diff --git a/apps/docs/content/docs/en/tools/stt.mdx b/apps/docs/content/docs/en/tools/stt.mdx
index 6920544178b..eecd270fe1c 100644
--- a/apps/docs/content/docs/en/tools/stt.mdx
+++ b/apps/docs/content/docs/en/tools/stt.mdx
@@ -120,7 +120,7 @@ Transcribe audio and video files to text using leading AI providers. Supports mu
 | --------- | ---- | -------- | ----------- |
 | `provider` | string | Yes | STT provider \(elevenlabs\) |
 | `apiKey` | string | Yes | ElevenLabs API key |
-| `model` | string | No | ElevenLabs model to use \(scribe_v1, scribe_v1_experimental\) |
+| `model` | string | No | ElevenLabs model to use \(scribe_v2\) |
 | `audioFile` | file | No | Audio or video file to transcribe \(e.g., MP3, WAV, M4A, WEBM\) |
 | `audioFileReference` | file | No | Reference to audio/video file from previous blocks |
 | `audioUrl` | string | No | URL to audio or video file |
diff --git a/apps/realtime/src/handlers/index.ts b/apps/realtime/src/handlers/index.ts
index 6ded2e54741..8977eea550a 100644
--- a/apps/realtime/src/handlers/index.ts
+++ b/apps/realtime/src/handlers/index.ts
@@ -2,6 +2,7 @@ import { setupConnectionHandlers } from '@/handlers/connection'
 import { setupOperationsHandlers } from '@/handlers/operations'
 import { setupPresenceHandlers } from '@/handlers/presence'
 import { setupSubblocksHandlers } from '@/handlers/subblocks'
+import { setupTableHandlers } from '@/handlers/tables'
 import { setupVariablesHandlers } from '@/handlers/variables'
 import { setupWorkflowHandlers } from '@/handlers/workflow'
 import type { AuthenticatedSocket } from '@/middleware/auth'
@@ -13,5 +14,6 @@ export function setupAllHandlers(socket: AuthenticatedSocket, roomManager: IRoom
   setupSubblocksHandlers(socket, roomManager)
   setupVariablesHandlers(socket, roomManager)
   setupPresenceHandlers(socket, roomManager)
+  setupTableHandlers(socket, roomManager)
   setupConnectionHandlers(socket, roomManager)
 }
diff --git a/apps/realtime/src/handlers/tables.ts b/apps/realtime/src/handlers/tables.ts
new file mode 100644
index 00000000000..ae9a7c6f003
--- /dev/null
+++ b/apps/realtime/src/handlers/tables.ts
@@ -0,0 +1,73 @@
+import { createLogger } from '@sim/logger'
+import type { AuthenticatedSocket } from '@/middleware/auth'
+import { verifyTableAccess } from '@/middleware/permissions'
+import { type IRoomManager, tableRoomName } from '@/rooms/types'
+
+const logger = createLogger('TableHandlers')
+
+/**
+ * Wires `join-table` / `leave-table` socket events. Tables don't track presence
+ * or last-modified state — joining is a thin wrapper around `socket.join` so the
+ * Sim API → Realtime HTTP bridge can broadcast row updates back to subscribed clients.
+ */
+export function setupTableHandlers(socket: AuthenticatedSocket, _roomManager: IRoomManager) {
+  socket.on('join-table', async ({ tableId }: { tableId?: string }) => {
+    try {
+      if (!tableId || typeof tableId !== 'string') {
+        socket.emit('join-table-error', {
+          tableId: tableId ?? null,
+          error: 'tableId required',
+          code: 'INVALID_TABLE_ID',
+          retryable: false,
+        })
+        return
+      }
+
+      const userId = socket.userId
+      if (!userId) {
+        socket.emit('join-table-error', {
+          tableId,
+          error: 'Authentication required',
+          code: 'AUTHENTICATION_REQUIRED',
+          retryable: false,
+        })
+        return
+      }
+
+      const { hasAccess } = await verifyTableAccess(userId, tableId)
+      if (!hasAccess) {
+        socket.emit('join-table-error', {
+          tableId,
+          error: 'Access denied to table',
+          code: 'ACCESS_DENIED',
+          retryable: false,
+        })
+        return
+      }
+
+      const room = tableRoomName(tableId)
+      socket.join(room)
+      socket.emit('join-table-success', { tableId, socketId: socket.id })
+      logger.debug(`Socket ${socket.id} (user ${userId}) joined ${room}`)
+    } catch (error) {
+      logger.error(`Error joining table room:`, error)
+      socket.emit('join-table-error', {
+        tableId: null,
+        error: 'Failed to join table',
+        code: 'JOIN_TABLE_FAILED',
+        retryable: true,
+      })
+    }
+  })
+
+  socket.on('leave-table', async ({ tableId }: { tableId?: string }) => {
+    try {
+      if (!tableId || typeof tableId !== 'string') return
+      const room = tableRoomName(tableId)
+      socket.leave(room)
+      logger.debug(`Socket ${socket.id} left ${room}`)
+    } catch (error) {
+      logger.error(`Error leaving table room:`, error)
+    }
+  })
+}
diff --git a/apps/realtime/src/middleware/permissions.ts b/apps/realtime/src/middleware/permissions.ts
index dcc893b1478..db97b16f8a2 100644
--- a/apps/realtime/src/middleware/permissions.ts
+++ b/apps/realtime/src/middleware/permissions.ts
@@ -131,3 +131,51 @@ export async function verifyWorkflowAccess(
     return { hasAccess: false }
   }
 }
+
+/**
+ * Verify a user has read access to a table by virtue of workspace permission.
+ * Mirrors `verifyWorkflowAccess` for the table-room socket join check.
+ */
+export async function verifyTableAccess(
+  userId: string,
+  tableId: string
+): Promise<{ hasAccess: boolean; workspaceId?: string }> {
+  try {
+    const { userTableDefinitions, permissions } = await import('@sim/db')
+    const tableData = await db
+      .select({ workspaceId: userTableDefinitions.workspaceId })
+      .from(userTableDefinitions)
+      .where(and(eq(userTableDefinitions.id, tableId), isNull(userTableDefinitions.archivedAt)))
+      .limit(1)
+
+    if (!tableData.length) {
+      logger.warn(`Table ${tableId} not found`)
+      return { hasAccess: false }
+    }
+    const { workspaceId } = tableData[0]
+    if (!workspaceId) return { hasAccess: false }
+
+    const [permissionRow] = await db
+      .select({ permissionType: permissions.permissionType })
+      .from(permissions)
+      .where(
+        and(
+          eq(permissions.userId, userId),
+          eq(permissions.entityType, 'workspace'),
+          eq(permissions.entityId, workspaceId)
+        )
+      )
+      .limit(1)
+
+    if (!permissionRow?.permissionType) {
+      logger.warn(
+        `User ${userId} has no permission for workspace ${workspaceId} (table ${tableId})`
+      )
+      return { hasAccess: false }
+    }
+    return { hasAccess: true, workspaceId }
+  } catch (error) {
+    logger.error(`Error verifying table access for user ${userId}, table ${tableId}:`, error)
+    return { hasAccess: false }
+  }
+}
diff --git a/apps/realtime/src/rooms/memory-manager.ts b/apps/realtime/src/rooms/memory-manager.ts
index a032e785bb5..0cd37daf493 100644
--- a/apps/realtime/src/rooms/memory-manager.ts
+++ b/apps/realtime/src/rooms/memory-manager.ts
@@ -1,6 +1,13 @@
 import { createLogger } from '@sim/logger'
 import type { Server } from 'socket.io'
-import type { IRoomManager, UserPresence, UserSession, WorkflowRoom } from '@/rooms/types'
+import {
+  type IRoomManager,
+  type TableRowUpdatedPayload,
+  tableRoomName,
+  type UserPresence,
+  type UserSession,
+  type WorkflowRoom,
+} from '@/rooms/types'
 
 const logger = createLogger('MemoryRoomManager')
 
@@ -255,4 +262,23 @@ export class MemoryRoomManager implements IRoomManager {
 
     logger.info(`Notified ${room.users.size} users about workflow deployment change: ${workflowId}`)
   }
+
+  emitToTable<T = unknown>(tableId: string, event: string, payload: T): void {
+    this._io.to(tableRoomName(tableId)).emit(event, payload)
+  }
+
+  async handleTableRowUpdated(tableId: string, payload: TableRowUpdatedPayload): Promise<void> {
+    this.emitToTable(tableId, 'table-row-updated', { tableId, ...payload })
+  }
+
+  async handleTableRowDeleted(tableId: string, rowId: string): Promise<void> {
+    this.emitToTable(tableId, 'table-row-deleted', { tableId, rowId })
+  }
+
+  async handleTableDeleted(tableId: string): Promise<void> {
+    logger.info(`Handling table deletion notification for ${tableId}`)
+    this.emitToTable(tableId, 'table-deleted', { tableId, timestamp: Date.now() })
+    // Eject sockets so they don't hold a stale room. Cross-pod safe via socket.io.
+    await this._io.in(tableRoomName(tableId)).socketsLeave(tableRoomName(tableId))
+  }
 }
diff --git a/apps/realtime/src/rooms/redis-manager.ts b/apps/realtime/src/rooms/redis-manager.ts
index 0e6b3eadf2b..0fb41417906 100644
--- a/apps/realtime/src/rooms/redis-manager.ts
+++ b/apps/realtime/src/rooms/redis-manager.ts
@@ -1,7 +1,13 @@
 import { createLogger } from '@sim/logger'
 import { createClient, type RedisClientType } from 'redis'
 import type { Server } from 'socket.io'
-import type { IRoomManager, UserPresence, UserSession } from '@/rooms/types'
+import {
+  type IRoomManager,
+  type TableRowUpdatedPayload,
+  tableRoomName,
+  type UserPresence,
+  type UserSession,
+} from '@/rooms/types'
 
 const logger = createLogger('RedisRoomManager')
 
@@ -457,4 +463,23 @@ export class RedisRoomManager implements IRoomManager {
     const userCount = await this.getUniqueUserCount(workflowId)
     logger.info(`Notified ${userCount} users about workflow deployment change: ${workflowId}`)
   }
+
+  emitToTable<T = unknown>(tableId: string, event: string, payload: T): void {
+    this._io.to(tableRoomName(tableId)).emit(event, payload)
+  }
+
+  async handleTableRowUpdated(tableId: string, payload: TableRowUpdatedPayload): Promise<void> {
+    this.emitToTable(tableId, 'table-row-updated', { tableId, ...payload })
+  }
+
+  async handleTableRowDeleted(tableId: string, rowId: string): Promise<void> {
+    this.emitToTable(tableId, 'table-row-deleted', { tableId, rowId })
+  }
+
+  async handleTableDeleted(tableId: string): Promise<void> {
+    logger.info(`Handling table deletion notification for ${tableId}`)
+    this.emitToTable(tableId, 'table-deleted', { tableId, timestamp: Date.now() })
+    // Eject sockets across all pods via socket.io's Redis adapter.
+    await this._io.in(tableRoomName(tableId)).socketsLeave(tableRoomName(tableId))
+  }
 }
diff --git a/apps/realtime/src/rooms/types.ts b/apps/realtime/src/rooms/types.ts
index 9553a427e1e..9c15c967d54 100644
--- a/apps/realtime/src/rooms/types.ts
+++ b/apps/realtime/src/rooms/types.ts
@@ -143,4 +143,45 @@ export interface IRoomManager {
    * Handle workflow deployment change - notify users to refresh deployment state
    */
   handleWorkflowDeployed(workflowId: string): Promise<void>
+
+  /**
+   * Emit an event to all clients in a table room (`table:${tableId}`).
+   * Tables don't track presence/last-modified state — just pub/sub.
+   */
+  emitToTable<T = unknown>(tableId: string, event: string, payload: T): void
+
+  /**
+   * Notify all clients in a table room of a row write (insert/update/cell-state-change).
+   * Sim API calls this via the `/api/table-row-updated` HTTP bridge after every successful
+   * row commit; the client merges the delta into its React Query cache.
+   */
+  handleTableRowUpdated(tableId: string, payload: TableRowUpdatedPayload): Promise<void>
+
+  /**
+   * Notify all clients in a table room that a row has been deleted.
+   */
+  handleTableRowDeleted(tableId: string, rowId: string): Promise<void>
+
+  /**
+   * Notify all clients in a table room that the table has been deleted; eject sockets.
+   */
+  handleTableDeleted(tableId: string): Promise<void>
+}
+
+/**
+ * Payload broadcast on `table-row-updated`. Mirrors the shape of `TableRow.data` so
+ * the client can merge directly into its React Query rows cache. `position` and
+ * `updatedAt` are included for cache reconciliation; `data` is the full row data
+ * (not a per-cell delta) — see plan Notes.
+ */
+export interface TableRowUpdatedPayload {
+  rowId: string
+  data: Record<string, unknown>
+  /** Per-workflow-group execution state. Keyed by `WorkflowGroup.id`. */
+  executions?: Record<string, unknown>
+  position: number
+  updatedAt: string | number
 }
+
+/** Socket.IO room name for a table. Namespaced from workflow rooms. */
+export const tableRoomName = (tableId: string): string => `table:${tableId}`
diff --git a/apps/realtime/src/routes/http.ts b/apps/realtime/src/routes/http.ts
index 0f8ed73cc52..78cd89e63d9 100644
--- a/apps/realtime/src/routes/http.ts
+++ b/apps/realtime/src/routes/http.ts
@@ -150,6 +150,52 @@ export function createHttpHandler(roomManager: IRoomManager, logger: Logger) {
       return
     }
 
+    // Handle table row write notifications from the Sim API
+    if (req.method === 'POST' && req.url === '/api/table-row-updated') {
+      try {
+        const body = await readRequestBody(req)
+        const { tableId, rowId, data, executions, position, updatedAt } = JSON.parse(body)
+        await roomManager.handleTableRowUpdated(tableId, {
+          rowId,
+          data,
+          executions,
+          position,
+          updatedAt,
+        })
+        sendSuccess(res)
+      } catch (error) {
+        logger.error('Error handling table row update notification:', error)
+        sendError(res, 'Failed to process table row update')
+      }
+      return
+    }
+
+    if (req.method === 'POST' && req.url === '/api/table-row-deleted') {
+      try {
+        const body = await readRequestBody(req)
+        const { tableId, rowId } = JSON.parse(body)
+        await roomManager.handleTableRowDeleted(tableId, rowId)
+        sendSuccess(res)
+      } catch (error) {
+        logger.error('Error handling table row deletion notification:', error)
+        sendError(res, 'Failed to process table row deletion')
+      }
+      return
+    }
+
+    if (req.method === 'POST' && req.url === '/api/table-deleted') {
+      try {
+        const body = await readRequestBody(req)
+        const { tableId } = JSON.parse(body)
+        await roomManager.handleTableDeleted(tableId)
+        sendSuccess(res)
+      } catch (error) {
+        logger.error('Error handling table deletion notification:', error)
+        sendError(res, 'Failed to process table deletion')
+      }
+      return
+    }
+
     res.writeHead(404, { 'Content-Type': 'application/json' })
     res.end(JSON.stringify({ error: 'Not found' }))
   }
diff --git a/apps/sim/app/api/auth/oauth/disconnect/route.ts b/apps/sim/app/api/auth/oauth/disconnect/route.ts
index 9bef61cf08e..a8fa4cfa2b6 100644
--- a/apps/sim/app/api/auth/oauth/disconnect/route.ts
+++ b/apps/sim/app/api/auth/oauth/disconnect/route.ts
@@ -1,14 +1,15 @@
 import { AuditAction, AuditResourceType, recordAudit } from '@sim/audit'
 import { db } from '@sim/db'
-import { account, credentialSet, credentialSetMember } from '@sim/db/schema'
+import { account, credential, credentialSet, credentialSetMember } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
-import { and, eq, like, or } from 'drizzle-orm'
+import { and, eq, inArray, like, or } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { disconnectOAuthContract } from '@/lib/api/contracts/oauth-connections'
 import { getValidationErrorMessage, parseRequest } from '@/lib/api/server'
 import { getSession } from '@/lib/auth'
 import { generateRequestId } from '@/lib/core/utils/request'
 import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
+import { deleteCredential } from '@/lib/credentials/deletion'
 import { syncAllWebhooksForCredentialSet } from '@/lib/webhooks/utils.server'
 
 export const dynamic = 'force-dynamic'
@@ -52,27 +53,39 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
       hasProviderId: !!providerId,
     })
 
-    // If a specific account row ID is provided, delete that exact account
-    if (accountId) {
-      await db
-        .delete(account)
-        .where(and(eq(account.userId, session.user.id), eq(account.id, accountId)))
-    } else if (providerId) {
-      // If a specific providerId is provided, delete accounts for that provider ID
-      await db
-        .delete(account)
-        .where(and(eq(account.userId, session.user.id), eq(account.providerId, providerId)))
-    } else {
-      // Otherwise, delete all accounts for this provider
-      // Handle both exact matches (e.g., 'confluence') and prefixed matches (e.g., 'google-email')
-      await db
-        .delete(account)
-        .where(
-          and(
+    // Delete credentials before their accounts so deleteCredential can clear
+    // stored references first. Otherwise FK CASCADE would orphan them silently.
+    const accountFilter = accountId
+      ? and(eq(account.userId, session.user.id), eq(account.id, accountId))
+      : providerId
+        ? and(eq(account.userId, session.user.id), eq(account.providerId, providerId))
+        : and(
             eq(account.userId, session.user.id),
             or(eq(account.providerId, provider), like(account.providerId, `${provider}-%`))
           )
-        )
+
+    const targetAccounts = await db.select({ id: account.id }).from(account).where(accountFilter)
+
+    const targetAccountIds = targetAccounts.map((a) => a.id)
+
+    if (targetAccountIds.length > 0) {
+      const credentialsToDelete = await db
+        .select({ id: credential.id })
+        .from(credential)
+        .where(inArray(credential.accountId, targetAccountIds))
+
+      for (const cred of credentialsToDelete) {
+        await deleteCredential({
+          credentialId: cred.id,
+          actorId: session.user.id,
+          actorName: session.user.name,
+          actorEmail: session.user.email,
+          reason: 'oauth_disconnect',
+          request,
+        })
+      }
+
+      await db.delete(account).where(inArray(account.id, targetAccountIds))
     }
 
     // Sync webhooks for all credential sets the user is a member of
diff --git a/apps/sim/app/api/chat/[identifier]/route.ts b/apps/sim/app/api/chat/[identifier]/route.ts
index 24e6b709997..a6dff447355 100644
--- a/apps/sim/app/api/chat/[identifier]/route.ts
+++ b/apps/sim/app/api/chat/[identifier]/route.ts
@@ -149,7 +149,9 @@ export const POST = withRouteHandler(
           request
         )
 
-        setChatAuthCookie(response, deployment.id, deployment.authType, deployment.password)
+        if (deployment.authType !== 'sso') {
+          setChatAuthCookie(response, deployment.id, deployment.authType, deployment.password)
+        }
 
         return response
       }
@@ -358,6 +360,7 @@ export const GET = withRouteHandler(
 
       if (
         deployment.authType !== 'public' &&
+        deployment.authType !== 'sso' &&
         authCookie &&
         validateAuthToken(authCookie.value, deployment.id, deployment.password)
       ) {
diff --git a/apps/sim/app/api/chat/[identifier]/sso/route.ts b/apps/sim/app/api/chat/[identifier]/sso/route.ts
new file mode 100644
index 00000000000..812f27df5b3
--- /dev/null
+++ b/apps/sim/app/api/chat/[identifier]/sso/route.ts
@@ -0,0 +1,81 @@
+import { db } from '@sim/db'
+import { chat } from '@sim/db/schema'
+import { createLogger } from '@sim/logger'
+import { and, eq, isNull } from 'drizzle-orm'
+import type { NextRequest } from 'next/server'
+import { chatSSOContract } from '@/lib/api/contracts/chats'
+import { parseRequest } from '@/lib/api/server'
+import type { TokenBucketConfig } from '@/lib/core/rate-limiter'
+import { RateLimiter } from '@/lib/core/rate-limiter'
+import { addCorsHeaders, isEmailAllowed } from '@/lib/core/security/deployment'
+import { generateRequestId, getClientIp } from '@/lib/core/utils/request'
+import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
+import { createErrorResponse, createSuccessResponse } from '@/app/api/workflows/utils'
+
+const logger = createLogger('ChatSSOAPI')
+
+export const dynamic = 'force-dynamic'
+export const runtime = 'nodejs'
+
+const rateLimiter = new RateLimiter()
+
+const SSO_IP_RATE_LIMIT: TokenBucketConfig = {
+  maxTokens: 20,
+  refillRate: 20,
+  refillIntervalMs: 15 * 60_000,
+}
+
+export const POST = withRouteHandler(
+  async (request: NextRequest, context: { params: Promise<{ identifier: string }> }) => {
+    const requestId = generateRequestId()
+
+    const ip = getClientIp(request)
+    if (ip !== 'unknown') {
+      const ipRateLimit = await rateLimiter.checkRateLimitDirect(
+        `chat-sso:ip:${ip}`,
+        SSO_IP_RATE_LIMIT
+      )
+      if (!ipRateLimit.allowed) {
+        logger.warn(`[${requestId}] SSO eligibility rate limit exceeded from ${ip}`)
+        const retryAfter = Math.ceil(
+          (ipRateLimit.retryAfterMs ?? SSO_IP_RATE_LIMIT.refillIntervalMs) / 1000
+        )
+        const response = createErrorResponse('Too many requests. Please try again later.', 429)
+        response.headers.set('Retry-After', String(retryAfter))
+        return addCorsHeaders(response, request)
+      }
+    }
+
+    const parsed = await parseRequest(chatSSOContract, request, context)
+    if (!parsed.success) return parsed.response
+
+    const { identifier } = parsed.data.params
+    const { email } = parsed.data.body
+
+    const [deployment] = await db
+      .select({
+        authType: chat.authType,
+        allowedEmails: chat.allowedEmails,
+        isActive: chat.isActive,
+      })
+      .from(chat)
+      .where(and(eq(chat.identifier, identifier), isNull(chat.archivedAt)))
+      .limit(1)
+
+    if (!deployment || !deployment.isActive) {
+      logger.warn(`[${requestId}] SSO check on missing/inactive chat: ${identifier}`)
+      return addCorsHeaders(createErrorResponse('Chat not found', 404), request)
+    }
+
+    if (deployment.authType !== 'sso') {
+      return addCorsHeaders(
+        createErrorResponse('Chat is not configured for SSO authentication', 400),
+        request
+      )
+    }
+
+    const eligible = isEmailAllowed(email, (deployment.allowedEmails as string[]) || [])
+
+    return addCorsHeaders(createSuccessResponse({ eligible }), request)
+  }
+)
diff --git a/apps/sim/app/api/chat/utils.test.ts b/apps/sim/app/api/chat/utils.test.ts
index 31401d6b5ec..60395c0bbd1 100644
--- a/apps/sim/app/api/chat/utils.test.ts
+++ b/apps/sim/app/api/chat/utils.test.ts
@@ -19,6 +19,7 @@ const {
   mockSetDeploymentAuthCookie,
   mockAddCorsHeaders,
   mockIsEmailAllowed,
+  mockGetSession,
 } = vi.hoisted(() => ({
   mockMergeSubblockStateWithValues: vi.fn().mockReturnValue({}),
   mockMergeSubBlockValues: vi.fn().mockReturnValue({}),
@@ -26,6 +27,12 @@ const {
   mockSetDeploymentAuthCookie: vi.fn(),
   mockAddCorsHeaders: vi.fn((response: unknown) => response),
   mockIsEmailAllowed: vi.fn(),
+  mockGetSession: vi.fn(),
+}))
+
+vi.mock('@/lib/auth', () => ({
+  auth: { api: { getSession: vi.fn() } },
+  getSession: mockGetSession,
 }))
 
 const mockDecryptSecret = encryptionMockFns.mockDecryptSecret
@@ -285,6 +292,68 @@ describe('Chat API Utils', () => {
       expect(result3.authorized).toBe(false)
       expect(result3.error).toBe('Email not authorized')
     })
+
+    describe('SSO auth', () => {
+      const ssoDeployment = {
+        id: 'chat-id',
+        authType: 'sso',
+        allowedEmails: ['user@example.com', '@company.com'],
+      }
+
+      const postRequest = {
+        method: 'POST',
+        cookies: { get: vi.fn().mockReturnValue(null) },
+      } as any
+
+      it('rejects when no session is present', async () => {
+        mockGetSession.mockResolvedValue(null)
+
+        const result = await validateChatAuth('request-id', ssoDeployment, postRequest, {
+          input: 'hello',
+        })
+
+        expect(result.authorized).toBe(false)
+        expect(result.error).toBe('auth_required_sso')
+      })
+
+      it('ignores body-supplied email and uses the session email', async () => {
+        mockGetSession.mockResolvedValue({ user: { email: 'session@example.com' } })
+        mockIsEmailAllowed.mockReturnValue(true)
+
+        await validateChatAuth('request-id', ssoDeployment, postRequest, {
+          email: 'attacker@evil.com',
+          input: 'hello',
+        })
+
+        expect(mockIsEmailAllowed).toHaveBeenCalledWith(
+          'session@example.com',
+          ssoDeployment.allowedEmails
+        )
+      })
+
+      it('authorizes execution when session email is allowlisted', async () => {
+        mockGetSession.mockResolvedValue({ user: { email: 'user@example.com' } })
+        mockIsEmailAllowed.mockReturnValue(true)
+
+        const result = await validateChatAuth('request-id', ssoDeployment, postRequest, {
+          input: 'hello',
+        })
+
+        expect(result.authorized).toBe(true)
+      })
+
+      it('rejects execution when session email is not allowlisted', async () => {
+        mockGetSession.mockResolvedValue({ user: { email: 'stranger@other.com' } })
+        mockIsEmailAllowed.mockReturnValue(false)
+
+        const result = await validateChatAuth('request-id', ssoDeployment, postRequest, {
+          input: 'hello',
+        })
+
+        expect(result.authorized).toBe(false)
+        expect(result.error).toBe('Your email is not authorized to access this chat')
+      })
+    })
   })
 
   describe('Execution Result Processing', () => {
diff --git a/apps/sim/app/api/chat/utils.ts b/apps/sim/app/api/chat/utils.ts
index 3909dd599fe..5a3d0750e8d 100644
--- a/apps/sim/app/api/chat/utils.ts
+++ b/apps/sim/app/api/chat/utils.ts
@@ -95,11 +95,13 @@ export async function validateChatAuth(
     return { authorized: true }
   }
 
-  const cookieName = `chat_auth_${deployment.id}`
-  const authCookie = request.cookies.get(cookieName)
+  if (authType !== 'sso') {
+    const cookieName = `chat_auth_${deployment.id}`
+    const authCookie = request.cookies.get(cookieName)
 
-  if (authCookie && validateAuthToken(authCookie.value, deployment.id, deployment.password)) {
-    return { authorized: true }
+    if (authCookie && validateAuthToken(authCookie.value, deployment.id, deployment.password)) {
+      return { authorized: true }
+    }
   }
 
   if (authType === 'password') {
@@ -173,35 +175,11 @@ export async function validateChatAuth(
   }
 
   if (authType === 'sso') {
-    if (request.method === 'GET') {
-      return { authorized: false, error: 'auth_required_sso' }
-    }
-
     try {
-      if (!parsedBody) {
+      if (request.method !== 'GET' && !parsedBody) {
         return { authorized: false, error: 'SSO authentication is required' }
       }
 
-      const { email, input, checkSSOAccess } = parsedBody
-
-      if (input && !checkSSOAccess) {
-        return { authorized: false, error: 'auth_required_sso' }
-      }
-
-      if (checkSSOAccess) {
-        if (!email) {
-          return { authorized: false, error: 'Email is required' }
-        }
-
-        const allowedEmails = deployment.allowedEmails || []
-
-        if (isEmailAllowed(email, allowedEmails)) {
-          return { authorized: true }
-        }
-
-        return { authorized: false, error: 'Email not authorized for SSO access' }
-      }
-
       const { getSession } = await import('@/lib/auth')
       const session = await getSession()
 
diff --git a/apps/sim/app/api/credentials/[id]/route.ts b/apps/sim/app/api/credentials/[id]/route.ts
index 01502fa904c..0d3939f8d25 100644
--- a/apps/sim/app/api/credentials/[id]/route.ts
+++ b/apps/sim/app/api/credentials/[id]/route.ts
@@ -11,6 +11,7 @@ import { getSession } from '@/lib/auth'
 import { encryptSecret } from '@/lib/core/security/encryption'
 import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
 import { getCredentialActorContext } from '@/lib/credentials/access'
+import { deleteCredential } from '@/lib/credentials/deletion'
 import {
   deleteWorkspaceEnvCredentials,
   syncPersonalEnvCredentialsForUser,
@@ -333,7 +334,14 @@ export const DELETE = withRouteHandler(
         return NextResponse.json({ success: true }, { status: 200 })
       }
 
-      await db.delete(credential).where(eq(credential.id, id))
+      await deleteCredential({
+        credentialId: id,
+        actorId: session.user.id,
+        actorName: session.user.name,
+        actorEmail: session.user.email,
+        reason: 'user_delete',
+        request,
+      })
 
       captureServerEvent(
         session.user.id,
@@ -346,23 +354,6 @@ export const DELETE = withRouteHandler(
         { groups: { workspace: access.credential.workspaceId } }
       )
 
-      recordAudit({
-        workspaceId: access.credential.workspaceId,
-        actorId: session.user.id,
-        actorName: session.user.name,
-        actorEmail: session.user.email,
-        action: AuditAction.CREDENTIAL_DELETED,
-        resourceType: AuditResourceType.CREDENTIAL,
-        resourceId: id,
-        resourceName: access.credential.displayName,
-        description: `Deleted ${access.credential.type} credential "${access.credential.displayName}"`,
-        metadata: {
-          credentialType: access.credential.type,
-          providerId: access.credential.providerId,
-        },
-        request,
-      })
-
       return NextResponse.json({ success: true }, { status: 200 })
     } catch (error) {
       logger.error('Failed to delete credential', error)
diff --git a/apps/sim/app/api/files/delete/route.test.ts b/apps/sim/app/api/files/delete/route.test.ts
index 977902d0be0..df3bad6170f 100644
--- a/apps/sim/app/api/files/delete/route.test.ts
+++ b/apps/sim/app/api/files/delete/route.test.ts
@@ -1,28 +1,25 @@
 /**
  * @vitest-environment node
  */
-import { authMockFns, hybridAuthMockFns } from '@sim/testing'
+import {
+  authMockFns,
+  hybridAuthMockFns,
+  storageServiceMock,
+  storageServiceMockFns,
+} from '@sim/testing'
 import { beforeEach, describe, expect, it, vi } from 'vitest'
 
 const mocks = vi.hoisted(() => {
   const mockVerifyFileAccess = vi.fn()
   const mockVerifyWorkspaceFileAccess = vi.fn()
-  const mockDeleteFile = vi.fn()
-  const mockHasCloudStorage = vi.fn()
   const mockGetStorageProvider = vi.fn()
   const mockIsUsingCloudStorage = vi.fn()
-  const mockUploadFile = vi.fn()
-  const mockDownloadFile = vi.fn()
 
   return {
     mockVerifyFileAccess,
     mockVerifyWorkspaceFileAccess,
-    mockDeleteFile,
-    mockHasCloudStorage,
     mockGetStorageProvider,
     mockIsUsingCloudStorage,
-    mockUploadFile,
-    mockDownloadFile,
   }
 })
 
@@ -68,23 +65,18 @@ vi.mock('@/lib/uploads', () => ({
   getStorageProvider: mocks.mockGetStorageProvider,
   isUsingCloudStorage: mocks.mockIsUsingCloudStorage,
   StorageService: {
-    uploadFile: mocks.mockUploadFile,
-    downloadFile: mocks.mockDownloadFile,
-    deleteFile: mocks.mockDeleteFile,
-    hasCloudStorage: mocks.mockHasCloudStorage,
+    uploadFile: storageServiceMockFns.mockUploadFile,
+    downloadFile: storageServiceMockFns.mockDownloadFile,
+    deleteFile: storageServiceMockFns.mockDeleteFile,
+    hasCloudStorage: storageServiceMockFns.mockHasCloudStorage,
   },
-  uploadFile: mocks.mockUploadFile,
-  downloadFile: mocks.mockDownloadFile,
-  deleteFile: mocks.mockDeleteFile,
-  hasCloudStorage: mocks.mockHasCloudStorage,
+  uploadFile: storageServiceMockFns.mockUploadFile,
+  downloadFile: storageServiceMockFns.mockDownloadFile,
+  deleteFile: storageServiceMockFns.mockDeleteFile,
+  hasCloudStorage: storageServiceMockFns.mockHasCloudStorage,
 }))
 
-vi.mock('@/lib/uploads/core/storage-service', () => ({
-  uploadFile: mocks.mockUploadFile,
-  downloadFile: mocks.mockDownloadFile,
-  deleteFile: mocks.mockDeleteFile,
-  hasCloudStorage: mocks.mockHasCloudStorage,
-}))
+vi.mock('@/lib/uploads/core/storage-service', () => storageServiceMock)
 
 vi.mock('@/lib/uploads/server/metadata', () => ({
   deleteFileMetadata: vi.fn().mockResolvedValue(undefined),
@@ -117,14 +109,14 @@ describe('File Delete API Route', () => {
     })
     mocks.mockVerifyFileAccess.mockResolvedValue(true)
     mocks.mockVerifyWorkspaceFileAccess.mockResolvedValue(true)
-    mocks.mockDeleteFile.mockResolvedValue(undefined)
-    mocks.mockHasCloudStorage.mockReturnValue(true)
+    storageServiceMockFns.mockDeleteFile.mockResolvedValue(undefined)
+    storageServiceMockFns.mockHasCloudStorage.mockReturnValue(true)
     mocks.mockGetStorageProvider.mockReturnValue('s3')
     mocks.mockIsUsingCloudStorage.mockReturnValue(true)
   })
 
   it('should handle local file deletion successfully', async () => {
-    mocks.mockHasCloudStorage.mockReturnValue(false)
+    storageServiceMockFns.mockHasCloudStorage.mockReturnValue(false)
     mocks.mockGetStorageProvider.mockReturnValue('local')
     mocks.mockIsUsingCloudStorage.mockReturnValue(false)
 
@@ -142,7 +134,7 @@ describe('File Delete API Route', () => {
   })
 
   it('should handle file not found gracefully', async () => {
-    mocks.mockHasCloudStorage.mockReturnValue(false)
+    storageServiceMockFns.mockHasCloudStorage.mockReturnValue(false)
     mocks.mockGetStorageProvider.mockReturnValue('local')
     mocks.mockIsUsingCloudStorage.mockReturnValue(false)
 
@@ -170,7 +162,7 @@ describe('File Delete API Route', () => {
     expect(data).toHaveProperty('success', true)
     expect(data).toHaveProperty('message', 'File deleted successfully')
 
-    expect(mocks.mockDeleteFile).toHaveBeenCalledWith({
+    expect(storageServiceMockFns.mockDeleteFile).toHaveBeenCalledWith({
       key: 'workspace/test-workspace-id/1234567890-test-file.txt',
       context: 'workspace',
     })
@@ -190,7 +182,7 @@ describe('File Delete API Route', () => {
     expect(data).toHaveProperty('success', true)
     expect(data).toHaveProperty('message', 'File deleted successfully')
 
-    expect(mocks.mockDeleteFile).toHaveBeenCalledWith({
+    expect(storageServiceMockFns.mockDeleteFile).toHaveBeenCalledWith({
       key: 'workspace/test-workspace-id/1234567890-test-document.pdf',
       context: 'workspace',
     })
diff --git a/apps/sim/app/api/files/export/[id]/route.ts b/apps/sim/app/api/files/export/[id]/route.ts
new file mode 100644
index 00000000000..ba5b4366803
--- /dev/null
+++ b/apps/sim/app/api/files/export/[id]/route.ts
@@ -0,0 +1,153 @@
+import path from 'node:path'
+import { createLogger } from '@sim/logger'
+import { toError } from '@sim/utils/errors'
+import JSZip from 'jszip'
+import type { NextRequest } from 'next/server'
+import { NextResponse } from 'next/server'
+import { fileExportContract } from '@/lib/api/contracts/storage-transfer'
+import { parseRequest } from '@/lib/api/server'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
+import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
+import type { StorageContext } from '@/lib/uploads/config'
+import { USE_BLOB_STORAGE } from '@/lib/uploads/config'
+import { downloadFile } from '@/lib/uploads/core/storage-service'
+import { getFileMetadataById } from '@/lib/uploads/server/metadata'
+import { verifyFileAccess } from '@/app/api/files/authorization'
+
+const logger = createLogger('FilesExportAPI')
+
+const MARKDOWN_MIME_TYPES = new Set(['text/markdown', 'text/x-markdown'])
+const MARKDOWN_EXTENSIONS = new Set(['md', 'markdown'])
+const VIEW_URL_RE =
+  /\/api\/files\/view\/([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})/gi
+const MAX_EMBEDDED_IMAGES = 50
+
+function isMarkdown(originalName: string, contentType: string): boolean {
+  if (MARKDOWN_MIME_TYPES.has(contentType)) return true
+  const ext = originalName.split('.').pop()?.toLowerCase() ?? ''
+  return MARKDOWN_EXTENSIONS.has(ext)
+}
+
+function safeFilename(name: string): string {
+  return path
+    .basename(name)
+    .replace(/["\\]/g, '_')
+    .replace(/[\r\n\t]/g, '')
+}
+
+function deduplicatedFilename(preferred: string, existing: Set<string>, imageId: string): string {
+  if (!existing.has(preferred)) return preferred
+  const ext = path.extname(preferred)
+  const base = path.basename(preferred, ext)
+  const short = `${base}_${imageId.slice(0, 8)}${ext}`
+  if (!existing.has(short)) return short
+  return `${base}_${imageId}${ext}`
+}
+
+export const GET = withRouteHandler(
+  async (request: NextRequest, context: { params: Promise<{ id: string }> }) => {
+    const parsed = await parseRequest(fileExportContract, request, context)
+    if (!parsed.success) return parsed.response
+
+    const { id } = parsed.data.params
+
+    const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
+    if (!authResult.success || !authResult.userId) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+    const userId = authResult.userId
+
+    const record = await getFileMetadataById(id)
+    if (!record) {
+      logger.warn('File not found by ID', { id })
+      return NextResponse.json({ error: 'Not found' }, { status: 404 })
+    }
+
+    const hasAccess = await verifyFileAccess(record.key, userId)
+    if (!hasAccess) {
+      logger.warn('Unauthorized file export attempt', { id, userId })
+      return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
+    }
+
+    if (!isMarkdown(record.originalName, record.contentType)) {
+      const storagePrefix = USE_BLOB_STORAGE ? 'blob' : 's3'
+      const servePath = `/api/files/serve/${storagePrefix}/${encodeURIComponent(record.key)}`
+      return NextResponse.redirect(new URL(servePath, request.url), { status: 302 })
+    }
+
+    const mdBuffer = await downloadFile({
+      key: record.key,
+      context: record.context as StorageContext,
+    })
+    let mdContent = mdBuffer.toString('utf-8')
+
+    const imageIds = [...new Set([...mdContent.matchAll(VIEW_URL_RE)].map((m) => m[1]))].slice(
+      0,
+      MAX_EMBEDDED_IMAGES
+    )
+
+    logger.info('Exporting markdown with embedded images', { id, imageCount: imageIds.length })
+
+    const fetchResults = await Promise.allSettled(
+      imageIds.map(async (imageId) => {
+        const imgRecord = await getFileMetadataById(imageId)
+        if (!imgRecord) return null
+        const imgHasAccess = await verifyFileAccess(imgRecord.key, userId)
+        if (!imgHasAccess) return null
+        const imgBuffer = await downloadFile({
+          key: imgRecord.key,
+          context: imgRecord.context as StorageContext,
+        })
+        return { imageId, originalName: imgRecord.originalName, buffer: imgBuffer }
+      })
+    )
+
+    const assetMap = new Map<string, { filename: string; buffer: Buffer }>()
+    const usedFilenames = new Set<string>()
+
+    for (let i = 0; i < fetchResults.length; i++) {
+      const result = fetchResults[i]
+      if (result.status === 'rejected') {
+        logger.warn('Failed to fetch asset for export', {
+          imageId: imageIds[i],
+          error: toError(result.reason).message,
+        })
+        continue
+      }
+      if (!result.value) continue
+      const { imageId, originalName, buffer } = result.value
+      const preferred = safeFilename(originalName)
+      const filename = deduplicatedFilename(preferred, usedFilenames, imageId)
+      usedFilenames.add(filename)
+      assetMap.set(imageId, { filename, buffer })
+    }
+
+    for (const [imageId, asset] of assetMap) {
+      const escapedId = imageId.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')
+      const replacement = `./assets/${asset.filename}`
+      mdContent = mdContent.replace(
+        new RegExp(`/api/files/view/${escapedId}`, 'g'),
+        () => replacement
+      )
+    }
+
+    const zip = new JSZip()
+    zip.file(safeFilename(record.originalName), mdContent)
+    const assetsFolder = zip.folder('assets')!
+    for (const { filename, buffer } of assetMap.values()) {
+      assetsFolder.file(filename, buffer)
+    }
+
+    const zipBuffer = await zip.generateAsync({ type: 'nodebuffer', compression: 'DEFLATE' })
+    const zipName = safeFilename(`${record.originalName.replace(/\.[^.]+$/, '')}.zip`)
+
+    return new NextResponse(new Uint8Array(zipBuffer), {
+      status: 200,
+      headers: {
+        'Content-Type': 'application/zip',
+        'Content-Disposition': `attachment; filename="${zipName}"`,
+        'Content-Length': String(zipBuffer.length),
+      },
+    })
+  }
+)
diff --git a/apps/sim/app/api/files/multipart/route.test.ts b/apps/sim/app/api/files/multipart/route.test.ts
new file mode 100644
index 00000000000..b70fed81b82
--- /dev/null
+++ b/apps/sim/app/api/files/multipart/route.test.ts
@@ -0,0 +1,202 @@
+/**
+ * @vitest-environment node
+ */
+import { authMockFns, permissionsMock, permissionsMockFns } from '@sim/testing'
+import { NextRequest } from 'next/server'
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const {
+  mockIsUsingCloudStorage,
+  mockGetStorageProvider,
+  mockGetStorageConfig,
+  mockCompleteS3MultipartUpload,
+  mockCompleteBlobMultipartUpload,
+  mockDeriveBlobBlockId,
+  mockVerifyUploadToken,
+  mockSignUploadToken,
+} = vi.hoisted(() => ({
+  mockIsUsingCloudStorage: vi.fn(),
+  mockGetStorageProvider: vi.fn(),
+  mockGetStorageConfig: vi.fn(),
+  mockCompleteS3MultipartUpload: vi.fn(),
+  mockCompleteBlobMultipartUpload: vi.fn(),
+  mockDeriveBlobBlockId: vi.fn(),
+  mockVerifyUploadToken: vi.fn(),
+  mockSignUploadToken: vi.fn(),
+}))
+
+vi.mock('@/lib/uploads', () => ({
+  isUsingCloudStorage: mockIsUsingCloudStorage,
+  getStorageProvider: mockGetStorageProvider,
+  getStorageConfig: mockGetStorageConfig,
+}))
+
+vi.mock('@/lib/uploads/core/upload-token', () => ({
+  signUploadToken: mockSignUploadToken,
+  verifyUploadToken: mockVerifyUploadToken,
+}))
+
+vi.mock('@/lib/uploads/providers/s3/client', () => ({
+  completeS3MultipartUpload: mockCompleteS3MultipartUpload,
+  initiateS3MultipartUpload: vi.fn(),
+  getS3MultipartPartUrls: vi.fn(),
+  abortS3MultipartUpload: vi.fn(),
+}))
+
+vi.mock('@/lib/uploads/providers/blob/client', () => ({
+  completeMultipartUpload: mockCompleteBlobMultipartUpload,
+  deriveBlobBlockId: mockDeriveBlobBlockId,
+  initiateMultipartUpload: vi.fn(),
+  getMultipartPartUrls: vi.fn(),
+  abortMultipartUpload: vi.fn(),
+}))
+
+vi.mock('@/lib/workspaces/permissions/utils', () => permissionsMock)
+
+import { POST } from '@/app/api/files/multipart/route'
+
+const tokenPayload = {
+  uploadId: 'upload-1',
+  key: 'workspace/ws-1/123-abc-file.bin',
+  userId: 'user-1',
+  workspaceId: 'ws-1',
+  context: 'workspace' as const,
+}
+
+const makeRequest = (action: string, body: unknown) =>
+  new NextRequest(`http://localhost/api/files/multipart?action=${action}`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify(body),
+  })
+
+describe('POST /api/files/multipart action=complete', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+    authMockFns.mockGetSession.mockResolvedValue({ user: { id: 'user-1' } })
+    permissionsMockFns.mockGetUserEntityPermissions.mockResolvedValue('write')
+    mockIsUsingCloudStorage.mockReturnValue(true)
+    mockGetStorageConfig.mockReturnValue({ bucket: 'b', region: 'r' })
+    mockVerifyUploadToken.mockReturnValue({ valid: true, payload: tokenPayload })
+    mockSignUploadToken.mockReturnValue('signed-token')
+    mockCompleteS3MultipartUpload.mockResolvedValue({
+      location: 'loc',
+      path: '/api/files/serve/...',
+      key: tokenPayload.key,
+    })
+    mockCompleteBlobMultipartUpload.mockResolvedValue({
+      location: 'loc',
+      path: '/api/files/serve/...',
+      key: tokenPayload.key,
+    })
+    mockDeriveBlobBlockId.mockImplementation(
+      (n: number) => `block-${n.toString().padStart(6, '0')}`
+    )
+  })
+
+  it('rejects parts without partNumber', async () => {
+    mockGetStorageProvider.mockReturnValue('s3')
+    const res = await POST(
+      makeRequest('complete', {
+        uploadToken: 'tok',
+        parts: [{ etag: 'abc' }],
+      })
+    )
+    expect(res.status).toBe(400)
+    expect(mockCompleteS3MultipartUpload).not.toHaveBeenCalled()
+  })
+
+  it('S3 path requires etag and forwards { ETag, PartNumber }', async () => {
+    mockGetStorageProvider.mockReturnValue('s3')
+
+    const missingEtag = await POST(
+      makeRequest('complete', {
+        uploadToken: 'tok',
+        parts: [{ partNumber: 1 }],
+      })
+    )
+    expect(missingEtag.status).toBe(500)
+
+    mockCompleteS3MultipartUpload.mockClear()
+
+    const ok = await POST(
+      makeRequest('complete', {
+        uploadToken: 'tok',
+        parts: [
+          { partNumber: 1, etag: 'aaa' },
+          { partNumber: 2, etag: 'bbb' },
+        ],
+      })
+    )
+    expect(ok.status).toBe(200)
+    expect(mockCompleteS3MultipartUpload).toHaveBeenCalledWith(
+      tokenPayload.key,
+      tokenPayload.uploadId,
+      [
+        { ETag: 'aaa', PartNumber: 1 },
+        { ETag: 'bbb', PartNumber: 2 },
+      ],
+      expect.any(Object)
+    )
+  })
+
+  it('Blob path derives blockId from partNumber and ignores etag', async () => {
+    mockGetStorageProvider.mockReturnValue('blob')
+    mockGetStorageConfig.mockReturnValue({
+      containerName: 'c',
+      accountName: 'a',
+      accountKey: 'k',
+    })
+
+    const res = await POST(
+      makeRequest('complete', {
+        uploadToken: 'tok',
+        parts: [{ partNumber: 1, etag: 'irrelevant' }, { partNumber: 2 }],
+      })
+    )
+
+    expect(res.status).toBe(200)
+    expect(mockDeriveBlobBlockId).toHaveBeenCalledWith(1)
+    expect(mockDeriveBlobBlockId).toHaveBeenCalledWith(2)
+    expect(mockCompleteBlobMultipartUpload).toHaveBeenCalledWith(
+      tokenPayload.key,
+      [
+        { partNumber: 1, blockId: 'block-000001' },
+        { partNumber: 2, blockId: 'block-000002' },
+      ],
+      expect.objectContaining({ containerName: 'c' })
+    )
+  })
+
+  it('returns 403 when token is invalid', async () => {
+    mockGetStorageProvider.mockReturnValue('s3')
+    mockVerifyUploadToken.mockReturnValueOnce({ valid: false })
+    const res = await POST(
+      makeRequest('complete', {
+        uploadToken: 'bad',
+        parts: [{ partNumber: 1, etag: 'a' }],
+      })
+    )
+    expect(res.status).toBe(403)
+  })
+
+  it('batch complete normalizes per upload', async () => {
+    mockGetStorageProvider.mockReturnValue('s3')
+    const res = await POST(
+      makeRequest('complete', {
+        uploads: [
+          {
+            uploadToken: 'tok-a',
+            parts: [{ partNumber: 1, etag: 'aaa' }],
+          },
+          {
+            uploadToken: 'tok-b',
+            parts: [{ partNumber: 1, etag: 'bbb' }],
+          },
+        ],
+      })
+    )
+    expect(res.status).toBe(200)
+    expect(mockCompleteS3MultipartUpload).toHaveBeenCalledTimes(2)
+  })
+})
diff --git a/apps/sim/app/api/files/multipart/route.ts b/apps/sim/app/api/files/multipart/route.ts
index 0b9ddf07c3d..80213d54cbb 100644
--- a/apps/sim/app/api/files/multipart/route.ts
+++ b/apps/sim/app/api/files/multipart/route.ts
@@ -22,6 +22,7 @@ import {
   type UploadTokenPayload,
   verifyUploadToken,
 } from '@/lib/uploads/core/upload-token'
+import type { StorageConfig } from '@/lib/uploads/shared/types'
 import { getUserEntityPermissions } from '@/lib/workspaces/permissions/utils'
 
 const logger = createLogger('MultipartUploadAPI')
@@ -39,6 +40,37 @@ const ALLOWED_UPLOAD_CONTEXTS = new Set<StorageContext>([
   'workspace-logos',
 ])
 
+/**
+ * Unified part identity sent by the client when completing a multipart upload.
+ * `etag` is required for S3 (CompleteMultipartUpload). For Azure the server
+ * derives the block id from `partNumber` via {@link deriveBlobBlockId}.
+ */
+interface ClientCompletedPart {
+  partNumber: number
+  etag?: string
+}
+
+const isClientCompletedParts = (value: unknown): value is ClientCompletedPart[] =>
+  Array.isArray(value) &&
+  value.every(
+    (p) =>
+      p !== null &&
+      typeof p === 'object' &&
+      typeof (p as ClientCompletedPart).partNumber === 'number' &&
+      ((p as ClientCompletedPart).etag === undefined ||
+        typeof (p as ClientCompletedPart).etag === 'string')
+  )
+
+const buildS3CustomConfig = (config: StorageConfig) =>
+  config.bucket && config.region ? { bucket: config.bucket, region: config.region } : undefined
+
+const buildBlobCustomConfig = (config: StorageConfig) => ({
+  containerName: config.containerName!,
+  accountName: config.accountName!,
+  accountKey: config.accountKey,
+  connectionString: config.connectionString,
+})
+
 const verifyTokenForUser = (token: string | undefined, userId: string) => {
   if (!token || typeof token !== 'string') {
     return null
@@ -103,12 +135,44 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
 
         const config = getStorageConfig(storageContext)
 
+        let customKey: string | undefined
+        if (context === 'workspace') {
+          const { MAX_WORKSPACE_FILE_SIZE } = await import('@/lib/uploads/shared/types')
+          if (typeof fileSize === 'number' && fileSize > MAX_WORKSPACE_FILE_SIZE) {
+            return NextResponse.json(
+              { error: `File size exceeds maximum of ${MAX_WORKSPACE_FILE_SIZE} bytes` },
+              { status: 413 }
+            )
+          }
+
+          const { generateWorkspaceFileKey } = await import(
+            '@/lib/uploads/contexts/workspace/workspace-file-manager'
+          )
+          customKey = generateWorkspaceFileKey(workspaceId, fileName)
+
+          const { checkStorageQuota } = await import('@/lib/billing/storage')
+          const quotaCheck = await checkStorageQuota(userId, fileSize)
+          if (!quotaCheck.allowed) {
+            return NextResponse.json(
+              { error: quotaCheck.error || 'Storage limit exceeded' },
+              { status: 413 }
+            )
+          }
+        }
+
         let uploadId: string
         let key: string
 
         if (storageProvider === 's3') {
           const { initiateS3MultipartUpload } = await import('@/lib/uploads/providers/s3/client')
-          const result = await initiateS3MultipartUpload({ fileName, contentType, fileSize })
+          const result = await initiateS3MultipartUpload({
+            fileName,
+            contentType,
+            fileSize,
+            customConfig: buildS3CustomConfig(config),
+            customKey,
+            purpose: context,
+          })
           uploadId = result.uploadId
           key = result.key
         } else if (storageProvider === 'blob') {
@@ -117,12 +181,8 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
             fileName,
             contentType,
             fileSize,
-            customConfig: {
-              containerName: config.containerName!,
-              accountName: config.accountName!,
-              accountKey: config.accountKey,
-              connectionString: config.connectionString,
-            },
+            customConfig: buildBlobCustomConfig(config),
+            customKey,
           })
           uploadId = result.uploadId
           key = result.key
@@ -173,17 +233,21 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
 
         if (storageProvider === 's3') {
           const { getS3MultipartPartUrls } = await import('@/lib/uploads/providers/s3/client')
-          const presignedUrls = await getS3MultipartPartUrls(key, uploadId, partNumbers)
+          const presignedUrls = await getS3MultipartPartUrls(
+            key,
+            uploadId,
+            partNumbers,
+            buildS3CustomConfig(config)
+          )
           return NextResponse.json({ presignedUrls })
         }
         if (storageProvider === 'blob') {
           const { getMultipartPartUrls } = await import('@/lib/uploads/providers/blob/client')
-          const presignedUrls = await getMultipartPartUrls(key, partNumbers, {
-            containerName: config.containerName!,
-            accountName: config.accountName!,
-            accountKey: config.accountKey,
-            connectionString: config.connectionString,
-          })
+          const presignedUrls = await getMultipartPartUrls(
+            key,
+            partNumbers,
+            buildBlobCustomConfig(config)
+          )
           return NextResponse.json({ presignedUrls })
         }
 
@@ -207,60 +271,83 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
 
         const data: CompleteMultipartBody = parsed.data.body
 
-        if ('uploads' in data && Array.isArray(data.uploads)) {
-          const verified = data.uploads.map((upload) => {
-            const payload = verifyTokenForUser(upload.uploadToken, userId)
-            return payload ? { payload, parts: upload.parts } : null
-          })
+        const s3Module =
+          storageProvider === 's3' ? await import('@/lib/uploads/providers/s3/client') : null
+        const blobModule =
+          storageProvider === 'blob' ? await import('@/lib/uploads/providers/blob/client') : null
+
+        const completeOne = async (payload: UploadTokenPayload, parts: ClientCompletedPart[]) => {
+          const { uploadId, key, context } = payload
+          const config = getStorageConfig(context)
 
-          if (verified.some((entry) => entry === null)) {
-            return NextResponse.json({ error: 'Invalid or expired upload token' }, { status: 403 })
+          if (storageProvider === 's3' && s3Module) {
+            const { completeS3MultipartUpload } = s3Module
+            const s3Parts = parts.map((p) => {
+              if (!p.etag) {
+                throw new Error(`Missing etag for S3 part ${p.partNumber}`)
+              }
+              return { ETag: p.etag, PartNumber: p.partNumber }
+            })
+            const result = await completeS3MultipartUpload(
+              key,
+              uploadId,
+              s3Parts,
+              buildS3CustomConfig(config)
+            )
+            return {
+              success: true as const,
+              location: result.location,
+              path: result.path,
+              key: result.key,
+            }
           }
 
-          const verifiedEntries = verified.filter(
-            (entry): entry is { payload: UploadTokenPayload; parts: unknown } => entry !== null
-          )
+          if (storageProvider === 'blob' && blobModule) {
+            const { completeMultipartUpload, deriveBlobBlockId } = blobModule
+            const blobParts = parts.map((p) => ({
+              partNumber: p.partNumber,
+              blockId: deriveBlobBlockId(p.partNumber),
+            }))
+            const result = await completeMultipartUpload(
+              key,
+              blobParts,
+              buildBlobCustomConfig(config)
+            )
+            return {
+              success: true as const,
+              location: result.location,
+              path: result.path,
+              key: result.key,
+            }
+          }
 
-          const results = await Promise.all(
-            verifiedEntries.map(async ({ payload, parts }) => {
-              const { uploadId, key, context } = payload
-              const config = getStorageConfig(context)
-
-              if (storageProvider === 's3') {
-                const { completeS3MultipartUpload } = await import(
-                  '@/lib/uploads/providers/s3/client'
-                )
-                const result = await completeS3MultipartUpload(key, uploadId, parts as any)
-                return {
-                  success: true,
-                  location: result.location,
-                  path: result.path,
-                  key: result.key,
-                }
-              }
-              if (storageProvider === 'blob') {
-                const { completeMultipartUpload } = await import(
-                  '@/lib/uploads/providers/blob/client'
-                )
-                const result = await completeMultipartUpload(key, parts as any, {
-                  containerName: config.containerName!,
-                  accountName: config.accountName!,
-                  accountKey: config.accountKey,
-                  connectionString: config.connectionString,
-                })
-                return {
-                  success: true,
-                  location: result.location,
-                  path: result.path,
-                  key: result.key,
-                }
-              }
+          throw new Error(`Unsupported storage provider: ${storageProvider}`)
+        }
 
-              throw new Error(`Unsupported storage provider: ${storageProvider}`)
-            })
+        if ('uploads' in data && Array.isArray(data.uploads)) {
+          const verified: Array<{ payload: UploadTokenPayload; parts: ClientCompletedPart[] }> = []
+          for (const upload of data.uploads) {
+            const payload = verifyTokenForUser(upload.uploadToken, userId)
+            if (!payload) {
+              return NextResponse.json(
+                { error: 'Invalid or expired upload token' },
+                { status: 403 }
+              )
+            }
+            if (!isClientCompletedParts(upload.parts)) {
+              return NextResponse.json(
+                { error: 'Invalid parts payload: expected [{ partNumber, etag? }]' },
+                { status: 400 }
+              )
+            }
+            verified.push({ payload, parts: upload.parts })
+          }
+
+          const results = await Promise.all(
+            verified.map(({ payload, parts }) => completeOne(payload, parts))
           )
 
-          logger.info(`Completed ${verifiedEntries.length} multipart uploads`)
+          logger.info(`Completed ${verified.length} multipart uploads`)
           return NextResponse.json({ results })
         }
 
@@ -269,42 +356,18 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
         if (!tokenPayload) {
           return NextResponse.json({ error: 'Invalid or expired upload token' }, { status: 403 })
         }
-
-        const { uploadId, key, context } = tokenPayload
-        const config = getStorageConfig(context)
-
-        if (storageProvider === 's3') {
-          const { completeS3MultipartUpload } = await import('@/lib/uploads/providers/s3/client')
-          const result = await completeS3MultipartUpload(key, uploadId, single.parts as any)
-          logger.info(`Completed S3 multipart upload for key ${key} (context: ${context})`)
-          return NextResponse.json({
-            success: true,
-            location: result.location,
-            path: result.path,
-            key: result.key,
-          })
-        }
-        if (storageProvider === 'blob') {
-          const { completeMultipartUpload } = await import('@/lib/uploads/providers/blob/client')
-          const result = await completeMultipartUpload(key, single.parts as any, {
-            containerName: config.containerName!,
-            accountName: config.accountName!,
-            accountKey: config.accountKey,
-            connectionString: config.connectionString,
-          })
-          logger.info(`Completed Azure multipart upload for key ${key} (context: ${context})`)
-          return NextResponse.json({
-            success: true,
-            location: result.location,
-            path: result.path,
-            key: result.key,
-          })
+        if (!isClientCompletedParts(single.parts)) {
+          return NextResponse.json(
+            { error: 'Invalid parts payload: expected [{ partNumber, etag? }]' },
+            { status: 400 }
+          )
         }
 
-        return NextResponse.json(
-          { error: `Unsupported storage provider: ${storageProvider}` },
-          { status: 400 }
+        const result = await completeOne(tokenPayload, single.parts)
+        logger.info(
+          `Completed ${storageProvider} multipart upload for key ${tokenPayload.key} (context: ${tokenPayload.context})`
         )
+        return NextResponse.json(result)
       }
 
       case 'abort': {
@@ -330,16 +393,11 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
 
         if (storageProvider === 's3') {
           const { abortS3MultipartUpload } = await import('@/lib/uploads/providers/s3/client')
-          await abortS3MultipartUpload(key, uploadId)
+          await abortS3MultipartUpload(key, uploadId, buildS3CustomConfig(config))
           logger.info(`Aborted S3 multipart upload for key ${key} (context: ${context})`)
         } else if (storageProvider === 'blob') {
           const { abortMultipartUpload } = await import('@/lib/uploads/providers/blob/client')
-          await abortMultipartUpload(key, {
-            containerName: config.containerName!,
-            accountName: config.accountName!,
-            accountKey: config.accountKey,
-            connectionString: config.connectionString,
-          })
+          await abortMultipartUpload(key, buildBlobCustomConfig(config))
           logger.info(`Aborted Azure multipart upload for key ${key} (context: ${context})`)
         } else {
           return NextResponse.json(
diff --git a/apps/sim/app/api/files/parse/route.test.ts b/apps/sim/app/api/files/parse/route.test.ts
index 8a2c06f19ff..e2c032b4718 100644
--- a/apps/sim/app/api/files/parse/route.test.ts
+++ b/apps/sim/app/api/files/parse/route.test.ts
@@ -10,6 +10,8 @@ import {
   inputValidationMock,
   permissionsMock,
   permissionsMockFns,
+  storageServiceMock,
+  storageServiceMockFns,
 } from '@sim/testing'
 import { NextRequest } from 'next/server'
 import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
@@ -22,8 +24,6 @@ const {
   mockIsSupportedFileType,
   mockParseFile,
   mockParseBuffer,
-  mockDownloadFile,
-  mockHasCloudStorage,
   mockFsAccess,
   mockFsStat,
   mockFsReadFile,
@@ -47,8 +47,6 @@ const {
       content: 'parsed buffer content',
       metadata: { pageCount: 1 },
     }),
-    mockDownloadFile: vi.fn(),
-    mockHasCloudStorage: vi.fn().mockReturnValue(true),
     mockFsAccess: vi.fn().mockResolvedValue(undefined),
     mockFsStat: vi.fn().mockImplementation(() => ({ isFile: () => true })),
     mockFsReadFile: vi.fn().mockResolvedValue(Buffer.from('test file content')),
@@ -79,10 +77,7 @@ vi.mock('@/lib/file-parsers', () => ({
   parseBuffer: mockParseBuffer,
 }))
 
-vi.mock('@/lib/uploads/core/storage-service', () => ({
-  downloadFile: mockDownloadFile,
-  hasCloudStorage: mockHasCloudStorage,
-}))
+vi.mock('@/lib/uploads/core/storage-service', () => storageServiceMock)
 
 vi.mock('path', () => ({
   default: actualPath,
@@ -176,6 +171,7 @@ describe('File Parse API Route', () => {
     })
 
     permissionsMockFns.mockGetUserEntityPermissions.mockResolvedValue({ canView: true })
+    storageServiceMockFns.mockHasCloudStorage.mockReturnValue(true)
     mockIsSupportedFileType.mockReturnValue(true)
     mockParseFile.mockResolvedValue({
       content: 'parsed content',
@@ -325,8 +321,8 @@ describe('File Parse API Route', () => {
       authenticated: true,
     })
 
-    mockDownloadFile.mockRejectedValue(new Error('Access denied'))
-    mockHasCloudStorage.mockReturnValue(true)
+    storageServiceMockFns.mockDownloadFile.mockRejectedValue(new Error('Access denied'))
+    storageServiceMockFns.mockHasCloudStorage.mockReturnValue(true)
 
     const req = new NextRequest('http://localhost:3000/api/files/parse', {
       method: 'POST',
diff --git a/apps/sim/app/api/files/presigned/route.test.ts b/apps/sim/app/api/files/presigned/route.test.ts
index f6641c07d9f..6ae6a10ed5e 100644
--- a/apps/sim/app/api/files/presigned/route.test.ts
+++ b/apps/sim/app/api/files/presigned/route.test.ts
@@ -4,7 +4,7 @@
  * @vitest-environment node
  */
 
-import { authMockFns } from '@sim/testing'
+import { authMockFns, storageServiceMock, storageServiceMockFns } from '@sim/testing'
 import { NextRequest } from 'next/server'
 import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
 
@@ -16,9 +16,6 @@ const {
   mockGetStorageConfig,
   mockIsUsingCloudStorage,
   mockGetStorageProvider,
-  mockHasCloudStorage,
-  mockGeneratePresignedUploadUrl,
-  mockGeneratePresignedDownloadUrl,
   mockValidateFileType,
   mockGenerateCopilotUploadUrl,
   mockIsImageFileType,
@@ -32,9 +29,6 @@ const {
   mockGetStorageConfig: vi.fn(),
   mockIsUsingCloudStorage: vi.fn(),
   mockGetStorageProvider: vi.fn(),
-  mockHasCloudStorage: vi.fn(),
-  mockGeneratePresignedUploadUrl: vi.fn(),
-  mockGeneratePresignedDownloadUrl: vi.fn().mockResolvedValue('https://example.com/presigned-url'),
   mockValidateFileType: vi.fn().mockReturnValue(null),
   mockGenerateCopilotUploadUrl: vi.fn().mockResolvedValue({
     url: 'https://example.com/presigned-url',
@@ -63,11 +57,7 @@ vi.mock('@/lib/uploads/config', () => ({
   getStorageProvider: mockGetStorageProvider,
 }))
 
-vi.mock('@/lib/uploads/core/storage-service', () => ({
-  hasCloudStorage: mockHasCloudStorage,
-  generatePresignedUploadUrl: mockGeneratePresignedUploadUrl,
-  generatePresignedDownloadUrl: mockGeneratePresignedDownloadUrl,
-}))
+vi.mock('@/lib/uploads/core/storage-service', () => storageServiceMock)
 
 vi.mock('@/lib/uploads/utils/validation', () => ({
   validateFileType: mockValidateFileType,
@@ -132,8 +122,8 @@ function setupFileApiMocks(
     storageProvider === 'blob' ? 'Azure Blob' : storageProvider === 's3' ? 'S3' : 'Local'
   )
 
-  mockHasCloudStorage.mockReturnValue(cloudEnabled)
-  mockGeneratePresignedUploadUrl.mockImplementation(
+  storageServiceMockFns.mockHasCloudStorage.mockReturnValue(cloudEnabled)
+  storageServiceMockFns.mockGeneratePresignedUploadUrl.mockImplementation(
     async (opts: { fileName: string; context: string }) => {
       const timestamp = Date.now()
       const safeFileName = opts.fileName.replace(/[^a-zA-Z0-9.-]/g, '_')
@@ -144,7 +134,9 @@ function setupFileApiMocks(
       }
     }
   )
-  mockGeneratePresignedDownloadUrl.mockResolvedValue('https://example.com/presigned-url')
+  storageServiceMockFns.mockGeneratePresignedDownloadUrl.mockResolvedValue(
+    'https://example.com/presigned-url'
+  )
 
   mockValidateFileType.mockReturnValue(null)
 
@@ -431,7 +423,7 @@ describe('/api/files/presigned', () => {
         storageProvider: 's3',
       })
 
-      mockGeneratePresignedUploadUrl.mockRejectedValue(
+      storageServiceMockFns.mockGeneratePresignedUploadUrl.mockRejectedValue(
         new Error('Unknown storage provider: unknown')
       )
 
@@ -458,7 +450,9 @@ describe('/api/files/presigned', () => {
         storageProvider: 's3',
       })
 
-      mockGeneratePresignedUploadUrl.mockRejectedValue(new Error('S3 service unavailable'))
+      storageServiceMockFns.mockGeneratePresignedUploadUrl.mockRejectedValue(
+        new Error('S3 service unavailable')
+      )
 
       const request = new NextRequest('http://localhost:3000/api/files/presigned?type=chat', {
         method: 'POST',
@@ -483,7 +477,9 @@ describe('/api/files/presigned', () => {
         storageProvider: 'blob',
       })
 
-      mockGeneratePresignedUploadUrl.mockRejectedValue(new Error('Azure service unavailable'))
+      storageServiceMockFns.mockGeneratePresignedUploadUrl.mockRejectedValue(
+        new Error('Azure service unavailable')
+      )
 
       const request = new NextRequest('http://localhost:3000/api/files/presigned?type=chat', {
         method: 'POST',
diff --git a/apps/sim/app/api/files/serve/[...path]/route.test.ts b/apps/sim/app/api/files/serve/[...path]/route.test.ts
index 17b7a8d2fda..f0e7738c8d0 100644
--- a/apps/sim/app/api/files/serve/[...path]/route.test.ts
+++ b/apps/sim/app/api/files/serve/[...path]/route.test.ts
@@ -3,7 +3,7 @@
  *
  * @vitest-environment node
  */
-import { hybridAuthMockFns } from '@sim/testing'
+import { hybridAuthMockFns, storageServiceMock, storageServiceMockFns } from '@sim/testing'
 import { NextRequest } from 'next/server'
 import { beforeEach, describe, expect, it, vi } from 'vitest'
 
@@ -11,7 +11,6 @@ const {
   mockVerifyFileAccess,
   mockReadFile,
   mockIsUsingCloudStorage,
-  mockDownloadFile,
   mockDownloadCopilotFile,
   mockInferContextFromKey,
   mockGetContentType,
@@ -30,7 +29,6 @@ const {
     mockVerifyFileAccess: vi.fn(),
     mockReadFile: vi.fn(),
     mockIsUsingCloudStorage: vi.fn(),
-    mockDownloadFile: vi.fn(),
     mockDownloadCopilotFile: vi.fn(),
     mockInferContextFromKey: vi.fn(),
     mockGetContentType: vi.fn(),
@@ -58,10 +56,7 @@ vi.mock('@/lib/uploads', () => ({
   isUsingCloudStorage: mockIsUsingCloudStorage,
 }))
 
-vi.mock('@/lib/uploads/core/storage-service', () => ({
-  downloadFile: mockDownloadFile,
-  hasCloudStorage: vi.fn().mockReturnValue(true),
-}))
+vi.mock('@/lib/uploads/core/storage-service', () => storageServiceMock)
 
 vi.mock('@/lib/uploads/utils/file-utils', () => ({
   inferContextFromKey: mockInferContextFromKey,
@@ -104,6 +99,7 @@ describe('File Serve API Route', () => {
     mockVerifyFileAccess.mockResolvedValue(true)
     mockReadFile.mockResolvedValue(Buffer.from('test content'))
     mockIsUsingCloudStorage.mockReturnValue(false)
+    storageServiceMockFns.mockHasCloudStorage.mockReturnValue(true)
     mockInferContextFromKey.mockReturnValue('workspace')
     mockGetContentType.mockReturnValue('text/plain')
     mockFindLocalFile.mockReturnValue('/test/uploads/test-file.txt')
@@ -161,7 +157,7 @@ describe('File Serve API Route', () => {
 
   it('should serve cloud file by downloading and proxying', async () => {
     mockIsUsingCloudStorage.mockReturnValue(true)
-    mockDownloadFile.mockResolvedValue(Buffer.from('test cloud file content'))
+    storageServiceMockFns.mockDownloadFile.mockResolvedValue(Buffer.from('test cloud file content'))
     mockGetContentType.mockReturnValue('image/png')
 
     const req = new NextRequest(
@@ -174,7 +170,7 @@ describe('File Serve API Route', () => {
     expect(response.status).toBe(200)
     expect(response.headers.get('Content-Type')).toBe('image/png')
 
-    expect(mockDownloadFile).toHaveBeenCalledWith({
+    expect(storageServiceMockFns.mockDownloadFile).toHaveBeenCalledWith({
       key: 'workspace/test-workspace-id/1234567890-image.png',
       context: 'workspace',
     })
diff --git a/apps/sim/app/api/files/upload/route.test.ts b/apps/sim/app/api/files/upload/route.test.ts
index 8e9ff1dbe8b..f0ef4ede98b 100644
--- a/apps/sim/app/api/files/upload/route.test.ts
+++ b/apps/sim/app/api/files/upload/route.test.ts
@@ -3,7 +3,14 @@
  *
  * @vitest-environment node
  */
-import { authMockFns, hybridAuthMockFns, permissionsMock, permissionsMockFns } from '@sim/testing'
+import {
+  authMockFns,
+  hybridAuthMockFns,
+  permissionsMock,
+  permissionsMockFns,
+  storageServiceMock,
+  storageServiceMockFns,
+} from '@sim/testing'
 import { NextRequest } from 'next/server'
 import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
 
@@ -16,8 +23,6 @@ const mocks = vi.hoisted(() => {
   const mockGetStorageProvider = vi.fn()
   const mockIsUsingCloudStorage = vi.fn()
   const mockUploadFile = vi.fn()
-  const mockHasCloudStorage = vi.fn()
-  const mockStorageUploadFile = vi.fn()
 
   return {
     mockVerifyFileAccess,
@@ -28,8 +33,6 @@ const mocks = vi.hoisted(() => {
     mockGetStorageProvider,
     mockIsUsingCloudStorage,
     mockUploadFile,
-    mockHasCloudStorage,
-    mockStorageUploadFile,
   }
 })
 
@@ -85,10 +88,7 @@ vi.mock('@/lib/uploads', () => ({
   uploadFile: mocks.mockUploadFile,
 }))
 
-vi.mock('@/lib/uploads/core/storage-service', () => ({
-  uploadFile: mocks.mockStorageUploadFile,
-  hasCloudStorage: mocks.mockHasCloudStorage,
-}))
+vi.mock('@/lib/uploads/core/storage-service', () => storageServiceMock)
 
 vi.mock('@/lib/uploads/setup.server', () => ({
   UPLOAD_DIR_SERVER: '/tmp/test-uploads',
@@ -153,8 +153,8 @@ function setupFileApiMocks(
     type: 'text/plain',
   })
 
-  mocks.mockHasCloudStorage.mockReturnValue(cloudEnabled)
-  mocks.mockStorageUploadFile.mockResolvedValue({
+  storageServiceMockFns.mockHasCloudStorage.mockReturnValue(cloudEnabled)
+  storageServiceMockFns.mockUploadFile.mockResolvedValue({
     key: 'test-key',
     path: '/test/path',
   })
@@ -325,8 +325,8 @@ describe('File Upload Security Tests', () => {
       user: { id: 'test-user-id' },
     })
 
-    mocks.mockHasCloudStorage.mockReturnValue(false)
-    mocks.mockStorageUploadFile.mockResolvedValue({
+    storageServiceMockFns.mockHasCloudStorage.mockReturnValue(false)
+    storageServiceMockFns.mockUploadFile.mockResolvedValue({
       key: 'test-key',
       path: '/test/path',
     })
diff --git a/apps/sim/app/api/memory/[id]/route.ts b/apps/sim/app/api/memory/[id]/route.ts
index 20d0a71cd0a..2928fd8b42c 100644
--- a/apps/sim/app/api/memory/[id]/route.ts
+++ b/apps/sim/app/api/memory/[id]/route.ts
@@ -1,7 +1,7 @@
 import { db } from '@sim/db'
 import { memory } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
-import { and, eq } from 'drizzle-orm'
+import { and, eq, isNull } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import {
   agentMemoryDataSchemaContract,
@@ -75,7 +75,13 @@ export const GET = withRouteHandler(async (request: NextRequest, context: Memory
     const memories = await db
       .select()
       .from(memory)
-      .where(and(eq(memory.key, id), eq(memory.workspaceId, validatedWorkspaceId)))
+      .where(
+        and(
+          eq(memory.key, id),
+          eq(memory.workspaceId, validatedWorkspaceId),
+          isNull(memory.deletedAt)
+        )
+      )
       .orderBy(memory.createdAt)
       .limit(1)
 
