing_blocked",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "billing_blocked_reason": {
+          "name": "billing_blocked_reason",
+          "type": "billing_blocked_reason",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "user_stats_user_id_user_id_fk": {
+          "name": "user_stats_user_id_user_id_fk",
+          "tableFrom": "user_stats",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "user_stats_user_id_unique": {
+          "name": "user_stats_user_id_unique",
+          "nullsNotDistinct": false,
+          "columns": ["user_id"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.verification": {
+      "name": "verification",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "identifier": {
+          "name": "identifier",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "value": {
+          "name": "value",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "verification_identifier_idx": {
+          "name": "verification_identifier_idx",
+          "columns": [
+            {
+              "expression": "identifier",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "verification_expires_at_idx": {
+          "name": "verification_expires_at_idx",
+          "columns": [
+            {
+              "expression": "expires_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.waitlist": {
+      "name": "waitlist",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "email": {
+          "name": "email",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "waitlist_email_unique": {
+          "name": "waitlist_email_unique",
+          "nullsNotDistinct": false,
+          "columns": ["email"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.webhook": {
+      "name": "webhook",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "block_id": {
+          "name": "block_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "path": {
+          "name": "path",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "provider": {
+          "name": "provider",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "provider_config": {
+          "name": "provider_config",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "is_active": {
+          "name": "is_active",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "failed_count": {
+          "name": "failed_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 0
+        },
+        "last_failed_at": {
+          "name": "last_failed_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "credential_set_id": {
+          "name": "credential_set_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "path_idx": {
+          "name": "path_idx",
+          "columns": [
+            {
+              "expression": "path",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "idx_webhook_on_workflow_id_block_id": {
+          "name": "idx_webhook_on_workflow_id_block_id",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "block_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "webhook_credential_set_id_idx": {
+          "name": "webhook_credential_set_id_idx",
+          "columns": [
+            {
+              "expression": "credential_set_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "webhook_workflow_id_workflow_id_fk": {
+          "name": "webhook_workflow_id_workflow_id_fk",
+          "tableFrom": "webhook",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "webhook_block_id_workflow_blocks_id_fk": {
+          "name": "webhook_block_id_workflow_blocks_id_fk",
+          "tableFrom": "webhook",
+          "tableTo": "workflow_blocks",
+          "columnsFrom": ["block_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "webhook_credential_set_id_credential_set_id_fk": {
+          "name": "webhook_credential_set_id_credential_set_id_fk",
+          "tableFrom": "webhook",
+          "tableTo": "credential_set",
+          "columnsFrom": ["credential_set_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow": {
+      "name": "workflow",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "folder_id": {
+          "name": "folder_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "color": {
+          "name": "color",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'#3972F6'"
+        },
+        "last_synced": {
+          "name": "last_synced",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "is_deployed": {
+          "name": "is_deployed",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "deployed_at": {
+          "name": "deployed_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "run_count": {
+          "name": "run_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "last_run_at": {
+          "name": "last_run_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "variables": {
+          "name": "variables",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'{}'"
+        }
+      },
+      "indexes": {
+        "workflow_user_id_idx": {
+          "name": "workflow_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_workspace_id_idx": {
+          "name": "workflow_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_user_workspace_idx": {
+          "name": "workflow_user_workspace_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_user_id_user_id_fk": {
+          "name": "workflow_user_id_user_id_fk",
+          "tableFrom": "workflow",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_workspace_id_workspace_id_fk": {
+          "name": "workflow_workspace_id_workspace_id_fk",
+          "tableFrom": "workflow",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_folder_id_workflow_folder_id_fk": {
+          "name": "workflow_folder_id_workflow_folder_id_fk",
+          "tableFrom": "workflow",
+          "tableTo": "workflow_folder",
+          "columnsFrom": ["folder_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_blocks": {
+      "name": "workflow_blocks",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "position_x": {
+          "name": "position_x",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "position_y": {
+          "name": "position_y",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "horizontal_handles": {
+          "name": "horizontal_handles",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "is_wide": {
+          "name": "is_wide",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "advanced_mode": {
+          "name": "advanced_mode",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "trigger_mode": {
+          "name": "trigger_mode",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "height": {
+          "name": "height",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "sub_blocks": {
+          "name": "sub_blocks",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "outputs": {
+          "name": "outputs",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "data": {
+          "name": "data",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'{}'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_blocks_workflow_id_idx": {
+          "name": "workflow_blocks_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_blocks_type_idx": {
+          "name": "workflow_blocks_type_idx",
+          "columns": [
+            {
+              "expression": "type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_blocks_workflow_id_workflow_id_fk": {
+          "name": "workflow_blocks_workflow_id_workflow_id_fk",
+          "tableFrom": "workflow_blocks",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_checkpoints": {
+      "name": "workflow_checkpoints",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true,
+          "default": "gen_random_uuid()"
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "chat_id": {
+          "name": "chat_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "message_id": {
+          "name": "message_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "workflow_state": {
+          "name": "workflow_state",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_checkpoints_user_id_idx": {
+          "name": "workflow_checkpoints_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_checkpoints_workflow_id_idx": {
+          "name": "workflow_checkpoints_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_checkpoints_chat_id_idx": {
+          "name": "workflow_checkpoints_chat_id_idx",
+          "columns": [
+            {
+              "expression": "chat_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_checkpoints_message_id_idx": {
+          "name": "workflow_checkpoints_message_id_idx",
+          "columns": [
+            {
+              "expression": "message_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_checkpoints_user_workflow_idx": {
+          "name": "workflow_checkpoints_user_workflow_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_checkpoints_workflow_chat_idx": {
+          "name": "workflow_checkpoints_workflow_chat_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "chat_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_checkpoints_created_at_idx": {
+          "name": "workflow_checkpoints_created_at_idx",
+          "columns": [
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_checkpoints_chat_created_at_idx": {
+          "name": "workflow_checkpoints_chat_created_at_idx",
+          "columns": [
+            {
+              "expression": "chat_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_checkpoints_user_id_user_id_fk": {
+          "name": "workflow_checkpoints_user_id_user_id_fk",
+          "tableFrom": "workflow_checkpoints",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_checkpoints_workflow_id_workflow_id_fk": {
+          "name": "workflow_checkpoints_workflow_id_workflow_id_fk",
+          "tableFrom": "workflow_checkpoints",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_checkpoints_chat_id_copilot_chats_id_fk": {
+          "name": "workflow_checkpoints_chat_id_copilot_chats_id_fk",
+          "tableFrom": "workflow_checkpoints",
+          "tableTo": "copilot_chats",
+          "columnsFrom": ["chat_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_deployment_version": {
+      "name": "workflow_deployment_version",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "version": {
+          "name": "version",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "state": {
+          "name": "state",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "is_active": {
+          "name": "is_active",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "workflow_deployment_version_workflow_version_unique": {
+          "name": "workflow_deployment_version_workflow_version_unique",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "version",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_deployment_version_workflow_active_idx": {
+          "name": "workflow_deployment_version_workflow_active_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "is_active",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_deployment_version_created_at_idx": {
+          "name": "workflow_deployment_version_created_at_idx",
+          "columns": [
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_deployment_version_workflow_id_workflow_id_fk": {
+          "name": "workflow_deployment_version_workflow_id_workflow_id_fk",
+          "tableFrom": "workflow_deployment_version",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_edges": {
+      "name": "workflow_edges",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "source_block_id": {
+          "name": "source_block_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "target_block_id": {
+          "name": "target_block_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "source_handle": {
+          "name": "source_handle",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "target_handle": {
+          "name": "target_handle",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_edges_workflow_id_idx": {
+          "name": "workflow_edges_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_edges_workflow_source_idx": {
+          "name": "workflow_edges_workflow_source_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "source_block_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_edges_workflow_target_idx": {
+          "name": "workflow_edges_workflow_target_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "target_block_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_edges_workflow_id_workflow_id_fk": {
+          "name": "workflow_edges_workflow_id_workflow_id_fk",
+          "tableFrom": "workflow_edges",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_edges_source_block_id_workflow_blocks_id_fk": {
+          "name": "workflow_edges_source_block_id_workflow_blocks_id_fk",
+          "tableFrom": "workflow_edges",
+          "tableTo": "workflow_blocks",
+          "columnsFrom": ["source_block_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_edges_target_block_id_workflow_blocks_id_fk": {
+          "name": "workflow_edges_target_block_id_workflow_blocks_id_fk",
+          "tableFrom": "workflow_edges",
+          "tableTo": "workflow_blocks",
+          "columnsFrom": ["target_block_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_execution_logs": {
+      "name": "workflow_execution_logs",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "execution_id": {
+          "name": "execution_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "state_snapshot_id": {
+          "name": "state_snapshot_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "deployment_version_id": {
+          "name": "deployment_version_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "level": {
+          "name": "level",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'running'"
+        },
+        "trigger": {
+          "name": "trigger",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "started_at": {
+          "name": "started_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "ended_at": {
+          "name": "ended_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "total_duration_ms": {
+          "name": "total_duration_ms",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "execution_data": {
+          "name": "execution_data",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "cost": {
+          "name": "cost",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "files": {
+          "name": "files",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_execution_logs_workflow_id_idx": {
+          "name": "workflow_execution_logs_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_execution_logs_state_snapshot_id_idx": {
+          "name": "workflow_execution_logs_state_snapshot_id_idx",
+          "columns": [
+            {
+              "expression": "state_snapshot_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_execution_logs_deployment_version_id_idx": {
+          "name": "workflow_execution_logs_deployment_version_id_idx",
+          "columns": [
+            {
+              "expression": "deployment_version_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_execution_logs_trigger_idx": {
+          "name": "workflow_execution_logs_trigger_idx",
+          "columns": [
+            {
+              "expression": "trigger",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_execution_logs_level_idx": {
+          "name": "workflow_execution_logs_level_idx",
+          "columns": [
+            {
+              "expression": "level",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_execution_logs_started_at_idx": {
+          "name": "workflow_execution_logs_started_at_idx",
+          "columns": [
+            {
+              "expression": "started_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_execution_logs_execution_id_unique": {
+          "name": "workflow_execution_logs_execution_id_unique",
+          "columns": [
+            {
+              "expression": "execution_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_execution_logs_workflow_started_at_idx": {
+          "name": "workflow_execution_logs_workflow_started_at_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "started_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_execution_logs_workspace_started_at_idx": {
+          "name": "workflow_execution_logs_workspace_started_at_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "started_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_execution_logs_workflow_id_workflow_id_fk": {
+          "name": "workflow_execution_logs_workflow_id_workflow_id_fk",
+          "tableFrom": "workflow_execution_logs",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_execution_logs_workspace_id_workspace_id_fk": {
+          "name": "workflow_execution_logs_workspace_id_workspace_id_fk",
+          "tableFrom": "workflow_execution_logs",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_execution_logs_state_snapshot_id_workflow_execution_snapshots_id_fk": {
+          "name": "workflow_execution_logs_state_snapshot_id_workflow_execution_snapshots_id_fk",
+          "tableFrom": "workflow_execution_logs",
+          "tableTo": "workflow_execution_snapshots",
+          "columnsFrom": ["state_snapshot_id"],
+          "columnsTo": ["id"],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        },
+        "workflow_execution_logs_deployment_version_id_workflow_deployment_version_id_fk": {
+          "name": "workflow_execution_logs_deployment_version_id_workflow_deployment_version_id_fk",
+          "tableFrom": "workflow_execution_logs",
+          "tableTo": "workflow_deployment_version",
+          "columnsFrom": ["deployment_version_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_execution_snapshots": {
+      "name": "workflow_execution_snapshots",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "state_hash": {
+          "name": "state_hash",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "state_data": {
+          "name": "state_data",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_snapshots_workflow_id_idx": {
+          "name": "workflow_snapshots_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_snapshots_hash_idx": {
+          "name": "workflow_snapshots_hash_idx",
+          "columns": [
+            {
+              "expression": "state_hash",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_snapshots_workflow_hash_idx": {
+          "name": "workflow_snapshots_workflow_hash_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "state_hash",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_snapshots_created_at_idx": {
+          "name": "workflow_snapshots_created_at_idx",
+          "columns": [
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_execution_snapshots_workflow_id_workflow_id_fk": {
+          "name": "workflow_execution_snapshots_workflow_id_workflow_id_fk",
+          "tableFrom": "workflow_execution_snapshots",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_folder": {
+      "name": "workflow_folder",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "parent_id": {
+          "name": "parent_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "color": {
+          "name": "color",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'#6B7280'"
+        },
+        "is_expanded": {
+          "name": "is_expanded",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "sort_order": {
+          "name": "sort_order",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_folder_user_idx": {
+          "name": "workflow_folder_user_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_folder_workspace_parent_idx": {
+          "name": "workflow_folder_workspace_parent_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "parent_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_folder_parent_sort_idx": {
+          "name": "workflow_folder_parent_sort_idx",
+          "columns": [
+            {
+              "expression": "parent_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "sort_order",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_folder_user_id_user_id_fk": {
+          "name": "workflow_folder_user_id_user_id_fk",
+          "tableFrom": "workflow_folder",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_folder_workspace_id_workspace_id_fk": {