@@ -125,7 +131,13 @@ export const DELETE = withRouteHandler(
       const existingMemory = await db
         .select({ id: memory.id })
         .from(memory)
-        .where(and(eq(memory.key, id), eq(memory.workspaceId, validatedWorkspaceId)))
+        .where(
+          and(
+            eq(memory.key, id),
+            eq(memory.workspaceId, validatedWorkspaceId),
+            isNull(memory.deletedAt)
+          )
+        )
         .limit(1)
 
       if (existingMemory.length === 0) {
@@ -134,7 +146,13 @@ export const DELETE = withRouteHandler(
 
       await db
         .delete(memory)
-        .where(and(eq(memory.key, id), eq(memory.workspaceId, validatedWorkspaceId)))
+        .where(
+          and(
+            eq(memory.key, id),
+            eq(memory.workspaceId, validatedWorkspaceId),
+            isNull(memory.deletedAt)
+          )
+        )
 
       logger.info(`[${requestId}] Memory deleted: ${id} for workspace: ${validatedWorkspaceId}`)
       return NextResponse.json(
@@ -177,7 +195,13 @@ export const PUT = withRouteHandler(async (request: NextRequest, context: Memory
     const existingMemories = await db
       .select()
       .from(memory)
-      .where(and(eq(memory.key, id), eq(memory.workspaceId, validatedWorkspaceId)))
+      .where(
+        and(
+          eq(memory.key, id),
+          eq(memory.workspaceId, validatedWorkspaceId),
+          isNull(memory.deletedAt)
+        )
+      )
       .limit(1)
 
     if (existingMemories.length === 0) {
@@ -196,12 +220,24 @@ export const PUT = withRouteHandler(async (request: NextRequest, context: Memory
     await db
       .update(memory)
       .set({ data: validatedData, updatedAt: now })
-      .where(and(eq(memory.key, id), eq(memory.workspaceId, validatedWorkspaceId)))
+      .where(
+        and(
+          eq(memory.key, id),
+          eq(memory.workspaceId, validatedWorkspaceId),
+          isNull(memory.deletedAt)
+        )
+      )
 
     const updatedMemories = await db
       .select()
       .from(memory)
-      .where(and(eq(memory.key, id), eq(memory.workspaceId, validatedWorkspaceId)))
+      .where(
+        and(
+          eq(memory.key, id),
+          eq(memory.workspaceId, validatedWorkspaceId),
+          isNull(memory.deletedAt)
+        )
+      )
       .limit(1)
 
     const mem = updatedMemories[0]
diff --git a/apps/sim/app/api/memory/route.ts b/apps/sim/app/api/memory/route.ts
index 4ad47e108b2..53b9340f3c6 100644
--- a/apps/sim/app/api/memory/route.ts
+++ b/apps/sim/app/api/memory/route.ts
@@ -293,7 +293,13 @@ export const DELETE = withRouteHandler(async (request: NextRequest) => {
 
     const result = await db
       .delete(memory)
-      .where(and(eq(memory.key, conversationId), eq(memory.workspaceId, workspaceId)))
+      .where(
+        and(
+          eq(memory.key, conversationId),
+          eq(memory.workspaceId, workspaceId),
+          isNull(memory.deletedAt)
+        )
+      )
       .returning({ id: memory.id })
 
     const deletedCount = result.length
diff --git a/apps/sim/app/api/table/[tableId]/cancel-runs/route.ts b/apps/sim/app/api/table/[tableId]/cancel-runs/route.ts
new file mode 100644
index 00000000000..be89633d7e9
--- /dev/null
+++ b/apps/sim/app/api/table/[tableId]/cancel-runs/route.ts
@@ -0,0 +1,57 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { cancelTableRunsContract } from '@/lib/api/contracts/tables'
+import { parseRequest } from '@/lib/api/server'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
+import { cancelWorkflowGroupRuns } from '@/lib/table/workflow-columns'
+import { accessError, checkAccess } from '@/app/api/table/utils'
+
+const logger = createLogger('TableCancelRunsAPI')
+
+interface RouteParams {
+  params: Promise<{ tableId: string }>
+}
+
+/**
+ * POST /api/table/[tableId]/cancel-runs
+ *
+ * Cancels in-flight and pending workflow-column runs for this table. Scopes:
+ * `all` (every cell) or `row` (every cell for `rowId`).
+ */
+export const POST = withRouteHandler(async (request: NextRequest, { params }: RouteParams) => {
+  const requestId = generateRequestId()
+
+  try {
+    const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
+    if (!authResult.success || !authResult.userId) {
+      return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
+    }
+
+    const parsed = await parseRequest(cancelTableRunsContract, request, { params })
+    if (!parsed.success) return parsed.response
+    const { tableId } = parsed.data.params
+    const { workspaceId, scope, rowId } = parsed.data.body
+
+    const result = await checkAccess(tableId, authResult.userId, 'write')
+    if (!result.ok) return accessError(result, requestId, tableId)
+    const { table } = result
+
+    if (table.workspaceId !== workspaceId) {
+      return NextResponse.json({ error: 'Invalid workspace ID' }, { status: 400 })
+    }
+
+    const cancelled = await cancelWorkflowGroupRuns(tableId, scope === 'row' ? rowId : undefined)
+    logger.info(
+      `[${requestId}] cancel-runs: tableId=${tableId} scope=${scope}${
+        rowId ? ` rowId=${rowId}` : ''
+      } cancelled=${cancelled}`
+    )
+
+    return NextResponse.json({ success: true, data: { cancelled } })
+  } catch (error) {
+    logger.error(`[${requestId}] cancel-runs failed:`, error)
+    return NextResponse.json({ error: 'Failed to cancel runs' }, { status: 500 })
+  }
+})
diff --git a/apps/sim/app/api/table/[tableId]/groups/[groupId]/run/route.ts b/apps/sim/app/api/table/[tableId]/groups/[groupId]/run/route.ts
new file mode 100644
index 00000000000..80f80bb7945
--- /dev/null
+++ b/apps/sim/app/api/table/[tableId]/groups/[groupId]/run/route.ts
@@ -0,0 +1,67 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { runWorkflowGroupContract } from '@/lib/api/contracts/tables'
+import { parseRequest } from '@/lib/api/server'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
+import { triggerWorkflowGroupRun } from '@/lib/table/workflow-columns'
+import { accessError, checkAccess } from '@/app/api/table/utils'
+
+const logger = createLogger('TableRunGroupAPI')
+
+interface RouteParams {
+  params: Promise<{ tableId: string; groupId: string }>
+}
+
+/**
+ * POST /api/table/[tableId]/groups/[groupId]/run
+ *
+ * Manually triggers the workflow group for every eligible row in the table.
+ * Each eligible row's `executions[groupId]` is reset to `pending` so the
+ * scheduler picks it up and enqueues a per-cell trigger.dev job. Rows whose
+ * deps aren't satisfied or whose group is already running are skipped.
+ */
+export const POST = withRouteHandler(async (request: NextRequest, { params }: RouteParams) => {
+  const requestId = generateRequestId()
+
+  try {
+    const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
+    if (!authResult.success || !authResult.userId) {
+      return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
+    }
+
+    const parsed = await parseRequest(runWorkflowGroupContract, request, { params })
+    if (!parsed.success) return parsed.response
+    const { tableId, groupId } = parsed.data.params
+    const { workspaceId, runMode, rowIds } = parsed.data.body
+
+    const result = await checkAccess(tableId, authResult.userId, 'write')
+    if (!result.ok) return accessError(result, requestId, tableId)
+    const { table } = result
+
+    if (table.workspaceId !== workspaceId) {
+      return NextResponse.json({ error: 'Invalid workspace ID' }, { status: 400 })
+    }
+
+    const { triggered } = await triggerWorkflowGroupRun({
+      tableId,
+      groupId,
+      workspaceId,
+      mode: runMode,
+      requestId,
+      rowIds,
+    })
+
+    return NextResponse.json({ success: true, data: { triggered } })
+  } catch (error) {
+    if (error instanceof Error && error.message === 'Workflow group not found') {
+      return NextResponse.json({ error: 'Workflow group not found' }, { status: 404 })
+    }
+    if (error instanceof Error && error.message === 'Invalid workspace ID') {
+      return NextResponse.json({ error: 'Invalid workspace ID' }, { status: 400 })
+    }
+    logger.error(`run-group failed:`, error)
+    return NextResponse.json({ error: 'Failed to run group' }, { status: 500 })
+  }
+})
diff --git a/apps/sim/app/api/table/[tableId]/groups/route.ts b/apps/sim/app/api/table/[tableId]/groups/route.ts
new file mode 100644
index 00000000000..847647fc397
--- /dev/null
+++ b/apps/sim/app/api/table/[tableId]/groups/route.ts
@@ -0,0 +1,159 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import {
+  addWorkflowGroupContract,
+  deleteWorkflowGroupContract,
+  updateWorkflowGroupContract,
+} from '@/lib/api/contracts/tables'
+import { parseRequest } from '@/lib/api/server'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
+import { addWorkflowGroup, deleteWorkflowGroup, updateWorkflowGroup } from '@/lib/table/service'
+import { accessError, checkAccess, normalizeColumn } from '@/app/api/table/utils'
+
+const logger = createLogger('TableWorkflowGroupsAPI')
+
+interface RouteParams {
+  params: Promise<{ tableId: string }>
+}
+
+/**
+ * Maps known service-layer error messages onto HTTP responses; falls through
+ * to a 500 with a generic message for anything unrecognized. The three
+ * group-route handlers all surface the same error shapes from
+ * `addWorkflowGroup` / `updateWorkflowGroup` / `deleteWorkflowGroup`, so they
+ * share this mapper instead of repeating the if-chain three times.
+ */
+function mapWorkflowGroupError(error: unknown, fallbackMessage: string): NextResponse {
+  if (error instanceof Error) {
+    const msg = error.message
+    if (msg === 'Table not found' || msg.includes('not found')) {
+      return NextResponse.json({ error: msg }, { status: 404 })
+    }
+    if (
+      msg.includes('Schema validation') ||
+      msg.includes('Missing column definition') ||
+      msg.includes('already exists') ||
+      msg.includes('exceed')
+    ) {
+      return NextResponse.json({ error: msg }, { status: 400 })
+    }
+  }
+  logger.error(fallbackMessage, error)
+  return NextResponse.json({ error: fallbackMessage }, { status: 500 })
+}
+
+/** POST /api/table/[tableId]/groups — create a workflow group + its output columns. */
+export const POST = withRouteHandler(async (request: NextRequest, { params }: RouteParams) => {
+  const requestId = generateRequestId()
+  try {
+    const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
+    if (!authResult.success || !authResult.userId) {
+      return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
+    }
+    const parsed = await parseRequest(addWorkflowGroupContract, request, { params })
+    if (!parsed.success) return parsed.response
+    const { tableId } = parsed.data.params
+    const validated = parsed.data.body
+    const result = await checkAccess(tableId, authResult.userId, 'write')
+    if (!result.ok) return accessError(result, requestId, tableId)
+    if (result.table.workspaceId !== validated.workspaceId) {
+      return NextResponse.json({ error: 'Invalid workspace ID' }, { status: 400 })
+    }
+    const updatedTable = await addWorkflowGroup(
+      {
+        tableId,
+        group: validated.group,
+        outputColumns: validated.outputColumns,
+        autoRun: validated.autoRun,
+      },
+      requestId
+    )
+    return NextResponse.json({
+      success: true,
+      data: {
+        columns: updatedTable.schema.columns.map(normalizeColumn),
+        workflowGroups: updatedTable.schema.workflowGroups ?? [],
+      },
+    })
+  } catch (error) {
+    return mapWorkflowGroupError(error, 'Failed to add workflow group')
+  }
+})
+
+/** PATCH /api/table/[tableId]/groups — update a workflow group (deps / outputs). */
+export const PATCH = withRouteHandler(async (request: NextRequest, { params }: RouteParams) => {
+  const requestId = generateRequestId()
+  try {
+    const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
+    if (!authResult.success || !authResult.userId) {
+      return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
+    }
+    const parsed = await parseRequest(updateWorkflowGroupContract, request, { params })
+    if (!parsed.success) return parsed.response
+    const { tableId } = parsed.data.params
+    const validated = parsed.data.body
+    const result = await checkAccess(tableId, authResult.userId, 'write')
+    if (!result.ok) return accessError(result, requestId, tableId)
+    if (result.table.workspaceId !== validated.workspaceId) {
+      return NextResponse.json({ error: 'Invalid workspace ID' }, { status: 400 })
+    }
+    const updatedTable = await updateWorkflowGroup(
+      {
+        tableId,
+        groupId: validated.groupId,
+        ...(validated.workflowId !== undefined ? { workflowId: validated.workflowId } : {}),
+        ...(validated.name !== undefined ? { name: validated.name } : {}),
+        ...(validated.dependencies !== undefined ? { dependencies: validated.dependencies } : {}),
+        ...(validated.outputs !== undefined ? { outputs: validated.outputs } : {}),
+        ...(validated.newOutputColumns !== undefined
+          ? { newOutputColumns: validated.newOutputColumns }
+          : {}),
+      },
+      requestId
+    )
+    return NextResponse.json({
+      success: true,
+      data: {
+        columns: updatedTable.schema.columns.map(normalizeColumn),
+        workflowGroups: updatedTable.schema.workflowGroups ?? [],
+      },
+    })
+  } catch (error) {
+    return mapWorkflowGroupError(error, 'Failed to update workflow group')
+  }
+})
+
+/** DELETE /api/table/[tableId]/groups — remove a workflow group + its columns. */
+export const DELETE = withRouteHandler(async (request: NextRequest, { params }: RouteParams) => {
+  const requestId = generateRequestId()
+  try {
+    const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
+    if (!authResult.success || !authResult.userId) {
+      return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
+    }
+    const parsed = await parseRequest(deleteWorkflowGroupContract, request, { params })
+    if (!parsed.success) return parsed.response
+    const { tableId } = parsed.data.params
+    const validated = parsed.data.body
+    const result = await checkAccess(tableId, authResult.userId, 'write')
+    if (!result.ok) return accessError(result, requestId, tableId)
+    if (result.table.workspaceId !== validated.workspaceId) {
+      return NextResponse.json({ error: 'Invalid workspace ID' }, { status: 400 })
+    }
+    const updatedTable = await deleteWorkflowGroup(
+      { tableId, groupId: validated.groupId },
+      requestId
+    )
+    return NextResponse.json({
+      success: true,
+      data: {
+        columns: updatedTable.schema.columns.map(normalizeColumn),
+        workflowGroups: updatedTable.schema.workflowGroups ?? [],
+      },
+    })
+  } catch (error) {
+    return mapWorkflowGroupError(error, 'Failed to delete workflow group')
+  }
+})
diff --git a/apps/sim/app/api/table/[tableId]/route.ts b/apps/sim/app/api/table/[tableId]/route.ts
index 2d87ed39553..64e2600bb94 100644
--- a/apps/sim/app/api/table/[tableId]/route.ts
+++ b/apps/sim/app/api/table/[tableId]/route.ts
@@ -54,6 +54,7 @@ export const GET = withRouteHandler(async (request: NextRequest, { params }: Tab
           description: table.description,
           schema: {
             columns: schemaData.columns.map(normalizeColumn),
+            ...(schemaData.workflowGroups ? { workflowGroups: schemaData.workflowGroups } : {}),
           },
           metadata: table.metadata ?? null,
           rowCount: table.rowCount,
diff --git a/apps/sim/app/api/table/[tableId]/rows/[rowId]/route.ts b/apps/sim/app/api/table/[tableId]/rows/[rowId]/route.ts
index 6d9e319f868..9a4a988bc25 100644
--- a/apps/sim/app/api/table/[tableId]/rows/[rowId]/route.ts
+++ b/apps/sim/app/api/table/[tableId]/rows/[rowId]/route.ts
@@ -133,6 +133,9 @@ export const PATCH = withRouteHandler(async (request: NextRequest, context: RowR
       table,
       requestId
     )
+    // Only `null` when a `cancellationGuard` is supplied and the SQL guard
+    // rejects the write — this route doesn't pass one, so reaching null is a bug.
+    if (!updatedRow) throw new Error('updateRow returned null without a cancellationGuard')
 
     return NextResponse.json({
       success: true,
diff --git a/apps/sim/app/api/table/[tableId]/rows/[rowId]/run-workflow-group/route.ts b/apps/sim/app/api/table/[tableId]/rows/[rowId]/run-workflow-group/route.ts
new file mode 100644
index 00000000000..aee786d226d
--- /dev/null
+++ b/apps/sim/app/api/table/[tableId]/rows/[rowId]/run-workflow-group/route.ts
@@ -0,0 +1,97 @@
+import { createLogger } from '@sim/logger'
+import { generateId } from '@sim/utils/id'
+import { type NextRequest, NextResponse } from 'next/server'
+import { runRowWorkflowGroupContract } from '@/lib/api/contracts/tables'
+import { parseRequest } from '@/lib/api/server'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
+import type { RowExecutionMetadata } from '@/lib/table'
+import { updateRow } from '@/lib/table'
+import { accessError, checkAccess } from '@/app/api/table/utils'
+
+const logger = createLogger('TableRunWorkflowGroupAPI')
+
+interface RouteParams {
+  params: Promise<{ tableId: string; rowId: string }>
+}
+
+/**
+ * POST /api/table/[tableId]/rows/[rowId]/run-workflow-group
+ *
+ * Manually (re-)runs a workflow group for a single row by force-resetting
+ * `executions[groupId]` to `pending`. The `updateRow` call fires the
+ * scheduler which enqueues the cell job.
+ */
+export const POST = withRouteHandler(async (request: NextRequest, { params }: RouteParams) => {
+  const requestId = generateRequestId()
+
+  try {
+    const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
+    if (!authResult.success || !authResult.userId) {
+      return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
+    }
+
+    const parsed = await parseRequest(runRowWorkflowGroupContract, request, { params })
+    if (!parsed.success) return parsed.response
+    const { tableId, rowId } = parsed.data.params
+    const { workspaceId, groupId } = parsed.data.body
+
+    const result = await checkAccess(tableId, authResult.userId, 'write')
+    if (!result.ok) return accessError(result, requestId, tableId)
+    const { table } = result
+
+    if (table.workspaceId !== workspaceId) {
+      return NextResponse.json({ error: 'Invalid workspace ID' }, { status: 400 })
+    }
+
+    const group = (table.schema.workflowGroups ?? []).find((g) => g.id === groupId)
+    if (!group) {
+      return NextResponse.json({ error: 'Workflow group not found' }, { status: 404 })
+    }
+
+    const executionId = generateId()
+    const pendingExec: RowExecutionMetadata = {
+      status: 'pending',
+      executionId,
+      jobId: null,
+      workflowId: group.workflowId,
+      error: null,
+    }
+    /**
+     * Clear the group's output cells so the rerun starts visually fresh —
+     * otherwise stale values from the previous run linger in the UI until the
+     * new run writes new ones (or doesn't, on error/router-skip).
+     */
+    const clearedData = Object.fromEntries(group.outputs.map((o) => [o.columnName, null]))
+    const updated = await updateRow(
+      {
+        tableId,
+        rowId,
+        data: clearedData,
+        workspaceId,
+        executionsPatch: { [groupId]: pendingExec },
+      },
+      table,
+      requestId
+    )
+    if (updated === null) {
+      // The cell-task cancellation guard rejected the write — typically a
+      // racing stop click that already wrote `cancelled` for this run.
+      // Surface 409 so the caller doesn't poll indefinitely for a run that
+      // was never enqueued.
+      return NextResponse.json(
+        { error: 'Run was cancelled before it could be scheduled' },
+        { status: 409 }
+      )
+    }
+
+    return NextResponse.json({ success: true, data: { executionId } })
+  } catch (error) {
+    if (error instanceof Error && error.message === 'Row not found') {
+      return NextResponse.json({ error: 'Row not found' }, { status: 404 })
+    }
+    logger.error(`run-workflow-group failed:`, error)
+    return NextResponse.json({ error: 'Failed to run workflow group' }, { status: 500 })
+  }
+})
diff --git a/apps/sim/app/api/table/[tableId]/rows/route.ts b/apps/sim/app/api/table/[tableId]/rows/route.ts
index 4e107e82ea6..8c69ef55a38 100644
--- a/apps/sim/app/api/table/[tableId]/rows/route.ts
+++ b/apps/sim/app/api/table/[tableId]/rows/route.ts
@@ -277,6 +277,7 @@ export const GET = withRouteHandler(
         .select({
           id: userTableRows.id,
           data: userTableRows.data,
+          executions: userTableRows.executions,
           position: userTableRows.position,
           createdAt: userTableRows.createdAt,
           updatedAt: userTableRows.updatedAt,
@@ -317,6 +318,7 @@ export const GET = withRouteHandler(
           rows: rows.map((r) => ({
             id: r.id,
             data: r.data,
+            executions: r.executions ?? {},
             position: r.position,
             createdAt:
               r.createdAt instanceof Date ? r.createdAt.toISOString() : String(r.createdAt),
diff --git a/apps/sim/app/api/table/utils.ts b/apps/sim/app/api/table/utils.ts
index e80c9dbf0be..7db4ec31732 100644
--- a/apps/sim/app/api/table/utils.ts
+++ b/apps/sim/app/api/table/utils.ts
@@ -173,5 +173,6 @@ export function normalizeColumn(col: ColumnDefinition): ColumnDefinition {
     type: col.type,
     required: col.required ?? false,
     unique: col.unique ?? false,
+    ...(col.workflowGroupId ? { workflowGroupId: col.workflowGroupId } : {}),
   }
 }
diff --git a/apps/sim/app/api/tools/file/manage/route.ts b/apps/sim/app/api/tools/file/manage/route.ts
index 01048b92950..3880e587bcc 100644
--- a/apps/sim/app/api/tools/file/manage/route.ts
+++ b/apps/sim/app/api/tools/file/manage/route.ts
@@ -7,7 +7,7 @@ import { acquireLock, releaseLock } from '@/lib/core/config/redis'
 import { ensureAbsoluteUrl } from '@/lib/core/utils/urls'
 import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
 import {
-  downloadWorkspaceFile,
+  fetchWorkspaceFileBuffer,
   getWorkspaceFileByName,
   updateWorkspaceFileContent,
   uploadWorkspaceFile,
@@ -91,7 +91,7 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
         }
 
         try {
-          const existingBuffer = await downloadWorkspaceFile(existing)
+          const existingBuffer = await fetchWorkspaceFileBuffer(existing)
           const finalContent = existingBuffer.toString('utf-8') + content
           const fileBuffer = Buffer.from(finalContent, 'utf-8')
           await updateWorkspaceFileContent(workspaceId, existing.id, userId, fileBuffer)
diff --git a/apps/sim/app/api/tools/stt/route.ts b/apps/sim/app/api/tools/stt/route.ts
index 4ff71c05cc0..3779a6b2982 100644
--- a/apps/sim/app/api/tools/stt/route.ts
+++ b/apps/sim/app/api/tools/stt/route.ts
@@ -20,6 +20,7 @@ import {
 import type { TranscriptSegment } from '@/tools/stt/types'
 
 const logger = createLogger('SttProxyAPI')
+const ELEVENLABS_STT_MODEL = 'scribe_v2'
 
 export const dynamic = 'force-dynamic'
 export const maxDuration = 300 // 5 minutes for large files
@@ -222,13 +223,7 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
         duration = result.duration
         confidence = result.confidence
       } else if (provider === 'elevenlabs') {
-        const result = await transcribeWithElevenLabs(
-          audioBuffer,
-          apiKey,
-          language,
-          timestamps,
-          model
-        )
+        const result = await transcribeWithElevenLabs(audioBuffer, apiKey, language, timestamps)
         transcript = result.transcript
         segments = result.segments
         detectedLanguage = result.language
@@ -470,8 +465,7 @@ async function transcribeWithElevenLabs(
   audioBuffer: Buffer,
   apiKey: string,
   language?: string,
-  timestamps?: 'none' | 'sentence' | 'word',
-  model?: string
+  timestamps?: 'none' | 'sentence' | 'word'
 ): Promise<{
   transcript: string
   segments?: TranscriptSegment[]
@@ -481,7 +475,7 @@ async function transcribeWithElevenLabs(
   const formData = new FormData()
   const blob = new Blob([new Uint8Array(audioBuffer)], { type: 'audio/mpeg' })
   formData.append('file', blob, 'audio.mp3')
-  formData.append('model_id', model || 'scribe_v1')
+  formData.append('model_id', ELEVENLABS_STT_MODEL)
 
   if (language && language !== 'auto') {
     formData.append('language_code', language)
diff --git a/apps/sim/app/api/v1/files/[fileId]/route.ts b/apps/sim/app/api/v1/files/[fileId]/route.ts
index 0a7e4b6020c..a2e4c029d1d 100644
--- a/apps/sim/app/api/v1/files/[fileId]/route.ts
+++ b/apps/sim/app/api/v1/files/[fileId]/route.ts
@@ -7,7 +7,7 @@ import { generateRequestId } from '@/lib/core/utils/request'
 import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
 import {
   deleteWorkspaceFile,
-  downloadWorkspaceFile,
+  fetchWorkspaceFileBuffer,
   getWorkspaceFile,
 } from '@/lib/uploads/contexts/workspace'
 import {
@@ -50,7 +50,7 @@ export const GET = withRouteHandler(async (request: NextRequest, context: FileRo
       return NextResponse.json({ error: 'File not found' }, { status: 404 })
     }
 
-    const buffer = await downloadWorkspaceFile(fileRecord)
+    const buffer = await fetchWorkspaceFileBuffer(fileRecord)
 
     return new Response(new Uint8Array(buffer), {
       status: 200,
diff --git a/apps/sim/app/api/v1/tables/[tableId]/rows/[rowId]/route.ts b/apps/sim/app/api/v1/tables/[tableId]/rows/[rowId]/route.ts
index 65625720c31..810bb0dfc65 100644
--- a/apps/sim/app/api/v1/tables/[tableId]/rows/[rowId]/route.ts
+++ b/apps/sim/app/api/v1/tables/[tableId]/rows/[rowId]/route.ts
@@ -139,6 +139,11 @@ export const PATCH = withRouteHandler(async (request: NextRequest, context: RowR
       table,
       requestId
     )
+    // No `cancellationGuard` is passed here, so `updateRow` can't return null
+    // from this caller. Defensive narrowing for TypeScript.
+    if (!updatedRow) {
+      return NextResponse.json({ error: 'Row not found' }, { status: 404 })
+    }
 
     return NextResponse.json({
       success: true,
diff --git a/apps/sim/app/api/workflows/[id]/executions/[executionId]/cancel/route.test.ts b/apps/sim/app/api/workflows/[id]/executions/[executionId]/cancel/route.test.ts
index 6a9808f1b0e..c7b86847f0b 100644
--- a/apps/sim/app/api/workflows/[id]/executions/[executionId]/cancel/route.test.ts
+++ b/apps/sim/app/api/workflows/[id]/executions/[executionId]/cancel/route.test.ts
@@ -5,6 +5,7 @@
 import {
   databaseMock,
   hybridAuthMockFns,
+  posthogServerMock,
   workflowAuthzMockFns,
   workflowsUtilsMock,
 } from '@sim/testing'
@@ -43,9 +44,7 @@ vi.mock('@/lib/workflows/executor/human-in-the-loop-manager', () => ({
 
 vi.mock('@/lib/workflows/utils', () => workflowsUtilsMock)
 
-vi.mock('@/lib/posthog/server', () => ({
-  captureServerEvent: vi.fn(),
-}))
+vi.mock('@/lib/posthog/server', () => posthogServerMock)
 
 vi.mock('@/lib/execution/event-buffer', () => ({
   setExecutionMeta: (...args: unknown[]) => mockSetExecutionMeta(...args),
diff --git a/apps/sim/app/api/workspaces/[id]/files/[fileId]/compiled-check/route.ts b/apps/sim/app/api/workspaces/[id]/files/[fileId]/compiled-check/route.ts
index a6d54e8983f..7324c915c20 100644
--- a/apps/sim/app/api/workspaces/[id]/files/[fileId]/compiled-check/route.ts
+++ b/apps/sim/app/api/workspaces/[id]/files/[fileId]/compiled-check/route.ts
@@ -8,7 +8,7 @@ import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
 import { BINARY_DOC_TASKS, MAX_DOCUMENT_PREVIEW_CODE_BYTES } from '@/lib/execution/constants'
 import { runSandboxTask, SandboxUserCodeError } from '@/lib/execution/sandbox/run-task'
 import { validateMermaidSource } from '@/lib/mermaid/validate'
-import { downloadWorkspaceFile, getWorkspaceFile } from '@/lib/uploads/contexts/workspace'
+import { fetchWorkspaceFileBuffer, getWorkspaceFile } from '@/lib/uploads/contexts/workspace'
 import { verifyWorkspaceMembership } from '@/app/api/workflows/utils'
 
 export const dynamic = 'force-dynamic'
@@ -62,7 +62,7 @@ export const GET = withRouteHandler(
 
     let buffer: Buffer
     try {
-      buffer = await downloadWorkspaceFile(fileRecord)
+      buffer = await fetchWorkspaceFileBuffer(fileRecord)
     } catch (err) {
       logger.error('Failed to download file for compiled check', {
         fileId,
diff --git a/apps/sim/app/api/workspaces/[id]/files/[fileId]/style/route.ts b/apps/sim/app/api/workspaces/[id]/files/[fileId]/style/route.ts
index 815d8eb4f6f..c30d0e9723f 100644
--- a/apps/sim/app/api/workspaces/[id]/files/[fileId]/style/route.ts
+++ b/apps/sim/app/api/workspaces/[id]/files/[fileId]/style/route.ts
@@ -6,7 +6,7 @@ import { parseRequest } from '@/lib/api/server'
 import { getSession } from '@/lib/auth'
 import { extractDocumentStyle } from '@/lib/copilot/vfs/document-style'
 import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
-import { downloadWorkspaceFile, getWorkspaceFile } from '@/lib/uploads/contexts/workspace'
+import { fetchWorkspaceFileBuffer, getWorkspaceFile } from '@/lib/uploads/contexts/workspace'
 import { verifyWorkspaceMembership } from '@/app/api/workflows/utils'
 
 export const dynamic = 'force-dynamic'
@@ -52,7 +52,7 @@ export const GET = withRouteHandler(
 
     let buffer: Buffer
     try {
-      buffer = await downloadWorkspaceFile(fileRecord)
+      buffer = await fetchWorkspaceFileBuffer(fileRecord)
     } catch (err) {
       logger.error('Failed to download file for style extraction', {
         fileId,
diff --git a/apps/sim/app/api/workspaces/[id]/files/presigned/route.test.ts b/apps/sim/app/api/workspaces/[id]/files/presigned/route.test.ts
new file mode 100644
index 00000000000..8fee00a3f25
--- /dev/null
+++ b/apps/sim/app/api/workspaces/[id]/files/presigned/route.test.ts
@@ -0,0 +1,161 @@
+/**
+ * @vitest-environment node
+ */
+import {
+  authMockFns,
+  permissionsMock,
+  permissionsMockFns,
+  storageServiceMock,
+  storageServiceMockFns,
+} from '@sim/testing'
+import { NextRequest } from 'next/server'
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const { mockCheckStorageQuota, mockGenerateWorkspaceFileKey, mockUseBlobStorage } = vi.hoisted(
+  () => ({
+    mockCheckStorageQuota: vi.fn(),
+    mockGenerateWorkspaceFileKey: vi.fn(),
+    mockUseBlobStorage: { value: false },
+  })
+)
+
+vi.mock('@/lib/billing/storage', () => ({
+  checkStorageQuota: mockCheckStorageQuota,
+}))
+
+vi.mock('@/lib/uploads/core/storage-service', () => storageServiceMock)
+
+vi.mock('@/lib/uploads/contexts/workspace/workspace-file-manager', () => ({
+  generateWorkspaceFileKey: mockGenerateWorkspaceFileKey,
+}))
+
+vi.mock('@/lib/uploads/config', () => ({
+  get USE_BLOB_STORAGE() {
+    return mockUseBlobStorage.value
+  },
+}))
+
+vi.mock('@/lib/workspaces/permissions/utils', () => permissionsMock)
+
+const WS = '7727ef3f-8cf6-4686-b063-2bb006a10785'
+
+import { POST } from '@/app/api/workspaces/[id]/files/presigned/route'
+
+const params = (id = WS) => ({ params: Promise.resolve({ id }) })
+
+const makeRequest = (body: unknown) =>
+  new NextRequest(`http://localhost/api/workspaces/${WS}/files/presigned`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify(body),
+  })
+
+const validBody = {
+  fileName: 'video.mp4',
+  contentType: 'video/mp4',
+  fileSize: 10 * 1024 * 1024,
+}
+
+describe('POST /api/workspaces/[id]/files/presigned', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+    authMockFns.mockGetSession.mockResolvedValue({ user: { id: 'user-1' } })
+    permissionsMockFns.mockGetUserEntityPermissions.mockResolvedValue('write')
+    mockCheckStorageQuota.mockResolvedValue({ allowed: true })
+    storageServiceMockFns.mockHasCloudStorage.mockReturnValue(true)
+    mockGenerateWorkspaceFileKey.mockReturnValue(`workspace/${WS}/123-abc-video.mp4`)
+    storageServiceMockFns.mockGeneratePresignedUploadUrl.mockResolvedValue({
+      url: 'https://s3/presigned',
+      key: `workspace/${WS}/123-abc-video.mp4`,
+      uploadHeaders: { 'Content-Type': 'video/mp4' },
+    })
+  })
+
+  it('returns 401 when unauthenticated', async () => {
+    authMockFns.mockGetSession.mockResolvedValueOnce(null)
+    const res = await POST(makeRequest(validBody), params())
+    expect(res.status).toBe(401)
+  })
+
+  it('returns 403 when user has read-only permission', async () => {
+    permissionsMockFns.mockGetUserEntityPermissions.mockResolvedValueOnce('read')
+    const res = await POST(makeRequest(validBody), params())
+    expect(res.status).toBe(403)
+  })
+
+  it('returns 400 for missing fileName', async () => {
+    const res = await POST(makeRequest({ ...validBody, fileName: '' }), params())
+    expect(res.status).toBe(400)
+  })
+
+  it('returns 400 for negative fileSize', async () => {
+    const res = await POST(makeRequest({ ...validBody, fileSize: -1 }), params())
+    expect(res.status).toBe(400)
+  })
+
+  it('accepts fileSize === 0 (empty new files)', async () => {
+    const res = await POST(makeRequest({ ...validBody, fileSize: 0 }), params())
+    expect(res.status).toBe(200)
+  })
+
+  it('returns 413 when fileSize exceeds 5 GiB ceiling', async () => {
+    const res = await POST(
+      makeRequest({ ...validBody, fileSize: 6 * 1024 * 1024 * 1024 }),
+      params()
+    )
+    expect(res.status).toBe(413)
+  })
+
+  it('returns 413 when storage quota would be exceeded', async () => {
+    mockCheckStorageQuota.mockResolvedValueOnce({ allowed: false, error: 'Over quota' })
+    const res = await POST(makeRequest(validBody), params())
+    const body = await res.json()
+    expect(res.status).toBe(413)
+    expect(body.error).toBe('Over quota')
+  })
+
+  it('returns local fallback signal when cloud storage is not configured', async () => {
+    storageServiceMockFns.mockHasCloudStorage.mockReturnValueOnce(false)
+    const res = await POST(makeRequest(validBody), params())
+    const body = await res.json()
+    expect(res.status).toBe(200)
+    expect(body.directUploadSupported).toBe(false)
+    expect(body.presignedUrl).toBe('')
+    expect(body.fileInfo.name).toBe('video.mp4')
+    expect(storageServiceMockFns.mockGeneratePresignedUploadUrl).not.toHaveBeenCalled()
+  })
+
+  it('issues a presigned URL bound to the workspace', async () => {
+    const res = await POST(makeRequest(validBody), params())
+    const body = await res.json()
+
+    expect(res.status).toBe(200)
+    expect(body.directUploadSupported).toBe(true)
+    expect(body.presignedUrl).toBe('https://s3/presigned')
+    expect(body.fileInfo.key).toBe(`workspace/${WS}/123-abc-video.mp4`)
+    expect(body.fileInfo.path).toContain('?context=workspace')
+    expect(body.fileInfo.path).toContain('s3')
+    expect(body.uploadHeaders).toEqual({ 'Content-Type': 'video/mp4' })
+
+    expect(mockGenerateWorkspaceFileKey).toHaveBeenCalledWith(WS, 'video.mp4')
+    expect(storageServiceMockFns.mockGeneratePresignedUploadUrl).toHaveBeenCalledWith(
+      expect.objectContaining({
+        context: 'workspace',
+        userId: 'user-1',
+        customKey: `workspace/${WS}/123-abc-video.mp4`,
+        metadata: { workspaceId: WS },
+      })
+    )
+  })
+
+  it('serves blob path when blob storage is configured', async () => {
+    mockUseBlobStorage.value = true
+    try {
+      const res = await POST(makeRequest(validBody), params())
+      const body = await res.json()
+      expect(body.fileInfo.path).toContain('/blob/')
+    } finally {
+      mockUseBlobStorage.value = false
+    }
+  })
+})
diff --git a/apps/sim/app/api/workspaces/[id]/files/presigned/route.ts b/apps/sim/app/api/workspaces/[id]/files/presigned/route.ts
new file mode 100644
index 00000000000..332a9386ca7
--- /dev/null
+++ b/apps/sim/app/api/workspaces/[id]/files/presigned/route.ts
@@ -0,0 +1,97 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { workspacePresignedUploadContract } from '@/lib/api/contracts/workspace-files'
+import { parseRequest } from '@/lib/api/server'
+import { getSession } from '@/lib/auth'
+import { checkStorageQuota } from '@/lib/billing/storage'
+import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
+import { USE_BLOB_STORAGE } from '@/lib/uploads/config'
+import { generateWorkspaceFileKey } from '@/lib/uploads/contexts/workspace/workspace-file-manager'
+import { generatePresignedUploadUrl, hasCloudStorage } from '@/lib/uploads/core/storage-service'
+import { MAX_WORKSPACE_FILE_SIZE } from '@/lib/uploads/shared/types'
+import { getUserEntityPermissions } from '@/lib/workspaces/permissions/utils'
+
+const logger = createLogger('WorkspacePresignedAPI')
+
+/**
+ * POST /api/workspaces/[id]/files/presigned
+ * Returns a presigned PUT URL for a workspace-scoped object key. The client
+ * uploads the bytes directly to S3/Blob, then calls /files/register to
+ * insert metadata.
+ */
+export const POST = withRouteHandler(
+  async (request: NextRequest, context: { params: Promise<{ id: string }> }) => {
+    const session = await getSession()
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+    const userId = session.user.id
+
+    const parsed = await parseRequest(workspacePresignedUploadContract, request, context)
+    if (!parsed.success) return parsed.response
+    const { params, body } = parsed.data
+    const workspaceId = params.id
+    const { fileName, contentType, fileSize } = body
+
+    const permission = await getUserEntityPermissions(userId, 'workspace', workspaceId)
+    if (permission !== 'admin' && permission !== 'write') {
+      logger.warn(`User ${userId} lacks write permission for ${workspaceId}`)
+      return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
+    }
+
+    if (fileSize > MAX_WORKSPACE_FILE_SIZE) {
+      return NextResponse.json(
+        { error: `File size exceeds maximum of ${MAX_WORKSPACE_FILE_SIZE} bytes` },
+        { status: 413 }
+      )
+    }
+
+    if (!hasCloudStorage()) {
+      logger.info(`Local storage detected, signaling API fallback for ${fileName}`)
+      return NextResponse.json({
+        fileName,
+        presignedUrl: '',
+        fileInfo: { path: '', key: '', name: fileName, size: fileSize, type: contentType },
+        directUploadSupported: false,
+      })
+    }
+
+    const quotaCheck = await checkStorageQuota(userId, fileSize)
+    if (!quotaCheck.allowed) {
+      return NextResponse.json(
+        { error: quotaCheck.error || 'Storage limit exceeded' },
+        { status: 413 }
+      )
+    }
+
+    const key = generateWorkspaceFileKey(workspaceId, fileName)
+    const presigned = await generatePresignedUploadUrl({
+      fileName,
+      contentType,
+      fileSize,
+      context: 'workspace',
+      userId,
+      customKey: key,
+      expirationSeconds: 3600,
+      metadata: { workspaceId },
+    })
+
+    const finalPath = `/api/files/serve/${USE_BLOB_STORAGE ? 'blob' : 's3'}/${encodeURIComponent(key)}?context=workspace`
+
+    logger.info(`Issued workspace presigned URL for ${fileName} -> ${key}`)
+
+    return NextResponse.json({
+      fileName,
+      presignedUrl: presigned.url,
+      fileInfo: {
+        path: finalPath,
+        key: presigned.key,
+        name: fileName,
+        size: fileSize,
+        type: contentType,
+      },
+      uploadHeaders: presigned.uploadHeaders,
+      directUploadSupported: true,
+    })
+  }
+)
diff --git a/apps/sim/app/api/workspaces/[id]/files/register/route.test.ts b/apps/sim/app/api/workspaces/[id]/files/register/route.test.ts
new file mode 100644
index 00000000000..3d9fd1465e3
--- /dev/null
+++ b/apps/sim/app/api/workspaces/[id]/files/register/route.test.ts
@@ -0,0 +1,171 @@
+/**
+ * @vitest-environment node
+ */
+import {
+  auditMock,
+  auditMockFns,
+  authMockFns,
+  permissionsMock,
+  permissionsMockFns,
+  posthogServerMock,
+  posthogServerMockFns,
+} from '@sim/testing'
+import { NextRequest } from 'next/server'
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const { mockRegisterUploadedWorkspaceFile, mockParseWorkspaceFileKey, FileConflictErrorImpl } =
+  vi.hoisted(() => {
+    class FileConflictErrorImpl extends Error {
+      constructor(message: string) {
+        super(message)
+        this.name = 'FileConflictError'
+      }
+    }
+    return {
+      mockRegisterUploadedWorkspaceFile: vi.fn(),
+      mockParseWorkspaceFileKey: vi.fn(),
+      FileConflictErrorImpl,
+    }
+  })
+
+vi.mock('@/lib/uploads/contexts/workspace', () => ({
+  registerUploadedWorkspaceFile: mockRegisterUploadedWorkspaceFile,
+  parseWorkspaceFileKey: mockParseWorkspaceFileKey,
+  FileConflictError: FileConflictErrorImpl,
+}))
+
+vi.mock('@/lib/posthog/server', () => posthogServerMock)
+vi.mock('@/lib/workspaces/permissions/utils', () => permissionsMock)
+vi.mock('@sim/audit', () => auditMock)
+
+const WS = '7727ef3f-8cf6-4686-b063-2bb006a10785'
+const VALID_KEY = `workspace/${WS}/123-abc-video.mp4`
+
+import { POST } from '@/app/api/workspaces/[id]/files/register/route'
+
+const params = (id = WS) => ({ params: Promise.resolve({ id }) })
+
+const makeRequest = (body: unknown) =>
+  new NextRequest(`http://localhost/api/workspaces/${WS}/files/register`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify(body),
+  })
+
+const validBody = {
+  key: VALID_KEY,
+  name: 'video.mp4',
+  contentType: 'video/mp4',
+}
+
+describe('POST /api/workspaces/[id]/files/register', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+    authMockFns.mockGetSession.mockResolvedValue({
+      user: { id: 'user-1', name: 'User One', email: 'u@example.com' },
+    })
+    permissionsMockFns.mockGetUserEntityPermissions.mockResolvedValue('write')
+    mockParseWorkspaceFileKey.mockImplementation((key: string) => {
+      const match = key.match(/^workspace\/([^/]+)\//)
+      return match ? match[1] : null
+    })
+    mockRegisterUploadedWorkspaceFile.mockResolvedValue({
+      file: {
+        id: 'wf_123',
+        name: 'video.mp4',
+        size: 10 * 1024 * 1024,
+        type: 'video/mp4',
+        url: '/api/files/serve/...',
+        key: VALID_KEY,
+        context: 'workspace',
+      },
+      created: true,
+    })
+  })
+
+  it('returns 401 when unauthenticated', async () => {
+    authMockFns.mockGetSession.mockResolvedValueOnce(null)
+    const res = await POST(makeRequest(validBody), params())
+    expect(res.status).toBe(401)
+  })
+
+  it('returns 403 when user lacks write permission', async () => {
+    permissionsMockFns.mockGetUserEntityPermissions.mockResolvedValueOnce('read')
+    const res = await POST(makeRequest(validBody), params())
+    expect(res.status).toBe(403)
+  })
+
+  it('rejects keys belonging to a different workspace', async () => {
+    const otherWsKey = `workspace/00000000-0000-0000-0000-000000000000/123-abc-video.mp4`
+    const res = await POST(makeRequest({ ...validBody, key: otherWsKey }), params())
+    const body = await res.json()
+    expect(res.status).toBe(400)
+    expect(body.error).toContain('does not belong')
+    expect(mockRegisterUploadedWorkspaceFile).not.toHaveBeenCalled()
+  })
+
+  it('returns 400 for empty key/name', async () => {
+    const res = await POST(makeRequest({ ...validBody, key: '' }), params())
+    expect(res.status).toBe(400)
+  })
+
+  it('returns 404 when storage object is missing', async () => {
+    mockRegisterUploadedWorkspaceFile.mockRejectedValueOnce(
+      new Error('Uploaded object not found in storage')
+    )
+    const res = await POST(makeRequest(validBody), params())
+    expect(res.status).toBe(404)
+  })
+
+  it('returns 409 on duplicate file conflict', async () => {
+    mockRegisterUploadedWorkspaceFile.mockRejectedValueOnce(new FileConflictErrorImpl('video.mp4'))
+    const res = await POST(makeRequest(validBody), params())
+    const body = await res.json()
+    expect(res.status).toBe(409)
+    expect(body.isDuplicate).toBe(true)
+  })
+
+  it('skips audit + analytics on idempotent re-register (created=false)', async () => {
+    mockRegisterUploadedWorkspaceFile.mockResolvedValueOnce({
+      file: {
+        id: 'wf_123',
+        name: 'video.mp4',
+        size: 10 * 1024 * 1024,
+        type: 'video/mp4',
+        url: '/api/files/serve/...',
+        key: VALID_KEY,
+        context: 'workspace',
+      },
+      created: false,
+    })
+
+    const res = await POST(makeRequest(validBody), params())
+    expect(res.status).toBe(200)
+    expect(posthogServerMockFns.mockCaptureServerEvent).not.toHaveBeenCalled()
+    expect(auditMockFns.mockRecordAudit).not.toHaveBeenCalled()
+  })
+
+  it('finalizes upload, records audit and analytics', async () => {
+    const res = await POST(makeRequest(validBody), params())
+    const body = await res.json()
+
+    expect(res.status).toBe(200)
+    expect(body.success).toBe(true)
+    expect(body.file).toMatchObject({ id: 'wf_123', key: VALID_KEY })
+
+    expect(mockRegisterUploadedWorkspaceFile).toHaveBeenCalledWith({
+      workspaceId: WS,
+      userId: 'user-1',
+      key: VALID_KEY,
+      originalName: 'video.mp4',
+      contentType: 'video/mp4',
+    })
+
+    expect(posthogServerMockFns.mockCaptureServerEvent).toHaveBeenCalledWith(
+      'user-1',
+      'file_uploaded',
+      expect.objectContaining({ workspace_id: WS, file_type: 'video/mp4' }),
+      expect.any(Object)
+    )
+  })
+})
diff --git a/apps/sim/app/api/workspaces/[id]/files/register/route.ts b/apps/sim/app/api/workspaces/[id]/files/register/route.ts
new file mode 100644
index 00000000000..dfcaa537b5e
--- /dev/null
+++ b/apps/sim/app/api/workspaces/[id]/files/register/route.ts
@@ -0,0 +1,101 @@
+import { AuditAction, AuditResourceType, recordAudit } from '@sim/audit'
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { registerWorkspaceFileContract } from '@/lib/api/contracts/workspace-files'
+import { parseRequest } from '@/lib/api/server'
+import { getSession } from '@/lib/auth'
+import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
+import { captureServerEvent } from '@/lib/posthog/server'
+import {
+  FileConflictError,
+  parseWorkspaceFileKey,
+  registerUploadedWorkspaceFile,
+} from '@/lib/uploads/contexts/workspace'
+import { getUserEntityPermissions } from '@/lib/workspaces/permissions/utils'
+
+const logger = createLogger('WorkspaceRegisterAPI')
+
+/**
+ * POST /api/workspaces/[id]/files/register
+ * Finalize a direct-to-storage upload by inserting metadata, updating quota,
+ * and recording an audit log. Validates the storage key belongs to the
+ * caller's workspace to prevent cross-tenant key smuggling.
+ */
+export const POST = withRouteHandler(
+  async (request: NextRequest, context: { params: Promise<{ id: string }> }) => {
+    const session = await getSession()
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+    const userId = session.user.id
+
+    const parsed = await parseRequest(registerWorkspaceFileContract, request, context)
+    if (!parsed.success) return parsed.response
+    const { params, body } = parsed.data
+    const workspaceId = params.id
+    const { key, name, contentType } = body
+
+    const permission = await getUserEntityPermissions(userId, 'workspace', workspaceId)
+    if (permission !== 'admin' && permission !== 'write') {
+      logger.warn(`User ${userId} lacks write permission for ${workspaceId}`)
+      return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
+    }
+
+    if (parseWorkspaceFileKey(key) !== workspaceId) {
+      logger.warn(`Key ${key} does not belong to workspace ${workspaceId}`)
+      return NextResponse.json(
+        { error: 'Storage key does not belong to this workspace' },
+        { status: 400 }
+      )
+    }
+
+    try {
+      const { file: userFile, created } = await registerUploadedWorkspaceFile({
+        workspaceId,
+        userId,
+        key,
+        originalName: name,
+        contentType,
+      })
+
+      if (created) {
+        logger.info(`Registered direct upload ${name} -> ${key}`)
+
+        captureServerEvent(
+          userId,
+          'file_uploaded',
+          { workspace_id: workspaceId, file_type: contentType },
+          { groups: { workspace: workspaceId } }
+        )
+
+        recordAudit({
+          workspaceId,
+          actorId: userId,
+          actorName: session.user.name,
+          actorEmail: session.user.email,
+          action: AuditAction.FILE_UPLOADED,
+          resourceType: AuditResourceType.FILE,
+          resourceId: userFile.id,
+          resourceName: name,
+          description: `Uploaded file "${name}"`,
+          metadata: { fileSize: userFile.size, fileType: contentType },
+          request,
+        })
+      } else {
+        logger.info(`Idempotent re-register for existing upload ${name} -> ${key}`)
+      }
+
+      return NextResponse.json({ success: true, file: userFile })
+    } catch (error) {
+      logger.error('Failed to register workspace file:', error)
+
+      const errorMessage = error instanceof Error ? error.message : 'Failed to register file'
+      const isDuplicate =
+        error instanceof FileConflictError || errorMessage.includes('already exists')
+      const isMissing = errorMessage.includes('not found in storage')
+
+      const status = isDuplicate ? 409 : isMissing ? 404 : 500
+      return NextResponse.json({ success: false, error: errorMessage, isDuplicate }, { status })
+    }
+  }
+)
diff --git a/apps/sim/app/api/workspaces/[id]/files/route.ts b/apps/sim/app/api/workspaces/[id]/files/route.ts
index 090e2aa1ee2..d89b12118e8 100644
--- a/apps/sim/app/api/workspaces/[id]/files/route.ts
+++ b/apps/sim/app/api/workspaces/[id]/files/route.ts
@@ -15,6 +15,7 @@ import {
   listWorkspaceFiles,
   uploadWorkspaceFile,
 } from '@/lib/uploads/contexts/workspace'
+import { MAX_WORKSPACE_FORMDATA_FILE_SIZE } from '@/lib/uploads/shared/types'
 import { getUserEntityPermissions } from '@/lib/workspaces/permissions/utils'
 import { verifyWorkspaceMembership } from '@/app/api/workflows/utils'
 
@@ -129,13 +130,12 @@ export const POST = withRouteHandler(
 
       const fileName = rawFile.name || 'untitled.md'
 
-      const maxSize = 100 * 1024 * 1024
-      if (rawFile.size > maxSize) {
+      if (rawFile.size > MAX_WORKSPACE_FORMDATA_FILE_SIZE) {
         return NextResponse.json(
           {
-            error: `File size exceeds 100MB limit (${(rawFile.size / (1024 * 1024)).toFixed(2)}MB)`,
+            error: `File size exceeds maximum of ${MAX_WORKSPACE_FORMDATA_FILE_SIZE} bytes (${(rawFile.size / (1024 * 1024)).toFixed(2)}MB)`,
           },
-          { status: 400 }
+          { status: 413 }
         )
       }
 
diff --git a/apps/sim/app/api/workspaces/invitations/route.test.ts b/apps/sim/app/api/workspaces/invitations/route.test.ts
index 979fe7523bc..c364d8228e4 100644
--- a/apps/sim/app/api/workspaces/invitations/route.test.ts
+++ b/apps/sim/app/api/workspaces/invitations/route.test.ts
@@ -8,6 +8,7 @@ import {
   createMockRequest,
   permissionsMock,
   permissionsMockFns,
+  posthogServerMock,
   schemaMock,
 } from '@sim/testing'
 import { beforeEach, describe, expect, it, vi } from 'vitest'
@@ -94,9 +95,7 @@ vi.mock('@/ee/access-control/utils/permission-check', () => ({
 
 vi.mock('@sim/audit', () => auditMock)
 
-vi.mock('@/lib/posthog/server', () => ({
-  captureServerEvent: vi.fn(),
-}))
+vi.mock('@/lib/posthog/server', () => posthogServerMock)
 
 vi.mock('@/lib/core/telemetry', () => ({
   PlatformEvents: {
diff --git a/apps/sim/app/workspace/[workspaceId]/components/resource/components/resource-header/resource-header.tsx b/apps/sim/app/workspace/[workspaceId]/components/resource/components/resource-header/resource-header.tsx
index 68baec3f2b6..22686115782 100644
--- a/apps/sim/app/workspace/[workspaceId]/components/resource/components/resource-header/resource-header.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/components/resource/components/resource-header/resource-header.tsx
@@ -55,6 +55,14 @@ interface ResourceHeaderProps {
   breadcrumbs?: BreadcrumbItem[]
   create?: CreateAction
   actions?: HeaderAction[]
+  /** Arbitrary content rendered in the right-aligned actions row, before the Create button. */
+  trailingActions?: React.ReactNode
+  /**
+   * Replaces the default Create button entirely — supply your own trigger (for
+   * example a dropdown) when the create action needs richer UI. When provided,
+   * `create` is ignored.
+   */
+  createTrigger?: React.ReactNode
 }
 
 export const ResourceHeader = memo(function ResourceHeader({
@@ -63,6 +71,8 @@ export const ResourceHeader = memo(function ResourceHeader({
   breadcrumbs,
   create,
   actions,
+  trailingActions,
+  createTrigger,
 }: ResourceHeaderProps) {
   const hasBreadcrumbs = breadcrumbs && breadcrumbs.length > 0
 
@@ -124,17 +134,19 @@ export const ResourceHeader = memo(function ResourceHeader({
               </Button>
             )
           })}
-          {create && (
-            <Button
-              onClick={create.onClick}
-              disabled={create.disabled}
-              variant='subtle'
-              className='px-2 py-1 text-caption'
-            >
-              {HEADER_PLUS_ICON}
-              {create.label}
-            </Button>
-          )}
+          {trailingActions}
+          {createTrigger ??
+            (create && (
+              <Button
+                onClick={create.onClick}
+                disabled={create.disabled}
+                variant='subtle'
+                className='px-2 py-1 text-caption'
+              >
+                {HEADER_PLUS_ICON}
+                {create.label}
+              </Button>
+            ))}
         </div>
       </div>
     </div>
diff --git a/apps/sim/app/workspace/[workspaceId]/files/files.tsx b/apps/sim/app/workspace/[workspaceId]/files/files.tsx
index cd1cbdf499e..b172d8bc5d9 100644
--- a/apps/sim/app/workspace/[workspaceId]/files/files.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/files/files.tsx
@@ -23,13 +23,15 @@ import {
   ModalHeader,
   Pencil,
   Trash,
+  toast,
   Upload,
 } from '@/components/emcn'
 import { File as FilesIcon } from '@/components/emcn/icons'
 import { getDocumentIcon } from '@/components/icons/document-icons'
+import { triggerFileDownload } from '@/lib/uploads/client/download'
 import type { WorkspaceFileRecord } from '@/lib/uploads/contexts/workspace'
+import { MAX_WORKSPACE_FILE_SIZE } from '@/lib/uploads/shared/types'
 import {
-  downloadWorkspaceFile,
   formatFileSize,
   getFileExtension,
   getMimeTypeFromExtension,
@@ -180,7 +182,11 @@ export function Files() {
   filesRef.current = files
 
   const [uploading, setUploading] = useState(false)
-  const [uploadProgress, setUploadProgress] = useState({ completed: 0, total: 0 })
+  const [uploadProgress, setUploadProgress] = useState({
+    completed: 0,
+    total: 0,
+    currentPercent: 0,
+  })
   const [isDraggingOver, setIsDraggingOver] = useState(false)
   const dragCounterRef = useRef(0)
   const [inputValue, setInputValue] = useState('')
@@ -376,8 +382,24 @@ export function Files() {
   const uploadFiles = async (filesToUpload: File[]) => {
     if (!workspaceId || filesToUpload.length === 0) return
 
+    const oversized: string[] = []
+    const sizeFiltered = filesToUpload.filter((f) => {
+      if (f.size > MAX_WORKSPACE_FILE_SIZE) {
+        oversized.push(f.name)
+        return false
+      }
+      return true
+    })
+    if (oversized.length > 0) {
+      toast.error(
+        oversized.length === 1
+          ? `${oversized[0]} exceeds the 5 GiB upload limit`
+          : `${oversized.length} files exceed the 5 GiB upload limit`
+      )
+    }
+
     const unsupported: string[] = []
-    const allowedFiles = filesToUpload.filter((f) => {
+    const allowedFiles = sizeFiltered.filter((f) => {
       const ext = getFileExtension(f.name)
       const ok = SUPPORTED_EXTENSIONS.includes(ext as (typeof SUPPORTED_EXTENSIONS)[number])
       if (!ok) unsupported.push(f.name)
@@ -392,12 +414,22 @@ export function Files() {
 
     try {
       setUploading(true)
-      setUploadProgress({ completed: 0, total: allowedFiles.length })
+      setUploadProgress({ completed: 0, total: allowedFiles.length, currentPercent: 0 })
 
       for (let i = 0; i < allowedFiles.length; i++) {
         try {
-          await uploadFile.mutateAsync({ workspaceId, file: allowedFiles[i] })
-          setUploadProgress({ completed: i + 1, total: allowedFiles.length })
+          await uploadFile.mutateAsync({
+            workspaceId,
+            file: allowedFiles[i],
+            onProgress: ({ percent }) => {
+              setUploadProgress((prev) => ({ ...prev, currentPercent: percent }))
+            },
+          })
+          setUploadProgress({
+            completed: i + 1,
+            total: allowedFiles.length,
+            currentPercent: 0,
+          })
         } catch (err) {
           logger.error('Error uploading file:', err)
         }
@@ -406,7 +438,7 @@ export function Files() {
       logger.error('Error uploading file:', err)
     } finally {
       setUploading(false)
-      setUploadProgress({ completed: 0, total: 0 })
+      setUploadProgress({ completed: 0, total: 0, currentPercent: 0 })
     }
   }
 
@@ -443,7 +475,7 @@ export function Files() {
 
   const handleDownload = useCallback(async (file: WorkspaceFileRecord) => {
     try {
-      await downloadWorkspaceFile(file)
+      await triggerFileDownload(file)
     } catch (err) {
       logger.error('Failed to download file:', err)
     }
@@ -824,7 +856,9 @@ export function Files() {
 
   const uploadButtonLabel =
     uploading && uploadProgress.total > 0
-      ? `${uploadProgress.completed}/${uploadProgress.total}`
+      ? uploadProgress.currentPercent > 0 && uploadProgress.currentPercent < 100
+        ? `${uploadProgress.completed}/${uploadProgress.total} · ${uploadProgress.currentPercent}%`
+        : `${uploadProgress.completed}/${uploadProgress.total}`
       : uploading
         ? 'Uploading...'
         : 'Upload'
diff --git a/apps/sim/app/workspace/[workspaceId]/home/components/mothership-view/components/resource-content/resource-content.tsx b/apps/sim/app/workspace/[workspaceId]/home/components/mothership-view/components/resource-content/resource-content.tsx
index e60f2bebd21..46f78e1f89e 100644
--- a/apps/sim/app/workspace/[workspaceId]/home/components/mothership-view/components/resource-content/resource-content.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/home/components/mothership-view/components/resource-content/resource-content.tsx
@@ -19,11 +19,8 @@ import {
   markRunToolManuallyStopped,
   reportManualRunToolStop,
 } from '@/lib/copilot/tools/client/run-tool-execution'
-import {
-  downloadWorkspaceFile,
-  getFileExtension,
-  getMimeTypeFromExtension,
-} from '@/lib/uploads/utils/file-utils'
+import { triggerFileDownload } from '@/lib/uploads/client/download'
+import { getFileExtension, getMimeTypeFromExtension } from '@/lib/uploads/utils/file-utils'
 import { workflowBorderColor } from '@/lib/workspaces/colors'
 import {
   FileViewer,
@@ -422,7 +419,7 @@ function EmbeddedFileActions({ workspaceId, fileId }: EmbeddedFileActionsProps)
   const handleDownload = async () => {
     if (!file) return
     try {
-      await downloadWorkspaceFile(file)
+      await triggerFileDownload(file)
     } catch (err) {
       fileLogger.error('Failed to download file:', err)
     }
diff --git a/apps/sim/app/workspace/[workspaceId]/knowledge/hooks/use-knowledge-upload.ts b/apps/sim/app/workspace/[workspaceId]/knowledge/hooks/use-knowledge-upload.ts
index bb7cab5a7d1..87ebc397b72 100644
--- a/apps/sim/app/workspace/[workspaceId]/knowledge/hooks/use-knowledge-upload.ts
+++ b/apps/sim/app/workspace/[workspaceId]/knowledge/hooks/use-knowledge-upload.ts
@@ -2,20 +2,36 @@ import { useCallback, useState } from 'react'
 import { createLogger } from '@sim/logger'
 import { sleep } from '@sim/utils/helpers'
 import { useQueryClient } from '@tanstack/react-query'
-import { isApiClientError } from '@/lib/api/client/errors'
-import { requestJson } from '@/lib/api/client/request'
-import { createKnowledgeDocumentsContract } from '@/lib/api/contracts/knowledge/documents'
-import { getFileExtension, getMimeTypeFromExtension } from '@/lib/uploads/utils/file-utils'
+import {
+  calculateUploadTimeoutMs,
+  DirectUploadError,
+  isTransientUploadError,
+  LARGE_FILE_THRESHOLD,
+  MULTIPART_MAX_RETRIES,
+  MULTIPART_RETRY_BACKOFF,
+  MULTIPART_RETRY_DELAY_MS,
+  normalizePresignedData,
+  type PresignedUploadInfo,
+  runUploadStrategy,
+  runWithConcurrency,
+  type UploadProgressEvent,
+  WHOLE_FILE_PARALLEL_UPLOADS,
+} from '@/lib/uploads/client/direct-upload'
+import { getFileContentType, isAbortError, isNetworkError } from '@/lib/uploads/utils/file-utils'
 import { knowledgeKeys } from '@/hooks/queries/kb/knowledge'
 
 const logger = createLogger('KnowledgeUpload')
 
+const KB_BATCH_PRESIGNED_ENDPOINT = '/api/files/presigned/batch?type=knowledge-base'
+const KB_API_UPLOAD_ENDPOINT = '/api/files/upload'
+
+const BATCH_REQUEST_SIZE = 50
+
 export interface UploadedFile {
   filename: string
   fileUrl: string
   fileSize: number
   mimeType: string
-  // Document tags
   tag1?: string
   tag2?: string
   tag3?: string
@@ -29,7 +45,7 @@ export interface FileUploadStatus {
   fileName: string
   fileSize: number
   status: 'pending' | 'uploading' | 'completed' | 'failed'
-  progress?: number // 0-100 percentage
+  progress?: number
   error?: string
 }
 
@@ -38,15 +54,15 @@ export interface UploadProgress {
   filesCompleted: number
   totalFiles: number
   currentFile?: string
-  currentFileProgress?: number // 0-100 percentage for current file
-  fileStatuses?: FileUploadStatus[] // Track each file's status
+  currentFileProgress?: number
+  fileStatuses?: FileUploadStatus[]
 }
 
 export interface UploadError {
   message: string
   timestamp: number
   code?: string
-  details?: any
+  details?: unknown
 }
 
 export interface ProcessingOptions {
@@ -69,323 +85,123 @@ class KnowledgeUploadError extends Error {
   }
 }
 
-class PresignedUrlError extends KnowledgeUploadError {
-  constructor(message: string, details?: unknown) {
-    super(message, 'PRESIGNED_URL_ERROR', details)
-  }
-}
-
-class DirectUploadError extends KnowledgeUploadError {
-  constructor(message: string, details?: unknown) {
-    super(message, 'DIRECT_UPLOAD_ERROR', details)
-  }
-}
-
 class ProcessingError extends KnowledgeUploadError {
   constructor(message: string, details?: unknown) {
     super(message, 'PROCESSING_ERROR', details)
   }
 }
 
-/**
- * Loosely-typed shape of a failed `Response` JSON body returned by routes
- * in this codebase. Routes generally surface `{ error?, message?, details? }`
- * where `details` is a Zod issue array (`{ message: string }[]`). Treated
- * as a structural read-only view; missing/undefined fields are tolerated.
- */
-interface ApiErrorBodyShape {
-  error?: unknown
-  message?: unknown
-  details?: unknown
-}
-
-/**
- * Reads a failed `Response`'s JSON body into a typed shape and returns the
- * parsed body plus a human-readable error string that combines the
- * top-level `error`/`message` with any Zod `details[].message` entries.
- * Falls back to `statusText` then status code when the body is unreadable.
- */
-async function readApiResponseError(
-  response: Response,
-  fallback = 'Unknown error'
-): Promise<{ message: string; body: ApiErrorBodyShape | null }> {
-  let body: ApiErrorBodyShape | null = null
-  try {
-    const parsed: unknown = await response.json()
-    if (parsed && typeof parsed === 'object') {
-      body = parsed as ApiErrorBodyShape
-    }
-  } catch {
-    body = null
-  }
-
-  const baseError =
-    (typeof body?.error === 'string' && body.error) ||
-    (typeof body?.message === 'string' && body.message) ||
-    response.statusText ||
-    `HTTP ${response.status}` ||
-    fallback
-
-  const detailMessages = Array.isArray(body?.details)
-    ? body.details
-        .map((d) =>
-          d && typeof d === 'object' && 'message' in d && typeof d.message === 'string'
-            ? d.message
-            : null
-        )
-        .filter((m): m is string => Boolean(m))
-        .join(', ')
-    : ''
-
-  return {
-    message: detailMessages ? `${baseError}: ${detailMessages}` : baseError,
-    body,
-  }
-}
-
-/**
- * Configuration constants for file upload operations
- */
-const UPLOAD_CONFIG = {
-  MAX_PARALLEL_UPLOADS: 3,
-  MAX_RETRIES: 3,
-  RETRY_DELAY_MS: 2000,
-  RETRY_BACKOFF: 2,
-  CHUNK_SIZE: 8 * 1024 * 1024,
-  DIRECT_UPLOAD_THRESHOLD: 4 * 1024 * 1024,
-  LARGE_FILE_THRESHOLD: 50 * 1024 * 1024,
-  BASE_TIMEOUT_MS: 2 * 60 * 1000,
-  TIMEOUT_PER_MB_MS: 1500,
-  MAX_TIMEOUT_MS: 10 * 60 * 1000,
-  MULTIPART_PART_CONCURRENCY: 3,
-  MULTIPART_MAX_RETRIES: 3,
-  BATCH_REQUEST_SIZE: 50,
-} as const
-
-/**
- * Calculates the upload timeout based on file size
- */
-const calculateUploadTimeoutMs = (fileSize: number) => {
-  const sizeInMb = fileSize / (1024 * 1024)
-  const dynamicBudget = UPLOAD_CONFIG.BASE_TIMEOUT_MS + sizeInMb * UPLOAD_CONFIG.TIMEOUT_PER_MB_MS
-  return Math.min(dynamicBudget, UPLOAD_CONFIG.MAX_TIMEOUT_MS)
-}
-
-/**
- * Gets high resolution timestamp for performance measurements
- */
-const getHighResTime = () =>
-  typeof performance !== 'undefined' && typeof performance.now === 'function'
-    ? performance.now()
-    : Date.now()
-
-/**
- * Formats bytes to megabytes with 2 decimal places
- */
-const formatMegabytes = (bytes: number) => Number((bytes / (1024 * 1024)).toFixed(2))
-
-/**
- * Calculates throughput in Mbps
- */
-const calculateThroughputMbps = (bytes: number, durationMs: number) => {
-  if (!bytes || !durationMs) return 0
-  return Number((((bytes * 8) / durationMs) * 0.001).toFixed(2))
-}
-
-/**
- * Formats duration from milliseconds to seconds
- */
-const formatDurationSeconds = (durationMs: number) => Number((durationMs / 1000).toFixed(2))
+const getErrorMessage = (error: unknown): string =>
+  error instanceof Error ? error.message : typeof error === 'string' ? error : 'Unknown error'
 
-/**
- * Gets the content type for a file, falling back to extension-based lookup if browser doesn't provide one
- */
-const getFileContentType = (file: File): string => {
-  if (file.type?.trim()) {
-    return file.type
-  }
-  const extension = getFileExtension(file.name)
-  return getMimeTypeFromExtension(extension)
+interface BatchPresignedFile {
+  fileName: string
+  contentType: string
+  fileSize: number
 }
 
 /**
- * Runs async operations with concurrency limit
+ * Fetch presigned upload data for the small files in `files`. Returns a sparse
+ * array aligned with the input: entries for files >= LARGE_FILE_THRESHOLD are
+ * `undefined` because those uploads use multipart and never consume a presigned
+ * single-PUT URL.
  */
-const runWithConcurrency = async <T, R>(
-  items: T[],
-  limit: number,
-  worker: (item: T, index: number) => Promise<R>
-): Promise<Array<PromiseSettledResult<R>>> => {
-  const results: Array<PromiseSettledResult<R>> = Array(items.length)
-
-  if (items.length === 0) {
-    return results
+const fetchBatchPresignedData = async (
+  files: File[]
+): Promise<(PresignedUploadInfo | undefined)[]> => {
+  const result: (PresignedUploadInfo | undefined)[] = new Array(files.length).fill(undefined)
+  const smallFileIndices: number[] = []
+  for (let i = 0; i < files.length; i++) {
+    if (files[i].size <= LARGE_FILE_THRESHOLD) smallFileIndices.push(i)
   }
+  if (smallFileIndices.length === 0) return result
 
-  const concurrency = Math.max(1, Math.min(limit, items.length))
-  let nextIndex = 0
-
-  const runners = Array.from({ length: concurrency }, async () => {
-    while (true) {
-      const currentIndex = nextIndex++
-      if (currentIndex >= items.length) {
-        break
-      }
-
-      try {
-        const value = await worker(items[currentIndex], currentIndex)
-        results[currentIndex] = { status: 'fulfilled', value }
-      } catch (error) {
-        results[currentIndex] = { status: 'rejected', reason: error }
-      }
+  for (let start = 0; start < smallFileIndices.length; start += BATCH_REQUEST_SIZE) {
+    const batchIndices = smallFileIndices.slice(start, start + BATCH_REQUEST_SIZE)
+    const batchFiles = batchIndices.map((i) => files[i])
+    const body: { files: BatchPresignedFile[] } = {
+      files: batchFiles.map((file) => ({
+        fileName: file.name,
+        contentType: getFileContentType(file),
+        fileSize: file.size,
+      })),
     }
-  })
-
-  await Promise.all(runners)
-  return results
-}
-
-/**
- * Extracts the error name from an unknown error object
- */
-const getErrorName = (error: unknown) =>
-  typeof error === 'object' && error !== null && 'name' in error ? String((error as any).name) : ''
-
-/**
- * Extracts a human-readable message from an unknown error
- */
-const getErrorMessage = (error: unknown) =>
-  error instanceof Error ? error.message : typeof error === 'string' ? error : 'Unknown error'
 
-/**
- * Checks if an error is an abort error
- */
-const isAbortError = (error: unknown) => getErrorName(error) === 'AbortError'
-
-/**
- * Checks if an error is a network-related error
- */
-const isNetworkError = (error: unknown) => {
-  if (!(error instanceof Error)) {
-    return false
-  }
-
-  const message = error.message.toLowerCase()
-  return (
-    message.includes('network') ||
-    message.includes('fetch') ||
-    message.includes('connection') ||
-    message.includes('timeout') ||
-    message.includes('timed out') ||
-    message.includes('ecconnreset')
-  )
-}
-
-interface PresignedFileInfo {
-  path: string
-  key: string
-  name: string
-  size: number
-  type: string
-}
-
-interface PresignedUploadInfo {
-  fileName: string
-  presignedUrl: string
-  fileInfo: PresignedFileInfo
-  uploadHeaders?: Record<string, string>
-  directUploadSupported: boolean
-  presignedUrls?: any
-}
+    const response = await fetch(KB_BATCH_PRESIGNED_ENDPOINT, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(body),
+    })
 
-/**
- * Normalizes presigned URL response data into a consistent format
- */
-const normalizePresignedData = (data: any, context: string): PresignedUploadInfo => {
-  const presignedUrl = data?.presignedUrl || data?.uploadUrl
-  const fileInfo = data?.fileInfo
+    if (!response.ok) {
+      throw new Error(`Batch presigned URL generation failed: ${response.statusText}`)
+    }
 
-  if (!presignedUrl || !fileInfo?.path) {
-    throw new PresignedUrlError(`Invalid presigned response for ${context}`, data)
+    const { files: presignedItems } = (await response.json()) as { files: unknown[] }
+    batchIndices.forEach((fileIdx, batchPos) => {
+      result[fileIdx] = normalizePresignedData(presignedItems[batchPos], batchFiles[batchPos].name)
+    })
   }
 
-  return {
-    fileName: data.fileName || fileInfo.name || context,
-    presignedUrl,
-    fileInfo: {
-      path: fileInfo.path,
-      key: fileInfo.key,
-      name: fileInfo.name || context,
-      size: fileInfo.size || data.fileSize || 0,
-      type: fileInfo.type || data.contentType || '',
-    },
-    uploadHeaders: data.uploadHeaders || undefined,
-    directUploadSupported: data.directUploadSupported !== false,
-    presignedUrls: data.presignedUrls,
-  }
+  return result
 }
 
 /**
- * Fetches presigned URL data for file upload
+ * Server-proxied fallback used when cloud storage isn't configured.
  */
-const getPresignedData = async (
+const uploadFileThroughAPI = async (
   file: File,
-  timeoutMs: number,
-  controller?: AbortController
-): Promise<PresignedUploadInfo> => {
-  const localController = controller ?? new AbortController()
-  const timeoutId = setTimeout(() => localController.abort(), timeoutMs)
-  const startTime = getHighResTime()
+  workspaceId: string | undefined
+): Promise<{ filePath: string }> => {
+  const formData = new FormData()
+  formData.append('file', file)
+  formData.append('context', 'knowledge-base')
+  if (workspaceId) formData.append('workspaceId', workspaceId)
+
+  const controller = new AbortController()
+  const timeoutId = setTimeout(() => controller.abort(), calculateUploadTimeoutMs(file.size))
 
   try {
-    // boundary-raw-fetch: presigned URL coordination is part of the multipart-signed-url upload flow tracked together with XHR PUT progress; keeping this on raw fetch preserves a single retry/timeout AbortController shared with the direct upload XHR
-    const presignedResponse = await fetch('/api/files/presigned?type=knowledge-base', {
+    const response = await fetch(KB_API_UPLOAD_ENDPOINT, {
       method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-      },
-      body: JSON.stringify({
-        fileName: file.name,
-        contentType: getFileContentType(file),
-        fileSize: file.size,
-      }),
-      signal: localController.signal,
+      body: formData,
+      signal: controller.signal,
     })
 
-    if (!presignedResponse.ok) {
-      const { message: fullError, body: errorDetails } =
-        await readApiResponseError(presignedResponse)
-
-      logger.error('Presigned URL request failed', {
-        status: presignedResponse.status,
-        fileSize: file.size,
-      })
+    if (!response.ok) {
+      let errorData: { message?: string; error?: string } | null = null
+      try {
+        errorData = (await response.json()) as { message?: string; error?: string }
+      } catch {}
+      throw new KnowledgeUploadError(
+        `Failed to upload ${file.name}: ${errorData?.message || errorData?.error || response.statusText}`,
+        'API_UPLOAD_ERROR',
+        errorData
+      )
+    }
 
-      throw new PresignedUrlError(
-        `Failed to get presigned URL for ${file.name}: ${fullError}`,
-        errorDetails
+    const result = (await response.json()) as {
+      fileInfo?: { path?: string }
+      path?: string
+    }
+    const filePath = result.fileInfo?.path ?? result.path
+    if (!filePath) {
+      throw new KnowledgeUploadError(
+        `Invalid upload response for ${file.name}: missing file path`,
+        'API_UPLOAD_ERROR',
+        result
       )
     }
 
-    const presignedData = await presignedResponse.json()
-    const durationMs = getHighResTime() - startTime
-    logger.info('Fetched presigned URL', {
-      fileName: file.name,
-      sizeMB: formatMegabytes(file.size),
-      durationMs: formatDurationSeconds(durationMs),
-    })
-    return normalizePresignedData(presignedData, file.name)
+    return { filePath }
   } finally {
     clearTimeout(timeoutId)
-    if (!controller) {
-      localController.abort()
-    }
   }
 }
 
-/**
- * Hook for managing file uploads to knowledge bases
- */
+const toAbsoluteUrl = (path: string): string =>
+  path.startsWith('http') ? path : `${window.location.origin}${path}`
+
 export function useKnowledgeUpload(options: UseKnowledgeUploadOptions = {}) {
   const queryClient = useQueryClient()
   const [isUploading, setIsUploading] = useState(false)
@@ -396,642 +212,145 @@ export function useKnowledgeUpload(options: UseKnowledgeUploadOptions = {}) {
   })
   const [uploadError, setUploadError] = useState<UploadError | null>(null)
 
-  /**
-   * Creates an UploadedFile object from file metadata
-   */
-  const createUploadedFile = (
-    filename: string,
-    fileUrl: string,
-    fileSize: number,
-    mimeType: string,
-    originalFile?: File
-  ): UploadedFile => ({
-    filename,
-    fileUrl,
-    fileSize,
-    mimeType,
-    tag1: (originalFile as any)?.tag1,
-    tag2: (originalFile as any)?.tag2,
-    tag3: (originalFile as any)?.tag3,
-    tag4: (originalFile as any)?.tag4,
-    tag5: (originalFile as any)?.tag5,
-    tag6: (originalFile as any)?.tag6,
-    tag7: (originalFile as any)?.tag7,
-  })
-
-  /**
-   * Creates an UploadError from an exception
-   */
-  const createErrorFromException = (error: unknown, defaultMessage: string): UploadError => {
-    if (error instanceof KnowledgeUploadError) {
-      return {
-        message: error.message,
-        code: error.code,
-        details: error.details,
-        timestamp: Date.now(),
-      }
+  const buildUploadedFile = (file: File, fileUrl: string): UploadedFile => {
+    const f = file as File & {
+      tag1?: string
+      tag2?: string
+      tag3?: string
+      tag4?: string
+      tag5?: string
+      tag6?: string
+      tag7?: string
     }
-
-    if (error instanceof Error) {
-      return {
-        message: error.message,
-        timestamp: Date.now(),
-      }
-    }
-
     return {
-      message: defaultMessage,
-      timestamp: Date.now(),
-    }
-  }
-
-  /**
-   * Upload a single file with retry logic
-   */
-  const uploadSingleFileWithRetry = async (
-    file: File,
-    retryCount = 0,
-    fileIndex?: number,
-    presignedOverride?: PresignedUploadInfo
-  ): Promise<UploadedFile> => {
-    const timeoutMs = calculateUploadTimeoutMs(file.size)
-    let presignedData: PresignedUploadInfo | undefined
-    const attempt = retryCount + 1
-    logger.info('Upload attempt started', {
-      fileName: file.name,
-      attempt,
-      sizeMB: formatMegabytes(file.size),
-      timeoutMs: formatDurationSeconds(timeoutMs),
-    })
-
-    try {
-      const controller = new AbortController()
-      const timeoutId = setTimeout(() => controller.abort(), timeoutMs)
-
-      try {
-        if (file.size > UPLOAD_CONFIG.LARGE_FILE_THRESHOLD) {
-          presignedData = presignedOverride ?? (await getPresignedData(file, timeoutMs, controller))
-          return await uploadFileInChunks(file, presignedData, timeoutMs, fileIndex)
-        }
-
-        if (presignedOverride?.directUploadSupported && presignedOverride.presignedUrl) {
-          return await uploadFileDirectly(file, presignedOverride, timeoutMs, controller, fileIndex)
-        }
-
-        return await uploadFileThroughAPI(file, timeoutMs)
-      } finally {
-        clearTimeout(timeoutId)
-      }
-    } catch (error) {
-      const isTimeout = isAbortError(error)
-      const isNetwork = isNetworkError(error)
-
-      if (retryCount < UPLOAD_CONFIG.MAX_RETRIES) {
-        const delay = UPLOAD_CONFIG.RETRY_DELAY_MS * UPLOAD_CONFIG.RETRY_BACKOFF ** retryCount
-        if (isTimeout || isNetwork) {
-          logger.warn(
-            `Upload failed (${isTimeout ? 'timeout' : 'network'}), retrying in ${delay / 1000}s...`,
-            {
-              attempt: retryCount + 1,
-              fileSize: file.size,
-              delay: delay,
-            }
-          )
-        }
-
-        if (fileIndex !== undefined) {
-          setUploadProgress((prev) => ({
-            ...prev,
-            fileStatuses: prev.fileStatuses?.map((fs, idx) =>
-              idx === fileIndex ? { ...fs, progress: 0, status: 'uploading' as const } : fs
-            ),
-          }))
-        }
-
-        await sleep(delay)
-        const shouldReusePresigned = (isTimeout || isNetwork) && presignedData
-        return uploadSingleFileWithRetry(
-          file,
-          retryCount + 1,
-          fileIndex,
-          shouldReusePresigned ? presignedData : undefined
-        )
-      }
-
-      logger.error('Upload failed after retries', {
-        fileSize: file.size,
-        errorType: isTimeout ? 'timeout' : isNetwork ? 'network' : 'unknown',
-        attempts: UPLOAD_CONFIG.MAX_RETRIES + 1,
-      })
-      throw error
+      filename: file.name,
+      fileUrl,
+      fileSize: file.size,
+      mimeType: getFileContentType(file),
+      tag1: f.tag1,
+      tag2: f.tag2,
+      tag3: f.tag3,
+      tag4: f.tag4,
+      tag5: f.tag5,
+      tag6: f.tag6,
+      tag7: f.tag7,
     }
   }
 
-  /**
-   * Upload file directly with timeout and progress tracking
-   */
-  const uploadFileDirectly = async (
-    file: File,
-    presignedData: PresignedUploadInfo,
-    timeoutMs: number,
-    outerController: AbortController,
-    fileIndex?: number
-  ): Promise<UploadedFile> => {
-    return new Promise((resolve, reject) => {
-      const xhr = new XMLHttpRequest()
-      let isCompleted = false
-      const startTime = getHighResTime()
-
-      const timeoutId = setTimeout(() => {
-        if (!isCompleted) {
-          isCompleted = true
-          xhr.abort()
-          reject(new Error('Upload timeout'))
-        }
-      }, timeoutMs)
-
-      const abortHandler = () => {
-        if (!isCompleted) {
-          isCompleted = true
-          clearTimeout(timeoutId)
-          xhr.abort()
-          reject(new DirectUploadError(`Upload aborted for ${file.name}`, {}))
-        }
-      }
-
-      outerController.signal.addEventListener('abort', abortHandler)
-
-      xhr.upload.addEventListener('progress', (event) => {
-        if (event.lengthComputable && fileIndex !== undefined && !isCompleted) {
-          const percentComplete = Math.round((event.loaded / event.total) * 100)
-          setUploadProgress((prev) => {
-            if (prev.fileStatuses?.[fileIndex]?.status === 'uploading') {
-              return {
-                ...prev,
-                fileStatuses: prev.fileStatuses?.map((fs, idx) =>
-                  idx === fileIndex ? { ...fs, progress: percentComplete } : fs
-                ),
-              }
-            }
-            return prev
-          })
-        }
-      })
-
-      xhr.addEventListener('load', () => {
-        if (!isCompleted) {
-          isCompleted = true
-          clearTimeout(timeoutId)
-          outerController.signal.removeEventListener('abort', abortHandler)
-          const durationMs = getHighResTime() - startTime
-          if (xhr.status >= 200 && xhr.status < 300) {
-            const fullFileUrl = presignedData.fileInfo.path.startsWith('http')
-              ? presignedData.fileInfo.path
-              : `${window.location.origin}${presignedData.fileInfo.path}`
-            logger.info('Direct upload completed', {
-              fileName: file.name,
-              sizeMB: formatMegabytes(file.size),
-              durationMs: formatDurationSeconds(durationMs),
-              throughputMbps: calculateThroughputMbps(file.size, durationMs),
-              status: xhr.status,
-            })
-            resolve(
-              createUploadedFile(file.name, fullFileUrl, file.size, getFileContentType(file), file)
-            )
-          } else {
-            logger.error('S3 PUT request failed', {
-              status: xhr.status,
-              fileSize: file.size,
-            })
-            reject(
-              new DirectUploadError(
-                `Direct upload failed for ${file.name}: ${xhr.status} ${xhr.statusText}`,
-                {
-                  uploadResponse: xhr.statusText,
-                }
-              )
-            )
-          }
-        }
-      })
-
-      xhr.addEventListener('error', () => {
-        if (!isCompleted) {
-          isCompleted = true
-          clearTimeout(timeoutId)
-          outerController.signal.removeEventListener('abort', abortHandler)
-          const durationMs = getHighResTime() - startTime
-          logger.error('Direct upload network error', {
-            fileName: file.name,
-            sizeMB: formatMegabytes(file.size),
-            durationMs: formatDurationSeconds(durationMs),
-          })
-          reject(new DirectUploadError(`Network error uploading ${file.name}`, {}))
-        }
-      })
-
-      xhr.addEventListener('abort', abortHandler)
-
-      xhr.open('PUT', presignedData.presignedUrl)
-
-      xhr.setRequestHeader('Content-Type', file.type)
-      if (presignedData.uploadHeaders) {
-        Object.entries(presignedData.uploadHeaders).forEach(([key, value]) => {
-          xhr.setRequestHeader(key, value as string)
-        })
-      }
-
-      xhr.send(file)
-    })
+  const updateFileStatus = (fileIndex: number, patch: Partial<FileUploadStatus>) => {
+    setUploadProgress((prev) => ({
+      ...prev,
+      fileStatuses: prev.fileStatuses?.map((fs, idx) =>
+        idx === fileIndex ? { ...fs, ...patch } : fs
+      ),
+    }))
   }
 
-  /**
-   * Upload large file in chunks (multipart upload)
-   */
-  const uploadFileInChunks = async (
+  const uploadOneFile = async (
     file: File,
-    presignedData: PresignedUploadInfo,
-    timeoutMs: number,
-    fileIndex?: number
+    fileIndex: number,
+    presigned: PresignedUploadInfo | undefined
   ): Promise<UploadedFile> => {
-    logger.info(
-      `Uploading large file ${file.name} (${(file.size / 1024 / 1024).toFixed(2)}MB) using multipart upload`
-    )
-    const startTime = getHighResTime()
+    if (!options.workspaceId) {
+      throw new KnowledgeUploadError('workspaceId is required for upload', 'MISSING_WORKSPACE_ID')
+    }
 
-    try {
-      if (!options.workspaceId) {
-        throw new Error('workspaceId is required for multipart upload')
-      }
+    const onProgress = (event: UploadProgressEvent) => {
+      updateFileStatus(fileIndex, { progress: event.percent, status: 'uploading' })
+    }
 
-      // boundary-raw-fetch: multipart-signed-url initiate step coordinates the cloud multipart upload token consumed by raw-fetch PUTs to provider-issued part URLs below
-      const initiateResponse = await fetch('/api/files/multipart?action=initiate', {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({
-          fileName: file.name,
-          contentType: getFileContentType(file),
-          fileSize: file.size,
+    let attempt = 0
+    while (true) {
+      try {
+        const result = await runUploadStrategy({
+          file,
           workspaceId: options.workspaceId,
-        }),
-      })
-
-      if (!initiateResponse.ok) {
-        throw new Error(`Failed to initiate multipart upload: ${initiateResponse.statusText}`)
-      }
-
-      const { uploadId, key, uploadToken } = await initiateResponse.json()
-      logger.info(`Initiated multipart upload with ID: ${uploadId}`)
-
-      const chunkSize = UPLOAD_CONFIG.CHUNK_SIZE
-      const numParts = Math.ceil(file.size / chunkSize)
-      const partNumbers = Array.from({ length: numParts }, (_, i) => i + 1)
-
-      // boundary-raw-fetch: multipart-signed-url get-part-urls step issues provider-signed PUT URLs consumed by the raw-fetch PUT loop below; kept on raw fetch to preserve retry/abort coordination with the part PUTs
-      const partUrlsResponse = await fetch('/api/files/multipart?action=get-part-urls', {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({
-          uploadToken,
-          partNumbers,
-        }),
-      })
-
-      if (!partUrlsResponse.ok) {
-        // boundary-raw-fetch: multipart-signed-url abort step issued from inside the multipart upload error path; keeps cleanup on the same raw-fetch path as the rest of the multipart flow
-        await fetch('/api/files/multipart?action=abort', {
-          method: 'POST',
-          headers: { 'Content-Type': 'application/json' },
-          body: JSON.stringify({ uploadToken }),
+          context: 'knowledge-base',
+          presignedEndpoint: '/api/files/presigned?type=knowledge-base',
+          presignedOverride: presigned,
+          onProgress,
         })
-        throw new Error(`Failed to get part URLs: ${partUrlsResponse.statusText}`)
-      }
-
-      const { presignedUrls } = await partUrlsResponse.json()
-
-      const uploadedParts: Array<{ ETag: string; PartNumber: number }> = []
-
-      const controller = new AbortController()
-      const multipartTimeoutId = setTimeout(() => controller.abort(), timeoutMs)
-
-      try {
-        const uploadPart = async ({ partNumber, url }: any) => {
-          const start = (partNumber - 1) * chunkSize
-          const end = Math.min(start + chunkSize, file.size)
-          const chunk = file.slice(start, end)
-
-          for (let attempt = 0; attempt <= UPLOAD_CONFIG.MULTIPART_MAX_RETRIES; attempt++) {
-            try {
-              const partResponse = await fetch(url, {
-                method: 'PUT',
-                body: chunk,
-                signal: controller.signal,
-                headers: {
-                  'Content-Type': file.type,
-                },
-              })
-
-              if (!partResponse.ok) {
-                throw new Error(`Failed to upload part ${partNumber}: ${partResponse.statusText}`)
-              }
-
-              const etag = partResponse.headers.get('ETag') || ''
-              logger.info(`Uploaded part ${partNumber}/${numParts}`)
-
-              if (fileIndex !== undefined) {
-                const partProgress = Math.min(100, Math.round((partNumber / numParts) * 100))
-                setUploadProgress((prev) => ({
-                  ...prev,
-                  fileStatuses: prev.fileStatuses?.map((fs, idx) =>
-                    idx === fileIndex ? { ...fs, progress: partProgress } : fs
-                  ),
-                }))
-              }
-
-              return { ETag: etag.replace(/"/g, ''), PartNumber: partNumber }
-            } catch (partError) {
-              if (attempt >= UPLOAD_CONFIG.MULTIPART_MAX_RETRIES) {
-                throw partError
-              }
-
-              const delay = UPLOAD_CONFIG.RETRY_DELAY_MS * UPLOAD_CONFIG.RETRY_BACKOFF ** attempt
-              logger.warn(
-                `Part ${partNumber} failed (attempt ${attempt + 1}), retrying in ${Math.round(delay / 1000)}s`
-              )
-              await sleep(delay)
-            }
-          }
-
-          throw new Error(`Retries exhausted for part ${partNumber}`)
+        return buildUploadedFile(file, toAbsoluteUrl(result.path))
+      } catch (error) {
+        if (error instanceof DirectUploadError && error.code === 'FALLBACK_REQUIRED') {
+          const { filePath } = await uploadFileThroughAPI(file, options.workspaceId)
+          return buildUploadedFile(file, toAbsoluteUrl(filePath))
         }
 
-        const partResults = await runWithConcurrency(
-          presignedUrls,
-          UPLOAD_CONFIG.MULTIPART_PART_CONCURRENCY,
-          uploadPart
-        )
-
-        partResults.forEach((result) => {
-          if (result?.status === 'fulfilled') {
-            uploadedParts.push(result.value)
-          } else if (result?.status === 'rejected') {
-            throw result.reason
-          }
-        })
-      } finally {
-        clearTimeout(multipartTimeoutId)
-      }
-
-      // boundary-raw-fetch: multipart-signed-url complete step finalizes the multipart upload coordinated with raw-fetch part PUTs above
-      const completeResponse = await fetch('/api/files/multipart?action=complete', {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({
-          uploadToken,
-          parts: uploadedParts,
-        }),
-      })
-
-      if (!completeResponse.ok) {
-        throw new Error(`Failed to complete multipart upload: ${completeResponse.statusText}`)
-      }
-
-      const { path } = await completeResponse.json()
-      logger.info(`Completed multipart upload for ${file.name}`)
-
-      const durationMs = getHighResTime() - startTime
-      logger.info('Multipart upload metrics', {
-        fileName: file.name,
-        sizeMB: formatMegabytes(file.size),
-        parts: uploadedParts.length,
-        durationMs: formatDurationSeconds(durationMs),
-        throughputMbps: calculateThroughputMbps(file.size, durationMs),
-      })
-
-      const fullFileUrl = path.startsWith('http') ? path : `${window.location.origin}${path}`
-
-      return createUploadedFile(file.name, fullFileUrl, file.size, getFileContentType(file), file)
-    } catch (error) {
-      logger.error(`Multipart upload failed for ${file.name}:`, error)
-      const durationMs = getHighResTime() - startTime
-      logger.warn('Falling back to direct upload after multipart failure', {
-        fileName: file.name,
-        sizeMB: formatMegabytes(file.size),
-        durationMs: formatDurationSeconds(durationMs),
-      })
-      return uploadFileDirectly(file, presignedData, timeoutMs, new AbortController(), fileIndex)
-    }
-  }
-
-  /**
-   * Fallback upload through API
-   */
-  const uploadFileThroughAPI = async (file: File, timeoutMs: number): Promise<UploadedFile> => {
-    const controller = new AbortController()
-    const timeoutId = setTimeout(() => controller.abort(), timeoutMs)
-
-    try {
-      const formData = new FormData()
-      formData.append('file', file)
-      formData.append('context', 'knowledge-base')
-
-      if (options.workspaceId) {
-        formData.append('workspaceId', options.workspaceId)
-      }
-
-      // boundary-raw-fetch: multipart/form-data upload (FileUpload boundary), incompatible with requestJson which JSON-stringifies bodies
-      const uploadResponse = await fetch('/api/files/upload', {
-        method: 'POST',
-        body: formData,
-        signal: controller.signal,
-      })
-
-      if (!uploadResponse.ok) {
-        const { message: fullError, body: errorData } = await readApiResponseError(uploadResponse)
-        throw new DirectUploadError(`Failed to upload ${file.name}: ${fullError}`, errorData)
-      }
-
-      const uploadResult = await uploadResponse.json()
-
-      const filePath = uploadResult.fileInfo?.path || uploadResult.path
+        const retryable = isNetworkError(error) || isTransientUploadError(error)
+        if (isAbortError(error) || !retryable || attempt >= MULTIPART_MAX_RETRIES) {
+          throw error
+        }
 
-      if (!filePath) {
-        throw new DirectUploadError(
-          `Invalid upload response for ${file.name}: missing file path`,
-          uploadResult
+        const delay = MULTIPART_RETRY_DELAY_MS * MULTIPART_RETRY_BACKOFF ** attempt
+        attempt++
+        logger.warn(
+          `Upload retry ${attempt}/${MULTIPART_MAX_RETRIES} for ${file.name} in ${Math.round(delay / 1000)}s`
         )
+        updateFileStatus(fileIndex, { progress: 0, status: 'uploading' })
+        await sleep(delay)
       }
-
-      return createUploadedFile(
-        file.name,
-        filePath.startsWith('http') ? filePath : `${window.location.origin}${filePath}`,
-        file.size,
-        getFileContentType(file),
-        file
-      )
-    } finally {
-      clearTimeout(timeoutId)
     }
   }
 
-  /**
-   * Uploads files in batches using presigned URLs
-   */
   const uploadFilesInBatches = async (files: File[]): Promise<UploadedFile[]> => {
-    const results: UploadedFile[] = []
-    const failedFiles: Array<{ file: File; error: Error }> = []
-
     const fileStatuses: FileUploadStatus[] = files.map((file) => ({
       fileName: file.name,
       fileSize: file.size,
-      status: 'pending' as const,
+      status: 'pending',
       progress: 0,
     }))
 
-    setUploadProgress((prev) => ({
-      ...prev,
-      fileStatuses,
-    }))
+    setUploadProgress((prev) => ({ ...prev, fileStatuses }))
 
     logger.info(`Starting batch upload of ${files.length} files`)
 
-    try {
-      const batches = []
-
-      for (
-        let batchStart = 0;
-        batchStart < files.length;
-        batchStart += UPLOAD_CONFIG.BATCH_REQUEST_SIZE
-      ) {
-        const batchFiles = files.slice(batchStart, batchStart + UPLOAD_CONFIG.BATCH_REQUEST_SIZE)
-        const batchIndexOffset = batchStart
-        batches.push({ batchFiles, batchIndexOffset })
-      }
-
-      logger.info(`Starting parallel processing of ${batches.length} batches`)
-
-      const presignedPromises = batches.map(async ({ batchFiles }, batchIndex) => {
-        logger.info(
-          `Getting presigned URLs for batch ${batchIndex + 1}/${batches.length} (${batchFiles.length} files)`
-        )
-
-        const batchRequest = {
-          files: batchFiles.map((file) => ({
-            fileName: file.name,
-            contentType: getFileContentType(file),
-            fileSize: file.size,
-          })),
-        }
-
-        // boundary-raw-fetch: signed-URL batch coordination for direct uploads handed to raw-fetch PUTs against provider URLs; kept on raw fetch to preserve the same controller/timeout used by the multipart flow
-        const batchResponse = await fetch('/api/files/presigned/batch?type=knowledge-base', {
-          method: 'POST',
-          headers: { 'Content-Type': 'application/json' },
-          body: JSON.stringify(batchRequest),
-        })
-
-        if (!batchResponse.ok) {
-          const { message: fullError } = await readApiResponseError(batchResponse)
-          throw new Error(`Batch ${batchIndex + 1} presigned URL generation failed: ${fullError}`)
-        }
-
-        const { files: presignedData } = await batchResponse.json()
-        return { batchFiles, presignedData, batchIndex }
-      })
-
-      const allPresignedData = await Promise.all(presignedPromises)
-      logger.info(`Got all presigned URLs, starting uploads`)
-
-      const allUploads = allPresignedData.flatMap(({ batchFiles, presignedData, batchIndex }) => {
-        const batchIndexOffset = batchIndex * UPLOAD_CONFIG.BATCH_REQUEST_SIZE
-
-        return batchFiles.map((file, batchFileIndex) => {
-          const fileIndex = batchIndexOffset + batchFileIndex
-          const presigned = presignedData[batchFileIndex]
-
-          return { file, presigned, fileIndex }
-        })
-      })
-
-      const uploadResults = await runWithConcurrency(
-        allUploads,
-        UPLOAD_CONFIG.MAX_PARALLEL_UPLOADS,
-        async ({ file, presigned, fileIndex }) => {
-          if (!presigned) {
-            throw new Error(`No presigned data for file ${file.name}`)
-          }
+    const presignedData = await fetchBatchPresignedData(files)
 
+    const settled = await runWithConcurrency(
+      files,
+      WHOLE_FILE_PARALLEL_UPLOADS,
+      async (file, index) => {
+        updateFileStatus(index, { status: 'uploading' })
+        try {
+          const uploaded = await uploadOneFile(file, index, presignedData[index])
           setUploadProgress((prev) => ({
             ...prev,
-            fileStatuses: prev.fileStatuses?.map((fs, idx) =>
-              idx === fileIndex ? { ...fs, status: 'uploading' as const } : fs
-            ),
+            filesCompleted: prev.filesCompleted + 1,
           }))
-
-          try {
-            const result = await uploadSingleFileWithRetry(file, 0, fileIndex, presigned)
-
-            setUploadProgress((prev) => ({
-              ...prev,
-              filesCompleted: prev.filesCompleted + 1,
-              fileStatuses: prev.fileStatuses?.map((fs, idx) =>
-                idx === fileIndex ? { ...fs, status: 'completed' as const, progress: 100 } : fs
-              ),
-            }))
-
-            return result
-          } catch (error) {
-            setUploadProgress((prev) => ({
-              ...prev,
-              fileStatuses: prev.fileStatuses?.map((fs, idx) =>
-                idx === fileIndex
-                  ? {
-                      ...fs,
-                      status: 'failed' as const,
-                      error: getErrorMessage(error),
-                    }
-                  : fs
-              ),
-            }))
-            throw error
-          }
+          updateFileStatus(index, { status: 'completed', progress: 100 })
+          return uploaded
+        } catch (error) {
+          updateFileStatus(index, { status: 'failed', error: getErrorMessage(error) })
+          throw error
         }
-      )
-
-      uploadResults.forEach((result, idx) => {
-        if (result?.status === 'fulfilled') {
-          results.push(result.value)
-        } else if (result?.status === 'rejected') {
-          failedFiles.push({
-            file: allUploads[idx].file,
-            error:
-              result.reason instanceof Error ? result.reason : new Error(String(result.reason)),
-          })
-        }
-      })
+      }
+    )
 
-      if (failedFiles.length > 0) {
-        logger.error(`Failed to upload ${failedFiles.length} files`)
-        throw new KnowledgeUploadError(
-          `Failed to upload ${failedFiles.length} file(s)`,
-          'PARTIAL_UPLOAD_FAILURE',
-          {
-            failedFiles,
-            uploadedFiles: results,
-          }
-        )
+    const succeeded: UploadedFile[] = []
+    const failed: Array<{ file: File; error: Error }> = []
+    settled.forEach((result, idx) => {
+      if (result?.status === 'fulfilled') {
+        succeeded.push(result.value)
+      } else if (result?.status === 'rejected') {
+        failed.push({
+          file: files[idx],
+          error: result.reason instanceof Error ? result.reason : new Error(String(result.reason)),
+        })
       }
+    })
 
-      return results
-    } catch (error) {
-      logger.error('Batch upload failed:', error)
-      throw error
+    if (failed.length > 0) {
+      throw new KnowledgeUploadError(
+        `Failed to upload ${failed.length} file(s)`,
+        'PARTIAL_UPLOAD_FAILURE',
+        { failedFiles: failed, uploadedFiles: succeeded }
+      )
     }
+
+    return succeeded
   }
 
-  /**
-   * Main upload function that handles file uploads and document processing
-   */
   const uploadFiles = async (
     files: File[],
     knowledgeBaseId: string,
@@ -1040,7 +359,6 @@ export function useKnowledgeUpload(options: UseKnowledgeUploadOptions = {}) {
     if (files.length === 0) {
       throw new KnowledgeUploadError('No files provided for upload', 'NO_FILES')
     }
-
     if (!knowledgeBaseId?.trim()) {
       throw new KnowledgeUploadError('Knowledge base ID is required', 'INVALID_KB_ID')
     }
@@ -1054,43 +372,49 @@ export function useKnowledgeUpload(options: UseKnowledgeUploadOptions = {}) {
 
       setUploadProgress((prev) => ({ ...prev, stage: 'processing' }))
 
-      const processPayload = {
-        documents: uploadedFiles.map((file) => ({
-          ...file,
-        })),
-        processingOptions: {
-          recipe: processingOptions.recipe ?? 'default',
-          lang: 'en',
-        },
-        bulk: true,
-      }
+      // boundary-raw-fetch: bulk document-processing kickoff with dynamic recipe payload; response is consumed alongside the upload progress lifecycle and not modeled by a single contract
+      const processResponse = await fetch(`/api/knowledge/${knowledgeBaseId}/documents`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          documents: uploadedFiles.map((f) => ({ ...f })),
+          processingOptions: {
+            recipe: processingOptions.recipe ?? 'default',
+            lang: 'en',
+          },
+          bulk: true,
+        }),
+      })
 
-      let processResult: Awaited<
-        ReturnType<typeof requestJson<typeof createKnowledgeDocumentsContract>>
-      >
-      try {
-        processResult = await requestJson(createKnowledgeDocumentsContract, {
-          params: { id: knowledgeBaseId },
-          body: processPayload,
+      if (!processResponse.ok) {
+        let errorData: { error?: string; message?: string } | null = null
+        try {
+          errorData = (await processResponse.json()) as { error?: string; message?: string }
+        } catch {}
+        logger.error('Document processing failed:', {
+          status: processResponse.status,
+          error: errorData,
         })
-      } catch (err) {
-        if (isApiClientError(err)) {
-          logger.error('Document processing failed:', {
-            status: err.status,
-            error: err.body,
-            uploadedFiles: uploadedFiles.map((f) => ({
-              filename: f.filename,
-              fileUrl: f.fileUrl,
-              fileSize: f.fileSize,
-              mimeType: f.mimeType,
-            })),
-          })
-          throw new ProcessingError(`Failed to start document processing: ${err.message}`, err.body)
-        }
-        throw err
+        throw new ProcessingError(
+          `Failed to start document processing: ${errorData?.error || errorData?.message || 'Unknown error'}`,
+          errorData
+        )
       }
 
-      if (!('documentsCreated' in processResult.data)) {
+      const processResult = (await processResponse.json()) as {
+        success?: boolean
+        error?: string
+        data?: { documentsCreated?: unknown }
+      }
+
+      if (!processResult.success) {
+        throw new ProcessingError(
+          `Document processing failed: ${processResult.error || 'Unknown error'}`,
+          processResult
+        )
+      }
+
+      if (!processResult.data?.documentsCreated) {
         throw new ProcessingError(
           'Invalid processing response: missing document data',
           processResult
@@ -1098,23 +422,25 @@ export function useKnowledgeUpload(options: UseKnowledgeUploadOptions = {}) {
       }
 
       setUploadProgress((prev) => ({ ...prev, stage: 'completing' }))
-
       logger.info(`Successfully started processing ${uploadedFiles.length} documents`)
 
-      await queryClient.invalidateQueries({
-        queryKey: knowledgeKeys.detail(knowledgeBaseId),
-      })
+      await queryClient.invalidateQueries({ queryKey: knowledgeKeys.detail(knowledgeBaseId) })
 
       return uploadedFiles
     } catch (err) {
       logger.error('Error uploading documents:', err)
 
-      const error = createErrorFromException(err, 'Unknown error occurred during upload')
+      const error: UploadError =
+        err instanceof KnowledgeUploadError
+          ? { message: err.message, code: err.code, details: err.details, timestamp: Date.now() }
+          : err instanceof DirectUploadError
+            ? { message: err.message, code: err.code, details: err.details, timestamp: Date.now() }
+            : err instanceof Error
+              ? { message: err.message, timestamp: Date.now() }
+              : { message: 'Unknown error occurred during upload', timestamp: Date.now() }
+
       setUploadError(error)
       options.onError?.(error)
-
-      logger.error('Document upload failed:', error.message)
-
       throw err
     } finally {
       setIsUploading(false)
@@ -1122,9 +448,6 @@ export function useKnowledgeUpload(options: UseKnowledgeUploadOptions = {}) {
     }
   }
 
-  /**
-   * Clears the current upload error
-   */
   const clearError = useCallback(() => {
     setUploadError(null)
   }, [])
diff --git a/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/log-details.tsx b/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/log-details.tsx
index ee33779f6dd..c1cd8c78b91 100644
--- a/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/log-details.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/logs/components/log-details/log-details.tsx
@@ -664,7 +664,10 @@ export const LogDetails = memo(function LogDetails({
   const { handleMouseDown } = useLogDetailsResize()
 
   const maxVw = `${MAX_LOG_DETAILS_WIDTH_RATIO * 100}vw`
-  const effectiveWidth = `clamp(${MIN_LOG_DETAILS_WIDTH}px, ${panelWidth}px, ${maxVw})`
+  // CSS-side clamp matching `clampPanelWidth` in stores/logs/utils.ts: the
+  // floor is itself capped at the max-vw ratio so a narrow viewport doesn't
+  // let the min outpace the cap and cover the table behind the panel.
+  const effectiveWidth = `clamp(min(${MIN_LOG_DETAILS_WIDTH}px, ${maxVw}), ${panelWidth}px, ${maxVw})`
 
   useEffect(() => {
     const handleKeyDown = (e: KeyboardEvent) => {
diff --git a/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/column-sidebar/column-sidebar.tsx b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/column-sidebar/column-sidebar.tsx
new file mode 100644
index 00000000000..69fc07bcf02
--- /dev/null
+++ b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/column-sidebar/column-sidebar.tsx
@@ -0,0 +1,1312 @@
+'use client'
+
+import type React from 'react'
+import { useEffect, useMemo, useRef, useState } from 'react'
+import { toError } from '@sim/utils/errors'
+import { generateId } from '@sim/utils/id'
+import { useMutation, useQueryClient } from '@tanstack/react-query'
+import {
+  ChevronDown,
+  ChevronRight,
+  ExternalLink,
+  Loader2,
+  Plus,
+  RepeatIcon,
+  SplitIcon,
+  X,
+} from 'lucide-react'
+import {
+  Button,
+  Checkbox,
+  Combobox,
+  Expandable,
+  ExpandableContent,
+  Input,
+  Label,
+  Switch,
+  Tooltip,
+  toast,
+} from '@/components/emcn'
+import { requestJson } from '@/lib/api/client/request'
+import type {
+  AddWorkflowGroupBodyInput,
+  UpdateWorkflowGroupBodyInput,
+} from '@/lib/api/contracts/tables'
+import {
+  putWorkflowNormalizedStateContract,
+  type WorkflowStateContractInput,
+} from '@/lib/api/contracts/workflows'
+import { cn } from '@/lib/core/utils/cn'
+import type {
+  ColumnDefinition,
+  WorkflowGroup,
+  WorkflowGroupDependencies,
+  WorkflowGroupOutput,
+} from '@/lib/table'
+import { columnTypeForLeaf, deriveOutputColumnName } from '@/lib/table/column-naming'
+import {
+  type FlattenOutputsBlockInput,
+  type FlattenOutputsEdgeInput,
+  flattenWorkflowOutputs,
+  getBlockExecutionOrder,
+} from '@/lib/workflows/blocks/flatten-outputs'
+import { normalizeInputFormatValue } from '@/lib/workflows/input-format'
+import { TriggerUtils } from '@/lib/workflows/triggers/triggers'
+import type { InputFormatField } from '@/lib/workflows/types'
+import { PreviewWorkflow } from '@/app/workspace/[workspaceId]/w/components/preview'
+import { getBlock } from '@/blocks'
+import {
+  useAddTableColumn,
+  useAddWorkflowGroup,
+  useUpdateColumn,
+  useUpdateWorkflowGroup,
+} from '@/hooks/queries/tables'
+import { useWorkflowState, workflowKeys } from '@/hooks/queries/workflows'
+import type { WorkflowMetadata } from '@/stores/workflows/registry/types'
+import { COLUMN_TYPE_OPTIONS, type SidebarColumnType } from './column-types'
+
+export type ColumnConfigState =
+  | { mode: 'edit'; columnName: string }
+  | { mode: 'new'; columnName: string; workflowId: string; proposedName: string }
+  | {
+      mode: 'create'
+      columnName: string
+      proposedName: string
+      /** When present, the sidebar opens with the workflow type pre-selected. */
+      workflowId?: string
+    }
+  | null
+
+interface ColumnSidebarProps {
+  configState: ColumnConfigState
+  onClose: () => void
+  /** The current column record for edit mode. Null for new mode or closed. */
+  existingColumn: ColumnDefinition | null
+  allColumns: ColumnDefinition[]
+  workflowGroups: WorkflowGroup[]
+  workflows: WorkflowMetadata[] | undefined
+  workspaceId: string
+  tableId: string
+}
+
+const OUTPUT_VALUE_SEPARATOR = '::'
+
+/** Shared dashed-divider style — mirrors the workflow editor's subblock divider. */
+const DASHED_DIVIDER_STYLE = {
+  backgroundImage:
+    'repeating-linear-gradient(to right, var(--border) 0px, var(--border) 6px, transparent 6px, transparent 12px)',
+} as const
+
+/** Encodes blockId + path so duplicate field names across blocks stay distinct in the picker UI. */
+const encodeOutputValue = (blockId: string, path: string) =>
+  `${blockId}${OUTPUT_VALUE_SEPARATOR}${path}`
+
+/** Splits an encoded `${blockId}::${path}` into its components for persistence. */
+const decodeOutputValue = (value: string): { blockId: string; path: string } => {
+  const idx = value.indexOf(OUTPUT_VALUE_SEPARATOR)
+  if (idx === -1) return { blockId: '', path: value }
+  return { blockId: value.slice(0, idx), path: value.slice(idx + OUTPUT_VALUE_SEPARATOR.length) }
+}
+
+interface BlockOutputGroup {
+  blockId: string
+  blockName: string
+  blockType: string
+  blockIcon: string | React.ComponentType<{ className?: string }>
+  blockColor: string
+  paths: string[]
+}
+
+/**
+ * Loose shape of `useWorkflowState` data — we only need the fields we round-trip
+ * through PUT /state. Typed locally to avoid pulling the heavy `WorkflowState`
+ * generic from `@/stores/workflows/workflow/types`.
+ */
+interface WorkflowStatePayload {
+  blocks: Record<
+    string,
+    {
+      type: string
+      subBlocks?: Record<string, { id?: string; type?: string; value?: unknown }>
+    } & Record<string, unknown>
+  >
+  edges: unknown[]
+  loops: unknown
+  parallels: unknown
+  lastSaved?: number
+  isDeployed?: boolean
+}
+
+function tableColumnTypeToInputType(colType: ColumnDefinition['type'] | undefined): string {
+  switch (colType) {
+    case 'number':
+      return 'number'
+    case 'boolean':
+      return 'boolean'
+    case 'json':
+      return 'object'
+    default:
+      return 'string'
+  }
+}
+
+const TagIcon: React.FC<{
+  icon: string | React.ComponentType<{ className?: string }>
+  color: string
+}> = ({ icon, color }) => (
+  <div
+    className='flex h-[14px] w-[14px] flex-shrink-0 items-center justify-center rounded'
+    style={{ background: color }}
+  >
+    {typeof icon === 'string' ? (
+      <span className='!text-white font-bold text-micro'>{icon}</span>
+    ) : (
+      (() => {
+        const IconComponent = icon
+        return <IconComponent className='!text-white size-[9px]' />
+      })()
+    )}
+  </div>
+)
+
+function FieldDivider() {
+  return (
+    <div className='px-0.5 pt-4 pb-[13px]'>
+      <div className='h-[1.25px]' style={DASHED_DIVIDER_STYLE} />
+    </div>
+  )
+}
+
+/** Mirrors the workflow editor's required-field label: title + asterisk. */
+function FieldLabel({
+  htmlFor,
+  required,
+  children,
+}: {
+  htmlFor?: string
+  required?: boolean
+  children: React.ReactNode
+}) {
+  return (
+    <Label htmlFor={htmlFor} className='flex items-baseline gap-1.5 whitespace-nowrap pl-0.5'>
+      {children}
+      {required && <span className='ml-0.5'>*</span>}
+    </Label>
+  )
+}
+
+/** Inline validation message styled like the workflow editor's destructive text. */
+function FieldError({ message }: { message: string }) {
+  return <p className='pl-0.5 text-caption text-destructive'>{message}</p>
+}
+
+/**
+ * Tinted inline warning row with a message on the left and an action button
+ * on the right. Stacks naturally — render multiple in sequence and they line
+ * up. Color mirrors the group-header deploy badge: `red` for blocking states,
+ * `amber` for soft warnings.
+ */
+function WarningRow({
+  tone,
+  message,
+  action,
+}: {
+  tone: 'red' | 'amber'
+  message: string
+  action: React.ReactNode
+}) {
+  return (
+    <div
+      className={cn(
+        'flex items-center gap-2 rounded-md border px-2.5 py-2',
+        tone === 'red'
+          ? 'border-[color-mix(in_srgb,var(--text-error)_40%,transparent)] bg-[color-mix(in_srgb,var(--text-error)_10%,transparent)]'
+          : 'border-[var(--terminal-status-warning-border)] bg-[var(--terminal-status-warning-bg)]'
+      )}
+      role='status'
+    >
+      <span
+        className={cn(
+          'min-w-0 flex-1 text-caption',
+          tone === 'red'
+            ? 'text-[var(--text-error)]'
+            : 'text-[var(--terminal-status-warning-color)]'
+        )}
+      >
+        {message}
+      </span>
+      <div className='shrink-0'>{action}</div>
+    </div>
+  )
+}
+
+/**
+ * Collapsible "Run settings" section. Collapsed by default since outputs are
+ * the primary focus of the workflow flow — most users never need to touch
+ * the trigger conditions. The header shows a one-line summary of when the
+ * group will fire so the current state is visible without expanding.
+ */
+function RunSettingsSection({
+  open,
+  onOpenChange,
+  summary,
+  scalarDepColumns,
+  groupDepOptions,
+  deps,
+  groupDeps,
+  workflows,
+  onToggleDep,
+  onToggleGroupDep,
+}: {
+  open: boolean
+  onOpenChange: (open: boolean) => void
+  summary: string
+  scalarDepColumns: ColumnDefinition[]
+  groupDepOptions: WorkflowGroup[]
+  deps: string[]
+  groupDeps: string[]
+  workflows: WorkflowMetadata[] | undefined
+  onToggleDep: (name: string) => void
+  onToggleGroupDep: (groupId: string) => void
+}) {
+  return (
+    <div className='flex flex-col gap-[9.5px]'>
+      <button
+        type='button'
+        onClick={() => onOpenChange(!open)}
+        className='flex min-w-0 cursor-pointer flex-col items-start gap-0.5 rounded-md pl-0.5 text-left transition-colors hover:bg-[var(--surface-2)]'
+        aria-expanded={open}
+      >
+        <span className='flex items-center gap-1.5'>
+          {open ? (
+            <ChevronDown className='h-[12px] w-[12px] shrink-0 text-[var(--text-muted)]' />
+          ) : (
+            <ChevronRight className='h-[12px] w-[12px] shrink-0 text-[var(--text-muted)]' />
+          )}
+          <span className='font-medium text-[var(--text-primary)] text-small'>Run settings</span>
+        </span>
+        {!open && (
+          <span className='break-words pl-[18px] text-[var(--text-tertiary)] text-caption'>
+            {summary}
+          </span>
+        )}
+      </button>
+      <Expandable expanded={open}>
+        <ExpandableContent>
+          <div className='flex max-h-[240px] min-w-0 flex-col overflow-y-auto rounded-md border border-[var(--border)]'>
+            {scalarDepColumns.length === 0 && groupDepOptions.length === 0 ? (
+              <div className='px-2 py-3 text-[var(--text-tertiary)] text-small'>
+                No upstream columns or groups.
+              </div>
+            ) : (
+              <>
+                {scalarDepColumns.map((c, idx) => {
+                  const checked = deps.includes(c.name)
+                  const isLast = idx === scalarDepColumns.length - 1 && groupDepOptions.length === 0
+                  return (
+                    <div
+                      key={`col:${c.name}`}
+                      role='checkbox'
+                      aria-checked={checked}
+                      tabIndex={0}
+                      onClick={() => onToggleDep(c.name)}
+                      onKeyDown={(e) => {
+                        if (e.key === ' ' || e.key === 'Enter') {
+                          e.preventDefault()
+                          onToggleDep(c.name)
+                        }
+                      }}
+                      className={cn(
+                        'flex h-[36px] flex-shrink-0 cursor-pointer items-center gap-2.5 px-2.5 hover:bg-[var(--surface-2)]',
+                        !isLast && 'border-[var(--border)] border-b'
+                      )}
+                    >
+                      <Checkbox size='sm' checked={checked} className='pointer-events-none' />
+                      <span className='font-medium text-[var(--text-secondary)] text-small'>
+                        {c.name}
+                      </span>
+                      <span className='ml-auto text-[var(--text-tertiary)] text-caption'>
+                        {c.type}
+                      </span>
+                    </div>
+                  )
+                })}
+                {groupDepOptions.map((g, idx) => {
+                  const checked = groupDeps.includes(g.id)
+                  const isLast = idx === groupDepOptions.length - 1
+                  const wf = workflows?.find((w) => w.id === g.workflowId)
+                  const color = wf?.color ?? 'var(--text-muted)'
+                  const label = g.name ?? wf?.name ?? 'Workflow'
+                  return (
+                    <div
+                      key={`group:${g.id}`}
+                      role='checkbox'
+                      aria-checked={checked}
+                      tabIndex={0}
+                      onClick={() => onToggleGroupDep(g.id)}
+                      onKeyDown={(e) => {
+                        if (e.key === ' ' || e.key === 'Enter') {
+                          e.preventDefault()
+                          onToggleGroupDep(g.id)
+                        }
+                      }}
+                      className={cn(
+                        'flex h-[36px] flex-shrink-0 cursor-pointer items-center gap-2.5 px-2.5 hover:bg-[var(--surface-2)]',
+                        !isLast && 'border-[var(--border)] border-b'
+                      )}
+                    >
+                      <Checkbox size='sm' checked={checked} className='pointer-events-none' />
+                      <span
+                        className='h-[10px] w-[10px] shrink-0 rounded-sm'
+                        style={{ backgroundColor: color }}
+                        aria-hidden='true'
+                      />
+                      <span className='min-w-0 truncate font-medium text-[var(--text-secondary)] text-small'>
+                        {label}
+                      </span>
+                      <span className='ml-auto text-[var(--text-tertiary)] text-caption'>
+                        workflow
+                      </span>
+                    </div>
+                  )
+                })}
+              </>
+            )}
+          </div>
+        </ExpandableContent>
+      </Expandable>
+    </div>
+  )
+}
+
+/**
+ * Right-edge configuration panel for any column.
+ *
+ * Shows name / type / unique for every column, plus workflow-specific fields
+ * (workflow picker, output field, dependencies, run concurrency) when the
+ * selected type is `'workflow'`.
+ *
+ * Three modes:
+ * - 'edit':   modify an existing column. PATCH sends a unified updates payload.
+ * - 'new':    user picked a workflow via Change type → Workflow → [pick]. Nothing
+ *             is persisted yet. Save writes type + workflowConfig + renames in one PATCH.
+ * - 'create': user picked a workflow from "Add column"; the column doesn't exist yet
+ *             and Save creates it.
+ *
+ * Visual styling mirrors the workflow editor's subblock panel (label above
+ * control, dashed dividers between fields).
+ */
+export function ColumnSidebar({
+  configState,
+  onClose,
+  existingColumn,
+  allColumns,
+  workflowGroups,
+  workflows,
+  workspaceId,
+  tableId,
+}: ColumnSidebarProps) {
+  const updateColumn = useUpdateColumn({ workspaceId, tableId })
+  const addColumn = useAddTableColumn({ workspaceId, tableId })
+  const addWorkflowGroup = useAddWorkflowGroup({ workspaceId, tableId })
+  const updateWorkflowGroup = useUpdateWorkflowGroup({ workspaceId, tableId })
+  const open = configState !== null
+
+  const columnName = configState ? configState.columnName : ''
+
+  /**
+   * If the column being edited is a workflow output, resolve its parent group
+   * so we can populate workflow / outputs / dependencies state from it.
+   */
+  const existingGroup = useMemo<WorkflowGroup | undefined>(() => {
+    if (!existingColumn?.workflowGroupId) return undefined
+    return workflowGroups.find((g) => g.id === existingColumn.workflowGroupId)
+  }, [existingColumn, workflowGroups])
+
+  const [nameInput, setNameInput] = useState<string>('')
+  const [typeInput, setTypeInput] = useState<SidebarColumnType>('string')
+
+  const isWorkflow = !!existingGroup || configState?.mode === 'new' || typeInput === 'workflow'
+
+  /**
+   * Show the Column name field whenever a *specific* column is open: scalar
+   * columns (create or edit) and per-output workflow columns (edit only). Hide
+   * it when the surface is the workflow-group as a whole — i.e. creating a
+   * brand-new workflow column where individual output names are auto-derived.
+   */
+  const showColumnNameField =
+    !isWorkflow || configState?.mode === 'edit' || configState?.mode === 'new'
+
+  /**
+   * Columns to the left of the current column — these are the only valid trigger
+   * dependencies, since a workflow column can't depend on values that haven't been
+   * filled yet. For 'create' mode the column doesn't exist yet, so every existing
+   * column counts as left of it.
+   */
+  const otherColumns = useMemo(() => {
+    if (!configState) return []
+    if (configState.mode === 'create') return allColumns
+    const idx = allColumns.findIndex((c) => c.name === configState.columnName)
+    if (idx === -1) return allColumns.filter((c) => c.name !== configState.columnName)
+    return allColumns.slice(0, idx)
+  }, [configState, allColumns])
+
+  /**
+   * Split `otherColumns` into the two dep buckets:
+   * - `scalarDepColumns` — plain columns; tickable into `dependencies.columns`.
+   * - `groupDepOptions` — producing workflow groups whose outputs land left of the
+   *   current column; tickable into `dependencies.workflowGroups`. A group only
+   *   shows up here when at least one of its output columns is left-of-current.
+   *   The current group itself is excluded so we never depend on ourselves.
+   */
+  const scalarDepColumns = useMemo(
+    () => otherColumns.filter((c) => !c.workflowGroupId),
+    [otherColumns]
+  )
+  const groupDepOptions = useMemo<WorkflowGroup[]>(() => {
+    const seen = new Set<string>()
+    const result: WorkflowGroup[] = []
+    for (const c of otherColumns) {
+      if (!c.workflowGroupId) continue
+      if (seen.has(c.workflowGroupId)) continue
+      if (existingGroup && c.workflowGroupId === existingGroup.id) continue
+      const g = workflowGroups.find((gg) => gg.id === c.workflowGroupId)
+      if (!g) continue
+      seen.add(c.workflowGroupId)
+      result.push(g)
+    }
+    return result
+  }, [otherColumns, workflowGroups, existingGroup])
+
+  const [uniqueInput, setUniqueInput] = useState<boolean>(false)
+  const [selectedWorkflowId, setSelectedWorkflowId] = useState<string>('')
+  /** Plain (non-workflow-output) column names this group waits on. */
+  const [deps, setDeps] = useState<string[]>([])
+  /** Producing workflow group ids this group waits on. Workflow-output columns are
+   *  represented by their parent group, since the schema validator forbids depending
+   *  on a workflow-output column directly (`workflow-columns.ts` enforces this). */
+  const [groupDeps, setGroupDeps] = useState<string[]>([])
+  /** Encoded `${blockId}::${path}` values — disambiguates duplicate paths in the picker. */
+  const [selectedOutputs, setSelectedOutputs] = useState<string[]>([])
+  /** Surfaces required-field errors only after a save attempt, matching the workflow editor's deploy flow. */
+  const [showValidation, setShowValidation] = useState(false)
+  /** Save-time error (network/validation thrown by the mutation). Rendered inline next to the footer
+   *  buttons so it isn't covered by the toaster, which sits over the bottom-right of the panel. */
+  const [saveError, setSaveError] = useState<string | null>(null)
+  /** Run settings (the trigger-deps picker) starts collapsed — outputs are the
+   *  primary task; configuring run timing is rare. */
+  const [runSettingsOpen, setRunSettingsOpen] = useState(false)
+
+  const existingColumnRef = useRef(existingColumn)
+  existingColumnRef.current = existingColumn
+  const allColumnsRef = useRef(allColumns)
+  allColumnsRef.current = allColumns
+
+  useEffect(() => {
+    if (!open || !configState) return
+    setShowValidation(false)
+    setSaveError(null)
+    setRunSettingsOpen(false)
+    const existing = existingColumnRef.current
+    const cols = allColumnsRef.current
+    const leftOfCurrent = (() => {
+      if (configState.mode === 'create') return cols
+      const idx = cols.findIndex((c) => c.name === configState.columnName)
+      if (idx === -1) return cols.filter((c) => c.name !== configState.columnName)
+      return cols.slice(0, idx)
+    })()
+    // Default deps when there's no persisted group yet: tick every left-of-current
+    // scalar column + every left-of-current producing group.
+    const defaultScalarDeps = leftOfCurrent.filter((c) => !c.workflowGroupId).map((c) => c.name)
+    const defaultGroupDeps = (() => {
+      const seen = new Set<string>()
+      for (const c of leftOfCurrent) {
+        if (c.workflowGroupId) seen.add(c.workflowGroupId)
+      }
+      return Array.from(seen)
+    })()
+    if (configState.mode === 'edit') {
+      const group = existing?.workflowGroupId
+        ? workflowGroups.find((g) => g.id === existing.workflowGroupId)
+        : undefined
+      // Surface workflow-typed columns as `'workflow'` in the combobox even
+      // though they're stored as scalar columns under the hood.
+      setTypeInput(group ? 'workflow' : (existing?.type ?? 'string'))
+      setUniqueInput(!!existing?.unique)
+      setNameInput(existing?.name ?? configState.columnName)
+      if (group) {
+        setSelectedWorkflowId(group.workflowId)
+        // Sanitize legacy persisted deps: any workflow-output column names that
+        // sneaked into `dependencies.columns` (writes from before the schema
+        // validator forbade them) are lifted into `workflowGroups` here so the
+        // sidebar surfaces a re-saveable state.
+        const persistedCols = group.dependencies?.columns
+        const persistedGroups = group.dependencies?.workflowGroups
+        if (persistedCols !== undefined || persistedGroups !== undefined) {
+          const liftedGroupIds = new Set(persistedGroups ?? [])
+          const cleanCols: string[] = []
+          for (const colName of persistedCols ?? []) {
+            const c = cols.find((cc) => cc.name === colName)
+            if (c?.workflowGroupId) liftedGroupIds.add(c.workflowGroupId)
+            else cleanCols.push(colName)
+          }
+          setDeps(cleanCols)
+          setGroupDeps(Array.from(liftedGroupIds))
+        } else {
+          setDeps(defaultScalarDeps)
+          setGroupDeps(defaultGroupDeps)
+        }
+        setSelectedOutputs([]) // re-encoded against current workflow blocks below
+      } else {
+        setSelectedWorkflowId('')
+        setDeps([])
+        setGroupDeps([])
+        setSelectedOutputs([])
+      }
+    } else {
+      const workflowId =
+        'workflowId' in configState && configState.workflowId ? configState.workflowId : ''
+      setTypeInput(workflowId ? 'workflow' : 'string')
+      setUniqueInput(false)
+      setNameInput(configState.proposedName)
+      setSelectedWorkflowId(workflowId)
+      setDeps(defaultScalarDeps)
+      setGroupDeps(defaultGroupDeps)
+      setSelectedOutputs([])
+    }
+  }, [open, configState, workflowGroups])
+
+  const workflowState = useWorkflowState(
+    open && isWorkflow && selectedWorkflowId ? selectedWorkflowId : undefined
+  )
+
+  /**
+   * Resolves the unified Start block id and its current `inputFormat` field
+   * names. The "Add inputs" mutation only adds rows for table columns that
+   * aren't already represented in the start block — clicking the button when
+   * everything's covered does nothing, so we hide it in that case.
+   */
+  const startBlockInputs = useMemo<{
+    blockId: string | null
+    existingNames: Set<string>
+    existing: InputFormatField[]
+  }>(() => {
+    const blocks = (workflowState.data as { blocks?: Record<string, { type: string }> } | null)
+      ?.blocks
+    if (!blocks) return { blockId: null, existingNames: new Set(), existing: [] }
+    const candidate = TriggerUtils.findStartBlock(blocks, 'manual')
+    if (!candidate) return { blockId: null, existingNames: new Set(), existing: [] }
+    const block = blocks[candidate.blockId] as
+      | { subBlocks?: Record<string, { value?: unknown }> }
+      | undefined
+    const existing = normalizeInputFormatValue(block?.subBlocks?.inputFormat?.value)
+    return {
+      blockId: candidate.blockId,
+      existingNames: new Set(existing.map((f) => f.name).filter((n): n is string => !!n)),
+      existing,
+    }
+  }, [workflowState.data])
+
+  const missingInputColumnNames = useMemo<string[]>(() => {
+    if (!startBlockInputs.blockId) return []
+    return allColumns
+      .filter(
+        (c) =>
+          c.name !== columnName && !c.workflowGroupId && !startBlockInputs.existingNames.has(c.name)
+      )
+      .map((c) => c.name)
+  }, [allColumns, columnName, startBlockInputs])
+
+  const queryClient = useQueryClient()
+  const addInputsMutation = useMutation({
+    mutationFn: async () => {
+      const wfId = selectedWorkflowId
+      const startBlockId = startBlockInputs.blockId
+      const state = workflowState.data as WorkflowStatePayload | null | undefined
+      if (!wfId || !startBlockId || !state || missingInputColumnNames.length === 0) {
+        throw new Error('Nothing to add')
+      }
+      const startBlock = state.blocks[startBlockId]
+      if (!startBlock) throw new Error('Start block missing from workflow')
+
+      const newFields: InputFormatField[] = missingInputColumnNames.map((name) => {
+        const col = allColumns.find((c) => c.name === name)
+        return {
+          id: generateId(),
+          name,
+          type: tableColumnTypeToInputType(col?.type),
+          value: '',
+          collapsed: false,
+        } as InputFormatField & { id: string; collapsed: boolean }
+      })
+
+      const updatedSubBlock = {
+        ...(startBlock.subBlocks?.inputFormat ?? { id: 'inputFormat', type: 'input-format' }),
+        value: [...startBlockInputs.existing, ...newFields],
+      }
+      const updatedBlocks = {
+        ...state.blocks,
+        [startBlockId]: {
+          ...startBlock,
+          subBlocks: { ...startBlock.subBlocks, inputFormat: updatedSubBlock },
+        },
+      }
+
+      const rawBody = {
+        blocks: updatedBlocks,
+        edges: state.edges,
+        loops: state.loops,
+        parallels: state.parallels,
+        lastSaved: state.lastSaved ?? Date.now(),
+        isDeployed: state.isDeployed ?? false,
+      }
+      // double-cast-allowed: WorkflowStatePayload is the loose local view of
+      // useWorkflowState; we round-trip it back to the strict PUT body shape.
+      const body = rawBody as unknown as WorkflowStateContractInput
+      await requestJson(putWorkflowNormalizedStateContract, {
+        params: { id: wfId },
+        body,
+      })
+      return missingInputColumnNames.length
+    },
+    onSuccess: (added) => {
+      queryClient.invalidateQueries({ queryKey: workflowKeys.state(selectedWorkflowId) })
+      toast.success(`Added ${added} input${added === 1 ? '' : 's'} to start block`)
+    },
+    onError: (err) => {
+      toast.error(toError(err).message)
+    },
+  })
+
+  const blockOutputGroups = useMemo<BlockOutputGroup[]>(() => {
+    const state = workflowState.data as
+      | {
+          blocks?: Record<string, FlattenOutputsBlockInput>
+          edges?: FlattenOutputsEdgeInput[]
+        }
+      | null
+      | undefined
+    if (!state?.blocks) return []
+
+    const blocks = Object.values(state.blocks)
+    const edges = state.edges ?? []
+    const flat = flattenWorkflowOutputs(blocks, edges)
+    if (flat.length === 0) return []
+
+    const groupsByBlockId = new Map<string, BlockOutputGroup>()
+    for (const f of flat) {
+      let group = groupsByBlockId.get(f.blockId)
+      if (!group) {
+        const blockConfig = getBlock(f.blockType)
+        const blockColor = blockConfig?.bgColor || '#2F55FF'
+        let blockIcon: string | React.ComponentType<{ className?: string }> = f.blockName
+          .charAt(0)
+          .toUpperCase()
+        if (blockConfig?.icon) blockIcon = blockConfig.icon
+        else if (f.blockType === 'loop') blockIcon = RepeatIcon
+        else if (f.blockType === 'parallel') blockIcon = SplitIcon
+        group = {
+          blockId: f.blockId,
+          blockName: f.blockName,
+          blockType: f.blockType,
+          blockIcon,
+          blockColor,
+          paths: [],
+        }
+        groupsByBlockId.set(f.blockId, group)
+      }
+      group.paths.push(f.path)
+    }
+    // Sort the picker by execution order (start block first) so it matches the
+    // saved-column ordering. Unreachable blocks sink to the end.
+    const distances = getBlockExecutionOrder(blocks, edges)
+    return Array.from(groupsByBlockId.values()).sort((a, b) => {
+      const da = distances[a.blockId]
+      const db = distances[b.blockId]
+      const sa = da === undefined || da < 0 ? Number.POSITIVE_INFINITY : da
+      const sb = db === undefined || db < 0 ? Number.POSITIVE_INFINITY : db
+      return sa - sb
+    })
+  }, [workflowState.data])
+
+  /**
+   * Re-encode persisted `{blockId, path}` entries into the picker's encoded form
+   * once the workflow's blocks are loaded. Stale entries (block deleted or path
+   * removed) are dropped silently — the user can re-pick on save.
+   */
+  useEffect(() => {
+    if (!existingGroup?.outputs.length) return
+    if (selectedOutputs.length > 0) return
+    if (blockOutputGroups.length === 0) return
+    const encoded: string[] = []
+    for (const entry of existingGroup.outputs) {
+      const match = blockOutputGroups.find(
+        (g) => g.blockId === entry.blockId && g.paths.includes(entry.path)
+      )
+      if (match) encoded.push(encodeOutputValue(entry.blockId, entry.path))
+    }
+    if (encoded.length > 0) setSelectedOutputs(encoded)
+  }, [blockOutputGroups, selectedOutputs.length, existingGroup])
+
+  const toggleDep = (name: string) => {
+    setDeps((prev) => (prev.includes(name) ? prev.filter((d) => d !== name) : [...prev, name]))
+  }
+
+  const toggleGroupDep = (groupId: string) => {
+    setGroupDeps((prev) =>
+      prev.includes(groupId) ? prev.filter((d) => d !== groupId) : [...prev, groupId]
+    )
+  }
+
+  const toggleOutput = (encoded: string) => {
+    setSelectedOutputs((prev) =>
+      prev.includes(encoded) ? prev.filter((v) => v !== encoded) : [...prev, encoded]
+    )
+  }
+
+  const typeOptions = useMemo(
+    () =>
+      COLUMN_TYPE_OPTIONS.filter((o) => o.type !== 'workflow' || !!existingGroup).map((o) => ({
+        label: o.label,
+        value: o.type,
+        icon: o.icon,
+      })),
+    [existingGroup]
+  )
+
+  /**
+   * One-line summary of the trigger picker shown when Run settings is collapsed.
+   * Lists the dep names ("Run when X, Y, are filled") so the user can see at a
+   * glance whether anything's gating the group without expanding the section.
+   */
+  const runSettingsSummary = useMemo(() => {
+    const names: string[] = [...deps]
+    for (const gid of groupDeps) {
+      const g = workflowGroups.find((gg) => gg.id === gid)
+      const wf = workflows?.find((w) => w.id === g?.workflowId)
+      const label = g?.name ?? wf?.name ?? 'workflow'
+      names.push(label)
+    }
+    if (names.length === 0) return 'Runs as soon as the group is added'
+    return `Runs when ${names.join(', ')} ${names.length === 1 ? 'is' : 'are'} filled`
+  }, [deps, groupDeps, workflowGroups, workflows])
+
+  /**
+   * Builds the ordered, deduplicated `(blockId, path)` list from the picker
+   * state, sorted by execution order. Empty array if the user hasn't picked
+   * anything.
+   */
+  const buildOrderedPickedOutputs = (): Array<{
+    blockId: string
+    path: string
+    leafType?: string
+  }> => {
+    const seen = new Set<string>()
+    const outputs: Array<{ blockId: string; path: string; leafType?: string }> = []
+    for (const encoded of selectedOutputs) {
+      if (seen.has(encoded)) continue
+      seen.add(encoded)
+      outputs.push(decodeOutputValue(encoded))
+    }
+    const wfState = workflowState.data as
+      | {
+          blocks?: Record<string, FlattenOutputsBlockInput>
+          edges?: FlattenOutputsEdgeInput[]
+        }
+      | null
+      | undefined
+    if (wfState?.blocks) {
+      const blocks = Object.values(wfState.blocks)
+      const edges = wfState.edges ?? []
+      const distances = getBlockExecutionOrder(blocks, edges)
+      const flat = flattenWorkflowOutputs(blocks, edges)
+      const indexInFlat = new Map(
+        flat.map((f, i) => [`${f.blockId}${OUTPUT_VALUE_SEPARATOR}${f.path}`, i])
+      )
+      const leafTypeByKey = new Map(
+        flat.map((f) => [`${f.blockId}${OUTPUT_VALUE_SEPARATOR}${f.path}`, f.leafType])
+      )
+      for (const o of outputs) {
+        o.leafType = leafTypeByKey.get(`${o.blockId}${OUTPUT_VALUE_SEPARATOR}${o.path}`)
+      }
+      outputs.sort((a, b) => {
+        const da = distances[a.blockId]
+        const db = distances[b.blockId]
+        const sa = da === undefined || da < 0 ? Number.POSITIVE_INFINITY : da
+        const sb = db === undefined || db < 0 ? Number.POSITIVE_INFINITY : db
+        if (sa !== sb) return sa - sb
+        const ia =
+          indexInFlat.get(`${a.blockId}${OUTPUT_VALUE_SEPARATOR}${a.path}`) ??
+          Number.POSITIVE_INFINITY
+        const ib =
+          indexInFlat.get(`${b.blockId}${OUTPUT_VALUE_SEPARATOR}${b.path}`) ??
+          Number.POSITIVE_INFINITY
+        return ia - ib
+      })
+    }
+    return outputs
+  }
+
+  const handleSave = async () => {
+    if (!configState) return
+    setSaveError(null)
+    const trimmedName = nameInput.trim()
+    // Name is required iff the field is shown — when configuring a whole
+    // workflow group at creation time, per-output column names are auto-derived
+    // and the field is hidden, so don't gate save on it.
+    const missing: string[] = []
+    if (showColumnNameField && !trimmedName) missing.push('a column name')
+    if (isWorkflow && !selectedWorkflowId) missing.push('a workflow')
+    if (isWorkflow && selectedWorkflowId && selectedOutputs.length === 0) {
+      missing.push('at least one output column')
+    }
+    if (missing.length > 0) {
+      setShowValidation(true)
+      // Surface a short summary near the Save button too — the inline FieldError
+      // can be scrolled out of view when the panel content is tall.
+      setSaveError(`Add ${missing.join(' and ')} before saving.`)
+      return
+    }
+
+    try {
+      if (isWorkflow) {
+        const orderedOutputs = buildOrderedPickedOutputs()
+        const dependencies: WorkflowGroupDependencies = {
+          columns: deps,
+          ...(groupDeps.length > 0 ? { workflowGroups: groupDeps } : {}),
+        }
+
+        if (existingGroup) {
+          // Update path: diff outputs, derive new column names for added entries,
+          // call updateWorkflowGroup so service handles add/remove transactionally.
+          // If the sidebar was opened on a *specific* workflow-output column and
+          // the user renamed it, propagate that into the group's `outputs` ref
+          // (the column rename itself goes through `updateColumn` below, which
+          // server-side cascades into outputs/deps — but our outgoing payload
+          // also has to use the new name so the group update doesn't undo it).
+          const editedColumnName = configState.mode === 'edit' ? configState.columnName : null
+          const renamedColumn =
+            editedColumnName && trimmedName && trimmedName !== editedColumnName
+              ? { from: editedColumnName, to: trimmedName }
+              : null
+          const oldKeys = new Set(existingGroup.outputs.map((o) => `${o.blockId}::${o.path}`))
+          const taken = new Set(
+            allColumns.map((c) =>
+              renamedColumn && c.name === renamedColumn.from ? renamedColumn.to : c.name
+            )
+          )
+          const fullOutputs: WorkflowGroupOutput[] = []
+          const newOutputColumns: NonNullable<UpdateWorkflowGroupBodyInput['newOutputColumns']> = []
+          for (const o of orderedOutputs) {
+            const key = `${o.blockId}::${o.path}`
+            const existing = existingGroup.outputs.find(
+              (e) => e.blockId === o.blockId && e.path === o.path
+            )
+            if (existing) {
+              fullOutputs.push(
+                renamedColumn && existing.columnName === renamedColumn.from
+                  ? { ...existing, columnName: renamedColumn.to }
+                  : existing
+              )
+            } else {
+              const colName = deriveOutputColumnName(o.path, taken)
+              taken.add(colName)
+              fullOutputs.push({ blockId: o.blockId, path: o.path, columnName: colName })
+              newOutputColumns.push({
+                name: colName,
+                type: columnTypeForLeaf(o.leafType),
+                required: false,
+                unique: false,
+                workflowGroupId: existingGroup.id,
+              })
+            }
+            oldKeys.delete(key)
+          }
+          if (renamedColumn) {
+            await updateColumn.mutateAsync({
+              columnName: renamedColumn.from,
+              updates: { name: renamedColumn.to },
+            })
+          }
+          await updateWorkflowGroup.mutateAsync({
+            groupId: existingGroup.id,
+            workflowId: selectedWorkflowId,
+            name: existingGroup.name,
+            dependencies,
+            outputs: fullOutputs,
+            ...(newOutputColumns.length > 0 ? { newOutputColumns } : {}),
+          })
+          toast.success(`Saved "${existingGroup.name ?? 'Workflow'}"`)
+        } else {
+          // Create path: build a fresh group with auto-derived column names.
+          const groupId = generateId()
+          const taken = new Set(allColumns.map((c) => c.name))
+          const newOutputColumns: AddWorkflowGroupBodyInput['outputColumns'] = []
+          const groupOutputs: WorkflowGroupOutput[] = []
+          for (const o of orderedOutputs) {
+            const colName = deriveOutputColumnName(o.path, taken)
+            taken.add(colName)
+            newOutputColumns.push({
+              name: colName,
+              type: columnTypeForLeaf(o.leafType),
+              required: false,
+              unique: false,
+              workflowGroupId: groupId,
+            })
+            groupOutputs.push({ blockId: o.blockId, path: o.path, columnName: colName })
+          }
+          const workflowName =
+            workflows?.find((w) => w.id === selectedWorkflowId)?.name ?? 'Workflow'
+          const group: WorkflowGroup = {
+            id: groupId,
+            workflowId: selectedWorkflowId,
+            name: workflowName,
+            dependencies,
+            outputs: groupOutputs,
+          }
+          await addWorkflowGroup.mutateAsync({ group, outputColumns: newOutputColumns })
+          toast.success(`Added "${workflowName}"`)
+        }
+      } else if (configState.mode === 'create') {
+        // `isWorkflow` is false here, so `typeInput` is a real ColumnDefinition type.
+        const scalarType = typeInput as ColumnDefinition['type']
+        await addColumn.mutateAsync({
+          name: trimmedName,
+          type: scalarType,
+        })
+        toast.success(`Added "${trimmedName}"`)
+      } else {
+        const existing = existingColumnRef.current
+        const scalarType = typeInput as ColumnDefinition['type']
+        const renamed = trimmedName !== configState.columnName
+        const typeChanged = !!existing && existing.type !== scalarType
+        const uniqueChanged = !!existing && !!existing.unique !== uniqueInput
+
+        const updates: {
+          name?: string
+          type?: ColumnDefinition['type']
+          unique?: boolean
+        } = {
+          ...(renamed ? { name: trimmedName } : {}),
+          ...(typeChanged ? { type: scalarType } : {}),
+          ...(uniqueChanged ? { unique: uniqueInput } : {}),
+        }
+
+        if (Object.keys(updates).length === 0) {
+          onClose()
+          return
+        }
+
+        await updateColumn.mutateAsync({
+          columnName: configState.columnName,
+          updates,
+        })
+        toast.success(`Saved "${trimmedName}"`)
+      }
+
+      onClose()
+    } catch (err) {
+      setSaveError(toError(err).message)
+    }
+  }
+
+  const saveDisabled = updateColumn.isPending || addColumn.isPending
+
+  return (
+    <aside
+      role='dialog'
+      aria-label='Configure column'
+      className={cn(
+        'absolute top-0 right-0 bottom-0 z-[var(--z-modal)] flex w-[400px] flex-col overflow-hidden border-[var(--border)] border-l bg-[var(--bg)] shadow-overlay transition-transform duration-200 ease-out',
+        open ? 'translate-x-0' : 'translate-x-full'
+      )}
+    >
+      <div className='flex h-full flex-col'>
+        <div className='flex items-center justify-between border-[var(--border)] border-b px-3 py-2'>
+          <h2 className='font-medium text-[var(--text-primary)] text-small'>Configure column</h2>
+          <Button
+            variant='ghost'
+            size='sm'
+            onClick={onClose}
+            className='!p-1 h-7 w-7'
+            aria-label='Close'
+          >
+            <X className='h-[14px] w-[14px]' />
+          </Button>
+        </div>
+
+        <div className='flex-1 overflow-y-auto overflow-x-hidden px-2 pt-3 pb-2 [overflow-anchor:none]'>
+          <div className='flex flex-col gap-[9.5px]'>
+            <FieldLabel required>Type</FieldLabel>
+            <Combobox
+              options={typeOptions}
+              value={typeInput}
+              onChange={(v) => setTypeInput(v as SidebarColumnType)}
+              placeholder='Select type'
+              maxHeight={260}
+            />
+          </div>
+
+          {showColumnNameField && (
+            <>
+              <FieldDivider />
+
+              <div className='flex flex-col gap-[9.5px]'>
+                <FieldLabel htmlFor='column-sidebar-name' required>
+                  Column name
+                </FieldLabel>
+                <Input
+                  id='column-sidebar-name'
+                  value={nameInput}
+                  onChange={(e) => setNameInput(e.target.value)}
+                  spellCheck={false}
+                  autoComplete='off'
+                  aria-invalid={showValidation && !nameInput.trim() ? true : undefined}
+                />
+                {showValidation && !nameInput.trim() && (
+                  <FieldError message='Column name is required' />
+                )}
+              </div>
+            </>
+          )}
+
+          {!isWorkflow && (
+            <>
+              <FieldDivider />
+
+              <div className='flex flex-col gap-[9.5px]'>
+                <div className='flex items-center justify-between pl-0.5'>
+                  <Label htmlFor='column-sidebar-unique'>Unique</Label>
+                  <Switch
+                    id='column-sidebar-unique'
+                    checked={uniqueInput}
+                    onCheckedChange={(v) => setUniqueInput(!!v)}
+                  />
+                </div>
+                <p className='pl-0.5 text-[var(--text-tertiary)] text-caption'>
+                  Reject duplicate values across rows.
+                </p>
+              </div>
+            </>
+          )}
+
+          {isWorkflow && (
+            <>
+              {selectedWorkflowId && (
+                <>
+                  <FieldDivider />
+
+                  <div className='flex flex-col gap-[9.5px]'>
+                    <Label className='pl-0.5'>Workflow preview</Label>
+                    <div className='relative h-[160px] overflow-hidden rounded-sm border border-[var(--border)]'>
+                      {workflowState.isLoading ? (
+                        <div className='flex h-full items-center justify-center bg-[var(--surface-3)]'>
+                          <Loader2 className='h-5 w-5 animate-spin text-[var(--text-tertiary)]' />
+                        </div>
+                      ) : workflowState.data ? (
+                        <>
+                          <div className='[&_*:active]:!cursor-grabbing [&_*]:!cursor-grab [&_.react-flow__handle]:!hidden h-full w-full'>
+                            <PreviewWorkflow
+                              workflowState={workflowState.data}
+                              height={160}
+                              width='100%'
+                              isPannable={true}
+                              defaultZoom={0.6}
+                              fitPadding={0.15}
+                              cursorStyle='grab'
+                              lightweight
+                            />
+                          </div>
+                          <Tooltip.Root>
+                            <Tooltip.Trigger asChild>
+                              <Button
+                                type='button'
+                                variant='ghost'
+                                onClick={() =>
+                                  window.open(
+                                    `/workspace/${workspaceId}/w/${selectedWorkflowId}`,
+                                    '_blank',
+                                    'noopener,noreferrer'
+                                  )
+                                }
+                                className='absolute right-[6px] bottom-1.5 z-10 h-[24px] w-[24px] cursor-pointer border border-[var(--border)] bg-[var(--surface-2)] p-0 hover-hover:bg-[var(--surface-4)]'
+                              >
+                                <ExternalLink className='h-[12px] w-[12px]' />
+                              </Button>
+                            </Tooltip.Trigger>
+                            <Tooltip.Content side='top'>Open workflow</Tooltip.Content>
+                          </Tooltip.Root>
+                        </>
+                      ) : (
+                        <div className='flex h-full items-center justify-center bg-[var(--surface-3)]'>
+                          <span className='text-[var(--text-tertiary)] text-small'>
+                            Unable to load preview
+                          </span>
+                        </div>
+                      )}
+                    </div>
+                  </div>
+                </>
+              )}
+
+              <FieldDivider />
+
+              <div className='flex flex-col gap-[9.5px]'>
+                <FieldLabel required>Workflow</FieldLabel>
+                <Combobox
+                  options={workflows?.map((wf) => ({ label: wf.name, value: wf.id })) ?? []}
+                  value={selectedWorkflowId}
+                  onChange={(v) => setSelectedWorkflowId(v)}
+                  placeholder='Select a workflow'
+                  disabled={!workflows || workflows.length === 0}
+                  emptyMessage='No manual triggers configured'
+                  maxHeight={260}
+                  searchable
+                  searchPlaceholder='Search workflows...'
+                  error={showValidation && !selectedWorkflowId ? 'Select a workflow' : null}
+                />
+                {showValidation && !selectedWorkflowId && (
+                  <FieldError message='Select a workflow' />
+                )}
+                {selectedWorkflowId &&
+                  startBlockInputs.blockId &&
+                  missingInputColumnNames.length > 0 && (
+                    <WarningRow
+                      tone='amber'
+                      message={`Start block missing ${missingInputColumnNames.length} table input${
+                        missingInputColumnNames.length === 1 ? '' : 's'
+                      }`}
+                      action={
+                        <Tooltip.Root>
+                          <Tooltip.Trigger asChild>
+                            <Button
+                              type='button'
+                              variant='default'
+                              size='sm'
+                              onClick={() => addInputsMutation.mutate()}
+                              disabled={addInputsMutation.isPending}
+                            >
+                              <Plus className='h-[14px] w-[14px]' />
+                              {addInputsMutation.isPending
+                                ? 'Adding…'
+                                : `Add inputs (${missingInputColumnNames.length})`}
+                            </Button>
+                          </Tooltip.Trigger>
+                          <Tooltip.Content side='top'>
+                            Adds {missingInputColumnNames.join(', ')} to the workflow's Start block
+                          </Tooltip.Content>
+                        </Tooltip.Root>
+                      }
+                    />
+                  )}
+              </div>
+
+              <FieldDivider />
+
+              <div className='flex flex-col gap-[9.5px]'>
+                <FieldLabel required>Output columns</FieldLabel>
+                <p className='pl-0.5 text-[var(--text-tertiary)] text-caption'>
+                  Each picked output becomes a column filled with the workflow's value for that
+                  field.
+                </p>
+                <div className='flex max-h-[280px] min-w-0 flex-col overflow-y-auto rounded-md border border-[var(--border)]'>
+                  {workflowState.isLoading ? (
+                    <div className='px-2 py-3 text-[var(--text-tertiary)] text-small'>
+                      Loading workflow…
+                    </div>
+                  ) : blockOutputGroups.length === 0 ? (
+                    <div className='px-2 py-3 text-[var(--text-tertiary)] text-small'>
+                      No outputs found.
+                    </div>
+                  ) : (
+                    blockOutputGroups.map((group, gi) => (
+                      <div
+                        key={group.blockId}
+                        className={cn(
+                          gi < blockOutputGroups.length - 1 && 'border-[var(--border)] border-b'
+                        )}
+                      >
+                        <div className='flex items-center gap-1.5 bg-[var(--surface-2)] px-2.5 py-1.5'>
+                          <TagIcon icon={group.blockIcon} color={group.blockColor} />
+                          <span className='font-medium text-[var(--text-secondary)] text-small'>
+                            {group.blockName}
+                          </span>
+                        </div>
+                        {group.paths.map((path) => {
+                          const encoded = encodeOutputValue(group.blockId, path)
+                          const checked = selectedOutputs.includes(encoded)
+                          return (
+                            <div
+                              key={encoded}
+                              role='checkbox'
+                              aria-checked={checked}
+                              tabIndex={0}
+                              onClick={() => toggleOutput(encoded)}
+                              onKeyDown={(e) => {
+                                if (e.key === ' ' || e.key === 'Enter') {
+                                  e.preventDefault()
+                                  toggleOutput(encoded)
+                                }
+                              }}
+                              className='flex h-[28px] flex-shrink-0 cursor-pointer items-center gap-2 px-2.5 hover:bg-[var(--surface-2)]'
+                            >
+                              <Checkbox
+                                size='sm'
+                                checked={checked}
+                                className='pointer-events-none'
+                              />
+                              <span className='font-medium text-[var(--text-secondary)] text-small'>
+                                {path}
+                              </span>
+                            </div>
+                          )
+                        })}
+                      </div>
+                    ))
+                  )}
+                </div>
+                {showValidation && selectedWorkflowId && selectedOutputs.length === 0 && (
+                  <FieldError message='Pick at least one output column' />
+                )}
+              </div>
+
+              <FieldDivider />
+
+              <RunSettingsSection
+                open={runSettingsOpen}
+                onOpenChange={setRunSettingsOpen}
+                summary={runSettingsSummary}
+                scalarDepColumns={scalarDepColumns}
+                groupDepOptions={groupDepOptions}
+                deps={deps}
+                groupDeps={groupDeps}
+                workflows={workflows}
+                onToggleDep={toggleDep}
+                onToggleGroupDep={toggleGroupDep}
+              />
+            </>
+          )}
+        </div>
+
+        <div className='flex items-center gap-2 border-[var(--border)] border-t px-2 py-3'>
+          {saveError ? (
+            <p
+              role='alert'
+              className='min-w-0 flex-1 break-words pl-0.5 text-caption text-destructive'
+            >
+              {saveError}
+            </p>
+          ) : (
+            <span className='flex-1' />
+          )}
+          <Button variant='default' size='sm' onClick={onClose}>
+            Cancel
+          </Button>
+          <Button variant='primary' size='sm' onClick={handleSave} disabled={saveDisabled}>
+            {updateColumn.isPending || addColumn.isPending ? 'Saving…' : 'Save'}
+          </Button>
+        </div>
+      </div>
+    </aside>
+  )
+}
diff --git a/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/column-sidebar/column-types.ts b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/column-sidebar/column-types.ts
new file mode 100644
index 00000000000..10e392e82a1
--- /dev/null
+++ b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/column-sidebar/column-types.ts
@@ -0,0 +1,32 @@
+import type React from 'react'
+import {
+  Calendar as CalendarIcon,
+  PlayOutline,
+  TypeBoolean,
+  TypeJson,
+  TypeNumber,
+  TypeText,
+} from '@/components/emcn/icons'
+import type { ColumnDefinition } from '@/lib/table'
+
+/**
+ * UI-only column type. `'workflow'` is a virtual selection that lets the user
+ * configure a workflow group from the sidebar; on save, it expands into N real
+ * scalar columns + one workflow group, none of which carry a `'workflow'` type.
+ */
+export type SidebarColumnType = ColumnDefinition['type'] | 'workflow'
+
+export interface ColumnTypeOption {
+  type: SidebarColumnType
+  label: string
+  icon: React.ComponentType<{ className?: string }>
+}
+
+export const COLUMN_TYPE_OPTIONS: ColumnTypeOption[] = [
+  { type: 'string', label: 'Text', icon: TypeText },
+  { type: 'number', label: 'Number', icon: TypeNumber },
+  { type: 'boolean', label: 'Boolean', icon: TypeBoolean },
+  { type: 'date', label: 'Date', icon: CalendarIcon },
+  { type: 'json', label: 'JSON', icon: TypeJson },
+  { type: 'workflow', label: 'Workflow', icon: PlayOutline },
+]
diff --git a/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/context-menu/context-menu.tsx b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/context-menu/context-menu.tsx
index 9939e3cd2f4..dfe0523ba8d 100644
--- a/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/context-menu/context-menu.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/context-menu/context-menu.tsx
@@ -5,7 +5,7 @@ import {
   DropdownMenuSeparator,
   DropdownMenuTrigger,
 } from '@/components/emcn'
-import { ArrowDown, ArrowUp, Duplicate, Pencil, Trash } from '@/components/emcn/icons'
+import { ArrowDown, ArrowUp, Duplicate, Eye, Pencil, Trash } from '@/components/emcn/icons'
 import type { ContextMenuState } from '../../types'
 