+          "name": "workflow_folder_workspace_id_workspace_id_fk",
+          "tableFrom": "workflow_folder",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_mcp_server": {
+      "name": "workflow_mcp_server",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_mcp_server_workspace_id_idx": {
+          "name": "workflow_mcp_server_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_mcp_server_created_by_idx": {
+          "name": "workflow_mcp_server_created_by_idx",
+          "columns": [
+            {
+              "expression": "created_by",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_mcp_server_workspace_id_workspace_id_fk": {
+          "name": "workflow_mcp_server_workspace_id_workspace_id_fk",
+          "tableFrom": "workflow_mcp_server",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_mcp_server_created_by_user_id_fk": {
+          "name": "workflow_mcp_server_created_by_user_id_fk",
+          "tableFrom": "workflow_mcp_server",
+          "tableTo": "user",
+          "columnsFrom": ["created_by"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_mcp_tool": {
+      "name": "workflow_mcp_tool",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "server_id": {
+          "name": "server_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "tool_name": {
+          "name": "tool_name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "tool_description": {
+          "name": "tool_description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "parameter_schema": {
+          "name": "parameter_schema",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_mcp_tool_server_id_idx": {
+          "name": "workflow_mcp_tool_server_id_idx",
+          "columns": [
+            {
+              "expression": "server_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_mcp_tool_workflow_id_idx": {
+          "name": "workflow_mcp_tool_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_mcp_tool_server_workflow_unique": {
+          "name": "workflow_mcp_tool_server_workflow_unique",
+          "columns": [
+            {
+              "expression": "server_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_mcp_tool_server_id_workflow_mcp_server_id_fk": {
+          "name": "workflow_mcp_tool_server_id_workflow_mcp_server_id_fk",
+          "tableFrom": "workflow_mcp_tool",
+          "tableTo": "workflow_mcp_server",
+          "columnsFrom": ["server_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_mcp_tool_workflow_id_workflow_id_fk": {
+          "name": "workflow_mcp_tool_workflow_id_workflow_id_fk",
+          "tableFrom": "workflow_mcp_tool",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_schedule": {
+      "name": "workflow_schedule",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "block_id": {
+          "name": "block_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "cron_expression": {
+          "name": "cron_expression",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "next_run_at": {
+          "name": "next_run_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "last_ran_at": {
+          "name": "last_ran_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "last_queued_at": {
+          "name": "last_queued_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "trigger_type": {
+          "name": "trigger_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "timezone": {
+          "name": "timezone",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'UTC'"
+        },
+        "failed_count": {
+          "name": "failed_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'active'"
+        },
+        "last_failed_at": {
+          "name": "last_failed_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_schedule_workflow_block_unique": {
+          "name": "workflow_schedule_workflow_block_unique",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "block_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_schedule_workflow_id_workflow_id_fk": {
+          "name": "workflow_schedule_workflow_id_workflow_id_fk",
+          "tableFrom": "workflow_schedule",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_schedule_block_id_workflow_blocks_id_fk": {
+          "name": "workflow_schedule_block_id_workflow_blocks_id_fk",
+          "tableFrom": "workflow_schedule",
+          "tableTo": "workflow_blocks",
+          "columnsFrom": ["block_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_subflows": {
+      "name": "workflow_subflows",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "config": {
+          "name": "config",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_subflows_workflow_id_idx": {
+          "name": "workflow_subflows_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_subflows_workflow_type_idx": {
+          "name": "workflow_subflows_workflow_type_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_subflows_workflow_id_workflow_id_fk": {
+          "name": "workflow_subflows_workflow_id_workflow_id_fk",
+          "tableFrom": "workflow_subflows",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workspace": {
+      "name": "workspace",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "owner_id": {
+          "name": "owner_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "billed_account_user_id": {
+          "name": "billed_account_user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "allow_personal_api_keys": {
+          "name": "allow_personal_api_keys",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "workspace_owner_id_user_id_fk": {
+          "name": "workspace_owner_id_user_id_fk",
+          "tableFrom": "workspace",
+          "tableTo": "user",
+          "columnsFrom": ["owner_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workspace_billed_account_user_id_user_id_fk": {
+          "name": "workspace_billed_account_user_id_user_id_fk",
+          "tableFrom": "workspace",
+          "tableTo": "user",
+          "columnsFrom": ["billed_account_user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workspace_byok_keys": {
+      "name": "workspace_byok_keys",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "provider_id": {
+          "name": "provider_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "encrypted_api_key": {
+          "name": "encrypted_api_key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workspace_byok_provider_unique": {
+          "name": "workspace_byok_provider_unique",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "provider_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_byok_workspace_idx": {
+          "name": "workspace_byok_workspace_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workspace_byok_keys_workspace_id_workspace_id_fk": {
+          "name": "workspace_byok_keys_workspace_id_workspace_id_fk",
+          "tableFrom": "workspace_byok_keys",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workspace_byok_keys_created_by_user_id_fk": {
+          "name": "workspace_byok_keys_created_by_user_id_fk",
+          "tableFrom": "workspace_byok_keys",
+          "tableTo": "user",
+          "columnsFrom": ["created_by"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workspace_environment": {
+      "name": "workspace_environment",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "variables": {
+          "name": "variables",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workspace_environment_workspace_unique": {
+          "name": "workspace_environment_workspace_unique",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workspace_environment_workspace_id_workspace_id_fk": {
+          "name": "workspace_environment_workspace_id_workspace_id_fk",
+          "tableFrom": "workspace_environment",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workspace_file": {
+      "name": "workspace_file",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "size": {
+          "name": "size",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "uploaded_by": {
+          "name": "uploaded_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "uploaded_at": {
+          "name": "uploaded_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workspace_file_workspace_id_idx": {
+          "name": "workspace_file_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_file_key_idx": {
+          "name": "workspace_file_key_idx",
+          "columns": [
+            {
+              "expression": "key",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workspace_file_workspace_id_workspace_id_fk": {
+          "name": "workspace_file_workspace_id_workspace_id_fk",
+          "tableFrom": "workspace_file",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workspace_file_uploaded_by_user_id_fk": {
+          "name": "workspace_file_uploaded_by_user_id_fk",
+          "tableFrom": "workspace_file",
+          "tableTo": "user",
+          "columnsFrom": ["uploaded_by"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "workspace_file_key_unique": {
+          "name": "workspace_file_key_unique",
+          "nullsNotDistinct": false,
+          "columns": ["key"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workspace_files": {
+      "name": "workspace_files",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "context": {
+          "name": "context",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "original_name": {
+          "name": "original_name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "content_type": {
+          "name": "content_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "size": {
+          "name": "size",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "uploaded_at": {
+          "name": "uploaded_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workspace_files_key_idx": {
+          "name": "workspace_files_key_idx",
+          "columns": [
+            {
+              "expression": "key",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_files_user_id_idx": {
+          "name": "workspace_files_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_files_workspace_id_idx": {
+          "name": "workspace_files_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_files_context_idx": {
+          "name": "workspace_files_context_idx",
+          "columns": [
+            {
+              "expression": "context",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workspace_files_user_id_user_id_fk": {
+          "name": "workspace_files_user_id_user_id_fk",
+          "tableFrom": "workspace_files",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workspace_files_workspace_id_workspace_id_fk": {
+          "name": "workspace_files_workspace_id_workspace_id_fk",
+          "tableFrom": "workspace_files",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "workspace_files_key_unique": {
+          "name": "workspace_files_key_unique",
+          "nullsNotDistinct": false,
+          "columns": ["key"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workspace_invitation": {
+      "name": "workspace_invitation",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "email": {
+          "name": "email",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "inviter_id": {
+          "name": "inviter_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "role": {
+          "name": "role",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'member'"
+        },
+        "status": {
+          "name": "status",
+          "type": "workspace_invitation_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "token": {
+          "name": "token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "permissions": {
+          "name": "permissions",
+          "type": "permission_type",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'admin'"
+        },
+        "org_invitation_id": {
+          "name": "org_invitation_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "workspace_invitation_workspace_id_workspace_id_fk": {
+          "name": "workspace_invitation_workspace_id_workspace_id_fk",
+          "tableFrom": "workspace_invitation",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workspace_invitation_inviter_id_user_id_fk": {
+          "name": "workspace_invitation_inviter_id_user_id_fk",
+          "tableFrom": "workspace_invitation",
+          "tableTo": "user",
+          "columnsFrom": ["inviter_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "workspace_invitation_token_unique": {
+          "name": "workspace_invitation_token_unique",
+          "nullsNotDistinct": false,
+          "columns": ["token"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workspace_notification_delivery": {
+      "name": "workspace_notification_delivery",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "subscription_id": {
+          "name": "subscription_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "execution_id": {
+          "name": "execution_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "notification_delivery_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "attempts": {
+          "name": "attempts",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "last_attempt_at": {
+          "name": "last_attempt_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "next_attempt_at": {
+          "name": "next_attempt_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "response_status": {
+          "name": "response_status",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "response_body": {
+          "name": "response_body",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "error_message": {
+          "name": "error_message",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workspace_notification_delivery_subscription_id_idx": {
+          "name": "workspace_notification_delivery_subscription_id_idx",
+          "columns": [
+            {
+              "expression": "subscription_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_notification_delivery_execution_id_idx": {
+          "name": "workspace_notification_delivery_execution_id_idx",
+          "columns": [
+            {
+              "expression": "execution_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_notification_delivery_status_idx": {
+          "name": "workspace_notification_delivery_status_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_notification_delivery_next_attempt_idx": {
+          "name": "workspace_notification_delivery_next_attempt_idx",
+          "columns": [
+            {
+              "expression": "next_attempt_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workspace_notification_delivery_subscription_id_workspace_notification_subscription_id_fk": {
+          "name": "workspace_notification_delivery_subscription_id_workspace_notification_subscription_id_fk",
+          "tableFrom": "workspace_notification_delivery",
+          "tableTo": "workspace_notification_subscription",
+          "columnsFrom": ["subscription_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workspace_notification_delivery_workflow_id_workflow_id_fk": {
+          "name": "workspace_notification_delivery_workflow_id_workflow_id_fk",
+          "tableFrom": "workspace_notification_delivery",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workspace_notification_subscription": {
+      "name": "workspace_notification_subscription",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "notification_type": {
+          "name": "notification_type",
+          "type": "notification_type",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workflow_ids": {
+          "name": "workflow_ids",
+          "type": "text[]",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'::text[]"
+        },
+        "all_workflows": {
+          "name": "all_workflows",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "level_filter": {
+          "name": "level_filter",
+          "type": "text[]",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "ARRAY['info', 'error']::text[]"
+        },
+        "trigger_filter": {
+          "name": "trigger_filter",
+          "type": "text[]",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "ARRAY['api', 'webhook', 'schedule', 'manual', 'chat']::text[]"
+        },
+        "include_final_output": {
+          "name": "include_final_output",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "include_trace_spans": {
+          "name": "include_trace_spans",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "include_rate_limits": {
+          "name": "include_rate_limits",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "include_usage_data": {
+          "name": "include_usage_data",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "webhook_config": {
+          "name": "webhook_config",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "email_recipients": {
+          "name": "email_recipients",
+          "type": "text[]",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "slack_config": {
+          "name": "slack_config",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "alert_config": {
+          "name": "alert_config",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "last_alert_at": {
+          "name": "last_alert_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "active": {
+          "name": "active",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workspace_notification_workspace_id_idx": {
+          "name": "workspace_notification_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_notification_active_idx": {
+          "name": "workspace_notification_active_idx",
+          "columns": [
+            {
+              "expression": "active",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_notification_type_idx": {
+          "name": "workspace_notification_type_idx",
+          "columns": [
+            {
+              "expression": "notification_type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workspace_notification_subscription_workspace_id_workspace_id_fk": {
+          "name": "workspace_notification_subscription_workspace_id_workspace_id_fk",
+          "tableFrom": "workspace_notification_subscription",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workspace_notification_subscription_created_by_user_id_fk": {
+          "name": "workspace_notification_subscription_created_by_user_id_fk",
+          "tableFrom": "workspace_notification_subscription",
+          "tableTo": "user",
+          "columnsFrom": ["created_by"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    }
+  },
+  "enums": {
+    "public.billing_blocked_reason": {
+      "name": "billing_blocked_reason",
+      "schema": "public",
+      "values": ["payment_failed", "dispute"]
+    },
+    "public.credential_set_invitation_status": {
+      "name": "credential_set_invitation_status",
+      "schema": "public",
+      "values": ["pending", "accepted", "expired", "cancelled"]
+    },
+    "public.credential_set_member_status": {
+      "name": "credential_set_member_status",
+      "schema": "public",
+      "values": ["active", "pending", "revoked"]
+    },
+    "public.notification_delivery_status": {
+      "name": "notification_delivery_status",
+      "schema": "public",
+      "values": ["pending", "in_progress", "success", "failed"]
+    },
+    "public.notification_type": {
+      "name": "notification_type",
+      "schema": "public",
+      "values": ["webhook", "email", "slack"]
+    },
+    "public.permission_type": {
+      "name": "permission_type",
+      "schema": "public",
+      "values": ["admin", "write", "read"]
+    },
+    "public.template_creator_type": {
+      "name": "template_creator_type",
+      "schema": "public",
+      "values": ["user", "organization"]
+    },
+    "public.template_status": {
+      "name": "template_status",
+      "schema": "public",
+      "values": ["pending", "approved", "rejected"]
+    },
+    "public.usage_log_category": {
+      "name": "usage_log_category",
+      "schema": "public",
+      "values": ["model", "fixed"]
+    },
+    "public.usage_log_source": {
+      "name": "usage_log_source",
+      "schema": "public",
+      "values": ["workflow", "wand", "copilot"]
+    },