 interface ContextMenuProps {
@@ -16,6 +16,9 @@ interface ContextMenuProps {
   onInsertAbove: () => void
   onInsertBelow: () => void
   onDuplicate: () => void
+  onViewExecution?: () => void
+  canViewExecution?: boolean
+  canEditCell?: boolean
   selectedRowCount?: number
   disableEdit?: boolean
   disableInsert?: boolean
@@ -30,6 +33,9 @@ export function ContextMenu({
   onInsertAbove,
   onInsertBelow,
   onDuplicate,
+  onViewExecution,
+  canViewExecution = false,
+  canEditCell = true,
   selectedRowCount = 1,
   disableEdit = false,
   disableInsert = false,
@@ -63,12 +69,18 @@ export function ContextMenu({
         sideOffset={4}
         onCloseAutoFocus={(e) => e.preventDefault()}
       >
-        {contextMenu.columnName && (
+        {contextMenu.columnName && canEditCell && (
           <DropdownMenuItem disabled={disableEdit} onSelect={onEditCell}>
             <Pencil />
             Edit cell
           </DropdownMenuItem>
         )}
+        {canViewExecution && onViewExecution && (
+          <DropdownMenuItem onSelect={onViewExecution}>
+            <Eye />
+            View execution
+          </DropdownMenuItem>
+        )}
         <DropdownMenuItem disabled={disableInsert} onSelect={onInsertAbove}>
           <ArrowUp />
           Insert row above
diff --git a/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/cells/cell-content.tsx b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/cells/cell-content.tsx
new file mode 100644
index 00000000000..57457056af0
--- /dev/null
+++ b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/cells/cell-content.tsx
@@ -0,0 +1,171 @@
+'use client'
+
+import type React from 'react'
+import { Circle } from 'lucide-react'
+import { Checkbox } from '@/components/emcn'
+import { Loader } from '@/components/emcn/icons/loader'
+import { cn } from '@/lib/core/utils/cn'
+import type { RowExecutionMetadata } from '@/lib/table'
+import type { SaveReason } from '../../../types'
+import { storageToDisplay } from '../../../utils'
+import type { DisplayColumn } from '../types'
+import { InlineEditor } from './inline-editors'
+
+interface CellContentProps {
+  value: unknown
+  exec?: RowExecutionMetadata
+  column: DisplayColumn
+  isEditing: boolean
+  initialCharacter?: string | null
+  onSave: (value: unknown, reason: SaveReason) => void
+  onCancel: () => void
+  workflowNameById?: Record<string, string>
+}
+
+/**
+ * Renders the visible content of a single cell. Workflow-output cells follow
+ * a status-state-machine (block error / value / running / waiting / cancelled
+ * / dash); plain cells render the typed value. When `isEditing` is true the
+ * `InlineEditor` overlay sits on top of the static content.
+ */
+export function CellContent({
+  value,
+  exec,
+  column,
+  isEditing,
+  initialCharacter,
+  onSave,
+  onCancel,
+}: CellContentProps) {
+  const isNull = value === null || value === undefined
+
+  let displayContent: React.ReactNode = null
+  if (column.workflowGroupId) {
+    const blockId = column.outputBlockId
+    const blockError = blockId ? exec?.blockErrors?.[blockId] : undefined
+    const blockRunning = blockId ? (exec?.runningBlockIds?.includes(blockId) ?? false) : false
+    const hasValue = !isNull
+    const valueText =
+      typeof value === 'string'
+        ? value
+        : value === null || value === undefined
+          ? ''
+          : JSON.stringify(value)
+
+    // Once any block in the group has reported an error, downstream cells
+    // that haven't started won't run on this attempt — collapse them to dash
+    // instead of leaving a stale "Waiting" spinner if the cell task didn't
+    // reach a clean terminal state.
+    const groupHasBlockErrors = !!(exec?.blockErrors && Object.keys(exec.blockErrors).length > 0)
+    if (blockError) {
+      displayContent = (
+        <span
+          className='block overflow-clip text-ellipsis text-[var(--text-error)]'
+          title={blockError}
+        >
+          Error
+        </span>
+      )
+    } else if (hasValue) {
+      displayContent = (
+        <span className='block overflow-clip text-ellipsis text-[var(--text-primary)]'>
+          {valueText}
+        </span>
+      )
+    } else if (
+      (exec?.status === 'running' || exec?.status === 'pending') &&
+      !(groupHasBlockErrors && !blockRunning)
+    ) {
+      // Motion only when this cell's own block is in flight. Pending and
+      // upstream-blocked Waiting render as static dots — the moving spinner
+      // is reserved for "right now, actually running".
+      if (blockRunning) {
+        displayContent = (
+          <div className='flex min-h-[20px] min-w-0 items-center gap-1.5'>
+            <Loader animate className='h-3.5 w-3.5 shrink-0 text-[var(--text-tertiary)]' />
+            <span className='min-w-0 overflow-clip text-ellipsis whitespace-nowrap text-[var(--text-tertiary)]'>
+              Running
+            </span>
+          </div>
+        )
+      } else {
+        const label = exec.status === 'pending' ? 'Pending' : 'Waiting'
+        displayContent = (
+          <div className='flex min-h-[20px] min-w-0 items-center gap-1.5'>
+            <Circle className='h-[10px] w-[10px] shrink-0 text-[var(--text-tertiary)]' />
+            <span className='min-w-0 overflow-clip text-ellipsis whitespace-nowrap text-[var(--text-tertiary)]'>
+              {label}
+            </span>
+          </div>
+        )
+      }
+    } else if (exec?.status === 'cancelled') {
+      displayContent = (
+        <span className='block overflow-clip text-ellipsis text-[var(--text-tertiary)]'>
+          Cancelled
+        </span>
+      )
+    } else {
+      displayContent = <span className='text-[var(--text-tertiary)]'>—</span>
+    }
+    // Workflow-output cells are hand-editable: hide the status content under
+    // the InlineEditor when the user opts to edit, then fall through to the
+    // common return that renders the editor overlay.
+    if (isEditing) {
+      displayContent = <div className='invisible'>{displayContent}</div>
+    }
+  } else if (column.type === 'boolean') {
+    displayContent = (
+      <div
+        className={cn('flex min-h-[20px] items-center justify-center', isEditing && 'invisible')}
+      >
+        <Checkbox size='sm' checked={Boolean(value)} className='pointer-events-none' />
+      </div>
+    )
+  } else if (!isNull && column.type === 'json') {
+    displayContent = (
+      <span
+        className={cn(
+          'block overflow-clip text-ellipsis text-[var(--text-primary)]',
+          isEditing && 'invisible'
+        )}
+      >
+        {JSON.stringify(value)}
+      </span>
+    )
+  } else if (!isNull && column.type === 'date') {
+    displayContent = (
+      <span className={cn('text-[var(--text-primary)]', isEditing && 'invisible')}>
+        {storageToDisplay(String(value))}
+      </span>
+    )
+  } else if (!isNull) {
+    displayContent = (
+      <span
+        className={cn(
+          'block overflow-clip text-ellipsis text-[var(--text-primary)]',
+          isEditing && 'invisible'
+        )}
+      >
+        {String(value)}
+      </span>
+    )
+  }
+
+  return (
+    <>
+      {isEditing && (
+        <div className='absolute inset-0 z-10 flex items-start px-0'>
+          <InlineEditor
+            value={value}
+            column={column}
+            initialCharacter={initialCharacter ?? undefined}
+            onSave={onSave}
+            onCancel={onCancel}
+          />
+        </div>
+      )}
+      {displayContent}
+    </>
+  )
+}
diff --git a/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/cells/expanded-cell-popover.tsx b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/cells/expanded-cell-popover.tsx
new file mode 100644
index 00000000000..388622c82b9
--- /dev/null
+++ b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/cells/expanded-cell-popover.tsx
@@ -0,0 +1,209 @@
+'use client'
+
+import type React from 'react'
+import { useEffect, useLayoutEffect, useMemo, useRef, useState } from 'react'
+import { Button } from '@/components/emcn'
+import type { TableRow as TableRowType } from '@/lib/table'
+import type { EditingCell, SaveReason } from '../../../types'
+import { cleanCellValue, displayToStorage, formatValueForInput } from '../../../utils'
+import type { DisplayColumn } from '../types'
+
+interface ExpandedCellPopoverProps {
+  expandedCell: EditingCell | null
+  onClose: () => void
+  rows: TableRowType[]
+  columns: DisplayColumn[]
+  onSave: (rowId: string, columnName: string, value: unknown, reason: SaveReason) => void
+  canEdit: boolean
+  scrollContainer: HTMLElement | null
+}
+
+const EXPANDED_CELL_MIN_WIDTH = 420
+const EXPANDED_CELL_HEIGHT = 280
+
+/**
+ * Supabase-style anchored cell expander. Floats over the clicked cell at the cell's
+ * top-left, minimum width {@link EXPANDED_CELL_MIN_WIDTH}, fixed height, internally
+ * scrollable. Triggered by cell double-click so long values are readable/editable
+ * without widening the column. Inline edit via Enter/F2/typing is unaffected.
+ *
+ * Workflow and boolean cells are read-only in this view — workflow cells are driven
+ * by the scheduler, booleans use a checkbox cell inline.
+ */
+export function ExpandedCellPopover({
+  expandedCell,
+  onClose,
+  rows,
+  columns,
+  onSave,
+  canEdit,
+  scrollContainer,
+}: ExpandedCellPopoverProps) {
+  const rootRef = useRef<HTMLDivElement>(null)
+  const textareaRef = useRef<HTMLTextAreaElement>(null)
+  const [rect, setRect] = useState<{ top: number; left: number; width: number } | null>(null)
+  const [draftValue, setDraftValue] = useState<string>('')
+
+  const target = useMemo(() => {
+    if (!expandedCell) return null
+    const row = rows.find((r) => r.id === expandedCell.rowId)
+    // Match the specific visual column the user double-clicked on. Fanned-out
+    // workflow columns share `name` across siblings, so prefer `key` when set.
+    const matchByKey = expandedCell.columnKey
+      ? (c: DisplayColumn) => c.key === expandedCell.columnKey
+      : (c: DisplayColumn) => c.name === expandedCell.columnName
+    const column = columns.find(matchByKey)
+    if (!row || !column) return null
+    const colIndex = columns.findIndex(matchByKey)
+    return { row, column, colIndex, value: row.data[column.name] }
+  }, [expandedCell, rows, columns])
+
+  const isBooleanCell = target?.column.type === 'boolean'
+  // Workflow-output cells are editable in the expanded view too — the user
+  // can override the workflow's value. Booleans toggle inline; the expanded
+  // popover only handles text-shaped inputs.
+  const isEditable = Boolean(target) && canEdit && !isBooleanCell
+
+  const displayText = useMemo(() => {
+    if (!target) return ''
+    const { value } = target
+    if (value == null) return ''
+    if (typeof value === 'string') return value
+    return JSON.stringify(value, null, 2)
+  }, [target])
+
+  useLayoutEffect(() => {
+    if (!expandedCell || !target) {
+      setRect(null)
+      return
+    }
+    setDraftValue(isEditable ? formatValueForInput(target.value, target.column.type) : '')
+    const selector = `[data-table-scroll] [data-row="${target.row.position}"][data-col="${target.colIndex}"]`
+    const el = document.querySelector<HTMLElement>(selector)
+    if (!el) {
+      setRect(null)
+      return
+    }
+    const r = el.getBoundingClientRect()
+    setRect({ top: r.top, left: r.left, width: r.width })
+    // Focus textarea on open so typing works immediately.
+    requestAnimationFrame(() => textareaRef.current?.focus())
+  }, [expandedCell, target, isEditable])
+
+  useEffect(() => {
+    if (!expandedCell) return
+    const handleKey = (e: KeyboardEvent) => {
+      if (e.key === 'Escape') {
+        e.preventDefault()
+        onClose()
+      }
+    }
+    const handleMouseDown = (e: MouseEvent) => {
+      if (!rootRef.current) return
+      if (rootRef.current.contains(e.target as Node)) return
+      onClose()
+    }
+    window.addEventListener('keydown', handleKey)
+    window.addEventListener('mousedown', handleMouseDown)
+    return () => {
+      window.removeEventListener('keydown', handleKey)
+      window.removeEventListener('mousedown', handleMouseDown)
+    }
+  }, [expandedCell, onClose])
+
+  // Close on table scroll — re-anchoring mid-scroll is more jarring than dismissing.
+  useEffect(() => {
+    if (!expandedCell || !scrollContainer) return
+    const handler = () => onClose()
+    scrollContainer.addEventListener('scroll', handler, { passive: true })
+    return () => scrollContainer.removeEventListener('scroll', handler)
+  }, [expandedCell, scrollContainer, onClose])
+
+  if (!expandedCell || !target || !rect) return null
+
+  const width = Math.max(rect.width, EXPANDED_CELL_MIN_WIDTH)
+  // Clamp to viewport. Prefer anchoring at the cell's left edge; if the popover
+  // would overflow right, align its right edge with the cell's right edge
+  // (mirroring Radix/menu flip behavior). Same idea for bottom-of-viewport.
+  const VIEWPORT_PAD = 8
+  const cellRight = rect.left + rect.width
+  const overflowsRight = rect.left + width > window.innerWidth - VIEWPORT_PAD
+  const left = overflowsRight
+    ? Math.max(VIEWPORT_PAD, cellRight - width)
+    : Math.max(VIEWPORT_PAD, rect.left)
+  const overflowsBottom = rect.top + EXPANDED_CELL_HEIGHT > window.innerHeight - VIEWPORT_PAD
+  const top = overflowsBottom
+    ? Math.max(VIEWPORT_PAD, window.innerHeight - EXPANDED_CELL_HEIGHT - VIEWPORT_PAD)
+    : rect.top
+
+  const handleSave = () => {
+    if (!isEditable) return
+    // `displayToStorage` only normalizes dates — it returns null for anything else.
+    // Fall back to the raw draft for non-date columns, matching the inline editor.
+    const raw = displayToStorage(draftValue) ?? draftValue
+    const cleaned = cleanCellValue(raw, target.column)
+    onSave(target.row.id, target.column.name, cleaned, 'blur')
+    onClose()
+  }
+
+  const handleTextareaKeyDown = (e: React.KeyboardEvent<HTMLTextAreaElement>) => {
+    if (e.key === 'Enter' && !e.shiftKey) {
+      e.preventDefault()
+      handleSave()
+    }
+  }
+
+  return (
+    <div
+      ref={rootRef}
+      role='dialog'
+      aria-label={`Expanded view of ${target.column.name}`}
+      className='fixed z-50 flex flex-col overflow-hidden rounded-md border border-[var(--border-1)] bg-[var(--bg)] shadow-md'
+      style={{ top, left, width, height: EXPANDED_CELL_HEIGHT }}
+    >
+      {isEditable ? (
+        <>
+          <textarea
+            ref={textareaRef}
+            value={draftValue}
+            onChange={(e) => setDraftValue(e.target.value)}
+            onKeyDown={handleTextareaKeyDown}
+            className='min-h-0 flex-1 resize-none bg-transparent px-2.5 py-2 font-sans text-[var(--text-primary)] text-small outline-none placeholder:text-[var(--text-muted)]'
+            spellCheck={false}
+            autoCorrect='off'
+          />
+          <div className='flex items-center justify-between border-[var(--border)] border-t bg-[var(--surface-2)] px-2 py-1.5'>
+            <span className='text-[var(--text-tertiary)] text-caption'>
+              <kbd className='font-mono'>↵</kbd> save · <kbd className='font-mono'>esc</kbd> cancel
+            </span>
+            <div className='flex items-center gap-1.5'>
+              <Button variant='ghost' size='sm' onClick={onClose}>
+                Cancel
+              </Button>
+              <Button size='sm' variant='primary' onClick={handleSave}>
+                Save
+              </Button>
+            </div>
+          </div>
+        </>
+      ) : (
+        <>
+          <div className='min-h-0 flex-1 overflow-auto px-2.5 py-2'>
+            {displayText ? (
+              <pre className='whitespace-pre-wrap break-words font-sans text-[var(--text-primary)] text-small'>
+                {displayText}
+              </pre>
+            ) : (
+              <span className='text-[var(--text-tertiary)] text-small'>(empty)</span>
+            )}
+          </div>
+          <div className='flex items-center justify-end border-[var(--border)] border-t bg-[var(--surface-2)] px-2 py-1.5'>
+            <Button variant='ghost' size='sm' onClick={onClose}>
+              Close
+            </Button>
+          </div>
+        </>
+      )}
+    </div>
+  )
+}
diff --git a/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/cells/inline-editors.tsx b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/cells/inline-editors.tsx
new file mode 100644
index 00000000000..40dd661e822
--- /dev/null
+++ b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/cells/inline-editors.tsx
@@ -0,0 +1,217 @@
+'use client'
+
+import { useCallback, useEffect, useRef, useState } from 'react'
+import { DatePicker } from '@/components/emcn'
+import { cn } from '@/lib/core/utils/cn'
+import type { ColumnDefinition } from '@/lib/table'
+import type { SaveReason } from '../../../types'
+import {
+  cleanCellValue,
+  displayToStorage,
+  formatValueForInput,
+  storageToDisplay,
+} from '../../../utils'
+
+interface InlineEditorProps {
+  value: unknown
+  column: ColumnDefinition
+  initialCharacter?: string
+  onSave: (value: unknown, reason: SaveReason) => void
+  onCancel: () => void
+}
+
+/** Inline editor for `date` columns — text input + popover DatePicker. */
+function InlineDateEditor({
+  value,
+  column,
+  initialCharacter,
+  onSave,
+  onCancel,
+}: InlineEditorProps) {
+  const inputRef = useRef<HTMLInputElement>(null)
+  const doneRef = useRef(false)
+  const blurTimeoutRef = useRef<ReturnType<typeof setTimeout> | undefined>(undefined)
+
+  const storedValue = formatValueForInput(value, column.type)
+  const [draft, setDraft] = useState(() =>
+    initialCharacter !== undefined ? initialCharacter : storageToDisplay(storedValue)
+  )
+
+  const pickerValue = displayToStorage(draft) || storedValue || undefined
+
+  useEffect(() => {
+    const input = inputRef.current
+    if (!input) return
+    input.focus()
+    if (initialCharacter !== undefined) {
+      const len = input.value.length
+      input.setSelectionRange(len, len)
+    } else {
+      input.select()
+    }
+  }, [])
+
+  useEffect(() => () => clearTimeout(blurTimeoutRef.current), [])
+
+  const doSave = useCallback(
+    (reason: SaveReason, storageVal?: string) => {
+      if (doneRef.current) return
+      doneRef.current = true
+      clearTimeout(blurTimeoutRef.current)
+      const raw = storageVal ?? displayToStorage(draft) ?? draft
+      const val = raw && !Number.isNaN(Date.parse(raw)) ? raw : null
+      onSave(val, reason)
+    },
+    [draft, onSave]
+  )
+
+  const handleKeyDown = useCallback(
+    (e: React.KeyboardEvent) => {
+      if (e.key === 'Enter') {
+        e.preventDefault()
+        doSave('enter')
+      } else if (e.key === 'Tab') {
+        e.preventDefault()
+        doSave(e.shiftKey ? 'shift-tab' : 'tab')
+      } else if (e.key === 'Escape') {
+        e.preventDefault()
+        doneRef.current = true
+        clearTimeout(blurTimeoutRef.current)
+        onCancel()
+      }
+    },
+    [doSave, onCancel]
+  )
+
+  const handleBlur = useCallback(() => {
+    blurTimeoutRef.current = setTimeout(() => doSave('blur'), 200)
+  }, [doSave])
+
+  const handlePickerChange = useCallback(
+    (dateStr: string) => {
+      clearTimeout(blurTimeoutRef.current)
+      doSave('enter', dateStr)
+    },
+    [doSave]
+  )
+
+  const handlePickerOpenChange = useCallback((open: boolean) => {
+    if (!open && !doneRef.current) {
+      clearTimeout(blurTimeoutRef.current)
+      inputRef.current?.focus()
+    }
+  }, [])
+
+  return (
+    <>
+      <input
+        ref={inputRef}
+        type='text'
+        value={draft}
+        onChange={(e) => setDraft(e.target.value)}
+        onKeyDown={handleKeyDown}
+        onBlur={handleBlur}
+        placeholder='mm/dd/yyyy'
+        className={cn(
+          'w-full min-w-0 select-text border-none bg-transparent p-0 text-[var(--text-primary)] text-small outline-none'
+        )}
+      />
+      <div className='absolute top-full left-0 h-0 w-0'>
+        <DatePicker
+          mode='single'
+          value={pickerValue}
+          onChange={handlePickerChange}
+          open={true}
+          onOpenChange={handlePickerOpenChange}
+          showTrigger={false}
+          size='sm'
+        />
+      </div>
+    </>
+  )
+}
+
+/** Inline editor for `string`/`number`/`json` columns — single-line text input. */
+function InlineTextEditor({
+  value,
+  column,
+  initialCharacter,
+  onSave,
+  onCancel,
+}: InlineEditorProps) {
+  const inputRef = useRef<HTMLInputElement>(null)
+  const [draft, setDraft] = useState(() =>
+    initialCharacter !== undefined ? initialCharacter : formatValueForInput(value, column.type)
+  )
+  const doneRef = useRef(false)
+
+  useEffect(() => {
+    const input = inputRef.current
+    if (!input) return
+
+    input.focus()
+    if (initialCharacter !== undefined) {
+      const len = input.value.length
+      input.setSelectionRange(len, len)
+    } else {
+      input.select()
+    }
+
+    const forwardWheel = (e: WheelEvent) => {
+      e.preventDefault()
+      const container = input.closest('[data-table-scroll]') as HTMLElement | null
+      if (container) {
+        container.scrollBy(e.deltaX, e.deltaY)
+      }
+    }
+
+    input.addEventListener('wheel', forwardWheel, { passive: false })
+    return () => input.removeEventListener('wheel', forwardWheel)
+  }, [])
+
+  const doSave = (reason: SaveReason) => {
+    if (doneRef.current) return
+    doneRef.current = true
+    try {
+      onSave(cleanCellValue(draft, column), reason)
+    } catch {
+      onCancel()
+    }
+  }
+
+  const handleKeyDown = (e: React.KeyboardEvent) => {
+    if (e.key === 'Enter') {
+      e.preventDefault()
+      doSave('enter')
+    } else if (e.key === 'Tab') {
+      e.preventDefault()
+      doSave(e.shiftKey ? 'shift-tab' : 'tab')
+    } else if (e.key === 'Escape') {
+      e.preventDefault()
+      doneRef.current = true
+      onCancel()
+    }
+  }
+
+  return (
+    <input
+      ref={inputRef}
+      type='text'
+      value={draft}
+      onChange={(e) => setDraft(e.target.value)}
+      onKeyDown={handleKeyDown}
+      onBlur={() => doSave('blur')}
+      className={cn(
+        'w-full min-w-0 select-text border-none bg-transparent p-0 text-[var(--text-primary)] text-small outline-none'
+      )}
+    />
+  )
+}
+
+/** Dispatches to the right editor variant based on the column type. */
+export function InlineEditor(props: InlineEditorProps) {
+  if (props.column.type === 'date') {
+    return <InlineDateEditor {...props} />
+  }
+  return <InlineTextEditor {...props} />
+}
diff --git a/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/constants.ts b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/constants.ts
new file mode 100644
index 00000000000..cc2c314ded8
--- /dev/null
+++ b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/constants.ts
@@ -0,0 +1,6 @@
+/** Tailwind class applied to selected rows / columns / cells. */
+export const SELECTION_TINT_BG = 'bg-[rgba(37,99,235,0.06)]'
+
+/** Default column width in pixels. Used as a fallback when a column hasn't
+ *  been measured yet and as the initial width for newly-added columns. */
+export const COL_WIDTH = 160
diff --git a/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/headers/column-header-menu.tsx b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/headers/column-header-menu.tsx
new file mode 100644
index 00000000000..da955ee1322
--- /dev/null
+++ b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/headers/column-header-menu.tsx
@@ -0,0 +1,346 @@
+'use client'
+
+import React, { useCallback, useEffect, useRef, useState } from 'react'
+import { ChevronDown } from 'lucide-react'
+import { cn } from '@/lib/core/utils/cn'
+import type { ColumnDefinition, WorkflowGroup } from '@/lib/table'
+import type { WorkflowMetadata } from '@/stores/workflows/registry/types'
+import { COL_WIDTH, SELECTION_TINT_BG } from '../constants'
+import type { ColumnSourceInfo, DisplayColumn } from '../types'
+import { ColumnTypeIcon } from './column-type-icon'
+import { ColumnOptionsMenu } from './workflow-group-meta-cell'
+
+interface ColumnHeaderMenuProps {
+  column: DisplayColumn
+  colIndex: number
+  readOnly?: boolean
+  isRenaming: boolean
+  isColumnSelected: boolean
+  renameValue: string
+  onRenameValueChange: (value: string) => void
+  onRenameSubmit: () => void
+  onRenameCancel: () => void
+  onColumnSelect: (colIndex: number, shiftKey: boolean) => void
+  onChangeType: (columnName: string, newType: ColumnDefinition['type']) => void
+  onInsertLeft: (columnName: string) => void
+  onInsertRight: (columnName: string) => void
+  onDeleteColumn: (columnName: string) => void
+  onResizeStart: (columnKey: string) => void
+  onResize: (columnKey: string, width: number) => void
+  onResizeEnd: () => void
+  onAutoResize: (columnKey: string) => void
+  onDragStart?: (columnName: string) => void
+  onDragOver?: (columnName: string, side: 'left' | 'right') => void
+  onDragEnd?: () => void
+  onDragLeave?: () => void
+  workflows?: WorkflowMetadata[]
+  workflowGroups?: WorkflowGroup[]
+  sourceInfo?: ColumnSourceInfo
+  onOpenConfig: (columnName: string) => void
+}
+
+/**
+ * One column's header cell: rename / chevron menu / drag-handle / resize-grip.
+ * Handles its own pointer-capture for drag and resize because both interact
+ * with sibling DOM elements outside this th's natural bubbling path.
+ */
+export const ColumnHeaderMenu = React.memo(function ColumnHeaderMenu({
+  column,
+  colIndex,
+  readOnly,
+  isRenaming,
+  isColumnSelected,
+  renameValue,
+  onRenameValueChange,
+  onRenameSubmit,
+  onRenameCancel,
+  onColumnSelect,
+  onInsertLeft,
+  onInsertRight,
+  onDeleteColumn,
+  onResizeStart,
+  onResize,
+  onResizeEnd,
+  onAutoResize,
+  onDragStart,
+  onDragOver,
+  onDragEnd,
+  onDragLeave,
+  workflows,
+  workflowGroups,
+  sourceInfo,
+  onOpenConfig,
+}: ColumnHeaderMenuProps) {
+  const renameInputRef = useRef<HTMLInputElement>(null)
+  const didDragRef = useRef(false)
+  const [menuOpen, setMenuOpen] = useState(false)
+  const [menuPosition, setMenuPosition] = useState({ x: 0, y: 0 })
+  const ownGroup =
+    column.workflowGroupId && workflowGroups
+      ? workflowGroups.find((g) => g.id === column.workflowGroupId)
+      : undefined
+  const configuredWorkflow = ownGroup
+    ? workflows?.find((w) => w.id === ownGroup.workflowId)
+    : undefined
+  // Workflow-output column with siblings → "Hide column" (non-destructive,
+  // re-addable from sidebar). Last output of a group → "Delete workflow"
+  // (removes the entire group). Plain column → undefined (default "Delete column").
+  const deleteLabel = ownGroup
+    ? ownGroup.outputs.length > 1
+      ? 'Hide column'
+      : 'Delete workflow'
+    : undefined
+  const workflowColor = configuredWorkflow?.color
+  const blockIconInfo = sourceInfo?.blockIconInfo
+  const blockName = sourceInfo?.blockName
+
+  useEffect(() => {
+    if (isRenaming && renameInputRef.current) {
+      renameInputRef.current.focus()
+      renameInputRef.current.select()
+    }
+  }, [isRenaming])
+
+  const handleResizePointerDown = useCallback(
+    (e: React.PointerEvent) => {
+      e.preventDefault()
+      e.stopPropagation()
+      const startX = e.clientX
+      const th = (e.currentTarget as HTMLElement).closest('th')
+      const startWidth = th ? th.getBoundingClientRect().width : COL_WIDTH
+
+      const target = e.currentTarget as HTMLElement
+      target.setPointerCapture(e.pointerId)
+
+      onResizeStart(column.key)
+
+      const handlePointerMove = (ev: PointerEvent) => {
+        onResize(column.key, startWidth + (ev.clientX - startX))
+      }
+
+      const cleanup = () => {
+        target.removeEventListener('pointermove', handlePointerMove)
+        target.removeEventListener('pointerup', cleanup)
+        target.removeEventListener('pointercancel', cleanup)
+        onResizeEnd()
+      }
+
+      target.addEventListener('pointermove', handlePointerMove)
+      target.addEventListener('pointerup', cleanup)
+      target.addEventListener('pointercancel', cleanup)
+    },
+    [column.key, onResizeStart, onResize, onResizeEnd]
+  )
+
+  const handleDragStart = useCallback(
+    (e: React.DragEvent) => {
+      if (readOnly || isRenaming) {
+        e.preventDefault()
+        return
+      }
+      didDragRef.current = true
+      e.dataTransfer.effectAllowed = 'move'
+      e.dataTransfer.setData('text/plain', column.name)
+
+      const ghost = document.createElement('div')
+      ghost.textContent = column.name
+      ghost.style.cssText =
+        'position:absolute;top:-9999px;padding:4px 8px;background:var(--bg);border:1px solid var(--border);border-radius:4px;font-size:13px;font-weight:500;white-space:nowrap;color:var(--text-primary)'
+      document.body.appendChild(ghost)
+      e.dataTransfer.setDragImage(ghost, ghost.offsetWidth / 2, ghost.offsetHeight / 2)
+      requestAnimationFrame(() => ghost.parentNode?.removeChild(ghost))
+
+      onDragStart?.(column.name)
+    },
+    [column.name, readOnly, isRenaming, onDragStart]
+  )
+
+  const handleDragOver = useCallback(
+    (e: React.DragEvent) => {
+      e.preventDefault()
+      e.dataTransfer.dropEffect = 'move'
+      const rect = (e.currentTarget as HTMLElement).getBoundingClientRect()
+      const midX = rect.left + rect.width / 2
+      const side = e.clientX < midX ? 'left' : 'right'
+      onDragOver?.(column.name, side)
+    },
+    [column.name, onDragOver]
+  )
+
+  const handleDrop = useCallback((e: React.DragEvent) => {
+    e.preventDefault()
+  }, [])
+
+  const handleDragEnd = useCallback(() => {
+    didDragRef.current = false
+    onDragEnd?.()
+  }, [onDragEnd])
+
+  const handleDragLeave = useCallback(
+    (e: React.DragEvent) => {
+      const th = e.currentTarget as HTMLElement
+      const related = e.relatedTarget as Node | null
+      if (related && th.contains(related)) return
+      onDragLeave?.()
+    },
+    [onDragLeave]
+  )
+
+  function handleHeaderClick(e: React.MouseEvent) {
+    if (didDragRef.current) {
+      didDragRef.current = false
+      return
+    }
+    if (isRenaming) return
+    onColumnSelect(colIndex, e.shiftKey)
+    if (!e.shiftKey) {
+      onOpenConfig(column.name)
+    }
+  }
+
+  function handleChevronClick(e: React.MouseEvent) {
+    e.stopPropagation()
+    const rect = (e.currentTarget as HTMLElement).closest('th')?.getBoundingClientRect()
+    if (rect) {
+      setMenuPosition({ x: rect.left, y: rect.bottom })
+    }
+    setMenuOpen(true)
+  }
+
+  function handleContextMenu(e: React.MouseEvent) {
+    if (readOnly || isRenaming) return
+    e.preventDefault()
+    setMenuPosition({ x: e.clientX, y: e.clientY })
+    setMenuOpen(true)
+  }
+
+  return (
+    <th
+      className='group relative border-[var(--border)] border-r border-b bg-[var(--bg)] p-0 text-left align-middle'
+      draggable={!readOnly && !isRenaming}
+      onDragStart={handleDragStart}
+      onDragEnd={handleDragEnd}
+      onDragOver={handleDragOver}
+      onDrop={handleDrop}
+      onDragLeave={handleDragLeave}
+      onContextMenu={handleContextMenu}
+    >
+      {/* Selection tint as a separate overlay so the th's opaque `--bg` stays
+          intact — `bg-[rgba(...)]` would otherwise replace `bg-[var(--bg)]`,
+          letting the sticky thead leak rows from below through it. */}
+      {isColumnSelected && (
+        <div
+          className={cn('pointer-events-none absolute inset-0', SELECTION_TINT_BG)}
+          aria-hidden='true'
+        />
+      )}
+      {isRenaming ? (
+        <div className='flex h-full w-full min-w-0 items-center px-2 py-[7px]'>
+          <ColumnTypeIcon
+            type={column.type}
+            workflowColor={workflowColor}
+            blockIconInfo={blockIconInfo}
+          />
+          <input
+            ref={renameInputRef}
+            type='text'
+            value={renameValue}
+            onChange={(e) => onRenameValueChange(e.target.value)}
+            onKeyDown={(e) => {
+              if (e.key === 'Enter') onRenameSubmit()
+              if (e.key === 'Escape') onRenameCancel()
+            }}
+            onBlur={onRenameSubmit}
+            className='ml-1.5 min-w-0 flex-1 border-0 bg-transparent p-0 font-medium text-[var(--text-primary)] text-small outline-none focus:outline-none focus:ring-0'
+          />
+        </div>
+      ) : readOnly ? (
+        <div className='flex h-full w-full min-w-0 items-center px-2 py-[7px]'>
+          <ColumnTypeIcon
+            type={column.type}
+            workflowColor={workflowColor}
+            blockIconInfo={blockIconInfo}
+          />
+          {column.workflowGroupId ? (
+            <div className='ml-1.5 flex min-w-0 flex-1 flex-col text-left'>
+              {blockName && (
+                <span className='block w-full min-w-0 truncate text-[var(--text-tertiary)] text-caption leading-tight'>
+                  {blockName}
+                </span>
+              )}
+              <span className='block w-full min-w-0 truncate font-medium text-[13px] text-[var(--text-primary)] leading-tight'>
+                {column.headerLabel}
+              </span>
+            </div>
+          ) : (
+            <span className='ml-1.5 min-w-0 overflow-clip text-ellipsis whitespace-nowrap font-medium text-[13px] text-[var(--text-primary)]'>
+              {column.name}
+            </span>
+          )}
+        </div>
+      ) : (
+        <div className='flex h-full w-full min-w-0 items-center'>
+          <button
+            type='button'
+            className='flex min-w-0 flex-1 cursor-pointer items-center px-2 py-[7px] outline-none'
+            onClick={handleHeaderClick}
+            draggable={false}
+          >
+            <ColumnTypeIcon
+              type={column.type}
+              workflowColor={workflowColor}
+              blockIconInfo={blockIconInfo}
+            />
+            {column.workflowGroupId ? (
+              <div className='ml-1.5 flex min-w-0 flex-1 flex-col items-start text-left'>
+                {blockName && (
+                  <span className='block w-full min-w-0 truncate text-[10px] text-[var(--text-tertiary)] leading-tight'>
+                    {blockName}
+                  </span>
+                )}
+                <span className='block w-full min-w-0 truncate font-medium text-[var(--text-primary)] text-small leading-tight'>
+                  {column.headerLabel}
+                </span>
+              </div>
+            ) : (
+              <span className='ml-1.5 min-w-0 overflow-clip text-ellipsis whitespace-nowrap font-medium text-[var(--text-primary)] text-small'>
+                {column.name}
+              </span>
+            )}
+          </button>
+          <button
+            type='button'
+            className='flex h-full shrink-0 cursor-pointer items-center pr-2.5 pl-0.5 text-[var(--text-muted)] opacity-0 transition-opacity hover:text-[var(--text-primary)] group-hover:opacity-100'
+            onClick={handleChevronClick}
+            draggable={false}
+            aria-label='Column options'
+          >
+            <ChevronDown className='h-[7px] w-[9px]' />
+          </button>
+          <ColumnOptionsMenu
+            open={menuOpen}
+            onOpenChange={setMenuOpen}
+            position={menuPosition}
+            column={column}
+            deleteLabel={deleteLabel}
+            onOpenConfig={onOpenConfig}
+            onInsertLeft={onInsertLeft}
+            onInsertRight={onInsertRight}
+            onDeleteColumn={onDeleteColumn}
+          />
+        </div>
+      )}
+      <div
+        className='-right-[3px] absolute top-0 z-[1] h-full w-[6px] cursor-col-resize'
+        draggable={false}
+        onDragStart={(e) => e.stopPropagation()}
+        onPointerDown={handleResizePointerDown}
+        onDoubleClick={(e) => {
+          e.preventDefault()
+          e.stopPropagation()
+          onAutoResize(column.key)
+        }}
+      />
+    </th>
+  )
+})
diff --git a/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/headers/column-type-icon.tsx b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/headers/column-type-icon.tsx
new file mode 100644
index 00000000000..f0fc0d08be7
--- /dev/null
+++ b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/headers/column-type-icon.tsx
@@ -0,0 +1,59 @@
+'use client'
+
+import type React from 'react'
+import {
+  Calendar as CalendarIcon,
+  TypeBoolean,
+  TypeJson,
+  TypeNumber,
+  TypeText,
+} from '@/components/emcn/icons'
+import type { BlockIconInfo } from '../types'
+
+export const COLUMN_TYPE_ICONS: Record<string, React.ElementType> = {
+  string: TypeText,
+  number: TypeNumber,
+  boolean: TypeBoolean,
+  date: CalendarIcon,
+  json: TypeJson,
+}
+
+interface ColumnTypeIconProps {
+  type: string
+  workflowColor?: string
+  blockIconInfo?: BlockIconInfo
+}
+
+/**
+ * Tiny icon shown next to a column header. For workflow-output columns:
+ * the producing block's icon (when known) or a colored swatch tinted with
+ * the workflow's color. For plain columns: the type icon.
+ */
+export function ColumnTypeIcon({ type, workflowColor, blockIconInfo }: ColumnTypeIconProps) {
+  if (workflowColor || blockIconInfo) {
+    if (blockIconInfo) {
+      const BlockIcon = blockIconInfo.icon
+      return (
+        <span
+          className='flex h-[18px] w-[18px] shrink-0 items-center justify-center rounded-[4px]'
+          style={{ background: blockIconInfo.color }}
+        >
+          <BlockIcon className='!text-white h-[12px] w-[12px]' />
+        </span>
+      )
+    }
+    const color = workflowColor ?? 'var(--text-muted)'
+    return (
+      <span
+        className='h-3 w-3 shrink-0 rounded-sm border-[2px]'
+        style={{
+          backgroundColor: color,
+          borderColor: workflowColor ? `${workflowColor}60` : 'var(--border)',
+          backgroundClip: 'padding-box',
+        }}
+      />
+    )
+  }
+  const Icon = COLUMN_TYPE_ICONS[type] ?? TypeText
+  return <Icon className='h-3 w-3 shrink-0 text-[var(--text-icon)]' />
+}
diff --git a/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/headers/workflow-group-meta-cell.tsx b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/headers/workflow-group-meta-cell.tsx
new file mode 100644
index 00000000000..8b3403053f6
--- /dev/null
+++ b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/headers/workflow-group-meta-cell.tsx
@@ -0,0 +1,293 @@
+'use client'
+
+import type React from 'react'
+import { useCallback, useState } from 'react'
+import {
+  DropdownMenu,
+  DropdownMenuContent,
+  DropdownMenuItem,
+  DropdownMenuSeparator,
+  DropdownMenuSub,
+  DropdownMenuSubContent,
+  DropdownMenuSubTrigger,
+  DropdownMenuTrigger,
+} from '@/components/emcn'
+import { ArrowLeft, ArrowRight, EyeOff, Pencil, PlayOutline, Trash } from '@/components/emcn/icons'
+import { cn } from '@/lib/core/utils/cn'
+import type { WorkflowMetadata } from '@/stores/workflows/registry/types'
+import { SELECTION_TINT_BG } from '../constants'
+import type { DisplayColumn } from '../types'
+
+const WORKFLOW_META_BG_ALPHA = 12 // 0–255
+
+interface ColumnOptionsMenuProps {
+  open: boolean
+  onOpenChange: (open: boolean) => void
+  position: { x: number; y: number }
+  column: DisplayColumn
+  /** Override for the destructive item's label. Defaults to "Delete column"
+   *  (or "Delete workflow" when `onDeleteGroup` is set). Use "Hide column"
+   *  when the destructive action is non-lossy (workflow-output column where
+   *  removing it leaves the group with siblings). */
+  deleteLabel?: string
+  onOpenConfig: (columnName: string) => void
+  onInsertLeft: (columnName: string) => void
+  onInsertRight: (columnName: string) => void
+  onDeleteColumn: (columnName: string) => void
+  /** When provided (i.e. menu opened from a workflow-group meta header), the
+   *  "Delete" item deletes the entire workflow group rather than the single
+   *  column. Wins over `onDeleteColumn` for the destructive action. */
+  onDeleteGroup?: () => void
+  /** When provided, the menu is being opened from a workflow-group header and
+   *  exposes group-level run actions above the column actions. */
+  onRunGroupAll?: () => void
+  onRunGroupIncomplete?: () => void
+}
+
+/**
+ * Shared column-options dropdown rendered next to the column header chevron
+ * AND on right-click of the workflow group meta cell. Anchors to a fixed
+ * position passed in (so callers can place it under the chevron, or at the
+ * cursor for context-menu use). Rename / change type / unique live in the
+ * column sidebar (opened by Edit column).
+ */
+export function ColumnOptionsMenu({
+  open,
+  onOpenChange,
+  position,
+  column,
+  deleteLabel,
+  onOpenConfig,
+  onInsertLeft,
+  onInsertRight,
+  onDeleteColumn,
+  onDeleteGroup,
+  onRunGroupAll,
+  onRunGroupIncomplete,
+}: ColumnOptionsMenuProps) {
+  const showRunActions = Boolean(onRunGroupAll && onRunGroupIncomplete)
+  return (
+    <DropdownMenu open={open} onOpenChange={onOpenChange}>
+      <DropdownMenuTrigger asChild>
+        <div
+          style={{
+            position: 'fixed',
+            left: `${position.x}px`,
+            top: `${position.y}px`,
+            width: '1px',
+            height: '1px',
+            pointerEvents: 'none',
+          }}
+          tabIndex={-1}
+          aria-hidden='true'
+        />
+      </DropdownMenuTrigger>
+      <DropdownMenuContent
+        align='start'
+        side='bottom'
+        sideOffset={4}
+        className='max-h-none'
+        onCloseAutoFocus={(e) => e.preventDefault()}
+      >
+        {showRunActions && (
+          <>
+            <DropdownMenuSub>
+              <DropdownMenuSubTrigger>
+                <PlayOutline />
+                Run
+              </DropdownMenuSubTrigger>
+              <DropdownMenuSubContent>
+                <DropdownMenuItem onSelect={() => onRunGroupAll?.()}>Run all rows</DropdownMenuItem>
+                <DropdownMenuItem onSelect={() => onRunGroupIncomplete?.()}>
+                  Run empty rows
+                </DropdownMenuItem>
+              </DropdownMenuSubContent>
+            </DropdownMenuSub>
+            <DropdownMenuSeparator />
+          </>
+        )}
+        <DropdownMenuItem onSelect={() => onOpenConfig(column.name)}>
+          <Pencil />
+          Edit column
+        </DropdownMenuItem>
+        <DropdownMenuSeparator />
+        <DropdownMenuItem onSelect={() => onInsertLeft(column.name)}>
+          <ArrowLeft />
+          Insert column left
+        </DropdownMenuItem>
+        <DropdownMenuItem onSelect={() => onInsertRight(column.name)}>
+          <ArrowRight />
+          Insert column right
+        </DropdownMenuItem>
+        <DropdownMenuSeparator />
+        <DropdownMenuItem
+          onSelect={() => (onDeleteGroup ? onDeleteGroup() : onDeleteColumn(column.name))}
+        >
+          {deleteLabel === 'Hide column' ? <EyeOff /> : <Trash />}
+          {deleteLabel ?? (onDeleteGroup ? 'Delete workflow' : 'Delete column')}
+        </DropdownMenuItem>
+      </DropdownMenuContent>
+    </DropdownMenu>
+  )
+}
+
+interface WorkflowGroupMetaCellProps {
+  workflowId: string
+  groupId: string
+  size: number
+  startColIndex: number
+  columnName: string
+  /** Underlying logical column — needed for the right-click options menu. */
+  column?: DisplayColumn
+  workflows?: WorkflowMetadata[]
+  isGroupSelected: boolean
+  onSelectGroup: (startColIndex: number, size: number) => void
+  onOpenConfig: (columnName: string) => void
+  onRunGroup?: (groupId: string, workflowId: string, mode?: 'all' | 'incomplete') => void
+  onInsertLeft?: (columnName: string) => void
+  onInsertRight?: (columnName: string) => void
+  onDeleteColumn?: (columnName: string) => void
+  /** Right-click delete on the group header drops the entire workflow group. */
+  onDeleteGroup?: (groupId: string) => void
+}
+
+/**
+ * Spans a fanned-out workflow column group in the table's meta header row.
+ * Renders the workflow's color chip + name so the grouping across N sibling
+ * columns reads as one unit.
+ */
+export function WorkflowGroupMetaCell({
+  workflowId,
+  groupId,
+  size,
+  startColIndex,
+  columnName,
+  column,
+  workflows,
+  isGroupSelected,
+  onSelectGroup,
+  onOpenConfig,
+  onRunGroup,
+  onInsertLeft,
+  onInsertRight,
+  onDeleteColumn,
+  onDeleteGroup,
+}: WorkflowGroupMetaCellProps) {
+  const wf = workflows?.find((w) => w.id === workflowId)
+  const color = wf?.color ?? 'var(--text-muted)'
+  const name = wf?.name ?? 'Workflow'
+
+  const [optionsMenuOpen, setOptionsMenuOpen] = useState(false)
+  const [optionsMenuPosition, setOptionsMenuPosition] = useState({ x: 0, y: 0 })
+  const [runMenuOpen, setRunMenuOpen] = useState(false)
+
+  const handleRunAll = useCallback(() => {
+    if (groupId && workflowId) onRunGroup?.(groupId, workflowId, 'all')
+  }, [groupId, workflowId, onRunGroup])
+
+  const handleRunIncomplete = useCallback(() => {
+    if (groupId && workflowId) onRunGroup?.(groupId, workflowId, 'incomplete')
+  }, [groupId, workflowId, onRunGroup])
+
+  const handleContextMenu = useCallback(
+    (e: React.MouseEvent) => {
+      if (!column) return
+      e.preventDefault()
+      e.stopPropagation()
+      setOptionsMenuPosition({ x: e.clientX, y: e.clientY })
+      setOptionsMenuOpen(true)
+    },
+    [column]
+  )
+
+  const handleClick = useCallback(
+    (e: React.MouseEvent<HTMLTableCellElement>) => {
+      // Ignore clicks that landed on an interactive child (badge, play button,
+      // dropdown items rendered via portal). Only the bare meta-cell area
+      // should select the group + open the config sidebar.
+      const target = e.target as HTMLElement
+      if (target.closest('button, [role="menuitem"], [role="menu"]')) return
+      onSelectGroup(startColIndex, size)
+      if (columnName) onOpenConfig(columnName)
+    },
+    [columnName, onOpenConfig, onSelectGroup, size, startColIndex]
+  )
+
+  return (
+    <th
+      colSpan={size}
+      onClick={handleClick}
+      onContextMenu={handleContextMenu}
+      className='group relative cursor-pointer border-[var(--border)] border-r border-b border-l bg-[var(--bg)] px-2 py-[5px] text-left align-middle'
+    >
+      <div
+        className='pointer-events-none absolute inset-0'
+        style={{ background: `${color}${WORKFLOW_META_BG_ALPHA.toString(16).padStart(2, '0')}` }}
+      />
+      {/* Selection tint as a separate overlay so the th's opaque `--bg` stays
+          intact — see column-header-menu for the same fix. */}
+      {isGroupSelected && (
+        <div
+          className={cn('pointer-events-none absolute inset-0', SELECTION_TINT_BG)}
+          aria-hidden='true'
+        />
+      )}
+      <div
+        className='pointer-events-none absolute inset-x-0 top-0 h-[2px]'
+        style={{ background: color }}
+      />
+      <div className='flex h-[18px] min-w-0 items-center gap-1.5'>
+        <span
+          className='h-[10px] w-[10px] shrink-0 rounded-sm border-[2px]'
+          style={{
+            backgroundColor: color,
+            borderColor: `${color}60`,
+            backgroundClip: 'padding-box',
+          }}
+        />
+        <span className='min-w-0 truncate font-medium text-[11px] text-[var(--text-secondary)]'>
+          {name}
+        </span>
+        {onRunGroup && (
+          <DropdownMenu open={runMenuOpen} onOpenChange={setRunMenuOpen}>
+            <DropdownMenuTrigger asChild>
+              <button
+                type='button'
+                className='flex h-[16px] w-[16px] shrink-0 cursor-pointer items-center justify-center rounded-sm text-[var(--text-muted)] transition-colors hover:bg-[var(--surface-2)] hover:text-[var(--text-primary)]'
+                onClick={(e) => e.stopPropagation()}
+                aria-label='Run group'
+                title='Run group'
+              >
+                <PlayOutline className='h-[10px] w-[10px]' />
+              </button>
+            </DropdownMenuTrigger>
+            <DropdownMenuContent
+              align='start'
+              side='bottom'
+              sideOffset={4}
+              onCloseAutoFocus={(e) => e.preventDefault()}
+            >
+              <DropdownMenuItem onSelect={handleRunAll}>Run all rows</DropdownMenuItem>
+              <DropdownMenuItem onSelect={handleRunIncomplete}>Run empty rows</DropdownMenuItem>
+            </DropdownMenuContent>
+          </DropdownMenu>
+        )}
+      </div>
+      {column && onInsertLeft && onInsertRight && onDeleteColumn && (
+        <ColumnOptionsMenu
+          open={optionsMenuOpen}
+          onOpenChange={setOptionsMenuOpen}
+          position={optionsMenuPosition}
+          column={column}
+          onOpenConfig={onOpenConfig}
+          onInsertLeft={onInsertLeft}
+          onInsertRight={onInsertRight}
+          onDeleteColumn={onDeleteColumn}
+          onDeleteGroup={onDeleteGroup ? () => onDeleteGroup(groupId) : undefined}
+          onRunGroupAll={onRunGroup ? handleRunAll : undefined}
+          onRunGroupIncomplete={onRunGroup ? handleRunIncomplete : undefined}
+        />
+      )}
+    </th>
+  )
+}
diff --git a/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/table.tsx b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/table.tsx
index eec30758795..6d624c8dd7d 100644
--- a/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/table.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/table.tsx
@@ -2,21 +2,13 @@
 
 import React, { useCallback, useEffect, useMemo, useRef, useState } from 'react'
 import { createLogger } from '@sim/logger'
+import { Square } from 'lucide-react'
 import { useParams, useRouter } from 'next/navigation'
 import { usePostHog } from 'posthog-js/react'
 import {
   Button,
   Checkbox,
-  DatePicker,
   Download,
-  DropdownMenu,
-  DropdownMenuContent,
-  DropdownMenuItem,
-  DropdownMenuSeparator,
-  DropdownMenuSub,
-  DropdownMenuSubContent,
-  DropdownMenuSubTrigger,
-  DropdownMenuTrigger,
   Modal,
   ModalBody,
   ModalContent,
@@ -27,79 +19,83 @@ import {
   Upload,
 } from '@/components/emcn'
 import {
-  ArrowLeft,
-  ArrowRight,
-  Calendar as CalendarIcon,
-  ChevronDown,
-  Fingerprint,
   Pencil,
+  PlayOutline,
   Plus,
   Table as TableIcon,
   TableX,
   Trash,
-  TypeBoolean,
-  TypeJson,
-  TypeNumber,
-  TypeText,
 } from '@/components/emcn/icons'
+import { Loader } from '@/components/emcn/icons/loader'
 import { cn } from '@/lib/core/utils/cn'
 import { captureEvent } from '@/lib/posthog/client'
 import type { ColumnDefinition, Filter, SortDirection, TableRow as TableRowType } from '@/lib/table'
 import type { ColumnOption, SortConfig } from '@/app/workspace/[workspaceId]/components'
 import { ResourceHeader, ResourceOptionsBar } from '@/app/workspace/[workspaceId]/components'
+import { LogDetails } from '@/app/workspace/[workspaceId]/logs/components'
 import { useUserPermissionsContext } from '@/app/workspace/[workspaceId]/providers/workspace-permissions-provider'
 import { ImportCsvDialog } from '@/app/workspace/[workspaceId]/tables/components/import-csv-dialog'
+import { useLogByExecutionId } from '@/hooks/queries/logs'
 import {
   downloadTableExport,
   useAddTableColumn,
   useBatchCreateTableRows,
   useBatchUpdateTableRows,
+  useCancelTableRuns,
   useCreateTableRow,
   useDeleteColumn,
   useDeleteTable,
+  useDeleteWorkflowGroup,
   useRenameTable,
+  useRunGroup,
   useUpdateColumn,
   useUpdateTableMetadata,
   useUpdateTableRow,
+  useUpdateWorkflowGroup,
 } from '@/hooks/queries/tables'
 import { useInlineRename } from '@/hooks/use-inline-rename'
 import { extractCreatedRowId, useTableUndo } from '@/hooks/use-table-undo'
+import { useLogDetailsUIStore } from '@/stores/logs/store'
 import type { DeletedRowSnapshot } from '@/stores/table/types'
-import { useContextMenu, useTableData } from '../../hooks'
+import { useContextMenu, useRowExecution, useTable } from '../../hooks'
 import type { EditingCell, QueryOptions, SaveReason } from '../../types'
-import {
-  cleanCellValue,
-  displayToStorage,
-  formatValueForInput,
-  storageToDisplay,
-} from '../../utils'
+import { cleanCellValue, storageToDisplay } from '../../utils'
+import { type ColumnConfigState, ColumnSidebar } from '../column-sidebar/column-sidebar'
 import { ContextMenu } from '../context-menu'
 import { RowModal } from '../row-modal'
 import { TableFilter } from '../table-filter'
-
-interface CellCoord {
-  rowIndex: number
-  colIndex: number
-}
-
-interface NormalizedSelection {
-  startRow: number
-  endRow: number
-  startCol: number
-  endCol: number
-  anchorRow: number
-  anchorCol: number
-}
+import { CellContent } from './cells/cell-content'
+import { ExpandedCellPopover } from './cells/expanded-cell-popover'
+import { COL_WIDTH, SELECTION_TINT_BG } from './constants'
+import { ColumnHeaderMenu } from './headers/column-header-menu'
+import { COLUMN_TYPE_ICONS } from './headers/column-type-icon'
+import { WorkflowGroupMetaCell } from './headers/workflow-group-meta-cell'
+import type { DisplayColumn } from './types'
+import {
+  areRowDepsSatisfied,
+  buildHeaderGroups,
+  type CellCoord,
+  collectRowSnapshots,
+  computeNormalizedSelection,
+  expandToDisplayColumns,
+  moveCell,
+  type NormalizedSelection,
+  readExecution,
+} from './utils'
 
 const logger = createLogger('TableView')
 
-const EMPTY_COLUMNS: never[] = []
 const EMPTY_CHECKED_ROWS = new Set<number>()
-const COL_WIDTH = 160
 const COL_WIDTH_MIN = 80
 const COL_WIDTH_AUTO_FIT_MAX = 1000
-const CHECKBOX_COL_WIDTH = 40
+// Wide enough to host the row-number + per-row run button side by side.
+// Single-digit row numbers (rows 1–9) and multi-digit (10+) need to render
+// with the play button at the same x-position so the column doesn't reflow
+// row-by-row.
+const CHECKBOX_COL_WIDTH = 56
 const ADD_COL_WIDTH = 120
+/** Width of the column-config slideout (matches `column-sidebar.tsx`'s `w-[400px]`). */
+const COLUMN_SIDEBAR_WIDTH = 400
 const SKELETON_COL_COUNT = 4
 const SKELETON_ROW_COUNT = 10
 const ROW_HEIGHT_ESTIMATE = 35
@@ -116,62 +112,6 @@ const CELL_CONTENT =
 const SELECTION_OVERLAY =
   'pointer-events-none absolute -top-px -right-px -bottom-px -left-px z-[5] border-[2px] border-[var(--selection)]'
 
-function moveCell(
-  anchor: CellCoord,
-  colCount: number,
-  totalRows: number,
-  direction: 1 | -1
-): CellCoord {
-  let newCol = anchor.colIndex + direction
-  let newRow = anchor.rowIndex
-  if (newCol >= colCount) {
-    newCol = 0
-    newRow = Math.min(totalRows - 1, newRow + 1)
-  } else if (newCol < 0) {
-    newCol = colCount - 1
-    newRow = Math.max(0, newRow - 1)
-  }
-  return { rowIndex: newRow, colIndex: newCol }
-}
-
-const COLUMN_TYPE_ICONS: Record<string, React.ElementType> = {
-  string: TypeText,
-  number: TypeNumber,
-  boolean: TypeBoolean,
-  date: CalendarIcon,
-  json: TypeJson,
-}
-
-function computeNormalizedSelection(
-  anchor: CellCoord | null,
-  focus: CellCoord | null
-): NormalizedSelection | null {
-  if (!anchor) return null
-  const f = focus ?? anchor
-  return {
-    startRow: Math.min(anchor.rowIndex, f.rowIndex),
-    endRow: Math.max(anchor.rowIndex, f.rowIndex),
-    startCol: Math.min(anchor.colIndex, f.colIndex),
-    endCol: Math.max(anchor.colIndex, f.colIndex),
-    anchorRow: anchor.rowIndex,
-    anchorCol: anchor.colIndex,
-  }
-}
-
-function collectRowSnapshots(
-  positions: Iterable<number>,
-  positionMap: Map<number, TableRowType>
-): DeletedRowSnapshot[] {
-  const snapshots: DeletedRowSnapshot[] = []
-  for (const pos of positions) {
-    const row = positionMap.get(pos)
-    if (row) {
-      snapshots.push({ rowId: row.id, data: { ...row.data }, position: row.position })
-    }
-  }
-  return snapshots
-}
-
 interface TableProps {
   workspaceId?: string
   tableId?: string
@@ -202,6 +142,7 @@ export function Table({
   const [deletingRows, setDeletingRows] = useState<DeletedRowSnapshot[]>([])
   const [editingCell, setEditingCell] = useState<EditingCell | null>(null)
   const [initialCharacter, setInitialCharacter] = useState<string | null>(null)
+  const [expandedCell, setExpandedCell] = useState<EditingCell | null>(null)
   const [selectionAnchor, setSelectionAnchor] = useState<CellCoord | null>(null)
   const [selectionFocus, setSelectionFocus] = useState<CellCoord | null>(null)
   const [checkedRows, setCheckedRows] = useState(EMPTY_CHECKED_ROWS)
@@ -241,11 +182,13 @@ export function Table({
     fetchNextPage,
     hasNextPage,
     isFetchingNextPage,
-  } = useTableData({
-    workspaceId,
-    tableId,
-    queryOptions,
-  })
+    workflows,
+    columns,
+    tableWorkflowGroups,
+    workflowStates,
+    columnSourceInfo,
+    workflowNameById,
+  } = useTable({ workspaceId, tableId, queryOptions })
 
   const fetchNextPageRef = useRef(fetchNextPage)
   fetchNextPageRef.current = fetchNextPage
@@ -265,6 +208,10 @@ export function Table({
     closeContextMenu,
   } = useContextMenu()
 
+  const { runWorkflowGroup } = useRowExecution()
+  const workflowsRef = useRef(workflows)
+  workflowsRef.current = workflows
+
   const updateRowMutation = useUpdateTableRow({ workspaceId, tableId })
   const createRowMutation = useCreateTableRow({ workspaceId, tableId })
   const batchCreateRowsMutation = useBatchCreateTableRows({ workspaceId, tableId })
@@ -273,16 +220,43 @@ export function Table({
   const updateColumnMutation = useUpdateColumn({ workspaceId, tableId })
   const deleteColumnMutation = useDeleteColumn({ workspaceId, tableId })
   const updateMetadataMutation = useUpdateTableMetadata({ workspaceId, tableId })
+  const cancelRunsMutation = useCancelTableRuns({ workspaceId, tableId })
+  const runGroupMutation = useRunGroup({ workspaceId, tableId })
+  const deleteWorkflowGroupMutation = useDeleteWorkflowGroup({ workspaceId, tableId })
+  const updateWorkflowGroupMutation = useUpdateWorkflowGroup({ workspaceId, tableId })
+
+  const handleRunGroup = useCallback(
+    (groupId: string, workflowId: string, runMode: 'all' | 'incomplete' = 'all') => {
+      runGroupMutation.mutate({ groupId, workflowId, runMode })
+    },
+    // mutate is stable; intentionally excluded from deps
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+    []
+  )
 
   function handleColumnOrderChange(order: string[]) {
     setColumnOrder(order)
   }
 
+  // Width keys are either the logical name or `${name}::${path}` (fanned-out
+  // workflow columns). Rename rewrites every key whose prefix matches.
   function handleColumnRename(oldName: string, newName: string) {
     let updatedWidths = columnWidthsRef.current
-    if (oldName in updatedWidths) {
-      const { [oldName]: width, ...rest } = updatedWidths
-      updatedWidths = { ...rest, [newName]: width }
+    let widthsChanged = false
+    const nextWidths: Record<string, number> = {}
+    for (const [key, width] of Object.entries(updatedWidths)) {
+      if (key === oldName) {
+        nextWidths[newName] = width
+        widthsChanged = true
+      } else if (key.startsWith(`${oldName}::`)) {
+        nextWidths[`${newName}${key.slice(oldName.length)}`] = width
+        widthsChanged = true
+      } else {
+        nextWidths[key] = width
+      }
+    }
+    if (widthsChanged) {
+      updatedWidths = nextWidths
       setColumnWidths(updatedWidths)
     }
     const updatedOrder = columnOrderRef.current?.map((n) => (n === oldName ? newName : n))
@@ -316,27 +290,35 @@ export function Table({
   const pushUndoRef = useRef(pushUndo)
   pushUndoRef.current = pushUndo
 
-  const columns = useMemo(
-    () => tableData?.schema?.columns || EMPTY_COLUMNS,
-    [tableData?.schema?.columns]
-  )
+  // `columns`, `tableWorkflowGroups`, `workflowStates`, `columnSourceInfo`,
+  // and `workflowNameById` come from `useTable` above.
 
-  const displayColumns = useMemo(() => {
-    if (!columnOrder || columnOrder.length === 0) return columns
-    const colMap = new Map(columns.map((c) => [c.name, c]))
-    const ordered: ColumnDefinition[] = []
-    for (const name of columnOrder) {
-      const col = colMap.get(name)
-      if (col) {
+  const displayColumns = useMemo<DisplayColumn[]>(() => {
+    let ordered: ColumnDefinition[]
+    if (!columnOrder || columnOrder.length === 0) {
+      ordered = columns
+    } else {
+      const colMap = new Map(columns.map((c) => [c.name, c]))
+      ordered = []
+      for (const name of columnOrder) {
+        const col = colMap.get(name)
+        if (col) {
+          ordered.push(col)
+          colMap.delete(name)
+        }
+      }
+      for (const col of colMap.values()) {
         ordered.push(col)
-        colMap.delete(name)
       }
     }
-    for (const col of colMap.values()) {
-      ordered.push(col)
-    }
-    return ordered
-  }, [columns, columnOrder])
+    return expandToDisplayColumns(ordered, tableWorkflowGroups)
+  }, [columns, columnOrder, tableWorkflowGroups])
+
+  const headerGroups = useMemo(
+    () => buildHeaderGroups(displayColumns, tableWorkflowGroups),
+    [displayColumns, tableWorkflowGroups]
+  )
+  const hasWorkflowGroup = headerGroups.some((g) => g.kind === 'workflow')
 
   const maxPosition = useMemo(() => (rows.length > 0 ? rows[rows.length - 1].position : -1), [rows])
   const maxPositionRef = useRef(maxPosition)
@@ -361,7 +343,7 @@ export function Table({
   const tableWidth = useMemo(() => {
     const colsWidth = isLoadingTable
       ? displayColCount * COL_WIDTH
-      : displayColumns.reduce((sum, col) => sum + (columnWidths[col.name] ?? COL_WIDTH), 0)
+      : displayColumns.reduce((sum, col) => sum + (columnWidths[col.key] ?? COL_WIDTH), 0)
     return CHECKBOX_COL_WIDTH + colsWidth + ADD_COL_WIDTH
   }, [isLoadingTable, displayColCount, displayColumns, columnWidths])
 
@@ -369,8 +351,8 @@ export function Table({
     if (!resizingColumn) return 0
     let left = CHECKBOX_COL_WIDTH
     for (const col of displayColumns) {
-      left += columnWidths[col.name] ?? COL_WIDTH
-      if (col.name === resizingColumn) return left
+      left += columnWidths[col.key] ?? COL_WIDTH
+      if (col.key === resizingColumn) return left
     }
     return 0
   }, [resizingColumn, displayColumns, columnWidths])
@@ -379,21 +361,36 @@ export function Table({
     if (!dropTargetColumnName || !dragColumnName) return null
     if (dropTargetColumnName === dragColumnName) return null
 
-    const dragIndex = displayColumns.findIndex((c) => c.name === dragColumnName)
-    const targetIndex = displayColumns.findIndex((c) => c.name === dropTargetColumnName)
-    if (dragIndex === -1 || targetIndex === -1) return null
+    // Drag/drop targets are LOGICAL columns; with fan-out, multiple visual columns
+    // share the same `name`. Compute the group's left edge and total width by
+    // accumulating across siblings.
+    const cols = displayColumns
+    const dragGroup = cols.findIndex((c) => c.name === dragColumnName)
+    const targetGroupStart = cols.findIndex((c) => c.name === dropTargetColumnName)
+    if (dragGroup === -1 || targetGroupStart === -1) return null
 
+    const dragGroupSize = cols[dragGroup].groupSize
+    const targetGroupSize = cols[targetGroupStart].groupSize
     const wouldBeNoOp =
-      (dropSide === 'right' && targetIndex === dragIndex - 1) ||
-      (dropSide === 'left' && targetIndex === dragIndex + 1)
+      (dropSide === 'right' && targetGroupStart + targetGroupSize === dragGroup) ||
+      (dropSide === 'left' && targetGroupStart === dragGroup + dragGroupSize)
     if (wouldBeNoOp) return null
 
     let left = CHECKBOX_COL_WIDTH
-    for (const col of displayColumns) {
-      const w = columnWidths[col.name] ?? COL_WIDTH
-      if (col.name === dropTargetColumnName) {
-        const lineLeft = dropSide === 'left' ? left : left + w
-        return { left, width: w, lineLeft }
+    for (let i = 0; i < cols.length; i++) {
+      const col = cols[i]
+      const w = columnWidths[col.key] ?? COL_WIDTH
+      if (i === targetGroupStart) {
+        // Clamp `targetGroupSize` to remaining columns — the memo's deps may not
+        // have settled in lockstep when a group shrinks (column removed) and we
+        // can briefly read past the end of `cols`.
+        const safeGroupSize = Math.min(targetGroupSize, cols.length - i)
+        let groupWidth = 0
+        for (let j = 0; j < safeGroupSize; j++) {
+          groupWidth += columnWidths[cols[i + j].key] ?? COL_WIDTH
+        }
+        const lineLeft = dropSide === 'left' ? left : left + groupWidth
+        return { left, width: groupWidth, lineLeft }
       }
       left += w
     }
@@ -422,6 +419,7 @@ export function Table({
 
   const columnsRef = useRef(displayColumns)
   const schemaColumnsRef = useRef(columns)
+  const workflowGroupsRef = useRef(tableWorkflowGroups)
   const rowsRef = useRef(rows)
   const selectionAnchorRef = useRef(selectionAnchor)
   const selectionFocusRef = useRef(selectionFocus)
@@ -431,6 +429,7 @@ export function Table({
 
   columnsRef.current = displayColumns
   schemaColumnsRef.current = columns
+  workflowGroupsRef.current = tableWorkflowGroups
   rowsRef.current = rows
   selectionAnchorRef.current = selectionAnchor
   selectionFocusRef.current = selectionFocus
@@ -574,6 +573,31 @@ export function Table({
   const handleInsertRowAbove = useCallback(() => handleInsertRow(0), [handleInsertRow])
   const handleInsertRowBelow = useCallback(() => handleInsertRow(1), [handleInsertRow])
 
+  const contextMenuColumnInfo = useMemo<{
+    isWorkflowColumn: boolean
+    executionId: string | null
+  }>(() => {
+    if (!contextMenu.row || !contextMenu.columnName) {
+      return { isWorkflowColumn: false, executionId: null }
+    }
+    const column = columnsRef.current.find((c) => c.name === contextMenu.columnName)
+    const groupId = column?.workflowGroupId
+    if (!column || !groupId) {
+      return { isWorkflowColumn: false, executionId: null }
+    }
+    const exec = contextMenu.row.executions?.[groupId]
+    return { isWorkflowColumn: true, executionId: exec?.executionId ?? null }
+  }, [contextMenu.row, contextMenu.columnName])
+  const contextMenuExecutionId = contextMenuColumnInfo.executionId
+  const contextMenuIsWorkflowColumn = contextMenuColumnInfo.isWorkflowColumn
+
+  const handleViewExecution = useCallback(() => {
+    if (!contextMenuExecutionId) return
+    setConfigState(null)
+    setExecutionDetailsId(contextMenuExecutionId)
+    closeContextMenu()
+  }, [contextMenuExecutionId, closeContextMenu])
+
   const handleDuplicateRow = useCallback(() => {
     if (!contextMenu.row) return
     const rowData = { ...contextMenu.row.data }
@@ -751,6 +775,21 @@ export function Table({
     scrollRef.current?.focus({ preventScroll: true })
   }, [])
 
+  const handleGroupSelect = useCallback((startColIndex: number, size: number) => {
+    const lastRow = maxPositionRef.current
+    if (lastRow < 0) return
+
+    setEditingCell(null)
+    setCheckedRows((prev) => (prev.size === 0 ? prev : EMPTY_CHECKED_ROWS))
+    lastCheckboxRowRef.current = null
+
+    setSelectionAnchor({ rowIndex: 0, colIndex: startColIndex })
+    setSelectionFocus({ rowIndex: lastRow, colIndex: startColIndex + size - 1 })
+    setIsColumnSelection(true)
+
+    scrollRef.current?.focus({ preventScroll: true })
+  }, [])
+
   const handleSelectAllRows = useCallback(() => {
     const rws = rowsRef.current
     const currentCols = columnsRef.current
@@ -774,12 +813,12 @@ export function Table({
     }
   }, [handleClearSelection, handleSelectAllRows])
 
-  const handleColumnResizeStart = useCallback((columnName: string) => {
-    setResizingColumn(columnName)
+  const handleColumnResizeStart = useCallback((columnKey: string) => {
+    setResizingColumn(columnKey)
   }, [])
 
-  const handleColumnResize = useCallback((columnName: string, width: number) => {
-    setColumnWidths((prev) => ({ ...prev, [columnName]: Math.max(COL_WIDTH_MIN, width) }))
+  const handleColumnResize = useCallback((columnKey: string, width: number) => {
+    setColumnWidths((prev) => ({ ...prev, [columnKey]: Math.max(COL_WIDTH_MIN, width) }))
   }, [])
 
   const handleColumnResizeEnd = useCallback(() => {
@@ -787,9 +826,9 @@ export function Table({
     updateMetadataRef.current({ columnWidths: columnWidthsRef.current })
   }, [])
 
-  const handleColumnAutoResize = useCallback((columnName: string) => {
+  const handleColumnAutoResize = useCallback((columnKey: string) => {
     const cols = columnsRef.current
-    const colIndex = cols.findIndex((c) => c.name === columnName)
+    const colIndex = cols.findIndex((c) => c.key === columnKey)
     if (colIndex === -1) return
 
     const column = cols[colIndex]
@@ -805,19 +844,23 @@ export function Table({
 
     try {
       measure.className = 'font-medium text-small'
-      measure.textContent = columnName
+      measure.textContent = column.headerLabel
       maxWidth = Math.max(maxWidth, measure.getBoundingClientRect().width + 57)
 
       measure.className = 'text-small'
       for (const row of currentRows) {
-        const val = row.data[columnName]
+        const val = row.data[column.name]
         if (val == null) continue
         let text: string
         if (column.type === 'json') {
-          try {
-            text = JSON.stringify(val)
-          } catch {
-            text = String(val)
+          if (typeof val === 'string') {
+            text = val
+          } else {
+            try {
+              text = JSON.stringify(val)
+            } catch {
+              text = String(val)
+            }
           }
         } else if (column.type === 'date') {
           text = storageToDisplay(String(val))
@@ -832,8 +875,8 @@ export function Table({
     }
 
     const newWidth = Math.min(Math.ceil(maxWidth), COL_WIDTH_AUTO_FIT_MAX)
-    setColumnWidths((prev) => ({ ...prev, [columnName]: newWidth }))
-    const updated = { ...columnWidthsRef.current, [columnName]: newWidth }
+    setColumnWidths((prev) => ({ ...prev, [columnKey]: newWidth }))
+    const updated = { ...columnWidthsRef.current, [columnKey]: newWidth }
     columnWidthsRef.current = updated
     updateMetadataRef.current({ columnWidths: updated })
   }, [])
@@ -847,6 +890,19 @@ export function Table({
   }, [])
 
   const handleColumnDragOver = useCallback((columnName: string, side: 'left' | 'right') => {
+    // Suppress drop targeting while hovering siblings of the dragged column's
+    // own group: reordering inside a group is meaningless (the group renders
+    // as a unit) and the chasing indicator just flickers.
+    const dragged = dragColumnNameRef.current
+    if (dragged) {
+      const cols = schemaColumnsRef.current
+      const draggedGid = cols.find((c) => c.name === dragged)?.workflowGroupId
+      const targetGid = cols.find((c) => c.name === columnName)?.workflowGroupId
+      if (draggedGid && draggedGid === targetGid) {
+        if (dropTargetColumnNameRef.current !== null) setDropTargetColumnName(null)
+        return
+      }
+    }
     if (columnName === dropTargetColumnNameRef.current && side === dropSideRef.current) return
     setDropTargetColumnName(columnName)
     setDropSide(side)
@@ -864,28 +920,107 @@ export function Table({
     const target = dropTargetColumnNameRef.current
     const side = dropSideRef.current
     if (target && dragged !== target) {
-      const cols = columnsRef.current
-      const currentOrder = columnOrderRef.current ?? cols.map((c) => c.name)
-      const fromIndex = currentOrder.indexOf(dragged)
-      const toIndex = currentOrder.indexOf(target)
-      if (fromIndex !== -1 && toIndex !== -1) {
-        const newOrder = currentOrder.filter((n) => n !== dragged)
-        let insertIndex = newOrder.indexOf(target)
-        if (side === 'right') insertIndex += 1
-        newOrder.splice(insertIndex, 0, dragged)
-        const orderChanged = newOrder.some((name, i) => currentOrder[i] !== name)
-        if (orderChanged) {
-          pushUndoRef.current({
-            type: 'reorder-columns',
-            previousOrder: currentOrder,
-            newOrder,
-          })
-          setColumnOrder(newOrder)
-          updateMetadataRef.current({
-            columnWidths: columnWidthsRef.current,
-            columnOrder: newOrder,
-          })
+      const schemaCols = schemaColumnsRef.current
+      const currentOrder = columnOrderRef.current ?? schemaCols.map((c) => c.name)
+
+      // Group-aware reorder: a workflow group's outputs must stay contiguous in
+      // the persisted column order (`workflow-columns.ts` validates this on
+      // save). So we treat the entire group as the unit being moved when the
+      // dragged column belongs to one, and snap the drop position to the
+      // outside edge of any group the target belongs to.
+      const colByName = new Map(schemaCols.map((c) => [c.name, c]))
+      const draggedGid = colByName.get(dragged)?.workflowGroupId
+
+      const orderIndex = new Map<string, number>()
+      currentOrder.forEach((n, i) => orderIndex.set(n, i))
+
+      // Compute the contiguous run covering the dragged column. For a plain
+      // column this is just [fromIndex, fromIndex]. For a group member it spans
+      // every sibling sharing the same workflowGroupId.
+      const fromIndex = orderIndex.get(dragged) ?? -1
+      if (fromIndex === -1) {
+        setDragColumnName(null)
+        setDropTargetColumnName(null)
+        setDropSide('left')
+        return
+      }
+      let runStart = fromIndex
+      let runEnd = fromIndex
+      if (draggedGid) {
+        while (
+          runStart > 0 &&
+          colByName.get(currentOrder[runStart - 1])?.workflowGroupId === draggedGid
+        ) {
+          runStart--
         }
+        while (
+          runEnd < currentOrder.length - 1 &&
+          colByName.get(currentOrder[runEnd + 1])?.workflowGroupId === draggedGid
+        ) {
+          runEnd++
+        }
+      }
+      const movedNames = currentOrder.slice(runStart, runEnd + 1)
+
+      // Resolve the *anchor* index in `currentOrder` to drop next to. If the
+      // target belongs to a group (and not the dragged group), snap to that
+      // group's outer edge so we never split it.
+      const targetIdx = orderIndex.get(target) ?? -1
+      if (targetIdx === -1) {
+        setDragColumnName(null)
+        setDropTargetColumnName(null)
+        setDropSide('left')
+        return
+      }
+      const targetGid = colByName.get(target)?.workflowGroupId
+      let anchorStart = targetIdx
+      let anchorEnd = targetIdx
+      if (targetGid && targetGid !== draggedGid) {
+        while (
+          anchorStart > 0 &&
+          colByName.get(currentOrder[anchorStart - 1])?.workflowGroupId === targetGid
+        ) {
+          anchorStart--
+        }
+        while (
+          anchorEnd < currentOrder.length - 1 &&
+          colByName.get(currentOrder[anchorEnd + 1])?.workflowGroupId === targetGid
+        ) {
+          anchorEnd++
+        }
+      }
+      // No-op if dropping the dragged run onto itself.
+      if (anchorStart >= runStart && anchorEnd <= runEnd) {
+        setDragColumnName(null)
+        setDropTargetColumnName(null)
+        setDropSide('left')
+        return
+      }
+
+      const remaining = currentOrder.filter((_, i) => i < runStart || i > runEnd)
+      // After removing the moved run, recompute the anchor's name-based index.
+      const anchorName = side === 'left' ? currentOrder[anchorStart] : currentOrder[anchorEnd]
+      let insertIndex = remaining.indexOf(anchorName)
+      if (insertIndex === -1) insertIndex = remaining.length
+      if (side === 'right') insertIndex += 1
+      const newOrder = [
+        ...remaining.slice(0, insertIndex),
+        ...movedNames,
+        ...remaining.slice(insertIndex),
+      ]
+
+      const orderChanged = newOrder.some((name, i) => currentOrder[i] !== name)
+      if (orderChanged) {
+        pushUndoRef.current({
+          type: 'reorder-columns',
+          previousOrder: currentOrder,
+          newOrder,
+        })
+        setColumnOrder(newOrder)
+        updateMetadataRef.current({
+          columnWidths: columnWidthsRef.current,
+          columnOrder: newOrder,
+        })
       }
     }
     setDragColumnName(null)
@@ -909,11 +1044,26 @@ export function Table({
     const cursorX = e.clientX - scrollRect.left + scrollEl.scrollLeft
 
     const cols = columnsRef.current
+    const draggedGid = cols.find((c) => c.name === dragColumnNameRef.current)?.workflowGroupId
     let left = CHECKBOX_COL_WIDTH
-    for (const col of cols) {
-      const w = columnWidthsRef.current[col.name] ?? COL_WIDTH
-      if (cursorX < left + w) {
-        const midX = left + w / 2
+    let i = 0
+    while (i < cols.length) {
+      const col = cols[i]
+      // Treat fanned-out groups as monolithic drop targets; accumulate across siblings.
+      // Clamp `groupSize` to remaining columns: dragover fires constantly and can
+      // race a column removal where the cached `groupSize` outpaces `cols.length`.
+      const groupSize = Math.min(col.groupSize, cols.length - i)
+      let groupWidth = 0
+      for (let j = 0; j < groupSize; j++) {
+        groupWidth += columnWidthsRef.current[cols[i + j].key] ?? COL_WIDTH
+      }
+      if (cursorX < left + groupWidth) {
+        // Inside the dragged column's own group → no-op drop, no indicator.
+        if (draggedGid && col.workflowGroupId === draggedGid) {
+          if (dropTargetColumnNameRef.current !== null) setDropTargetColumnName(null)
+          return
+        }
+        const midX = left + groupWidth / 2
         const side = cursorX < midX ? 'left' : 'right'
         if (col.name !== dropTargetColumnNameRef.current || side !== dropSideRef.current) {
           setDropTargetColumnName(col.name)
@@ -921,7 +1071,8 @@ export function Table({
         }
         return
       }
-      left += w
+      left += groupWidth
+      i += groupSize
     }
   }
 
@@ -956,12 +1107,31 @@ export function Table({
   useEffect(() => {
     if (!tableData?.metadata || metadataSeededRef.current) return
     if (!tableData.metadata.columnWidths && !tableData.metadata.columnOrder) return
-    metadataSeededRef.current = true
-    if (tableData.metadata.columnWidths) {
-      setColumnWidths(tableData.metadata.columnWidths)
+    // First load: seed both from the server and remember we've seeded.
+    if (!metadataSeededRef.current) {
+      metadataSeededRef.current = true
+      if (tableData.metadata.columnWidths) {
+        setColumnWidths(tableData.metadata.columnWidths)
+      }
+      if (tableData.metadata.columnOrder) {
+        setColumnOrder(tableData.metadata.columnOrder)
+      }
+      return
     }
-    if (tableData.metadata.columnOrder) {
-      setColumnOrder(tableData.metadata.columnOrder)
+    // After first load: only re-seed `columnOrder` when the *set of columns*
+    // changes (e.g. a workflow group adds/removes outputs server-side). Pure
+    // reorders are left alone so an in-flight optimistic drag isn't clobbered
+    // by a refetch returning the pre-drag order.
+    const serverOrder = tableData.metadata.columnOrder
+    if (serverOrder) {
+      const localOrder = columnOrderRef.current
+      const serverSet = new Set(serverOrder)
+      const localSet = new Set(localOrder ?? [])
+      const setChanged =
+        !localOrder || serverSet.size !== localSet.size || serverOrder.some((n) => !localSet.has(n))
+      if (setChanged) {
+        setColumnOrder(serverOrder)
+      }
     }
   }, [tableData?.metadata])
 
@@ -1014,16 +1184,54 @@ export function Table({
     setInitialCharacter(null)
   }, [])
 
-  const handleCellDoubleClick = useCallback((rowId: string, columnName: string) => {
-    if (!canEditRef.current) return
-    const column = columnsRef.current.find((c) => c.name === columnName)
-    if (!column || column.type === 'boolean') return
+  // Double-click highlights the cell's text and, only if the text is actually
+  // truncated, opens the expanded popover. The cell has `select-none` which
+  // suppresses the highlight even for programmatic selections, so we override
+  // `user-select` on the inner element until the next click. Workflow cells nest
+  // their text inside a span with its own `overflow-clip`, so we measure the leaf
+  // element's scroll dimensions, not just the wrapper div's.
+  const handleCellDoubleClick = useCallback(
+    (rowId: string, columnName: string, columnKey: string) => {
+      setSelectionFocus(null)
+      setIsColumnSelection(false)
 
-    setSelectionFocus(null)
-    setIsColumnSelection(false)
-    setEditingCell({ rowId, columnName })
-    setInitialCharacter(null)
-  }, [])
+      const row = rowsRef.current.find((r) => r.id === rowId)
+      const colIndex = columnsRef.current.findIndex((c) => c.key === columnKey)
+      let overflows = true
+      if (row && colIndex !== -1) {
+        const td = document.querySelector<HTMLElement>(
+          `[data-table-scroll] [data-row="${row.position}"][data-col="${colIndex}"]`
+        )
+        const inner = td?.querySelector<HTMLElement>(':scope > div:last-child')
+        if (inner) {
+          const candidates: HTMLElement[] = [inner]
+          const descendants = inner.querySelectorAll<HTMLElement>('*')
+          for (const el of descendants) candidates.push(el)
+          overflows = candidates.some(
+            (el) => el.scrollWidth > el.clientWidth + 1 || el.scrollHeight > el.clientHeight + 1
+          )
+
+          inner.style.userSelect = 'text'
+          const clear = () => {
+            inner.style.userSelect = ''
+            window.removeEventListener('mousedown', clear, true)
+          }
+          window.addEventListener('mousedown', clear, true)
+
+          const selection = window.getSelection()
+          if (selection) {
+            const range = document.createRange()
+            range.selectNodeContents(inner)
+            selection.removeAllRanges()
+            selection.addRange(range)
+          }
+        }
+      }
+
+      if (overflows) setExpandedCell({ rowId, columnName, columnKey })
+    },
+    []
+  )
 
   const mutateRef = useRef(updateRowMutation.mutate)
   mutateRef.current = updateRowMutation.mutate
@@ -1387,6 +1595,9 @@ export function Table({
       if (e.key.length === 1 && !e.metaKey && !e.ctrlKey && !e.altKey) {
         if (!canEditRef.current) return
         const col = cols[anchor.colIndex]
+        // Workflow-output cells are editable: the user can override the
+        // workflow's value if they want. Booleans toggle on space/click —
+        // typeahead doesn't apply to them.
         if (!col || col.type === 'boolean') return
         if (col.type === 'number' && !/[\d.-]/.test(e.key)) return
         if (col.type === 'date' && !/[\d\-/]/.test(e.key)) return
@@ -1718,16 +1929,12 @@ export function Table({
   }, [])
 
   const handleAddColumn = useCallback(() => {
+    // Open the sidebar in `'create'` mode — nothing is persisted until the
+    // user fills in name/type and hits Save. The sidebar's save flow handles
+    // both scalar (`addColumn`) and workflow-group (`addWorkflowGroup`) paths.
     const name = generateColumnName()
-    const position = schemaColumnsRef.current.length
-    addColumnMutation.mutate(
-      { name, type: 'string' },
-      {
-        onSuccess: () => {
-          pushUndoRef.current({ type: 'create-column', columnName: name, position })
-        },
-      }
-    )
+    setExecutionDetailsId(null)
+    setConfigState({ mode: 'create', columnName: name, proposedName: name })
   }, [generateColumnName])
 
   const handleChangeType = useCallback((columnName: string, newType: ColumnDefinition['type']) => {
@@ -1807,26 +2014,49 @@ export function Table({
     [generateColumnName, insertColumnInOrder]
   )
 
-  const handleToggleUnique = useCallback((columnName: string) => {
-    const column = columnsRef.current.find((c) => c.name === columnName)
-    if (!column) return
-    const previousValue = !!column.unique
-    pushUndoRef.current({
-      type: 'toggle-column-constraint',
-      columnName,
-      constraint: 'unique',
-      previousValue,
-      newValue: !previousValue,
-    })
-    updateColumnMutation.mutate({ columnName, updates: { unique: !previousValue } })
+  /**
+   * Config state for the side panel:
+   * - `null` → closed.
+   * - `{ mode: 'edit' }` → configuring an existing column (any type).
+   * - `{ mode: 'new' }` → user changed an existing column to workflow; not persisted until Save.
+   * - `{ mode: 'create' }` → user picked a workflow from "Add column"; column doesn't exist yet,
+   *   created on Save in a single POST.
+   */
+  const [configState, setConfigState] = useState<ColumnConfigState>(null)
+  /** Execution id whose run details are open in the slideout. */
+  const [executionDetailsId, setExecutionDetailsId] = useState<string | null>(null)
+  /**
+   * Right padding added to the table's scroll content while a slideout panel
+   * is open, equal to the panel's width. Without it, the rightmost columns are
+   * clipped under the panel and there's no way to scroll them into view.
+   * The two panels are mutually exclusive (each opener closes the other).
+   */
+  const logPanelWidth = useLogDetailsUIStore((state) => state.panelWidth)
+  const sidebarReservedPx = configState
+    ? COLUMN_SIDEBAR_WIDTH
+    : executionDetailsId
+      ? logPanelWidth
+      : 0
+
+  const handleConfigureColumn = useCallback((columnName: string) => {
+    setExecutionDetailsId(null)
+    setConfigState({ mode: 'edit', columnName })
   }, [])
 
-  const handleRenameColumn = useCallback(
-    (name: string) => columnRename.startRename(name, name),
-    [columnRename.startRename]
+  const handleDeleteWorkflowGroup = useCallback(
+    (groupId: string) => {
+      deleteWorkflowGroupMutation.mutate({ groupId })
+    },
+    [deleteWorkflowGroupMutation]
   )
 
-  const handleDeleteColumn = useCallback((columnName: string) => {
+  /**
+   * Computes the names slated for deletion given a click on `columnName` and
+   * the current column selection. If the click landed inside a multi-column
+   * selection, the entire selection is the target; otherwise it's just the
+   * clicked column.
+   */
+  const resolveDeletionNames = useCallback((columnName: string): string[] => {
     const cols = columnsRef.current
     if (isColumnSelectionRef.current && selectionAnchorRef.current) {
       const sel = computeNormalizedSelection(selectionAnchorRef.current, selectionFocusRef.current)
@@ -1837,16 +2067,63 @@ export function Table({
           for (let c = sel.startCol; c <= sel.endCol; c++) {
             if (c < cols.length) names.push(cols[c].name)
           }
-          if (names.length > 0) {
-            setDeletingColumns(names)
-            return
-          }
+          if (names.length > 0) return names
         }
       }
     }
-    setDeletingColumns([columnName])
+    return [columnName]
   }, [])
 
+  /**
+   * Hide a workflow-output column by removing it from its group's `outputs`
+   * via `updateWorkflowGroup`. Server-side this drops the schema column AND
+   * wipes the cell data on every row. The user can re-add the output from
+   * the sidebar's picker; the existing backfill repopulates from execution
+   * logs. Only valid when removing the columns leaves every affected group
+   * with at least one surviving output — caller must check first.
+   */
+  const hideWorkflowOutputColumns = useCallback(
+    (names: string[]) => {
+      const schemaCols = schemaColumnsRef.current
+      const groups = workflowGroupsRef.current
+      const removalsByGroup = new Map<string, Set<string>>()
+      for (const name of names) {
+        const def = schemaCols.find((c) => c.name === name)
+        if (!def?.workflowGroupId) return false
+        const set = removalsByGroup.get(def.workflowGroupId) ?? new Set<string>()
+        set.add(name)
+        removalsByGroup.set(def.workflowGroupId, set)
+      }
+      for (const [groupId, removed] of removalsByGroup) {
+        const group = groups.find((g) => g.id === groupId)
+        if (!group) return false
+        const remaining = group.outputs.filter((o) => !removed.has(o.columnName))
+        if (remaining.length === 0) return false
+        updateWorkflowGroupMutation.mutate({
+          groupId: group.id,
+          workflowId: group.workflowId,
+          name: group.name,
+          dependencies: group.dependencies,
+          outputs: remaining,
+        })
+      }
+      return true
+    },
+    [updateWorkflowGroupMutation]
+  )
+
+  const handleDeleteColumn = useCallback(
+    (columnName: string) => {
+      const names = resolveDeletionNames(columnName)
+      // If every target is a workflow output AND removing them all leaves each
+      // group with ≥1 output, hide them directly — no destructive-confirm
+      // modal, since the workflow can re-produce the value any time.
+      if (hideWorkflowOutputColumns(names)) return
+      setDeletingColumns(names)
+    },
+    [resolveDeletionNames, hideWorkflowOutputColumns]
+  )
+
   const handleDeleteColumnConfirm = useCallback(() => {
     if (!deletingColumns || deletingColumns.length === 0) return
     const columnsToDelete = [...deletingColumns]
@@ -1877,39 +2154,65 @@ export function Table({
       const previousWidth = columnWidthsRef.current[columnToDelete] ?? null
       const orderSnapshot = currentOrder ? [...currentOrder] : null
 
-      deleteColumnMutation.mutate(columnToDelete, {
-        onSuccess: () => {
-          deletedOriginalPositions.push(entry.position)
-          pushUndoRef.current({
-            type: 'delete-column',
-            columnName: columnToDelete,
-            columnType: entry.def?.type ?? 'string',
-            columnPosition: adjustedPosition >= 0 ? adjustedPosition : cols.length,
-            columnUnique: entry.def?.unique ?? false,
-            columnRequired: entry.def?.required ?? false,
-            cellData,
-            previousOrder: orderSnapshot,
-            previousWidth,
+      const onDeleted = () => {
+        deletedOriginalPositions.push(entry.position)
+        pushUndoRef.current({
+          type: 'delete-column',
+          columnName: columnToDelete,
+          columnType: entry.def?.type ?? 'string',
+          columnPosition: adjustedPosition >= 0 ? adjustedPosition : cols.length,
+          columnUnique: entry.def?.unique ?? false,
+          columnRequired: entry.def?.required ?? false,
+          cellData,
+          previousOrder: orderSnapshot,
+          previousWidth,
+        })
+
+        const { [columnToDelete]: _removedWidth, ...cleanedWidths } = columnWidthsRef.current
+        setColumnWidths(cleanedWidths)
+        columnWidthsRef.current = cleanedWidths
+
+        if (currentOrder) {
+          currentOrder = currentOrder.filter((n) => n !== columnToDelete)
+          setColumnOrder(currentOrder)
+          updateMetadataRef.current({
+            columnWidths: cleanedWidths,
+            columnOrder: currentOrder,
           })
+        } else {
+          updateMetadataRef.current({ columnWidths: cleanedWidths })
+        }
 
-          const { [columnToDelete]: _removedWidth, ...cleanedWidths } = columnWidthsRef.current
-          setColumnWidths(cleanedWidths)
-          columnWidthsRef.current = cleanedWidths
+        deleteNext(index + 1)
+      }
 
-          if (currentOrder) {
-            currentOrder = currentOrder.filter((n) => n !== columnToDelete)
-            setColumnOrder(currentOrder)
-            updateMetadataRef.current({
-              columnWidths: cleanedWidths,
-              columnOrder: currentOrder,
-            })
-          } else {
-            updateMetadataRef.current({ columnWidths: cleanedWidths })
-          }
+      // Workflow-output columns are owned by a group: route the delete through
+      // `updateWorkflowGroup` so the same code path fires whether the user
+      // deselects the output in the sidebar or right-clicks Delete column.
+      // Falls back to deleting the whole group when this is its last output,
+      // since a group with zero outputs is invalid.
+      const groupId = entry.def?.workflowGroupId
+      const group = groupId ? workflowGroupsRef.current.find((g) => g.id === groupId) : undefined
+      if (group) {
+        const remainingOutputs = group.outputs.filter((o) => o.columnName !== columnToDelete)
+        if (remainingOutputs.length === 0) {
+          deleteWorkflowGroupMutation.mutate({ groupId: group.id }, { onSuccess: onDeleted })
+        } else {
+          updateWorkflowGroupMutation.mutate(
+            {
+              groupId: group.id,
+              workflowId: group.workflowId,
+              name: group.name,
+              dependencies: group.dependencies,
+              outputs: remainingOutputs,
+            },
+            { onSuccess: onDeleted }
+          )
+        }
+        return
+      }
 
-          deleteNext(index + 1)
-        },
-      })
+      deleteColumnMutation.mutate(columnToDelete, { onSuccess: onDeleted })
     }
 
     setSelectionAnchor(null)
@@ -2009,13 +2312,12 @@ export function Table({
     ]
   )
 
-  const createAction = useMemo(
-    () => ({
-      label: 'New column',
-      onClick: handleAddColumn,
-      disabled: addColumnMutation.isPending,
-    }),
-    [handleAddColumn, addColumnMutation.isPending]
+  const createTrigger = useMemo(
+    () =>
+      userPermissions.canEdit ? (
+        <HeaderAddColumnTrigger onClick={handleAddColumn} disabled={addColumnMutation.isPending} />
+      ) : null,
+    [handleAddColumn, addColumnMutation.isPending, userPermissions.canEdit]
   )
 
   const handleExportCsv = useCallback(async () => {
@@ -2095,6 +2397,67 @@ export function Table({
 
   const pendingUpdate = updateRowMutation.isPending ? updateRowMutation.variables : null
 
+  const workflowColumnNames = useMemo(
+    () => columns.filter((c) => !!c.workflowGroupId).map((c) => c.name),
+    [columns]
+  )
+  const hasWorkflowColumns = workflowColumnNames.length > 0
+
+  const { runningByRowId, totalRunning } = useMemo(() => {
+    const byRow = new Map<string, number>()
+    let total = 0
+    for (const row of rows) {
+      let count = 0
+      const executions = row.executions ?? {}
+      for (const gid in executions) {
+        if (executions[gid]?.status === 'running') count++
+      }
+      if (count > 0) {
+        byRow.set(row.id, count)
+        total += count
+      }
+    }
+    return { runningByRowId: byRow, totalRunning: total }
+  }, [rows])
+
+  const cancelRunsMutate = cancelRunsMutation.mutate
+
+  const handleStopAll = useCallback(() => {
+    if (totalRunning === 0) return
+    cancelRunsMutate({ scope: 'all' })
+  }, [totalRunning, cancelRunsMutate])
+
+  const handleStopRow = useCallback(
+    (rowId: string) => {
+      cancelRunsMutate({ scope: 'row', rowId })
+    },
+    [cancelRunsMutate]
+  )
+
+  const handleRunRow = useCallback(
+    (rowId: string) => {
+      if (tableWorkflowGroups.length === 0) return
+      const target = rowsRef.current.find((r) => r.id === rowId)
+      if (!target) return
+      // Only fire groups whose deps are already satisfied for THIS row. The
+      // cascade picks up downstream groups: when an upstream group completes,
+      // `scheduleWorkflowGroupRuns` evaluates eligibility and enqueues the
+      // newly-ready successors automatically.
+      for (const group of tableWorkflowGroups) {
+        if (!areRowDepsSatisfied(group, target)) continue
+        void runWorkflowGroup({
+          tableId,
+          rowId,
+          workspaceId,
+          groupId: group.id,
+          workflowId: group.workflowId,
+          outputColumnNames: group.outputs.map((o) => o.columnName),
+        })
+      }
+    },
+    [runWorkflowGroup, tableId, workspaceId, tableWorkflowGroups]
+  )
+
   if (!isLoadingTable && !tableData) {
     return (
       <div className='flex h-full flex-col items-center justify-center gap-3'>
@@ -2116,8 +2479,17 @@ export function Table({
           <ResourceHeader
             icon={TableIcon}
             breadcrumbs={breadcrumbs}
-            create={createAction}
+            createTrigger={createTrigger}
             actions={headerActions}
+            trailingActions={
+              totalRunning > 0 ? (
+                <RunStatusControl
+                  running={totalRunning}
+                  onStopAll={handleStopAll}
+                  isStopping={cancelRunsMutation.isPending}
+                />
+              ) : null
+            }
           />
 
           <ResourceOptionsBar
@@ -2136,184 +2508,285 @@ export function Table({
         </>
       )}
 
-      <div
-        ref={scrollRef}
-        tabIndex={-1}
-        className={cn(
-          'min-h-0 flex-1 overflow-auto overscroll-none outline-none',
-          resizingColumn && 'select-none'
-        )}
-        data-table-scroll
-        onDragOver={handleScrollDragOver}
-        onDrop={handleScrollDrop}
-      >
-        <div className='relative h-fit' style={{ width: `${tableWidth}px` }}>
-          <table
-            className='table-fixed border-separate border-spacing-0 text-small'
-            style={{ width: `${tableWidth}px` }}
+      {embedded && totalRunning > 0 && (
+        <div className='flex shrink-0 items-center justify-end border-[var(--border)] border-b px-3 py-1.5'>
+          <RunStatusControl
+            running={totalRunning}
+            onStopAll={handleStopAll}
+            isStopping={cancelRunsMutation.isPending}
+          />
+        </div>
+      )}
+
+      <div className='relative flex min-h-0 flex-1'>
+        <div
+          ref={scrollRef}
+          tabIndex={-1}
+          className={cn(
+            'min-h-0 flex-1 overflow-auto overscroll-none outline-none',
+            resizingColumn && 'select-none'
+          )}
+          data-table-scroll
+          onDragOver={handleScrollDragOver}
+          onDrop={handleScrollDrop}
+        >
+          <div
+            className='relative h-fit'
+            style={{
+              width: `${tableWidth + sidebarReservedPx}px`,
+              paddingRight: sidebarReservedPx,
+            }}
           >
-            {isLoadingTable ? (
-              <colgroup>
-                <col style={{ width: CHECKBOX_COL_WIDTH }} />
-                {Array.from({ length: SKELETON_COL_COUNT }).map((_, i) => (
-                  <col key={i} style={{ width: COL_WIDTH }} />
-                ))}
-                <col style={{ width: ADD_COL_WIDTH }} />
-              </colgroup>
-            ) : (
-              <TableColGroup columns={displayColumns} columnWidths={columnWidths} />
-            )}
-            <thead className='sticky top-0 z-10'>
+            <table
+              className='table-fixed border-separate border-spacing-0 text-small'
+              style={{ width: `${tableWidth}px` }}
+            >
               {isLoadingTable ? (
-                <tr>
-                  <th className={CELL_HEADER_CHECKBOX}>
-                    <div className='flex items-center justify-center'>
-                      <Skeleton className='h-[14px] w-[14px] rounded-xs' />
-                    </div>
-                  </th>
+                <colgroup>
+                  <col style={{ width: CHECKBOX_COL_WIDTH }} />
                   {Array.from({ length: SKELETON_COL_COUNT }).map((_, i) => (
-                    <th key={i} className={CELL_HEADER}>
-                      <div className='flex h-[20px] min-w-0 items-center gap-1.5'>
-                        <Skeleton className='h-[14px] w-[14px] shrink-0 rounded-xs' />
-                        <Skeleton className='h-[14px]' style={{ width: `${56 + i * 16}px` }} />
-                      </div>
-                    </th>
+                    <col key={i} style={{ width: COL_WIDTH }} />
                   ))}
-                  <th className={CELL_HEADER}>
-                    <div className='flex h-[20px] items-center gap-2'>
-                      <Skeleton className='h-[14px] w-[14px] shrink-0 rounded-xs' />
-                      <Skeleton className='h-[14px] w-[72px]' />
-                    </div>
-                  </th>
-                </tr>
+                  <col style={{ width: ADD_COL_WIDTH }} />
+                </colgroup>
               ) : (
-                <tr>
-                  <SelectAllCheckbox
-                    checked={isAllRowsSelected}
-                    onCheckedChange={handleSelectAllToggle}
-                  />
-                  {displayColumns.map((column, idx) => (
-                    <ColumnHeaderMenu
-                      key={column.name}
-                      column={column}
-                      colIndex={idx}
-                      readOnly={!userPermissions.canEdit}
-                      isRenaming={columnRename.editingId === column.name}
-                      isColumnSelected={
-                        isColumnSelection &&
-                        normalizedSelection !== null &&
-                        idx >= normalizedSelection.startCol &&
-                        idx <= normalizedSelection.endCol
-                      }
-                      renameValue={
-                        columnRename.editingId === column.name ? columnRename.editValue : ''
-                      }
-                      onRenameValueChange={columnRename.setEditValue}
-                      onRenameSubmit={columnRename.submitRename}
-                      onRenameCancel={columnRename.cancelRename}
-                      onRenameColumn={handleRenameColumn}
-                      onColumnSelect={handleColumnSelect}
-                      onChangeType={handleChangeType}
-                      onInsertLeft={handleInsertColumnLeft}
-                      onInsertRight={handleInsertColumnRight}
-                      onToggleUnique={handleToggleUnique}
-                      onDeleteColumn={handleDeleteColumn}
-                      onResizeStart={handleColumnResizeStart}
-                      onResize={handleColumnResize}
-                      onResizeEnd={handleColumnResizeEnd}
-                      onAutoResize={handleColumnAutoResize}
-                      onDragStart={handleColumnDragStart}
-                      onDragOver={handleColumnDragOver}
-                      onDragEnd={handleColumnDragEnd}
-                      onDragLeave={handleColumnDragLeave}
-                    />
-                  ))}
-                  {userPermissions.canEdit && (
-                    <AddColumnButton
-                      onClick={handleAddColumn}
-                      disabled={addColumnMutation.isPending}
-                    />
-                  )}
-                </tr>
+                <TableColGroup columns={displayColumns} columnWidths={columnWidths} />
               )}
-            </thead>
-            <tbody>
-              {isLoadingTable || isLoadingRows ? (
-                <TableBodySkeleton colCount={displayColCount} />
-              ) : (
-                <>
-                  {rows.map((row, index) => {
-                    const prevPosition = index > 0 ? rows[index - 1].position : -1
-                    const gapCount = queryOptions.filter ? 0 : row.position - prevPosition - 1
-                    return (
-                      <React.Fragment key={row.id}>
-                        {gapCount > 0 && (
-                          <PositionGapRows
-                            count={gapCount}
-                            startPosition={prevPosition + 1}
+              <thead className='sticky top-0 z-10'>
+                {isLoadingTable ? (
+                  <tr>
+                    <th className={CELL_HEADER_CHECKBOX}>
+                      <div className='flex items-center justify-center'>
+                        <Skeleton className='h-[14px] w-[14px] rounded-xs' />
+                      </div>
+                    </th>
+                    {Array.from({ length: SKELETON_COL_COUNT }).map((_, i) => (
+                      <th key={i} className={CELL_HEADER}>
+                        <div className='flex h-[20px] min-w-0 items-center gap-1.5'>
+                          <Skeleton className='h-[14px] w-[14px] shrink-0 rounded-xs' />
+                          <Skeleton className='h-[14px]' style={{ width: `${56 + i * 16}px` }} />
+                        </div>
+                      </th>
+                    ))}
+                    <th className={CELL_HEADER}>
+                      <div className='flex h-[20px] items-center gap-2'>
+                        <Skeleton className='h-[14px] w-[14px] shrink-0 rounded-xs' />
+                        <Skeleton className='h-[14px] w-[72px]' />
+                      </div>
+                    </th>
+                  </tr>
+                ) : (
+                  <>
+                    {hasWorkflowGroup && (
+                      <tr>
+                        <th className='border-[var(--border)] border-b bg-[var(--bg)] px-1 py-[5px]' />
+                        {headerGroups.map((g) =>
+                          g.kind === 'workflow' ? (
+                            <WorkflowGroupMetaCell
+                              key={`meta-${g.startColIndex}`}
+                              workflowId={g.workflowId}
+                              size={g.size}
+                              startColIndex={g.startColIndex}
+                              columnName={displayColumns[g.startColIndex]?.name ?? ''}
+                              column={displayColumns[g.startColIndex]}
+                              workflows={workflows}
+                              isGroupSelected={
+                                isColumnSelection &&
+                                normalizedSelection !== null &&
+                                normalizedSelection.startCol <= g.startColIndex &&
+                                normalizedSelection.endCol >= g.startColIndex + g.size - 1
+                              }
+                              groupId={g.groupId}
+                              onSelectGroup={handleGroupSelect}
+                              onOpenConfig={handleConfigureColumn}
+                              onRunGroup={userPermissions.canEdit ? handleRunGroup : undefined}
+                              onInsertLeft={
+                                userPermissions.canEdit ? handleInsertColumnLeft : undefined
+                              }
+                              onInsertRight={
+                                userPermissions.canEdit ? handleInsertColumnRight : undefined
+                              }
+                              onDeleteColumn={
+                                userPermissions.canEdit ? handleDeleteColumn : undefined
+                              }
+                              onDeleteGroup={
+                                userPermissions.canEdit ? handleDeleteWorkflowGroup : undefined
+                              }
+                            />
+                          ) : (
+                            <th
+                              key={`meta-${g.startColIndex}`}
+                              className='border-[var(--border)] border-b bg-[var(--bg)] px-2 py-[5px]'
+                            />
+                          )
+                        )}
+                        {userPermissions.canEdit && (
+                          <th className='border-[var(--border)] border-b bg-[var(--bg)] px-2 py-[5px]' />
+                        )}
+                      </tr>
+                    )}
+                    <tr>
+                      <SelectAllCheckbox
+                        checked={isAllRowsSelected}
+                        onCheckedChange={handleSelectAllToggle}
+                      />
+                      {displayColumns.map((column, idx) => (
+                        <ColumnHeaderMenu
+                          key={column.key}
+                          column={column}
+                          colIndex={idx}
+                          readOnly={!userPermissions.canEdit}
+                          isRenaming={columnRename.editingId === column.name}
+                          isColumnSelected={
+                            isColumnSelection &&
+                            normalizedSelection !== null &&
+                            idx >= normalizedSelection.startCol &&
+                            idx <= normalizedSelection.endCol
+                          }
+                          renameValue={
+                            columnRename.editingId === column.name ? columnRename.editValue : ''
+                          }
+                          onRenameValueChange={columnRename.setEditValue}
+                          onRenameSubmit={columnRename.submitRename}
+                          onRenameCancel={columnRename.cancelRename}
+                          onColumnSelect={handleColumnSelect}
+                          onChangeType={handleChangeType}
+                          onInsertLeft={handleInsertColumnLeft}
+                          onInsertRight={handleInsertColumnRight}
+                          onDeleteColumn={handleDeleteColumn}
+                          onResizeStart={handleColumnResizeStart}
+                          onResize={handleColumnResize}
+                          onResizeEnd={handleColumnResizeEnd}
+                          onAutoResize={handleColumnAutoResize}
+                          onDragStart={handleColumnDragStart}
+                          onDragOver={handleColumnDragOver}
+                          onDragEnd={handleColumnDragEnd}
+                          onDragLeave={handleColumnDragLeave}
+                          workflows={workflows}
+                          workflowGroups={tableWorkflowGroups}
+                          sourceInfo={columnSourceInfo.get(column.name)}
+                          onOpenConfig={handleConfigureColumn}
+                        />
+                      ))}
+                      {userPermissions.canEdit && (
+                        <AddColumnButton
+                          onClick={handleAddColumn}
+                          disabled={addColumnMutation.isPending}
+                        />
+                      )}
+                    </tr>
+                  </>
+                )}
+              </thead>
+              <tbody>
+                {isLoadingTable || isLoadingRows ? (
+                  <TableBodySkeleton colCount={displayColCount} />
+                ) : (
+                  <>
+                    {rows.map((row, index) => {
+                      const prevPosition = index > 0 ? rows[index - 1].position : -1
+                      const gapCount = queryOptions.filter ? 0 : row.position - prevPosition - 1
+                      return (
+                        <React.Fragment key={row.id}>
+                          {gapCount > 0 && (
+                            <PositionGapRows
+                              count={gapCount}
+                              startPosition={prevPosition + 1}
+                              columns={displayColumns}
+                              normalizedSelection={normalizedSelection}
+                              checkedRows={checkedRows}
+                              firstRowUnderHeader={prevPosition === -1}
+                              onCellMouseDown={handleCellMouseDown}
+                              onCellMouseEnter={handleCellMouseEnter}
+                              onRowToggle={handleRowToggle}
+                            />
+                          )}
+                          <DataRow
+                            row={row}
                             columns={displayColumns}
+                            rowIndex={row.position}
+                            isFirstRow={row.position === 0}
+                            editingColumnName={
+                              editingCell?.rowId === row.id ? editingCell.columnName : null
+                            }
+                            initialCharacter={
+                              editingCell?.rowId === row.id ? initialCharacter : null
+                            }
+                            pendingCellValue={
+                              pendingUpdate && pendingUpdate.rowId === row.id
+                                ? pendingUpdate.data
+                                : null
+                            }
                             normalizedSelection={normalizedSelection}
-                            checkedRows={checkedRows}
-                            firstRowUnderHeader={prevPosition === -1}
+                            onClick={handleCellClick}
+                            onDoubleClick={handleCellDoubleClick}
+                            onSave={handleInlineSave}
+                            onCancel={handleInlineCancel}
+                            onContextMenu={handleRowContextMenu}
                             onCellMouseDown={handleCellMouseDown}
                             onCellMouseEnter={handleCellMouseEnter}
+                            isRowChecked={checkedRows.has(row.position)}
                             onRowToggle={handleRowToggle}
+                            runningCount={runningByRowId.get(row.id) ?? 0}
+                            hasWorkflowColumns={hasWorkflowColumns}
+                            onStopRow={handleStopRow}
+                            onRunRow={handleRunRow}
+                            workflowNameById={workflowNameById}
                           />
-                        )}
-                        <DataRow
-                          row={row}
-                          columns={displayColumns}
-                          rowIndex={row.position}
-                          isFirstRow={row.position === 0}
-                          editingColumnName={
-                            editingCell?.rowId === row.id ? editingCell.columnName : null
-                          }
-                          initialCharacter={editingCell?.rowId === row.id ? initialCharacter : null}
-                          pendingCellValue={
-                            pendingUpdate && pendingUpdate.rowId === row.id
-                              ? pendingUpdate.data
-                              : null
-                          }
-                          normalizedSelection={normalizedSelection}
-                          onClick={handleCellClick}
-                          onDoubleClick={handleCellDoubleClick}
-                          onSave={handleInlineSave}
-                          onCancel={handleInlineCancel}
-                          onContextMenu={handleRowContextMenu}
-                          onCellMouseDown={handleCellMouseDown}
-                          onCellMouseEnter={handleCellMouseEnter}
-                          isRowChecked={checkedRows.has(row.position)}
-                          onRowToggle={handleRowToggle}
-                        />
-                      </React.Fragment>
-                    )
-                  })}
-                </>
-              )}
-            </tbody>
-          </table>
-          {resizingColumn && (
-            <div
-              className='-translate-x-[1.5px] pointer-events-none absolute top-0 z-20 h-full w-[2px] bg-[var(--selection)]'
-              style={{ left: resizeIndicatorLeft }}
-            />
-          )}
-          {dropColumnBounds !== null && (
-            <>
-              <div
-                className='pointer-events-none absolute top-0 z-[15] h-full bg-[rgba(37,99,235,0.06)]'
-                style={{ left: dropColumnBounds.left, width: dropColumnBounds.width }}
-              />
+                        </React.Fragment>
+                      )
+                    })}
+                  </>
+                )}
+              </tbody>
+            </table>
+            {resizingColumn && (
               <div
-                className='-translate-x-[1px] pointer-events-none absolute top-0 z-20 h-full w-[2px] bg-[var(--selection)]'
-                style={{ left: dropColumnBounds.lineLeft }}
+                className='-translate-x-[1.5px] pointer-events-none absolute top-0 z-20 h-full w-[2px] bg-[var(--selection)]'
+                style={{ left: resizeIndicatorLeft }}
               />
-            </>
+            )}
+            {dropColumnBounds !== null && (
+              <>
+                <div
+                  className={cn(
+                    'pointer-events-none absolute top-0 z-[15] h-full',
+                    SELECTION_TINT_BG
+                  )}
+                  style={{ left: dropColumnBounds.left, width: dropColumnBounds.width }}
+                />
+                <div
+                  className='-translate-x-[1px] pointer-events-none absolute top-0 z-20 h-full w-[2px] bg-[var(--selection)]'
+                  style={{ left: dropColumnBounds.lineLeft }}
+                />
+              </>
+            )}
+          </div>
+          {!isLoadingTable && !isLoadingRows && userPermissions.canEdit && (
+            <AddRowButton onClick={handleAppendRow} />
           )}
         </div>
-        {!isLoadingTable && !isLoadingRows && userPermissions.canEdit && (
-          <AddRowButton onClick={handleAppendRow} />
-        )}
+
+        <ColumnSidebar
+          configState={configState}
+          onClose={() => setConfigState(null)}
+          existingColumn={
+            configState?.mode === 'edit'
+              ? (columns.find((c) => c.name === configState.columnName) ?? null)
+              : null
+          }
+          allColumns={columns}
+          workflowGroups={tableWorkflowGroups}
+          workflows={workflows}
+          workspaceId={workspaceId}
+          tableId={tableId}
+        />
+
+        <ExecutionDetailsSidebar
+          workspaceId={workspaceId}
+          executionId={executionDetailsId}
+          onClose={() => setExecutionDetailsId(null)}
+        />
       </div>
 
       {editingRow && tableData && (
@@ -2350,12 +2823,25 @@ export function Table({
         onInsertAbove={handleInsertRowAbove}
         onInsertBelow={handleInsertRowBelow}
         onDuplicate={handleDuplicateRow}
+        onViewExecution={handleViewExecution}
+        canViewExecution={Boolean(contextMenuExecutionId)}
+        canEditCell={!contextMenuIsWorkflowColumn}
         selectedRowCount={selectedRowCount}
         disableEdit={!userPermissions.canEdit}
         disableInsert={!userPermissions.canEdit}
         disableDelete={!userPermissions.canEdit}
       />
 
+      <ExpandedCellPopover
+        expandedCell={expandedCell}
+        onClose={() => setExpandedCell(null)}
+        rows={rows}
+        columns={displayColumns}
+        onSave={handleInlineSave}
+        canEdit={userPermissions.canEdit}
+        scrollContainer={scrollRef.current}
+      />
+
       {!embedded && (
         <Modal open={showDeleteTableConfirm} onOpenChange={setShowDeleteTableConfirm}>
           <ModalContent size='sm'>
@@ -2457,7 +2943,7 @@ const GAP_CHECKBOX_CLASS = cn(CELL_CHECKBOX, 'group/checkbox cursor-pointer text
 interface PositionGapRowsProps {
   count: number
   startPosition: number
-  columns: ColumnDefinition[]
+  columns: DisplayColumn[]
   normalizedSelection: NormalizedSelection | null
   checkedRows: Set<number>
   firstRowUnderHeader?: boolean
@@ -2534,7 +3020,7 @@ const PositionGapRows = React.memo(
 
                 return (
                   <td
-                    key={col.name}
+                    key={col.key}
                     data-row={position}
                     data-col={colIndex}
                     className={cn(CELL, (isHighlighted || isAnchor) && 'relative')}
@@ -2547,7 +3033,8 @@ const PositionGapRows = React.memo(
                     {isHighlighted && (isMultiCell || isGapChecked) && (
                       <div
                         className={cn(
-                          '-top-px -right-px -bottom-px -left-px pointer-events-none absolute z-[4] bg-[rgba(37,99,235,0.06)]',
+                          '-top-px -right-px -bottom-px -left-px pointer-events-none absolute z-[4]',
+                          SELECTION_TINT_BG,
                           belowHeader && isTopEdge && 'top-0',
                           isTopEdge && 'border-t border-t-[var(--selection)]',
                           isBottomEdge && 'border-b border-b-[var(--selection)]',
@@ -2601,14 +3088,14 @@ const TableColGroup = React.memo(function TableColGroup({
   columns,
   columnWidths,
 }: {
-  columns: ColumnDefinition[]
+  columns: DisplayColumn[]
   columnWidths: Record<string, number>
 }) {
   return (
     <colgroup>
       <col style={{ width: CHECKBOX_COL_WIDTH }} />
       {columns.map((col) => (
-        <col key={col.name} style={{ width: columnWidths[col.name] ?? COL_WIDTH }} />
+        <col key={col.key} style={{ width: columnWidths[col.key] ?? COL_WIDTH }} />
       ))}
       <col style={{ width: ADD_COL_WIDTH }} />
     </colgroup>
@@ -2617,7 +3104,7 @@ const TableColGroup = React.memo(function TableColGroup({
 
 interface DataRowProps {
   row: TableRowType
-  columns: ColumnDefinition[]
+  columns: DisplayColumn[]
   rowIndex: number
   isFirstRow: boolean
   editingColumnName: string | null
@@ -2625,7 +3112,7 @@ interface DataRowProps {
   pendingCellValue: Record<string, unknown> | null
   normalizedSelection: NormalizedSelection | null
   onClick: (rowId: string, columnName: string) => void
-  onDoubleClick: (rowId: string, columnName: string) => void
+  onDoubleClick: (rowId: string, columnName: string, columnKey: string) => void
   onSave: (rowId: string, columnName: string, value: unknown, reason: SaveReason) => void
   onCancel: () => void
   onContextMenu: (e: React.MouseEvent, row: TableRowType) => void
@@ -2633,6 +3120,14 @@ interface DataRowProps {
   onCellMouseEnter: (rowIndex: number, colIndex: number) => void
   isRowChecked: boolean
   onRowToggle: (rowIndex: number, shiftKey: boolean) => void
+  /** Number of workflow cells in this row currently in a running/queued state. */
+  runningCount: number
+  /** Whether the table has at least one workflow column — controls whether a run/stop icon is rendered. */
+  hasWorkflowColumns: boolean
+  onStopRow: (rowId: string) => void
+  onRunRow: (rowId: string) => void
+  /** Lookup from workflow id → human-readable name, used to label running cells. */
+  workflowNameById: Record<string, string>
 }
 
 function rowSelectionChanged(
@@ -2682,7 +3177,12 @@ function dataRowPropsAreEqual(prev: DataRowProps, next: DataRowProps): boolean {
     prev.onCellMouseDown !== next.onCellMouseDown ||
     prev.onCellMouseEnter !== next.onCellMouseEnter ||
     prev.isRowChecked !== next.isRowChecked ||
-    prev.onRowToggle !== next.onRowToggle
+    prev.onRowToggle !== next.onRowToggle ||
+    prev.runningCount !== next.runningCount ||
+    prev.hasWorkflowColumns !== next.hasWorkflowColumns ||
+    prev.onStopRow !== next.onStopRow ||
+    prev.onRunRow !== next.onRunRow ||
+    prev.workflowNameById !== next.workflowNameById
   ) {
     return false
   }
@@ -2719,6 +3219,11 @@ const DataRow = React.memo(function DataRow({
   onCellMouseDown,
   onCellMouseEnter,
   onRowToggle,
+  runningCount,
+  hasWorkflowColumns,
+  onStopRow,
+  onRunRow,
+  workflowNameById,
 }: DataRowProps) {
   const sel = normalizedSelection
   const isMultiCell = sel !== null && (sel.startRow !== sel.endRow || sel.startCol !== sel.endCol)
@@ -2732,28 +3237,53 @@ const DataRow = React.memo(function DataRow({
 
   return (
     <tr onContextMenu={(e) => onContextMenu(e, row)}>
-      <td
-        className={cn(CELL_CHECKBOX, 'group/checkbox cursor-pointer text-center')}
-        onMouseDown={(e) => {
-          if (e.button !== 0) return
-          onRowToggle(rowIndex, e.shiftKey)
-        }}
-      >
-        <span
-          className={cn(
-            'text-[var(--text-tertiary)] text-xs tabular-nums',
-            isRowSelected ? 'hidden' : 'block group-hover/checkbox:hidden'
-          )}
-        >
-          {row.position + 1}
-        </span>
-        <div
-          className={cn(
-            'items-center justify-center',
-            isRowSelected ? 'flex' : 'hidden group-hover/checkbox:flex'
+      <td className={cn(CELL_CHECKBOX, 'cursor-pointer')}>
+        <div className='flex items-center justify-between gap-1'>
+          <div
+            className='group/checkbox flex h-[20px] w-[24px] shrink-0 items-center justify-center'
+            onMouseDown={(e) => {
+              if (e.button !== 0) return
+              onRowToggle(rowIndex, e.shiftKey)
+            }}
+          >
+            <span
+              className={cn(
+                'text-[var(--text-tertiary)] text-xs tabular-nums',
+                isRowSelected ? 'hidden' : 'block group-hover/checkbox:hidden'
+              )}
+            >
+              {row.position + 1}
+            </span>
+            <div
+              className={cn(
+                'items-center justify-center',
+                isRowSelected ? 'flex' : 'hidden group-hover/checkbox:flex'
+              )}
+            >
+              <Checkbox size='sm' checked={isRowSelected} className='pointer-events-none' />
+            </div>
+          </div>
+          {hasWorkflowColumns && (
+            <button
+              type='button'
+              aria-label={runningCount > 0 ? `Stop ${runningCount} running` : 'Run row'}
+              title={runningCount > 0 ? `Stop ${runningCount} running` : 'Run row'}
+              className='flex h-[20px] w-[20px] shrink-0 items-center justify-center rounded text-[var(--text-primary)] transition-colors hover-hover:bg-[var(--surface-2)]'
+              onClick={() => {
+                if (runningCount > 0) {
+                  onStopRow(row.id)
+                } else {
+                  onRunRow(row.id)
+                }
+              }}
+            >
+              {runningCount > 0 ? (
+                <Square className='h-[12px] w-[12px]' />
+              ) : (
+                <PlayOutline className='h-[12px] w-[12px]' />
+              )}
+            </button>
           )}
-        >
-          <Checkbox size='sm' checked={isRowSelected} className='pointer-events-none' />
         </div>
       </td>
       {columns.map((column, colIndex) => {
@@ -2774,7 +3304,7 @@ const DataRow = React.memo(function DataRow({
 
         return (
           <td
-            key={column.name}
+            key={column.key}
             data-row={rowIndex}
             data-col={colIndex}
             className={cn(CELL, (isHighlighted || isAnchor || isEditing) && 'relative')}
@@ -2784,12 +3314,13 @@ const DataRow = React.memo(function DataRow({
             }}
             onMouseEnter={() => onCellMouseEnter(rowIndex, colIndex)}
             onClick={() => onClick(row.id, column.name)}
-            onDoubleClick={() => onDoubleClick(row.id, column.name)}
+            onDoubleClick={() => onDoubleClick(row.id, column.name, column.key)}
           >
             {isHighlighted && (isMultiCell || isRowChecked) && (
               <div
                 className={cn(
-                  '-top-px -right-px -bottom-px -left-px pointer-events-none absolute z-[4] bg-[rgba(37,99,235,0.06)]',
+                  '-top-px -right-px -bottom-px -left-px pointer-events-none absolute z-[4]',
+                  SELECTION_TINT_BG,
                   isFirstRow && isTopEdge && 'top-0',
                   isTopEdge && 'border-t border-t-[var(--selection)]',
                   isBottomEdge && 'border-b border-b-[var(--selection)]',
@@ -2806,11 +3337,13 @@ const DataRow = React.memo(function DataRow({
                     ? pendingCellValue[column.name]
                     : row.data[column.name]
                 }
+                exec={readExecution(row, column.workflowGroupId)}
                 column={column}
                 isEditing={isEditing}
                 initialCharacter={isEditing ? initialCharacter : undefined}
                 onSave={(value, reason) => onSave(row.id, column.name, value, reason)}
                 onCancel={onCancel}
+                workflowNameById={workflowNameById}
               />
             </div>
           </td>
@@ -2820,291 +3353,6 @@ const DataRow = React.memo(function DataRow({
   )
 }, dataRowPropsAreEqual)
 
-function CellContent({
-  value,
-  column,
-  isEditing,
-  initialCharacter,
-  onSave,
-  onCancel,
-}: {
-  value: unknown
-  column: ColumnDefinition
-  isEditing: boolean
-  initialCharacter?: string | null
-  onSave: (value: unknown, reason: SaveReason) => void
-  onCancel: () => void
-}) {
-  const isNull = value === null || value === undefined
-
-  let displayContent: React.ReactNode = null
-  if (column.type === 'boolean') {
-    displayContent = (
-      <div
-        className={cn('flex min-h-[20px] items-center justify-center', isEditing && 'invisible')}
-      >
-        <Checkbox size='sm' checked={Boolean(value)} className='pointer-events-none' />
-      </div>
-    )
-  } else if (!isNull && column.type === 'json') {
-    displayContent = (
-      <span
-        className={cn(
-          'block overflow-clip text-ellipsis text-[var(--text-primary)]',
-          isEditing && 'invisible'
-        )}
-      >
-        {JSON.stringify(value)}
-      </span>
-    )
-  } else if (!isNull && column.type === 'date') {
-    displayContent = (
-      <span className={cn('text-[var(--text-primary)]', isEditing && 'invisible')}>
-        {storageToDisplay(String(value))}
-      </span>
-    )
-  } else if (!isNull) {
-    displayContent = (
-      <span
-        className={cn(
-          'block overflow-clip text-ellipsis text-[var(--text-primary)]',
-          isEditing && 'invisible'
-        )}
-      >
-        {String(value)}
-      </span>
-    )
-  }
-
-  return (
-    <>
-      {isEditing && (
-        <div className='absolute inset-0 z-10 flex items-start px-0'>
-          <InlineEditor
-            value={value}
-            column={column}
-            initialCharacter={initialCharacter ?? undefined}
-            onSave={onSave}
-            onCancel={onCancel}
-          />
-        </div>
-      )}
-      {displayContent}
-    </>
-  )
-}
-
-function InlineDateEditor({
-  value,
-  column,
-  initialCharacter,
-  onSave,
-  onCancel,
-}: {
-  value: unknown
-  column: ColumnDefinition
-  initialCharacter?: string
-  onSave: (value: unknown, reason: SaveReason) => void
-  onCancel: () => void
-}) {
-  const inputRef = useRef<HTMLInputElement>(null)
-  const doneRef = useRef(false)
-  const blurTimeoutRef = useRef<ReturnType<typeof setTimeout> | undefined>(undefined)
-
-  const storedValue = formatValueForInput(value, column.type)
-  const [draft, setDraft] = useState(() =>
-    initialCharacter !== undefined ? initialCharacter : storageToDisplay(storedValue)
-  )
-
-  const pickerValue = displayToStorage(draft) || storedValue || undefined
-
-  useEffect(() => {
-    const input = inputRef.current
-    if (!input) return
-    input.focus()
-    if (initialCharacter !== undefined) {
-      const len = input.value.length
-      input.setSelectionRange(len, len)
-    } else {
-      input.select()
-    }
-  }, [])
-
-  useEffect(() => () => clearTimeout(blurTimeoutRef.current), [])
-
-  const doSave = useCallback(
-    (reason: SaveReason, storageVal?: string) => {
-      if (doneRef.current) return
-      doneRef.current = true
-      clearTimeout(blurTimeoutRef.current)
-      const raw = storageVal ?? displayToStorage(draft) ?? draft
-      const val = raw && !Number.isNaN(Date.parse(raw)) ? raw : null
-      onSave(val, reason)
-    },
-    [draft, onSave]
-  )
-
-  const handleKeyDown = useCallback(
-    (e: React.KeyboardEvent) => {
-      if (e.key === 'Enter') {
-        e.preventDefault()
-        doSave('enter')
-      } else if (e.key === 'Tab') {
-        e.preventDefault()
-        doSave(e.shiftKey ? 'shift-tab' : 'tab')
-      } else if (e.key === 'Escape') {
-        e.preventDefault()
-        doneRef.current = true
-        clearTimeout(blurTimeoutRef.current)
-        onCancel()
-      }
-    },
-    [doSave, onCancel]
-  )
-
-  const handleBlur = useCallback(() => {
-    blurTimeoutRef.current = setTimeout(() => doSave('blur'), 200)
-  }, [doSave])
-
-  const handlePickerChange = useCallback(
-    (dateStr: string) => {
-      clearTimeout(blurTimeoutRef.current)
-      doSave('enter', dateStr)
-    },
-    [doSave]
-  )
-
-  const handlePickerOpenChange = useCallback((open: boolean) => {
-    if (!open && !doneRef.current) {
-      clearTimeout(blurTimeoutRef.current)
-      inputRef.current?.focus()
-    }
-  }, [])
-
-  return (
-    <>
-      <input
-        ref={inputRef}
-        type='text'
-        value={draft}
-        onChange={(e) => setDraft(e.target.value)}
-        onKeyDown={handleKeyDown}
-        onBlur={handleBlur}
-        placeholder='mm/dd/yyyy'
-        className={cn(
-          'w-full min-w-0 select-text border-none bg-transparent p-0 text-[var(--text-primary)] text-small outline-none'
-        )}
-      />
-      <div className='absolute top-full left-0 h-0 w-0'>
-        <DatePicker
-          mode='single'
-          value={pickerValue}
-          onChange={handlePickerChange}
-          open={true}
-          onOpenChange={handlePickerOpenChange}
-          showTrigger={false}
-          size='sm'
-        />
-      </div>
-    </>
-  )
-}
-
-function InlineTextEditor({
-  value,
-  column,
-  initialCharacter,
-  onSave,
-  onCancel,
-}: {
-  value: unknown
-  column: ColumnDefinition
-  initialCharacter?: string
-  onSave: (value: unknown, reason: SaveReason) => void
-  onCancel: () => void
-}) {
-  const inputRef = useRef<HTMLInputElement>(null)
-  const [draft, setDraft] = useState(() =>
-    initialCharacter !== undefined ? initialCharacter : formatValueForInput(value, column.type)
-  )
-  const doneRef = useRef(false)
-
-  useEffect(() => {
-    const input = inputRef.current
-    if (!input) return
-
-    input.focus()
-    if (initialCharacter !== undefined) {
-      const len = input.value.length
-      input.setSelectionRange(len, len)
-    } else {
-      input.select()
-    }
-
-    const forwardWheel = (e: WheelEvent) => {
-      e.preventDefault()
-      const container = input.closest('[data-table-scroll]') as HTMLElement | null
-      if (container) {
-        container.scrollBy(e.deltaX, e.deltaY)
-      }
-    }
-
-    input.addEventListener('wheel', forwardWheel, { passive: false })
-    return () => input.removeEventListener('wheel', forwardWheel)
-  }, [])
-
-  const doSave = (reason: SaveReason) => {
-    if (doneRef.current) return
-    doneRef.current = true
-    try {
-      onSave(cleanCellValue(draft, column), reason)
-    } catch {
-      onCancel()
-    }
-  }
-
-  const handleKeyDown = (e: React.KeyboardEvent) => {
-    if (e.key === 'Enter') {
-      e.preventDefault()
-      doSave('enter')
-    } else if (e.key === 'Tab') {
-      e.preventDefault()
-      doSave(e.shiftKey ? 'shift-tab' : 'tab')
-    } else if (e.key === 'Escape') {
-      e.preventDefault()
-      doneRef.current = true
-      onCancel()
-    }
-  }
-
-  return (
-    <input
-      ref={inputRef}
-      type='text'
-      value={draft}
-      onChange={(e) => setDraft(e.target.value)}
-      onKeyDown={handleKeyDown}
-      onBlur={() => doSave('blur')}
-      className={cn(
-        'w-full min-w-0 select-text border-none bg-transparent p-0 text-[var(--text-primary)] text-small outline-none'
-      )}
-    />
-  )
-}
-
-function InlineEditor(props: {
-  value: unknown
-  column: ColumnDefinition
-  initialCharacter?: string
-  onSave: (value: unknown, reason: SaveReason) => void
-  onCancel: () => void
-}) {
-  if (props.column.type === 'date') {
-    return <InlineDateEditor {...props} />
-  }
-  return <InlineTextEditor {...props} />
-}
-
 const TableBodySkeleton = React.memo(function TableBodySkeleton({
   colCount,
 }: {
@@ -3137,328 +3385,38 @@ const TableBodySkeleton = React.memo(function TableBodySkeleton({
   )
 })
 
-const COLUMN_TYPE_OPTIONS: {
-  type: ColumnDefinition['type']
-  label: string
-  icon: React.ElementType
-}[] = [
-  { type: 'string', label: 'Text', icon: TypeText },
-  { type: 'number', label: 'Number', icon: TypeNumber },
-  { type: 'boolean', label: 'Boolean', icon: TypeBoolean },
-  { type: 'date', label: 'Date', icon: CalendarIcon },
-  { type: 'json', label: 'JSON', icon: TypeJson },
-]
-
-const ColumnHeaderMenu = React.memo(function ColumnHeaderMenu({
-  column,
-  colIndex,
-  readOnly,
-  isRenaming,
-  isColumnSelected,
-  renameValue,
-  onRenameValueChange,
-  onRenameSubmit,
-  onRenameCancel,
-  onRenameColumn,
-  onColumnSelect,
-  onChangeType,
-  onInsertLeft,
-  onInsertRight,
-  onToggleUnique,
-  onDeleteColumn,
-  onResizeStart,
-  onResize,
-  onResizeEnd,
-  onAutoResize,
-  onDragStart,
-  onDragOver,
-  onDragEnd,
-  onDragLeave,
-}: {
-  column: ColumnDefinition
-  colIndex: number
-  readOnly?: boolean
-  isRenaming: boolean
-  isColumnSelected: boolean
-  renameValue: string
-  onRenameValueChange: (value: string) => void
-  onRenameSubmit: () => void
-  onRenameCancel: () => void
-  onRenameColumn: (columnName: string) => void
-  onColumnSelect: (colIndex: number, shiftKey: boolean) => void
-  onChangeType: (columnName: string, newType: ColumnDefinition['type']) => void
-  onInsertLeft: (columnName: string) => void
-  onInsertRight: (columnName: string) => void
-  onToggleUnique: (columnName: string) => void
-  onDeleteColumn: (columnName: string) => void
-  onResizeStart: (columnName: string) => void
-  onResize: (columnName: string, width: number) => void
-  onResizeEnd: () => void
-  onAutoResize: (columnName: string) => void
-  onDragStart?: (columnName: string) => void
-  onDragOver?: (columnName: string, side: 'left' | 'right') => void
-  onDragEnd?: () => void
-  onDragLeave?: () => void
-}) {
-  const renameInputRef = useRef<HTMLInputElement>(null)
-  const didDragRef = useRef(false)
-  const [menuOpen, setMenuOpen] = useState(false)
-  const [menuPosition, setMenuPosition] = useState({ x: 0, y: 0 })
-
-  useEffect(() => {
-    if (isRenaming && renameInputRef.current) {
-      renameInputRef.current.focus()
-      renameInputRef.current.select()
-    }
-  }, [isRenaming])
-
-  const handleResizePointerDown = useCallback(
-    (e: React.PointerEvent) => {
-      e.preventDefault()
-      e.stopPropagation()
-      const startX = e.clientX
-      const th = (e.currentTarget as HTMLElement).closest('th')
-      const startWidth = th ? th.getBoundingClientRect().width : COL_WIDTH
-
-      const target = e.currentTarget as HTMLElement
-      target.setPointerCapture(e.pointerId)
-
-      onResizeStart(column.name)
-
-      const handlePointerMove = (ev: PointerEvent) => {
-        onResize(column.name, startWidth + (ev.clientX - startX))
-      }
-
-      const cleanup = () => {
-        target.removeEventListener('pointermove', handlePointerMove)
-        target.removeEventListener('pointerup', cleanup)
-        target.removeEventListener('pointercancel', cleanup)
-        onResizeEnd()
-      }
-
-      target.addEventListener('pointermove', handlePointerMove)
-      target.addEventListener('pointerup', cleanup)
-      target.addEventListener('pointercancel', cleanup)
-    },
-    [column.name, onResizeStart, onResize, onResizeEnd]
-  )
-
-  const handleDragStart = useCallback(
-    (e: React.DragEvent) => {
-      if (readOnly || isRenaming) {
-        e.preventDefault()
-        return
-      }
-      didDragRef.current = true
-      e.dataTransfer.effectAllowed = 'move'
-      e.dataTransfer.setData('text/plain', column.name)
-
-      const ghost = document.createElement('div')
-      ghost.textContent = column.name
-      ghost.style.cssText =
-        'position:absolute;top:-9999px;padding:4px 8px;background:var(--bg);border:1px solid var(--border);border-radius:4px;font-size:13px;font-weight:500;white-space:nowrap;color:var(--text-primary)'
-      document.body.appendChild(ghost)
-      e.dataTransfer.setDragImage(ghost, ghost.offsetWidth / 2, ghost.offsetHeight / 2)
-      requestAnimationFrame(() => ghost.parentNode?.removeChild(ghost))
-
-      onDragStart?.(column.name)
-    },
-    [column.name, readOnly, isRenaming, onDragStart]
-  )
-
-  const handleDragOver = useCallback(
-    (e: React.DragEvent) => {
-      e.preventDefault()
-      e.dataTransfer.dropEffect = 'move'
-      const rect = (e.currentTarget as HTMLElement).getBoundingClientRect()
-      const midX = rect.left + rect.width / 2
-      const side = e.clientX < midX ? 'left' : 'right'
-      onDragOver?.(column.name, side)
-    },
-    [column.name, onDragOver]
-  )
-
-  const handleDrop = useCallback((e: React.DragEvent) => {
-    e.preventDefault()
-  }, [])
-
-  const handleDragEnd = useCallback(() => {
-    didDragRef.current = false
-    onDragEnd?.()
-  }, [onDragEnd])
-
-  const handleDragLeave = useCallback(
-    (e: React.DragEvent) => {
-      const th = e.currentTarget as HTMLElement
-      const related = e.relatedTarget as Node | null
-      if (related && th.contains(related)) return
-      onDragLeave?.()
-    },
-    [onDragLeave]
-  )
-
-  function handleHeaderClick(e: React.MouseEvent) {
-    if (didDragRef.current) {
-      didDragRef.current = false
-      return
-    }
-    if (isRenaming) return
-    onColumnSelect(colIndex, e.shiftKey)
-  }
-
-  function handleChevronClick(e: React.MouseEvent) {
-    e.stopPropagation()
-    const rect = (e.currentTarget as HTMLElement).closest('th')?.getBoundingClientRect()
-    if (rect) {
-      setMenuPosition({ x: rect.left, y: rect.bottom })
-    }
-    setMenuOpen(true)
-  }
-
-  function handleContextMenu(e: React.MouseEvent) {
-    if (readOnly || isRenaming) return
-    e.preventDefault()
-    setMenuPosition({ x: e.clientX, y: e.clientY })
-    setMenuOpen(true)
-  }
+interface RunStatusControlProps {
+  running: number
+  onStopAll: () => void
+  isStopping: boolean
+}
 
+/**
+ * Run-status + Stop-all control rendered in the header's trailing actions row.
+ * Matches the in-cell running indicator (`Loader` + tertiary text) for consistency.
+ */
+const RunStatusControl = React.memo(function RunStatusControl({
+  running,
+  onStopAll,
+  isStopping,
+}: RunStatusControlProps) {
   return (
-    <th
-      className={cn(
-        'group relative border-[var(--border)] border-r border-b bg-[var(--bg)] p-0 text-left align-middle',
-        isColumnSelected && 'bg-[rgba(37,99,235,0.06)]'
-      )}
-      draggable={!readOnly && !isRenaming}
-      onDragStart={handleDragStart}
-      onDragEnd={handleDragEnd}
-      onDragOver={handleDragOver}
-      onDrop={handleDrop}
-      onDragLeave={handleDragLeave}
-      onContextMenu={handleContextMenu}
-    >
-      {isRenaming ? (
-        <div className='flex h-full w-full min-w-0 items-center px-2 py-[7px]'>
-          <ColumnTypeIcon type={column.type} />
-          <input
-            ref={renameInputRef}
-            type='text'
-            value={renameValue}
-            onChange={(e) => onRenameValueChange(e.target.value)}
-            onKeyDown={(e) => {
-              if (e.key === 'Enter') onRenameSubmit()
-              if (e.key === 'Escape') onRenameCancel()
-            }}
-            onBlur={onRenameSubmit}
-            className='ml-1.5 min-w-0 flex-1 border-0 bg-transparent p-0 font-medium text-[var(--text-primary)] text-small outline-none focus:outline-none focus:ring-0'
-          />
-        </div>
-      ) : readOnly ? (
-        <div className='flex h-full w-full min-w-0 items-center px-2 py-[7px]'>
-          <ColumnTypeIcon type={column.type} />
-          <span className='ml-1.5 min-w-0 overflow-clip text-ellipsis whitespace-nowrap font-medium text-[13px] text-[var(--text-primary)]'>
-            {column.name}
-          </span>
-        </div>
-      ) : (
-        <div className='flex h-full w-full min-w-0 items-center'>
-          <button
-            type='button'
-            className='flex min-w-0 flex-1 cursor-pointer items-center px-2 py-[7px] outline-none'
-            onClick={handleHeaderClick}
-            draggable={false}
-          >
-            <ColumnTypeIcon type={column.type} />
-            <span className='ml-1.5 min-w-0 overflow-clip text-ellipsis whitespace-nowrap font-medium text-[var(--text-primary)] text-small'>
-              {column.name}
-            </span>
-          </button>
-          <button
-            type='button'
-            className='flex h-full shrink-0 cursor-pointer items-center pr-2.5 pl-0.5 text-[var(--text-muted)] opacity-0 transition-opacity hover:text-[var(--text-primary)] group-hover:opacity-100'
-            onClick={handleChevronClick}
-            draggable={false}
-            aria-label='Column options'
-          >
-            <ChevronDown className='h-[7px] w-[9px]' />
-          </button>
-          <DropdownMenu open={menuOpen} onOpenChange={setMenuOpen}>
-            <DropdownMenuTrigger asChild>
-              <div
-                style={{
-                  position: 'fixed',
-                  left: `${menuPosition.x}px`,
-                  top: `${menuPosition.y}px`,
-                  width: '1px',
-                  height: '1px',
-                  pointerEvents: 'none',
-                }}
-                tabIndex={-1}
-                aria-hidden='true'
-              />
-            </DropdownMenuTrigger>
-            <DropdownMenuContent
-              align='start'
-              side='bottom'
-              sideOffset={4}
-              onCloseAutoFocus={(e) => e.preventDefault()}
-            >
-              <DropdownMenuItem onSelect={() => onRenameColumn(column.name)}>
-                <Pencil />
-                Rename column
-              </DropdownMenuItem>
-              <DropdownMenuSub>
-                <DropdownMenuSubTrigger>
-                  {React.createElement(COLUMN_TYPE_ICONS[column.type] ?? TypeText)}
-                  Change type
-                </DropdownMenuSubTrigger>
-                <DropdownMenuSubContent>
-                  {COLUMN_TYPE_OPTIONS.map((option) => (
-                    <DropdownMenuItem
-                      key={option.type}
-                      disabled={column.type === option.type}
-                      onSelect={() => onChangeType(column.name, option.type)}
-                    >
-                      <option.icon />
-                      {option.label}
-                    </DropdownMenuItem>
-                  ))}
-                </DropdownMenuSubContent>
-              </DropdownMenuSub>
-              <DropdownMenuSeparator />
-              <DropdownMenuItem onSelect={() => onInsertLeft(column.name)}>
-                <ArrowLeft />
-                Insert column left
-              </DropdownMenuItem>
-              <DropdownMenuItem onSelect={() => onInsertRight(column.name)}>
-                <ArrowRight />
-                Insert column right
-              </DropdownMenuItem>
-              <DropdownMenuSeparator />
-              <DropdownMenuItem onSelect={() => onToggleUnique(column.name)}>
-                <Fingerprint />
-                {column.unique ? 'Remove unique' : 'Set unique'}
-              </DropdownMenuItem>
-              <DropdownMenuSeparator />
-              <DropdownMenuItem onSelect={() => onDeleteColumn(column.name)}>
-                <Trash />
-                Delete column
-              </DropdownMenuItem>
-            </DropdownMenuContent>
-          </DropdownMenu>
-        </div>
-      )}
-      <div
-        className='-right-[3px] absolute top-0 z-[1] h-full w-[6px] cursor-col-resize'
-        draggable={false}
-        onDragStart={(e) => e.stopPropagation()}
-        onPointerDown={handleResizePointerDown}
-        onDoubleClick={(e) => {
-          e.preventDefault()
-          e.stopPropagation()
-          onAutoResize(column.name)
-        }}
-      />
-    </th>
+    <div className='flex items-center gap-1.5'>
+      <div className='flex items-center gap-1.5 px-1 text-[var(--text-tertiary)] text-caption'>
+        <Loader animate className='h-3.5 w-3.5 shrink-0' />
+        <span className='tabular-nums'>{running}</span>
+        <span>running</span>
+      </div>
+      <Button
+        variant='subtle'
+        className='px-2 py-1 text-caption'
+        onClick={onStopAll}
+        disabled={isStopping}
+      >
+        <Square className='mr-1.5 h-[14px] w-[14px] fill-current' />
+        Stop all
+      </Button>
+    </div>
   )
 })
 
@@ -3489,9 +3447,9 @@ const AddColumnButton = React.memo(function AddColumnButton({
     <th className={CELL_HEADER}>
       <button
         type='button'
-        className='flex h-[20px] cursor-pointer items-center gap-2'
-        onClick={onClick}
+        className='flex h-[20px] cursor-pointer items-center gap-2 outline-none'
         disabled={disabled}
+        onClick={onClick}
       >
         <Plus className='h-[14px] w-[14px] shrink-0 text-[var(--text-icon)]' />
         <span className='font-medium text-[var(--text-body)] text-small'>New column</span>
@@ -3500,6 +3458,22 @@ const AddColumnButton = React.memo(function AddColumnButton({
   )
 })
 
+const HEADER_ADD_COLUMN_ICON = <Plus className='mr-1.5 h-[14px] w-[14px] text-[var(--text-icon)]' />
+
+function HeaderAddColumnTrigger({ onClick, disabled }: { onClick: () => void; disabled: boolean }) {
+  return (
+    <Button
+      variant='subtle'
+      className='px-2 py-1 text-caption'
+      disabled={disabled}
+      onClick={onClick}
+    >
+      {HEADER_ADD_COLUMN_ICON}
+      New column
+    </Button>
+  )
+}
+
 const AddRowButton = React.memo(function AddRowButton({ onClick }: { onClick: () => void }) {
   return (
     <div className='px-2 py-[7px]'>
@@ -3515,7 +3489,20 @@ const AddRowButton = React.memo(function AddRowButton({ onClick }: { onClick: ()
   )
 })
 
-function ColumnTypeIcon({ type }: { type: string }) {
-  const Icon = COLUMN_TYPE_ICONS[type] ?? TypeText
-  return <Icon className='h-3 w-3 shrink-0 text-[var(--text-icon)]' />
+/**
+ * Reuses the logs page's `LogDetails` slideout inside the tables view so a user
+ * can inspect a workflow run for a cell without leaving the table. The query is
+ * keyed on `executionId` because that's what's stored on the cell.
+ */
+function ExecutionDetailsSidebar({
+  workspaceId,
+  executionId,
+  onClose,
+}: {
+  workspaceId: string
+  executionId: string | null
+  onClose: () => void
+}) {
+  const { data: log } = useLogByExecutionId(workspaceId, executionId)
+  return <LogDetails log={log ?? null} isOpen={Boolean(executionId)} onClose={onClose} />
 }
diff --git a/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/types.ts b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/types.ts
new file mode 100644
index 00000000000..431cfc48789
--- /dev/null
+++ b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/types.ts
@@ -0,0 +1,34 @@
+import type React from 'react'
+import type { ColumnDefinition } from '@/lib/table'
+
+export interface BlockIconInfo {
+  icon: React.ComponentType<{ className?: string }>
+  color: string
+}
+
+export interface ColumnSourceInfo {
+  blockIconInfo?: BlockIconInfo
+  blockName?: string
+}
+
+/**
+ * One visual column in the rendered grid. With the flat schema there's exactly
+ * one DisplayColumn per ColumnDefinition — no fan-out. Workflow grouping is
+ * derived from `column.workflowGroupId` and rendered as a meta-header banner.
+ */
+export interface DisplayColumn extends ColumnDefinition {
+  /** Stable per-visual-column identifier (= column.name). */
+  key: string
+  /** Block id producing this column's value (workflow-output columns only). */
+  outputBlockId?: string
+  /** Pluck path the workflow ran for this column. */
+  outputPath?: string
+  /** Number of consecutive sibling columns sharing this group (1 for plain). */
+  groupSize: number
+  /** colIndex of the first sibling within `displayColumns`. */
+  groupStartColIndex: number
+  /** Header label shown above this visual column. */
+  headerLabel: string
+  /** True when this is the leftmost sibling of its group (or non-grouped). */
+  isGroupStart: boolean
+}
diff --git a/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/utils.ts b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/utils.ts
new file mode 100644
index 00000000000..9223391c7bb
--- /dev/null
+++ b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/components/table/utils.ts
@@ -0,0 +1,192 @@
+import type {
+  ColumnDefinition,
+  RowExecutionMetadata,
+  RowExecutions,
+  TableRow as TableRowType,
+  WorkflowGroup,
+} from '@/lib/table'
+import type { DeletedRowSnapshot } from '@/stores/table/types'
+import type { DisplayColumn } from './types'
+
+export interface CellCoord {
+  rowIndex: number
+  colIndex: number
+}
+
+export interface NormalizedSelection {
+  startRow: number
+  endRow: number
+  startCol: number
+  endCol: number
+  anchorRow: number
+  anchorCol: number
+}
+
+/** A run of consecutive `displayColumns` rendered together in the meta header row. */
+export type HeaderGroup =
+  | { kind: 'plain'; size: 1; startColIndex: number }
+  | {
+      kind: 'workflow'
+      size: number
+      startColIndex: number
+      groupId: string
+      workflowId: string
+    }
+
+/**
+ * Flat schema → one DisplayColumn per ColumnDefinition. Pre-pass computes
+ * `groupSize` and `groupStartColIndex` for every consecutive run of columns
+ * sharing a `workflowGroupId`. Validation guarantees cohesion; the renderer
+ * just walks sequentially.
+ */
+export function expandToDisplayColumns(
+  columns: ColumnDefinition[],
+  workflowGroups: WorkflowGroup[]
+): DisplayColumn[] {
+  const out: DisplayColumn[] = []
+  const groupById = new Map(workflowGroups.map((g) => [g.id, g]))
+
+  for (let i = 0; i < columns.length; ) {
+    const column = columns[i]
+    const gid = column.workflowGroupId
+    if (gid) {
+      let size = 1
+      while (i + size < columns.length && columns[i + size].workflowGroupId === gid) {
+        size++
+      }
+      const group = groupById.get(gid)
+      const startIdx = out.length
+      for (let k = 0; k < size; k++) {
+        const child = columns[i + k]
+        const output = group?.outputs.find((o) => o.columnName === child.name)
+        out.push({
+          ...child,
+          key: child.name,
+          outputBlockId: output?.blockId,
+          outputPath: output?.path,
+          groupSize: size,
+          groupStartColIndex: startIdx,
+          headerLabel: child.name,
+          isGroupStart: k === 0,
+        })
+      }
+      i += size
+    } else {
+      out.push({
+        ...column,
+        key: column.name,
+        groupSize: 1,
+        groupStartColIndex: out.length,
+        headerLabel: column.name,
+        isGroupStart: true,
+      })
+      i += 1
+    }
+  }
+  return out
+}
+
+export function buildHeaderGroups(
+  displayColumns: DisplayColumn[],
+  workflowGroups: WorkflowGroup[]
+): HeaderGroup[] {
+  const groupById = new Map(workflowGroups.map((g) => [g.id, g]))
+  const groups: HeaderGroup[] = []
+  for (let i = 0; i < displayColumns.length; ) {
+    const col = displayColumns[i]
+    if (col.workflowGroupId && col.isGroupStart) {
+      const group = groupById.get(col.workflowGroupId)
+      if (group) {
+        groups.push({
+          kind: 'workflow',
+          size: col.groupSize,
+          startColIndex: i,
+          groupId: col.workflowGroupId,
+          workflowId: group.workflowId,
+        })
+        i += col.groupSize
+        continue
+      }
+    }
+    groups.push({ kind: 'plain', size: 1, startColIndex: i })
+    i += 1
+  }
+  return groups
+}
+
+/** Reads the per-group execution state for a row, defaulting to empty. */
+export function readExecution(
+  row: { executions?: RowExecutions } | null | undefined,
+  groupId: string | undefined
+): RowExecutionMetadata | undefined {
+  if (!groupId) return undefined
+  return row?.executions?.[groupId]
+}
+
+/**
+ * Client-side mirror of the scheduler's deps predicate. Used to filter the
+ * row-run button so we don't fire downstream groups whose upstream isn't
+ * `completed` yet — the cascade handles those once the upstream finishes.
+ */
+export function areRowDepsSatisfied(
+  group: WorkflowGroup,
+  row: { data: Record<string, unknown>; executions?: RowExecutions }
+): boolean {
+  const deps = group.dependencies ?? {}
+  for (const colName of deps.columns ?? []) {
+    const value = row.data[colName]
+    if (value === null || value === undefined || value === '') return false
+  }
+  for (const gid of deps.workflowGroups ?? []) {
+    if (row.executions?.[gid]?.status !== 'completed') return false
+  }
+  return true
+}
+
+export function moveCell(
+  anchor: CellCoord,
+  colCount: number,
+  totalRows: number,
+  direction: 1 | -1
+): CellCoord {
+  let newCol = anchor.colIndex + direction
+  let newRow = anchor.rowIndex
+  if (newCol >= colCount) {
+    newCol = 0
+    newRow = Math.min(totalRows - 1, newRow + 1)
+  } else if (newCol < 0) {
+    newCol = colCount - 1
+    newRow = Math.max(0, newRow - 1)
+  }
+  return { rowIndex: newRow, colIndex: newCol }
+}
+
+export function computeNormalizedSelection(
+  anchor: CellCoord | null,
+  focus: CellCoord | null
+): NormalizedSelection | null {
+  if (!anchor) return null
+  const f = focus ?? anchor
+  return {
+    startRow: Math.min(anchor.rowIndex, f.rowIndex),
+    endRow: Math.max(anchor.rowIndex, f.rowIndex),
+    startCol: Math.min(anchor.colIndex, f.colIndex),
+    endCol: Math.max(anchor.colIndex, f.colIndex),
+    anchorRow: anchor.rowIndex,
+    anchorCol: anchor.colIndex,
+  }
+}
+
+export function collectRowSnapshots(
+  positions: Iterable<number>,
+  positionMap: Map<number, TableRowType>
+): DeletedRowSnapshot[] {
+  const snapshots: DeletedRowSnapshot[] = []
+  for (const pos of positions) {
+    const row = positionMap.get(pos)
+    if (row) {
+      snapshots.push({ rowId: row.id, data: { ...row.data }, position: row.position })
+    }
+  }
+  return snapshots
+}
diff --git a/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/hooks/index.ts b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/hooks/index.ts
index 8bd7a4b4b44..762cc58de9d 100644
--- a/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/hooks/index.ts
+++ b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/hooks/index.ts
@@ -1,2 +1,3 @@
 export * from './use-context-menu'
-export * from './use-table-data'
+export * from './use-row-execution'
+export * from './use-table'
diff --git a/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/hooks/use-row-execution.ts b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/hooks/use-row-execution.ts
new file mode 100644
index 00000000000..639680919db
--- /dev/null
+++ b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/hooks/use-row-execution.ts
@@ -0,0 +1,95 @@
+import { useCallback } from 'react'
+import { createLogger } from '@sim/logger'
+import { useMutation, useQueryClient } from '@tanstack/react-query'
+import { toast } from '@/components/emcn'
+import { requestJson } from '@/lib/api/client/request'
+import { runRowWorkflowGroupContract } from '@/lib/api/contracts/tables'
+import type { RowExecutionMetadata } from '@/lib/table'
+import {
+  restoreCachedWorkflowCells,
+  snapshotAndMutateRows,
+  tableKeys,
+} from '@/hooks/queries/tables'
+
+const logger = createLogger('useRowExecution')
+
+export interface RunWorkflowGroupParams {
+  tableId: string
+  rowId: string
+  workspaceId: string
+  groupId: string
+  /** Group's workflow id — used as the optimistic execution's `workflowId`
+   *  when the row hasn't run this group before. */
+  workflowId: string
+  /** Output column names produced by the group; cleared optimistically so
+   *  stale values from the previous run don't linger in the UI before the
+   *  server response writes the cleared row back. */
+  outputColumnNames: string[]
+}
+
+interface UseRowExecutionReturn {
+  runWorkflowGroup: (params: RunWorkflowGroupParams) => Promise<void>
+}
+
+/**
+ * Single-row workflow-group runner. Optimistically flips
+ * `executions[groupId]` to `pending` for the targeted row before the network
+ * round-trip so the spinner appears instantly. Cache invalidation lives in
+ * `onSettled` so failed starts still refresh the rows query — otherwise a row
+ * stuck in stale state would remain in the UI until the next refetch.
+ */
+export function useRowExecution(): UseRowExecutionReturn {
+  const queryClient = useQueryClient()
+
+  const mutation = useMutation({
+    mutationFn: async (params: RunWorkflowGroupParams) => {
+      return requestJson(runRowWorkflowGroupContract, {
+        params: { tableId: params.tableId, rowId: params.rowId },
+        body: { workspaceId: params.workspaceId, groupId: params.groupId },
+      })
+    },
+    onMutate: async (params) => {
+      const snapshots = await snapshotAndMutateRows(queryClient, params.tableId, (r) => {
+        if (r.id !== params.rowId) return null
+        const exec = r.executions?.[params.groupId] as RowExecutionMetadata | undefined
+        const pending: RowExecutionMetadata = {
+          status: 'pending',
+          executionId: exec?.executionId ?? null,
+          jobId: null,
+          workflowId: exec?.workflowId ?? params.workflowId,
+          error: null,
+        }
+        const nextData = { ...r.data }
+        for (const colName of params.outputColumnNames) nextData[colName] = null
+        return {
+          ...r,
+          data: nextData,
+          executions: { ...(r.executions ?? {}), [params.groupId]: pending },
+        }
+      })
+      return { snapshots }
+    },
+    onError: (err, _params, context) => {
+      if (context?.snapshots) restoreCachedWorkflowCells(queryClient, context.snapshots)
+      const message = err instanceof Error ? err.message : 'Unknown error'
+      logger.error('Run workflow group failed:', err)
+      toast.error(`Failed to run workflow: ${message}`)
+    },
+    onSettled: (_data, _err, params) => {
+      queryClient.invalidateQueries({ queryKey: tableKeys.rowsRoot(params.tableId) })
+    },
+  })
+
+  const runWorkflowGroup = useCallback(
+    async (params: RunWorkflowGroupParams) => {
+      await mutation.mutateAsync(params).catch(() => {
+        // onError already toasted; swallow so callers can fire-and-forget.
+      })
+    },
+    // mutateAsync is stable in TanStack Query v5
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+    []
+  )
+
+  return { runWorkflowGroup }
+}
diff --git a/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/hooks/use-table-data.ts b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/hooks/use-table-data.ts
deleted file mode 100644
index 52d78e3cce8..00000000000
--- a/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/hooks/use-table-data.ts
+++ /dev/null
@@ -1,83 +0,0 @@
-import { useCallback, useMemo } from 'react'
-import type { TableDefinition, TableRow } from '@/lib/table'
-import { TABLE_LIMITS } from '@/lib/table/constants'
-import { useInfiniteTableRows, useTable } from '@/hooks/queries/tables'
-import type { QueryOptions } from '../types'
-
-interface UseTableDataParams {
-  workspaceId: string
-  tableId: string
-  queryOptions: QueryOptions
-}
-
-interface FetchNextPageResult {
-  hasNextPage: boolean
-}
-
-interface UseTableDataReturn {
-  tableData: TableDefinition | undefined
-  isLoadingTable: boolean
-  rows: TableRow[]
-  isLoadingRows: boolean
-  refetchRows: () => void
-  /**
-   * Fetch the next page of rows. The resolved value's `hasNextPage` reflects the
-   * post-fetch cache state — read from this rather than the parent's
-   * `hasNextPage` state, which only updates on the next React render.
-   */
-  fetchNextPage: () => Promise<FetchNextPageResult>
-  hasNextPage: boolean
-  isFetchingNextPage: boolean
-}
-
-export function useTableData({
-  workspaceId,
-  tableId,
-  queryOptions,
-}: UseTableDataParams): UseTableDataReturn {
-  const { data: tableData, isLoading: isLoadingTable } = useTable(workspaceId, tableId)
-
-  const {
-    data: rowsData,
-    isLoading: isLoadingRows,
-    refetch,
-    fetchNextPage,
-    hasNextPage,
-    isFetchingNextPage,
-  } = useInfiniteTableRows({
-    workspaceId,
-    tableId,
-    pageSize: TABLE_LIMITS.MAX_QUERY_LIMIT,
-    filter: queryOptions.filter,
-    sort: queryOptions.sort,
-    enabled: Boolean(workspaceId && tableId),
-  })
-
-  const rows = useMemo<TableRow[]>(
-    () => rowsData?.pages.flatMap((p) => p.rows) ?? [],
-    [rowsData?.pages]
-  )
-
-  const refetchRows = useCallback(() => {
-    void refetch()
-  }, [refetch])
-
-  const fetchNextPageWrapped = useCallback(async () => {
-    const result = await fetchNextPage()
-    if (result.status === 'error') {
-      throw result.error ?? new Error('Failed to fetch next page')
-    }
-    return { hasNextPage: Boolean(result.hasNextPage) }
-  }, [fetchNextPage])
-
-  return {
-    tableData,
-    isLoadingTable,
-    rows,
-    isLoadingRows,
-    refetchRows,
-    fetchNextPage: fetchNextPageWrapped,
-    hasNextPage: Boolean(hasNextPage),
-    isFetchingNextPage,
-  }
-}
diff --git a/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/hooks/use-table.ts b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/hooks/use-table.ts
new file mode 100644
index 00000000000..258718d8310
--- /dev/null
+++ b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/hooks/use-table.ts
@@ -0,0 +1,278 @@
+'use client'
+
+import { useCallback, useEffect, useMemo } from 'react'
+import { useQueryClient } from '@tanstack/react-query'
+import type {
+  ColumnDefinition,
+  RowData,
+  RowExecutions,
+  TableDefinition,
+  TableRow,
+  WorkflowGroup,
+} from '@/lib/table'
+import { TABLE_LIMITS } from '@/lib/table/constants'
+import type { FlattenOutputsBlockInput } from '@/lib/workflows/blocks/flatten-outputs'
+import { useSocket } from '@/app/workspace/providers/socket-provider'
+import { getBlock } from '@/blocks'
+import { tableKeys, useInfiniteTableRows, useTable as useTableQuery } from '@/hooks/queries/tables'
+import { useWorkflowStates, useWorkflows } from '@/hooks/queries/workflows'
+import type { WorkflowMetadata } from '@/stores/workflows/registry/types'
+import type { WorkflowState } from '@/stores/workflows/workflow/types'
+import type { BlockIconInfo, ColumnSourceInfo } from '../components/table/types'
+import type { QueryOptions } from '../types'
+
+const EMPTY_COLUMNS: ColumnDefinition[] = []
+const EMPTY_GROUPS: WorkflowGroup[] = []
+
+interface UseTableParams {
+  workspaceId: string
+  tableId: string
+  queryOptions: QueryOptions
+}
+
+interface FetchNextPageResult {
+  hasNextPage: boolean
+}
+
+export interface UseTableReturn {
+  /** Table definition (name, schema, metadata, etc.). */
+  tableData: TableDefinition | undefined
+  isLoadingTable: boolean
+  /** Flattened rows across every fetched page. */
+  rows: TableRow[]
+  isLoadingRows: boolean
+  refetchRows: () => void
+  /**
+   * Fetch the next page of rows. The resolved value's `hasNextPage` reflects
+   * the post-fetch cache state — read from this rather than the parent's
+   * `hasNextPage` state, which only updates on the next React render.
+   */
+  fetchNextPage: () => Promise<FetchNextPageResult>
+  hasNextPage: boolean
+  isFetchingNextPage: boolean
+  /** Workspace-wide workflow metadata used by header chips and the column sidebar. */
+  workflows: WorkflowMetadata[] | undefined
+  /** Stable reference to `tableData?.schema?.columns ?? []`. */
+  columns: ColumnDefinition[]
+  /** Stable reference to `tableData?.schema?.workflowGroups ?? []`. */
+  tableWorkflowGroups: WorkflowGroup[]
+  /** Pre-fetched live state for every unique workflow id used by the table. */
+  workflowStates: Map<string, WorkflowState | null>
+  /** Pre-resolved icon + block-name info per output column name. Headers read
+   *  from this map instead of each subscribing to its own workflow-state query. */
+  columnSourceInfo: Map<string, ColumnSourceInfo>
+  /** `workflowId → workflow.name` lookup for cell labels and execution-detail copy. */
+  workflowNameById: Record<string, string>
+}
+
+/**
+ * Coordinator hook for the table view's data layer. Wraps row/schema/workflow
+ * fetching and exposes the derived collections every consumer needs (display
+ * columns, source-info map, workflow-name lookup). Mirrors the shape of
+ * `use-chat`'s coordinator: one hook returning a typed bundle the surface
+ * component destructures.
+ *
+ * Local interaction state (drag, resize, selection, editing) stays in the
+ * `Table` component — moving that here would push every keystroke through a
+ * single hook return and re-render the world.
+ */
+export function useTable({ workspaceId, tableId, queryOptions }: UseTableParams): UseTableReturn {
+  const queryClient = useQueryClient()
+  const { data: tableData, isLoading: isLoadingTable } = useTableQuery(workspaceId, tableId)
+
+  const {
+    data: rowsData,
+    isLoading: isLoadingRows,
+    refetch,
+    fetchNextPage,
+    hasNextPage,
+    isFetchingNextPage,
+  } = useInfiniteTableRows({
+    workspaceId,
+    tableId,
+    pageSize: TABLE_LIMITS.MAX_QUERY_LIMIT,
+    filter: queryOptions.filter,
+    sort: queryOptions.sort,
+    enabled: Boolean(workspaceId && tableId),
+  })
+
+  const rows = useMemo<TableRow[]>(
+    () => rowsData?.pages.flatMap((p) => p.rows) ?? [],
+    [rowsData?.pages]
+  )
+
+  const refetchRows = useCallback(() => {
+    void refetch()
+  }, [refetch])
+
+  const fetchNextPageWrapped = useCallback(async () => {
+    const result = await fetchNextPage()
+    if (result.status === 'error') {
+      throw result.error ?? new Error('Failed to fetch next page')
+    }
+    return { hasNextPage: Boolean(result.hasNextPage) }
+  }, [fetchNextPage])
+
+  // Realtime sync: merge `table-row-updated` / `table-row-deleted` socket
+  // events into the infinite-query cache so cell updates land without
+  // polling. While any mutation is in flight, defer to a stale-mark — the
+  // optimistic update guard wins until `onSettled` invalidates.
+  const { joinTable, leaveTable, onTableRowUpdated, onTableRowDeleted } = useSocket()
+  useEffect(() => {
+    if (!tableId) return
+    joinTable(tableId)
+
+    type Page = { rows: TableRow[]; totalCount: number | null }
+    type InfiniteData = { pages: Page[]; pageParams: number[] } | undefined
+
+    onTableRowUpdated((event) => {
+      if (event.tableId !== tableId) return
+      if (queryClient.isMutating() > 0) {
+        queryClient.invalidateQueries({
+          queryKey: tableKeys.rowsRoot(tableId),
+          refetchType: 'none',
+        })
+        return
+      }
+      queryClient.setQueriesData<InfiniteData>(
+        { queryKey: tableKeys.rowsRoot(tableId) },
+        (current) => {
+          if (!current) return current
+          const incoming: TableRow = {
+            id: event.rowId,
+            data: event.data as RowData,
+            executions: (event.executions as RowExecutions) ?? {},
+            position: event.position,
+            createdAt: '',
+            updatedAt:
+              typeof event.updatedAt === 'string' ? event.updatedAt : String(event.updatedAt),
+          }
+          let landed = false
+          const nextPages = current.pages.map((page) => {
+            const idx = page.rows.findIndex((r) => r.id === event.rowId)
+            if (idx === -1) return page
+            landed = true
+            const merged = {
+              ...page.rows[idx],
+              data: incoming.data,
+              executions: incoming.executions,
+              updatedAt: incoming.updatedAt,
+            }
+            const nextRows = [...page.rows]
+            nextRows[idx] = merged
+            return { ...page, rows: nextRows }
+          })
+          if (landed) return { ...current, pages: nextPages }
+          // Row not in any cached page yet — append to the last page so it
+          // shows up immediately. The next refetch will reorder by position.
+          if (current.pages.length === 0) return current
+          const lastIdx = current.pages.length - 1
+          const lastPage = current.pages[lastIdx]
+          const updatedLast: Page = {
+            ...lastPage,
+            rows: [...lastPage.rows, incoming],
+            totalCount: lastPage.totalCount === null ? null : lastPage.totalCount + 1,
+          }
+          const pagesWithAppend = [...current.pages]
+          pagesWithAppend[lastIdx] = updatedLast
+          return { ...current, pages: pagesWithAppend }
+        }
+      )
+    })
+
+    onTableRowDeleted((event) => {
+      if (event.tableId !== tableId) return
+      if (queryClient.isMutating() > 0) {
+        queryClient.invalidateQueries({
+          queryKey: tableKeys.rowsRoot(tableId),
+          refetchType: 'none',
+        })
+        return
+      }
+      queryClient.setQueriesData<InfiniteData>(
+        { queryKey: tableKeys.rowsRoot(tableId) },
+        (current) => {
+          if (!current) return current
+          let removed = false
+          const nextPages = current.pages.map((page) => {
+            const next = page.rows.filter((r) => r.id !== event.rowId)
+            if (next.length === page.rows.length) return page
+            removed = true
+            return {
+              ...page,
+              rows: next,
+              totalCount: page.totalCount === null ? null : Math.max(0, page.totalCount - 1),
+            }
+          })
+          if (!removed) return current
+          return { ...current, pages: nextPages }
+        }
+      )
+    })
+
+    return () => {
+      leaveTable()
+    }
+    // joinTable / leaveTable / on* are stable callbacks; tableId is the only real dep.
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, [tableId])
+
+  const { data: workflows } = useWorkflows(workspaceId)
+
+  const columns = useMemo(
+    () => tableData?.schema?.columns || EMPTY_COLUMNS,
+    [tableData?.schema?.columns]
+  )
+
+  const tableWorkflowGroups = useMemo<WorkflowGroup[]>(
+    () => tableData?.schema?.workflowGroups ?? EMPTY_GROUPS,
+    [tableData?.schema?.workflowGroups]
+  )
+
+  const workflowStates = useWorkflowStates(
+    useMemo(() => tableWorkflowGroups.map((g) => g.workflowId), [tableWorkflowGroups])
+  )
+
+  const columnSourceInfo = useMemo<Map<string, ColumnSourceInfo>>(() => {
+    const map = new Map<string, ColumnSourceInfo>()
+    for (const group of tableWorkflowGroups) {
+      const state = workflowStates.get(group.workflowId)
+      const blocks = (state as { blocks?: Record<string, FlattenOutputsBlockInput> } | null)?.blocks
+      for (const out of group.outputs) {
+        const block = blocks?.[out.blockId]
+        const blockConfig = block?.type ? getBlock(block.type) : undefined
+        const blockIconInfo: BlockIconInfo | undefined = blockConfig?.icon
+          ? { icon: blockConfig.icon, color: blockConfig.bgColor || '#2F55FF' }
+          : undefined
+        const blockName = block?.name?.trim() || undefined
+        map.set(out.columnName, { blockIconInfo, blockName })
+      }
+    }
+    return map
+  }, [tableWorkflowGroups, workflowStates])
+
+  const workflowNameById = useMemo(() => {
+    const map: Record<string, string> = {}
+    for (const wf of workflows ?? []) {
+      map[wf.id] = wf.name
+    }
+    return map
+  }, [workflows])
+
+  return {
+    tableData,
+    isLoadingTable,
+    rows,
+    isLoadingRows,
+    refetchRows,
+    fetchNextPage: fetchNextPageWrapped,
+    hasNextPage: Boolean(hasNextPage),
+    isFetchingNextPage,
+    workflows,
+    columns,
+    tableWorkflowGroups,
+    workflowStates,
+    columnSourceInfo,
+    workflowNameById,
+  }
+}
diff --git a/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/types.ts b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/types.ts
index e3e4417d2c6..d7c7553c2ce 100644
--- a/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/types.ts
+++ b/apps/sim/app/workspace/[workspaceId]/tables/[tableId]/types.ts
@@ -26,9 +26,13 @@ export interface ContextMenuState {
 }
 
 /**
- * Tracks which cell is currently being edited inline
+ * Tracks which cell is currently being edited inline. `columnKey` distinguishes
+ * fanned-out workflow visual columns (which share the same `columnName`) — set
+ * when the interaction targets a specific visual column (e.g. expanded view),
+ * omitted for plain cells.
  */
 export interface EditingCell {
   rowId: string
   columnName: string
+  columnKey?: string
 }
diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/chat/components/output-select/output-select.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/chat/components/output-select/output-select.tsx
index 213fe3d4199..52576a0c32e 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/chat/components/output-select/output-select.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/chat/components/output-select/output-select.tsx
@@ -5,8 +5,10 @@ import { useMemo } from 'react'
 import { RepeatIcon, SplitIcon } from 'lucide-react'
 import { useShallow } from 'zustand/react/shallow'
 import { Combobox, type ComboboxOptionGroup } from '@/components/emcn'
-import { getEffectiveBlockOutputs } from '@/lib/workflows/blocks/block-outputs'
-import { hasTriggerCapability } from '@/lib/workflows/triggers/trigger-utils'
+import {
+  type FlattenOutputsBlockInput,
+  flattenWorkflowOutputs,
+} from '@/lib/workflows/blocks/flatten-outputs'
 import { getBlock } from '@/blocks'
 import { useWorkflowDiffStore } from '@/stores/workflow-diff/store'
 import { useSubBlockStore } from '@/stores/workflows/subblock/store'
@@ -38,8 +40,6 @@ const TagIcon: React.FC<{
   </div>
 )
 
-const EXCLUDED_OUTPUT_TYPES = new Set(['starter', 'start_trigger', 'human_in_the_loop'] as const)
-
 /**
  * Props for the OutputSelect component
  */
@@ -106,86 +106,52 @@ export function OutputSelect({
    * Extracts all available workflow outputs for the dropdown
    */
   const workflowOutputs = useMemo(() => {
-    const outputs: Array<{
-      id: string
-      label: string
-      blockId: string
-      blockName: string
-      blockType: string
-      path: string
-    }> = []
-
     if (!workflowId || !workflowBlocks || typeof workflowBlocks !== 'object') {
-      return outputs
+      return []
     }
+    const blockArray = Object.values(workflowBlocks) as any[]
+    if (blockArray.length === 0) return []
 
-    const blockArray = Object.values(workflowBlocks)
-    if (blockArray.length === 0) return outputs
-
-    blockArray.forEach((block: any) => {
-      if (EXCLUDED_OUTPUT_TYPES.has(block.type) || !block?.id || !block?.type) return
-
-      const blockName =
-        block.name && typeof block.name === 'string'
-          ? block.name.replace(/\s+/g, '').toLowerCase()
-          : `block-${block.id}`
-
-      const blockConfig = getBlock(block.type)
-      const isTriggerCapable = blockConfig ? hasTriggerCapability(blockConfig) : false
-      const effectiveTriggerMode = Boolean(block.triggerMode && isTriggerCapable)
-
-      let outputsToProcess: Record<string, unknown> = {}
+    // Merge the editor's subblock store values into the blocks before flattening —
+    // the workflow store doesn't always have the latest subBlocks.value.
+    const mergedBlocks: FlattenOutputsBlockInput[] = blockArray.map((block) => {
       const rawSubBlockValues =
         shouldUseBaseline && baselineWorkflow
           ? baselineWorkflow.blocks?.[block.id]?.subBlocks
           : subBlockValues?.[block.id]
-      const subBlocks: Record<string, { value: unknown }> = {}
+      const subBlocks: Record<string, unknown> = {}
       if (rawSubBlockValues && typeof rawSubBlockValues === 'object') {
         for (const [key, val] of Object.entries(rawSubBlockValues)) {
-          // Handle both { value: ... } and raw value formats
-          subBlocks[key] = val && typeof val === 'object' && 'value' in val ? val : { value: val }
+          subBlocks[key] =
+            val && typeof val === 'object' && 'value' in (val as object)
+              ? (val as { value: unknown })
+              : { value: val }
         }
       }
-
-      outputsToProcess = getEffectiveBlockOutputs(block.type, subBlocks, {
-        triggerMode: effectiveTriggerMode,
-        preferToolOutputs: !effectiveTriggerMode,
-      }) as Record<string, unknown>
-
-      if (Object.keys(outputsToProcess).length === 0) return
-
-      const addOutput = (path: string, outputObj: unknown, prefix = '') => {
-        const fullPath = prefix ? `${prefix}.${path}` : path
-        const createOutput = () => ({
-          id: `${block.id}_${fullPath}`,
-          label: `${blockName}.${fullPath}`,
-          blockId: block.id,
-          blockName: block.name || `Block ${block.id}`,
-          blockType: block.type,
-          path: fullPath,
-        })
-
-        if (
-          typeof outputObj !== 'object' ||
-          outputObj === null ||
-          ('type' in outputObj && typeof outputObj.type === 'string') ||
-          Array.isArray(outputObj)
-        ) {
-          outputs.push(createOutput())
-          return
-        }
-
-        Object.entries(outputObj).forEach(([key, value]) => {
-          addOutput(key, value, fullPath)
-        })
+      return {
+        id: block.id,
+        type: block.type,
+        name: block.name,
+        triggerMode: Boolean(block.triggerMode),
+        subBlocks,
       }
-
-      Object.entries(outputsToProcess).forEach(([key, value]) => {
-        addOutput(key, value)
-      })
     })
 
-    return outputs
+    const flat = flattenWorkflowOutputs(mergedBlocks)
+    return flat.map((f) => {
+      const displayBlockName =
+        f.blockName && typeof f.blockName === 'string'
+          ? f.blockName.replace(/\s+/g, '').toLowerCase()
+          : `block-${f.blockId}`
+      return {
+        id: `${f.blockId}_${f.path}`,
+        label: `${displayBlockName}.${f.path}`,
+        blockId: f.blockId,
+        blockName: f.blockName,
+        blockType: f.blockType,
+        path: f.path,
+      }
+    })
   }, [
     workflowBlocks,
     workflowId,
diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/notifications/notifications.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/notifications/notifications.tsx
index a6d56d389c6..e6c74e8bf0a 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/notifications/notifications.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/notifications/notifications.tsx
@@ -26,7 +26,7 @@ const ACTION_LABELS: Record<NotificationAction['type'], string> = {
 } as const
 
 function isAutoDismissable(n: Notification): boolean {
-  return !!n.workflowId
+  return !!n.workflowId && n.action?.type !== 'unlock-workflow'
 }
 
 function NotificationCountdownRing({ onPause }: { onPause: () => void }) {
@@ -99,7 +99,7 @@ export const Notifications = memo(function Notifications({ embedded }: Notificat
             break
           case 'unlock-workflow':
             window.dispatchEvent(new CustomEvent('unlock-workflow'))
-            break
+            return
           default:
             logger.warn('Unknown action type', { notificationId, actionType: action.type })
         }
diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/workflow.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/workflow.tsx
index 1ebde480ef5..a2019e537eb 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/workflow.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/workflow.tsx
@@ -349,7 +349,7 @@ const WorkflowContent = React.memo(
     const workflowReadOnly = workflowLocked && !sandbox
     const canvasOpacityClass = isCanvasReady
       ? workflowReadOnly
-        ? 'opacity-60'
+        ? 'opacity-75'
         : 'opacity-100'
       : 'opacity-0'
 
@@ -1251,13 +1251,16 @@ const WorkflowContent = React.memo(
       return findLockedAncestorFolder(workflowMetadata?.folderId, folders)?.name ?? null
     }, [workflowFolderLocked, workflowMetadata?.folderId, folders])
 
-    const prevCanAdminRef = useRef(effectivePermissions.canAdmin)
+    const prevIsAdminRef = useRef(
+      workspacePermissions?.viewer?.isAdmin ?? effectivePermissions.canAdmin
+    )
     const prevLockSignatureRef = useRef<string | null>(null)
     useEffect(() => {
       if (!isWorkflowReady) return
 
-      const canAdminChanged = prevCanAdminRef.current !== effectivePermissions.canAdmin
-      prevCanAdminRef.current = effectivePermissions.canAdmin
+      const isAdmin = workspacePermissions?.viewer?.isAdmin ?? effectivePermissions.canAdmin
+      const canAdminChanged = prevIsAdminRef.current !== isAdmin
+      prevIsAdminRef.current = isAdmin
 
       const lockSignature = workflowReadOnly
         ? workflowRowLocked
@@ -1273,8 +1276,6 @@ const WorkflowContent = React.memo(
 
       if (workflowReadOnly) {
         if (lockNotificationIdRef.current) return
-
-        const isAdmin = effectivePermissions.canAdmin
         const isFolderInherited = workflowFolderLocked && !workflowRowLocked
         const message = isFolderInherited
           ? inheritedLockFolderName
@@ -1304,6 +1305,7 @@ const WorkflowContent = React.memo(
       inheritedLockFolderName,
       isWorkflowReady,
       effectivePermissions.canAdmin,
+      workspacePermissions,
       addNotification,
       activeWorkflowId,
       clearLockNotification,
@@ -2182,6 +2184,18 @@ const WorkflowContent = React.memo(
       [screenToFlowPosition, handleToolbarDrop]
     )
 
+    const onDropLocked = useCallback(
+      (event: React.DragEvent) => {
+        event.preventDefault()
+        if (!event.dataTransfer?.types.includes('application/json')) return
+        const message = effectivePermissions.canAdmin
+          ? 'Unlock the workflow to add blocks.'
+          : 'This workflow is locked. Ask an admin to unlock it.'
+        addNotification({ level: 'info', message, workflowId: activeWorkflowId || undefined })
+      },
+      [effectivePermissions.canAdmin, addNotification, activeWorkflowId]
+    )
+
     const handleCanvasPointerMove = useCallback(
       (event: React.PointerEvent<Element>) => {
         const position = screenToFlowPosition({
@@ -4072,8 +4086,16 @@ const WorkflowContent = React.memo(
                   nodeTypes={nodeTypes}
                   edgeTypes={edgeTypes}
                   onMouseDown={handleCanvasMouseDown}
-                  onDrop={effectivePermissions.canEdit ? onDrop : undefined}
-                  onDragOver={effectivePermissions.canEdit ? onDragOver : undefined}
+                  onDrop={
+                    effectivePermissions.canEdit
+                      ? onDrop
+                      : workflowReadOnly
+                        ? onDropLocked
+                        : undefined
+                  }
+                  onDragOver={
+                    effectivePermissions.canEdit || workflowReadOnly ? onDragOver : undefined
+                  }
                   onInit={(instance) => {
                     if (embedded) {
                       return
@@ -4176,7 +4198,7 @@ const WorkflowContent = React.memo(
                         edges.filter((e) => e.target === contextMenuBlocks[0]?.id).length === 0
                       }
                       onToggleLocked={handleContextToggleLocked}
-                      canAdmin={effectivePermissions.canAdmin}
+                      canAdmin={effectivePermissions.canAdmin && !workflowReadOnly}
                     />
 
                     <CanvasMenu
@@ -4202,7 +4224,7 @@ const WorkflowContent = React.memo(
                       hasLockedBlocks={hasLockedBlocks}
                       onToggleWorkflowLock={handleToggleWorkflowLock}
                       allBlocksLocked={allBlocksLocked}
-                      canAdmin={effectivePermissions.canAdmin}
+                      canAdmin={effectivePermissions.canAdmin && !workflowReadOnly}
                       hasBlocks={hasBlocks}
                     />
                   </>
diff --git a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workflow-list/components/folder-item/folder-item.tsx b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workflow-list/components/folder-item/folder-item.tsx
index bff9ebd4d60..76abe9be072 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workflow-list/components/folder-item/folder-item.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workflow-list/components/folder-item/folder-item.tsx
@@ -552,26 +552,35 @@ export function FolderItem({
               >
                 {folder.name}
               </span>
+            </div>
+            <div className='relative h-[18px] w-[18px] flex-shrink-0'>
               {folder.locked && (
-                <Lock
-                  className='pointer-events-none h-[12px] w-[12px] flex-shrink-0 text-[var(--text-icon)]'
+                <span
+                  role='img'
                   aria-label='Folder is locked'
-                />
+                  className={clsx(
+                    'pointer-events-none absolute inset-0 flex items-center justify-center transition-opacity',
+                    !isAnyDragActive && 'group-hover:opacity-0',
+                    isContextMenuOpen && 'opacity-0'
+                  )}
+                >
+                  <Lock className='h-[14px] w-[14px] text-[var(--text-icon)]' aria-hidden='true' />
+                </span>
               )}
+              <button
+                type='button'
+                aria-label='Folder options'
+                onPointerDown={handleMorePointerDown}
+                onClick={handleMoreClick}
+                className={clsx(
+                  'pointer-events-none absolute inset-0 flex items-center justify-center rounded-sm opacity-0 transition-opacity',
+                  !isAnyDragActive && 'group-hover:pointer-events-auto group-hover:opacity-100',
+                  isContextMenuOpen && 'pointer-events-auto opacity-100'
+                )}
+              >
+                <MoreHorizontal className='h-[16px] w-[16px] text-[var(--text-icon)]' />
+              </button>
             </div>
-            <button
-              type='button'
-              aria-label='Folder options'
-              onPointerDown={handleMorePointerDown}
-              onClick={handleMoreClick}
-              className={clsx(
-                'flex h-[18px] w-[18px] flex-shrink-0 items-center justify-center rounded-sm opacity-0 transition-opacity',
-                !isAnyDragActive && 'group-hover:opacity-100',
-                isContextMenuOpen && 'opacity-100'
-              )}
-            >
-              <MoreHorizontal className='h-[16px] w-[16px] text-[var(--text-icon)]' />
-            </button>
           </div>
         )}
       </div>
diff --git a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workflow-list/components/workflow-item/workflow-item.tsx b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workflow-list/components/workflow-item/workflow-item.tsx
index 280da1edf0e..27c0fdbc12b 100644
--- a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workflow-list/components/workflow-item/workflow-item.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workflow-list/components/workflow-item/workflow-item.tsx
@@ -468,31 +468,38 @@ export function WorkflowItem({
                 {workflow.name}
               </div>
             )}
-            {!isEditing && workflow.locked && (
-              <Lock
-                className='pointer-events-none h-[12px] w-[12px] flex-shrink-0 text-[var(--text-icon)]'
-                aria-label='Workflow is locked'
-              />
-            )}
             {!isEditing && <Avatars workflowId={workflow.id} />}
           </div>
         </div>
         {!isEditing && (
-          <>
+          <div className='relative h-[18px] w-[18px] flex-shrink-0'>
+            {workflow.locked && (
+              <span
+                role='img'
+                aria-label='Workflow is locked'
+                className={clsx(
+                  'pointer-events-none absolute inset-0 flex items-center justify-center transition-opacity',
+                  !isAnyDragActive && 'group-hover:opacity-0',
+                  isContextMenuOpen && 'opacity-0'
+                )}
+              >
+                <Lock className='h-[14px] w-[14px] text-[var(--text-icon)]' aria-hidden='true' />
+              </span>
+            )}
             <button
               type='button'
               aria-label='Workflow options'
               onPointerDown={handleMorePointerDown}
               onClick={handleMoreClick}
               className={clsx(
-                'flex h-[18px] w-[18px] flex-shrink-0 items-center justify-center rounded-sm opacity-0 transition-opacity',
-                !isAnyDragActive && 'group-hover:opacity-100',
-                isContextMenuOpen && 'opacity-100'
+                'pointer-events-none absolute inset-0 flex items-center justify-center rounded-sm opacity-0 transition-opacity',
+                !isAnyDragActive && 'group-hover:pointer-events-auto group-hover:opacity-100',
+                isContextMenuOpen && 'pointer-events-auto opacity-100'
               )}
             >
               <MoreHorizontal className='h-[16px] w-[16px] text-[var(--text-icon)]' />
             </button>
-          </>
+          </div>
         )}
       </Link>
 
diff --git a/apps/sim/app/workspace/providers/socket-provider.tsx b/apps/sim/app/workspace/providers/socket-provider.tsx
index fa43d4cb3eb..4faa626b78e 100644
--- a/apps/sim/app/workspace/providers/socket-provider.tsx
+++ b/apps/sim/app/workspace/providers/socket-provider.tsx
@@ -56,6 +56,26 @@ interface PresenceUser {
   selection?: { type: 'block' | 'edge' | 'none'; id?: string }
 }
 
+interface TableRowUpdatedEvent {
+  tableId: string
+  rowId: string
+  data: Record<string, unknown>
+  /** Per-group execution state. Keyed by `WorkflowGroup.id`. */
+  executions?: Record<string, unknown>
+  position: number
+  updatedAt: string | number
+}
+
+interface TableRowDeletedEvent {
+  tableId: string
+  rowId: string
+}
+
+interface TableDeletedEvent {
+  tableId: string
+  timestamp: number
+}
+
 interface SocketContextType {
   socket: Socket | null
   isConnected: boolean
@@ -64,10 +84,13 @@ interface SocketContextType {
   isRetryingWorkflowJoin: boolean
   authFailed: boolean
   currentWorkflowId: string | null
+  currentTableId: string | null
   currentSocketId: string | null
   presenceUsers: PresenceUser[]
   joinWorkflow: (workflowId: string) => void
   leaveWorkflow: () => void
+  joinTable: (tableId: string) => void
+  leaveTable: () => void
   retryConnection: () => void
   emitWorkflowOperation: (
     workflowId: string,
@@ -105,6 +128,9 @@ interface SocketContextType {
   onWorkflowDeployed: (handler: (data: any) => void) => void
   onOperationConfirmed: (handler: (data: any) => void) => void
   onOperationFailed: (handler: (data: any) => void) => void
+  onTableRowUpdated: (handler: (data: TableRowUpdatedEvent) => void) => void
+  onTableRowDeleted: (handler: (data: TableRowDeletedEvent) => void) => void
+  onTableDeleted: (handler: (data: TableDeletedEvent) => void) => void
 }
 
 const SocketContext = createContext<SocketContextType>({
@@ -115,10 +141,13 @@ const SocketContext = createContext<SocketContextType>({
   isRetryingWorkflowJoin: false,
   authFailed: false,
   currentWorkflowId: null,
+  currentTableId: null,
   currentSocketId: null,
   presenceUsers: [],
   joinWorkflow: () => {},
   leaveWorkflow: () => {},
+  joinTable: () => {},
+  leaveTable: () => {},
   retryConnection: () => {},
   emitWorkflowOperation: () => {},
   emitSubblockUpdate: () => {},
@@ -136,6 +165,9 @@ const SocketContext = createContext<SocketContextType>({
   onWorkflowDeployed: () => {},
   onOperationConfirmed: () => {},
   onOperationFailed: () => {},
+  onTableRowUpdated: () => {},
+  onTableRowDeleted: () => {},
+  onTableDeleted: () => {},
 })
 
 export const useSocket = () => useContext(SocketContext)
@@ -169,6 +201,10 @@ export function SocketProvider({ children, user }: SocketProviderProps) {
   urlWorkflowIdRef.current = urlWorkflowId
   explicitWorkflowIdRef.current = explicitWorkflowId
 
+  const [currentTableId, setCurrentTableId] = useState<string | null>(null)
+  const currentTableIdRef = useRef<string | null>(null)
+  currentTableIdRef.current = currentTableId
+
   const eventHandlers = useRef<{
     workflowOperation?: (data: any) => void
     subblockUpdate?: (data: any) => void
@@ -181,6 +217,9 @@ export function SocketProvider({ children, user }: SocketProviderProps) {
     workflowDeployed?: (data: any) => void
     operationConfirmed?: (data: any) => void
     operationFailed?: (data: any) => void
+    tableRowUpdated?: (data: TableRowUpdatedEvent) => void
+    tableRowDeleted?: (data: TableRowDeletedEvent) => void
+    tableDeleted?: (data: TableDeletedEvent) => void
   }>({})
 
   const positionUpdateTimeouts = useRef<Map<string, number>>(new Map())
@@ -383,6 +422,10 @@ export function SocketProvider({ children, user }: SocketProviderProps) {
             transport: socketInstance.io.engine?.transport?.name,
           })
           executeJoinCommands(joinControllerRef.current.setConnected(true))
+          // Re-join the table room after (re)connect so missed events resume.
+          if (currentTableIdRef.current) {
+            socketInstance.emit('join-table', { tableId: currentTableIdRef.current })
+          }
         })
 
         socketInstance.on('disconnect', (reason) => {
@@ -561,6 +604,34 @@ export function SocketProvider({ children, user }: SocketProviderProps) {
           eventHandlers.current.workflowDeployed?.(data)
         })
 
+        socketInstance.on('join-table-success', ({ tableId }) => {
+          if (currentTableIdRef.current !== tableId) {
+            currentTableIdRef.current = tableId
+            setCurrentTableId(tableId)
+          }
+          logger.debug(`Joined table room ${tableId}`)
+        })
+
+        socketInstance.on('join-table-error', ({ tableId, error, code }) => {
+          logger.warn('join-table-error', { tableId, error, code })
+        })
+
+        socketInstance.on('table-row-updated', (data: TableRowUpdatedEvent) => {
+          eventHandlers.current.tableRowUpdated?.(data)
+        })
+
+        socketInstance.on('table-row-deleted', (data: TableRowDeletedEvent) => {
+          eventHandlers.current.tableRowDeleted?.(data)
+        })
+
+        socketInstance.on('table-deleted', (data: TableDeletedEvent) => {
+          if (currentTableIdRef.current === data.tableId) {
+            currentTableIdRef.current = null
+            setCurrentTableId(null)
+          }
+          eventHandlers.current.tableDeleted?.(data)
+        })
+
         const rehydrateWorkflowStores = async (workflowId: string, workflowState: any) => {
           const [
             { useOperationQueueStore },
@@ -769,6 +840,33 @@ export function SocketProvider({ children, user }: SocketProviderProps) {
     setExplicitWorkflowId(null)
   }, [])
 
+  const joinTable = useCallback((tableId: string) => {
+    const s = socketRef.current
+    if (!s) {
+      // Defer: when socket connects, the requestedTableId effect below re-emits join-table.
+      currentTableIdRef.current = tableId
+      setCurrentTableId(tableId)
+      return
+    }
+    // Idempotent: if we're already in this room, no-op.
+    if (currentTableIdRef.current === tableId && s.connected) return
+    // Switching tables: leave the previous room first.
+    if (currentTableIdRef.current && currentTableIdRef.current !== tableId) {
+      s.emit('leave-table', { tableId: currentTableIdRef.current })
+    }
+    currentTableIdRef.current = tableId
+    setCurrentTableId(tableId)
+    s.emit('join-table', { tableId })
+  }, [])
+
+  const leaveTable = useCallback(() => {
+    const s = socketRef.current
+    const tableId = currentTableIdRef.current
+    currentTableIdRef.current = null
+    setCurrentTableId(null)
+    if (s && tableId) s.emit('leave-table', { tableId })
+  }, [])
+
   /**
    * Retry socket connection after auth failure.
    * Call this when user has re-authenticated (e.g., after login redirect).
@@ -1017,6 +1115,18 @@ export function SocketProvider({ children, user }: SocketProviderProps) {
     eventHandlers.current.operationFailed = handler
   }, [])
 