+    "public.workspace_invitation_status": {
+      "name": "workspace_invitation_status",
+      "schema": "public",
+      "values": ["pending", "accepted", "rejected", "cancelled"]
+    }
+  },
+  "schemas": {},
+  "sequences": {},
+  "roles": {},
+  "policies": {},
+  "views": {},
+  "_meta": {
+    "columns": {},
+    "schemas": {},
+    "tables": {}
+  }
+}
diff --git a/packages/db/migrations/meta/0136_snapshot.json b/packages/db/migrations/meta/0136_snapshot.json
new file mode 100644
index 0000000000..7fb78f44d1
--- /dev/null
+++ b/packages/db/migrations/meta/0136_snapshot.json
@@ -0,0 +1,9333 @@
+{
+  "id": "ff6b124c-50b5-4e92-bbe3-0b162a184d5b",
+  "prevId": "27c797c9-6ab1-4fe8-96ae-9242c4d427f0",
+  "version": "7",
+  "dialect": "postgresql",
+  "tables": {
+    "public.account": {
+      "name": "account",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "provider_id": {
+          "name": "provider_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "access_token": {
+          "name": "access_token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "refresh_token": {
+          "name": "refresh_token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "id_token": {
+          "name": "id_token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "access_token_expires_at": {
+          "name": "access_token_expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "refresh_token_expires_at": {
+          "name": "refresh_token_expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "scope": {
+          "name": "scope",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "password": {
+          "name": "password",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "account_user_id_idx": {
+          "name": "account_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "idx_account_on_account_id_provider_id": {
+          "name": "idx_account_on_account_id_provider_id",
+          "columns": [
+            {
+              "expression": "account_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "provider_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "account_user_provider_account_unique": {
+          "name": "account_user_provider_account_unique",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "provider_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "account_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "account_user_id_user_id_fk": {
+          "name": "account_user_id_user_id_fk",
+          "tableFrom": "account",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.api_key": {
+      "name": "api_key",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'personal'"
+        },
+        "last_used": {
+          "name": "last_used",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "api_key_workspace_type_idx": {
+          "name": "api_key_workspace_type_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "api_key_user_type_idx": {
+          "name": "api_key_user_type_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "api_key_user_id_user_id_fk": {
+          "name": "api_key_user_id_user_id_fk",
+          "tableFrom": "api_key",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "api_key_workspace_id_workspace_id_fk": {
+          "name": "api_key_workspace_id_workspace_id_fk",
+          "tableFrom": "api_key",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "api_key_created_by_user_id_fk": {
+          "name": "api_key_created_by_user_id_fk",
+          "tableFrom": "api_key",
+          "tableTo": "user",
+          "columnsFrom": ["created_by"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "api_key_key_unique": {
+          "name": "api_key_key_unique",
+          "nullsNotDistinct": false,
+          "columns": ["key"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {
+        "workspace_type_check": {
+          "name": "workspace_type_check",
+          "value": "(type = 'workspace' AND workspace_id IS NOT NULL) OR (type = 'personal' AND workspace_id IS NULL)"
+        }
+      },
+      "isRLSEnabled": false
+    },
+    "public.chat": {
+      "name": "chat",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "identifier": {
+          "name": "identifier",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "title": {
+          "name": "title",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "is_active": {
+          "name": "is_active",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "customizations": {
+          "name": "customizations",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'{}'"
+        },
+        "auth_type": {
+          "name": "auth_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'public'"
+        },
+        "password": {
+          "name": "password",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "allowed_emails": {
+          "name": "allowed_emails",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'[]'"
+        },
+        "output_configs": {
+          "name": "output_configs",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'[]'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "identifier_idx": {
+          "name": "identifier_idx",
+          "columns": [
+            {
+              "expression": "identifier",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "chat_workflow_id_workflow_id_fk": {
+          "name": "chat_workflow_id_workflow_id_fk",
+          "tableFrom": "chat",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "chat_user_id_user_id_fk": {
+          "name": "chat_user_id_user_id_fk",
+          "tableFrom": "chat",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.copilot_chats": {
+      "name": "copilot_chats",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true,
+          "default": "gen_random_uuid()"
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "title": {
+          "name": "title",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "messages": {
+          "name": "messages",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'[]'"
+        },
+        "model": {
+          "name": "model",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'claude-3-7-sonnet-latest'"
+        },
+        "conversation_id": {
+          "name": "conversation_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "preview_yaml": {
+          "name": "preview_yaml",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "plan_artifact": {
+          "name": "plan_artifact",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "config": {
+          "name": "config",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "copilot_chats_user_id_idx": {
+          "name": "copilot_chats_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_chats_workflow_id_idx": {
+          "name": "copilot_chats_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_chats_user_workflow_idx": {
+          "name": "copilot_chats_user_workflow_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_chats_created_at_idx": {
+          "name": "copilot_chats_created_at_idx",
+          "columns": [
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_chats_updated_at_idx": {
+          "name": "copilot_chats_updated_at_idx",
+          "columns": [
+            {
+              "expression": "updated_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "copilot_chats_user_id_user_id_fk": {
+          "name": "copilot_chats_user_id_user_id_fk",
+          "tableFrom": "copilot_chats",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "copilot_chats_workflow_id_workflow_id_fk": {
+          "name": "copilot_chats_workflow_id_workflow_id_fk",
+          "tableFrom": "copilot_chats",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.copilot_feedback": {
+      "name": "copilot_feedback",
+      "schema": "",
+      "columns": {
+        "feedback_id": {
+          "name": "feedback_id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true,
+          "default": "gen_random_uuid()"
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "chat_id": {
+          "name": "chat_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "user_query": {
+          "name": "user_query",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "agent_response": {
+          "name": "agent_response",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "is_positive": {
+          "name": "is_positive",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "feedback": {
+          "name": "feedback",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "workflow_yaml": {
+          "name": "workflow_yaml",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "copilot_feedback_user_id_idx": {
+          "name": "copilot_feedback_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_feedback_chat_id_idx": {
+          "name": "copilot_feedback_chat_id_idx",
+          "columns": [
+            {
+              "expression": "chat_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_feedback_user_chat_idx": {
+          "name": "copilot_feedback_user_chat_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "chat_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_feedback_is_positive_idx": {
+          "name": "copilot_feedback_is_positive_idx",
+          "columns": [
+            {
+              "expression": "is_positive",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_feedback_created_at_idx": {
+          "name": "copilot_feedback_created_at_idx",
+          "columns": [
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "copilot_feedback_user_id_user_id_fk": {
+          "name": "copilot_feedback_user_id_user_id_fk",
+          "tableFrom": "copilot_feedback",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "copilot_feedback_chat_id_copilot_chats_id_fk": {
+          "name": "copilot_feedback_chat_id_copilot_chats_id_fk",
+          "tableFrom": "copilot_feedback",
+          "tableTo": "copilot_chats",
+          "columnsFrom": ["chat_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.credential_set": {
+      "name": "credential_set",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "organization_id": {
+          "name": "organization_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "provider_id": {
+          "name": "provider_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "credential_set_organization_id_idx": {
+          "name": "credential_set_organization_id_idx",
+          "columns": [
+            {
+              "expression": "organization_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_set_created_by_idx": {
+          "name": "credential_set_created_by_idx",
+          "columns": [
+            {
+              "expression": "created_by",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_set_org_name_unique": {
+          "name": "credential_set_org_name_unique",
+          "columns": [
+            {
+              "expression": "organization_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "name",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_set_provider_id_idx": {
+          "name": "credential_set_provider_id_idx",
+          "columns": [
+            {
+              "expression": "provider_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "credential_set_organization_id_organization_id_fk": {
+          "name": "credential_set_organization_id_organization_id_fk",
+          "tableFrom": "credential_set",
+          "tableTo": "organization",
+          "columnsFrom": ["organization_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "credential_set_created_by_user_id_fk": {
+          "name": "credential_set_created_by_user_id_fk",
+          "tableFrom": "credential_set",
+          "tableTo": "user",
+          "columnsFrom": ["created_by"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.credential_set_invitation": {
+      "name": "credential_set_invitation",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "credential_set_id": {
+          "name": "credential_set_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "email": {
+          "name": "email",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "token": {
+          "name": "token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "invited_by": {
+          "name": "invited_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "credential_set_invitation_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "accepted_at": {
+          "name": "accepted_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "accepted_by_user_id": {
+          "name": "accepted_by_user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "credential_set_invitation_set_id_idx": {
+          "name": "credential_set_invitation_set_id_idx",
+          "columns": [
+            {
+              "expression": "credential_set_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_set_invitation_token_idx": {
+          "name": "credential_set_invitation_token_idx",
+          "columns": [
+            {
+              "expression": "token",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_set_invitation_status_idx": {
+          "name": "credential_set_invitation_status_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_set_invitation_expires_at_idx": {
+          "name": "credential_set_invitation_expires_at_idx",
+          "columns": [
+            {
+              "expression": "expires_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "credential_set_invitation_credential_set_id_credential_set_id_fk": {
+          "name": "credential_set_invitation_credential_set_id_credential_set_id_fk",
+          "tableFrom": "credential_set_invitation",
+          "tableTo": "credential_set",
+          "columnsFrom": ["credential_set_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "credential_set_invitation_invited_by_user_id_fk": {
+          "name": "credential_set_invitation_invited_by_user_id_fk",
+          "tableFrom": "credential_set_invitation",
+          "tableTo": "user",
+          "columnsFrom": ["invited_by"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "credential_set_invitation_accepted_by_user_id_user_id_fk": {
+          "name": "credential_set_invitation_accepted_by_user_id_user_id_fk",
+          "tableFrom": "credential_set_invitation",
+          "tableTo": "user",
+          "columnsFrom": ["accepted_by_user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "credential_set_invitation_token_unique": {
+          "name": "credential_set_invitation_token_unique",
+          "nullsNotDistinct": false,
+          "columns": ["token"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.credential_set_member": {
+      "name": "credential_set_member",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "credential_set_id": {
+          "name": "credential_set_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "credential_set_member_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "joined_at": {
+          "name": "joined_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "invited_by": {
+          "name": "invited_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "credential_set_member_set_id_idx": {
+          "name": "credential_set_member_set_id_idx",
+          "columns": [
+            {
+              "expression": "credential_set_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_set_member_user_id_idx": {
+          "name": "credential_set_member_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_set_member_unique": {
+          "name": "credential_set_member_unique",
+          "columns": [
+            {
+              "expression": "credential_set_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_set_member_status_idx": {
+          "name": "credential_set_member_status_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "credential_set_member_credential_set_id_credential_set_id_fk": {
+          "name": "credential_set_member_credential_set_id_credential_set_id_fk",
+          "tableFrom": "credential_set_member",
+          "tableTo": "credential_set",
+          "columnsFrom": ["credential_set_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "credential_set_member_user_id_user_id_fk": {
+          "name": "credential_set_member_user_id_user_id_fk",
+          "tableFrom": "credential_set_member",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "credential_set_member_invited_by_user_id_fk": {
+          "name": "credential_set_member_invited_by_user_id_fk",
+          "tableFrom": "credential_set_member",
+          "tableTo": "user",
+          "columnsFrom": ["invited_by"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.custom_tools": {
+      "name": "custom_tools",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "title": {
+          "name": "title",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "schema": {
+          "name": "schema",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "code": {
+          "name": "code",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "custom_tools_workspace_id_idx": {
+          "name": "custom_tools_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "custom_tools_workspace_title_unique": {
+          "name": "custom_tools_workspace_title_unique",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "title",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "custom_tools_workspace_id_workspace_id_fk": {
+          "name": "custom_tools_workspace_id_workspace_id_fk",
+          "tableFrom": "custom_tools",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "custom_tools_user_id_user_id_fk": {
+          "name": "custom_tools_user_id_user_id_fk",
+          "tableFrom": "custom_tools",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.docs_embeddings": {
+      "name": "docs_embeddings",
+      "schema": "",
+      "columns": {
+        "chunk_id": {
+          "name": "chunk_id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true,
+          "default": "gen_random_uuid()"
+        },
+        "chunk_text": {
+          "name": "chunk_text",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "source_document": {
+          "name": "source_document",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "source_link": {
+          "name": "source_link",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "header_text": {
+          "name": "header_text",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "header_level": {
+          "name": "header_level",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "token_count": {
+          "name": "token_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "embedding": {
+          "name": "embedding",
+          "type": "vector(1536)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "embedding_model": {
+          "name": "embedding_model",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'text-embedding-3-small'"
+        },
+        "metadata": {
+          "name": "metadata",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "chunk_text_tsv": {
+          "name": "chunk_text_tsv",
+          "type": "tsvector",
+          "primaryKey": false,
+          "notNull": false,
+          "generated": {
+            "as": "to_tsvector('english', \"docs_embeddings\".\"chunk_text\")",
+            "type": "stored"
+          }
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "docs_emb_source_document_idx": {
+          "name": "docs_emb_source_document_idx",
+          "columns": [
+            {
+              "expression": "source_document",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "docs_emb_header_level_idx": {
+          "name": "docs_emb_header_level_idx",
+          "columns": [
+            {
+              "expression": "header_level",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "docs_emb_source_header_idx": {
+          "name": "docs_emb_source_header_idx",
+          "columns": [
+            {
+              "expression": "source_document",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "header_level",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "docs_emb_model_idx": {
+          "name": "docs_emb_model_idx",
+          "columns": [
+            {
+              "expression": "embedding_model",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "docs_emb_created_at_idx": {
+          "name": "docs_emb_created_at_idx",
+          "columns": [
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "docs_embedding_vector_hnsw_idx": {
+          "name": "docs_embedding_vector_hnsw_idx",
+          "columns": [
+            {
+              "expression": "embedding",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last",
+              "opclass": "vector_cosine_ops"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "hnsw",
+          "with": {
+            "m": 16,
+            "ef_construction": 64
+          }
+        },
+        "docs_emb_metadata_gin_idx": {
+          "name": "docs_emb_metadata_gin_idx",
+          "columns": [
+            {
+              "expression": "metadata",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "gin",
+          "with": {}
+        },
+        "docs_emb_chunk_text_fts_idx": {
+          "name": "docs_emb_chunk_text_fts_idx",
+          "columns": [
+            {
+              "expression": "chunk_text_tsv",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "gin",
+          "with": {}
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {
+        "docs_embedding_not_null_check": {
+          "name": "docs_embedding_not_null_check",
+          "value": "\"embedding\" IS NOT NULL"
+        },
+        "docs_header_level_check": {
+          "name": "docs_header_level_check",
+          "value": "\"header_level\" >= 1 AND \"header_level\" <= 6"
+        }
+      },
+      "isRLSEnabled": false
+    },
+    "public.document": {
+      "name": "document",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "knowledge_base_id": {
+          "name": "knowledge_base_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "filename": {
+          "name": "filename",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "file_url": {
+          "name": "file_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "file_size": {
+          "name": "file_size",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "mime_type": {
+          "name": "mime_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "chunk_count": {
+          "name": "chunk_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "token_count": {
+          "name": "token_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "character_count": {
+          "name": "character_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "processing_status": {
+          "name": "processing_status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "processing_started_at": {
+          "name": "processing_started_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "processing_completed_at": {
+          "name": "processing_completed_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "processing_error": {
+          "name": "processing_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "deleted_at": {
+          "name": "deleted_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag1": {
+          "name": "tag1",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag2": {
+          "name": "tag2",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag3": {
+          "name": "tag3",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag4": {
+          "name": "tag4",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag5": {
+          "name": "tag5",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag6": {
+          "name": "tag6",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag7": {
+          "name": "tag7",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number1": {
+          "name": "number1",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number2": {
+          "name": "number2",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number3": {
+          "name": "number3",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number4": {
+          "name": "number4",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number5": {
+          "name": "number5",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "date1": {
+          "name": "date1",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "date2": {
+          "name": "date2",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "boolean1": {
+          "name": "boolean1",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "boolean2": {
+          "name": "boolean2",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "boolean3": {
+          "name": "boolean3",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "uploaded_at": {
+          "name": "uploaded_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "doc_kb_id_idx": {
+          "name": "doc_kb_id_idx",
+          "columns": [
+            {
+              "expression": "knowledge_base_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_filename_idx": {
+          "name": "doc_filename_idx",
+          "columns": [
+            {
+              "expression": "filename",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_processing_status_idx": {
+          "name": "doc_processing_status_idx",
+          "columns": [
+            {
+              "expression": "knowledge_base_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "processing_status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_tag1_idx": {
+          "name": "doc_tag1_idx",
+          "columns": [
+            {
+              "expression": "tag1",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_tag2_idx": {
+          "name": "doc_tag2_idx",
+          "columns": [
+            {
+              "expression": "tag2",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_tag3_idx": {
+          "name": "doc_tag3_idx",
+          "columns": [
+            {
+              "expression": "tag3",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_tag4_idx": {
+          "name": "doc_tag4_idx",
+          "columns": [
+            {
+              "expression": "tag4",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_tag5_idx": {
+          "name": "doc_tag5_idx",
+          "columns": [
+            {
+              "expression": "tag5",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_tag6_idx": {
+          "name": "doc_tag6_idx",
+          "columns": [
+            {
+              "expression": "tag6",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_tag7_idx": {
+          "name": "doc_tag7_idx",
+          "columns": [
+            {
+              "expression": "tag7",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_number1_idx": {
+          "name": "doc_number1_idx",
+          "columns": [
+            {
+              "expression": "number1",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_number2_idx": {
+          "name": "doc_number2_idx",
+          "columns": [
+            {
+              "expression": "number2",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_number3_idx": {
+          "name": "doc_number3_idx",
+          "columns": [
+            {
+              "expression": "number3",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_number4_idx": {
+          "name": "doc_number4_idx",
+          "columns": [
+            {
+              "expression": "number4",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_number5_idx": {
+          "name": "doc_number5_idx",
+          "columns": [
+            {
+              "expression": "number5",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_date1_idx": {
+          "name": "doc_date1_idx",
+          "columns": [
+            {
+              "expression": "date1",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_date2_idx": {
+          "name": "doc_date2_idx",
+          "columns": [
+            {
+              "expression": "date2",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_boolean1_idx": {
+          "name": "doc_boolean1_idx",
+          "columns": [
+            {
+              "expression": "boolean1",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_boolean2_idx": {
+          "name": "doc_boolean2_idx",
+          "columns": [
+            {
+              "expression": "boolean2",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_boolean3_idx": {
+          "name": "doc_boolean3_idx",
+          "columns": [
+            {
+              "expression": "boolean3",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "document_knowledge_base_id_knowledge_base_id_fk": {
+          "name": "document_knowledge_base_id_knowledge_base_id_fk",
+          "tableFrom": "document",
+          "tableTo": "knowledge_base",
+          "columnsFrom": ["knowledge_base_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.embedding": {
+      "name": "embedding",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "knowledge_base_id": {
+          "name": "knowledge_base_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "document_id": {
+          "name": "document_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "chunk_index": {
+          "name": "chunk_index",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "chunk_hash": {
+          "name": "chunk_hash",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "content": {
+          "name": "content",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "content_length": {
+          "name": "content_length",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "token_count": {
+          "name": "token_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "embedding": {
+          "name": "embedding",
+          "type": "vector(1536)",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "embedding_model": {
+          "name": "embedding_model",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'text-embedding-3-small'"
+        },
+        "start_offset": {
+          "name": "start_offset",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "end_offset": {
+          "name": "end_offset",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "tag1": {
+          "name": "tag1",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag2": {
+          "name": "tag2",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag3": {
+          "name": "tag3",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag4": {
+          "name": "tag4",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag5": {
+          "name": "tag5",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag6": {
+          "name": "tag6",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag7": {
+          "name": "tag7",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number1": {
+          "name": "number1",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number2": {
+          "name": "number2",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number3": {
+          "name": "number3",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number4": {
+          "name": "number4",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number5": {
+          "name": "number5",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "date1": {
+          "name": "date1",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "date2": {
+          "name": "date2",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "boolean1": {
+          "name": "boolean1",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "boolean2": {
+          "name": "boolean2",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "boolean3": {
+          "name": "boolean3",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "content_tsv": {
+          "name": "content_tsv",
+          "type": "tsvector",
+          "primaryKey": false,
+          "notNull": false,
+          "generated": {
+            "as": "to_tsvector('english', \"embedding\".\"content\")",
+            "type": "stored"
+          }
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "emb_kb_id_idx": {
+          "name": "emb_kb_id_idx",
+          "columns": [
+            {
+              "expression": "knowledge_base_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_doc_id_idx": {
+          "name": "emb_doc_id_idx",
+          "columns": [
+            {
+              "expression": "document_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_doc_chunk_idx": {
+          "name": "emb_doc_chunk_idx",
+          "columns": [
+            {
+              "expression": "document_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "chunk_index",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_kb_model_idx": {
+          "name": "emb_kb_model_idx",
+          "columns": [
+            {
+              "expression": "knowledge_base_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "embedding_model",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_kb_enabled_idx": {
+          "name": "emb_kb_enabled_idx",
+          "columns": [
+            {
+              "expression": "knowledge_base_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "enabled",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_doc_enabled_idx": {
+          "name": "emb_doc_enabled_idx",
+          "columns": [
+            {
+              "expression": "document_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "enabled",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "embedding_vector_hnsw_idx": {
+          "name": "embedding_vector_hnsw_idx",
+          "columns": [
+            {
+              "expression": "embedding",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last",
+              "opclass": "vector_cosine_ops"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "hnsw",
+          "with": {
+            "m": 16,
+            "ef_construction": 64
+          }
+        },
+        "emb_tag1_idx": {
+          "name": "emb_tag1_idx",
+          "columns": [
+            {
+              "expression": "tag1",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_tag2_idx": {
+          "name": "emb_tag2_idx",
+          "columns": [
+            {
+              "expression": "tag2",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_tag3_idx": {
+          "name": "emb_tag3_idx",
+          "columns": [
+            {
+              "expression": "tag3",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_tag4_idx": {
+          "name": "emb_tag4_idx",
+          "columns": [
+            {
+              "expression": "tag4",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_tag5_idx": {
+          "name": "emb_tag5_idx",
+          "columns": [
+            {
+              "expression": "tag5",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_tag6_idx": {
+          "name": "emb_tag6_idx",
+          "columns": [
+            {
+              "expression": "tag6",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_tag7_idx": {
+          "name": "emb_tag7_idx",
+          "columns": [
+            {
+              "expression": "tag7",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_number1_idx": {
+          "name": "emb_number1_idx",
+          "columns": [
+            {
+              "expression": "number1",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_number2_idx": {
+          "name": "emb_number2_idx",
+          "columns": [
+            {
+              "expression": "number2",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_number3_idx": {
+          "name": "emb_number3_idx",
+          "columns": [
+            {
+              "expression": "number3",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_number4_idx": {
+          "name": "emb_number4_idx",
+          "columns": [
+            {
+              "expression": "number4",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_number5_idx": {
+          "name": "emb_number5_idx",
+          "columns": [
+            {
+              "expression": "number5",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_date1_idx": {
+          "name": "emb_date1_idx",
+          "columns": [
+            {
+              "expression": "date1",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_date2_idx": {
+          "name": "emb_date2_idx",
+          "columns": [
+            {
+              "expression": "date2",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_boolean1_idx": {
+          "name": "emb_boolean1_idx",
+          "columns": [
+            {
+              "expression": "boolean1",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_boolean2_idx": {
+          "name": "emb_boolean2_idx",
+          "columns": [
+            {
+              "expression": "boolean2",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_boolean3_idx": {
+          "name": "emb_boolean3_idx",
+          "columns": [
+            {
+              "expression": "boolean3",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_content_fts_idx": {
+          "name": "emb_content_fts_idx",
+          "columns": [
+            {
+              "expression": "content_tsv",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "gin",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "embedding_knowledge_base_id_knowledge_base_id_fk": {
+          "name": "embedding_knowledge_base_id_knowledge_base_id_fk",
+          "tableFrom": "embedding",
+          "tableTo": "knowledge_base",
+          "columnsFrom": ["knowledge_base_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "embedding_document_id_document_id_fk": {
+          "name": "embedding_document_id_document_id_fk",
+          "tableFrom": "embedding",
+          "tableTo": "document",
+          "columnsFrom": ["document_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {
+        "embedding_not_null_check": {
+          "name": "embedding_not_null_check",
+          "value": "\"embedding\" IS NOT NULL"
+        }
+      },
+      "isRLSEnabled": false
+    },
+    "public.environment": {
+      "name": "environment",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "variables": {
+          "name": "variables",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "environment_user_id_user_id_fk": {
+          "name": "environment_user_id_user_id_fk",
+          "tableFrom": "environment",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "environment_user_id_unique": {
+          "name": "environment_user_id_unique",
+          "nullsNotDistinct": false,
+          "columns": ["user_id"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.idempotency_key": {
+      "name": "idempotency_key",
+      "schema": "",
+      "columns": {
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "namespace": {
+          "name": "namespace",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'default'"
+        },
+        "result": {
+          "name": "result",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "idempotency_key_namespace_unique": {
+          "name": "idempotency_key_namespace_unique",
+          "columns": [
+            {
+              "expression": "key",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "namespace",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "idempotency_key_created_at_idx": {
+          "name": "idempotency_key_created_at_idx",
+          "columns": [
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "idempotency_key_namespace_idx": {
+          "name": "idempotency_key_namespace_idx",
+          "columns": [
+            {
+              "expression": "namespace",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.invitation": {
+      "name": "invitation",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "email": {
+          "name": "email",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "inviter_id": {
+          "name": "inviter_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "organization_id": {
+          "name": "organization_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "role": {
+          "name": "role",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "invitation_email_idx": {
+          "name": "invitation_email_idx",
+          "columns": [
+            {
+              "expression": "email",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "invitation_organization_id_idx": {
+          "name": "invitation_organization_id_idx",
+          "columns": [
+            {
+              "expression": "organization_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "invitation_inviter_id_user_id_fk": {