+  const onTableRowUpdated = useCallback((handler: (data: TableRowUpdatedEvent) => void) => {
+    eventHandlers.current.tableRowUpdated = handler
+  }, [])
+
+  const onTableRowDeleted = useCallback((handler: (data: TableRowDeletedEvent) => void) => {
+    eventHandlers.current.tableRowDeleted = handler
+  }, [])
+
+  const onTableDeleted = useCallback((handler: (data: TableDeletedEvent) => void) => {
+    eventHandlers.current.tableDeleted = handler
+  }, [])
+
   const contextValue = useMemo(
     () => ({
       socket,
@@ -1026,10 +1136,13 @@ export function SocketProvider({ children, user }: SocketProviderProps) {
       isRetryingWorkflowJoin,
       authFailed,
       currentWorkflowId,
+      currentTableId,
       currentSocketId,
       presenceUsers,
       joinWorkflow,
       leaveWorkflow,
+      joinTable,
+      leaveTable,
       retryConnection,
       emitWorkflowOperation,
       emitSubblockUpdate,
@@ -1047,6 +1160,9 @@ export function SocketProvider({ children, user }: SocketProviderProps) {
       onWorkflowDeployed,
       onOperationConfirmed,
       onOperationFailed,
+      onTableRowUpdated,
+      onTableRowDeleted,
+      onTableDeleted,
     }),
     [
       socket,
@@ -1056,10 +1172,13 @@ export function SocketProvider({ children, user }: SocketProviderProps) {
       isRetryingWorkflowJoin,
       authFailed,
       currentWorkflowId,
+      currentTableId,
       currentSocketId,
       presenceUsers,
       joinWorkflow,
       leaveWorkflow,
+      joinTable,
+      leaveTable,
       retryConnection,
       emitWorkflowOperation,
       emitSubblockUpdate,
@@ -1077,6 +1196,9 @@ export function SocketProvider({ children, user }: SocketProviderProps) {
       onWorkflowDeployed,
       onOperationConfirmed,
       onOperationFailed,
+      onTableRowUpdated,
+      onTableRowDeleted,
+      onTableDeleted,
     ]
   )
 
diff --git a/apps/sim/background/knowledge-processing.ts b/apps/sim/background/knowledge-processing.ts
index 5f20d5af285..8441fad1e05 100644
--- a/apps/sim/background/knowledge-processing.ts
+++ b/apps/sim/background/knowledge-processing.ts
@@ -1,6 +1,6 @@
 import { createLogger } from '@sim/logger'
 import { task } from '@trigger.dev/sdk'
-import { env } from '@/lib/core/config/env'
+import { env, envNumber } from '@/lib/core/config/env'
 import { processDocumentAsync } from '@/lib/knowledge/documents/service'
 
 const logger = createLogger('TriggerKnowledgeProcessing')
@@ -23,16 +23,16 @@ export type DocumentProcessingPayload = {
 
 export const processDocument = task({
   id: 'knowledge-process-document',
-  maxDuration: env.KB_CONFIG_MAX_DURATION || 600,
+  maxDuration: envNumber(env.KB_CONFIG_MAX_DURATION, 600),
   machine: 'large-1x', // 2 vCPU, 2GB RAM - needed for large PDF processing
   retry: {
-    maxAttempts: env.KB_CONFIG_MAX_ATTEMPTS || 3,
-    factor: env.KB_CONFIG_RETRY_FACTOR || 2,
-    minTimeoutInMs: env.KB_CONFIG_MIN_TIMEOUT || 1000,
-    maxTimeoutInMs: env.KB_CONFIG_MAX_TIMEOUT || 10000,
+    maxAttempts: envNumber(env.KB_CONFIG_MAX_ATTEMPTS, 3),
+    factor: envNumber(env.KB_CONFIG_RETRY_FACTOR, 2),
+    minTimeoutInMs: envNumber(env.KB_CONFIG_MIN_TIMEOUT, 1000),
+    maxTimeoutInMs: envNumber(env.KB_CONFIG_MAX_TIMEOUT, 10000),
   },
   queue: {
-    concurrencyLimit: env.KB_CONFIG_CONCURRENCY_LIMIT || 20,
+    concurrencyLimit: envNumber(env.KB_CONFIG_CONCURRENCY_LIMIT, 20),
     name: 'document-processing-queue',
   },
   run: async (payload: DocumentProcessingPayload) => {
diff --git a/apps/sim/background/workflow-column-execution.ts b/apps/sim/background/workflow-column-execution.ts
new file mode 100644
index 00000000000..ba0b03519e3
--- /dev/null
+++ b/apps/sim/background/workflow-column-execution.ts
@@ -0,0 +1,323 @@
+import { db } from '@sim/db'
+import { workflow as workflowTable } from '@sim/db/schema'
+import { createLogger, runWithRequestContext } from '@sim/logger'
+import { toError } from '@sim/utils/errors'
+import { task } from '@trigger.dev/sdk'
+import { eq } from 'drizzle-orm'
+import type { RowData, RowExecutionMetadata } from '@/lib/table/types'
+
+const logger = createLogger('TriggerWorkflowGroupCell')
+
+export type WorkflowGroupCellPayload = {
+  tableId: string
+  tableName: string
+  rowId: string
+  groupId: string
+  workflowId: string
+  workspaceId: string
+  /** Sim-side correlation id used as `wfgrp-${executionId}` in logs/requestId. */
+  executionId: string
+}
+
+/**
+ * Background workflow-group cell execution. Runs in a trigger.dev worker;
+ * writes plain primitives into `row.data[output.columnName]` as picked
+ * blocks complete, and execution state into `row.executions[groupId]`.
+ * Cancellation is authoritative via `cancelWorkflowGroupRuns`.
+ */
+export async function executeWorkflowGroupCellJob(
+  payload: WorkflowGroupCellPayload,
+  signal?: AbortSignal
+) {
+  const { tableId, tableName, rowId, groupId, workflowId, workspaceId, executionId } = payload
+  const requestId = `wfgrp-${executionId}`
+
+  return runWithRequestContext({ requestId }, async () => {
+    const { getTableById, getRowById, updateRow } = await import('@/lib/table/service')
+    const { executeWorkflow } = await import('@/lib/workflows/executor/execute-workflow')
+    const { loadWorkflowFromNormalizedTables } = await import('@/lib/workflows/persistence/utils')
+    const { writeWorkflowGroupState, buildOutputsByBlockId } = await import(
+      '@/lib/table/cell-write'
+    )
+
+    const cellCtx = { tableId, rowId, workspaceId, groupId, executionId, requestId }
+    const writeState = (executionState: RowExecutionMetadata, dataPatch?: RowData) =>
+      writeWorkflowGroupState(cellCtx, { executionState, dataPatch })
+
+    // Hoisted out of the try so the catch block can drain pending writes and
+    // surface partial errors in the terminal-error state.
+    const blockErrors: Record<string, string> = {}
+    let writeChain: Promise<void> = Promise.resolve()
+    // Set right before the terminal `completed`/`error` write fires. The
+    // executor fires `onBlockComplete` callbacks fire-and-forget, so some can
+    // still be in the microtask queue after `executeWorkflow` resolves; they
+    // would otherwise enqueue a `running` partial-write that lands after the
+    // terminal state and clobber it. Once this flag is set, `schedulePartialWrite`
+    // becomes a no-op.
+    let terminalWritten = false
+
+    try {
+      const table = await getTableById(tableId)
+      if (!table) {
+        logger.warn(`Table ${tableId} vanished before execution`)
+        return
+      }
+      const group = (table.schema.workflowGroups ?? []).find((g) => g.id === groupId)
+      if (!group) {
+        await writeState({
+          status: 'error',
+          executionId,
+          jobId: null,
+          workflowId,
+          error: `Workflow group ${groupId} no longer exists on this table`,
+        })
+        return
+      }
+
+      const [workflowRecord] = await db
+        .select()
+        .from(workflowTable)
+        .where(eq(workflowTable.id, workflowId))
+        .limit(1)
+
+      if (!workflowRecord) {
+        await writeState({
+          status: 'error',
+          executionId,
+          jobId: null,
+          workflowId,
+          error: 'Workflow not found',
+        })
+        return
+      }
+
+      const normalizedData = await loadWorkflowFromNormalizedTables(workflowId)
+      const startBlock = normalizedData
+        ? Object.values(normalizedData.blocks).find((b) => b?.type === 'start_trigger')
+        : undefined
+      if (!startBlock) {
+        await writeState({
+          status: 'error',
+          executionId,
+          jobId: null,
+          workflowId,
+          error: 'Workflow is missing a Start trigger',
+        })
+        return
+      }
+
+      const row = await getRowById(tableId, rowId, workspaceId)
+      if (!row) {
+        logger.warn(`Row ${rowId} vanished before execution`)
+        return
+      }
+
+      // Output columns produced by THIS group are skipped on input — they're
+      // populated by the run we're starting. Other group's outputs ARE
+      // included (they're plain primitives in `row.data` thanks to the
+      // flattened schema).
+      const ownOutputColumns = new Set(group.outputs.map((o) => o.columnName))
+      const inputRow: Record<string, unknown> = {}
+      for (const key of Object.keys(row.data)) {
+        if (ownOutputColumns.has(key)) continue
+        inputRow[key] = row.data[key]
+      }
+
+      const headers = table.schema.columns
+        .filter((c) => !ownOutputColumns.has(c.name))
+        .map((c) => c.name)
+
+      // Spread row columns as top-level inputs so Start block fields resolve
+      // directly by column name; reserved metadata keys win on collision.
+      const input = {
+        ...inputRow,
+        row: inputRow,
+        rawRow: inputRow,
+        previousRow: null,
+        changedColumns: [],
+        rowId,
+        headers,
+        rowNumber: row.position,
+        tableId,
+        tableName,
+        timestamp: new Date().toISOString(),
+      }
+
+      const { pluckByPath } = await import('@/lib/table/pluck')
+      const outputsByBlockId = buildOutputsByBlockId(group)
+
+      // Local accumulators for the run.
+      const accumulatedData: RowData = {}
+      const runningBlockIds = new Set<string>()
+
+      /** Snapshot the current state and append a partial write to the chain. */
+      const schedulePartialWrite = () => {
+        if (terminalWritten) return
+        const dataSnapshot: RowData = { ...accumulatedData }
+        const blockErrorsSnapshot = { ...blockErrors }
+        const runningSnapshot = Array.from(runningBlockIds)
+        writeChain = writeChain
+          .then(async () => {
+            if (signal?.aborted) return
+            // Re-check inside the chain — a write enqueued before the
+            // terminal flag flipped should still bail if the chain runs
+            // after the terminal write.
+            if (terminalWritten) return
+            await writeState(
+              {
+                status: 'running',
+                executionId,
+                // Stamp the jobId from the current row state — the scheduler
+                // wrote it before this task started, and we don't want to lose
+                // it on partial writes. Re-read defensively.
+                jobId: await readJobId(),
+                workflowId,
+                error: null,
+                runningBlockIds: runningSnapshot,
+                blockErrors: blockErrorsSnapshot,
+              },
+              dataSnapshot
+            )
+          })
+          .catch((err) => {
+            logger.warn(
+              `Per-block partial write failed (table=${tableId} row=${rowId} group=${groupId}):`,
+              err
+            )
+          })
+      }
+
+      const readJobId = async (): Promise<string | null> => {
+        const r = await getRowById(tableId, rowId, workspaceId)
+        const exec = r?.executions?.[groupId] as RowExecutionMetadata | undefined
+        return exec?.jobId ?? null
+      }
+
+      const onBlockStart = async (blockId: string): Promise<void> => {
+        if (!outputsByBlockId.has(blockId)) return
+        runningBlockIds.add(blockId)
+        schedulePartialWrite()
+      }
+
+      const onBlockComplete = async (blockId: string, output: unknown): Promise<void> => {
+        const outputs = outputsByBlockId.get(blockId)
+        if (!outputs) return
+
+        // executor hands us `{ input?, output: NormalizedBlockOutput, executionTime, ... }`
+        const blockResult =
+          output && typeof output === 'object' && 'output' in (output as object)
+            ? (output as { output: unknown }).output
+            : output
+
+        const blockErrorMessage =
+          blockResult &&
+          typeof blockResult === 'object' &&
+          typeof (blockResult as { error?: unknown }).error === 'string'
+            ? (blockResult as { error: string }).error
+            : null
+
+        if (blockErrorMessage) {
+          blockErrors[blockId] = blockErrorMessage
+        } else {
+          for (const out of outputs) {
+            const plucked = pluckByPath(blockResult, out.path)
+            // Skip when pluck misses — assigning `undefined` would drop the
+            // key on JSON serialization, clearing any prior value already
+            // landed for this column.
+            if (plucked === undefined) continue
+            accumulatedData[out.columnName] = plucked as RowData[string]
+          }
+        }
+        runningBlockIds.delete(blockId)
+        schedulePartialWrite()
+      }
+
+      const result = await executeWorkflow(
+        {
+          id: workflowRecord.id,
+          userId: workflowRecord.userId,
+          workspaceId: workflowRecord.workspaceId,
+          variables: (workflowRecord.variables as Record<string, unknown> | null) ?? {},
+        },
+        requestId,
+        input,
+        workflowRecord.userId,
+        {
+          enabled: true,
+          executionMode: 'sync',
+          workflowTriggerType: 'table',
+          triggerBlockId: startBlock.id,
+          // Always run the live workflow state — table cells track the
+          // current editor state rather than the most recent deploy, so
+          // every save lands in the next row run without forcing the user
+          // to re-deploy.
+          useDraftState: true,
+          abortSignal: signal,
+          onBlockStart,
+          onBlockComplete,
+        },
+        executionId
+      )
+
+      // Drain queued partial writes before the terminal write so a late
+      // `running` partial doesn't clobber it. Setting `terminalWritten`
+      // before draining means any onBlockComplete callbacks still in the
+      // microtask queue (the executor fires them fire-and-forget) become
+      // no-ops the moment they try to enqueue.
+      terminalWritten = true
+      await writeChain.catch(() => {})
+
+      await writeState(
+        {
+          status: result.success ? 'completed' : 'error',
+          executionId,
+          jobId: null,
+          workflowId,
+          error: result.success ? null : (result.error ?? 'Workflow execution failed'),
+          runningBlockIds: [],
+          blockErrors,
+        },
+        accumulatedData
+      )
+    } catch (err) {
+      const message = toError(err).message
+      logger.error(
+        `Workflow group cell execution failed (table=${tableId} row=${rowId} group=${groupId})`,
+        { error: message, executionId }
+      )
+      // Drain queued partial writes before the terminal error write so a late
+      // `running` partial doesn't clobber it — same reason as the success
+      // path above. Reset `runningBlockIds`/`blockErrors` explicitly so the
+      // renderer sees a clean terminal state (otherwise stale spinners stay).
+      terminalWritten = true
+      await writeChain.catch(() => {})
+      try {
+        await writeState({
+          status: 'error',
+          executionId,
+          jobId: null,
+          workflowId,
+          error: message,
+          runningBlockIds: [],
+          blockErrors,
+        })
+      } catch (writeErr) {
+        logger.error('Also failed to write error state', { error: toError(writeErr).message })
+      }
+    }
+  })
+}
+
+export const workflowGroupCellTask = task({
+  id: 'workflow-group-cell',
+  machine: 'medium-1x',
+  retry: { maxAttempts: 1 },
+  // Combined with `concurrencyKey: tableId`, caps each table's sub-queue to
+  // 10 in-flight cell jobs while letting different tables run in parallel.
+  queue: {
+    name: 'workflow-group-cell',
+    concurrencyLimit: 10,
+  },
+  run: (payload: WorkflowGroupCellPayload, { signal }) =>
+    executeWorkflowGroupCellJob(payload, signal),
+})
diff --git a/apps/sim/blocks/blocks/agent.ts b/apps/sim/blocks/blocks/agent.ts
index 7f5a641576a..3a8e704859d 100644
--- a/apps/sim/blocks/blocks/agent.ts
+++ b/apps/sim/blocks/blocks/agent.ts
@@ -344,6 +344,7 @@ Return ONLY the JSON array.`,
         value: ['conversation', 'sliding_window', 'sliding_window_tokens'],
         and: { field: 'model', value: MODELS_WITHOUT_MEMORY, not: true },
       },
+      dependsOn: ['memoryType'],
     },
     {
       id: 'slidingWindowSize',
@@ -355,6 +356,7 @@ Return ONLY the JSON array.`,
         value: ['sliding_window'],
         and: { field: 'model', value: MODELS_WITHOUT_MEMORY, not: true },
       },
+      dependsOn: ['memoryType'],
     },
     {
       id: 'slidingWindowTokens',
@@ -366,6 +368,7 @@ Return ONLY the JSON array.`,
         value: ['sliding_window_tokens'],
         and: { field: 'model', value: MODELS_WITHOUT_MEMORY, not: true },
       },
+      dependsOn: ['memoryType'],
     },
     {
       id: 'temperature',
diff --git a/apps/sim/blocks/blocks/airtable.ts b/apps/sim/blocks/blocks/airtable.ts
index ff0e3036040..dd1a4b61d97 100644
--- a/apps/sim/blocks/blocks/airtable.ts
+++ b/apps/sim/blocks/blocks/airtable.ts
@@ -74,6 +74,7 @@ export const AirtableBlock: BlockConfig<AirtableResponse> = {
       type: 'short-input',
       canonicalParamId: 'baseId',
       placeholder: 'Enter your base ID (e.g., appXXXXXXXXXXXXXX)',
+      dependsOn: ['credential'],
       mode: 'advanced',
       condition: { field: 'operation', value: 'listBases', not: true },
       required: { field: 'operation', value: 'listBases', not: true },
diff --git a/apps/sim/blocks/blocks/asana.ts b/apps/sim/blocks/blocks/asana.ts
index da9bfe57e60..13e0e072725 100644
--- a/apps/sim/blocks/blocks/asana.ts
+++ b/apps/sim/blocks/blocks/asana.ts
@@ -74,6 +74,7 @@ export const AsanaBlock: BlockConfig<AsanaResponse> = {
       canonicalParamId: 'workspace',
       required: true,
       placeholder: 'Enter Asana workspace GID',
+      dependsOn: ['credential'],
       mode: 'advanced',
       condition: {
         field: 'operation',
@@ -123,6 +124,7 @@ export const AsanaBlock: BlockConfig<AsanaResponse> = {
       type: 'short-input',
       canonicalParamId: 'getTasks_workspace',
       placeholder: 'Enter workspace GID',
+      dependsOn: ['credential'],
       mode: 'advanced',
       condition: {
         field: 'operation',
diff --git a/apps/sim/blocks/blocks/elasticsearch.ts b/apps/sim/blocks/blocks/elasticsearch.ts
index e95a80eba8b..952b2884555 100644
--- a/apps/sim/blocks/blocks/elasticsearch.ts
+++ b/apps/sim/blocks/blocks/elasticsearch.ts
@@ -63,6 +63,7 @@ export const ElasticsearchBlock: BlockConfig<ElasticsearchResponse> = {
       placeholder: 'https://localhost:9200',
       required: true,
       condition: { field: 'deploymentType', value: 'self_hosted' },
+      dependsOn: ['deploymentType'],
     },
 
     // Cloud ID
@@ -73,6 +74,7 @@ export const ElasticsearchBlock: BlockConfig<ElasticsearchResponse> = {
       placeholder: 'deployment-name:base64-encoded-data',
       required: true,
       condition: { field: 'deploymentType', value: 'cloud' },
+      dependsOn: ['deploymentType'],
     },
 
     // Authentication method
@@ -96,6 +98,7 @@ export const ElasticsearchBlock: BlockConfig<ElasticsearchResponse> = {
       password: true,
       required: true,
       condition: { field: 'authMethod', value: 'api_key' },
+      dependsOn: ['authMethod'],
     },
 
     // Username
@@ -106,6 +109,7 @@ export const ElasticsearchBlock: BlockConfig<ElasticsearchResponse> = {
       placeholder: 'Enter username',
       required: true,
       condition: { field: 'authMethod', value: 'basic_auth' },
+      dependsOn: ['authMethod'],
     },
 
     // Password
@@ -117,6 +121,7 @@ export const ElasticsearchBlock: BlockConfig<ElasticsearchResponse> = {
       password: true,
       required: true,
       condition: { field: 'authMethod', value: 'basic_auth' },
+      dependsOn: ['authMethod'],
     },
 
     // Index name - for most operations
diff --git a/apps/sim/blocks/blocks/gmail.ts b/apps/sim/blocks/blocks/gmail.ts
index df5fa8f67e9..4385e909521 100644
--- a/apps/sim/blocks/blocks/gmail.ts
+++ b/apps/sim/blocks/blocks/gmail.ts
@@ -251,6 +251,7 @@ Return ONLY the email body - no explanations, no extra text.`,
       type: 'short-input',
       canonicalParamId: 'folder',
       placeholder: 'Enter Gmail label name (e.g., INBOX, SENT, or custom label)',
+      dependsOn: ['credential'],
       mode: 'advanced',
       condition: { field: 'operation', value: 'read_gmail' },
     },
@@ -333,6 +334,7 @@ Return ONLY the search query - no explanations, no extra text.`,
       type: 'short-input',
       canonicalParamId: 'addLabelIds',
       placeholder: 'Enter label ID (e.g., INBOX, Label_123)',
+      dependsOn: ['credential'],
       mode: 'advanced',
       condition: { field: 'operation', value: 'move_gmail' },
       required: true,
@@ -359,6 +361,7 @@ Return ONLY the search query - no explanations, no extra text.`,
       type: 'short-input',
       canonicalParamId: 'removeLabelIds',
       placeholder: 'Enter label ID to remove (e.g., INBOX)',
+      dependsOn: ['credential'],
       mode: 'advanced',
       condition: { field: 'operation', value: 'move_gmail' },
       required: false,
@@ -412,6 +415,7 @@ Return ONLY the search query - no explanations, no extra text.`,
       type: 'short-input',
       canonicalParamId: 'manageLabelId',
       placeholder: 'Enter label ID (e.g., INBOX, Label_123)',
+      dependsOn: ['credential'],
       mode: 'advanced',
       condition: { field: 'operation', value: ['add_label_gmail', 'remove_label_gmail'] },
       required: true,
diff --git a/apps/sim/blocks/blocks/google_calendar.ts b/apps/sim/blocks/blocks/google_calendar.ts
index 08ec3faa9d2..307d3fe21a6 100644
--- a/apps/sim/blocks/blocks/google_calendar.ts
+++ b/apps/sim/blocks/blocks/google_calendar.ts
@@ -81,6 +81,7 @@ export const GoogleCalendarBlock: BlockConfig<GoogleCalendarResponse> = {
       type: 'short-input',
       canonicalParamId: 'calendarId',
       placeholder: 'Enter calendar ID (e.g., primary or calendar@gmail.com)',
+      dependsOn: ['credential'],
       mode: 'advanced',
       condition: { field: 'operation', value: 'list_calendars', not: true },
     },
@@ -347,6 +348,7 @@ Return ONLY the timestamp string - no explanations, no quotes, no extra text.`,
       type: 'short-input',
       canonicalParamId: 'destinationCalendarId',
       placeholder: 'destination@group.calendar.google.com',
+      dependsOn: ['credential'],
       condition: { field: 'operation', value: 'move' },
       required: true,
       mode: 'advanced',
diff --git a/apps/sim/blocks/blocks/google_maps.ts b/apps/sim/blocks/blocks/google_maps.ts
index 24676cb10ff..7331d45f28d 100644
--- a/apps/sim/blocks/blocks/google_maps.ts
+++ b/apps/sim/blocks/blocks/google_maps.ts
@@ -411,7 +411,7 @@ export const GoogleMapsBlock: BlockConfig = {
     config: {
       tool: (params) => `google_maps_${params.operation}`,
       params: (params) => {
-        const { operation, locationBias, ...rest } = params
+        const { operation, locationBias, addressToValidate, ...rest } = params
 
         let location: { lat: number; lng: number } | undefined
         if (locationBias && typeof locationBias === 'string' && locationBias.includes(',')) {
@@ -486,7 +486,7 @@ export const GoogleMapsBlock: BlockConfig = {
           }
         }
 
-        const address = params.addressToValidate || params.address
+        const address = operation === 'validate_address' ? addressToValidate : params.address
 
         // Parse boolean switches (can come as string or boolean from form)
         let interpolate: boolean | undefined
diff --git a/apps/sim/blocks/blocks/google_sheets.ts b/apps/sim/blocks/blocks/google_sheets.ts
index b2258b06c8b..ef61d864445 100644
--- a/apps/sim/blocks/blocks/google_sheets.ts
+++ b/apps/sim/blocks/blocks/google_sheets.ts
@@ -401,7 +401,7 @@ export const GoogleSheetsV2Block: BlockConfig<GoogleSheetsV2Response> = {
       canonicalParamId: 'sheetName',
       placeholder: 'Name of the sheet/tab (e.g., Sheet1)',
       required: true,
-      dependsOn: ['credential'],
+      dependsOn: { all: ['credential'], any: ['spreadsheetId', 'manualSpreadsheetId'] },
       mode: 'advanced',
       condition: { field: 'operation', value: ['read', 'write', 'update', 'append', 'clear'] },
     },
diff --git a/apps/sim/blocks/blocks/guardrails.ts b/apps/sim/blocks/blocks/guardrails.ts
index 5eeacd9a638..7f1c08b831f 100644
--- a/apps/sim/blocks/blocks/guardrails.ts
+++ b/apps/sim/blocks/blocks/guardrails.ts
@@ -70,6 +70,7 @@ export const GuardrailsBlock: BlockConfig<GuardrailsResponse> = {
         field: 'validationType',
         value: ['regex'],
       },
+      dependsOn: ['validationType'],
       wandConfig: {
         enabled: true,
         prompt: `Generate a regular expression pattern based on the user's description.
@@ -106,6 +107,7 @@ Return ONLY the regex pattern - no explanations, no quotes, no forward slashes,
         field: 'validationType',
         value: ['hallucination'],
       },
+      dependsOn: ['validationType'],
     },
     {
       id: 'model',
@@ -118,6 +120,7 @@ Return ONLY the regex pattern - no explanations, no quotes, no forward slashes,
         field: 'validationType',
         value: ['hallucination'],
       },
+      dependsOn: ['validationType'],
     },
     {
       id: 'threshold',
@@ -131,6 +134,7 @@ Return ONLY the regex pattern - no explanations, no quotes, no forward slashes,
         field: 'validationType',
         value: ['hallucination'],
       },
+      dependsOn: ['validationType'],
     },
     {
       id: 'topK',
@@ -145,6 +149,7 @@ Return ONLY the regex pattern - no explanations, no quotes, no forward slashes,
         field: 'validationType',
         value: ['hallucination'],
       },
+      dependsOn: ['validationType'],
     },
     // Provider credential subblocks - only shown for hallucination validation
     ...getProviderCredentialSubBlocks().map((subBlock) => ({
@@ -158,6 +163,7 @@ Return ONLY the regex pattern - no explanations, no quotes, no forward slashes,
               typeof subBlock.condition === 'function' ? subBlock.condition() : subBlock.condition,
           }
         : { field: 'validationType' as const, value: ['hallucination'] },
+      dependsOn: ['validationType'],
     })),
     {
       id: 'piiEntityTypes',
@@ -227,6 +233,7 @@ Return ONLY the regex pattern - no explanations, no quotes, no forward slashes,
         field: 'validationType',
         value: ['pii'],
       },
+      dependsOn: ['validationType'],
     },
     {
       id: 'piiMode',
@@ -242,6 +249,7 @@ Return ONLY the regex pattern - no explanations, no quotes, no forward slashes,
         field: 'validationType',
         value: ['pii'],
       },
+      dependsOn: ['validationType'],
     },
     {
       id: 'piiLanguage',
@@ -259,6 +267,7 @@ Return ONLY the regex pattern - no explanations, no quotes, no forward slashes,
         field: 'validationType',
         value: ['pii'],
       },
+      dependsOn: ['validationType'],
     },
   ],
   tools: {
diff --git a/apps/sim/blocks/blocks/huggingface.ts b/apps/sim/blocks/blocks/huggingface.ts
index 9333d0d5902..2e072886a10 100644
--- a/apps/sim/blocks/blocks/huggingface.ts
+++ b/apps/sim/blocks/blocks/huggingface.ts
@@ -61,6 +61,7 @@ export const HuggingFaceBlock: BlockConfig<HuggingFaceChatResponse> = {
       placeholder:
         'e.g., deepseek/deepseek-v3-0324, llama3.1-8b, meta-llama/Llama-3.2-3B-Instruct-Turbo',
       description: 'The model must be available for the selected provider.',
+      dependsOn: ['provider'],
     },
     {
       id: 'temperature',
diff --git a/apps/sim/blocks/blocks/image_generator.ts b/apps/sim/blocks/blocks/image_generator.ts
index 517e25bf7a7..6963cd604fd 100644
--- a/apps/sim/blocks/blocks/image_generator.ts
+++ b/apps/sim/blocks/blocks/image_generator.ts
@@ -44,6 +44,7 @@ export const ImageGeneratorBlock: BlockConfig<DalleResponse> = {
       ],
       value: () => '1024x1024',
       condition: { field: 'model', value: 'dall-e-3' },
+      dependsOn: ['model'],
     },
     {
       id: 'size',
@@ -57,6 +58,7 @@ export const ImageGeneratorBlock: BlockConfig<DalleResponse> = {
       ],
       value: () => 'auto',
       condition: { field: 'model', value: 'gpt-image-1' },
+      dependsOn: ['model'],
     },
     {
       id: 'quality',
@@ -68,6 +70,7 @@ export const ImageGeneratorBlock: BlockConfig<DalleResponse> = {
       ],
       value: () => 'standard',
       condition: { field: 'model', value: 'dall-e-3' },
+      dependsOn: ['model'],
     },
     {
       id: 'style',
@@ -79,6 +82,7 @@ export const ImageGeneratorBlock: BlockConfig<DalleResponse> = {
       ],
       value: () => 'vivid',
       condition: { field: 'model', value: 'dall-e-3' },
+      dependsOn: ['model'],
     },
     {
       id: 'background',
@@ -91,6 +95,7 @@ export const ImageGeneratorBlock: BlockConfig<DalleResponse> = {
       ],
       value: () => 'auto',
       condition: { field: 'model', value: 'gpt-image-1' },
+      dependsOn: ['model'],
     },
     {
       id: 'apiKey',
@@ -114,22 +119,23 @@ export const ImageGeneratorBlock: BlockConfig<DalleResponse> = {
           throw new Error('Prompt is required')
         }
 
-        // Base parameters for all models
+        const model = params.model || 'dall-e-3'
+        const size = params.size || (model === 'gpt-image-1' ? 'auto' : '1024x1024')
         const baseParams = {
           prompt: params.prompt,
-          model: params.model || 'dall-e-3',
-          size: params.size || '1024x1024',
+          model,
+          size,
           apiKey: params.apiKey,
         }
 
-        if (params.model === 'dall-e-3') {
+        if (model === 'dall-e-3') {
           return {
             ...baseParams,
             quality: params.quality || 'standard',
             style: params.style || 'vivid',
           }
         }
-        if (params.model === 'gpt-image-1') {
+        if (model === 'gpt-image-1') {
           return {
             ...baseParams,
             ...(params.background && { background: params.background }),
diff --git a/apps/sim/blocks/blocks/jira.ts b/apps/sim/blocks/blocks/jira.ts
index de5c671adbc..f5fd53cf39e 100644
--- a/apps/sim/blocks/blocks/jira.ts
+++ b/apps/sim/blocks/blocks/jira.ts
@@ -168,7 +168,7 @@ export const JiraBlock: BlockConfig<JiraResponse> = {
       type: 'short-input',
       canonicalParamId: 'issueKey',
       placeholder: 'Enter Jira issue key',
-      dependsOn: ['credential', 'domain'],
+      dependsOn: ['credential', 'domain', 'projectId'],
       condition: {
         field: 'operation',
         value: [
diff --git a/apps/sim/blocks/blocks/jira_service_management.ts b/apps/sim/blocks/blocks/jira_service_management.ts
index 342cccc0770..9e3952b7837 100644
--- a/apps/sim/blocks/blocks/jira_service_management.ts
+++ b/apps/sim/blocks/blocks/jira_service_management.ts
@@ -132,6 +132,7 @@ export const JiraServiceManagementBlock: BlockConfig<JsmResponse> = {
       type: 'short-input',
       canonicalParamId: 'serviceDeskId',
       placeholder: 'Enter service desk ID',
+      dependsOn: ['credential', 'domain'],
       mode: 'advanced',
       required: {
         field: 'operation',
@@ -181,6 +182,7 @@ export const JiraServiceManagementBlock: BlockConfig<JsmResponse> = {
       canonicalParamId: 'requestTypeId',
       required: true,
       placeholder: 'Enter request type ID',
+      dependsOn: ['credential', 'domain', 'serviceDeskId'],
       mode: 'advanced',
       condition: { field: 'operation', value: ['create_request', 'get_request_type_fields'] },
     },
diff --git a/apps/sim/blocks/blocks/knowledge.ts b/apps/sim/blocks/blocks/knowledge.ts
index 37c0d5b2914..3d17e9cb402 100644
--- a/apps/sim/blocks/blocks/knowledge.ts
+++ b/apps/sim/blocks/blocks/knowledge.ts
@@ -171,6 +171,7 @@ export const KnowledgeBlock: BlockConfig = {
       type: 'short-input',
       canonicalParamId: 'documentId',
       placeholder: 'Enter document ID',
+      dependsOn: ['knowledgeBaseId'],
       required: true,
       mode: 'advanced',
       condition: {
diff --git a/apps/sim/blocks/blocks/linear.ts b/apps/sim/blocks/blocks/linear.ts
index d8aa7bb493d..4f06a9832ea 100644
--- a/apps/sim/blocks/blocks/linear.ts
+++ b/apps/sim/blocks/blocks/linear.ts
@@ -197,6 +197,7 @@ export const LinearBlock: BlockConfig<LinearResponse> = {
       canonicalParamId: 'teamId',
       placeholder: 'Enter Linear team ID',
       mode: 'advanced',
+      dependsOn: ['credential'],
       required: {
         field: 'operation',
         value: [
@@ -271,6 +272,7 @@ export const LinearBlock: BlockConfig<LinearResponse> = {
       canonicalParamId: 'projectId',
       placeholder: 'Enter Linear project ID',
       mode: 'advanced',
+      dependsOn: ['credential', 'teamId'],
       required: {
         field: 'operation',
         value: [
@@ -1090,7 +1092,7 @@ Return ONLY the description text - no explanations.`,
     },
     // Customer request priority/urgency
     {
-      id: 'priority',
+      id: 'customerRequestPriority',
       title: 'Urgency',
       type: 'dropdown',
       options: [
@@ -2001,7 +2003,10 @@ Return ONLY the date string in YYYY-MM-DD format - no explanations, no quotes, n
               ...baseParams,
               customerId: params.customerId.trim(),
               body: params.requestBody?.trim(),
-              priority: params.priority !== undefined ? Number(params.priority) : 0,
+              priority:
+                params.customerRequestPriority !== undefined
+                  ? Number(params.customerRequestPriority)
+                  : 0,
               issueId: params.linkedIssueId?.trim(),
               projectId: effectiveProjectId || undefined,
             }
@@ -2015,7 +2020,10 @@ Return ONLY the date string in YYYY-MM-DD format - no explanations, no quotes, n
               customerNeedId: params.customerNeedId.trim(),
               customerId: params.customerId?.trim(),
               body: params.requestBody?.trim(),
-              priority: params.priority !== undefined ? Number(params.priority) : undefined,
+              priority:
+                params.customerRequestPriority !== undefined
+                  ? Number(params.customerRequestPriority)
+                  : undefined,
               issueId: params.linkedIssueId?.trim(),
               projectId: effectiveProjectId || undefined,
             }
@@ -2354,6 +2362,7 @@ Return ONLY the date string in YYYY-MM-DD format - no explanations, no quotes, n
     stateId: { type: 'string', description: 'Workflow state identifier' },
     assigneeId: { type: 'string', description: 'Assignee user identifier' },
     priority: { type: 'string', description: 'Priority level' },
+    customerRequestPriority: { type: 'string', description: 'Customer request urgency level' },
     estimate: { type: 'string', description: 'Estimate points' },
     query: { type: 'string', description: 'Search query' },
     includeArchived: { type: 'boolean', description: 'Include archived items' },
diff --git a/apps/sim/blocks/blocks/mcp.ts b/apps/sim/blocks/blocks/mcp.ts
index 0b5d4da8db6..3a0e51caeae 100644
--- a/apps/sim/blocks/blocks/mcp.ts
+++ b/apps/sim/blocks/blocks/mcp.ts
@@ -53,6 +53,7 @@ export const McpBlock: BlockConfig<McpResponse> = {
         value: '',
         not: true, // Show when tool is not empty
       },
+      dependsOn: ['tool'],
     },
   ],
   tools: {
diff --git a/apps/sim/blocks/blocks/mem0.test.ts b/apps/sim/blocks/blocks/mem0.test.ts
new file mode 100644
index 00000000000..c468054c338
--- /dev/null
+++ b/apps/sim/blocks/blocks/mem0.test.ts
@@ -0,0 +1,52 @@
+/**
+ * @vitest-environment node
+ */
+import { describe, expect, it } from 'vitest'
+import { Mem0Block } from '@/blocks/blocks/mem0'
+
+describe('Mem0Block', () => {
+  const buildParams = Mem0Block.tools.config.params!
+
+  it('parses JSON string messages for add operations', () => {
+    const params = buildParams({
+      operation: 'add',
+      apiKey: 'test-key',
+      userId: 'alice',
+      messages: JSON.stringify([{ role: 'user', content: 'I like Sim.' }]),
+    })
+
+    expect(params).toEqual({
+      apiKey: 'test-key',
+      userId: 'alice',
+      messages: [{ role: 'user', content: 'I like Sim.' }],
+    })
+  })
+
+  it('rejects unsupported message roles before execution', () => {
+    expect(() =>
+      buildParams({
+        operation: 'add',
+        apiKey: 'test-key',
+        userId: 'alice',
+        messages: JSON.stringify([{ role: 'system', content: 'Remember this.' }]),
+      })
+    ).toThrow('Each message must have role user or assistant and non-empty content')
+  })
+
+  it('passes pagination params for get operations', () => {
+    const params = buildParams({
+      operation: 'get',
+      apiKey: 'test-key',
+      userId: 'alice',
+      page: '2',
+      limit: '25',
+    })
+
+    expect(params).toEqual({
+      apiKey: 'test-key',
+      userId: 'alice',
+      page: 2,
+      limit: 25,
+    })
+  })
+})
diff --git a/apps/sim/blocks/blocks/mem0.ts b/apps/sim/blocks/blocks/mem0.ts
index 8904e9593e2..ce54ad31298 100644
--- a/apps/sim/blocks/blocks/mem0.ts
+++ b/apps/sim/blocks/blocks/mem0.ts
@@ -1,6 +1,8 @@
+import { toError } from '@sim/utils/errors'
 import { Mem0Icon } from '@/components/icons'
 import { AuthMode, type BlockConfig, IntegrationType } from '@/blocks/types'
 import type { Mem0Response } from '@/tools/mem0/types'
+import { parseMem0Messages } from '@/tools/mem0/utils'
 
 export const Mem0Block: BlockConfig<Mem0Response> = {
   type: 'mem0',
@@ -32,7 +34,6 @@ export const Mem0Block: BlockConfig<Mem0Response> = {
       title: 'User ID',
       type: 'short-input',
       placeholder: 'Enter user identifier',
-      value: () => 'userid', // Default to the working user ID from curl example
       required: true,
     },
     {
@@ -77,6 +78,7 @@ export const Mem0Block: BlockConfig<Mem0Response> = {
         field: 'operation',
         value: 'get',
       },
+      mode: 'advanced',
       wandConfig: {
         enabled: true,
         prompt: `Generate a date in YYYY-MM-DD format based on the user's description.
@@ -100,6 +102,7 @@ Return ONLY the date string in YYYY-MM-DD format - no explanations, no quotes, n
         field: 'operation',
         value: 'get',
       },
+      mode: 'advanced',
       wandConfig: {
         enabled: true,
         prompt: `Generate a date in YYYY-MM-DD format based on the user's description.
@@ -122,6 +125,17 @@ Return ONLY the date string in YYYY-MM-DD format - no explanations, no quotes, n
       password: true,
       required: true,
     },
+    {
+      id: 'page',
+      title: 'Page',
+      type: 'short-input',
+      placeholder: '1',
+      condition: {
+        field: 'operation',
+        value: 'get',
+      },
+      mode: 'advanced',
+    },
     {
       id: 'limit',
       title: 'Result Limit',
@@ -134,6 +148,7 @@ Return ONLY the date string in YYYY-MM-DD format - no explanations, no quotes, n
         field: 'operation',
         value: ['search', 'get'],
       },
+      mode: 'advanced',
     },
   ],
   tools: {
@@ -153,16 +168,14 @@ Return ONLY the date string in YYYY-MM-DD format - no explanations, no quotes, n
         }
       },
       params: (params: Record<string, any>) => {
-        // Create detailed error information for any missing required fields
         const errors: string[] = []
+        const operation = params.operation || 'add'
 
-        // Validate required API key for all operations
         if (!params.apiKey) {
           errors.push('API Key is required')
         }
 
-        // For search operation, validate required fields
-        if (params.operation === 'search') {
+        if (operation === 'search') {
           if (!params.query || params.query.trim() === '') {
             errors.push('Search Query is required')
           }
@@ -172,27 +185,12 @@ Return ONLY the date string in YYYY-MM-DD format - no explanations, no quotes, n
           }
         }
 
-        // For add operation, validate required fields
-        if (params.operation === 'add') {
-          if (!params.messages) {
-            errors.push('Messages are required for add operation')
-          } else if (!Array.isArray(params.messages) || params.messages.length === 0) {
-            errors.push('Messages must be a non-empty array')
-          } else {
-            for (const msg of params.messages) {
-              if (!msg.role || !msg.content) {
-                errors.push("Each message must have 'role' and 'content' properties")
-                break
-              }
-            }
-          }
-
+        if (operation === 'add') {
           if (!params.userId) {
             errors.push('User ID is required')
           }
         }
 
-        // Throw error if any required fields are missing
         if (errors.length > 0) {
           throw new Error(`Mem0 Block Error: ${errors.join(', ')}`)
         }
@@ -201,63 +199,22 @@ Return ONLY the date string in YYYY-MM-DD format - no explanations, no quotes, n
           apiKey: params.apiKey,
         }
 
-        // Add any identifiers that are present
         if (params.userId) result.userId = params.userId
 
-        // Add version if specified
-        if (params.version) result.version = params.version
-
-        if (params.limit) result.limit = params.limit
-
-        const operation = params.operation || 'add'
+        if (params.limit) result.limit = Number(params.limit)
 
-        // Process operation-specific parameters
         switch (operation) {
           case 'add':
-            if (params.messages) {
-              try {
-                // Ensure messages are properly formatted
-                const messagesArray =
-                  typeof params.messages === 'string'
-                    ? JSON.parse(params.messages)
-                    : params.messages
-
-                // Validate message structure
-                if (Array.isArray(messagesArray) && messagesArray.length > 0) {
-                  let validMessages = true
-                  for (const msg of messagesArray) {
-                    if (!msg.role || !msg.content) {
-                      validMessages = false
-                      break
-                    }
-                  }
-                  if (validMessages) {
-                    result.messages = messagesArray
-                  } else {
-                    // Consistent with other error handling - collect in errors array
-                    errors.push('Invalid message format - each message must have role and content')
-                    throw new Error(
-                      'Mem0 Block Error: Invalid message format - each message must have role and content'
-                    )
-                  }
-                } else {
-                  // Consistent with other error handling
-                  errors.push('Messages must be a non-empty array')
-                  throw new Error('Mem0 Block Error: Messages must be a non-empty array')
-                }
-              } catch (e: any) {
-                if (!errors.includes('Messages must be valid JSON')) {
-                  errors.push('Messages must be valid JSON')
-                }
-                throw new Error(`Mem0 Block Error: ${e.message || 'Messages must be valid JSON'}`)
-              }
+            try {
+              result.messages = parseMem0Messages(params.messages)
+            } catch (error) {
+              throw new Error(`Mem0 Block Error: ${toError(error).message}`)
             }
             break
           case 'search':
             if (params.query) {
               result.query = params.query
 
-              // Check if we have at least one identifier for search
               if (!params.userId) {
                 errors.push('Search requires a User ID')
                 throw new Error('Mem0 Block Error: Search requires a User ID')
@@ -267,17 +224,16 @@ Return ONLY the date string in YYYY-MM-DD format - no explanations, no quotes, n
               throw new Error('Mem0 Block Error: Search requires a query parameter')
             }
 
-            // Include limit if specified
-            if (params.limit) {
-              result.limit = Number(params.limit)
-            }
             break
           case 'get':
             if (params.memoryId) {
               result.memoryId = params.memoryId
             }
 
-            // Add date range filtering for v2 get memories
+            if (params.page) {
+              result.page = Number(params.page)
+            }
+
             if (params.startDate) {
               result.startDate = params.startDate
             }
@@ -296,17 +252,23 @@ Return ONLY the date string in YYYY-MM-DD format - no explanations, no quotes, n
     operation: { type: 'string', description: 'Operation to perform' },
     apiKey: { type: 'string', description: 'Mem0 API key' },
     userId: { type: 'string', description: 'User identifier' },
-    version: { type: 'string', description: 'API version' },
     messages: { type: 'json', description: 'Message data array' },
     query: { type: 'string', description: 'Search query' },
     memoryId: { type: 'string', description: 'Memory identifier' },
     startDate: { type: 'string', description: 'Start date filter' },
     endDate: { type: 'string', description: 'End date filter' },
+    page: { type: 'number', description: 'Page number for paginated get results' },
     limit: { type: 'number', description: 'Result limit' },
   },
   outputs: {
-    ids: { type: 'json', description: 'Memory identifiers' },
-    memories: { type: 'json', description: 'Memory data' },
-    searchResults: { type: 'json', description: 'Search results' },
+    ids: { type: 'json', description: 'Memory identifiers returned by search or get operations' },
+    memories: { type: 'json', description: 'Memory records returned by get operations' },
+    searchResults: { type: 'json', description: 'Ranked memory records returned by search' },
+    message: { type: 'string', description: 'Add operation status message' },
+    status: { type: 'string', description: 'Add operation processing status' },
+    event_id: { type: 'string', description: 'Add operation event ID for status polling' },
+    count: { type: 'number', description: 'Total memory count for get operations' },
+    next: { type: 'string', description: 'Next page URL for get operations' },
+    previous: { type: 'string', description: 'Previous page URL for get operations' },
   },
 }
diff --git a/apps/sim/blocks/blocks/microsoft_teams.ts b/apps/sim/blocks/blocks/microsoft_teams.ts
index b2a882e489c..0812169a24d 100644
--- a/apps/sim/blocks/blocks/microsoft_teams.ts
+++ b/apps/sim/blocks/blocks/microsoft_teams.ts
@@ -94,6 +94,7 @@ export const MicrosoftTeamsBlock: BlockConfig<MicrosoftTeamsResponse> = {
       type: 'short-input',
       canonicalParamId: 'teamId',
       placeholder: 'Enter team ID',
+      dependsOn: ['credential'],
       mode: 'advanced',
       condition: {
         field: 'operation',
@@ -132,6 +133,7 @@ export const MicrosoftTeamsBlock: BlockConfig<MicrosoftTeamsResponse> = {
       type: 'short-input',
       canonicalParamId: 'chatId',
       placeholder: 'Enter chat ID',
+      dependsOn: ['credential'],
       mode: 'advanced',
       condition: {
         field: 'operation',
@@ -169,6 +171,7 @@ export const MicrosoftTeamsBlock: BlockConfig<MicrosoftTeamsResponse> = {
       type: 'short-input',
       canonicalParamId: 'channelId',
       placeholder: 'Enter channel ID',
+      dependsOn: ['credential', 'teamId'],
       mode: 'advanced',
       condition: {
         field: 'operation',
diff --git a/apps/sim/blocks/blocks/monday.ts b/apps/sim/blocks/blocks/monday.ts
index 7f566c6181b..818e78a1449 100644
--- a/apps/sim/blocks/blocks/monday.ts
+++ b/apps/sim/blocks/blocks/monday.ts
@@ -128,6 +128,7 @@ export const MondayBlock: BlockConfig<MondayResponse> = {
       type: 'short-input',
       canonicalParamId: 'boardId',
       placeholder: 'Enter board ID',
+      dependsOn: ['credential'],
       mode: 'advanced',
       condition: { field: 'operation', value: BOARD_OPS },
       required: { field: 'operation', value: BOARD_OPS },
@@ -180,6 +181,7 @@ export const MondayBlock: BlockConfig<MondayResponse> = {
       type: 'short-input',
       canonicalParamId: 'groupId',
       placeholder: 'Enter group ID',
+      dependsOn: ['credential', 'boardId'],
       mode: 'advanced',
       condition: {
         field: 'operation',
diff --git a/apps/sim/blocks/blocks/notion.ts b/apps/sim/blocks/blocks/notion.ts
index 5afb6eeeda1..39dfb82b730 100644
--- a/apps/sim/blocks/blocks/notion.ts
+++ b/apps/sim/blocks/blocks/notion.ts
@@ -79,6 +79,7 @@ export const NotionBlock: BlockConfig<NotionResponse> = {
       type: 'short-input',
       canonicalParamId: 'pageId',
       placeholder: 'Enter Notion page ID',
+      dependsOn: ['credential'],
       mode: 'advanced',
       condition: {
         field: 'operation',
@@ -108,6 +109,7 @@ export const NotionBlock: BlockConfig<NotionResponse> = {
       type: 'short-input',
       canonicalParamId: 'databaseId',
       placeholder: 'Enter Notion database ID',
+      dependsOn: ['credential'],
       mode: 'advanced',
       condition: {
         field: 'operation',
@@ -134,6 +136,7 @@ export const NotionBlock: BlockConfig<NotionResponse> = {
       type: 'short-input',
       canonicalParamId: 'parentId',
       placeholder: 'ID of parent page',
+      dependsOn: ['credential'],
       mode: 'advanced',
       condition: { field: 'operation', value: ['notion_create_page', 'notion_create_database'] },
       required: true,
diff --git a/apps/sim/blocks/blocks/outlook.ts b/apps/sim/blocks/blocks/outlook.ts
index 28b0fadf7e6..50d7179931d 100644
--- a/apps/sim/blocks/blocks/outlook.ts
+++ b/apps/sim/blocks/blocks/outlook.ts
@@ -186,6 +186,7 @@ export const OutlookBlock: BlockConfig<OutlookResponse> = {
       type: 'short-input',
       canonicalParamId: 'folder',
       placeholder: 'Enter Outlook folder name (e.g., INBOX, SENT, or custom folder)',
+      dependsOn: ['credential'],
       mode: 'advanced',
       condition: { field: 'operation', value: 'read_outlook' },
     },
@@ -233,6 +234,7 @@ export const OutlookBlock: BlockConfig<OutlookResponse> = {
       type: 'short-input',
       canonicalParamId: 'destinationId',
       placeholder: 'Enter folder ID',
+      dependsOn: ['credential'],
       mode: 'advanced',
       condition: { field: 'operation', value: 'move_outlook' },
       required: true,
@@ -280,6 +282,7 @@ export const OutlookBlock: BlockConfig<OutlookResponse> = {
       type: 'short-input',
       canonicalParamId: 'copyDestinationId',
       placeholder: 'Enter folder ID',
+      dependsOn: ['credential'],
       mode: 'advanced',
       condition: { field: 'operation', value: 'copy_outlook' },
       required: true,
diff --git a/apps/sim/blocks/blocks/sftp.ts b/apps/sim/blocks/blocks/sftp.ts
index 18b3bd43f11..7a07bce06d9 100644
--- a/apps/sim/blocks/blocks/sftp.ts
+++ b/apps/sim/blocks/blocks/sftp.ts
@@ -74,6 +74,7 @@ export const SftpBlock: BlockConfig<SftpUploadResult> = {
       password: true,
       placeholder: 'Your SFTP password',
       condition: { field: 'authMethod', value: 'password' },
+      dependsOn: ['authMethod'],
     },
 
     {
@@ -82,6 +83,7 @@ export const SftpBlock: BlockConfig<SftpUploadResult> = {
       type: 'code',
       placeholder: '-----BEGIN OPENSSH PRIVATE KEY-----\n...',
       condition: { field: 'authMethod', value: 'privateKey' },
+      dependsOn: ['authMethod'],
     },
     {
       id: 'passphrase',
@@ -90,6 +92,7 @@ export const SftpBlock: BlockConfig<SftpUploadResult> = {
       password: true,
       placeholder: 'Passphrase for encrypted key (optional)',
       condition: { field: 'authMethod', value: 'privateKey' },
+      dependsOn: ['authMethod'],
     },
 
     {
diff --git a/apps/sim/blocks/blocks/slack.ts b/apps/sim/blocks/blocks/slack.ts
index c303faa1c5a..bf503451921 100644
--- a/apps/sim/blocks/blocks/slack.ts
+++ b/apps/sim/blocks/blocks/slack.ts
@@ -179,6 +179,7 @@ export const SlackBlock: BlockConfig<SlackResponse> = {
       type: 'short-input',
       canonicalParamId: 'channel',
       placeholder: 'Enter Slack channel ID (e.g., C1234567890)',
+      dependsOn: { all: ['authMethod'], any: ['credential', 'botToken'] },
       mode: 'advanced',
       condition: (values?: Record<string, unknown>) => {
         const op = values?.operation as string
@@ -238,6 +239,7 @@ export const SlackBlock: BlockConfig<SlackResponse> = {
       type: 'short-input',
       canonicalParamId: 'dmUserId',
       placeholder: 'Enter Slack user ID (e.g., U1234567890)',
+      dependsOn: { all: ['authMethod'], any: ['credential', 'botToken'] },
       mode: 'advanced',
       condition: {
         field: 'destinationType',
@@ -267,6 +269,7 @@ export const SlackBlock: BlockConfig<SlackResponse> = {
       type: 'short-input',
       canonicalParamId: 'ephemeralUser',
       placeholder: 'Enter Slack user ID (e.g., U1234567890)',
+      dependsOn: { all: ['authMethod'], any: ['credential', 'botToken'] },
       mode: 'advanced',
       condition: {
         field: 'operation',
@@ -529,6 +532,7 @@ Do not include any explanations, markdown formatting, or other text outside the
       type: 'short-input',
       canonicalParamId: 'userId',
       placeholder: 'Enter Slack user ID (e.g., U1234567890)',
+      dependsOn: { all: ['authMethod'], any: ['credential', 'botToken'] },
       mode: 'advanced',
       condition: {
         field: 'operation',
@@ -748,6 +752,7 @@ Return ONLY the timestamp string - no explanations, no quotes, no extra text.`,
       type: 'short-input',
       canonicalParamId: 'presenceUserId',
       placeholder: 'Enter Slack user ID (e.g., U1234567890)',
+      dependsOn: { all: ['authMethod'], any: ['credential', 'botToken'] },
       mode: 'advanced',
       condition: {
         field: 'operation',
@@ -1108,6 +1113,7 @@ Return ONLY the timestamp string - no explanations, no quotes, no extra text.`,
       type: 'short-input',
       canonicalParamId: 'publishUserId',
       placeholder: 'Enter Slack user ID (e.g., U0BPQUNTA)',
+      dependsOn: { all: ['authMethod'], any: ['credential', 'botToken'] },
       mode: 'advanced',
       condition: {
         field: 'operation',
diff --git a/apps/sim/blocks/blocks/ssh.ts b/apps/sim/blocks/blocks/ssh.ts
index 6e80f4a88ca..23a8753e08c 100644
--- a/apps/sim/blocks/blocks/ssh.ts
+++ b/apps/sim/blocks/blocks/ssh.ts
@@ -83,6 +83,7 @@ export const SSHBlock: BlockConfig<SSHResponse> = {
       password: true,
       placeholder: 'Your SSH password',
       condition: { field: 'authMethod', value: 'password' },
+      dependsOn: ['authMethod'],
     },
 
     // Private key authentication
@@ -92,6 +93,7 @@ export const SSHBlock: BlockConfig<SSHResponse> = {
       type: 'code',
       placeholder: '-----BEGIN OPENSSH PRIVATE KEY-----\n...',
       condition: { field: 'authMethod', value: 'privateKey' },
+      dependsOn: ['authMethod'],
     },
     {
       id: 'passphrase',
@@ -100,6 +102,7 @@ export const SSHBlock: BlockConfig<SSHResponse> = {
       password: true,
       placeholder: 'Passphrase for encrypted key (optional)',
       condition: { field: 'authMethod', value: 'privateKey' },
+      dependsOn: ['authMethod'],
     },
 
     // EXECUTE COMMAND
diff --git a/apps/sim/blocks/blocks/stagehand.ts b/apps/sim/blocks/blocks/stagehand.ts
index 6c7b0c11e3a..998da6177ba 100644
--- a/apps/sim/blocks/blocks/stagehand.ts
+++ b/apps/sim/blocks/blocks/stagehand.ts
@@ -351,6 +351,7 @@ Example 3 (Data Collection):
       type: 'short-input',
       placeholder: 'Enter your API key for the selected provider',
       password: true,
+      dependsOn: ['provider'],
       required: true,
     },
   ],
@@ -361,17 +362,34 @@ Example 3 (Data Collection):
         return params.operation === 'agent' ? 'stagehand_agent' : 'stagehand_extract'
       },
       params: (params) => {
-        const next: Record<string, any> = { ...params }
-        if (typeof next.maxSteps === 'string') {
-          const trimmed = next.maxSteps.trim()
-          if (trimmed === '') {
-            next.maxSteps = undefined
-          } else {
-            const n = Number(trimmed)
-            next.maxSteps = Number.isFinite(n) ? n : undefined
+        const baseParams = {
+          operation: params.operation,
+          provider: params.provider,
+          apiKey: params.apiKey,
+        }
+
+        if (params.operation !== 'agent') {
+          return {
+            ...baseParams,
+            url: params.url,
+            instruction: params.instruction,
+            schema: params.schema,
           }
         }
-        return next
+
+        const maxStepsInput =
+          typeof params.maxSteps === 'string' ? params.maxSteps.trim() : params.maxSteps
+        const maxSteps = maxStepsInput === '' ? Number.NaN : Number(maxStepsInput)
+
+        return {
+          ...baseParams,
+          startUrl: params.startUrl,
+          task: params.task,
+          variables: params.variables,
+          outputSchema: params.outputSchema,
+          mode: params.mode,
+          maxSteps: Number.isFinite(maxSteps) ? maxSteps : undefined,
+        }
       },
     },
   },
diff --git a/apps/sim/blocks/blocks/stt.ts b/apps/sim/blocks/blocks/stt.ts
index 1f6a3820fcd..9ad540b1d3d 100644
--- a/apps/sim/blocks/blocks/stt.ts
+++ b/apps/sim/blocks/blocks/stt.ts
@@ -43,6 +43,7 @@ export const SttBlock: BlockConfig<SttBlockResponse> = {
       condition: { field: 'provider', value: 'whisper' },
       options: [{ label: 'Whisper-1', id: 'whisper-1' }],
       value: () => 'whisper-1',
+      dependsOn: ['provider'],
       required: true,
     },
 
@@ -52,11 +53,9 @@ export const SttBlock: BlockConfig<SttBlockResponse> = {
       title: 'Model',
       type: 'dropdown',
       condition: { field: 'provider', value: 'elevenlabs' },
-      options: [
-        { label: 'Scribe v1', id: 'scribe_v1' },
-        { label: 'Scribe v1 Experimental', id: 'scribe_v1_experimental' },
-      ],
-      value: () => 'scribe_v1',
+      options: [{ label: 'Scribe v2', id: 'scribe_v2' }],
+      value: () => 'scribe_v2',
+      dependsOn: ['provider'],
       required: true,
     },
 
@@ -75,6 +74,7 @@ export const SttBlock: BlockConfig<SttBlockResponse> = {
         { label: 'Base', id: 'base' },
       ],
       value: () => 'nova-3',
+      dependsOn: ['provider'],
       required: true,
     },
 
@@ -86,6 +86,7 @@ export const SttBlock: BlockConfig<SttBlockResponse> = {
       condition: { field: 'provider', value: 'assemblyai' },
       options: [{ label: 'Best', id: 'best' }],
       value: () => 'best',
+      dependsOn: ['provider'],
       required: true,
     },
 
@@ -104,6 +105,7 @@ export const SttBlock: BlockConfig<SttBlockResponse> = {
         { label: 'Gemini 2.0 Flash', id: 'gemini-2.0-flash-exp' },
       ],
       value: () => 'gemini-2.5-flash',
+      dependsOn: ['provider'],
       required: true,
     },
 
@@ -295,7 +297,7 @@ export const SttBlock: BlockConfig<SttBlockResponse> = {
     model: {
       type: 'string',
       description:
-        'Provider-specific model (e.g., scribe_v1 for ElevenLabs, nova-3 for Deepgram, best for AssemblyAI, gemini-2.0-flash-exp for Gemini)',
+        'Provider-specific model (e.g., scribe_v2 for ElevenLabs, nova-3 for Deepgram, best for AssemblyAI, gemini-2.0-flash-exp for Gemini)',
     },
     audioFile: { type: 'json', description: 'Audio/video file (UserFile)' },
     audioUrl: { type: 'string', description: 'Audio/video URL' },
diff --git a/apps/sim/blocks/blocks/table.ts b/apps/sim/blocks/blocks/table.ts
index e75d1731675..afdcdc5b2eb 100644
--- a/apps/sim/blocks/blocks/table.ts
+++ b/apps/sim/blocks/blocks/table.ts
@@ -4,6 +4,7 @@ import { TABLE_LIMITS } from '@/lib/table/constants'
 import { filterRulesToFilter, sortRulesToSort } from '@/lib/table/query-builder/converters'
 import type { BlockConfig } from '@/blocks/types'
 import type { TableQueryResponse } from '@/tools/table/types'
+import { getTrigger } from '@/triggers'
 
 /**
  * Parses a JSON string with helpful error messages.
@@ -230,6 +231,7 @@ export const TableBlock: BlockConfig<TableQueryResponse> = {
       title: 'Row ID',
       type: 'short-input',
       placeholder: 'row_xxxxx',
+      dependsOn: ['tableId'],
       condition: { field: 'operation', value: ['get_row', 'update_row', 'delete_row'] },
       required: true,
     },
@@ -552,6 +554,7 @@ Return ONLY the sort JSON:`,
       condition: { field: 'operation', value: 'query_rows' },
       value: () => '0',
     },
+    ...getTrigger('table_new_row').subBlocks,
   ],
 
   tools: {
@@ -689,4 +692,8 @@ Return ONLY the sort JSON:`,
     },
     message: { type: 'string', description: 'Operation status message' },
   },
+  triggers: {
+    enabled: true,
+    available: ['table_new_row'],
+  },
 }
diff --git a/apps/sim/blocks/blocks/trello.ts b/apps/sim/blocks/blocks/trello.ts
index 27465ac6ae7..3d1607d4230 100644
--- a/apps/sim/blocks/blocks/trello.ts
+++ b/apps/sim/blocks/blocks/trello.ts
@@ -125,6 +125,7 @@ export const TrelloBlock: BlockConfig<TrelloResponse> = {
       type: 'short-input',
       canonicalParamId: 'boardId',
       placeholder: 'Enter Trello board ID',
+      dependsOn: ['credential'],
       mode: 'advanced',
       condition: {
         field: 'operation',
diff --git a/apps/sim/blocks/blocks/tts.ts b/apps/sim/blocks/blocks/tts.ts
index c6fea970e79..62d050b0c91 100644
--- a/apps/sim/blocks/blocks/tts.ts
+++ b/apps/sim/blocks/blocks/tts.ts
@@ -56,6 +56,7 @@ export const TtsBlock: BlockConfig<TtsBlockResponse> = {
         { label: 'GPT-4o Mini TTS', id: 'gpt-4o-mini-tts' },
       ],
       value: () => 'tts-1',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -78,6 +79,7 @@ export const TtsBlock: BlockConfig<TtsBlockResponse> = {
         { label: 'Verse', id: 'verse' },
       ],
       value: () => 'alloy',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -95,6 +97,7 @@ export const TtsBlock: BlockConfig<TtsBlockResponse> = {
         { label: 'WAV', id: 'wav' },
       ],
       value: () => 'mp3',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -108,6 +111,7 @@ export const TtsBlock: BlockConfig<TtsBlockResponse> = {
       max: 4.0,
       step: 0.25,
       value: () => '1.0',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -132,6 +136,7 @@ export const TtsBlock: BlockConfig<TtsBlockResponse> = {
         { label: 'Zeus', id: 'aura-zeus-en' },
       ],
       value: () => 'aura-asteria-en',
+      dependsOn: ['provider'],
       required: true,
     },
 
@@ -149,6 +154,7 @@ export const TtsBlock: BlockConfig<TtsBlockResponse> = {
         { label: 'Linear16', id: 'linear16' },
       ],
       value: () => 'mp3',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -169,6 +175,7 @@ export const TtsBlock: BlockConfig<TtsBlockResponse> = {
         { label: '48000 Hz', id: '48000' },
       ],
       value: () => '24000',
+      dependsOn: ['encoding'],
       required: false,
     },
 
@@ -179,6 +186,7 @@ export const TtsBlock: BlockConfig<TtsBlockResponse> = {
       type: 'short-input',
       condition: { field: 'provider', value: 'elevenlabs' },
       placeholder: 'Enter ElevenLabs voice ID',
+      dependsOn: ['provider'],
       required: true,
     },
 
@@ -197,6 +205,7 @@ export const TtsBlock: BlockConfig<TtsBlockResponse> = {
         { label: 'Multilingual v1', id: 'eleven_multilingual_v1' },
       ],
       value: () => 'eleven_turbo_v2_5',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -210,6 +219,7 @@ export const TtsBlock: BlockConfig<TtsBlockResponse> = {
       max: 1.0,
       step: 0.05,
       value: () => '0.5',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -223,6 +233,7 @@ export const TtsBlock: BlockConfig<TtsBlockResponse> = {
       max: 1.0,
       step: 0.05,
       value: () => '0.8',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -236,6 +247,7 @@ export const TtsBlock: BlockConfig<TtsBlockResponse> = {
       max: 1.0,
       step: 0.05,
       value: () => '0.0',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -253,6 +265,7 @@ export const TtsBlock: BlockConfig<TtsBlockResponse> = {
         { label: 'Sonic Multilingual', id: 'sonic-multilingual' },
       ],
       value: () => 'sonic-3',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -263,6 +276,7 @@ export const TtsBlock: BlockConfig<TtsBlockResponse> = {
       type: 'short-input',
       condition: { field: 'provider', value: 'cartesia' },
       placeholder: 'Enter Cartesia voice ID',
+      dependsOn: ['provider'],
       required: true,
     },
 
@@ -276,6 +290,7 @@ export const TtsBlock: BlockConfig<TtsBlockResponse> = {
       max: 2.0,
       step: 0.1,
       value: () => '1.0',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -286,6 +301,7 @@ export const TtsBlock: BlockConfig<TtsBlockResponse> = {
       type: 'short-input',
       condition: { field: 'provider', value: 'google' },
       placeholder: 'e.g., en-US-Neural2-A',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -297,6 +313,7 @@ export const TtsBlock: BlockConfig<TtsBlockResponse> = {
       condition: { field: 'provider', value: 'google' },
       placeholder: 'e.g., en-US, es-ES',
       value: () => 'en-US',
+      dependsOn: ['provider'],
       required: true,
     },
 
@@ -310,6 +327,7 @@ export const TtsBlock: BlockConfig<TtsBlockResponse> = {
       max: 2.0,
       step: 0.25,
       value: () => '1.0',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -323,6 +341,7 @@ export const TtsBlock: BlockConfig<TtsBlockResponse> = {
       max: 20.0,
       step: 1.0,
       value: () => '0.0',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -333,6 +352,7 @@ export const TtsBlock: BlockConfig<TtsBlockResponse> = {
       type: 'short-input',
       condition: { field: 'provider', value: 'azure' },
       placeholder: 'e.g., en-US-JennyNeural',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -343,6 +363,7 @@ export const TtsBlock: BlockConfig<TtsBlockResponse> = {
       type: 'short-input',
       condition: { field: 'provider', value: 'azure' },
       placeholder: 'e.g., eastus, westus',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -358,6 +379,7 @@ export const TtsBlock: BlockConfig<TtsBlockResponse> = {
         { label: 'MP3 48kHz 96kbps', id: 'audio-48khz-96kbitrate-mono-mp3' },
       ],
       value: () => 'audio-24khz-96kbitrate-mono-mp3',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -368,6 +390,7 @@ export const TtsBlock: BlockConfig<TtsBlockResponse> = {
       type: 'short-input',
       condition: { field: 'provider', value: 'azure' },
       placeholder: 'e.g., cheerful, sad, angry',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -379,6 +402,7 @@ export const TtsBlock: BlockConfig<TtsBlockResponse> = {
       condition: { field: 'provider', value: 'playht' },
       placeholder: 'Enter your PlayHT user ID',
       password: true,
+      dependsOn: ['provider'],
       required: true,
     },
 
@@ -389,6 +413,7 @@ export const TtsBlock: BlockConfig<TtsBlockResponse> = {
       type: 'short-input',
       condition: { field: 'provider', value: 'playht' },
       placeholder: 'Voice ID or manifest URL',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -404,6 +429,7 @@ export const TtsBlock: BlockConfig<TtsBlockResponse> = {
         { label: 'Premium', id: 'premium' },
       ],
       value: () => 'standard',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -417,6 +443,7 @@ export const TtsBlock: BlockConfig<TtsBlockResponse> = {
       max: 2.0,
       step: 0.1,
       value: () => '1.0',
+      dependsOn: ['provider'],
       required: false,
     },
 
diff --git a/apps/sim/blocks/blocks/video_generator.ts b/apps/sim/blocks/blocks/video_generator.ts
index cc7141f3371..eaccc6cde1f 100644
--- a/apps/sim/blocks/blocks/video_generator.ts
+++ b/apps/sim/blocks/blocks/video_generator.ts
@@ -49,6 +49,7 @@ export const VideoGeneratorBlock: BlockConfig<VideoBlockResponse> = {
         { label: 'Veo 3.1', id: 'veo-3.1' },
       ],
       value: () => 'veo-3',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -60,6 +61,7 @@ export const VideoGeneratorBlock: BlockConfig<VideoBlockResponse> = {
       condition: { field: 'provider', value: 'luma' },
       options: [{ label: 'Ray 2', id: 'ray-2' }],
       value: () => 'ray-2',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -71,6 +73,7 @@ export const VideoGeneratorBlock: BlockConfig<VideoBlockResponse> = {
       condition: { field: 'provider', value: 'minimax' },
       options: [{ label: 'Hailuo 2.3', id: 'hailuo-02' }],
       value: () => 'hailuo-02',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -84,6 +87,7 @@ export const VideoGeneratorBlock: BlockConfig<VideoBlockResponse> = {
         { label: 'Standard', id: 'standard' },
       ],
       value: () => 'standard',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -104,6 +108,7 @@ export const VideoGeneratorBlock: BlockConfig<VideoBlockResponse> = {
         { label: 'LTXV 0.9.8', id: 'ltxv-0.9.8' },
       ],
       value: () => 'veo-3.1',
+      dependsOn: ['provider'],
       required: true,
     },
 
@@ -127,6 +132,7 @@ export const VideoGeneratorBlock: BlockConfig<VideoBlockResponse> = {
         { label: '10', id: '10' },
       ],
       value: () => '5',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -142,6 +148,7 @@ export const VideoGeneratorBlock: BlockConfig<VideoBlockResponse> = {
         { label: '8', id: '8' },
       ],
       value: () => '8',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -156,6 +163,7 @@ export const VideoGeneratorBlock: BlockConfig<VideoBlockResponse> = {
         { label: '9', id: '9' },
       ],
       value: () => '5',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -170,6 +178,7 @@ export const VideoGeneratorBlock: BlockConfig<VideoBlockResponse> = {
         { label: '10', id: '10' },
       ],
       value: () => '6',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -193,6 +202,7 @@ export const VideoGeneratorBlock: BlockConfig<VideoBlockResponse> = {
         { label: '10', id: '10' },
       ],
       value: () => '5',
+      dependsOn: ['model'],
       required: false,
     },
 
@@ -207,6 +217,7 @@ export const VideoGeneratorBlock: BlockConfig<VideoBlockResponse> = {
         { label: '9:16', id: '9:16' },
       ],
       value: () => '16:9',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -222,6 +233,7 @@ export const VideoGeneratorBlock: BlockConfig<VideoBlockResponse> = {
         { label: '1:1', id: '1:1' },
       ],
       value: () => '16:9',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -237,6 +249,7 @@ export const VideoGeneratorBlock: BlockConfig<VideoBlockResponse> = {
         { label: '1:1', id: '1:1' },
       ],
       value: () => '16:9',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -259,6 +272,7 @@ export const VideoGeneratorBlock: BlockConfig<VideoBlockResponse> = {
         { label: '9:16', id: '9:16' },
       ],
       value: () => '16:9',
+      dependsOn: ['model'],
       required: false,
     },
 
@@ -277,6 +291,7 @@ export const VideoGeneratorBlock: BlockConfig<VideoBlockResponse> = {
         { label: '1080p', id: '1080p' },
       ],
       value: () => '1080p',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -292,6 +307,7 @@ export const VideoGeneratorBlock: BlockConfig<VideoBlockResponse> = {
         { label: '1080p', id: '1080p' },
       ],
       value: () => '1080p',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -306,6 +322,7 @@ export const VideoGeneratorBlock: BlockConfig<VideoBlockResponse> = {
       placeholder: 'Upload reference image',
       mode: 'basic',
       multiple: false,
+      dependsOn: ['provider'],
       required: true,
       acceptedTypes: '.jpg,.jpeg,.png,.webp',
     },
@@ -317,6 +334,7 @@ export const VideoGeneratorBlock: BlockConfig<VideoBlockResponse> = {
       type: 'long-input',
       condition: { field: 'provider', value: 'luma' },
       placeholder: 'JSON: [{ "key": "pan_right" }, { "key": "zoom_in" }]',
+      dependsOn: ['provider'],
       required: false,
     },
 
@@ -326,6 +344,7 @@ export const VideoGeneratorBlock: BlockConfig<VideoBlockResponse> = {
       title: 'Prompt Optimizer',
       type: 'switch',
       condition: { field: 'provider', value: 'minimax' },
+      dependsOn: ['provider'],
     },
 
     // API Key
@@ -463,6 +482,7 @@ export const VideoGeneratorV2Block: BlockConfig<VideoBlockResponse> = {
         { label: 'Veo 3.1', id: 'veo-3.1' },
       ],
       value: () => 'veo-3',
+      dependsOn: ['provider'],
       required: false,
     },
     {
@@ -472,6 +492,7 @@ export const VideoGeneratorV2Block: BlockConfig<VideoBlockResponse> = {
       condition: { field: 'provider', value: 'luma' },
       options: [{ label: 'Ray 2', id: 'ray-2' }],
       value: () => 'ray-2',
+      dependsOn: ['provider'],
       required: false,
     },
     {
@@ -481,6 +502,7 @@ export const VideoGeneratorV2Block: BlockConfig<VideoBlockResponse> = {
       condition: { field: 'provider', value: 'minimax' },
       options: [{ label: 'Hailuo 2.3', id: 'hailuo-02' }],
       value: () => 'hailuo-02',
+      dependsOn: ['provider'],
       required: false,
     },
     {
@@ -493,6 +515,7 @@ export const VideoGeneratorV2Block: BlockConfig<VideoBlockResponse> = {
         { label: 'Standard', id: 'standard' },
       ],
       value: () => 'standard',
+      dependsOn: ['provider'],
       required: false,
     },
     {
@@ -511,6 +534,7 @@ export const VideoGeneratorV2Block: BlockConfig<VideoBlockResponse> = {
         { label: 'LTXV 0.9.8', id: 'ltxv-0.9.8' },
       ],
       value: () => 'veo-3.1',
+      dependsOn: ['provider'],
       required: true,
     },
     {
@@ -530,6 +554,7 @@ export const VideoGeneratorV2Block: BlockConfig<VideoBlockResponse> = {
         { label: '10', id: '10' },
       ],
       value: () => '5',
+      dependsOn: ['provider'],
       required: false,
     },
     {
@@ -543,6 +568,7 @@ export const VideoGeneratorV2Block: BlockConfig<VideoBlockResponse> = {
         { label: '8', id: '8' },
       ],
       value: () => '8',
+      dependsOn: ['provider'],
       required: false,
     },
     {
@@ -555,6 +581,7 @@ export const VideoGeneratorV2Block: BlockConfig<VideoBlockResponse> = {
         { label: '9', id: '9' },
       ],
       value: () => '5',
+      dependsOn: ['provider'],
       required: false,
     },
     {
@@ -567,6 +594,7 @@ export const VideoGeneratorV2Block: BlockConfig<VideoBlockResponse> = {
         { label: '10', id: '10' },
       ],
       value: () => '6',
+      dependsOn: ['provider'],
       required: false,
     },
     {
@@ -588,6 +616,7 @@ export const VideoGeneratorV2Block: BlockConfig<VideoBlockResponse> = {
         { label: '10', id: '10' },
       ],
       value: () => '5',
+      dependsOn: ['model'],
       required: false,
     },
     {
@@ -600,6 +629,7 @@ export const VideoGeneratorV2Block: BlockConfig<VideoBlockResponse> = {
         { label: '9:16', id: '9:16' },
       ],
       value: () => '16:9',
+      dependsOn: ['provider'],
       required: false,
     },
     {
@@ -613,6 +643,7 @@ export const VideoGeneratorV2Block: BlockConfig<VideoBlockResponse> = {
         { label: '1:1', id: '1:1' },
       ],
       value: () => '16:9',
+      dependsOn: ['provider'],
       required: false,
     },
     {
@@ -626,6 +657,7 @@ export const VideoGeneratorV2Block: BlockConfig<VideoBlockResponse> = {
         { label: '1:1', id: '1:1' },
       ],
       value: () => '16:9',
+      dependsOn: ['provider'],
       required: false,
     },
     {
@@ -646,6 +678,7 @@ export const VideoGeneratorV2Block: BlockConfig<VideoBlockResponse> = {
         { label: '9:16', id: '9:16' },
       ],
       value: () => '16:9',
+      dependsOn: ['model'],
       required: false,
     },
     {
@@ -658,6 +691,7 @@ export const VideoGeneratorV2Block: BlockConfig<VideoBlockResponse> = {
         { label: '1080p', id: '1080p' },
       ],
       value: () => '1080p',
+      dependsOn: ['provider'],
       required: false,
     },
     {
@@ -671,6 +705,7 @@ export const VideoGeneratorV2Block: BlockConfig<VideoBlockResponse> = {
         { label: '1080p', id: '1080p' },
       ],
       value: () => '1080p',
+      dependsOn: ['provider'],
       required: false,
     },
     {
@@ -682,6 +717,7 @@ export const VideoGeneratorV2Block: BlockConfig<VideoBlockResponse> = {
       placeholder: 'Upload reference image',
       mode: 'basic',
       multiple: false,
+      dependsOn: ['provider'],
       required: true,
       acceptedTypes: '.jpg,.jpeg,.png,.webp',
     },
@@ -693,6 +729,7 @@ export const VideoGeneratorV2Block: BlockConfig<VideoBlockResponse> = {
       condition: { field: 'provider', value: 'runway' },
       placeholder: 'Reference image from previous blocks',
       mode: 'advanced',
+      dependsOn: ['provider'],
       required: true,
     },
     {
@@ -701,6 +738,7 @@ export const VideoGeneratorV2Block: BlockConfig<VideoBlockResponse> = {
       type: 'long-input',
       condition: { field: 'provider', value: 'luma' },
       placeholder: 'JSON: [{ "key": "pan_right" }, { "key": "zoom_in" }]',
+      dependsOn: ['provider'],
       required: false,
     },
     {
@@ -708,6 +746,7 @@ export const VideoGeneratorV2Block: BlockConfig<VideoBlockResponse> = {
       title: 'Prompt Optimizer',
       type: 'switch',
       condition: { field: 'provider', value: 'minimax' },
+      dependsOn: ['provider'],
     },
     {
       id: 'apiKey',
diff --git a/apps/sim/blocks/blocks/wealthbox.ts b/apps/sim/blocks/blocks/wealthbox.ts
index abdb86bca24..222d94b5938 100644
--- a/apps/sim/blocks/blocks/wealthbox.ts
+++ b/apps/sim/blocks/blocks/wealthbox.ts
@@ -69,6 +69,7 @@ export const WealthboxBlock: BlockConfig<WealthboxResponse> = {
       placeholder: 'Enter Contact ID',
       mode: 'basic',
       canonicalParamId: 'contactId',
+      dependsOn: ['credential'],
       condition: { field: 'operation', value: ['read_contact', 'write_task', 'write_note'] },
     },
     {
@@ -78,6 +79,7 @@ export const WealthboxBlock: BlockConfig<WealthboxResponse> = {
       canonicalParamId: 'contactId',
       placeholder: 'Enter Contact ID',
       mode: 'advanced',
+      dependsOn: ['credential'],
       condition: { field: 'operation', value: ['read_contact', 'write_task', 'write_note'] },
     },
     {
diff --git a/apps/sim/blocks/blocks/zoom.ts b/apps/sim/blocks/blocks/zoom.ts
index c699431a643..93da307012b 100644
--- a/apps/sim/blocks/blocks/zoom.ts
+++ b/apps/sim/blocks/blocks/zoom.ts
@@ -112,6 +112,7 @@ export const ZoomBlock: BlockConfig<ZoomResponse> = {
       type: 'short-input',
       canonicalParamId: 'meetingId',
       placeholder: 'Enter meeting ID',
+      dependsOn: ['credential'],
       mode: 'advanced',
       required: true,
       condition: {
diff --git a/apps/sim/blocks/utils.test.ts b/apps/sim/blocks/utils.test.ts
index b59e0ebd17f..309f5990474 100644
--- a/apps/sim/blocks/utils.test.ts
+++ b/apps/sim/blocks/utils.test.ts
@@ -66,8 +66,11 @@ vi.mock('@/lib/oauth/utils', () => ({
   getScopesForService: vi.fn(() => []),
 }))
 
+import type { SubBlockConfig } from '@/blocks/types'
 import {
   getApiKeyCondition,
+  getDependsOnFields,
+  getSubBlocksDependingOnChange,
   parseOptionalBooleanInput,
   parseOptionalJsonInput,
   parseOptionalNumberInput,
@@ -359,3 +362,93 @@ describe('parseOptionalBooleanInput', () => {
     expect(parseOptionalBooleanInput('no')).toBeUndefined()
   })
 })
+
+describe('getDependsOnFields', () => {
+  it('returns an empty array when dependsOn is unset', () => {
+    expect(getDependsOnFields(undefined)).toEqual([])
+  })
+
+  it('returns array dependencies unchanged', () => {
+    expect(getDependsOnFields(['credential', 'projectId'])).toEqual(['credential', 'projectId'])
+  })
+
+  it('flattens all and any dependencies', () => {
+    expect(getDependsOnFields({ all: ['credential'], any: ['teamId', 'manualTeamId'] })).toEqual([
+      'credential',
+      'teamId',
+      'manualTeamId',
+    ])
+  })
+})
+
+describe('getSubBlocksDependingOnChange', () => {
+  it('finds direct dependents of a changed subblock', () => {
+    const subBlocks: SubBlockConfig[] = [
+      { id: 'provider', title: 'Provider', type: 'dropdown' },
+      { id: 'model', title: 'Model', type: 'dropdown', dependsOn: ['provider'] },
+      { id: 'prompt', title: 'Prompt', type: 'long-input' },
+    ]
+
+    expect(
+      getSubBlocksDependingOnChange(subBlocks, 'provider').map((subBlock) => subBlock.id)
+    ).toEqual(['model'])
+  })
+
+  it('matches dependents through canonical basic and advanced siblings', () => {
+    const subBlocks: SubBlockConfig[] = [
+      {
+        id: 'channel',
+        title: 'Channel',
+        type: 'channel-selector',
+        canonicalParamId: 'channelId',
+        mode: 'basic',
+      },
+      {
+        id: 'manualChannel',
+        title: 'Channel ID',
+        type: 'short-input',
+        canonicalParamId: 'channelId',
+        mode: 'advanced',
+      },
+      {
+        id: 'messageId',
+        title: 'Message ID',
+        type: 'short-input',
+        dependsOn: ['channelId'],
+      },
+      {
+        id: 'threadTs',
+        title: 'Thread Timestamp',
+        type: 'short-input',
+        dependsOn: ['otherField'],
+      },
+    ]
+
+    expect(
+      getSubBlocksDependingOnChange(subBlocks, 'manualChannel').map((subBlock) => subBlock.id)
+    ).toEqual(['messageId'])
+    expect(
+      getSubBlocksDependingOnChange(subBlocks, 'channel').map((subBlock) => subBlock.id)
+    ).toEqual(['messageId'])
+  })
+
+  it('matches object-form dependencies when any listed dependency changes', () => {
+    const subBlocks: SubBlockConfig[] = [
+      { id: 'credential', title: 'Credential', type: 'oauth-input' },
+      { id: 'teamId', title: 'Team', type: 'short-input' },
+      {
+        id: 'projectId',
+        title: 'Project',
+        type: 'short-input',
+        dependsOn: { all: ['credential'], any: ['teamId'] },
+      },
+    ]
+
+    expect(
+      getSubBlocksDependingOnChange(subBlocks, 'credential').map((subBlock) => subBlock.id)
+    ).toEqual(['projectId'])
+    expect(
+      getSubBlocksDependingOnChange(subBlocks, 'teamId').map((subBlock) => subBlock.id)
+    ).toEqual(['projectId'])
+  })
+})
diff --git a/apps/sim/blocks/utils.ts b/apps/sim/blocks/utils.ts
index fd5c15bdc0a..b70ca7af504 100644
--- a/apps/sim/blocks/utils.ts
+++ b/apps/sim/blocks/utils.ts
@@ -1,6 +1,7 @@
 import { toError } from '@sim/utils/errors'
 import { isAzureConfigured, isHosted, isOllamaConfigured } from '@/lib/core/config/feature-flags'
 import { getScopesForService } from '@/lib/oauth/utils'
+import { buildCanonicalIndex } from '@/lib/workflows/subblocks/visibility'
 import type { BlockOutput, OutputFieldDefinition, SubBlockConfig } from '@/blocks/types'
 import {
   getBaseModelProviders,
@@ -63,16 +64,6 @@ export function getModelOptions() {
   })
 }
 
-/**
- * Checks if a field is included in the dependsOn config.
- * Handles both simple array format and object format with all/any fields.
- */
-export function isDependency(dependsOn: SubBlockConfig['dependsOn'], field: string): boolean {
-  if (!dependsOn) return false
-  if (Array.isArray(dependsOn)) return dependsOn.includes(field)
-  return dependsOn.all?.includes(field) || dependsOn.any?.includes(field) || false
-}
-
 /**
  * Gets all dependency fields as a flat array.
  * Handles both simple array format and object format with all/any fields.
@@ -83,6 +74,29 @@ export function getDependsOnFields(dependsOn: SubBlockConfig['dependsOn']): stri
   return [...(dependsOn.all || []), ...(dependsOn.any || [])]
 }
 