+          "name": "invitation_inviter_id_user_id_fk",
+          "tableFrom": "invitation",
+          "tableTo": "user",
+          "columnsFrom": ["inviter_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "invitation_organization_id_organization_id_fk": {
+          "name": "invitation_organization_id_organization_id_fk",
+          "tableFrom": "invitation",
+          "tableTo": "organization",
+          "columnsFrom": ["organization_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.knowledge_base": {
+      "name": "knowledge_base",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "token_count": {
+          "name": "token_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "embedding_model": {
+          "name": "embedding_model",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'text-embedding-3-small'"
+        },
+        "embedding_dimension": {
+          "name": "embedding_dimension",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 1536
+        },
+        "chunking_config": {
+          "name": "chunking_config",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{\"maxSize\": 1024, \"minSize\": 1, \"overlap\": 200}'"
+        },
+        "deleted_at": {
+          "name": "deleted_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "kb_user_id_idx": {
+          "name": "kb_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "kb_workspace_id_idx": {
+          "name": "kb_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "kb_user_workspace_idx": {
+          "name": "kb_user_workspace_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "kb_deleted_at_idx": {
+          "name": "kb_deleted_at_idx",
+          "columns": [
+            {
+              "expression": "deleted_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "knowledge_base_user_id_user_id_fk": {
+          "name": "knowledge_base_user_id_user_id_fk",
+          "tableFrom": "knowledge_base",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "knowledge_base_workspace_id_workspace_id_fk": {
+          "name": "knowledge_base_workspace_id_workspace_id_fk",
+          "tableFrom": "knowledge_base",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.knowledge_base_tag_definitions": {
+      "name": "knowledge_base_tag_definitions",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "knowledge_base_id": {
+          "name": "knowledge_base_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "tag_slot": {
+          "name": "tag_slot",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "display_name": {
+          "name": "display_name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "field_type": {
+          "name": "field_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'text'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "kb_tag_definitions_kb_slot_idx": {
+          "name": "kb_tag_definitions_kb_slot_idx",
+          "columns": [
+            {
+              "expression": "knowledge_base_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "tag_slot",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "kb_tag_definitions_kb_display_name_idx": {
+          "name": "kb_tag_definitions_kb_display_name_idx",
+          "columns": [
+            {
+              "expression": "knowledge_base_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "display_name",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "kb_tag_definitions_kb_id_idx": {
+          "name": "kb_tag_definitions_kb_id_idx",
+          "columns": [
+            {
+              "expression": "knowledge_base_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "knowledge_base_tag_definitions_knowledge_base_id_knowledge_base_id_fk": {
+          "name": "knowledge_base_tag_definitions_knowledge_base_id_knowledge_base_id_fk",
+          "tableFrom": "knowledge_base_tag_definitions",
+          "tableTo": "knowledge_base",
+          "columnsFrom": ["knowledge_base_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.mcp_servers": {
+      "name": "mcp_servers",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "transport": {
+          "name": "transport",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "url": {
+          "name": "url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "headers": {
+          "name": "headers",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'{}'"
+        },
+        "timeout": {
+          "name": "timeout",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 30000
+        },
+        "retries": {
+          "name": "retries",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 3
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "last_connected": {
+          "name": "last_connected",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "connection_status": {
+          "name": "connection_status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'disconnected'"
+        },
+        "last_error": {
+          "name": "last_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "status_config": {
+          "name": "status_config",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'{}'"
+        },
+        "tool_count": {
+          "name": "tool_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 0
+        },
+        "last_tools_refresh": {
+          "name": "last_tools_refresh",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "total_requests": {
+          "name": "total_requests",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 0
+        },
+        "last_used": {
+          "name": "last_used",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "deleted_at": {
+          "name": "deleted_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "mcp_servers_workspace_enabled_idx": {
+          "name": "mcp_servers_workspace_enabled_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "enabled",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "mcp_servers_workspace_deleted_idx": {
+          "name": "mcp_servers_workspace_deleted_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "deleted_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "mcp_servers_workspace_id_workspace_id_fk": {
+          "name": "mcp_servers_workspace_id_workspace_id_fk",
+          "tableFrom": "mcp_servers",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "mcp_servers_created_by_user_id_fk": {
+          "name": "mcp_servers_created_by_user_id_fk",
+          "tableFrom": "mcp_servers",
+          "tableTo": "user",
+          "columnsFrom": ["created_by"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.member": {
+      "name": "member",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "organization_id": {
+          "name": "organization_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "role": {
+          "name": "role",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "member_user_id_unique": {
+          "name": "member_user_id_unique",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "member_organization_id_idx": {
+          "name": "member_organization_id_idx",
+          "columns": [
+            {
+              "expression": "organization_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "member_user_id_user_id_fk": {
+          "name": "member_user_id_user_id_fk",
+          "tableFrom": "member",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "member_organization_id_organization_id_fk": {
+          "name": "member_organization_id_organization_id_fk",
+          "tableFrom": "member",
+          "tableTo": "organization",
+          "columnsFrom": ["organization_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.memory": {
+      "name": "memory",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "data": {
+          "name": "data",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "deleted_at": {
+          "name": "deleted_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "memory_key_idx": {
+          "name": "memory_key_idx",
+          "columns": [
+            {
+              "expression": "key",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "memory_workspace_idx": {
+          "name": "memory_workspace_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "memory_workspace_key_idx": {
+          "name": "memory_workspace_key_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "key",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "memory_workspace_id_workspace_id_fk": {
+          "name": "memory_workspace_id_workspace_id_fk",
+          "tableFrom": "memory",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.organization": {
+      "name": "organization",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "slug": {
+          "name": "slug",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "logo": {
+          "name": "logo",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "metadata": {
+          "name": "metadata",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "org_usage_limit": {
+          "name": "org_usage_limit",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "storage_used_bytes": {
+          "name": "storage_used_bytes",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "departed_member_usage": {
+          "name": "departed_member_usage",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "credit_balance": {
+          "name": "credit_balance",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.paused_executions": {
+      "name": "paused_executions",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "execution_id": {
+          "name": "execution_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "execution_snapshot": {
+          "name": "execution_snapshot",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "pause_points": {
+          "name": "pause_points",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "total_pause_count": {
+          "name": "total_pause_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "resumed_count": {
+          "name": "resumed_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'paused'"
+        },
+        "metadata": {
+          "name": "metadata",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'::jsonb"
+        },
+        "paused_at": {
+          "name": "paused_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "paused_executions_workflow_id_idx": {
+          "name": "paused_executions_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "paused_executions_status_idx": {
+          "name": "paused_executions_status_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "paused_executions_execution_id_unique": {
+          "name": "paused_executions_execution_id_unique",
+          "columns": [
+            {
+              "expression": "execution_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "paused_executions_workflow_id_workflow_id_fk": {
+          "name": "paused_executions_workflow_id_workflow_id_fk",
+          "tableFrom": "paused_executions",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.permissions": {
+      "name": "permissions",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "entity_type": {
+          "name": "entity_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "entity_id": {
+          "name": "entity_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "permission_type": {
+          "name": "permission_type",
+          "type": "permission_type",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "permissions_user_id_idx": {
+          "name": "permissions_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "permissions_entity_idx": {
+          "name": "permissions_entity_idx",
+          "columns": [
+            {
+              "expression": "entity_type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "entity_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "permissions_user_entity_type_idx": {
+          "name": "permissions_user_entity_type_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "entity_type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "permissions_user_entity_permission_idx": {
+          "name": "permissions_user_entity_permission_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "entity_type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "permission_type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "permissions_user_entity_idx": {
+          "name": "permissions_user_entity_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "entity_type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "entity_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "permissions_unique_constraint": {
+          "name": "permissions_unique_constraint",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "entity_type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "entity_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "permissions_user_id_user_id_fk": {
+          "name": "permissions_user_id_user_id_fk",
+          "tableFrom": "permissions",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.rate_limit_bucket": {
+      "name": "rate_limit_bucket",
+      "schema": "",
+      "columns": {
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "tokens": {
+          "name": "tokens",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "last_refill_at": {
+          "name": "last_refill_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.resume_queue": {
+      "name": "resume_queue",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "paused_execution_id": {
+          "name": "paused_execution_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "parent_execution_id": {
+          "name": "parent_execution_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "new_execution_id": {
+          "name": "new_execution_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "context_id": {
+          "name": "context_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "resume_input": {
+          "name": "resume_input",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "queued_at": {
+          "name": "queued_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "claimed_at": {
+          "name": "claimed_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "completed_at": {
+          "name": "completed_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "failure_reason": {
+          "name": "failure_reason",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "resume_queue_parent_status_idx": {
+          "name": "resume_queue_parent_status_idx",
+          "columns": [
+            {
+              "expression": "parent_execution_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "queued_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "resume_queue_new_execution_idx": {
+          "name": "resume_queue_new_execution_idx",
+          "columns": [
+            {
+              "expression": "new_execution_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "resume_queue_paused_execution_id_paused_executions_id_fk": {
+          "name": "resume_queue_paused_execution_id_paused_executions_id_fk",
+          "tableFrom": "resume_queue",
+          "tableTo": "paused_executions",
+          "columnsFrom": ["paused_execution_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.session": {
+      "name": "session",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "token": {
+          "name": "token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "ip_address": {
+          "name": "ip_address",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "user_agent": {
+          "name": "user_agent",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "active_organization_id": {
+          "name": "active_organization_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "session_user_id_idx": {
+          "name": "session_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "session_token_idx": {
+          "name": "session_token_idx",
+          "columns": [
+            {
+              "expression": "token",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "session_user_id_user_id_fk": {
+          "name": "session_user_id_user_id_fk",
+          "tableFrom": "session",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "session_active_organization_id_organization_id_fk": {
+          "name": "session_active_organization_id_organization_id_fk",
+          "tableFrom": "session",
+          "tableTo": "organization",
+          "columnsFrom": ["active_organization_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "session_token_unique": {
+          "name": "session_token_unique",
+          "nullsNotDistinct": false,
+          "columns": ["token"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.settings": {
+      "name": "settings",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "theme": {
+          "name": "theme",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'system'"
+        },
+        "auto_connect": {
+          "name": "auto_connect",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "telemetry_enabled": {
+          "name": "telemetry_enabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "email_preferences": {
+          "name": "email_preferences",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "billing_usage_notifications_enabled": {
+          "name": "billing_usage_notifications_enabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "show_training_controls": {
+          "name": "show_training_controls",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "super_user_mode_enabled": {
+          "name": "super_user_mode_enabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "error_notifications_enabled": {
+          "name": "error_notifications_enabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "snap_to_grid_size": {
+          "name": "snap_to_grid_size",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "copilot_enabled_models": {
+          "name": "copilot_enabled_models",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "copilot_auto_allowed_tools": {
+          "name": "copilot_auto_allowed_tools",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'[]'"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "settings_user_id_user_id_fk": {
+          "name": "settings_user_id_user_id_fk",
+          "tableFrom": "settings",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "settings_user_id_unique": {
+          "name": "settings_user_id_unique",
+          "nullsNotDistinct": false,
+          "columns": ["user_id"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.sso_provider": {
+      "name": "sso_provider",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "issuer": {
+          "name": "issuer",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "domain": {
+          "name": "domain",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "oidc_config": {
+          "name": "oidc_config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "saml_config": {
+          "name": "saml_config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "provider_id": {
+          "name": "provider_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "organization_id": {
+          "name": "organization_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "sso_provider_provider_id_idx": {
+          "name": "sso_provider_provider_id_idx",
+          "columns": [
+            {
+              "expression": "provider_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "sso_provider_domain_idx": {
+          "name": "sso_provider_domain_idx",
+          "columns": [
+            {
+              "expression": "domain",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "sso_provider_user_id_idx": {
+          "name": "sso_provider_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "sso_provider_organization_id_idx": {
+          "name": "sso_provider_organization_id_idx",
+          "columns": [
+            {
+              "expression": "organization_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "sso_provider_user_id_user_id_fk": {
+          "name": "sso_provider_user_id_user_id_fk",
+          "tableFrom": "sso_provider",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "sso_provider_organization_id_organization_id_fk": {
+          "name": "sso_provider_organization_id_organization_id_fk",
+          "tableFrom": "sso_provider",
+          "tableTo": "organization",
+          "columnsFrom": ["organization_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.subscription": {
+      "name": "subscription",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "plan": {
+          "name": "plan",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "reference_id": {
+          "name": "reference_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "stripe_customer_id": {
+          "name": "stripe_customer_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "stripe_subscription_id": {
+          "name": "stripe_subscription_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "period_start": {
+          "name": "period_start",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "period_end": {
+          "name": "period_end",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "cancel_at_period_end": {
+          "name": "cancel_at_period_end",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "seats": {
+          "name": "seats",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "trial_start": {
+          "name": "trial_start",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "trial_end": {
+          "name": "trial_end",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "metadata": {
+          "name": "metadata",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "subscription_reference_status_idx": {
+          "name": "subscription_reference_status_idx",
+          "columns": [
+            {
+              "expression": "reference_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {
+        "check_enterprise_metadata": {
+          "name": "check_enterprise_metadata",
+          "value": "plan != 'enterprise' OR metadata IS NOT NULL"
+        }
+      },
+      "isRLSEnabled": false
+    },
+    "public.template_creators": {
+      "name": "template_creators",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "reference_type": {
+          "name": "reference_type",
+          "type": "template_creator_type",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "reference_id": {
+          "name": "reference_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "profile_image_url": {
+          "name": "profile_image_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "details": {
+          "name": "details",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "verified": {
+          "name": "verified",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "template_creators_reference_idx": {
+          "name": "template_creators_reference_idx",
+          "columns": [
+            {
+              "expression": "reference_type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "reference_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "template_creators_reference_id_idx": {
+          "name": "template_creators_reference_id_idx",
+          "columns": [
+            {
+              "expression": "reference_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "template_creators_created_by_idx": {
+          "name": "template_creators_created_by_idx",
+          "columns": [
+            {
+              "expression": "created_by",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "template_creators_created_by_user_id_fk": {
+          "name": "template_creators_created_by_user_id_fk",
+          "tableFrom": "template_creators",
+          "tableTo": "user",
+          "columnsFrom": ["created_by"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.template_stars": {
+      "name": "template_stars",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "template_id": {
+          "name": "template_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "starred_at": {
+          "name": "starred_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "template_stars_user_id_idx": {
+          "name": "template_stars_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "template_stars_template_id_idx": {
+          "name": "template_stars_template_id_idx",
+          "columns": [
+            {
+              "expression": "template_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "template_stars_user_template_idx": {
+          "name": "template_stars_user_template_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "template_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "template_stars_template_user_idx": {
+          "name": "template_stars_template_user_idx",
+          "columns": [
+            {
+              "expression": "template_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "template_stars_starred_at_idx": {
+          "name": "template_stars_starred_at_idx",
+          "columns": [
+            {
+              "expression": "starred_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "template_stars_template_starred_at_idx": {
+          "name": "template_stars_template_starred_at_idx",
+          "columns": [
+            {
+              "expression": "template_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "starred_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "template_stars_user_template_unique": {
+          "name": "template_stars_user_template_unique",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "template_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "template_stars_user_id_user_id_fk": {
+          "name": "template_stars_user_id_user_id_fk",
+          "tableFrom": "template_stars",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "template_stars_template_id_templates_id_fk": {
+          "name": "template_stars_template_id_templates_id_fk",
+          "tableFrom": "template_stars",
+          "tableTo": "templates",
+          "columnsFrom": ["template_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.templates": {
+      "name": "templates",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "details": {
+          "name": "details",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "creator_id": {
+          "name": "creator_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "views": {
+          "name": "views",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "stars": {
+          "name": "stars",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "status": {
+          "name": "status",
+          "type": "template_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "tags": {
+          "name": "tags",
+          "type": "text[]",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'::text[]"
+        },
+        "required_credentials": {
+          "name": "required_credentials",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'[]'"
+        },
+        "state": {
+          "name": "state",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "og_image_url": {
+          "name": "og_image_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "templates_status_idx": {
+          "name": "templates_status_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "templates_creator_id_idx": {
+          "name": "templates_creator_id_idx",
+          "columns": [
+            {
+              "expression": "creator_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "templates_views_idx": {
+          "name": "templates_views_idx",
+          "columns": [
+            {
+              "expression": "views",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "templates_stars_idx": {
+          "name": "templates_stars_idx",
+          "columns": [
+            {
+              "expression": "stars",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "templates_status_views_idx": {
+          "name": "templates_status_views_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "views",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "templates_status_stars_idx": {
+          "name": "templates_status_stars_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "stars",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "templates_created_at_idx": {
+          "name": "templates_created_at_idx",
+          "columns": [
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "templates_updated_at_idx": {
+          "name": "templates_updated_at_idx",
+          "columns": [
+            {
+              "expression": "updated_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "templates_workflow_id_workflow_id_fk": {
+          "name": "templates_workflow_id_workflow_id_fk",
+          "tableFrom": "templates",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        },
+        "templates_creator_id_template_creators_id_fk": {
+          "name": "templates_creator_id_template_creators_id_fk",
+          "tableFrom": "templates",
+          "tableTo": "template_creators",
+          "columnsFrom": ["creator_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.usage_log": {
+      "name": "usage_log",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "category": {
+          "name": "category",
+          "type": "usage_log_category",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "source": {
+          "name": "source",
+          "type": "usage_log_source",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "metadata": {
+          "name": "metadata",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "cost": {
+          "name": "cost",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "execution_id": {
+          "name": "execution_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "usage_log_user_created_at_idx": {
+          "name": "usage_log_user_created_at_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "usage_log_source_idx": {
+          "name": "usage_log_source_idx",
+          "columns": [
+            {
+              "expression": "source",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "usage_log_workspace_id_idx": {
+          "name": "usage_log_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "usage_log_workflow_id_idx": {
+          "name": "usage_log_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "usage_log_user_id_user_id_fk": {
+          "name": "usage_log_user_id_user_id_fk",
+          "tableFrom": "usage_log",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "usage_log_workspace_id_workspace_id_fk": {
+          "name": "usage_log_workspace_id_workspace_id_fk",
+          "tableFrom": "usage_log",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        },
+        "usage_log_workflow_id_workflow_id_fk": {
+          "name": "usage_log_workflow_id_workflow_id_fk",
+          "tableFrom": "usage_log",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.user": {
+      "name": "user",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "email": {
+          "name": "email",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "email_verified": {
+          "name": "email_verified",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "image": {
+          "name": "image",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "stripe_customer_id": {
+          "name": "stripe_customer_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "is_super_user": {
+          "name": "is_super_user",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "user_email_unique": {
+          "name": "user_email_unique",
+          "nullsNotDistinct": false,
+          "columns": ["email"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.user_stats": {
+      "name": "user_stats",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "total_manual_executions": {
+          "name": "total_manual_executions",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "total_api_calls": {
+          "name": "total_api_calls",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "total_webhook_triggers": {
+          "name": "total_webhook_triggers",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "total_scheduled_executions": {
+          "name": "total_scheduled_executions",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "total_chat_executions": {
+          "name": "total_chat_executions",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "total_tokens_used": {
+          "name": "total_tokens_used",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "total_cost": {
+          "name": "total_cost",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "current_usage_limit": {
+          "name": "current_usage_limit",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'20'"
+        },
+        "usage_limit_updated_at": {
+          "name": "usage_limit_updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "now()"
+        },
+        "current_period_cost": {
+          "name": "current_period_cost",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "last_period_cost": {
+          "name": "last_period_cost",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'0'"
+        },
+        "billed_overage_this_period": {
+          "name": "billed_overage_this_period",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "pro_period_cost_snapshot": {
+          "name": "pro_period_cost_snapshot",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'0'"
+        },
+        "credit_balance": {
+          "name": "credit_balance",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "total_copilot_cost": {
+          "name": "total_copilot_cost",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "current_period_copilot_cost": {
+          "name": "current_period_copilot_cost",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "last_period_copilot_cost": {
+          "name": "last_period_copilot_cost",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'0'"
+        },
+        "total_copilot_tokens": {
+          "name": "total_copilot_tokens",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "total_copilot_calls": {
+          "name": "total_copilot_calls",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "storage_used_bytes": {
+          "name": "storage_used_bytes",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "last_active": {
+          "name": "last_active",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "billing_blocked": {
+          "name": "billing_blocked",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "billing_blocked_reason": {
+          "name": "billing_blocked_reason",
+          "type": "billing_blocked_reason",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "user_stats_user_id_user_id_fk": {
+          "name": "user_stats_user_id_user_id_fk",
+          "tableFrom": "user_stats",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "user_stats_user_id_unique": {
+          "name": "user_stats_user_id_unique",
+          "nullsNotDistinct": false,
+          "columns": ["user_id"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.verification": {
+      "name": "verification",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "identifier": {
+          "name": "identifier",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "value": {
+          "name": "value",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "verification_identifier_idx": {
+          "name": "verification_identifier_idx",
+          "columns": [
+            {
+              "expression": "identifier",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "verification_expires_at_idx": {
+          "name": "verification_expires_at_idx",
+          "columns": [
+            {
+              "expression": "expires_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.waitlist": {
+      "name": "waitlist",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "email": {
+          "name": "email",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "waitlist_email_unique": {
+          "name": "waitlist_email_unique",
+          "nullsNotDistinct": false,
+          "columns": ["email"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.webhook": {
+      "name": "webhook",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "block_id": {
+          "name": "block_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "path": {
+          "name": "path",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "provider": {
+          "name": "provider",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "provider_config": {
+          "name": "provider_config",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "is_active": {
+          "name": "is_active",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "failed_count": {
+          "name": "failed_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 0
+        },
+        "last_failed_at": {
+          "name": "last_failed_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "credential_set_id": {
+          "name": "credential_set_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "path_idx": {
+          "name": "path_idx",
+          "columns": [
+            {
+              "expression": "path",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "idx_webhook_on_workflow_id_block_id": {
+          "name": "idx_webhook_on_workflow_id_block_id",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "block_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "webhook_credential_set_id_idx": {
+          "name": "webhook_credential_set_id_idx",
+          "columns": [
+            {
+              "expression": "credential_set_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "webhook_workflow_id_workflow_id_fk": {
+          "name": "webhook_workflow_id_workflow_id_fk",
+          "tableFrom": "webhook",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "webhook_block_id_workflow_blocks_id_fk": {
+          "name": "webhook_block_id_workflow_blocks_id_fk",
+          "tableFrom": "webhook",
+          "tableTo": "workflow_blocks",
+          "columnsFrom": ["block_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "webhook_credential_set_id_credential_set_id_fk": {
+          "name": "webhook_credential_set_id_credential_set_id_fk",
+          "tableFrom": "webhook",
+          "tableTo": "credential_set",
+          "columnsFrom": ["credential_set_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow": {
+      "name": "workflow",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "folder_id": {
+          "name": "folder_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "color": {
+          "name": "color",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'#3972F6'"
+        },
+        "last_synced": {
+          "name": "last_synced",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "is_deployed": {
+          "name": "is_deployed",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "deployed_at": {
+          "name": "deployed_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "run_count": {
+          "name": "run_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "last_run_at": {
+          "name": "last_run_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "variables": {
+          "name": "variables",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'{}'"
+        }
+      },
+      "indexes": {
+        "workflow_user_id_idx": {
+          "name": "workflow_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_workspace_id_idx": {
+          "name": "workflow_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_user_workspace_idx": {
+          "name": "workflow_user_workspace_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_user_id_user_id_fk": {
+          "name": "workflow_user_id_user_id_fk",
+          "tableFrom": "workflow",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_workspace_id_workspace_id_fk": {
+          "name": "workflow_workspace_id_workspace_id_fk",
+          "tableFrom": "workflow",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_folder_id_workflow_folder_id_fk": {
+          "name": "workflow_folder_id_workflow_folder_id_fk",
+          "tableFrom": "workflow",
+          "tableTo": "workflow_folder",
+          "columnsFrom": ["folder_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_blocks": {
+      "name": "workflow_blocks",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "position_x": {
+          "name": "position_x",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "position_y": {
+          "name": "position_y",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "horizontal_handles": {