+/**
+ * Finds subblocks that depend on a changed field, accounting for canonical pairs.
+ */
+export function getSubBlocksDependingOnChange(
+  allSubBlocks: SubBlockConfig[],
+  changedSubBlockId: string
+): SubBlockConfig[] {
+  const canonicalIndex = buildCanonicalIndex(allSubBlocks)
+  const canonicalId = canonicalIndex.canonicalIdBySubBlockId[changedSubBlockId]
+  const group = canonicalId ? canonicalIndex.groupsById[canonicalId] : undefined
+  const changedFields = new Set<string>([changedSubBlockId])
+
+  if (canonicalId) changedFields.add(canonicalId)
+  if (group?.basicId) changedFields.add(group.basicId)
+  for (const advancedId of group?.advancedIds || []) {
+    changedFields.add(advancedId)
+  }
+
+  return allSubBlocks.filter((subBlock) =>
+    getDependsOnFields(subBlock.dependsOn).some((field) => changedFields.has(field))
+  )
+}
+
 export function resolveOutputType(
   outputs: Record<string, OutputFieldDefinition>
 ): Record<string, BlockOutput> {
diff --git a/apps/sim/components/emcn/icons/eye-off.tsx b/apps/sim/components/emcn/icons/eye-off.tsx
new file mode 100644
index 00000000000..62cc6922ae8
--- /dev/null
+++ b/apps/sim/components/emcn/icons/eye-off.tsx
@@ -0,0 +1,33 @@
+import type { SVGProps } from 'react'
+
+/**
+ * Eye-off icon. Companion to {@link Eye}; used for "hide" affordances where
+ * something is being concealed without being destroyed (e.g. hide a workflow
+ * output column from the table while keeping it re-addable from the sidebar).
+ *
+ * Uses currentColor so it inherits the surrounding text color.
+ *
+ * @param props - SVG properties including className, fill, etc.
+ */
+export function EyeOff(props: SVGProps<SVGSVGElement>) {
+  return (
+    <svg
+      width='14'
+      height='14'
+      viewBox='0 0 24 24'
+      fill='none'
+      stroke='currentColor'
+      strokeWidth='2'
+      strokeLinecap='round'
+      strokeLinejoin='round'
+      xmlns='http://www.w3.org/2000/svg'
+      aria-hidden='true'
+      {...props}
+    >
+      <path d='M9.88 9.88a3 3 0 1 0 4.24 4.24' />
+      <path d='M10.73 5.08A10.43 10.43 0 0 1 12 5c7 0 10 7 10 7a13.16 13.16 0 0 1-1.67 2.68' />
+      <path d='M6.61 6.61A13.526 13.526 0 0 0 2 12s3 7 10 7a9.74 9.74 0 0 0 5.39-1.61' />
+      <line x1='2' y1='2' x2='22' y2='22' />
+    </svg>
+  )
+}
diff --git a/apps/sim/components/emcn/icons/index.ts b/apps/sim/components/emcn/icons/index.ts
index 61162a74369..9def17d5665 100644
--- a/apps/sim/components/emcn/icons/index.ts
+++ b/apps/sim/components/emcn/icons/index.ts
@@ -28,6 +28,7 @@ export { Download } from './download'
 export { Duplicate } from './duplicate'
 export { Expand } from './expand'
 export { Eye } from './eye'
+export { EyeOff } from './eye-off'
 export { File } from './file'
 export { FileX } from './file-x'
 export { Fingerprint } from './fingerprint'
diff --git a/apps/sim/connectors/confluence/confluence.ts b/apps/sim/connectors/confluence/confluence.ts
index 7149c96272d..56527fdc527 100644
--- a/apps/sim/connectors/confluence/confluence.ts
+++ b/apps/sim/connectors/confluence/confluence.ts
@@ -80,35 +80,57 @@ async function fetchLabelsForPages(
 }
 
 /**
- * Converts a v1 CQL search result item to a lightweight metadata stub.
+ * Produces a canonical metadata stub with a deterministic contentHash that
+ * does not depend on which API surface (v1 CQL or v2) returned the page.
  */
-function cqlResultToStub(item: Record<string, unknown>, domain: string): ExternalDocument {
-  const version = item.version as Record<string, unknown> | undefined
-  const links = item._links as Record<string, string> | undefined
-  const metadata = item.metadata as Record<string, unknown> | undefined
-  const labelsWrapper = metadata?.labels as Record<string, unknown> | undefined
-  const labelResults = (labelsWrapper?.results || []) as Record<string, unknown>[]
-  const labels = labelResults.map((l) => l.name as string)
-  const versionNumber = version?.number
+function pageToStub(
+  page: Record<string, unknown>,
+  options: {
+    spaceId?: unknown
+    labels?: string[]
+    sourceUrl?: string
+  } = {}
+): ExternalDocument {
+  const version = page.version as Record<string, unknown> | undefined
+  const versionNumber = version?.number as number | undefined
+  const lastModified = (version?.createdAt ?? version?.when ?? '') as string
+  const versionKey = versionNumber ?? lastModified
 
   return {
-    externalId: String(item.id),
-    title: (item.title as string) || 'Untitled',
+    externalId: String(page.id),
+    title: (page.title as string) || 'Untitled',
     content: '',
     contentDeferred: true,
     mimeType: 'text/plain',
-    sourceUrl: links?.webui ? `https://${domain}/wiki${links.webui}` : undefined,
-    contentHash: `confluence:${item.id}:${versionNumber ?? ''}`,
+    sourceUrl: options.sourceUrl,
+    contentHash: `confluence:${page.id}:${versionKey}`,
     metadata: {
-      spaceId: (item.space as Record<string, unknown>)?.key,
-      status: item.status,
+      spaceId: options.spaceId,
+      status: page.status,
       version: versionNumber,
-      labels,
-      lastModified: version?.when,
+      labels: options.labels ?? [],
+      lastModified,
     },
   }
 }
 
+/**
+ * Converts a v1 CQL search result item to a lightweight metadata stub.
+ */
+function cqlResultToStub(item: Record<string, unknown>, domain: string): ExternalDocument {
+  const links = item._links as Record<string, string> | undefined
+  const metadata = item.metadata as Record<string, unknown> | undefined
+  const labelsWrapper = metadata?.labels as Record<string, unknown> | undefined
+  const labelResults = (labelsWrapper?.results || []) as Record<string, unknown>[]
+  const labels = labelResults.map((l) => l.name as string)
+
+  return pageToStub(item, {
+    spaceId: (item.space as Record<string, unknown>)?.key,
+    labels,
+    sourceUrl: links?.webui ? `https://${domain}/wiki${links.webui}` : undefined,
+  })
+}
+
 export const confluenceConnector: ConnectorConfig = {
   id: 'confluence',
   name: 'Confluence',
@@ -285,24 +307,16 @@ export const confluenceConnector: ConnectorConfig = {
     const labels = labelMap.get(String(page.id)) ?? []
 
     const links = page._links as Record<string, unknown> | undefined
-    const version = page.version as Record<string, unknown> | undefined
-    const versionNumber = version?.number
+    const stub = pageToStub(page, {
+      spaceId: page.spaceId,
+      labels,
+      sourceUrl: links?.webui ? `https://${domain}/wiki${links.webui}` : undefined,
+    })
 
     return {
-      externalId: String(page.id),
-      title: (page.title as string) || 'Untitled',
+      ...stub,
       content: plainText,
       contentDeferred: false,
-      mimeType: 'text/plain',
-      sourceUrl: links?.webui ? `https://${domain}/wiki${links.webui}` : undefined,
-      contentHash: `confluence:${page.id}:${versionNumber ?? ''}`,
-      metadata: {
-        spaceId: page.spaceId,
-        status: page.status,
-        version: versionNumber,
-        labels,
-        lastModified: version?.createdAt,
-      },
     }
   },
 
@@ -323,7 +337,7 @@ export const confluenceConnector: ConnectorConfig = {
     }
 
     try {
-      const cloudId = await getConfluenceCloudId(domain, accessToken)
+      const cloudId = await getConfluenceCloudId(domain, accessToken, VALIDATE_RETRY_OPTIONS)
       const spaceUrl = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/spaces?keys=${encodeURIComponent(spaceKey)}&limit=1`
       const response = await fetchWithRetry(
         spaceUrl,
@@ -345,8 +359,7 @@ export const confluenceConnector: ConnectorConfig = {
       }
       return { valid: true }
     } catch (error) {
-      const message = error instanceof Error ? error.message : 'Failed to validate configuration'
-      return { valid: false, error: message }
+      return { valid: false, error: toError(error).message || 'Failed to validate configuration' }
     }
   },
 
@@ -420,28 +433,11 @@ async function listDocumentsV2(
   const results = data.results || []
 
   const documents: ExternalDocument[] = results.map((page: Record<string, unknown>) => {
-    const pageId = String(page.id)
-    const version = page.version as Record<string, unknown> | undefined
-    const versionNumber = version?.number
-
-    return {
-      externalId: pageId,
-      title: (page.title as string) || 'Untitled',
-      content: '',
-      contentDeferred: true,
-      mimeType: 'text/plain',
-      sourceUrl: (page._links as Record<string, string>)?.webui
-        ? `https://${domain}/wiki${(page._links as Record<string, string>).webui}`
-        : undefined,
-      contentHash: `confluence:${pageId}:${versionNumber ?? ''}`,
-      metadata: {
-        spaceId: page.spaceId,
-        status: page.status,
-        version: versionNumber,
-        labels: [],
-        lastModified: version?.createdAt,
-      },
-    }
+    const links = page._links as Record<string, string> | undefined
+    return pageToStub(page, {
+      spaceId: page.spaceId,
+      sourceUrl: links?.webui ? `https://${domain}/wiki${links.webui}` : undefined,
+    })
   })
 
   let nextCursor: string | undefined
@@ -493,7 +489,11 @@ async function listAllContentTypes(
       pagesDone = parsed.pagesDone === true
       blogsDone = parsed.blogsDone === true
     } catch {
-      pageCursor = cursor
+      /**
+       * Older bare-string cursors are no longer emitted; fall through and
+       * restart instead of silently re-listing blogposts from page 0.
+       */
+      logger.warn('Ignoring unparseable Confluence cursor; restarting listing')
     }
   }
 
diff --git a/apps/sim/connectors/evernote/evernote.ts b/apps/sim/connectors/evernote/evernote.ts
index e5afefbcdaf..2dfd2271f5f 100644
--- a/apps/sim/connectors/evernote/evernote.ts
+++ b/apps/sim/connectors/evernote/evernote.ts
@@ -462,7 +462,8 @@ export const evernoteConnector: ConnectorConfig = {
       const retryOptions = { maxRetries: 3, initialDelayMs: 500 }
       const note = await apiGetNote(accessToken, externalId, retryOptions)
       const plainText = htmlToPlainText(note.content)
-      if (!plainText.trim()) return null
+      const title = note.title || 'Untitled'
+      const content = plainText.trim() ? plainText : title
 
       const shardId = extractShardId(accessToken)
       const userId = extractUserId(accessToken)
@@ -494,8 +495,8 @@ export const evernoteConnector: ConnectorConfig = {
 
       return {
         externalId,
-        title: note.title || 'Untitled',
-        content: plainText,
+        title,
+        content,
         contentDeferred: false,
         mimeType: 'text/plain',
         sourceUrl: `https://${host}/shard/${shardId}/nl/${userId}/${externalId}/`,
@@ -539,7 +540,7 @@ export const evernoteConnector: ConnectorConfig = {
 
       return { valid: true }
     } catch (error) {
-      const message = error instanceof Error ? error.message : 'Failed to connect to Evernote'
+      const message = toError(error).message || 'Failed to connect to Evernote'
       return { valid: false, error: message }
     }
   },
diff --git a/apps/sim/connectors/github/github.ts b/apps/sim/connectors/github/github.ts
index 7952cd4943b..24040aa6413 100644
--- a/apps/sim/connectors/github/github.ts
+++ b/apps/sim/connectors/github/github.ts
@@ -10,6 +10,20 @@ const logger = createLogger('GitHubConnector')
 const GITHUB_API_URL = 'https://api.github.com'
 const BATCH_SIZE = 30
 const GIT_SHA_PREFIX = 'git-sha:'
+const MAX_FILE_SIZE = 10 * 1024 * 1024 // 10 MB
+const BINARY_SNIFF_BYTES = 8000
+
+/**
+ * Heuristic binary detection: Git treats files containing a NUL byte in the
+ * first 8000 bytes as binary. Matches `git diff` / `git grep` semantics.
+ */
+function isBinaryBuffer(buf: Buffer): boolean {
+  const len = Math.min(buf.length, BINARY_SNIFF_BYTES)
+  for (let i = 0; i < len; i++) {
+    if (buf[i] === 0) return true
+  }
+  return false
+}
 
 /**
  * Parses the repository string into owner and repo.
@@ -90,6 +104,48 @@ async function fetchTree(
   return (data.tree || []).filter((item: TreeItem) => item.type === 'blob')
 }
 
+/**
+ * Fetches blob content via the Git Blobs API. Used as a fallback when the
+ * `/contents/` endpoint cannot return the file body (files larger than 1 MB
+ * return `content: ""` and `encoding: "none"`). Supports blobs up to 100 MB.
+ */
+async function fetchBlobContent(
+  accessToken: string,
+  owner: string,
+  repo: string,
+  sha: string
+): Promise<string | null> {
+  const url = `${GITHUB_API_URL}/repos/${owner}/${repo}/git/blobs/${encodeURIComponent(sha)}`
+  const response = await fetchWithRetry(url, {
+    method: 'GET',
+    headers: {
+      Accept: 'application/vnd.github+json',
+      Authorization: `Bearer ${accessToken}`,
+      'X-GitHub-Api-Version': '2022-11-28',
+    },
+  })
+
+  if (!response.ok) {
+    throw new Error(`Failed to fetch git blob ${sha}: ${response.status}`)
+  }
+
+  const data = await response.json()
+  const content = (data.content as string) || ''
+  const encoding = data.encoding as string | undefined
+
+  if (encoding === 'base64') {
+    const buf = Buffer.from(content, 'base64')
+    if (isBinaryBuffer(buf)) return null
+    return buf.toString('utf8')
+  }
+  /**
+   * Per https://docs.github.com/en/rest/git/blobs the Blobs API only ever
+   * returns base64. Refuse to silently persist empty content for an
+   * unexpected encoding so a sync surfaces the error instead.
+   */
+  throw new Error(`Unexpected git blob encoding for ${sha}: ${encoding ?? 'undefined'}`)
+}
+
 /**
  * Creates a lightweight stub ExternalDocument from a tree item.
  * Uses the Git blob SHA as contentHash for change detection, avoiding
@@ -108,7 +164,7 @@ function treeItemToStub(
     content: '',
     contentDeferred: true,
     mimeType: 'text/plain',
-    sourceUrl: `https://github.com/${owner}/${repo}/blob/${encodeURIComponent(branch)}/${item.path.split('/').map(encodeURIComponent).join('/')}`,
+    sourceUrl: `https://github.com/${owner}/${repo}/blob/${branch.split('/').map(encodeURIComponent).join('/')}/${item.path.split('/').map(encodeURIComponent).join('/')}`,
     contentHash: `${GIT_SHA_PREFIX}${item.sha}`,
     metadata: {
       path: item.path,
@@ -189,10 +245,11 @@ export const githubConnector: ConnectorConfig = {
     } else {
       const tree = await fetchTree(accessToken, owner, repo, branch)
 
-      // Filter by path prefix and extensions
+      // Filter by path prefix, extensions, and size
       const filtered = tree.filter((item) => {
         if (pathPrefix && !item.path.startsWith(pathPrefix)) return false
         if (!matchesExtension(item.path, extSet)) return false
+        if (typeof item.size === 'number' && item.size > MAX_FILE_SIZE) return false
         return true
       })
 
@@ -252,15 +309,49 @@ export const githubConnector: ConnectorConfig = {
 
       if (!response.ok) {
         if (response.status === 404) return null
+        if (response.status === 403) {
+          logger.info('Skipping GitHub file rejected by Contents API', {
+            path,
+            status: response.status,
+          })
+          return null
+        }
         throw new Error(`Failed to fetch file ${path}: ${response.status}`)
       }
 
       const lastModifiedHeader = response.headers.get('last-modified') || undefined
       const data = await response.json()
-      const content =
-        data.encoding === 'base64'
-          ? Buffer.from(data.content as string, 'base64').toString('utf-8')
-          : (data.content as string) || ''
+
+      const size = typeof data.size === 'number' ? data.size : 0
+      if (size > MAX_FILE_SIZE) {
+        logger.info('Skipping GitHub file exceeding size limit', {
+          path,
+          size,
+          limit: MAX_FILE_SIZE,
+        })
+        return null
+      }
+
+      const rawContent = (data.content as string) || ''
+      const encoding = data.encoding as string | undefined
+      let content: string
+      if (encoding === 'base64' && rawContent.length > 0) {
+        const buf = Buffer.from(rawContent, 'base64')
+        if (isBinaryBuffer(buf)) {
+          logger.info('Skipping binary GitHub file', { path, size })
+          return null
+        }
+        content = buf.toString('utf8')
+      } else if (encoding === 'none' && data.sha && size > 0) {
+        const blobContent = await fetchBlobContent(accessToken, owner, repo, data.sha as string)
+        if (blobContent === null) {
+          logger.info('Skipping binary GitHub file', { path, size })
+          return null
+        }
+        content = blobContent
+      } else {
+        content = ''
+      }
 
       return {
         externalId,
@@ -268,7 +359,7 @@ export const githubConnector: ConnectorConfig = {
         content,
         contentDeferred: false,
         mimeType: 'text/plain',
-        sourceUrl: `https://github.com/${owner}/${repo}/blob/${encodeURIComponent(branch)}/${path.split('/').map(encodeURIComponent).join('/')}`,
+        sourceUrl: `https://github.com/${owner}/${repo}/blob/${branch.split('/').map(encodeURIComponent).join('/')}/${path.split('/').map(encodeURIComponent).join('/')}`,
         contentHash: `${GIT_SHA_PREFIX}${data.sha as string}`,
         metadata: {
           path,
diff --git a/apps/sim/connectors/google-docs/google-docs.ts b/apps/sim/connectors/google-docs/google-docs.ts
index 570413516fa..33821bea166 100644
--- a/apps/sim/connectors/google-docs/google-docs.ts
+++ b/apps/sim/connectors/google-docs/google-docs.ts
@@ -84,14 +84,22 @@ function extractTextFromDocsBody(doc: DocsDocument): string {
     if (!paragraph?.elements) continue
 
     const prefix = headingPrefix(paragraph.paragraphStyle?.namedStyleType)
-    const text = paragraph.elements.map((el) => el.textRun?.content ?? '').join('')
+    /**
+     * Each paragraph's final `textRun.content` already ends with `\n`. Strip
+     * it before joining with `\n` so a heading followed by a body paragraph
+     * is separated by a single newline, not two.
+     */
+    const text = paragraph.elements
+      .map((el) => el.textRun?.content ?? '')
+      .join('')
+      .replace(/\n+$/, '')
 
     if (text.trim()) {
       parts.push(`${prefix}${text}`)
     }
   }
 
-  return parts.join('').trim()
+  return parts.join('\n').trim()
 }
 
 /**
@@ -349,8 +357,7 @@ export const googleDocsConnector: ConnectorConfig = {
 
       return { valid: true }
     } catch (error) {
-      const message = error instanceof Error ? error.message : 'Failed to validate configuration'
-      return { valid: false, error: message }
+      return { valid: false, error: toError(error).message || 'Failed to validate configuration' }
     }
   },
 
diff --git a/apps/sim/connectors/jira/jira.ts b/apps/sim/connectors/jira/jira.ts
index ea883f77a03..0341d15b81d 100644
--- a/apps/sim/connectors/jira/jira.ts
+++ b/apps/sim/connectors/jira/jira.ts
@@ -1,4 +1,5 @@
 import { createLogger } from '@sim/logger'
+import { toError } from '@sim/utils/errors'
 import { JiraIcon } from '@/components/icons'
 import { fetchWithRetry, VALIDATE_RETRY_OPTIONS } from '@/lib/knowledge/documents/utils'
 import type { ConnectorConfig, ExternalDocument, ExternalDocumentList } from '@/connectors/types'
@@ -164,24 +165,42 @@ export const jiraConnector: ConnectorConfig = {
       jql = `project = "${safeKey}" AND (${jqlFilter.trim()}) ORDER BY updated DESC`
     }
 
-    const startAt = cursor ? Number(cursor) : 0
+    /**
+     * Collected-count is encoded in the cursor as `${pageToken}|${count}` so
+     * the maxIssues cap works correctly even when the caller doesn't pass
+     * syncContext. Falls back to syncContext.collectedCount for backwards
+     * compatibility with cursors emitted before this format existed.
+     */
+    let pageToken: string | undefined
+    let collectedSoFar = (syncContext?.collectedCount as number | undefined) ?? 0
+    if (cursor) {
+      const sep = cursor.lastIndexOf('|')
+      if (sep > 0) {
+        pageToken = cursor.slice(0, sep)
+        const parsed = Number(cursor.slice(sep + 1))
+        if (Number.isFinite(parsed) && parsed >= 0) collectedSoFar = parsed
+      } else {
+        pageToken = cursor
+      }
+    }
 
-    const params = new URLSearchParams()
-    params.append('jql', jql)
-    params.append('startAt', String(startAt))
-    const remaining = maxIssues > 0 ? Math.max(0, maxIssues - startAt) : PAGE_SIZE
-    if (remaining === 0) {
+    const remaining = maxIssues > 0 ? Math.max(0, maxIssues - collectedSoFar) : PAGE_SIZE
+    if (maxIssues > 0 && remaining === 0) {
       return { documents: [], hasMore: false }
     }
+
+    const params = new URLSearchParams()
+    params.append('jql', jql)
     params.append('maxResults', String(Math.min(PAGE_SIZE, remaining)))
     params.append(
       'fields',
       'summary,issuetype,status,priority,assignee,reporter,project,labels,created,updated'
     )
+    if (pageToken) params.append('nextPageToken', pageToken)
 
-    const url = `https://api.atlassian.com/ex/jira/${cloudId}/rest/api/3/search?${params.toString()}`
+    const url = `https://api.atlassian.com/ex/jira/${cloudId}/rest/api/3/search/jql?${params.toString()}`
 
-    logger.info(`Listing Jira issues for project ${projectKey}`, { startAt })
+    logger.info(`Listing Jira issues for project ${projectKey}`, { hasCursor: Boolean(cursor) })
 
     const response = await fetchWithRetry(url, {
       method: 'GET',
@@ -201,17 +220,31 @@ export const jiraConnector: ConnectorConfig = {
     }
 
     const data = await response.json()
-    const issues = (data.issues || []) as Record<string, unknown>[]
-    const total = (data.total as number) ?? 0
+    let issues = (data.issues || []) as Record<string, unknown>[]
+    /**
+     * `/rest/api/3/search/jql` signals end-of-results purely by the absence
+     * of `nextPageToken`. `data.isLast` is unreliable on this endpoint and
+     * has been observed returning `true` alongside a valid token
+     * (JRACLOUD-95477), so we ignore it.
+     */
+    const nextPageToken = data.nextPageToken as string | undefined
+    const isLast = !nextPageToken
+
+    if (maxIssues > 0 && issues.length > remaining) {
+      issues = issues.slice(0, remaining)
+    }
 
     const documents: ExternalDocument[] = issues.map((issue) => issueToStub(issue, domain))
 
-    const nextStart = startAt + issues.length
-    const hasMore = nextStart < total && (maxIssues <= 0 || nextStart < maxIssues)
+    const newCollected = collectedSoFar + issues.length
+    if (syncContext) syncContext.collectedCount = newCollected
+
+    const reachedCap = maxIssues > 0 && newCollected >= maxIssues
+    const hasMore = !isLast && !reachedCap
 
     return {
       documents,
-      nextCursor: hasMore ? String(nextStart) : undefined,
+      nextCursor: hasMore && nextPageToken ? `${nextPageToken}|${newCollected}` : undefined,
       hasMore,
     }
   },
@@ -273,14 +306,14 @@ export const jiraConnector: ConnectorConfig = {
     const jqlFilter = (sourceConfig.jql as string | undefined)?.trim() || ''
 
     try {
-      const cloudId = await getJiraCloudId(domain, accessToken)
+      const cloudId = await getJiraCloudId(domain, accessToken, VALIDATE_RETRY_OPTIONS)
 
       const params = new URLSearchParams()
       const safeKey = projectKey.replace(/\\/g, '\\\\').replace(/"/g, '\\"')
       params.append('jql', `project = "${safeKey}"`)
-      params.append('maxResults', '0')
+      params.append('maxResults', '1')
 
-      const url = `https://api.atlassian.com/ex/jira/${cloudId}/rest/api/3/search?${params.toString()}`
+      const url = `https://api.atlassian.com/ex/jira/${cloudId}/rest/api/3/search/jql?${params.toString()}`
       const response = await fetchWithRetry(
         url,
         {
@@ -304,9 +337,9 @@ export const jiraConnector: ConnectorConfig = {
       if (jqlFilter) {
         const filterParams = new URLSearchParams()
         filterParams.append('jql', `project = "${safeKey}" AND (${jqlFilter})`)
-        filterParams.append('maxResults', '0')
+        filterParams.append('maxResults', '1')
 
-        const filterUrl = `https://api.atlassian.com/ex/jira/${cloudId}/rest/api/3/search?${filterParams.toString()}`
+        const filterUrl = `https://api.atlassian.com/ex/jira/${cloudId}/rest/api/3/search/jql?${filterParams.toString()}`
         const filterResponse = await fetchWithRetry(
           filterUrl,
           {
@@ -326,8 +359,7 @@ export const jiraConnector: ConnectorConfig = {
 
       return { valid: true }
     } catch (error) {
-      const message = error instanceof Error ? error.message : 'Failed to validate configuration'
-      return { valid: false, error: message }
+      return { valid: false, error: toError(error).message || 'Failed to validate configuration' }
     }
   },
 
diff --git a/apps/sim/connectors/obsidian/obsidian.ts b/apps/sim/connectors/obsidian/obsidian.ts
index bf570b96af1..964aa33b573 100644
--- a/apps/sim/connectors/obsidian/obsidian.ts
+++ b/apps/sim/connectors/obsidian/obsidian.ts
@@ -215,8 +215,15 @@ export const obsidianConnector: ConnectorConfig = {
     const offset = cursor ? Number(cursor) : 0
     const pageFiles = allFiles.slice(offset, offset + DOCS_PER_PAGE)
 
-    const syncRunId = (syncContext?.syncRunId as string) ?? ''
-
+    /**
+     * The Obsidian Local REST API directory listing returns just
+     * `{ files: string[] }` — no `stat`/`mtime` and no `HEAD` support to read
+     * `Last-Modified`, so the stub cannot encode change-detection state. Every
+     * file is therefore re-hydrated via `getDocument` on every sync. The
+     * post-hydration hash compare in the sync engine
+     * (`existing.contentHash === hydratedHash`) prevents redundant DB writes
+     * when `mtime` is unchanged.
+     */
     const documents: ExternalDocument[] = pageFiles.map((filePath) => ({
       externalId: filePath,
       title: titleFromPath(filePath),
@@ -224,7 +231,7 @@ export const obsidianConnector: ConnectorConfig = {
       contentDeferred: true,
       mimeType: 'text/plain' as const,
       sourceUrl: `${baseUrl}/vault/${filePath.split('/').map(encodeURIComponent).join('/')}`,
-      contentHash: `obsidian:stub:${filePath}:${syncRunId}`,
+      contentHash: `obsidian:${filePath}`,
       metadata: {
         folder: filePath.includes('/') ? filePath.substring(0, filePath.lastIndexOf('/')) : '',
       },
@@ -306,17 +313,23 @@ export const obsidianConnector: ConnectorConfig = {
         VALIDATE_RETRY_OPTIONS
       )
 
-      if (response.status === 401 || response.status === 403) {
+      if (!response.ok) {
+        return { valid: false, error: `Obsidian API returned status ${response.status}` }
+      }
+
+      /**
+       * `GET /` is the only public endpoint and returns 200 regardless of auth;
+       * the response body's `authenticated` field is the actual auth signal.
+       * See https://coddingtonbear.github.io/obsidian-local-rest-api/.
+       */
+      const data = (await response.json()) as { authenticated?: boolean }
+      if (!data?.authenticated) {
         return {
           valid: false,
           error: 'Invalid API key — check your Obsidian Local REST API settings',
         }
       }
 
-      if (!response.ok) {
-        return { valid: false, error: `Obsidian API returned status ${response.status}` }
-      }
-
       const folderPath = (sourceConfig.folderPath as string) || ''
       if (folderPath.trim()) {
         const entries = await listDirectory(
diff --git a/apps/sim/connectors/salesforce/salesforce.ts b/apps/sim/connectors/salesforce/salesforce.ts
index c090ad91559..f373c34249e 100644
--- a/apps/sim/connectors/salesforce/salesforce.ts
+++ b/apps/sim/connectors/salesforce/salesforce.ts
@@ -1,4 +1,5 @@
 import { createLogger } from '@sim/logger'
+import { toError } from '@sim/utils/errors'
 import { SalesforceIcon } from '@/components/icons'
 import { fetchWithRetry, VALIDATE_RETRY_OPTIONS } from '@/lib/knowledge/documents/utils'
 import type { ConnectorConfig, ExternalDocument, ExternalDocumentList } from '@/connectors/types'
@@ -6,7 +7,13 @@ import { htmlToPlainText, parseTagDate } from '@/connectors/utils'
 
 const logger = createLogger('SalesforceConnector')
 
-const USERINFO_URL = 'https://login.salesforce.com/services/oauth2/userinfo'
+/**
+ * Salesforce serves the userinfo endpoint at the org's authentication host.
+ * Tokens issued at test.salesforce.com (sandbox) are rejected at login.salesforce.com,
+ * so we try each host in order and cache the working one in syncContext.
+ */
+const USERINFO_HOSTS = ['https://login.salesforce.com', 'https://test.salesforce.com'] as const
+const USERINFO_PATH = '/services/oauth2/userinfo'
 const API_VERSION = 'v62.0'
 const PAGE_SIZE = 200
 
@@ -35,9 +42,75 @@ const OBJECT_FIELDS: Record<string, string[]> = {
 
 /** SOQL WHERE clause additions per object type. */
 const OBJECT_WHERE: Record<string, string> = {
-  KnowledgeArticleVersion: " WHERE PublishStatus='Online' AND Language='en_US'",
+  KnowledgeArticleVersion:
+    " WHERE PublishStatus='Online' AND IsLatestVersion=true AND Language='en_US'",
 } as const
 
+/**
+ * Result of a userinfo lookup: either the parsed payload + the auth host that
+ * served it, or a structured failure describing the last response we saw.
+ */
+type UserinfoResult =
+  | { ok: true; data: Record<string, unknown>; host: string }
+  | { ok: false; status: number | undefined; errorText: string }
+
+/**
+ * Fetches the Salesforce userinfo payload, trying each candidate auth host in
+ * order. Sandbox-issued tokens are rejected at login.salesforce.com with 401/403,
+ * so on those statuses we fall through to test.salesforce.com. The working host
+ * is cached in syncContext under `_salesforceInstanceUrl` so subsequent calls in
+ * the same sync run skip the fallback dance.
+ */
+async function fetchUserinfo(
+  accessToken: string,
+  retryOptions?: Parameters<typeof fetchWithRetry>[2],
+  syncContext?: Record<string, unknown>
+): Promise<UserinfoResult> {
+  const cachedHost =
+    typeof syncContext?._salesforceInstanceUrl === 'string'
+      ? (syncContext._salesforceInstanceUrl as string)
+      : undefined
+  const orderedHosts = cachedHost
+    ? [cachedHost, ...USERINFO_HOSTS.filter((h) => h !== cachedHost)]
+    : [...USERINFO_HOSTS]
+
+  let lastStatus: number | undefined
+  let lastErrorText = ''
+
+  for (const host of orderedHosts) {
+    const response = await fetchWithRetry(
+      `${host}${USERINFO_PATH}`,
+      {
+        method: 'GET',
+        headers: {
+          Accept: 'application/json',
+          Authorization: `Bearer ${accessToken}`,
+        },
+      },
+      retryOptions
+    )
+
+    if (response.ok) {
+      const data = (await response.json()) as Record<string, unknown>
+      if (syncContext) {
+        syncContext._salesforceInstanceUrl = host
+      }
+      return { ok: true, data, host }
+    }
+
+    lastStatus = response.status
+    lastErrorText = await response.text()
+
+    // Only fall through to the next host on auth-shaped failures; surface
+    // other errors (e.g. 5xx) immediately so we don't mask real problems.
+    if (response.status !== 401 && response.status !== 403) {
+      break
+    }
+  }
+
+  return { ok: false, status: lastStatus, errorText: lastErrorText }
+}
+
 /**
  * Resolves the Salesforce instance REST URL from the userinfo endpoint.
  * Caches the result in syncContext to avoid repeated calls.
@@ -50,21 +123,14 @@ async function resolveInstanceUrl(
     return syncContext.instanceUrl as string
   }
 
-  const response = await fetchWithRetry(USERINFO_URL, {
-    method: 'GET',
-    headers: {
-      Accept: 'application/json',
-      Authorization: `Bearer ${accessToken}`,
-    },
-  })
-
-  if (!response.ok) {
-    const errorText = await response.text()
-    throw new Error(`Failed to resolve Salesforce instance URL: ${response.status} - ${errorText}`)
+  const result = await fetchUserinfo(accessToken, undefined, syncContext)
+  if (!result.ok) {
+    throw new Error(
+      `Failed to resolve Salesforce instance URL: ${result.status ?? 'unknown'} - ${result.errorText}`
+    )
   }
 
-  const data = await response.json()
-  const urls = data.urls as Record<string, string> | undefined
+  const urls = result.data.urls as Record<string, string> | undefined
   let restUrl = urls?.rest
 
   if (!restUrl) {
@@ -321,11 +387,10 @@ export const salesforceConnector: ConnectorConfig = {
 
     let instanceUrl = syncContext?.instanceUrl as string | undefined
     if (!instanceUrl) {
-      instanceUrl = await resolveInstanceUrl(accessToken)
-      if (syncContext) syncContext.instanceUrl = instanceUrl
+      instanceUrl = await resolveInstanceUrl(accessToken, syncContext)
     }
 
-    const url = `${instanceUrl}sobjects/${objectType}/${externalId}?fields=${fields.join(',')}`
+    const url = `${instanceUrl}sobjects/${objectType}/${encodeURIComponent(externalId)}?fields=${fields.join(',')}`
 
     const response = await fetchWithRetry(url, {
       method: 'GET',
@@ -372,28 +437,16 @@ export const salesforceConnector: ConnectorConfig = {
     }
 
     try {
-      const userinfoResponse = await fetchWithRetry(
-        USERINFO_URL,
-        {
-          method: 'GET',
-          headers: {
-            Accept: 'application/json',
-            Authorization: `Bearer ${accessToken}`,
-          },
-        },
-        VALIDATE_RETRY_OPTIONS
-      )
+      const userinfoResult = await fetchUserinfo(accessToken, VALIDATE_RETRY_OPTIONS)
 
-      if (!userinfoResponse.ok) {
-        const errorText = await userinfoResponse.text()
+      if (!userinfoResult.ok) {
         return {
           valid: false,
-          error: `Failed to authenticate with Salesforce: ${userinfoResponse.status} - ${errorText}`,
+          error: `Failed to authenticate with Salesforce: ${userinfoResult.status ?? 'unknown'} - ${userinfoResult.errorText}`,
         }
       }
 
-      const userinfo = await userinfoResponse.json()
-      const urls = userinfo.urls as Record<string, string> | undefined
+      const urls = userinfoResult.data.urls as Record<string, string> | undefined
       let restUrl = urls?.rest
 
       if (!restUrl) {
@@ -427,8 +480,7 @@ export const salesforceConnector: ConnectorConfig = {
 
       return { valid: true }
     } catch (error) {
-      const message = error instanceof Error ? error.message : 'Failed to validate configuration'
-      return { valid: false, error: message }
+      return { valid: false, error: toError(error).message || 'Failed to validate configuration' }
     }
   },
 
diff --git a/apps/sim/connectors/servicenow/servicenow.ts b/apps/sim/connectors/servicenow/servicenow.ts
index fa9905bc1b8..d8b921bddff 100644
--- a/apps/sim/connectors/servicenow/servicenow.ts
+++ b/apps/sim/connectors/servicenow/servicenow.ts
@@ -11,6 +11,26 @@ const logger = createLogger('ServiceNowConnector')
 const DEFAULT_MAX_ITEMS = 500
 const PAGE_SIZE = 100
 
+/**
+ * ServiceNow sys_id whitelist: 32-character lowercase hex strings.
+ *
+ * The encoded query language uses `^` as the AND separator and `^OR` as the
+ * OR separator with no escape syntax, so any user-supplied value interpolated
+ * into a `sysparm_query` clause must be validated up front. Path-based
+ * fetches (`/api/now/table/{table}/{sys_id}`) likewise treat the sys_id as a
+ * URL path segment and must be constrained to safe characters.
+ */
+const SYS_ID_PATTERN = /^[a-f0-9]{32}$/i
+const NUMERIC_ID_PATTERN = /^\d+$/
+/**
+ * Reject characters that have meaning in a ServiceNow encoded query
+ * (`^` is the operator separator; control chars and quotes can break the
+ * URL). All other Unicode characters — including accented letters used in
+ * categories like "Général" or "Ação" — are allowed.
+ */
+const KB_CATEGORY_DISALLOWED = /[\^"'`\u0000-\u001f\u007f]/
+const VALID_WORKFLOW_STATES = new Set(['published', 'draft', 'review', 'retired', 'outdated'])
+
 interface ServiceNowRecord {
   sys_id: string
   sys_updated_on?: string
@@ -123,6 +143,50 @@ async function serviceNowApiGet(
   }
 }
 
+/**
+ * Fetches a single ServiceNow record by sys_id via the path-based Table API
+ * endpoint (`GET /api/now/table/{tableName}/{sys_id}`), which returns a
+ * `{ result: <record> }` object rather than the array shape returned by the
+ * list endpoint. Returns `null` when the record is not found (404).
+ */
+async function serviceNowApiGetById(
+  instanceUrl: string,
+  tableName: string,
+  sysId: string,
+  authHeader: string,
+  params: Record<string, string>,
+  retryOptions?: Parameters<typeof fetchWithRetry>[2]
+): Promise<Record<string, unknown> | null> {
+  const queryParams = new URLSearchParams(params)
+  const queryString = queryParams.toString()
+  const url = `${instanceUrl}/api/now/table/${tableName}/${sysId}${queryString ? `?${queryString}` : ''}`
+
+  const response = await fetchWithRetry(
+    url,
+    {
+      method: 'GET',
+      headers: {
+        Authorization: authHeader,
+        Accept: 'application/json',
+        'Content-Type': 'application/json',
+      },
+    },
+    retryOptions
+  )
+
+  if (response.status === 404) {
+    return null
+  }
+
+  if (!response.ok) {
+    const errorText = await response.text().catch(() => 'Unknown error')
+    throw new Error(`ServiceNow API error (${response.status}): ${errorText}`)
+  }
+
+  const data = (await response.json()) as { result?: Record<string, unknown> }
+  return data.result ?? null
+}
+
 function isServiceNowRecord(record: unknown): record is ServiceNowRecord & Record<string, unknown> {
   return (
     typeof record === 'object' &&
@@ -206,6 +270,11 @@ function priorityLabel(priority: string | undefined): string {
  */
 function kbArticleToDocument(article: KBArticle, instanceUrl: string): ExternalDocument {
   const title = rawValue(article.short_description) || rawValue(article.number) || article.sys_id
+  /**
+   * Wiki-template KB articles populate `wiki` with the body and leave
+   * `text` empty; HTML-template articles do the opposite. Falling back
+   * to `wiki` keeps both layouts indexable.
+   */
   const articleText = rawValue(article.text) || rawValue(article.wiki) || ''
   const content = htmlToPlainText(articleText)
   const sysId = rawValue(article.sys_id) || article.sys_id
@@ -308,12 +377,25 @@ function buildKBQuery(sourceConfig: Record<string, unknown>): string {
 
   const workflowState = sourceConfig.workflowState as string | undefined
   if (workflowState && workflowState !== 'all') {
-    parts.push(`workflow_state=${workflowState}`)
+    if (VALID_WORKFLOW_STATES.has(workflowState)) {
+      parts.push(`workflow_state=${workflowState}`)
+    } else {
+      logger.warn('Skipping workflowState filter: value is not in the allowed set', {
+        workflowState,
+      })
+    }
   }
 
   const kbCategory = sourceConfig.kbCategory as string | undefined
-  if (kbCategory?.trim()) {
-    parts.push(`kb_category.label=${kbCategory.trim()}`)
+  const trimmedCategory = kbCategory?.trim()
+  if (trimmedCategory) {
+    if (!KB_CATEGORY_DISALLOWED.test(trimmedCategory)) {
+      parts.push(`kb_category.label=${trimmedCategory}`)
+    } else {
+      logger.warn('Skipping kbCategory filter: value contains disallowed characters', {
+        kbCategory: trimmedCategory,
+      })
+    }
   }
 
   parts.push('ORDERBYDESCsys_updated_on')
@@ -328,12 +410,22 @@ function buildIncidentQuery(sourceConfig: Record<string, unknown>): string {
 
   const incidentState = sourceConfig.incidentState as string | undefined
   if (incidentState && incidentState !== 'all') {
-    parts.push(`state=${incidentState}`)
+    if (NUMERIC_ID_PATTERN.test(incidentState)) {
+      parts.push(`state=${incidentState}`)
+    } else {
+      logger.warn('Skipping incidentState filter: value is not a numeric ID', { incidentState })
+    }
   }
 
   const incidentPriority = sourceConfig.incidentPriority as string | undefined
   if (incidentPriority && incidentPriority !== 'all') {
-    parts.push(`priority=${incidentPriority}`)
+    if (NUMERIC_ID_PATTERN.test(incidentPriority)) {
+      parts.push(`priority=${incidentPriority}`)
+    } else {
+      logger.warn('Skipping incidentPriority filter: value is not a numeric ID', {
+        incidentPriority,
+      })
+    }
   }
 
   parts.push('ORDERBYDESCsys_updated_on')
@@ -393,6 +485,7 @@ export const servicenowConnector: ConnectorConfig = {
         { label: 'Draft', id: 'draft' },
         { label: 'Review', id: 'review' },
         { label: 'Retired', id: 'retired' },
+        { label: 'Outdated', id: 'outdated' },
       ],
     },
     {
@@ -416,6 +509,7 @@ export const servicenowConnector: ConnectorConfig = {
         { label: 'On Hold', id: '3' },
         { label: 'Resolved', id: '6' },
         { label: 'Closed', id: '7' },
+        { label: 'Canceled', id: '8' },
       ],
     },
     {
@@ -533,6 +627,14 @@ export const servicenowConnector: ConnectorConfig = {
     const isKB = contentType === 'kb_knowledge'
     const tableName = isKB ? 'kb_knowledge' : 'incident'
 
+    if (!SYS_ID_PATTERN.test(externalId)) {
+      logger.warn('Rejecting ServiceNow getDocument with invalid sys_id', {
+        externalId,
+        table: tableName,
+      })
+      return null
+    }
+
     const fields = isKB
       ? 'sys_id,short_description,text,wiki,workflow_state,kb_category,kb_knowledge_base,number,author,sys_created_by,sys_updated_by,sys_updated_on,sys_created_on'
       : 'sys_id,number,short_description,description,state,priority,category,assigned_to,opened_by,close_notes,resolution_notes,sys_created_by,sys_updated_by,sys_updated_on,sys_created_on'
@@ -540,19 +642,11 @@ export const servicenowConnector: ConnectorConfig = {
     const instanceUrl = resolveServiceNowInstanceUrl(sourceConfig.instanceUrl as string)
 
     try {
-      const { result } = await serviceNowApiGet(instanceUrl, tableName, authHeader, {
-        sysparm_query: `sys_id=${externalId}`,
-        sysparm_limit: '1',
-        sysparm_offset: '0',
+      const record = await serviceNowApiGetById(instanceUrl, tableName, externalId, authHeader, {
         sysparm_fields: fields,
         sysparm_display_value: 'all',
       })
 
-      if (!result || result.length === 0) {
-        return null
-      }
-
-      const record = result[0]
       if (!record || !isServiceNowRecord(record)) {
         return null
       }
diff --git a/apps/sim/connectors/slack/slack.ts b/apps/sim/connectors/slack/slack.ts
index 271c6f46527..209a6fb4231 100644
--- a/apps/sim/connectors/slack/slack.ts
+++ b/apps/sim/connectors/slack/slack.ts
@@ -3,7 +3,7 @@ import { toError } from '@sim/utils/errors'
 import { SlackIcon } from '@/components/icons'
 import { fetchWithRetry, VALIDATE_RETRY_OPTIONS } from '@/lib/knowledge/documents/utils'
 import type { ConnectorConfig, ExternalDocument, ExternalDocumentList } from '@/connectors/types'
-import { computeContentHash, parseTagDate } from '@/connectors/utils'
+import { parseTagDate } from '@/connectors/utils'
 
 const logger = createLogger('SlackConnector')
 
@@ -11,12 +11,42 @@ const SLACK_API_BASE = 'https://slack.com/api'
 const DEFAULT_MAX_MESSAGES = 1000
 const MESSAGES_PER_PAGE = 200
 
+/**
+ * Message subtypes that carry no user-authored text (channel events, bot
+ * lifecycle, etc.). Per https://api.slack.com/events/message every other
+ * subtype — `bot_message`, `file_share`, `me_message`, `thread_broadcast`,
+ * `reminder_add`, `file_comment`, etc. — can carry meaningful content.
+ */
+const SLACK_NOISE_SUBTYPES = new Set([
+  'channel_join',
+  'channel_leave',
+  'channel_topic',
+  'channel_purpose',
+  'channel_name',
+  'channel_archive',
+  'channel_unarchive',
+  'group_join',
+  'group_leave',
+  'group_topic',
+  'group_purpose',
+  'group_name',
+  'group_archive',
+  'group_unarchive',
+  'pinned_item',
+  'unpinned_item',
+  'bot_add',
+  'bot_remove',
+])
+
 interface SlackMessage {
   type: string
   user?: string
   text?: string
   ts: string
   subtype?: string
+  edited?: { ts: string; user?: string }
+  latest_reply?: string
+  reply_count?: number
 }
 
 interface SlackChannel {
@@ -130,7 +160,7 @@ async function fetchChannelMessages(
   accessToken: string,
   channelId: string,
   maxMessages: number
-): Promise<{ messages: SlackMessage[]; lastActivityTs?: string }> {
+): Promise<{ messages: SlackMessage[]; lastActivityTs?: string; oldestTs?: string }> {
   const allMessages: SlackMessage[] = []
   let cursor: string | undefined
   let lastActivityTs: string | undefined
@@ -162,7 +192,9 @@ async function fetchChannelMessages(
     cursor = nextCursor
   }
 
-  return { messages: allMessages.slice(0, maxMessages), lastActivityTs }
+  const trimmed = allMessages.slice(0, maxMessages)
+  const oldestTs = trimmed.length > 0 ? trimmed[trimmed.length - 1].ts : undefined
+  return { messages: trimmed, lastActivityTs, oldestTs }
 }
 
 /**
@@ -182,7 +214,13 @@ async function formatMessages(
   for (const msg of chronological) {
     // Skip non-user messages (join/leave, bot messages without text, etc.)
     if (!msg.text) continue
-    if (msg.subtype && msg.subtype !== 'bot_message' && msg.subtype !== 'file_share') continue
+    /**
+     * Drop only known noise subtypes (channel join/leave/topic events,
+     * bot add/remove, etc.). Per https://api.slack.com/events/message any
+     * subtype with user-authored text — `thread_broadcast`, `me_message`,
+     * `bot_message`, `file_share`, `reminder_add`, etc. — should be kept.
+     */
+    if (msg.subtype && SLACK_NOISE_SUBTYPES.has(msg.subtype)) continue
 
     const timestamp = formatSlackTimestamp(msg.ts)
     const userName = msg.user
@@ -204,8 +242,9 @@ async function resolveChannel(
 ): Promise<SlackChannel | null> {
   const trimmed = channelInput.trim().replace(/^#/, '')
 
-  // If it looks like a channel ID (starts with C, D, or G), try direct lookup
-  if (/^[CDG][A-Z0-9]+$/.test(trimmed)) {
+  // If it looks like a channel ID (public C / private G), try direct lookup.
+  // DMs (D...) and MPIMs require im:*/mpim:* scopes, which we do not request.
+  if (/^[CG][A-Z0-9]+$/.test(trimmed)) {
     try {
       const data = await slackApiGet('conversations.info', accessToken, { channel: trimmed })
       return data.channel as SlackChannel
@@ -239,6 +278,93 @@ async function resolveChannel(
   return null
 }
 
+/**
+ * Resolves the Slack team ID for the current token, caching the result on
+ * `syncContext._slackTeamId` to avoid repeated `auth.test` calls. The team ID
+ * is stable per token, so caching for the lifetime of a sync is safe.
+ */
+async function resolveTeamId(
+  accessToken: string,
+  syncContext?: Record<string, unknown>
+): Promise<string | undefined> {
+  const cacheKey = '_slackTeamId'
+  if (syncContext && typeof syncContext[cacheKey] === 'string') {
+    return syncContext[cacheKey] as string
+  }
+
+  try {
+    const authData = await slackApiGet('auth.test', accessToken, {})
+    const teamId = authData.team_id as string | undefined
+    if (teamId && syncContext) {
+      syncContext[cacheKey] = teamId
+    }
+    return teamId
+  } catch (error) {
+    logger.warn('Failed to resolve Slack team ID', {
+      error: toError(error).message,
+    })
+    return undefined
+  }
+}
+
+/**
+ * Builds a channel document payload shared by `listDocuments` and `getDocument`.
+ *
+ * The `contentHash` is derived from stable Slack metadata — channel ID, the
+ * newest message `ts`, and the message count — rather than the formatted text.
+ * This keeps the hash deterministic across calls even though the formatted
+ * content depends on the user-name cache state and the sliding message window.
+ *
+ * Each Slack message has a unique, stable `ts` per channel
+ * (https://api.slack.com/methods/conversations.history), so `lastActivityTs`
+ * uniquely identifies the newest message included in the document.
+ */
+async function buildSlackChannelDocument(
+  accessToken: string,
+  channel: SlackChannel,
+  maxMessages: number,
+  syncContext?: Record<string, unknown>
+): Promise<{
+  content: string
+  contentHash: string
+  messageCount: number
+  lastActivityTs?: string
+}> {
+  const { messages, lastActivityTs, oldestTs } = await fetchChannelMessages(
+    accessToken,
+    channel.id,
+    maxMessages
+  )
+
+  const content = await formatMessages(accessToken, messages, syncContext)
+  const messageCount = messages.length
+
+  /**
+   * Edit/thread fingerprint: max(edited.ts) and max(latest_reply) across the
+   * window. `ts` is immutable for messages, so without these signals an
+   * in-place edit (chat.update) or a new threaded reply would not change the
+   * channel hash. Slack returns `edited.ts` only when a message was edited
+   * and `latest_reply` only when threaded replies exist.
+   */
+  let maxEditTs = ''
+  let maxReplyTs = ''
+  let totalReplies = 0
+  for (const m of messages) {
+    if (m.edited?.ts && m.edited.ts > maxEditTs) maxEditTs = m.edited.ts
+    if (m.latest_reply && m.latest_reply > maxReplyTs) maxReplyTs = m.latest_reply
+    if (typeof m.reply_count === 'number') totalReplies += m.reply_count
+  }
+
+  /**
+   * `latest_reply` alone misses reply edits and deletes. Folding `reply_count`
+   * in catches deletes (count drops) but still cannot detect reply edits
+   * without fetching `conversations.replies` for each parent.
+   */
+  const contentHash = `slack:${channel.id}:${oldestTs ?? 'empty'}:${lastActivityTs ?? 'empty'}:${messageCount}:${maxEditTs || 'noedit'}:${maxReplyTs || 'noreply'}:${totalReplies}`
+
+  return { content, contentHash, messageCount, lastActivityTs }
+}
+
 export const slackConnector: ConnectorConfig = {
   id: 'slack',
   name: 'Slack',
@@ -311,31 +437,21 @@ export const slackConnector: ConnectorConfig = {
       throw new Error(`Channel not found: ${channelInput}`)
     }
 
-    const { messages, lastActivityTs } = await fetchChannelMessages(
+    const { content, contentHash, messageCount, lastActivityTs } = await buildSlackChannelDocument(
       accessToken,
-      channel.id,
-      maxMessages
+      channel,
+      maxMessages,
+      syncContext
     )
-
-    const content = await formatMessages(accessToken, messages, syncContext)
     if (!content.trim()) {
       logger.info(`No messages found in channel: #${channel.name}`)
       return { documents: [], hasMore: false }
     }
 
-    const contentHash = await computeContentHash(content)
-
-    // Attempt to get team ID for the source URL
-    let sourceUrl = `https://app.slack.com/client/${channel.id}`
-    try {
-      const authData = await slackApiGet('auth.test', accessToken, {})
-      const teamId = authData.team_id as string | undefined
-      if (teamId) {
-        sourceUrl = `https://app.slack.com/client/${teamId}/${channel.id}`
-      }
-    } catch {
-      // Fall back to URL without team ID
-    }
+    const teamId = await resolveTeamId(accessToken, syncContext)
+    const sourceUrl = teamId
+      ? `https://app.slack.com/client/${teamId}/${channel.id}`
+      : `https://app.slack.com/client/${channel.id}`
 
     const document: ExternalDocument = {
       externalId: channel.id,
@@ -346,7 +462,7 @@ export const slackConnector: ConnectorConfig = {
       contentHash,
       metadata: {
         channelName: channel.name,
-        messageCount: messages.length,
+        messageCount,
         lastActivity: lastActivityTs ? formatSlackTimestamp(lastActivityTs) : undefined,
         topic: channel.topic?.value,
         purpose: channel.purpose?.value,
@@ -374,27 +490,14 @@ export const slackConnector: ConnectorConfig = {
       const data = await slackApiGet('conversations.info', accessToken, { channel: externalId })
       const channel = data.channel as SlackChannel
 
-      const { messages, lastActivityTs } = await fetchChannelMessages(
-        accessToken,
-        externalId,
-        maxMessages
-      )
-
-      const content = await formatMessages(accessToken, messages, syncContext)
+      const { content, contentHash, messageCount, lastActivityTs } =
+        await buildSlackChannelDocument(accessToken, channel, maxMessages, syncContext)
       if (!content.trim()) return null
 
-      const contentHash = await computeContentHash(content)
-
-      let sourceUrl = `https://app.slack.com/client/${channel.id}`
-      try {
-        const authData = await slackApiGet('auth.test', accessToken, {})
-        const teamId = authData.team_id as string | undefined
-        if (teamId) {
-          sourceUrl = `https://app.slack.com/client/${teamId}/${channel.id}`
-        }
-      } catch {
-        // Fall back to URL without team ID
-      }
+      const teamId = await resolveTeamId(accessToken, syncContext)
+      const sourceUrl = teamId
+        ? `https://app.slack.com/client/${teamId}/${channel.id}`
+        : `https://app.slack.com/client/${channel.id}`
 
       return {
         externalId: channel.id,
@@ -405,7 +508,7 @@ export const slackConnector: ConnectorConfig = {
         contentHash,
         metadata: {
           channelName: channel.name,
-          messageCount: messages.length,
+          messageCount,
           lastActivity: lastActivityTs ? formatSlackTimestamp(lastActivityTs) : undefined,
           topic: channel.topic?.value,
           purpose: channel.purpose?.value,
@@ -438,8 +541,9 @@ export const slackConnector: ConnectorConfig = {
     try {
       const trimmed = channelInput.trim().replace(/^#/, '')
 
-      // If it looks like a channel ID, verify directly
-      if (/^[CDG][A-Z0-9]+$/.test(trimmed)) {
+      // If it looks like a channel ID, verify directly. DMs (D...) are excluded
+      // because we don't request im:*/mpim:* scopes — see resolveChannel.
+      if (/^[CG][A-Z0-9]+$/.test(trimmed)) {
         await slackApiGet(
           'conversations.info',
           accessToken,
@@ -478,7 +582,7 @@ export const slackConnector: ConnectorConfig = {
 
       return { valid: false, error: `Channel not found: ${channelInput}` }
     } catch (error) {
-      const message = error instanceof Error ? error.message : 'Failed to validate configuration'
+      const message = toError(error).message || 'Failed to validate configuration'
       return { valid: false, error: message }
     }
   },
diff --git a/apps/sim/connectors/zendesk/zendesk.ts b/apps/sim/connectors/zendesk/zendesk.ts
index 386f0353e15..a71234d1747 100644
--- a/apps/sim/connectors/zendesk/zendesk.ts
+++ b/apps/sim/connectors/zendesk/zendesk.ts
@@ -10,6 +10,9 @@ const logger = createLogger('ZendeskConnector')
 const ARTICLES_PER_PAGE = 30
 const TICKETS_PER_PAGE = 100
 const DEFAULT_MAX_TICKETS = 500
+const SEARCH_API_RESULT_CAP = 1000
+
+const VALID_TICKET_STATUSES = new Set(['new', 'open', 'pending', 'hold', 'solved', 'closed'])
 
 interface ZendeskArticle {
   id: number
@@ -97,7 +100,7 @@ async function fetchArticles(
 ): Promise<ZendeskArticle[]> {
   const allArticles: ZendeskArticle[] = []
   const baseUrl = buildBaseUrl(subdomain)
-  const localePath = locale ? `/${locale}` : ''
+  const localePath = locale ? `/${encodeURIComponent(locale)}` : ''
   let page = 1
 
   while (true) {
@@ -132,7 +135,22 @@ async function fetchTickets(
   let url: string | null = `${baseUrl}/api/v2/tickets.json?per_page=${TICKETS_PER_PAGE}`
 
   if (statusFilter && statusFilter !== 'all') {
-    url = `${baseUrl}/api/v2/search.json?query=type:ticket status:${statusFilter}&per_page=${TICKETS_PER_PAGE}`
+    if (VALID_TICKET_STATUSES.has(statusFilter)) {
+      if (limit > SEARCH_API_RESULT_CAP) {
+        logger.warn(
+          `Zendesk Search API caps at ${SEARCH_API_RESULT_CAP} results; requested limit ${limit} will be truncated. Remove status filter to use the unbounded tickets endpoint.`
+        )
+      }
+      const params = new URLSearchParams({
+        query: `type:ticket status:${statusFilter}`,
+        per_page: String(TICKETS_PER_PAGE),
+      })
+      url = `${baseUrl}/api/v2/search.json?${params.toString()}`
+    } else {
+      logger.warn(
+        `Invalid Zendesk statusFilter "${statusFilter}"; falling back to all tickets. Valid values: ${[...VALID_TICKET_STATUSES].join(', ')}.`
+      )
+    }
   }
 
   while (url && allTickets.length < limit) {
@@ -344,8 +362,10 @@ export const zendeskConnector: ConnectorConfig = {
       description: 'Filter tickets by status (applies only when syncing tickets)',
       options: [
         { label: 'All Statuses', id: 'all' },
+        { label: 'New', id: 'new' },
         { label: 'Open', id: 'open' },
         { label: 'Pending', id: 'pending' },
+        { label: 'On Hold', id: 'hold' },
         { label: 'Solved', id: 'solved' },
         { label: 'Closed', id: 'closed' },
       ],
@@ -496,14 +516,14 @@ export const zendeskConnector: ConnectorConfig = {
       await zendeskApiGet(url, accessToken, sourceConfig, VALIDATE_RETRY_OPTIONS)
       return { valid: true }
     } catch (error) {
-      const message = error instanceof Error ? error.message : 'Failed to validate configuration'
-      return { valid: false, error: message }
+      return { valid: false, error: toError(error).message || 'Failed to validate configuration' }
     }
   },
 
   tagDefinitions: [
     { id: 'contentType', displayName: 'Content Type', fieldType: 'text' },
     { id: 'status', displayName: 'Status', fieldType: 'text' },
+    { id: 'priority', displayName: 'Priority', fieldType: 'text' },
     { id: 'labels', displayName: 'Labels', fieldType: 'text' },
     { id: 'tags', displayName: 'Tags', fieldType: 'text' },
     { id: 'updatedAt', displayName: 'Last Updated', fieldType: 'date' },
@@ -521,6 +541,10 @@ export const zendeskConnector: ConnectorConfig = {
       result.status = metadata.status
     }
 
+    if (typeof metadata.priority === 'string') {
+      result.priority = metadata.priority
+    }
+
     const labels = joinTagArray(metadata.labels)
     if (labels) {
       result.labels = labels
diff --git a/apps/sim/ee/sso/components/sso-auth.tsx b/apps/sim/ee/sso/components/sso-auth.tsx
index 64affa51887..1dd99581741 100644
--- a/apps/sim/ee/sso/components/sso-auth.tsx
+++ b/apps/sim/ee/sso/components/sso-auth.tsx
@@ -6,7 +6,7 @@ import { useRouter } from 'next/navigation'
 import { Input, Label, Loader } from '@/components/emcn'
 import { ApiClientError } from '@/lib/api/client/errors'
 import { requestJson } from '@/lib/api/client/request'
-import { authenticateDeployedChatContract } from '@/lib/api/contracts/chats'
+import { chatSSOContract } from '@/lib/api/contracts/chats'
 import { cn } from '@/lib/core/utils/cn'
 import { quickValidateEmail } from '@/lib/messaging/email/validation'
 import AuthBackground from '@/app/(auth)/components/auth-background'
@@ -69,11 +69,18 @@ export default function SSOAuth({ identifier }: SSOAuthProps) {
     setIsLoading(true)
 
     try {
-      await requestJson(authenticateDeployedChatContract, {
+      const { eligible } = await requestJson(chatSSOContract, {
         params: { identifier },
-        body: { email, checkSSOAccess: true },
+        body: { email },
       })
 
+      if (!eligible) {
+        setEmailErrors(['Email not authorized for this chat'])
+        setShowEmailValidationError(true)
+        setIsLoading(false)
+        return
+      }
+
       const callbackUrl = `/chat/${identifier}`
       const ssoUrl = `/sso?email=${encodeURIComponent(email)}&callbackUrl=${encodeURIComponent(callbackUrl)}`
       router.push(ssoUrl)
diff --git a/apps/sim/hooks/queries/logs.ts b/apps/sim/hooks/queries/logs.ts
index 32d69988852..bd5b0e5e695 100644
--- a/apps/sim/hooks/queries/logs.ts
+++ b/apps/sim/hooks/queries/logs.ts
@@ -33,6 +33,9 @@ export const logKeys = {
     [...logKeys.lists(), workspaceId ?? '', filters] as const,
   details: () => [...logKeys.all, 'detail'] as const,
   detail: (logId: string | undefined) => [...logKeys.details(), logId ?? ''] as const,
+  byExecutionAll: () => [...logKeys.all, 'byExecution'] as const,
+  byExecution: (workspaceId: string | undefined, executionId: string | undefined) =>
+    [...logKeys.byExecutionAll(), workspaceId ?? '', executionId ?? ''] as const,
   stats: () => [...logKeys.all, 'stats'] as const,
   stat: (workspaceId: string | undefined, filters: object) =>
     [...logKeys.stats(), workspaceId ?? '', filters] as const,
@@ -136,6 +139,23 @@ export async function fetchLogDetail(logId: string, signal?: AbortSignal): Promi
   return toWorkflowLog(data)
 }
 
+async function fetchLogByExecutionId(
+  workspaceId: string,
+  executionId: string,
+  signal?: AbortSignal
+): Promise<WorkflowLog | null> {
+  const apiData = await requestJson(listLogsContract, {
+    query: {
+      workspaceId,
+      executionId,
+      details: 'full',
+      limit: 1,
+    },
+    signal,
+  })
+  return apiData.data?.[0] ? toWorkflowLog(apiData.data[0]) : null
+}
+
 interface UseLogsListOptions {
   enabled?: boolean
   refetchInterval?: number | false
@@ -177,6 +197,24 @@ export function useLogDetail(logId: string | undefined, options?: UseLogDetailOp
   })
 }
 
+/**
+ * Looks up a workflow log by its `executionId` (the id stored on table workflow cells).
+ * Returns the full log shape so the LogDetails sidebar can render directly without
+ * an extra detail fetch.
+ */
+export function useLogByExecutionId(
+  workspaceId: string | undefined,
+  executionId: string | null | undefined
+) {
+  return useQuery({
+    queryKey: logKeys.byExecution(workspaceId, executionId ?? undefined),
+    queryFn: ({ signal }) =>
+      fetchLogByExecutionId(workspaceId as string, executionId as string, signal),
+    enabled: Boolean(workspaceId) && Boolean(executionId),
+    staleTime: 30 * 1000,
+  })
+}
+
 /**
  * Prefetches log detail data on hover for instant panel rendering on click.
  */
diff --git a/apps/sim/hooks/queries/tables.ts b/apps/sim/hooks/queries/tables.ts
index d857b87f0b2..34055ea83ee 100644
--- a/apps/sim/hooks/queries/tables.ts
+++ b/apps/sim/hooks/queries/tables.ts
@@ -1,7 +1,10 @@
+'use client'
+
 /**
  * React Query hooks for managing user-defined tables.
  */
 
+import { useEffect } from 'react'
 import { createLogger } from '@sim/logger'
 import {
   type InfiniteData,
@@ -15,43 +18,71 @@ import { toast } from '@/components/emcn'
 import { requestJson } from '@/lib/api/client/request'
 import type { ContractJsonResponse } from '@/lib/api/contracts'
 import {
+  type AddWorkflowGroupBodyInput,
   addTableColumnContract,
+  addWorkflowGroupContract,
   type BatchInsertTableRowsBodyInput,
   type BatchUpdateTableRowsBodyInput,
   batchCreateTableRowsContract,
   batchUpdateTableRowsContract,
   type CreateTableBodyInput,
   type CreateTableColumnBodyInput,
+  cancelTableRunsContract,
   createTableContract,
   createTableRowContract,
   deleteTableColumnContract,
   deleteTableContract,
   deleteTableRowContract,
   deleteTableRowsContract,
+  deleteWorkflowGroupContract,
   getTableContract,
   type InsertTableRowBodyInput,
   listTableRowsContract,
   listTablesContract,
   renameTableContract,
   restoreTableContract,
+  runWorkflowGroupContract,
   type TableIdParamsInput,
   type TableRowParamsInput,
   type TableRowsQueryInput,
   type UpdateTableColumnBodyInput,
   type UpdateTableRowBodyInput,
+  type UpdateWorkflowGroupBodyInput,
   updateTableColumnContract,
   updateTableMetadataContract,
   updateTableRowContract,
+  updateWorkflowGroupContract,
 } from '@/lib/api/contracts/tables'
 import type {
   CsvHeaderMapping,
   Filter,
   RowData,
+  RowExecutionMetadata,
+  RowExecutions,
   Sort,
   TableDefinition,
   TableMetadata,
   TableRow,
+  WorkflowGroup,
+  WorkflowGroupDependencies,
+  WorkflowGroupOutput,
 } from '@/lib/table'
+import { useSocket } from '@/app/workspace/providers/socket-provider'
+
+/** Short poll to surface running → completed transitions from the server without a dedicated realtime channel. */
+const ROWS_POLL_INTERVAL_WHILE_RUNNING_MS = 1500
+
+function hasRunningGroupExecution(rows: TableRow[] | undefined): boolean {
+  if (!rows) return false
+  for (const row of rows) {
+    const executions = row.executions ?? {}
+    for (const key in executions) {
+      const exec = executions[key]
+      if (exec?.status === 'running' || exec?.status === 'pending') return true
+    }
+  }
+  return false
+}
 
 const logger = createLogger('TableQueries')
 
@@ -75,7 +106,7 @@ type TableRowsParams = Omit<TableRowsQueryInput, 'filter' | 'sort'> &
     sort?: Sort | null
   }
 
-type TableRowsResponse = Pick<
+export type TableRowsResponse = Pick<
   ContractJsonResponse<typeof listTableRowsContract>['data'],
   'rows' | 'totalCount'
 >
@@ -138,21 +169,13 @@ function invalidateRowData(queryClient: ReturnType<typeof useQueryClient>, table
   queryClient.invalidateQueries({ queryKey: tableKeys.rowsRoot(tableId) })
 }
 
-function invalidateRowCount(
-  queryClient: ReturnType<typeof useQueryClient>,
-  workspaceId: string,
-  tableId: string
-) {
+function invalidateRowCount(queryClient: ReturnType<typeof useQueryClient>, tableId: string) {
   queryClient.invalidateQueries({ queryKey: tableKeys.rowsRoot(tableId) })
   queryClient.invalidateQueries({ queryKey: tableKeys.detail(tableId) })
   queryClient.invalidateQueries({ queryKey: tableKeys.lists() })
 }
 
-function invalidateTableSchema(
-  queryClient: ReturnType<typeof useQueryClient>,
-  workspaceId: string,
-  tableId: string
-) {
+function invalidateTableSchema(queryClient: ReturnType<typeof useQueryClient>, tableId: string) {
   queryClient.invalidateQueries({ queryKey: tableKeys.detail(tableId) })
   queryClient.invalidateQueries({ queryKey: tableKeys.rowsRoot(tableId) })
   queryClient.invalidateQueries({ queryKey: tableKeys.lists() })
@@ -200,6 +223,146 @@ interface InfiniteTableRowsParams {
   enabled?: boolean
 }
 
+/**
+ * Fetch a single page of rows for a table with pagination/filter/sort.
+ *
+ * Subscribes to the realtime `table-row-updated` / `table-row-deleted` socket
+ * events for this `tableId`; on receipt, merges the delta into every cached
+ * rows query for the table via `setQueriesData`. Polling stays as a fallback
+ * gated on `!isConnected` so a brief disconnect window doesn't go stale.
+ */
+export function useTableRows({
+  workspaceId,
+  tableId,
+  limit,
+  offset,
+  filter,
+  sort,
+  includeTotal,
+  enabled = true,
+}: TableRowsParams & { enabled?: boolean }) {
+  const queryClient = useQueryClient()
+  const paramsKey = JSON.stringify({
+    limit,
+    offset,
+    filter: filter ?? null,
+    sort: sort ?? null,
+    includeTotal,
+  })
+  const {
+    isConnected: socketConnected,
+    joinTable,
+    leaveTable,
+    onTableRowUpdated,
+    onTableRowDeleted,
+  } = useSocket()
+
+  useEffect(() => {
+    if (!tableId) return
+    joinTable(tableId)
+
+    onTableRowUpdated((event) => {
+      if (event.tableId !== tableId) return
+      // While an optimistic mutation is in flight, applying the socket delta
+      // could clobber the optimistic state — defer to onSettled invalidate.
+      // Mark stale without triggering a refetch (refetchType: 'none') so the
+      // refetch races neither the in-flight optimistic update nor any
+      // server-side post-response work the mutation is awaiting (e.g. backfill).
+      if (queryClient.isMutating() > 0) {
+        queryClient.invalidateQueries({
+          queryKey: tableKeys.rowsRoot(tableId),
+          refetchType: 'none',
+        })
+        return
+      }
+      queryClient.setQueriesData<TableRowsResponse>(
+        { queryKey: tableKeys.rowsRoot(tableId) },
+        (current) => {
+          if (!current) return current
+          const incoming: TableRow = {
+            id: event.rowId,
+            data: event.data as RowData,
+            executions: (event.executions as RowExecutions) ?? {},
+            position: event.position,
+            createdAt: '',
+            updatedAt:
+              typeof event.updatedAt === 'string' ? event.updatedAt : String(event.updatedAt),
+          }
+          const idx = current.rows.findIndex((r) => r.id === event.rowId)
+          if (idx === -1) {
+            const next = [...current.rows, incoming].sort((a, b) => a.position - b.position)
+            return {
+              ...current,
+              rows: next,
+              totalCount: current.totalCount === null ? null : current.totalCount + 1,
+            }
+          }
+          const merged = {
+            ...current.rows[idx],
+            data: incoming.data,
+            executions: incoming.executions,
+            updatedAt: incoming.updatedAt,
+          }
+          const next = [...current.rows]
+          next[idx] = merged
+          return { ...current, rows: next }
+        }
+      )
+    })
+
+    onTableRowDeleted((event) => {
+      if (event.tableId !== tableId) return
+      if (queryClient.isMutating() > 0) {
+        queryClient.invalidateQueries({
+          queryKey: tableKeys.rowsRoot(tableId),
+          refetchType: 'none',
+        })
+        return
+      }
+      queryClient.setQueriesData<TableRowsResponse>(
+        { queryKey: tableKeys.rowsRoot(tableId) },
+        (current) => {
+          if (!current) return current
+          const next = current.rows.filter((r) => r.id !== event.rowId)
+          if (next.length === current.rows.length) return current
+          return {
+            ...current,
+            rows: next,
+            totalCount: current.totalCount === null ? null : Math.max(0, current.totalCount - 1),
+          }
+        }
+      )
+    })
+
+    return () => {
+      leaveTable()
+    }
+    // joinTable / leaveTable / on* are stable callbacks; tableId is the only real dep.
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, [tableId])
+
+  return useQuery({
+    queryKey: [...tableKeys.rowsRoot(tableId), paramsKey] as const,
+    queryFn: ({ signal }) =>
+      fetchTableRows({ workspaceId, tableId, limit, offset, filter, sort, includeTotal, signal }),
+    enabled: Boolean(workspaceId && tableId) && enabled,
+    staleTime: 30 * 1000,
+    placeholderData: keepPreviousData,
+    // Polling is the fallback for when the socket isn't carrying updates.
+    // - Pause while any mutation is in flight (optimistic-update guard).
+    // - Skip while connected (sockets push every cell write).
+    // - Otherwise poll only while a cell is in `running` state, the original cadence.
+    refetchInterval: (query) => {
+      if (queryClient.isMutating() > 0) return false
+      if (socketConnected) return false
+      return hasRunningGroupExecution(query.state.data?.rows)
+        ? ROWS_POLL_INTERVAL_WHILE_RUNNING_MS
+        : false
+    },
+    refetchIntervalInBackground: false,
+  })
+}
+
 /**
  * Paginated row fetching with `useInfiniteQuery`. Each page requests `pageSize`
  * rows at the next offset; `getNextPageParam` returns `undefined` once the last
@@ -276,7 +439,7 @@ export function useAddTableColumn({ workspaceId, tableId }: RowMutationContext)
       })
     },
     onSettled: () => {
-      invalidateTableSchema(queryClient, workspaceId, tableId)
+      invalidateTableSchema(queryClient, tableId)
     },
   })
 }
@@ -351,7 +514,7 @@ export function useCreateTableRow({ workspaceId, tableId }: RowMutationContext)
       reconcileCreatedRow(queryClient, tableId, row)
     },
     onSettled: () => {
-      invalidateRowCount(queryClient, workspaceId, tableId)
+      invalidateRowCount(queryClient, tableId)
     },
   })
 }
@@ -462,7 +625,7 @@ export function useBatchCreateTableRows({ workspaceId, tableId }: RowMutationCon
       })
     },
     onSettled: () => {
-      invalidateRowCount(queryClient, workspaceId, tableId)
+      invalidateRowCount(queryClient, tableId)
     },
   })
 }
@@ -571,7 +734,7 @@ export function useDeleteTableRow({ workspaceId, tableId }: RowMutationContext)
       })
     },
     onSettled: () => {
-      invalidateRowCount(queryClient, workspaceId, tableId)
+      invalidateRowCount(queryClient, tableId)
     },
   })
 }
@@ -608,7 +771,7 @@ export function useDeleteTableRows({ workspaceId, tableId }: RowMutationContext)
       return { deletedRowIds }
     },
     onSettled: () => {
-      invalidateRowCount(queryClient, workspaceId, tableId)
+      invalidateRowCount(queryClient, tableId)
     },
   })
 }
@@ -632,7 +795,7 @@ export function useUpdateColumn({ workspaceId, tableId }: RowMutationContext) {
       toast.error(error.message, { duration: 5000 })
     },
     onSettled: () => {
-      invalidateTableSchema(queryClient, workspaceId, tableId)
+      invalidateTableSchema(queryClient, tableId)
     },
   })
 }
@@ -676,6 +839,64 @@ export function useUpdateTableMetadata({ workspaceId, tableId }: RowMutationCont
   })
 }
 
+interface CancelRunsParams {
+  scope: 'all' | 'row'
+  rowId?: string
+}
+
+/**
+ * Cancel in-flight and queued workflow-column runs for a table.
+ * Scope is either `all` (table-wide) or `row` (a single row).
+ *
+ * Optimistically writes `cancelled` to every running/pending workflow cell in
+ * scope so the UI shows the stop immediately. The server-side write is the
+ * source of truth — the invalidation in `onSettled` reconciles any drift.
+ */
+export function useCancelTableRuns({ workspaceId, tableId }: RowMutationContext) {
+  const queryClient = useQueryClient()
+
+  return useMutation({
+    mutationFn: async ({ scope, rowId }: CancelRunsParams) => {
+      return requestJson(cancelTableRunsContract, {
+        params: { tableId },
+        body: { workspaceId, scope, rowId },
+      })
+    },
+    onMutate: async ({ scope, rowId }) => {
+      const snapshots = await snapshotAndMutateRows(queryClient, tableId, (r) => {
+        if (scope === 'row' && r.id !== rowId) return null
+        const executions = (r.executions ?? {}) as RowExecutions
+        let rowTouched = false
+        const nextExecutions: RowExecutions = { ...executions }
+        for (const gid in executions) {
+          const exec = executions[gid]
+          if (exec.status !== 'running' && exec.status !== 'pending') continue
+          // Preserve blockErrors so cells that already errored keep their
+          // Error rendering after the stop — only cells without a value or
+          // error should flip to "Cancelled".
+          nextExecutions[gid] = {
+            status: 'cancelled',
+            executionId: exec.executionId ?? null,
+            jobId: null,
+            workflowId: exec.workflowId,
+            error: 'Cancelled',
+            ...(exec.blockErrors ? { blockErrors: exec.blockErrors } : {}),
+          }
+          rowTouched = true
+        }
+        return rowTouched ? { ...r, executions: nextExecutions } : null
+      })
+      return { snapshots }
+    },
+    onError: (_err, _variables, context) => {
+      if (context?.snapshots) restoreCachedWorkflowCells(queryClient, context.snapshots)
+    },
+    onSettled: () => {
+      queryClient.invalidateQueries({ queryKey: tableKeys.rowsRoot(tableId) })
+    },
+  })
+}
+
 /**
  * Restore an archived table.
  */
@@ -802,7 +1023,7 @@ export function useImportCsvIntoTable() {
     },
     onSettled: (_data, _error, variables) => {
       if (!variables) return
-      invalidateRowCount(queryClient, variables.workspaceId, variables.tableId)
+      invalidateRowCount(queryClient, variables.tableId)
     },
     onError: (error) => {
       logger.error('Failed to import CSV into table:', error)
@@ -849,7 +1070,213 @@ export function useDeleteColumn({ workspaceId, tableId }: RowMutationContext) {
       })
     },
     onSettled: () => {
-      invalidateTableSchema(queryClient, workspaceId, tableId)
+      invalidateTableSchema(queryClient, tableId)
+    },
+  })
+}
+
+interface RunGroupVariables {
+  groupId: string
+  /** Workflow id sourced from the group's config — used as a fallback for the
+   *  optimistic execution `workflowId` field when the row hasn't run before. */
+  workflowId: string
+  /**
+   * `all` — fire every dep-satisfied row (default).
+   * `incomplete` — only rows that have never run or whose last run ended in
+   * `failed`/`aborted`. Mirrored by the server-side filter.
+   */
+  runMode?: 'all' | 'incomplete'
+}
+
+type InfiniteRowsCache = { pages: TableRowsResponse[]; pageParams: number[] }
+/**
+ * Cache shapes that hold table-row data. Single-page (`useTableRows`) and
+ * infinite (`useInfiniteTableRows`) live under the same `rowsRoot(tableId)`
+ * prefix, so optimistic mutations have to walk both shapes.
+ */
+type RowsCacheEntry = TableRowsResponse | InfiniteRowsCache
+type RowsCacheSnapshots = Array<[ReadonlyArray<unknown>, RowsCacheEntry]>
+
+function isInfiniteRowsCache(value: unknown): value is InfiniteRowsCache {
+  return (
+    !!value &&
+    typeof value === 'object' &&
+    Array.isArray((value as { pages?: unknown }).pages) &&
+    Array.isArray((value as { pageParams?: unknown }).pageParams)
+  )
+}
+
+/**
+ * Walks every cached row-list under `tableId`, applies `transform` to each row,
+ * and snapshots the originals for rollback.
+ *
+ * Handles both cache shapes: the single-page `TableRowsResponse` and the
+ * infinite-query `{ pages, pageParams }`. `transform(row)` returns the next
+ * row to write, or `null` to leave it. The common pattern is "matching cells
+ * flip state, others are skipped".
+ */
+export async function snapshotAndMutateRows(
+  queryClient: ReturnType<typeof useQueryClient>,
+  tableId: string,
+  transform: (row: TableRow) => TableRow | null
+): Promise<RowsCacheSnapshots> {
+  await queryClient.cancelQueries({ queryKey: tableKeys.rowsRoot(tableId) })
+  const matching = queryClient.getQueriesData<RowsCacheEntry>({
+    queryKey: tableKeys.rowsRoot(tableId),
+  })
+  const snapshots: RowsCacheSnapshots = []
+  for (const [key, data] of matching) {
+    if (!data) continue
+    if (isInfiniteRowsCache(data)) {
+      let touched = false
+      const nextPages = data.pages.map((page) => {
+        let pageTouched = false
+        const nextRows = page.rows.map((r) => {
+          const next = transform(r)
+          if (!next) return r
+          pageTouched = true
+          touched = true
+          return next
+        })
+        return pageTouched ? { ...page, rows: nextRows } : page
+      })
+      if (!touched) continue
+      snapshots.push([key, data])
+      queryClient.setQueryData<InfiniteRowsCache>(key, { ...data, pages: nextPages })
+      continue
+    }
+    let touched = false
+    const nextRows = data.rows.map((r) => {
+      const next = transform(r)
+      if (!next) return r
+      touched = true
+      return next
+    })
+    if (!touched) continue
+    snapshots.push([key, data])
+    queryClient.setQueryData<TableRowsResponse>(key, { ...data, rows: nextRows })
+  }
+  return snapshots
+}
+
+export function restoreCachedWorkflowCells(
+  queryClient: ReturnType<typeof useQueryClient>,
+  snapshots: RowsCacheSnapshots
+) {
+  for (const [key, data] of snapshots) {
+    queryClient.setQueryData(key, data)
+  }
+}
+
+/**
+ * Trigger a workflow-group run for every eligible row in the table. The server
+ * filters by deps; this hook optimistically flips each matching row's
+ * `executions[groupId]` to `pending` immediately so the UI doesn't lag the
+ * network round-trip.
+ */
+export function useRunGroup({ workspaceId, tableId }: RowMutationContext) {
+  const queryClient = useQueryClient()
+
+  return useMutation({
+    mutationFn: async ({ groupId, runMode = 'all' }: RunGroupVariables) => {
+      return requestJson(runWorkflowGroupContract, {
+        params: { tableId, groupId },
+        body: { workspaceId, runMode },
+      })
+    },
+    onMutate: async ({ groupId, workflowId, runMode = 'all' }) => {
+      const snapshots = await snapshotAndMutateRows(queryClient, tableId, (r) => {
+        const exec = r.executions?.[groupId] as RowExecutionMetadata | undefined
+        if (exec?.status === 'running' || exec?.status === 'pending') return null
+        // Mirror the server-side `incomplete` filter so the optimistic update
+        // doesn't flash `pending` on rows the server is going to skip.
+        if (runMode === 'incomplete' && exec?.status === 'completed') return null
+        const pending: RowExecutionMetadata = {
+          status: 'pending',
+          executionId: exec?.executionId ?? null,
+          jobId: null,
+          workflowId: exec?.workflowId ?? workflowId,
+          error: null,
+        }
+        return {
+          ...r,
+          executions: { ...(r.executions ?? {}), [groupId]: pending },
+        }
+      })
+      return { snapshots }
+    },
+    onError: (_err, _variables, context) => {
+      if (context?.snapshots) restoreCachedWorkflowCells(queryClient, context.snapshots)
+    },
+    onSettled: () => {
+      queryClient.invalidateQueries({ queryKey: tableKeys.rowsRoot(tableId) })
+    },
+  })
+}
+
+// ───────────────────────── Workflow group mutations ─────────────────────────
+
+interface AddWorkflowGroupVariables {
+  group: WorkflowGroup
+  outputColumns: AddWorkflowGroupBodyInput['outputColumns']
+}
+
+export function useAddWorkflowGroup({ workspaceId, tableId }: RowMutationContext) {
+  const queryClient = useQueryClient()
+  return useMutation({
+    mutationFn: async ({ group, outputColumns }: AddWorkflowGroupVariables) => {
+      return requestJson(addWorkflowGroupContract, {
+        params: { tableId },
+        body: { workspaceId, group, outputColumns },
+      })
+    },
+    onSettled: () => {
+      invalidateTableSchema(queryClient, tableId)
+    },
+  })
+}
+
+interface UpdateWorkflowGroupVariables {
+  groupId: string
+  workflowId?: string
+  name?: string
+  dependencies?: WorkflowGroupDependencies
+  outputs?: WorkflowGroupOutput[]
+  newOutputColumns?: UpdateWorkflowGroupBodyInput['newOutputColumns']
+}
+
+export function useUpdateWorkflowGroup({ workspaceId, tableId }: RowMutationContext) {
+  const queryClient = useQueryClient()
+  return useMutation({
+    mutationFn: async (vars: UpdateWorkflowGroupVariables) => {
+      return requestJson(updateWorkflowGroupContract, {
+        params: { tableId },
+        body: { workspaceId, ...vars },
+      })
+    },
+    onSettled: () => {
+      invalidateTableSchema(queryClient, tableId)
+      queryClient.invalidateQueries({ queryKey: tableKeys.rowsRoot(tableId) })
+    },
+  })
+}
+
+interface DeleteWorkflowGroupVariables {
+  groupId: string
+}
+
+export function useDeleteWorkflowGroup({ workspaceId, tableId }: RowMutationContext) {
+  const queryClient = useQueryClient()
+  return useMutation({
+    mutationFn: async ({ groupId }: DeleteWorkflowGroupVariables) => {
+      return requestJson(deleteWorkflowGroupContract, {
+        params: { tableId },
+        body: { workspaceId, groupId },
+      })
+    },
+    onSettled: () => {
+      invalidateTableSchema(queryClient, tableId)
+      queryClient.invalidateQueries({ queryKey: tableKeys.rowsRoot(tableId) })
     },
   })
 }
diff --git a/apps/sim/hooks/queries/workflows.ts b/apps/sim/hooks/queries/workflows.ts
index 31c58e125a3..6ef5be56e64 100644
--- a/apps/sim/hooks/queries/workflows.ts
+++ b/apps/sim/hooks/queries/workflows.ts
@@ -8,6 +8,7 @@ import {
   keepPreviousData,
   skipToken,
   useMutation,
+  useQueries,
   useQuery,
   useQueryClient,
 } from '@tanstack/react-query'
@@ -79,6 +80,31 @@ export function useWorkflowState(workflowId: string | undefined) {
   })
 }
 