+          "name": "horizontal_handles",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "is_wide": {
+          "name": "is_wide",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "advanced_mode": {
+          "name": "advanced_mode",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "trigger_mode": {
+          "name": "trigger_mode",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "height": {
+          "name": "height",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "sub_blocks": {
+          "name": "sub_blocks",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "outputs": {
+          "name": "outputs",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "data": {
+          "name": "data",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'{}'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_blocks_workflow_id_idx": {
+          "name": "workflow_blocks_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_blocks_type_idx": {
+          "name": "workflow_blocks_type_idx",
+          "columns": [
+            {
+              "expression": "type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_blocks_workflow_id_workflow_id_fk": {
+          "name": "workflow_blocks_workflow_id_workflow_id_fk",
+          "tableFrom": "workflow_blocks",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_checkpoints": {
+      "name": "workflow_checkpoints",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true,
+          "default": "gen_random_uuid()"
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "chat_id": {
+          "name": "chat_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "message_id": {
+          "name": "message_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "workflow_state": {
+          "name": "workflow_state",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_checkpoints_user_id_idx": {
+          "name": "workflow_checkpoints_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_checkpoints_workflow_id_idx": {
+          "name": "workflow_checkpoints_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_checkpoints_chat_id_idx": {
+          "name": "workflow_checkpoints_chat_id_idx",
+          "columns": [
+            {
+              "expression": "chat_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_checkpoints_message_id_idx": {
+          "name": "workflow_checkpoints_message_id_idx",
+          "columns": [
+            {
+              "expression": "message_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_checkpoints_user_workflow_idx": {
+          "name": "workflow_checkpoints_user_workflow_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_checkpoints_workflow_chat_idx": {
+          "name": "workflow_checkpoints_workflow_chat_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "chat_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_checkpoints_created_at_idx": {
+          "name": "workflow_checkpoints_created_at_idx",
+          "columns": [
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_checkpoints_chat_created_at_idx": {
+          "name": "workflow_checkpoints_chat_created_at_idx",
+          "columns": [
+            {
+              "expression": "chat_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_checkpoints_user_id_user_id_fk": {
+          "name": "workflow_checkpoints_user_id_user_id_fk",
+          "tableFrom": "workflow_checkpoints",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_checkpoints_workflow_id_workflow_id_fk": {
+          "name": "workflow_checkpoints_workflow_id_workflow_id_fk",
+          "tableFrom": "workflow_checkpoints",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_checkpoints_chat_id_copilot_chats_id_fk": {
+          "name": "workflow_checkpoints_chat_id_copilot_chats_id_fk",
+          "tableFrom": "workflow_checkpoints",
+          "tableTo": "copilot_chats",
+          "columnsFrom": ["chat_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_deployment_version": {
+      "name": "workflow_deployment_version",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "version": {
+          "name": "version",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "state": {
+          "name": "state",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "is_active": {
+          "name": "is_active",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "workflow_deployment_version_workflow_version_unique": {
+          "name": "workflow_deployment_version_workflow_version_unique",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "version",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_deployment_version_workflow_active_idx": {
+          "name": "workflow_deployment_version_workflow_active_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "is_active",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_deployment_version_created_at_idx": {
+          "name": "workflow_deployment_version_created_at_idx",
+          "columns": [
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_deployment_version_workflow_id_workflow_id_fk": {
+          "name": "workflow_deployment_version_workflow_id_workflow_id_fk",
+          "tableFrom": "workflow_deployment_version",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_edges": {
+      "name": "workflow_edges",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "source_block_id": {
+          "name": "source_block_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "target_block_id": {
+          "name": "target_block_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "source_handle": {
+          "name": "source_handle",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "target_handle": {
+          "name": "target_handle",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_edges_workflow_id_idx": {
+          "name": "workflow_edges_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_edges_workflow_source_idx": {
+          "name": "workflow_edges_workflow_source_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "source_block_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_edges_workflow_target_idx": {
+          "name": "workflow_edges_workflow_target_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "target_block_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_edges_workflow_id_workflow_id_fk": {
+          "name": "workflow_edges_workflow_id_workflow_id_fk",
+          "tableFrom": "workflow_edges",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_edges_source_block_id_workflow_blocks_id_fk": {
+          "name": "workflow_edges_source_block_id_workflow_blocks_id_fk",
+          "tableFrom": "workflow_edges",
+          "tableTo": "workflow_blocks",
+          "columnsFrom": ["source_block_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_edges_target_block_id_workflow_blocks_id_fk": {
+          "name": "workflow_edges_target_block_id_workflow_blocks_id_fk",
+          "tableFrom": "workflow_edges",
+          "tableTo": "workflow_blocks",
+          "columnsFrom": ["target_block_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_execution_logs": {
+      "name": "workflow_execution_logs",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "execution_id": {
+          "name": "execution_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "state_snapshot_id": {
+          "name": "state_snapshot_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "deployment_version_id": {
+          "name": "deployment_version_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "level": {
+          "name": "level",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'running'"
+        },
+        "trigger": {
+          "name": "trigger",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "started_at": {
+          "name": "started_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "ended_at": {
+          "name": "ended_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "total_duration_ms": {
+          "name": "total_duration_ms",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "execution_data": {
+          "name": "execution_data",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "cost": {
+          "name": "cost",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "files": {
+          "name": "files",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_execution_logs_workflow_id_idx": {
+          "name": "workflow_execution_logs_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_execution_logs_state_snapshot_id_idx": {
+          "name": "workflow_execution_logs_state_snapshot_id_idx",
+          "columns": [
+            {
+              "expression": "state_snapshot_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_execution_logs_deployment_version_id_idx": {
+          "name": "workflow_execution_logs_deployment_version_id_idx",
+          "columns": [
+            {
+              "expression": "deployment_version_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_execution_logs_trigger_idx": {
+          "name": "workflow_execution_logs_trigger_idx",
+          "columns": [
+            {
+              "expression": "trigger",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_execution_logs_level_idx": {
+          "name": "workflow_execution_logs_level_idx",
+          "columns": [
+            {
+              "expression": "level",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_execution_logs_started_at_idx": {
+          "name": "workflow_execution_logs_started_at_idx",
+          "columns": [
+            {
+              "expression": "started_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_execution_logs_execution_id_unique": {
+          "name": "workflow_execution_logs_execution_id_unique",
+          "columns": [
+            {
+              "expression": "execution_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_execution_logs_workflow_started_at_idx": {
+          "name": "workflow_execution_logs_workflow_started_at_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "started_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_execution_logs_workspace_started_at_idx": {
+          "name": "workflow_execution_logs_workspace_started_at_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "started_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_execution_logs_workflow_id_workflow_id_fk": {
+          "name": "workflow_execution_logs_workflow_id_workflow_id_fk",
+          "tableFrom": "workflow_execution_logs",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_execution_logs_workspace_id_workspace_id_fk": {
+          "name": "workflow_execution_logs_workspace_id_workspace_id_fk",
+          "tableFrom": "workflow_execution_logs",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_execution_logs_state_snapshot_id_workflow_execution_snapshots_id_fk": {
+          "name": "workflow_execution_logs_state_snapshot_id_workflow_execution_snapshots_id_fk",
+          "tableFrom": "workflow_execution_logs",
+          "tableTo": "workflow_execution_snapshots",
+          "columnsFrom": ["state_snapshot_id"],
+          "columnsTo": ["id"],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        },
+        "workflow_execution_logs_deployment_version_id_workflow_deployment_version_id_fk": {
+          "name": "workflow_execution_logs_deployment_version_id_workflow_deployment_version_id_fk",
+          "tableFrom": "workflow_execution_logs",
+          "tableTo": "workflow_deployment_version",
+          "columnsFrom": ["deployment_version_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_execution_snapshots": {
+      "name": "workflow_execution_snapshots",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "state_hash": {
+          "name": "state_hash",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "state_data": {
+          "name": "state_data",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_snapshots_workflow_id_idx": {
+          "name": "workflow_snapshots_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_snapshots_hash_idx": {
+          "name": "workflow_snapshots_hash_idx",
+          "columns": [
+            {
+              "expression": "state_hash",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_snapshots_workflow_hash_idx": {
+          "name": "workflow_snapshots_workflow_hash_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "state_hash",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_snapshots_created_at_idx": {
+          "name": "workflow_snapshots_created_at_idx",
+          "columns": [
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_execution_snapshots_workflow_id_workflow_id_fk": {
+          "name": "workflow_execution_snapshots_workflow_id_workflow_id_fk",
+          "tableFrom": "workflow_execution_snapshots",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_folder": {
+      "name": "workflow_folder",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "parent_id": {
+          "name": "parent_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "color": {
+          "name": "color",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'#6B7280'"
+        },
+        "is_expanded": {
+          "name": "is_expanded",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "sort_order": {
+          "name": "sort_order",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_folder_user_idx": {
+          "name": "workflow_folder_user_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_folder_workspace_parent_idx": {
+          "name": "workflow_folder_workspace_parent_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "parent_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_folder_parent_sort_idx": {
+          "name": "workflow_folder_parent_sort_idx",
+          "columns": [
+            {
+              "expression": "parent_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "sort_order",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_folder_user_id_user_id_fk": {
+          "name": "workflow_folder_user_id_user_id_fk",
+          "tableFrom": "workflow_folder",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_folder_workspace_id_workspace_id_fk": {
+          "name": "workflow_folder_workspace_id_workspace_id_fk",
+          "tableFrom": "workflow_folder",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_mcp_server": {
+      "name": "workflow_mcp_server",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_mcp_server_workspace_id_idx": {
+          "name": "workflow_mcp_server_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_mcp_server_created_by_idx": {
+          "name": "workflow_mcp_server_created_by_idx",
+          "columns": [
+            {
+              "expression": "created_by",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_mcp_server_workspace_id_workspace_id_fk": {
+          "name": "workflow_mcp_server_workspace_id_workspace_id_fk",
+          "tableFrom": "workflow_mcp_server",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_mcp_server_created_by_user_id_fk": {
+          "name": "workflow_mcp_server_created_by_user_id_fk",
+          "tableFrom": "workflow_mcp_server",
+          "tableTo": "user",
+          "columnsFrom": ["created_by"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_mcp_tool": {
+      "name": "workflow_mcp_tool",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "server_id": {
+          "name": "server_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "tool_name": {
+          "name": "tool_name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "tool_description": {
+          "name": "tool_description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "parameter_schema": {
+          "name": "parameter_schema",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_mcp_tool_server_id_idx": {
+          "name": "workflow_mcp_tool_server_id_idx",
+          "columns": [
+            {
+              "expression": "server_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_mcp_tool_workflow_id_idx": {
+          "name": "workflow_mcp_tool_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_mcp_tool_server_workflow_unique": {
+          "name": "workflow_mcp_tool_server_workflow_unique",
+          "columns": [
+            {
+              "expression": "server_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_mcp_tool_server_id_workflow_mcp_server_id_fk": {
+          "name": "workflow_mcp_tool_server_id_workflow_mcp_server_id_fk",
+          "tableFrom": "workflow_mcp_tool",
+          "tableTo": "workflow_mcp_server",
+          "columnsFrom": ["server_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_mcp_tool_workflow_id_workflow_id_fk": {
+          "name": "workflow_mcp_tool_workflow_id_workflow_id_fk",
+          "tableFrom": "workflow_mcp_tool",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_schedule": {
+      "name": "workflow_schedule",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "block_id": {
+          "name": "block_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "cron_expression": {
+          "name": "cron_expression",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "next_run_at": {
+          "name": "next_run_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "last_ran_at": {
+          "name": "last_ran_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "last_queued_at": {
+          "name": "last_queued_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "trigger_type": {
+          "name": "trigger_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "timezone": {
+          "name": "timezone",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'UTC'"
+        },
+        "failed_count": {
+          "name": "failed_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'active'"
+        },
+        "last_failed_at": {
+          "name": "last_failed_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_schedule_workflow_block_unique": {
+          "name": "workflow_schedule_workflow_block_unique",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "block_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_schedule_workflow_id_workflow_id_fk": {
+          "name": "workflow_schedule_workflow_id_workflow_id_fk",
+          "tableFrom": "workflow_schedule",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_schedule_block_id_workflow_blocks_id_fk": {
+          "name": "workflow_schedule_block_id_workflow_blocks_id_fk",
+          "tableFrom": "workflow_schedule",
+          "tableTo": "workflow_blocks",
+          "columnsFrom": ["block_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_subflows": {
+      "name": "workflow_subflows",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "config": {
+          "name": "config",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_subflows_workflow_id_idx": {
+          "name": "workflow_subflows_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_subflows_workflow_type_idx": {
+          "name": "workflow_subflows_workflow_type_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_subflows_workflow_id_workflow_id_fk": {
+          "name": "workflow_subflows_workflow_id_workflow_id_fk",
+          "tableFrom": "workflow_subflows",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workspace": {
+      "name": "workspace",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "owner_id": {
+          "name": "owner_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "billed_account_user_id": {
+          "name": "billed_account_user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "allow_personal_api_keys": {
+          "name": "allow_personal_api_keys",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "workspace_owner_id_user_id_fk": {
+          "name": "workspace_owner_id_user_id_fk",
+          "tableFrom": "workspace",
+          "tableTo": "user",
+          "columnsFrom": ["owner_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workspace_billed_account_user_id_user_id_fk": {
+          "name": "workspace_billed_account_user_id_user_id_fk",
+          "tableFrom": "workspace",
+          "tableTo": "user",
+          "columnsFrom": ["billed_account_user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workspace_byok_keys": {
+      "name": "workspace_byok_keys",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "provider_id": {
+          "name": "provider_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "encrypted_api_key": {
+          "name": "encrypted_api_key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workspace_byok_provider_unique": {
+          "name": "workspace_byok_provider_unique",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "provider_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_byok_workspace_idx": {
+          "name": "workspace_byok_workspace_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workspace_byok_keys_workspace_id_workspace_id_fk": {
+          "name": "workspace_byok_keys_workspace_id_workspace_id_fk",
+          "tableFrom": "workspace_byok_keys",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workspace_byok_keys_created_by_user_id_fk": {
+          "name": "workspace_byok_keys_created_by_user_id_fk",
+          "tableFrom": "workspace_byok_keys",
+          "tableTo": "user",
+          "columnsFrom": ["created_by"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workspace_environment": {
+      "name": "workspace_environment",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "variables": {
+          "name": "variables",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workspace_environment_workspace_unique": {
+          "name": "workspace_environment_workspace_unique",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workspace_environment_workspace_id_workspace_id_fk": {
+          "name": "workspace_environment_workspace_id_workspace_id_fk",
+          "tableFrom": "workspace_environment",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workspace_file": {
+      "name": "workspace_file",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "size": {
+          "name": "size",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "uploaded_by": {
+          "name": "uploaded_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "uploaded_at": {
+          "name": "uploaded_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workspace_file_workspace_id_idx": {
+          "name": "workspace_file_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_file_key_idx": {
+          "name": "workspace_file_key_idx",
+          "columns": [
+            {
+              "expression": "key",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workspace_file_workspace_id_workspace_id_fk": {
+          "name": "workspace_file_workspace_id_workspace_id_fk",
+          "tableFrom": "workspace_file",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workspace_file_uploaded_by_user_id_fk": {
+          "name": "workspace_file_uploaded_by_user_id_fk",
+          "tableFrom": "workspace_file",
+          "tableTo": "user",
+          "columnsFrom": ["uploaded_by"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "workspace_file_key_unique": {
+          "name": "workspace_file_key_unique",
+          "nullsNotDistinct": false,
+          "columns": ["key"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workspace_files": {
+      "name": "workspace_files",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "context": {
+          "name": "context",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "original_name": {
+          "name": "original_name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "content_type": {
+          "name": "content_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "size": {
+          "name": "size",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "uploaded_at": {
+          "name": "uploaded_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workspace_files_key_idx": {
+          "name": "workspace_files_key_idx",
+          "columns": [
+            {
+              "expression": "key",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_files_user_id_idx": {
+          "name": "workspace_files_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_files_workspace_id_idx": {
+          "name": "workspace_files_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_files_context_idx": {
+          "name": "workspace_files_context_idx",
+          "columns": [
+            {
+              "expression": "context",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workspace_files_user_id_user_id_fk": {
+          "name": "workspace_files_user_id_user_id_fk",
+          "tableFrom": "workspace_files",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workspace_files_workspace_id_workspace_id_fk": {
+          "name": "workspace_files_workspace_id_workspace_id_fk",
+          "tableFrom": "workspace_files",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "workspace_files_key_unique": {
+          "name": "workspace_files_key_unique",
+          "nullsNotDistinct": false,
+          "columns": ["key"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workspace_invitation": {
+      "name": "workspace_invitation",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "email": {
+          "name": "email",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "inviter_id": {
+          "name": "inviter_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "role": {
+          "name": "role",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'member'"
+        },
+        "status": {
+          "name": "status",
+          "type": "workspace_invitation_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "token": {
+          "name": "token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "permissions": {
+          "name": "permissions",
+          "type": "permission_type",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'admin'"
+        },
+        "org_invitation_id": {
+          "name": "org_invitation_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "workspace_invitation_workspace_id_workspace_id_fk": {
+          "name": "workspace_invitation_workspace_id_workspace_id_fk",
+          "tableFrom": "workspace_invitation",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workspace_invitation_inviter_id_user_id_fk": {
+          "name": "workspace_invitation_inviter_id_user_id_fk",
+          "tableFrom": "workspace_invitation",
+          "tableTo": "user",
+          "columnsFrom": ["inviter_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "workspace_invitation_token_unique": {
+          "name": "workspace_invitation_token_unique",
+          "nullsNotDistinct": false,
+          "columns": ["token"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workspace_notification_delivery": {
+      "name": "workspace_notification_delivery",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "subscription_id": {
+          "name": "subscription_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "execution_id": {
+          "name": "execution_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "notification_delivery_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "attempts": {
+          "name": "attempts",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "last_attempt_at": {
+          "name": "last_attempt_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "next_attempt_at": {
+          "name": "next_attempt_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "response_status": {
+          "name": "response_status",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "response_body": {
+          "name": "response_body",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "error_message": {
+          "name": "error_message",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workspace_notification_delivery_subscription_id_idx": {
+          "name": "workspace_notification_delivery_subscription_id_idx",
+          "columns": [
+            {
+              "expression": "subscription_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_notification_delivery_execution_id_idx": {
+          "name": "workspace_notification_delivery_execution_id_idx",
+          "columns": [
+            {
+              "expression": "execution_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_notification_delivery_status_idx": {
+          "name": "workspace_notification_delivery_status_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_notification_delivery_next_attempt_idx": {
+          "name": "workspace_notification_delivery_next_attempt_idx",
+          "columns": [
+            {
+              "expression": "next_attempt_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workspace_notification_delivery_subscription_id_workspace_notification_subscription_id_fk": {
+          "name": "workspace_notification_delivery_subscription_id_workspace_notification_subscription_id_fk",
+          "tableFrom": "workspace_notification_delivery",
+          "tableTo": "workspace_notification_subscription",
+          "columnsFrom": ["subscription_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workspace_notification_delivery_workflow_id_workflow_id_fk": {
+          "name": "workspace_notification_delivery_workflow_id_workflow_id_fk",
+          "tableFrom": "workspace_notification_delivery",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workspace_notification_subscription": {
+      "name": "workspace_notification_subscription",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "notification_type": {
+          "name": "notification_type",
+          "type": "notification_type",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workflow_ids": {
+          "name": "workflow_ids",
+          "type": "text[]",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'::text[]"
+        },
+        "all_workflows": {
+          "name": "all_workflows",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "level_filter": {
+          "name": "level_filter",
+          "type": "text[]",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "ARRAY['info', 'error']::text[]"
+        },
+        "trigger_filter": {
+          "name": "trigger_filter",
+          "type": "text[]",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "ARRAY['api', 'webhook', 'schedule', 'manual', 'chat']::text[]"
+        },
+        "include_final_output": {
+          "name": "include_final_output",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "include_trace_spans": {
+          "name": "include_trace_spans",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "include_rate_limits": {
+          "name": "include_rate_limits",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "include_usage_data": {
+          "name": "include_usage_data",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "webhook_config": {
+          "name": "webhook_config",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "email_recipients": {
+          "name": "email_recipients",
+          "type": "text[]",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "slack_config": {
+          "name": "slack_config",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "alert_config": {
+          "name": "alert_config",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "last_alert_at": {
+          "name": "last_alert_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "active": {
+          "name": "active",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workspace_notification_workspace_id_idx": {
+          "name": "workspace_notification_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_notification_active_idx": {
+          "name": "workspace_notification_active_idx",
+          "columns": [
+            {
+              "expression": "active",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_notification_type_idx": {
+          "name": "workspace_notification_type_idx",
+          "columns": [
+            {
+              "expression": "notification_type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workspace_notification_subscription_workspace_id_workspace_id_fk": {
+          "name": "workspace_notification_subscription_workspace_id_workspace_id_fk",
+          "tableFrom": "workspace_notification_subscription",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workspace_notification_subscription_created_by_user_id_fk": {
+          "name": "workspace_notification_subscription_created_by_user_id_fk",
+          "tableFrom": "workspace_notification_subscription",
+          "tableTo": "user",
+          "columnsFrom": ["created_by"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    }
+  },
+  "enums": {
+    "public.billing_blocked_reason": {
+      "name": "billing_blocked_reason",
+      "schema": "public",
+      "values": ["payment_failed", "dispute"]
+    },
+    "public.credential_set_invitation_status": {
+      "name": "credential_set_invitation_status",
+      "schema": "public",
+      "values": ["pending", "accepted", "expired", "cancelled"]
+    },
+    "public.credential_set_member_status": {
+      "name": "credential_set_member_status",
+      "schema": "public",
+      "values": ["active", "pending", "revoked"]
+    },
+    "public.notification_delivery_status": {
+      "name": "notification_delivery_status",
+      "schema": "public",
+      "values": ["pending", "in_progress", "success", "failed"]
+    },
+    "public.notification_type": {
+      "name": "notification_type",
+      "schema": "public",
+      "values": ["webhook", "email", "slack"]
+    },
+    "public.permission_type": {
+      "name": "permission_type",
+      "schema": "public",
+      "values": ["admin", "write", "read"]
+    },
+    "public.template_creator_type": {
+      "name": "template_creator_type",
+      "schema": "public",
+      "values": ["user", "organization"]
+    },
+    "public.template_status": {
+      "name": "template_status",
+      "schema": "public",
+      "values": ["pending", "approved", "rejected"]
+    },
+    "public.usage_log_category": {
+      "name": "usage_log_category",
+      "schema": "public",
+      "values": ["model", "fixed"]
+    },
+    "public.usage_log_source": {
+      "name": "usage_log_source",
+      "schema": "public",
+      "values": ["workflow", "wand", "copilot"]
+    },
+    "public.workspace_invitation_status": {
+      "name": "workspace_invitation_status",
+      "schema": "public",
+      "values": ["pending", "accepted", "rejected", "cancelled"]
+    }
+  },
+  "schemas": {},
+  "sequences": {},
+  "roles": {},
+  "policies": {},
+  "views": {},
+  "_meta": {
+    "columns": {},
+    "schemas": {},
+    "tables": {}
+  }
+}
diff --git a/packages/db/migrations/meta/_journal.json b/packages/db/migrations/meta/_journal.json
index 26a68ca9ab..1094a146ba 100644
--- a/packages/db/migrations/meta/_journal.json
+++ b/packages/db/migrations/meta/_journal.json
@@ -939,6 +939,20 @@
       "when": 1766779827389,
       "tag": "0134_parallel_galactus",
       "breakpoints": true
+    },
+    {
+      "idx": 135,
+      "version": "7",
+      "when": 1767737974016,
+      "tag": "0135_stormy_puff_adder",
+      "breakpoints": true
+    },
+    {
+      "idx": 136,
+      "version": "7",
+      "when": 1767905804764,
+      "tag": "0136_pretty_jack_flag",
+      "breakpoints": true
     }
   ]
 }
diff --git a/packages/db/schema.ts b/packages/db/schema.ts
index 692fb11497..abbfdcf14a 100644
--- a/packages/db/schema.ts
+++ b/packages/db/schema.ts
@@ -527,6 +527,9 @@ export const webhook = pgTable(
     isActive: boolean('is_active').notNull().default(true),
     failedCount: integer('failed_count').default(0), // Track consecutive failures
     lastFailedAt: timestamp('last_failed_at'), // When the webhook last failed
+    credentialSetId: text('credential_set_id').references(() => credentialSet.id, {
+      onDelete: 'set null',
+    }), // For credential set webhooks - enables efficient queries
     createdAt: timestamp('created_at').notNull().defaultNow(),
     updatedAt: timestamp('updated_at').notNull().defaultNow(),
   },
@@ -539,6 +542,8 @@ export const webhook = pgTable(
         table.workflowId,
         table.blockId
       ),
+      // Optimize queries for credential set webhooks
+      credentialSetIdIdx: index('webhook_credential_set_id_idx').on(table.credentialSetId),
     }
   }
 )
@@ -819,7 +824,7 @@ export const member = pgTable(
     createdAt: timestamp('created_at').defaultNow().notNull(),
   },
   (table) => ({
-    userIdIdx: index('member_user_id_idx').on(table.userId),
+    userIdUnique: uniqueIndex('member_user_id_unique').on(table.userId), // Users can only belong to one org
     organizationIdIdx: index('member_organization_id_idx').on(table.organizationId),
   })
 )
@@ -1777,3 +1782,98 @@ export const usageLog = pgTable(
     workflowIdIdx: index('usage_log_workflow_id_idx').on(table.workflowId),
   })
 )
+
+export const credentialSet = pgTable(
+  'credential_set',
+  {
+    id: text('id').primaryKey(),
+    organizationId: text('organization_id')
+      .notNull()
+      .references(() => organization.id, { onDelete: 'cascade' }),
+    name: text('name').notNull(),
+    description: text('description'),
+    providerId: text('provider_id').notNull(),
+    createdBy: text('created_by')
+      .notNull()
+      .references(() => user.id, { onDelete: 'cascade' }),
+    createdAt: timestamp('created_at').notNull().defaultNow(),
+    updatedAt: timestamp('updated_at').notNull().defaultNow(),
+  },
+  (table) => ({
+    organizationIdIdx: index('credential_set_organization_id_idx').on(table.organizationId),
+    createdByIdx: index('credential_set_created_by_idx').on(table.createdBy),
+    orgNameUnique: uniqueIndex('credential_set_org_name_unique').on(
+      table.organizationId,
+      table.name
+    ),
+    providerIdIdx: index('credential_set_provider_id_idx').on(table.providerId),
+  })
+)
+
+export const credentialSetMemberStatusEnum = pgEnum('credential_set_member_status', [
+  'active',
+  'pending',
+  'revoked',
+])
+
+export const credentialSetMember = pgTable(
+  'credential_set_member',
+  {
+    id: text('id').primaryKey(),
+    credentialSetId: text('credential_set_id')
+      .notNull()
+      .references(() => credentialSet.id, { onDelete: 'cascade' }),
+    userId: text('user_id')
+      .notNull()
+      .references(() => user.id, { onDelete: 'cascade' }),
+    status: credentialSetMemberStatusEnum('status').notNull().default('pending'),
+    joinedAt: timestamp('joined_at'),
+    invitedBy: text('invited_by').references(() => user.id, { onDelete: 'set null' }),
+    createdAt: timestamp('created_at').notNull().defaultNow(),
+    updatedAt: timestamp('updated_at').notNull().defaultNow(),
+  },
+  (table) => ({
+    credentialSetIdIdx: index('credential_set_member_set_id_idx').on(table.credentialSetId),
+    userIdIdx: index('credential_set_member_user_id_idx').on(table.userId),
+    uniqueMembership: uniqueIndex('credential_set_member_unique').on(
+      table.credentialSetId,
+      table.userId
+    ),
+    statusIdx: index('credential_set_member_status_idx').on(table.status),
+  })
+)
+
+export const credentialSetInvitationStatusEnum = pgEnum('credential_set_invitation_status', [
+  'pending',
+  'accepted',
+  'expired',
+  'cancelled',
+])
+
+export const credentialSetInvitation = pgTable(
+  'credential_set_invitation',
+  {
+    id: text('id').primaryKey(),
+    credentialSetId: text('credential_set_id')
+      .notNull()
+      .references(() => credentialSet.id, { onDelete: 'cascade' }),
+    email: text('email'),
+    token: text('token').notNull().unique(),
+    invitedBy: text('invited_by')
+      .notNull()
+      .references(() => user.id, { onDelete: 'cascade' }),
+    status: credentialSetInvitationStatusEnum('status').notNull().default('pending'),
+    expiresAt: timestamp('expires_at').notNull(),
+    acceptedAt: timestamp('accepted_at'),
+    acceptedByUserId: text('accepted_by_user_id').references(() => user.id, {
+      onDelete: 'set null',
+    }),
+    createdAt: timestamp('created_at').notNull().defaultNow(),
+  },
+  (table) => ({
+    credentialSetIdIdx: index('credential_set_invitation_set_id_idx').on(table.credentialSetId),
+    tokenIdx: index('credential_set_invitation_token_idx').on(table.token),
+    statusIdx: index('credential_set_invitation_status_idx').on(table.status),
+    expiresAtIdx: index('credential_set_invitation_expires_at_idx').on(table.expiresAt),
+  })
+)