+/**
+ * Batched workflow-state fetch for callers that need state for several
+ * workflows at once (e.g. a table with multiple workflow groups). One
+ * subscription per unique workflow id — duplicates in `workflowIds` are
+ * collapsed before subscribing so N consumers of the same id don't each
+ * register their own observer.
+ */
+export function useWorkflowStates(
+  workflowIds: ReadonlyArray<string | undefined>
+): Map<string, WorkflowState | null> {
+  const uniqueIds = Array.from(new Set(workflowIds.filter((id): id is string => Boolean(id))))
+  const results = useQueries({
+    queries: uniqueIds.map((id) => ({
+      queryKey: workflowKeys.state(id),
+      queryFn: ({ signal }: { signal?: AbortSignal }) => fetchWorkflowState(id, signal),
+      staleTime: 30 * 1000,
+    })),
+  })
+  const map = new Map<string, WorkflowState | null>()
+  uniqueIds.forEach((id, i) => {
+    map.set(id, (results[i].data as WorkflowState | null | undefined) ?? null)
+  })
+  return map
+}
+
 export function useWorkflows(workspaceId?: string, options?: { scope?: WorkflowQueryScope }) {
   const { scope = 'active' } = options || {}
 
diff --git a/apps/sim/hooks/queries/workspace-files.ts b/apps/sim/hooks/queries/workspace-files.ts
index aa3951ada26..a894c4988d7 100644
--- a/apps/sim/hooks/queries/workspace-files.ts
+++ b/apps/sim/hooks/queries/workspace-files.ts
@@ -1,17 +1,25 @@
 import { createLogger } from '@sim/logger'
+import { sleep } from '@sim/utils/helpers'
 import { keepPreviousData, useMutation, useQuery, useQueryClient } from '@tanstack/react-query'
 import { toast } from '@/components/emcn'
-import { isApiClientError } from '@/lib/api/client/errors'
+import { ApiClientError, isApiClientError } from '@/lib/api/client/errors'
 import { requestJson } from '@/lib/api/client/request'
 import { getUsageLimitsContract } from '@/lib/api/contracts/usage-limits'
 import {
   deleteWorkspaceFileContract,
   listWorkspaceFilesContract,
+  registerWorkspaceFileContract,
   renameWorkspaceFileContract,
   restoreWorkspaceFileContract,
   updateWorkspaceFileContentContract,
 } from '@/lib/api/contracts/workspace-files'
+import {
+  DirectUploadError,
+  runUploadStrategy,
+  type UploadProgressEvent,
+} from '@/lib/uploads/client/direct-upload'
 import type { WorkspaceFileRecord } from '@/lib/uploads/contexts/workspace'
+import type { UserFile } from '@/executor/types'
 
 const logger = createLogger('WorkspaceFilesQuery')
 
@@ -195,36 +203,134 @@ export function useStorageInfo(enabled = true) {
 interface UploadFileParams {
   workspaceId: string
   file: File
+  onProgress?: (event: UploadProgressEvent) => void
+  signal?: AbortSignal
 }
 
-export function useUploadWorkspaceFile() {
-  const queryClient = useQueryClient()
+interface UploadFileResponse {
+  success: boolean
+  file: UserFile
+}
 
-  return useMutation({
-    mutationFn: async ({ workspaceId, file }: UploadFileParams) => {
-      const formData = new FormData()
-      formData.append('file', file)
-
-      // boundary-raw-fetch: multipart/form-data file upload, requestJson only supports JSON bodies
-      const response = await fetch(`/api/workspaces/${workspaceId}/files`, {
-        method: 'POST',
-        body: formData,
-      })
+async function uploadViaApiFallback(
+  workspaceId: string,
+  file: File,
+  signal?: AbortSignal
+): Promise<UploadFileResponse> {
+  const formData = new FormData()
+  formData.append('file', file)
+
+  // boundary-raw-fetch: multipart/form-data fallback upload, requestJson only supports JSON bodies
+  const response = await fetch(`/api/workspaces/${workspaceId}/files`, {
+    method: 'POST',
+    body: formData,
+    signal,
+  })
+
+  return parseUploadResponse(response, 'Upload failed')
+}
 
-      const data = await response.json()
+async function parseUploadResponse(
+  response: Response,
+  fallbackMessage: string
+): Promise<UploadFileResponse> {
+  let data: { success?: boolean; error?: string; file?: UserFile } | null = null
+  try {
+    data = await response.json()
+  } catch {}
 
-      if (!data.success) {
-        throw new Error(data.error || 'Upload failed')
-      }
+  if (!response.ok || !data?.success) {
+    throw new Error(data?.error || `${fallbackMessage} (${response.status})`)
+  }
+  return data as UploadFileResponse
+}
 
-      return data
-    },
+async function uploadWorkspaceFile(
+  workspaceId: string,
+  file: File,
+  onProgress?: (event: UploadProgressEvent) => void,
+  signal?: AbortSignal
+): Promise<UploadFileResponse> {
+  let result
+  try {
+    result = await runUploadStrategy({
+      file,
+      presignedEndpoint: `/api/workspaces/${workspaceId}/files/presigned`,
+      workspaceId,
+      context: 'workspace',
+      onProgress,
+      signal,
+    })
+  } catch (error) {
+    if (error instanceof DirectUploadError && error.code === 'FALLBACK_REQUIRED') {
+      return uploadViaApiFallback(workspaceId, file, signal)
+    }
+    throw error
+  }
+
+  const data = await registerWithRetry(workspaceId, result, signal)
+
+  if (!data.success || !data.file) {
+    throw new Error(data.error || 'Failed to register file')
+  }
+  return { success: true, file: data.file }
+}
+
+const REGISTER_MAX_ATTEMPTS = 3
+const REGISTER_RETRY_DELAY_MS = 500
+
+/**
+ * Register the uploaded object with bounded retries. The server-side handler
+ * is idempotent (existing-record short-circuit), so safely retrying handles
+ * dropped responses that would otherwise orphan the object in storage.
+ */
+async function registerWithRetry(
+  workspaceId: string,
+  result: { key: string; name: string; contentType: string },
+  signal?: AbortSignal
+) {
+  let lastError: unknown
+  for (let attempt = 1; attempt <= REGISTER_MAX_ATTEMPTS; attempt++) {
+    try {
+      return await requestJson(registerWorkspaceFileContract, {
+        params: { id: workspaceId },
+        body: {
+          key: result.key,
+          name: result.name,
+          contentType: result.contentType,
+        },
+        signal,
+      })
+    } catch (error) {
+      lastError = error
+      if (signal?.aborted) throw error
+      const isTransient =
+        !(error instanceof ApiClientError) || (error.status >= 500 && error.status < 600)
+      if (!isTransient || attempt === REGISTER_MAX_ATTEMPTS) throw error
+      await sleep(REGISTER_RETRY_DELAY_MS * attempt)
+    }
+  }
+  throw lastError
+}
+
+export function useUploadWorkspaceFile() {
+  const queryClient = useQueryClient()
+
+  return useMutation({
+    mutationFn: ({ workspaceId, file, onProgress, signal }: UploadFileParams) =>
+      uploadWorkspaceFile(workspaceId, file, onProgress, signal),
     onSettled: () => {
       queryClient.invalidateQueries({ queryKey: workspaceFilesKeys.lists() })
       queryClient.invalidateQueries({ queryKey: workspaceFilesKeys.storageInfo() })
     },
-    onError: (error) => {
+    onSuccess: (_data, variables) => {
+      toast.success(`Uploaded "${variables.file.name}"`)
+    },
+    onError: (error, variables) => {
       logger.error('Failed to upload file:', error)
+      toast.error(`Failed to upload "${variables.file.name}": ${error.message}`, {
+        duration: 5000,
+      })
     },
   })
 }
diff --git a/apps/sim/hooks/use-collaborative-workflow.ts b/apps/sim/hooks/use-collaborative-workflow.ts
index b7eeceb6b18..5f3b16e56ee 100644
--- a/apps/sim/hooks/use-collaborative-workflow.ts
+++ b/apps/sim/hooks/use-collaborative-workflow.ts
@@ -19,6 +19,7 @@ import { getWorkflowStateContract } from '@/lib/api/contracts'
 import { useSession } from '@/lib/auth/auth-client'
 import { useSocket } from '@/app/workspace/providers/socket-provider'
 import { getBlock } from '@/blocks'
+import { getSubBlocksDependingOnChange } from '@/blocks/utils'
 import { normalizeName, RESERVED_BLOCK_NAMES } from '@/executor/constants'
 import { invalidateDeploymentQueries } from '@/hooks/queries/deployments'
 import { useUndoRedo } from '@/hooks/use-undo-redo'
@@ -1322,9 +1323,7 @@ export function useCollaborativeWorkflow() {
         const blockType = useWorkflowStore.getState().blocks?.[blockId]?.type
         const blockConfig = blockType ? getBlock(blockType) : null
         if (blockConfig?.subBlocks && Array.isArray(blockConfig.subBlocks)) {
-          const dependents = blockConfig.subBlocks.filter(
-            (sb: any) => Array.isArray(sb.dependsOn) && sb.dependsOn.includes(subblockId)
-          )
+          const dependents = getSubBlocksDependingOnChange(blockConfig.subBlocks, subblockId)
           for (const dep of dependents) {
             if (!dep?.id || dep.id === subblockId) continue
             const currentDepValue = useSubBlockStore.getState().getValue(blockId, dep.id)
diff --git a/apps/sim/lib/api/contracts/chats.ts b/apps/sim/lib/api/contracts/chats.ts
index 3d3558adccf..c3e908121b6 100644
--- a/apps/sim/lib/api/contracts/chats.ts
+++ b/apps/sim/lib/api/contracts/chats.ts
@@ -104,13 +104,10 @@ export const deployedChatConfigSchema = z.object({
 })
 export type DeployedChatConfig = z.output<typeof deployedChatConfigSchema>
 
-export const deployedChatAuthBodySchema = z
-  .object({
-    password: z.string().optional(),
-    email: z.string().email('Invalid email format').optional().or(z.literal('')),
-    checkSSOAccess: z.boolean().optional(),
-  })
-  .passthrough()
+export const deployedChatAuthBodySchema = z.object({
+  password: z.string().optional(),
+  email: z.string().email('Invalid email format').optional().or(z.literal('')),
+})
 export type DeployedChatAuthBody = z.input<typeof deployedChatAuthBodySchema>
 
 export const deployedChatFileSchema = z.object({
@@ -125,12 +122,20 @@ export const deployedChatPostBodySchema = z.object({
   input: z.string().optional(),
   password: z.string().optional(),
   email: z.string().email('Invalid email format').optional().or(z.literal('')),
-  checkSSOAccess: z.boolean().optional(),
   conversationId: z.string().optional(),
   files: z.array(deployedChatFileSchema).optional().default([]),
 })
 export type DeployedChatPostBody = z.input<typeof deployedChatPostBodySchema>
 
+export const chatSSOBodySchema = z.object({
+  email: z.string().email('Invalid email address'),
+})
+
+export const chatSSOResponseSchema = z.object({
+  eligible: z.boolean(),
+})
+export type ChatSSOResponse = z.output<typeof chatSSOResponseSchema>
+
 export const chatEmailOtpRequestBodySchema = z.object({
   email: z.string().email('Invalid email address'),
 })
@@ -198,6 +203,17 @@ export const deployedChatPostContract = defineRouteContract({
   },
 })
 
+export const chatSSOContract = defineRouteContract({
+  method: 'POST',
+  path: '/api/chat/[identifier]/sso',
+  params: chatIdentifierParamsSchema,
+  body: chatSSOBodySchema,
+  response: {
+    mode: 'json',
+    schema: chatSSOResponseSchema,
+  },
+})
+
 export const requestChatEmailOtpContract = defineRouteContract({
   method: 'POST',
   path: '/api/chat/[identifier]/otp',
diff --git a/apps/sim/lib/api/contracts/storage-transfer.ts b/apps/sim/lib/api/contracts/storage-transfer.ts
index 8e70e8f26b1..0dd14fcc536 100644
--- a/apps/sim/lib/api/contracts/storage-transfer.ts
+++ b/apps/sim/lib/api/contracts/storage-transfer.ts
@@ -454,6 +454,10 @@ export const fileViewParamsSchema = z.object({
   id: z.string().uuid('File ID must be a valid UUID'),
 })
 
+export const fileExportParamsSchema = z.object({
+  id: z.string().uuid('File ID must be a valid UUID'),
+})
+
 export const boxUploadContract = defineRouteContract({
   method: 'POST',
   path: '/api/tools/box/upload',
@@ -707,6 +711,13 @@ export const fileViewContract = defineRouteContract({
   response: { mode: 'binary' },
 })
 
+export const fileExportContract = defineRouteContract({
+  method: 'GET',
+  path: '/api/files/export/[id]',
+  params: fileExportParamsSchema,
+  response: { mode: 'binary' },
+})
+
 export type BoxUploadBody = ContractBodyInput<typeof boxUploadContract>
 export type BoxUploadResponse = ContractJsonResponse<typeof boxUploadContract>
 export type DropboxUploadBody = ContractBodyInput<typeof dropboxUploadContract>
@@ -749,3 +760,4 @@ export type GetMultipartPartUrlsBody = z.output<typeof getMultipartPartUrlsBodyS
 export type FileServeParams = ContractParamsInput<typeof fileServeContract>
 export type FileServeQuery = ContractQueryInput<typeof fileServeContract>
 export type FileViewParams = ContractParamsInput<typeof fileViewContract>
+export type FileExportParams = ContractParamsInput<typeof fileExportContract>
diff --git a/apps/sim/lib/api/contracts/tables.ts b/apps/sim/lib/api/contracts/tables.ts
index 32d16d73ae3..05248757a68 100644
--- a/apps/sim/lib/api/contracts/tables.ts
+++ b/apps/sim/lib/api/contracts/tables.ts
@@ -707,3 +707,187 @@ export const deleteTableRowsContract = defineRouteContract({
     ),
   },
 })
+
+// ============================================================================
+// Workflow group contracts (`/api/table/[tableId]/groups`, `/cancel-runs`,
+// `/groups/[groupId]/run`, `/rows/[rowId]/run-workflow-group`)
+// ============================================================================
+
+const workflowGroupOutputSchema = z.object({
+  blockId: z.string().min(1),
+  path: z.string().min(1),
+  columnName: z.string().min(1),
+})
+
+const workflowGroupDependenciesSchema = z.object({
+  columns: z.array(z.string()).optional(),
+  workflowGroups: z.array(z.string()).optional(),
+})
+
+const workflowGroupOutputColumnSchema = z.object({
+  name: z.string().min(1),
+  type: columnTypeSchema,
+  required: z.boolean().optional(),
+  unique: z.boolean().optional(),
+  workflowGroupId: z.string().min(1),
+})
+
+export const groupIdParamsSchema = tableIdParamsSchema.extend({
+  groupId: z.string().min(1),
+})
+
+export const addWorkflowGroupBodySchema = z.object({
+  workspaceId: z.string().min(1, 'Workspace ID is required'),
+  group: z.object({
+    id: z.string().min(1),
+    workflowId: z.string().min(1),
+    name: z.string().optional(),
+    dependencies: workflowGroupDependenciesSchema.optional(),
+    outputs: z.array(workflowGroupOutputSchema).min(1),
+  }),
+  outputColumns: z.array(workflowGroupOutputColumnSchema).min(1),
+  /** When false, skip auto-scheduling existing rows after the group is added.
+   *  Defaults to true so UI adds populate cells immediately; the Mothership
+   *  tool sends `false` so the AI can stage groups without firing runs. */
+  autoRun: z.boolean().optional(),
+})
+
+export const updateWorkflowGroupBodySchema = z.object({
+  workspaceId: z.string().min(1, 'Workspace ID is required'),
+  groupId: z.string().min(1),
+  workflowId: z.string().min(1).optional(),
+  name: z.string().optional(),
+  dependencies: workflowGroupDependenciesSchema.optional(),
+  outputs: z.array(workflowGroupOutputSchema).optional(),
+  newOutputColumns: z.array(workflowGroupOutputColumnSchema).optional(),
+})
+
+export const deleteWorkflowGroupBodySchema = z.object({
+  workspaceId: z.string().min(1, 'Workspace ID is required'),
+  groupId: z.string().min(1),
+})
+
+const workflowGroupColumnsResponseSchema = successResponseSchema(
+  z.object({
+    columns: z.array(z.unknown()),
+    workflowGroups: z.array(z.unknown()),
+  })
+)
+
+export const addWorkflowGroupContract = defineRouteContract({
+  method: 'POST',
+  path: '/api/table/[tableId]/groups',
+  params: tableIdParamsSchema,
+  body: addWorkflowGroupBodySchema,
+  response: {
+    mode: 'json',
+    schema: workflowGroupColumnsResponseSchema,
+  },
+})
+
+export const updateWorkflowGroupContract = defineRouteContract({
+  method: 'PATCH',
+  path: '/api/table/[tableId]/groups',
+  params: tableIdParamsSchema,
+  body: updateWorkflowGroupBodySchema,
+  response: {
+    mode: 'json',
+    schema: workflowGroupColumnsResponseSchema,
+  },
+})
+
+export const deleteWorkflowGroupContract = defineRouteContract({
+  method: 'DELETE',
+  path: '/api/table/[tableId]/groups',
+  params: tableIdParamsSchema,
+  body: deleteWorkflowGroupBodySchema,
+  response: {
+    mode: 'json',
+    schema: workflowGroupColumnsResponseSchema,
+  },
+})
+
+/**
+ * Cancel scopes:
+ *  - `all`     — every running/pending cell in the table
+ *  - `row`     — every running/pending cell for a specific row (`rowId` required)
+ */
+export const cancelTableRunsBodySchema = z
+  .object({
+    workspaceId: z.string().min(1, 'Workspace ID is required'),
+    scope: z.enum(['all', 'row']),
+    rowId: z.string().min(1).optional(),
+  })
+  .superRefine((value, ctx) => {
+    if (value.scope === 'row' && !value.rowId) {
+      ctx.addIssue({
+        code: 'custom',
+        path: ['rowId'],
+        message: 'rowId is required when scope is "row"',
+      })
+    }
+  })
+
+export const cancelTableRunsContract = defineRouteContract({
+  method: 'POST',
+  path: '/api/table/[tableId]/cancel-runs',
+  params: tableIdParamsSchema,
+  body: cancelTableRunsBodySchema,
+  response: {
+    mode: 'json',
+    schema: successResponseSchema(z.object({ cancelled: z.number() })),
+  },
+})
+
+/**
+ * Run modes for `POST /api/table/[tableId]/groups/[groupId]/run`:
+ *  - `all`        — every dep-satisfied row not already running/pending
+ *  - `incomplete` — same, but additionally restricted to rows whose group has
+ *    never run, or whose last run ended in `failed`/`aborted`
+ *
+ * Field is named `runMode` (not `mode`) to disambiguate from the table-import
+ * `mode` arg (`append` / `replace`) which lives on a different op.
+ */
+export const runWorkflowGroupBodySchema = z.object({
+  workspaceId: z.string().min(1, 'Workspace ID is required'),
+  runMode: z.enum(['all', 'incomplete']).default('all'),
+  /** Optional row scope. When provided, only these rows are candidates — the
+   *  same eligibility predicate (deps satisfied, not in-flight, runMode filter)
+   *  still applies, so a passed-in row that's mid-run or has unmet deps is
+   *  silently skipped. Omit to run across the entire table. */
+  rowIds: z.array(z.string().min(1)).min(1).optional(),
+})
+
+export const runWorkflowGroupContract = defineRouteContract({
+  method: 'POST',
+  path: '/api/table/[tableId]/groups/[groupId]/run',
+  params: groupIdParamsSchema,
+  body: runWorkflowGroupBodySchema,
+  response: {
+    mode: 'json',
+    schema: successResponseSchema(z.object({ triggered: z.number() })),
+  },
+})
+
+export const runRowWorkflowGroupBodySchema = z.object({
+  workspaceId: z.string().min(1, 'Workspace ID is required'),
+  groupId: z.string().min(1, 'Group ID is required'),
+})
+
+export const runRowWorkflowGroupContract = defineRouteContract({
+  method: 'POST',
+  path: '/api/table/[tableId]/rows/[rowId]/run-workflow-group',
+  params: tableRowParamsSchema,
+  body: runRowWorkflowGroupBodySchema,
+  response: {
+    mode: 'json',
+    schema: successResponseSchema(z.object({ executionId: z.string() })),
+  },
+})
+
+export type AddWorkflowGroupBodyInput = z.input<typeof addWorkflowGroupBodySchema>
+export type UpdateWorkflowGroupBodyInput = z.input<typeof updateWorkflowGroupBodySchema>
+export type DeleteWorkflowGroupBodyInput = z.input<typeof deleteWorkflowGroupBodySchema>
+export type CancelTableRunsBodyInput = z.input<typeof cancelTableRunsBodySchema>
+export type RunWorkflowGroupBodyInput = z.input<typeof runWorkflowGroupBodySchema>
+export type RunRowWorkflowGroupBodyInput = z.input<typeof runRowWorkflowGroupBodySchema>
diff --git a/apps/sim/lib/api/contracts/workspace-files.ts b/apps/sim/lib/api/contracts/workspace-files.ts
index c7a3c9436c7..6aae8b2d2df 100644
--- a/apps/sim/lib/api/contracts/workspace-files.ts
+++ b/apps/sim/lib/api/contracts/workspace-files.ts
@@ -143,3 +143,76 @@ export const workspaceFileCompiledCheckContract = defineRouteContract({
     schema: compiledCheckResponseSchema,
   },
 })
+
+export const workspacePresignedUploadBodySchema = z.object({
+  fileName: z.string().min(1, 'fileName is required'),
+  contentType: z.string().min(1, 'contentType is required'),
+  fileSize: z.number().nonnegative('fileSize must be a non-negative number'),
+})
+
+export type WorkspacePresignedUploadBody = z.input<typeof workspacePresignedUploadBodySchema>
+
+const workspacePresignedFileInfoSchema = z.object({
+  path: z.string(),
+  key: z.string(),
+  name: z.string(),
+  size: z.number(),
+  type: z.string(),
+})
+
+const workspacePresignedUploadResponseSchema = z.object({
+  fileName: z.string(),
+  presignedUrl: z.string(),
+  fileInfo: workspacePresignedFileInfoSchema,
+  uploadHeaders: z.record(z.string(), z.string()).optional(),
+  directUploadSupported: z.boolean(),
+})
+
+export const workspacePresignedUploadContract = defineRouteContract({
+  method: 'POST',
+  path: '/api/workspaces/[id]/files/presigned',
+  params: workspaceFilesParamsSchema,
+  body: workspacePresignedUploadBodySchema,
+  response: {
+    mode: 'json',
+    schema: workspacePresignedUploadResponseSchema,
+  },
+})
+
+export const registerWorkspaceFileBodySchema = z.object({
+  key: z.string().min(1, 'key is required'),
+  name: z.string().min(1, 'name is required'),
+  contentType: z.string().min(1, 'contentType is required'),
+})
+
+export type RegisterWorkspaceFileBody = z.input<typeof registerWorkspaceFileBodySchema>
+
+const registeredWorkspaceFileSchema = z.object({
+  id: z.string(),
+  name: z.string(),
+  url: z.string(),
+  size: z.number(),
+  type: z.string(),
+  key: z.string(),
+  context: z.string().optional(),
+})
+
+const registerWorkspaceFileResponseSchema = z.object({
+  success: z.boolean(),
+  file: registeredWorkspaceFileSchema.optional(),
+  error: z.string().optional(),
+  isDuplicate: z.boolean().optional(),
+})
+
+export type RegisterWorkspaceFileResponse = z.output<typeof registerWorkspaceFileResponseSchema>
+
+export const registerWorkspaceFileContract = defineRouteContract({
+  method: 'POST',
+  path: '/api/workspaces/[id]/files/register',
+  params: workspaceFilesParamsSchema,
+  body: registerWorkspaceFileBodySchema,
+  response: {
+    mode: 'json',
+    schema: registerWorkspaceFileResponseSchema,
+  },
+})
diff --git a/apps/sim/lib/billing/subscriptions/utils.ts b/apps/sim/lib/billing/subscriptions/utils.ts
index 03cbd953017..e4d226f96c2 100644
--- a/apps/sim/lib/billing/subscriptions/utils.ts
+++ b/apps/sim/lib/billing/subscriptions/utils.ts
@@ -14,7 +14,7 @@ import {
   isTeam,
 } from '@/lib/billing/plan-helpers'
 import { parseEnterpriseSubscriptionMetadata } from '@/lib/billing/types'
-import { env } from '@/lib/core/config/env'
+import { env, envNumber } from '@/lib/core/config/env'
 
 export const ENTITLED_SUBSCRIPTION_STATUSES = ['active', 'past_due'] as const
 
@@ -52,28 +52,28 @@ export function hasUsableSubscriptionAccess(
  * Get the free tier limit from env or fallback to default
  */
 export function getFreeTierLimit(): number {
-  return env.FREE_TIER_COST_LIMIT || DEFAULT_FREE_CREDITS
+  return envNumber(env.FREE_TIER_COST_LIMIT, DEFAULT_FREE_CREDITS)
 }
 
 /**
  * Get the pro tier limit from env or fallback to default
  */
 export function getProTierLimit(): number {
-  return env.PRO_TIER_COST_LIMIT || DEFAULT_PRO_TIER_COST_LIMIT
+  return envNumber(env.PRO_TIER_COST_LIMIT, DEFAULT_PRO_TIER_COST_LIMIT)
 }
 
 /**
  * Get the team tier limit per seat from env or fallback to default
  */
 export function getTeamTierLimitPerSeat(): number {
-  return env.TEAM_TIER_COST_LIMIT || DEFAULT_TEAM_TIER_COST_LIMIT
+  return envNumber(env.TEAM_TIER_COST_LIMIT, DEFAULT_TEAM_TIER_COST_LIMIT)
 }
 
 /**
  * Get the enterprise tier limit per seat from env or fallback to default
  */
 export function getEnterpriseTierLimitPerSeat(): number {
-  return env.ENTERPRISE_TIER_COST_LIMIT || DEFAULT_ENTERPRISE_TIER_COST_LIMIT
+  return envNumber(env.ENTERPRISE_TIER_COST_LIMIT, DEFAULT_ENTERPRISE_TIER_COST_LIMIT)
 }
 
 export function checkEnterprisePlan(subscription: any): boolean {
diff --git a/apps/sim/lib/billing/threshold-billing.ts b/apps/sim/lib/billing/threshold-billing.ts
index 13b0b700919..f79aae2638a 100644
--- a/apps/sim/lib/billing/threshold-billing.ts
+++ b/apps/sim/lib/billing/threshold-billing.ts
@@ -16,12 +16,12 @@ import {
 } from '@/lib/billing/subscriptions/utils'
 import { toDecimal, toNumber } from '@/lib/billing/utils/decimal'
 import { OUTBOX_EVENT_TYPES } from '@/lib/billing/webhooks/outbox-handlers'
-import { env } from '@/lib/core/config/env'
+import { env, envNumber } from '@/lib/core/config/env'
 import { enqueueOutboxEvent } from '@/lib/core/outbox/service'
 
 const logger = createLogger('ThresholdBilling')
 
-const OVERAGE_THRESHOLD = env.OVERAGE_THRESHOLD_DOLLARS || DEFAULT_OVERAGE_THRESHOLD
+const OVERAGE_THRESHOLD = envNumber(env.OVERAGE_THRESHOLD_DOLLARS, DEFAULT_OVERAGE_THRESHOLD)
 
 export async function checkAndBillOverageThreshold(userId: string): Promise<void> {
   try {
diff --git a/apps/sim/lib/copilot/generated/tool-schemas-v1.ts b/apps/sim/lib/copilot/generated/tool-schemas-v1.ts
index bcd2db3bb6d..5a2e2a196d8 100644
--- a/apps/sim/lib/copilot/generated/tool-schemas-v1.ts
+++ b/apps/sim/lib/copilot/generated/tool-schemas-v1.ts
@@ -216,7 +216,7 @@ export const TOOL_RUNTIME_SCHEMAS: Record<string, ToolRuntimeSchemaEntry> = {
             "A short, descriptive title for the job (e.g., 'Email Poller', 'Daily Report'). Used as the display name.",
         },
       },
-      required: ['prompt'],
+      required: ['title', 'prompt'],
     },
     resultSchema: undefined,
   },
@@ -788,15 +788,16 @@ export const TOOL_RUNTIME_SCHEMAS: Record<string, ToolRuntimeSchemaEntry> = {
                   'Parameters for the operation. \nFor edit: {"inputs": {"temperature": 0.5}} NOT {"subBlocks": {"temperature": {"value": 0.5}}}\nFor add: {"type": "agent", "name": "My Agent", "inputs": {"model": "claude-sonnet-4-6"}}\nFor delete: {} (empty object)',
               },
             },
-            required: ['operation_type', 'block_id'],
+            required: ['operation_type', 'block_id', 'params'],
           },
         },
         workflowId: {
           type: 'string',
-          description: 'Workflow ID to edit.',
+          description:
+            'Optional workflow ID to edit. If not provided, uses the current workflow in context.',
         },
       },
-      required: ['operations', 'workflowId'],
+      required: ['operations'],
     },
     resultSchema: undefined,
   },
@@ -1430,7 +1431,7 @@ export const TOOL_RUNTIME_SCHEMAS: Record<string, ToolRuntimeSchemaEntry> = {
           ],
         },
       },
-      required: ['operation'],
+      required: ['operation', 'args'],
     },
     resultSchema: {
       type: 'object',
@@ -2386,32 +2387,22 @@ export const TOOL_RUNTIME_SCHEMAS: Record<string, ToolRuntimeSchemaEntry> = {
           default: 'workspace',
         },
         variables: {
-          description: 'Environment variables to set, as a name/value list or object record.',
-          oneOf: [
-            {
-              type: 'array',
-              items: {
-                type: 'object',
-                properties: {
-                  name: {
-                    type: 'string',
-                    description: 'Variable name',
-                  },
-                  value: {
-                    type: 'string',
-                    description: 'Variable value',
-                  },
-                },
-                required: ['name', 'value'],
+          type: 'array',
+          description: 'List of env vars to set',
+          items: {
+            type: 'object',
+            properties: {
+              name: {
+                type: 'string',
+                description: 'Variable name',
               },
-            },
-            {
-              type: 'object',
-              additionalProperties: {
+              value: {
                 type: 'string',
+                description: 'Variable value',
               },
             },
-          ],
+            required: ['name', 'value'],
+          },
         },
       },
       required: ['variables'],
@@ -2778,7 +2769,7 @@ export const TOOL_RUNTIME_SCHEMAS: Record<string, ToolRuntimeSchemaEntry> = {
           ],
         },
       },
-      required: ['operation'],
+      required: ['operation', 'args'],
     },
     resultSchema: {
       type: 'object',
@@ -2812,7 +2803,7 @@ export const TOOL_RUNTIME_SCHEMAS: Record<string, ToolRuntimeSchemaEntry> = {
         operation: {
           type: 'string',
           description: 'The file operation to perform.',
-          enum: ['create', 'append', 'update', 'delete', 'rename', 'patch'],
+          enum: ['append', 'update', 'patch'],
         },
         target: {
           type: 'object',
@@ -2916,7 +2907,7 @@ export const TOOL_RUNTIME_SCHEMAS: Record<string, ToolRuntimeSchemaEntry> = {
             'New file name for rename. Must be a plain workspace filename like "main.py".',
         },
       },
-      required: ['operation'],
+      required: ['operation', 'target', 'title'],
     },
     resultSchema: {
       type: 'object',
diff --git a/apps/sim/lib/copilot/request/session/buffer.ts b/apps/sim/lib/copilot/request/session/buffer.ts
index 352946b1a66..6ee42bedc97 100644
--- a/apps/sim/lib/copilot/request/session/buffer.ts
+++ b/apps/sim/lib/copilot/request/session/buffer.ts
@@ -1,7 +1,7 @@
 import { createLogger } from '@sim/logger'
 import { toError } from '@sim/utils/errors'
 import { sleep } from '@sim/utils/helpers'
-import { env } from '@/lib/core/config/env'
+import { env, envNumber } from '@/lib/core/config/env'
 import { getRedisClient } from '@/lib/core/config/redis'
 import {
   type PersistedStreamEventEnvelope,
@@ -40,19 +40,11 @@ export type StreamConfig = {
 
 export function getStreamConfig(): StreamConfig {
   return {
-    ttlSeconds: parsePositiveNumber(env.COPILOT_STREAM_TTL_SECONDS, DEFAULT_TTL_SECONDS),
-    eventLimit: parsePositiveNumber(env.COPILOT_STREAM_EVENT_LIMIT, DEFAULT_EVENT_LIMIT),
+    ttlSeconds: envNumber(env.COPILOT_STREAM_TTL_SECONDS, DEFAULT_TTL_SECONDS, { min: 1 }),
+    eventLimit: envNumber(env.COPILOT_STREAM_EVENT_LIMIT, DEFAULT_EVENT_LIMIT, { min: 1 }),
   }
 }
 
-function parsePositiveNumber(value: number | string | undefined, fallback: number) {
-  if (typeof value === 'number' && Number.isFinite(value) && value > 0) {
-    return value
-  }
-  const parsed = Number(value)
-  return Number.isFinite(parsed) && parsed > 0 ? parsed : fallback
-}
-
 async function withRedisRetry<T>(
   metadata: RedisOperationMetadata,
   operation: (redis: NonNullable<ReturnType<typeof getRedisClient>>) => Promise<T>
diff --git a/apps/sim/lib/copilot/tools/handlers/function-execute.ts b/apps/sim/lib/copilot/tools/handlers/function-execute.ts
index 61cf5ed6219..8d6139d4c56 100644
--- a/apps/sim/lib/copilot/tools/handlers/function-execute.ts
+++ b/apps/sim/lib/copilot/tools/handlers/function-execute.ts
@@ -1,7 +1,7 @@
 import { createLogger } from '@sim/logger'
 import { getTableById, queryRows } from '@/lib/table/service'
 import {
-  downloadWorkspaceFile,
+  fetchWorkspaceFileBuffer,
   findWorkspaceFileRecord,
   getSandboxWorkspaceFilePath,
   listWorkspaceFiles,
@@ -44,7 +44,7 @@ async function resolveInputFiles(
         logger.warn('Total input size limit reached')
         break
       }
-      const buffer = await downloadWorkspaceFile(record)
+      const buffer = await fetchWorkspaceFileBuffer(record)
       totalSize += buffer.length
       const isText = /^text\/|application\/json|application\/xml|application\/csv/.test(
         record.type || ''
diff --git a/apps/sim/lib/copilot/tools/handlers/management/manage-credential.ts b/apps/sim/lib/copilot/tools/handlers/management/manage-credential.ts
index 5f5f4574747..4f77ce3a854 100644
--- a/apps/sim/lib/copilot/tools/handlers/management/manage-credential.ts
+++ b/apps/sim/lib/copilot/tools/handlers/management/manage-credential.ts
@@ -4,6 +4,7 @@ import { toError } from '@sim/utils/errors'
 import { eq } from 'drizzle-orm'
 import type { ExecutionContext, ToolCallResult } from '@/lib/copilot/request/types'
 import { getCredentialActorContext } from '@/lib/credentials/access'
+import { deleteCredential } from '@/lib/credentials/deletion'
 
 export function executeManageCredential(
   rawParams: Record<string, unknown>,
@@ -71,7 +72,11 @@ export function executeManageCredential(
               failed.push(id)
               continue
             }
-            await db.delete(credential).where(eq(credential.id, id))
+            await deleteCredential({
+              credentialId: id,
+              actorId: context.userId,
+              reason: 'copilot_delete',
+            })
             deleted.push(id)
           }
 
diff --git a/apps/sim/lib/copilot/tools/handlers/materialize-file.ts b/apps/sim/lib/copilot/tools/handlers/materialize-file.ts
index b6c2056fb33..d53f0c80158 100644
--- a/apps/sim/lib/copilot/tools/handlers/materialize-file.ts
+++ b/apps/sim/lib/copilot/tools/handlers/materialize-file.ts
@@ -8,7 +8,7 @@ import { and, eq, isNull } from 'drizzle-orm'
 import type { ExecutionContext, ToolCallResult } from '@/lib/copilot/request/types'
 import { findMothershipUploadRowByChatAndName } from '@/lib/copilot/tools/handlers/upload-file-reader'
 import { getServePathPrefix } from '@/lib/uploads'
-import { downloadWorkspaceFile } from '@/lib/uploads/contexts/workspace/workspace-file-manager'
+import { fetchWorkspaceFileBuffer } from '@/lib/uploads/contexts/workspace/workspace-file-manager'
 import { parseWorkflowJson } from '@/lib/workflows/operations/import-export'
 import { saveWorkflowToNormalizedTables } from '@/lib/workflows/persistence/utils'
 import { deduplicateWorkflowName } from '@/lib/workflows/utils'
@@ -83,7 +83,7 @@ async function executeImport(
     }
   }
 
-  const buffer = await downloadWorkspaceFile(toFileRecord(row))
+  const buffer = await fetchWorkspaceFileBuffer(toFileRecord(row))
   const content = buffer.toString('utf-8')
 
   let parsed: unknown
diff --git a/apps/sim/lib/copilot/tools/server/files/file-preview.ts b/apps/sim/lib/copilot/tools/server/files/file-preview.ts
index 43409613fb6..ecb9fdf08e2 100644
--- a/apps/sim/lib/copilot/tools/server/files/file-preview.ts
+++ b/apps/sim/lib/copilot/tools/server/files/file-preview.ts
@@ -1,7 +1,7 @@
 import { createLogger } from '@sim/logger'
 import { toError } from '@sim/utils/errors'
 import {
-  downloadWorkspaceFile,
+  fetchWorkspaceFileBuffer,
   getWorkspaceFile,
 } from '@/lib/uploads/contexts/workspace/workspace-file-manager'
 
@@ -148,7 +148,7 @@ export async function loadWorkspaceFileTextForPreview(
   try {
     const record = await getWorkspaceFile(workspaceId, fileId)
     if (!record) return undefined
-    const buffer = await downloadWorkspaceFile(record)
+    const buffer = await fetchWorkspaceFileBuffer(record)
     return buffer.toString('utf-8')
   } catch (error) {
     logger.warn('Failed to load workspace file text for preview', {
diff --git a/apps/sim/lib/copilot/tools/server/files/workspace-file.ts b/apps/sim/lib/copilot/tools/server/files/workspace-file.ts
index 23f7753cac5..5bbe8e3ddd8 100644
--- a/apps/sim/lib/copilot/tools/server/files/workspace-file.ts
+++ b/apps/sim/lib/copilot/tools/server/files/workspace-file.ts
@@ -9,7 +9,7 @@ import {
 import { runSandboxTask } from '@/lib/execution/sandbox/run-task'
 import {
   deleteWorkspaceFile,
-  downloadWorkspaceFile as downloadWsFile,
+  fetchWorkspaceFileBuffer as downloadWsFile,
   getWorkspaceFile,
   getWorkspaceFileByName,
   renameWorkspaceFile,
diff --git a/apps/sim/lib/copilot/tools/server/image/generate-image.ts b/apps/sim/lib/copilot/tools/server/image/generate-image.ts
index ec97898cc5c..e745da95678 100644
--- a/apps/sim/lib/copilot/tools/server/image/generate-image.ts
+++ b/apps/sim/lib/copilot/tools/server/image/generate-image.ts
@@ -10,7 +10,7 @@ import {
 import { getRotatingApiKey } from '@/lib/core/config/api-keys'
 import { getServePathPrefix } from '@/lib/uploads'
 import {
-  downloadWorkspaceFile,
+  fetchWorkspaceFileBuffer,
   getWorkspaceFile,
   updateWorkspaceFileContent,
   uploadWorkspaceFile,
@@ -94,7 +94,7 @@ export const generateImageServerTool: BaseServerTool<GenerateImageArgs, Generate
             const fileRecord = await getWorkspaceFile(workspaceId, fileId)
             if (fileRecord) {
               referenceRecords.push({ id: fileRecord.id, name: fileRecord.name })
-              const buffer = await downloadWorkspaceFile(fileRecord)
+              const buffer = await fetchWorkspaceFileBuffer(fileRecord)
               const base64 = buffer.toString('base64')
               const mime = fileRecord.type || 'image/png'
               parts.push({
diff --git a/apps/sim/lib/copilot/tools/server/table/user-table.test.ts b/apps/sim/lib/copilot/tools/server/table/user-table.test.ts
index ecb8337380a..17adbcc4449 100644
--- a/apps/sim/lib/copilot/tools/server/table/user-table.test.ts
+++ b/apps/sim/lib/copilot/tools/server/table/user-table.test.ts
@@ -26,7 +26,7 @@ vi.mock('@sim/utils/id', () => ({
 
 vi.mock('@/lib/uploads/contexts/workspace/workspace-file-manager', () => ({
   resolveWorkspaceFileReference: mockResolveWorkspaceFileReference,
-  downloadWorkspaceFile: mockDownloadWorkspaceFile,
+  fetchWorkspaceFileBuffer: mockDownloadWorkspaceFile,
 }))
 
 vi.mock('@/lib/table/service', () => ({
diff --git a/apps/sim/lib/copilot/tools/server/table/user-table.ts b/apps/sim/lib/copilot/tools/server/table/user-table.ts
index 07c0daab406..22c807dfdba 100644
--- a/apps/sim/lib/copilot/tools/server/table/user-table.ts
+++ b/apps/sim/lib/copilot/tools/server/table/user-table.ts
@@ -19,8 +19,11 @@ import {
   sanitizeName,
   validateMapping,
 } from '@/lib/table'
+import { columnTypeForLeaf, deriveOutputColumnName } from '@/lib/table/column-naming'
 import {
   addTableColumn,
+  addWorkflowGroup,
+  addWorkflowGroupOutput,
   batchInsertRows,
   batchUpdateRows,
   createTable,
@@ -30,6 +33,8 @@ import {
   deleteRowsByFilter,
   deleteRowsByIds,
   deleteTable,
+  deleteWorkflowGroup,
+  deleteWorkflowGroupOutput,
   getRowById,
   getTableById,
   insertRow,
@@ -41,12 +46,26 @@ import {
   updateColumnType,
   updateRow,
   updateRowsByFilter,
+  updateWorkflowGroup,
 } from '@/lib/table/service'
-import type { RowData, TableDefinition } from '@/lib/table/types'
+import type {
+  ColumnDefinition,
+  RowData,
+  TableDefinition,
+  WorkflowGroup,
+  WorkflowGroupDependencies,
+  WorkflowGroupOutput,
+} from '@/lib/table/types'
+import { cancelWorkflowGroupRuns, triggerWorkflowGroupRun } from '@/lib/table/workflow-columns'
 import {
-  downloadWorkspaceFile,
+  fetchWorkspaceFileBuffer,
   resolveWorkspaceFileReference,
 } from '@/lib/uploads/contexts/workspace/workspace-file-manager'
+import {
+  type FlattenedBlockOutput,
+  flattenWorkflowOutputs,
+} from '@/lib/workflows/blocks/flatten-outputs'
+import { loadWorkflowFromNormalizedTables } from '@/lib/workflows/persistence/utils'
 
 const logger = createLogger('UserTableServerTool')
 
@@ -73,7 +92,7 @@ async function resolveWorkspaceFile(
       `File not found: "${fileReference}". Use glob("files/by-id/*/meta.json") to list canonical file IDs.`
     )
   }
-  const buffer = await downloadWorkspaceFile(record)
+  const buffer = await fetchWorkspaceFileBuffer(record)
   return { buffer, name: record.name, type: record.type }
 }
 
@@ -110,6 +129,48 @@ function sanitizeJsonHeaders(
   }
 }
 
+/**
+ * Loads the live workflow state and flattens it into pickable outputs. Used
+ * to validate `(blockId, path)` pairs the AI passes to add/update_workflow_group
+ * before they get stored as stale references — and to power `list_workflow_outputs`
+ * so the AI can discover valid picks instead of guessing.
+ */
+async function loadFlattenedWorkflowOutputs(
+  workflowId: string
+): Promise<FlattenedBlockOutput[] | null> {
+  const normalized = await loadWorkflowFromNormalizedTables(workflowId)
+  if (!normalized) return null
+  const blocks = Object.values(normalized.blocks ?? {}).map((b) => ({
+    id: b.id,
+    type: b.type,
+    name: b.name,
+    triggerMode: (b as { triggerMode?: boolean }).triggerMode,
+    subBlocks: b.subBlocks as Record<string, unknown> | undefined,
+  }))
+  return flattenWorkflowOutputs(blocks, normalized.edges ?? [])
+}
+
+/**
+ * Validates a list of `(blockId, path)` outputs against the live workflow.
+ * Returns `null` on success; on failure returns an error message that lists
+ * the valid options so the AI can retry without guessing again.
+ */
+function validateOutputsAgainstWorkflow(
+  outputs: Array<{ blockId: string; path: string }>,
+  flattened: FlattenedBlockOutput[],
+  workflowId: string
+): string | null {
+  const valid = new Set(flattened.map((f) => `${f.blockId}::${f.path}`))
+  const invalid = outputs.filter((o) => !valid.has(`${o.blockId}::${o.path}`))
+  if (invalid.length === 0) return null
+  const sample = flattened
+    .slice(0, 12)
+    .map((f) => `  - ${f.blockId} (${f.blockName}) → ${f.path}`)
+    .join('\n')
+  const invalidList = invalid.map((o) => `  - ${o.blockId} → ${o.path}`).join('\n')
+  return `Invalid output(s) for workflow ${workflowId}:\n${invalidList}\n\nValid options${flattened.length > 12 ? ' (first 12)' : ''}:\n${sample}\n\nCall list_workflow_outputs with workflowId="${workflowId}" to see all valid (blockId, path) picks.`
+}
+
 async function parseJsonRows(
   buffer: Buffer
 ): Promise<{ headers: string[]; rows: Record<string, unknown>[] }> {
@@ -255,7 +316,11 @@ export const userTableServerTool: BaseServerTool<UserTableArgs, UserTableResult>
           return {
             success: true,
             message: `Schema for "${table.name}"`,
-            data: { name: table.name, columns: table.schema.columns },
+            data: {
+              name: table.name,
+              columns: table.schema.columns,
+              workflowGroups: table.schema.workflowGroups ?? [],
+            },
           }
         }
 
@@ -455,6 +520,11 @@ export const userTableServerTool: BaseServerTool<UserTableArgs, UserTableResult>
             table,
             requestId
           )
+          if (!updatedRow) {
+            // Only the cell-task path passes a `cancellationGuard`; this caller
+            // doesn't, so the guard never trips here. Defensive narrowing.
+            return { success: false, message: 'Row update was skipped' }
+          }
 
           return {
             success: true,
@@ -1037,6 +1107,348 @@ export const userTableServerTool: BaseServerTool<UserTableArgs, UserTableResult>
           }
         }
 
+        case 'list_workflow_outputs': {
+          if (!workspaceId) return { success: false, message: 'Workspace ID is required' }
+          const workflowId = args.workflowId as string | undefined
+          if (!workflowId) {
+            return {
+              success: false,
+              message: 'workflowId is required for list_workflow_outputs',
+            }
+          }
+          const flattened = await loadFlattenedWorkflowOutputs(workflowId)
+          if (!flattened) {
+            return {
+              success: false,
+              message: `Workflow not found or has no blocks: ${workflowId}`,
+            }
+          }
+          return {
+            success: true,
+            message: `Found ${flattened.length} output path(s) across the workflow's blocks`,
+            data: { workflowId, outputs: flattened },
+          }
+        }
+
+        case 'add_workflow_group': {
+          if (!args.tableId) return { success: false, message: 'Table ID is required' }
+          if (!workspaceId) return { success: false, message: 'Workspace ID is required' }
+          const workflowId = args.workflowId as string | undefined
+          if (!workflowId) {
+            return { success: false, message: 'workflowId is required for add_workflow_group' }
+          }
+          const rawOutputs = args.outputs as
+            | Array<{
+                blockId: string
+                path: string
+                columnName?: string
+                columnType?: string
+              }>
+            | undefined
+          if (!rawOutputs || rawOutputs.length === 0) {
+            return {
+              success: false,
+              message: 'outputs array (with blockId + path entries) is required',
+            }
+          }
+          const tableForGroup = await getTableById(args.tableId)
+          if (!tableForGroup || tableForGroup.workspaceId !== workspaceId) {
+            return { success: false, message: `Table not found: ${args.tableId}` }
+          }
+
+          for (const o of rawOutputs) {
+            if (!o.blockId || !o.path) {
+              return {
+                success: false,
+                message: 'Each output entry must include both blockId and path',
+              }
+            }
+          }
+
+          const flattened = await loadFlattenedWorkflowOutputs(workflowId)
+          if (!flattened) {
+            return {
+              success: false,
+              message: `Workflow not found or has no blocks: ${workflowId}`,
+            }
+          }
+          const validationError = validateOutputsAgainstWorkflow(
+            rawOutputs.map((o) => ({ blockId: o.blockId, path: o.path })),
+            flattened,
+            workflowId
+          )
+          if (validationError) {
+            return { success: false, message: validationError }
+          }
+          const leafTypeByKey = new Map(
+            flattened.map((f) => [`${f.blockId}::${f.path}`, f.leafType])
+          )
+
+          const taken = new Set(tableForGroup.schema.columns.map((c) => c.name))
+          const groupId = generateId()
+          const outputs: WorkflowGroupOutput[] = []
+          const outputColumns: ColumnDefinition[] = []
+          for (const o of rawOutputs) {
+            const colName = o.columnName ?? deriveOutputColumnName(o.path, taken)
+            taken.add(colName)
+            outputs.push({ blockId: o.blockId, path: o.path, columnName: colName })
+            const leafType = o.columnType ?? leafTypeByKey.get(`${o.blockId}::${o.path}`)
+            outputColumns.push({
+              name: colName,
+              type: columnTypeForLeaf(leafType),
+              required: false,
+              unique: false,
+              workflowGroupId: groupId,
+            })
+          }
+          const dependencies = args.dependencies as WorkflowGroupDependencies | undefined
+          const name = args.name as string | undefined
+          const group: WorkflowGroup = {
+            id: groupId,
+            workflowId,
+            ...(name ? { name } : {}),
+            ...(dependencies ? { dependencies } : {}),
+            outputs,
+          }
+          const requestId = generateId().slice(0, 8)
+          assertNotAborted()
+          // Mothership stages groups silently by default — the AI may add more
+          // columns or update deps before the user wants rows to fire. Caller
+          // can opt in by passing `autoRun: true`.
+          const autoRun = args.autoRun === true
+          const updated = await addWorkflowGroup(
+            { tableId: args.tableId, group, outputColumns, autoRun },
+            requestId
+          )
+          return {
+            success: true,
+            message: `Added workflow group "${name ?? groupId}" with ${outputs.length} output column(s)`,
+            data: {
+              groupId,
+              schema: updated.schema,
+            },
+          }
+        }
+
+        case 'update_workflow_group': {
+          if (!args.tableId) return { success: false, message: 'Table ID is required' }
+          if (!workspaceId) return { success: false, message: 'Workspace ID is required' }
+          const groupId = args.groupId as string | undefined
+          if (!groupId) {
+            return { success: false, message: 'groupId is required for update_workflow_group' }
+          }
+          const tableForUpdate = await getTableById(args.tableId)
+          if (!tableForUpdate || tableForUpdate.workspaceId !== workspaceId) {
+            return { success: false, message: `Table not found: ${args.tableId}` }
+          }
+          const updateOutputs = args.outputs as WorkflowGroupOutput[] | undefined
+          if (updateOutputs && updateOutputs.length > 0) {
+            // Resolve which workflow these outputs apply to: explicit override
+            // wins, else the existing group's workflowId.
+            const existingGroup = tableForUpdate.schema.workflowGroups?.find(
+              (g) => g.id === groupId
+            )
+            const targetWorkflowId =
+              (args.workflowId as string | undefined) ?? existingGroup?.workflowId
+            if (!targetWorkflowId) {
+              return {
+                success: false,
+                message: `Cannot validate outputs — workflow group ${groupId} not found and no workflowId provided`,
+              }
+            }
+            const flattened = await loadFlattenedWorkflowOutputs(targetWorkflowId)
+            if (!flattened) {
+              return {
+                success: false,
+                message: `Workflow not found or has no blocks: ${targetWorkflowId}`,
+              }
+            }
+            const validationError = validateOutputsAgainstWorkflow(
+              updateOutputs.map((o) => ({ blockId: o.blockId, path: o.path })),
+              flattened,
+              targetWorkflowId
+            )
+            if (validationError) {
+              return { success: false, message: validationError }
+            }
+          }
+          const requestId = generateId().slice(0, 8)
+          assertNotAborted()
+          const updated = await updateWorkflowGroup(
+            {
+              tableId: args.tableId,
+              groupId,
+              workflowId: args.workflowId as string | undefined,
+              name: args.name as string | undefined,
+              dependencies: args.dependencies as WorkflowGroupDependencies | undefined,
+              outputs: updateOutputs,
+              newOutputColumns: args.newOutputColumns as ColumnDefinition[] | undefined,
+            },
+            requestId
+          )
+          return {
+            success: true,
+            message: `Updated workflow group ${groupId}`,
+            data: { schema: updated.schema },
+          }
+        }
+
+        case 'delete_workflow_group': {
+          if (!args.tableId) return { success: false, message: 'Table ID is required' }
+          if (!workspaceId) return { success: false, message: 'Workspace ID is required' }
+          const groupId = args.groupId as string | undefined
+          if (!groupId) {
+            return { success: false, message: 'groupId is required for delete_workflow_group' }
+          }
+          const tableForDelete = await getTableById(args.tableId)
+          if (!tableForDelete || tableForDelete.workspaceId !== workspaceId) {
+            return { success: false, message: `Table not found: ${args.tableId}` }
+          }
+          const requestId = generateId().slice(0, 8)
+          assertNotAborted()
+          const updated = await deleteWorkflowGroup({ tableId: args.tableId, groupId }, requestId)
+          return {
+            success: true,
+            message: `Deleted workflow group ${groupId}`,
+            data: { schema: updated.schema },
+          }
+        }
+
+        case 'add_workflow_group_output': {
+          if (!args.tableId) return { success: false, message: 'Table ID is required' }
+          if (!workspaceId) return { success: false, message: 'Workspace ID is required' }
+          const groupId = args.groupId as string | undefined
+          const blockId = args.blockId as string | undefined
+          const path = args.path as string | undefined
+          const columnName = args.columnName as string | undefined
+          if (!groupId || !blockId || !path) {
+            return {
+              success: false,
+              message: 'groupId, blockId, and path are required for add_workflow_group_output',
+            }
+          }
+          const tableForAdd = await getTableById(args.tableId)
+          if (!tableForAdd || tableForAdd.workspaceId !== workspaceId) {
+            return { success: false, message: `Table not found: ${args.tableId}` }
+          }
+          const requestId = generateId().slice(0, 8)
+          assertNotAborted()
+          const updated = await addWorkflowGroupOutput(
+            { tableId: args.tableId, groupId, blockId, path, columnName },
+            requestId
+          )
+          return {
+            success: true,
+            message: `Added output to workflow group ${groupId}`,
+            data: { schema: updated.schema },
+          }
+        }
+
+        case 'delete_workflow_group_output': {
+          if (!args.tableId) return { success: false, message: 'Table ID is required' }
+          if (!workspaceId) return { success: false, message: 'Workspace ID is required' }
+          const groupId = args.groupId as string | undefined
+          const columnName = args.columnName as string | undefined
+          if (!groupId || !columnName) {
+            return {
+              success: false,
+              message: 'groupId and columnName are required for delete_workflow_group_output',
+            }
+          }
+          const tableForRemove = await getTableById(args.tableId)
+          if (!tableForRemove || tableForRemove.workspaceId !== workspaceId) {
+            return { success: false, message: `Table not found: ${args.tableId}` }
+          }
+          const requestId = generateId().slice(0, 8)
+          assertNotAborted()
+          const updated = await deleteWorkflowGroupOutput(
+            { tableId: args.tableId, groupId, columnName },
+            requestId
+          )
+          return {
+            success: true,
+            message: `Removed output "${columnName}" from workflow group ${groupId}`,
+            data: { schema: updated.schema },
+          }
+        }
+
+        case 'run_workflow_group': {
+          if (!args.tableId) return { success: false, message: 'Table ID is required' }
+          if (!workspaceId) return { success: false, message: 'Workspace ID is required' }
+          const groupId = args.groupId as string | undefined
+          if (!groupId) {
+            return { success: false, message: 'groupId is required for run_workflow_group' }
+          }
+          const runMode = (args.runMode as 'all' | 'incomplete' | undefined) ?? 'incomplete'
+          if (runMode !== 'all' && runMode !== 'incomplete') {
+            return {
+              success: false,
+              message: `Invalid runMode "${runMode}". Must be "all" or "incomplete"`,
+            }
+          }
+          const rawRowIds = args.rowIds as unknown
+          let rowIds: string[] | undefined
+          if (rawRowIds !== undefined) {
+            if (
+              !Array.isArray(rawRowIds) ||
+              rawRowIds.length === 0 ||
+              rawRowIds.some((id) => typeof id !== 'string' || id.length === 0)
+            ) {
+              return {
+                success: false,
+                message: 'rowIds must be a non-empty array of row id strings',
+              }
+            }
+            rowIds = rawRowIds as string[]
+          }
+          const requestId = generateId().slice(0, 8)
+          assertNotAborted()
+          const { triggered } = await triggerWorkflowGroupRun({
+            tableId: args.tableId,
+            groupId,
+            workspaceId,
+            mode: runMode,
+            requestId,
+            rowIds,
+          })
+          const scopeLabel = rowIds ? `${rowIds.length} row(s) by id` : runMode
+          return {
+            success: true,
+            message: `Triggered ${triggered} row(s) for workflow group ${groupId} (${scopeLabel})`,
+            data: { triggered },
+          }
+        }
+
+        case 'cancel_table_runs': {
+          if (!args.tableId) return { success: false, message: 'Table ID is required' }
+          if (!workspaceId) return { success: false, message: 'Workspace ID is required' }
+          const scope = (args.scope as 'all' | 'row' | undefined) ?? 'all'
+          if (scope !== 'all' && scope !== 'row') {
+            return {
+              success: false,
+              message: `Invalid scope "${scope}". Must be "all" or "row"`,
+            }
+          }
+          const rowId = args.rowId as string | undefined
+          if (scope === 'row' && !rowId) {
+            return { success: false, message: 'rowId is required when scope is "row"' }
+          }
+          const tableForCancel = await getTableById(args.tableId)
+          if (!tableForCancel || tableForCancel.workspaceId !== workspaceId) {
+            return { success: false, message: `Table not found: ${args.tableId}` }
+          }
+          assertNotAborted()
+          const cancelled = await cancelWorkflowGroupRuns(
+            args.tableId,
+            scope === 'row' ? rowId : undefined
+          )
+          return {
+            success: true,
+            message: `Cancelled ${cancelled} run(s)`,
+            data: { cancelled },
+          }
+        }
+
         default:
           return { success: false, message: `Unknown operation: ${operation}` }
       }
diff --git a/apps/sim/lib/copilot/tools/server/visualization/generate-visualization.ts b/apps/sim/lib/copilot/tools/server/visualization/generate-visualization.ts
index b639f3f1fe4..bd979ee89b0 100644
--- a/apps/sim/lib/copilot/tools/server/visualization/generate-visualization.ts
+++ b/apps/sim/lib/copilot/tools/server/visualization/generate-visualization.ts
@@ -10,7 +10,7 @@ import { CodeLanguage } from '@/lib/execution/languages'
 import { getTableById, queryRows } from '@/lib/table/service'
 import { getServePathPrefix } from '@/lib/uploads'
 import {
-  downloadWorkspaceFile,
+  fetchWorkspaceFileBuffer,
   findWorkspaceFileRecord,
   getSandboxWorkspaceFilePath,
   getWorkspaceFile,
@@ -100,7 +100,7 @@ async function collectSandboxFiles(
         logger.warn('Sandbox input total size limit reached, skipping remaining files')
         break
       }
-      const buffer = await downloadWorkspaceFile(record)
+      const buffer = await fetchWorkspaceFileBuffer(record)
       totalSize += buffer.length
       const textContent = buffer.toString('utf-8')
       sandboxFiles.push({
diff --git a/apps/sim/lib/copilot/vfs/file-reader.test.ts b/apps/sim/lib/copilot/vfs/file-reader.test.ts
index 1e202d77d5f..f4326b32035 100644
--- a/apps/sim/lib/copilot/vfs/file-reader.test.ts
+++ b/apps/sim/lib/copilot/vfs/file-reader.test.ts
@@ -6,13 +6,13 @@ import { randomFillSync } from 'node:crypto'
 import { loggerMock } from '@sim/testing'
 import { describe, expect, it, vi } from 'vitest'
 
-const { downloadWorkspaceFile } = vi.hoisted(() => ({
-  downloadWorkspaceFile: vi.fn(),
+const { fetchWorkspaceFileBuffer } = vi.hoisted(() => ({
+  fetchWorkspaceFileBuffer: vi.fn(),
 }))
 
 vi.mock('@sim/logger', () => loggerMock)
 vi.mock('@/lib/uploads/contexts/workspace/workspace-file-manager', () => ({
-  downloadWorkspaceFile,
+  fetchWorkspaceFileBuffer,
 }))
 
 import { readFileRecord } from '@/lib/copilot/vfs/file-reader'
@@ -28,67 +28,38 @@ async function makeNoisePng(width: number, height: number): Promise<Buffer> {
     .toBuffer()
 }
 
-describe('readFileRecord', () => {
-  it('returns small images as attachments without resize note', async () => {
-    const sharp = (await import('sharp')).default
-    const smallPng = await sharp({
-      create: {
-        width: 200,
-        height: 200,
-        channels: 3,
-        background: { r: 255, g: 0, b: 0 },
-      },
-    })
-      .png()
-      .toBuffer()
-
-    downloadWorkspaceFile.mockResolvedValue(smallPng)
-
-    const result = await readFileRecord({
-      id: 'wf_small',
-      workspaceId: 'ws_1',
-      name: 'small.png',
-      key: 'uploads/small.png',
-      path: '/api/files/serve/uploads%2Fsmall.png?context=mothership',
-      size: smallPng.length,
-      type: 'image/png',
-      uploadedBy: 'user_1',
-      uploadedAt: new Date(),
-      deletedAt: null,
-      storageContext: 'mothership',
-    })
+const SHARP_TEST_TIMEOUT_MS = 30_000
 
-    expect(result?.attachment?.type).toBe('image')
-    expect(result?.attachment?.source.media_type).toBe('image/png')
-    expect(result?.content).not.toContain('resized for vision')
-    expect(Buffer.from(result?.attachment?.source.data ?? '', 'base64')).toEqual(smallPng)
-  })
-
-  it('downscales oversized images into attachments that fit the read limit', async () => {
-    const largePng = await makeNoisePng(1800, 1800)
-    expect(largePng.length).toBeGreaterThan(MAX_IMAGE_READ_BYTES)
+describe('readFileRecord', () => {
+  it(
+    'downscales oversized images into attachments that fit the read limit',
+    async () => {
+      const largePng = await makeNoisePng(1800, 1800)
+      expect(largePng.length).toBeGreaterThan(MAX_IMAGE_READ_BYTES)
 
-    downloadWorkspaceFile.mockResolvedValue(largePng)
+      fetchWorkspaceFileBuffer.mockResolvedValue(largePng)
 
-    const result = await readFileRecord({
-      id: 'wf_large',
-      workspaceId: 'ws_1',
-      name: 'chesspng.png',
-      key: 'uploads/chesspng.png',
-      path: '/api/files/serve/uploads%2Fchesspng.png?context=mothership',
-      size: largePng.length,
-      type: 'image/png',
-      uploadedBy: 'user_1',
-      uploadedAt: new Date(),
-      deletedAt: null,
-      storageContext: 'mothership',
-    })
+      const result = await readFileRecord({
+        id: 'wf_large',
+        workspaceId: 'ws_1',
+        name: 'chesspng.png',
+        key: 'uploads/chesspng.png',
+        path: '/api/files/serve/uploads%2Fchesspng.png?context=mothership',
+        size: largePng.length,
+        type: 'image/png',
+        uploadedBy: 'user_1',
+        uploadedAt: new Date(),
+        deletedAt: null,
+        storageContext: 'mothership',
+      })
 
-    expect(result?.attachment?.type).toBe('image')
-    expect(result?.content).toContain('resized for vision')
+      expect(result?.attachment?.type).toBe('image')
+      expect(result?.content).toContain('resized for vision')
 
-    const decoded = Buffer.from(result?.attachment?.source.data ?? '', 'base64')
-    expect(decoded.length).toBeLessThanOrEqual(MAX_IMAGE_READ_BYTES)
-    expect(result?.attachment?.source.media_type).toMatch(/^image\/(jpeg|webp|png)$/)
-  })
+      const decoded = Buffer.from(result?.attachment?.source.data ?? '', 'base64')
+      expect(decoded.length).toBeLessThanOrEqual(MAX_IMAGE_READ_BYTES)
+      expect(result?.attachment?.source.media_type).toMatch(/^image\/(jpeg|webp|png)$/)
+    },
+    SHARP_TEST_TIMEOUT_MS
+  )
 })
diff --git a/apps/sim/lib/copilot/vfs/file-reader.ts b/apps/sim/lib/copilot/vfs/file-reader.ts
index 874d67ee7c2..ba464a4c945 100644
--- a/apps/sim/lib/copilot/vfs/file-reader.ts
+++ b/apps/sim/lib/copilot/vfs/file-reader.ts
@@ -11,7 +11,7 @@ import { TraceEvent } from '@/lib/copilot/generated/trace-events-v1'
 import { TraceSpan } from '@/lib/copilot/generated/trace-spans-v1'
 import { markSpanForError } from '@/lib/copilot/request/otel'
 import type { WorkspaceFileRecord } from '@/lib/uploads/contexts/workspace/workspace-file-manager'
-import { downloadWorkspaceFile } from '@/lib/uploads/contexts/workspace/workspace-file-manager'
+import { fetchWorkspaceFileBuffer } from '@/lib/uploads/contexts/workspace/workspace-file-manager'
 import { isImageFileType } from '@/lib/uploads/utils/file-utils'
 
 // Lazy tracer (same pattern as lib/copilot/request/otel.ts).
@@ -294,7 +294,7 @@ export async function readFileRecord(record: WorkspaceFileRecord): Promise<FileR
       try {
         if (isImageFileType(record.type)) {
           span.setAttribute(TraceAttr.CopilotVfsReadPath, CopilotVfsReadPath.Image)
-          const originalBuffer = await downloadWorkspaceFile(record)
+          const originalBuffer = await fetchWorkspaceFileBuffer(record)
           const prepared = await prepareImageForVision(originalBuffer, record.type)
           if (!prepared) {
             span.setAttribute(TraceAttr.CopilotVfsReadOutcome, CopilotVfsReadOutcome.ImageTooLarge)
@@ -335,7 +335,7 @@ export async function readFileRecord(record: WorkspaceFileRecord): Promise<FileR
             }
           }
 
-          const buffer = await downloadWorkspaceFile(record)
+          const buffer = await fetchWorkspaceFileBuffer(record)
           const content = buffer.toString('utf-8')
           const lines = content.split('\n').length
           span.setAttributes({
@@ -359,7 +359,7 @@ export async function readFileRecord(record: WorkspaceFileRecord): Promise<FileR
               totalLines: 1,
             }
           }
-          const buffer = await downloadWorkspaceFile(record)
+          const buffer = await fetchWorkspaceFileBuffer(record)
           try {
             const { parseBuffer } = await import('@/lib/file-parsers')
             const result = await parseBuffer(buffer, ext)
diff --git a/apps/sim/lib/copilot/vfs/workspace-vfs.ts b/apps/sim/lib/copilot/vfs/workspace-vfs.ts
index 76ee6ab96cc..5ab975876c7 100644
--- a/apps/sim/lib/copilot/vfs/workspace-vfs.ts
+++ b/apps/sim/lib/copilot/vfs/workspace-vfs.ts
@@ -64,7 +64,7 @@ import { getKnowledgeBases } from '@/lib/knowledge/service'
 import { validateMermaidSource } from '@/lib/mermaid/validate'
 import { listTables } from '@/lib/table/service'
 import {
-  downloadWorkspaceFile,
+  fetchWorkspaceFileBuffer,
   findWorkspaceFileRecord,
   getWorkspaceFile,
   listWorkspaceFiles,
@@ -473,7 +473,7 @@ export class WorkspaceVFS {
         const taskId = BINARY_DOC_TASKS[ext]
         const isMermaidFile = ext === 'mmd' || ext === 'mermaid'
         if (!taskId && !isMermaidFile) return null
-        const buffer = await downloadWorkspaceFile(record)
+        const buffer = await fetchWorkspaceFileBuffer(record)
         const code = buffer.toString('utf-8')
         if (Buffer.byteLength(code, 'utf-8') > MAX_DOCUMENT_PREVIEW_CODE_BYTES) {
           return {
@@ -520,7 +520,7 @@ export class WorkspaceVFS {
         const rawExt = record.name.split('.').pop()?.toLowerCase()
         if (rawExt !== 'docx' && rawExt !== 'pptx') return null
         const ext: 'docx' | 'pptx' = rawExt
-        const buffer = await downloadWorkspaceFile(record)
+        const buffer = await fetchWorkspaceFileBuffer(record)
         const summary = await extractDocumentStyle(buffer, ext)
         if (!summary) return null
         const json = JSON.stringify(summary, null, 2)
diff --git a/apps/sim/lib/core/async-jobs/backends/database.ts b/apps/sim/lib/core/async-jobs/backends/database.ts
index 3c8f27327cf..b11ee70b148 100644
--- a/apps/sim/lib/core/async-jobs/backends/database.ts
+++ b/apps/sim/lib/core/async-jobs/backends/database.ts
@@ -2,6 +2,7 @@ import { asyncJobs, db } from '@sim/db'
 import { createLogger } from '@sim/logger'
 import { generateId } from '@sim/utils/id'
 import { eq, sql } from 'drizzle-orm'
+import { abortInlineJob } from '@/lib/core/async-jobs/inline-abort'
 import {
   type EnqueueOptions,
   JOB_STATUS,
@@ -111,4 +112,25 @@ export class DatabaseJobQueue implements JobQueueBackend {
 
     logger.debug('Marked job as failed', { jobId })
   }
+
+  async cancelJob(jobId: string): Promise<void> {
+    // Abort any in-process inline execution first so the running workflow
+    // observes the signal and stops mid-flight. Then mark the row failed so
+    // any future poller skips it. The DB queue is single-process / dev-only,
+    // so an in-memory registry is sufficient for cross-call abort.
+    const aborted = abortInlineJob(jobId)
+
+    const now = new Date()
+    await db
+      .update(asyncJobs)
+      .set({
+        status: JOB_STATUS.FAILED,
+        completedAt: now,
+        error: 'Cancelled',
+        updatedAt: now,
+      })
+      .where(eq(asyncJobs.id, jobId))
+
+    logger.debug('Marked job as cancelled (DB queue)', { jobId, abortedInline: aborted })
+  }
 }
diff --git a/apps/sim/lib/core/async-jobs/backends/trigger-dev.ts b/apps/sim/lib/core/async-jobs/backends/trigger-dev.ts
index adff1cd0df5..cff02f218d0 100644
--- a/apps/sim/lib/core/async-jobs/backends/trigger-dev.ts
+++ b/apps/sim/lib/core/async-jobs/backends/trigger-dev.ts
@@ -20,6 +20,7 @@ const JOB_TYPE_TO_TASK_ID: Record<JobType, string> = {
   'schedule-execution': 'schedule-execution',
   'webhook-execution': 'webhook-execution',
   'resume-execution': 'resume-execution',
+  'workflow-group-cell': 'workflow-group-cell',
   'cleanup-logs': 'cleanup-logs',
   'cleanup-soft-deletes': 'cleanup-soft-deletes',
   'cleanup-tasks': 'cleanup-tasks',
@@ -71,7 +72,10 @@ export class TriggerDevJobQueue implements JobQueueBackend {
         : payload
 
     const tags = buildTags(options)
-    const handle = await tasks.trigger(taskId, enrichedPayload, tags.length > 0 ? { tags } : {})
+    const triggerOptions: Parameters<typeof tasks.trigger>[2] = {}
+    if (tags.length > 0) triggerOptions.tags = tags
+    if (options?.concurrencyKey) triggerOptions.concurrencyKey = options.concurrencyKey
+    const handle = await tasks.trigger(taskId, enrichedPayload, triggerOptions)
 
     logger.debug('Enqueued job via trigger.dev', { jobId: handle.id, type, taskId, tags })
     return handle.id
@@ -125,6 +129,23 @@ export class TriggerDevJobQueue implements JobQueueBackend {
   async completeJob(_jobId: string, _output: unknown): Promise<void> {}
 
   async markJobFailed(_jobId: string, _error: string): Promise<void> {}
+
+  async cancelJob(jobId: string): Promise<void> {
+    try {
+      await runs.cancel(jobId)
+      logger.debug('Cancelled trigger.dev run', { jobId })
+    } catch (error) {
+      const isNotFound =
+        (error instanceof Error && error.message.toLowerCase().includes('not found')) ||
+        (error && typeof error === 'object' && 'status' in error && error.status === 404)
+      if (isNotFound) {
+        logger.debug('Cancel target not found in trigger.dev (already finished?)', { jobId })
+        return
+      }
+      logger.error('Failed to cancel trigger.dev run', { jobId, error })
+      throw error
+    }
+  }
 }
 
 /**
diff --git a/apps/sim/lib/core/async-jobs/inline-abort.ts b/apps/sim/lib/core/async-jobs/inline-abort.ts
new file mode 100644
index 00000000000..af4179da39f
--- /dev/null
+++ b/apps/sim/lib/core/async-jobs/inline-abort.ts
@@ -0,0 +1,35 @@
+/**
+ * Process-local registry of `AbortController`s for jobs running inline
+ * (i.e. on the same Node process that enqueued them — the database-backed
+ * queue path). The trigger.dev backend does not use this: cancellation there
+ * is handled by `runs.cancel(jobId)` which interrupts the worker.
+ *
+ * Wiring:
+ * - `runWorkflowColumn` registers a controller after enqueue (keyed by the
+ *   returned `jobId`) and passes its `signal` into the inline task body.
+ * - `DatabaseJobQueue.cancelJob` looks up the controller and aborts it so
+ *   the running workflow execution can observe the signal mid-flight.
+ * - The IIFE that owns the controller unregisters in `finally`.
+ */
+const inlineAbortControllers = new Map<string, AbortController>()
+
+export function registerInlineAbort(jobId: string, controller: AbortController): void {
+  inlineAbortControllers.set(jobId, controller)
+}
+
+export function unregisterInlineAbort(jobId: string): void {
+  inlineAbortControllers.delete(jobId)
+}
+
+/**
+ * Aborts the in-process controller for `jobId` if one is registered. Safe to
+ * call from `cancelJob` regardless of whether the job ran inline. Returns
+ * true if a controller was found and aborted.
+ */
+export function abortInlineJob(jobId: string, reason = 'Cancelled'): boolean {
+  const controller = inlineAbortControllers.get(jobId)
+  if (!controller) return false
+  controller.abort(reason)
+  inlineAbortControllers.delete(jobId)
+  return true
+}
diff --git a/apps/sim/lib/core/async-jobs/types.ts b/apps/sim/lib/core/async-jobs/types.ts
index 06a3e21086b..42be995c0c2 100644
--- a/apps/sim/lib/core/async-jobs/types.ts
+++ b/apps/sim/lib/core/async-jobs/types.ts
@@ -25,6 +25,7 @@ export type JobType =
   | 'schedule-execution'
   | 'webhook-execution'
   | 'resume-execution'
+  | 'workflow-group-cell'
   | 'cleanup-logs'
   | 'cleanup-soft-deletes'
   | 'cleanup-tasks'
@@ -75,6 +76,11 @@ export interface EnqueueOptions {
   name?: string
   delayMs?: number
   tags?: string[]
+  /**
+   * Trigger.dev concurrency key. Combined with the task's `queue.concurrencyLimit`,
+   * limits parallel runs sharing this key. The database backend ignores it.
+   */
+  concurrencyKey?: string
 }
 
 /**
@@ -106,6 +112,13 @@ export interface JobQueueBackend {
    * Mark a job as failed with error message
    */
   markJobFailed(jobId: string, error: string): Promise<void>
+
+  /**
+   * Request cancellation of a queued or running job. Best-effort: backends should
+   * fail loudly if the underlying provider rejects, but a missing/unknown jobId
+   * should resolve quietly so callers can drive cancel from possibly-stale state.
+   */
+  cancelJob(jobId: string): Promise<void>
 }
 
 export type AsyncBackendType = 'trigger-dev' | 'database'
diff --git a/apps/sim/lib/core/config/env.ts b/apps/sim/lib/core/config/env.ts
index 084523e11dc..969324591b0 100644
--- a/apps/sim/lib/core/config/env.ts
+++ b/apps/sim/lib/core/config/env.ts
@@ -60,6 +60,16 @@ export const env = createEnv({
     ENTERPRISE_STORAGE_LIMIT_GB:           z.number().optional().default(500),     // Default storage limit in GB for enterprise tier (can be overridden per org)
     BILLING_ENABLED:                       z.boolean().optional(),                 // Enable billing enforcement and usage tracking
 
+    // Table feature limits (per plan). Apply when billing is disabled (free tier defaults) or for billed plans.
+    FREE_TABLES_LIMIT:                     z.number().optional(),                  // Max user tables per workspace on free tier (default: 3)
+    FREE_TABLE_ROWS_LIMIT:                 z.number().optional(),                  // Max rows per table on free tier (default: 1000)
+    PRO_TABLES_LIMIT:                      z.number().optional(),                  // Max user tables per workspace on pro tier (default: 25)
+    PRO_TABLE_ROWS_LIMIT:                  z.number().optional(),                  // Max rows per table on pro tier (default: 5000)
+    TEAM_TABLES_LIMIT:                     z.number().optional(),                  // Max user tables per workspace on team tier (default: 100)
+    TEAM_TABLE_ROWS_LIMIT:                 z.number().optional(),                  // Max rows per table on team tier (default: 10000)
+    ENTERPRISE_TABLES_LIMIT:               z.number().optional(),                  // Max user tables per workspace on enterprise tier (default: 10000)
+    ENTERPRISE_TABLE_ROWS_LIMIT:           z.number().optional(),                  // Max rows per table on enterprise tier (default: 1000000)
+
     // Credit-tier Stripe prices (monthly)
     STRIPE_PRICE_TIER_25_MO:               z.string().min(1).optional(),           // Pro: $25/mo (6,000 credits)
     STRIPE_PRICE_TIER_100_MO:              z.string().min(1).optional(),           // Max: $100/mo (25,000 credits)
@@ -504,3 +514,27 @@ export const isFalsy = (value: string | boolean | number | undefined) =>
   typeof value === 'string' ? value.toLowerCase() === 'false' || value === '0' : value === false
 
 export { getEnv }
+
+/**
+ * Coerce an env-derived value to a finite number ≥ `min`, falling back to the
+ * provided default when the value is unset, empty, non-finite, or below `min`.
+ * `min` defaults to `0` so configs like `KB_CONFIG_DELAY_BETWEEN_BATCHES=0`
+ * (meaning "no delay / max throughput") are honored. Pass `min: 1` for configs
+ * where zero is invalid (e.g. Redis TTLs, capacity limits).
+ *
+ * `createEnv` is configured with `skipValidation: true`, so values declared as
+ * `z.number()` arrive as raw strings when sourced from `process.env` or Helm.
+ * Use this helper anywhere a numeric env override is consumed to normalize the
+ * type at the boundary instead of relying on JS implicit coercion.
+ */
+export function envNumber(
+  value: number | string | undefined | null,
+  fallback: number,
+  options: { min?: number } = {}
+): number {
+  const min = options.min ?? 0
+  if (typeof value === 'number' && Number.isFinite(value) && value >= min) return value
+  if (value === undefined || value === null || value === '') return fallback
+  const parsed = Number(value)
+  return Number.isFinite(parsed) && parsed >= min ? parsed : fallback
+}
diff --git a/apps/sim/lib/credentials/__tests__/deletion.test.ts b/apps/sim/lib/credentials/__tests__/deletion.test.ts
new file mode 100644
index 00000000000..b61f4bd8fed
--- /dev/null
+++ b/apps/sim/lib/credentials/__tests__/deletion.test.ts
@@ -0,0 +1,164 @@
+/**
+ * @vitest-environment node
+ */
+import { describe, expect, it } from 'vitest'
+import { clearCredentialInValue } from '@/lib/credentials/deletion'
+
+const TARGET = 'cred_target123'
+const OTHER = 'cred_other999'
+
+describe('clearCredentialInValue', () => {
+  it('clears matching subBlock value with id="credential"', () => {
+    const input = { id: 'credential', type: 'oauth-input', value: TARGET }
+    const result = clearCredentialInValue(input, TARGET)
+    expect(result.changed).toBe(true)
+    expect(result.value).toEqual({ id: 'credential', type: 'oauth-input', value: '' })
+  })
+
+  it('clears matching subBlock value with id="manualCredential"', () => {
+    const input = { id: 'manualCredential', type: 'short-input', value: TARGET }
+    const result = clearCredentialInValue(input, TARGET)
+    expect(result.changed).toBe(true)
+    expect(result.value).toEqual({ id: 'manualCredential', type: 'short-input', value: '' })
+  })
+
+  it('clears matching subBlock value with id="triggerCredentials"', () => {
+    const input = { id: 'triggerCredentials', value: TARGET }
+    const result = clearCredentialInValue(input, TARGET)
+    expect(result.changed).toBe(true)
+    expect((result.value as { value: string }).value).toBe('')
+  })
+
+  it('leaves unrelated subBlock value untouched', () => {
+    const input = { id: 'someOtherField', value: TARGET }
+    const result = clearCredentialInValue(input, TARGET)
+    expect(result.changed).toBe(false)
+    expect(result.value).toBe(input)
+  })
+
+  it('leaves matching subBlock with non-matching value untouched', () => {
+    const input = { id: 'credential', value: OTHER }
+    const result = clearCredentialInValue(input, TARGET)
+    expect(result.changed).toBe(false)
+    expect(result.value).toBe(input)
+  })
+
+  it('clears nested tools[].params.credential', () => {
+    const input = {
+      id: 'tools',
+      value: [
+        { type: 'gmail_send', params: { credential: TARGET, to: 'a@b.com' } },
+        { type: 'slack_message', params: { credential: OTHER, channel: '#x' } },
+      ],
+    }
+    const result = clearCredentialInValue(input, TARGET)
+    expect(result.changed).toBe(true)
+    const value = result.value as { value: Array<{ params: { credential: string } }> }
+    expect(value.value[0].params.credential).toBe('')
+    expect(value.value[1].params.credential).toBe(OTHER)
+  })
+
+  it('walks workflow_blocks-style keyed subBlocks structure', () => {
+    const input = {
+      credential: { id: 'credential', value: TARGET },
+      messages: { id: 'messages', value: 'hello' },
+      tools: {
+        id: 'tools',
+        value: [{ type: 'x', params: { credential: TARGET } }],
+      },
+    }
+    const result = clearCredentialInValue(input, TARGET)
+    expect(result.changed).toBe(true)
+    const value = result.value as typeof input
+    expect(value.credential.value).toBe('')
+    expect(value.messages.value).toBe('hello')
+    expect(value.tools.value[0].params.credential).toBe('')
+  })
+
+  it('walks deployment-style nested blocks structure', () => {
+    const input = {
+      blocks: {
+        block1: {
+          subBlocks: {
+            credential: { id: 'credential', value: TARGET },
+          },
+        },
+        block2: {
+          subBlocks: {
+            other: { id: 'other', value: 'unrelated' },
+          },
+        },
+      },
+    }
+    const result = clearCredentialInValue(input, TARGET)
+    expect(result.changed).toBe(true)
+    const value = result.value as typeof input
+    expect(value.blocks.block1.subBlocks.credential.value).toBe('')
+    expect(value.blocks.block2.subBlocks.other.value).toBe('unrelated')
+  })
+
+  it('returns same reference when no changes are made', () => {
+    const input = {
+      blocks: {
+        block1: {
+          subBlocks: { credential: { id: 'credential', value: OTHER } },
+        },
+      },
+    }
+    const result = clearCredentialInValue(input, TARGET)
+    expect(result.changed).toBe(false)
+    expect(result.value).toBe(input)
+  })
+
+  it('does not match outer "credential" key whose value is an object wrapper', () => {
+    const input = { credential: { id: 'credential', value: TARGET } }
+    const result = clearCredentialInValue(input, TARGET)
+    expect(result.changed).toBe(true)
+    const value = result.value as { credential: { id: string; value: string } }
+    expect(value.credential).toEqual({ id: 'credential', value: '' })
+  })
+
+  it('clears params.credential string directly even when not nested in tools', () => {
+    const input = { params: { credential: TARGET, channel: '#x' } }
+    const result = clearCredentialInValue(input, TARGET)
+    expect(result.changed).toBe(true)
+    expect((result.value as typeof input).params).toEqual({ credential: '', channel: '#x' })
+  })
+
+  it('does not match "credential" key when value is a different string', () => {
+    const input = { credential: 'cred_unrelated' }
+    const result = clearCredentialInValue(input, TARGET)
+    expect(result.changed).toBe(false)
+    expect(result.value).toBe(input)
+  })
+
+  it('handles primitives and null', () => {
+    expect(clearCredentialInValue(null, TARGET)).toEqual({ value: null, changed: false })
+    expect(clearCredentialInValue('string', TARGET)).toEqual({ value: 'string', changed: false })
+    expect(clearCredentialInValue(42, TARGET)).toEqual({ value: 42, changed: false })
+  })
+
+  it('clears multiple references in a single pass', () => {
+    const input = {
+      blocks: {
+        a: { subBlocks: { credential: { id: 'credential', value: TARGET } } },
+        b: { subBlocks: { triggerCredentials: { id: 'triggerCredentials', value: TARGET } } },
+        c: {
+          subBlocks: {
+            tools: {
+              id: 'tools',
+              value: [{ params: { credential: TARGET } }, { params: { credential: TARGET } }],
+            },
+          },
+        },
+      },
+    }
+    const result = clearCredentialInValue(input, TARGET)
+    expect(result.changed).toBe(true)
+    const value = result.value as typeof input
+    expect(value.blocks.a.subBlocks.credential.value).toBe('')
+    expect(value.blocks.b.subBlocks.triggerCredentials.value).toBe('')
+    expect(value.blocks.c.subBlocks.tools.value[0].params.credential).toBe('')
+    expect(value.blocks.c.subBlocks.tools.value[1].params.credential).toBe('')
+  })
+})
diff --git a/apps/sim/lib/credentials/deletion.ts b/apps/sim/lib/credentials/deletion.ts
new file mode 100644
index 00000000000..c8912a53765
--- /dev/null
+++ b/apps/sim/lib/credentials/deletion.ts
@@ -0,0 +1,282 @@
+import { AuditAction, AuditResourceType, recordAudit } from '@sim/audit'
+import { db } from '@sim/db'
+import * as schema from '@sim/db/schema'
+import { createLogger } from '@sim/logger'
+import { and, eq, sql } from 'drizzle-orm'
+import type { NextRequest } from 'next/server'
+import { CREDENTIAL_SUBBLOCK_IDS } from '@/lib/workflows/persistence/utils'
+
+const logger = createLogger('CredentialDeletion')
+
+export type CredentialDeleteReason =
+  | 'oauth_disconnect'
+  | 'user_delete'
+  | 'copilot_delete'
+  | 'env_prune'
+
+interface DeleteCredentialParams {
+  credentialId: string
+  actorId: string
+  actorName?: string | null
+  actorEmail?: string | null
+  reason: CredentialDeleteReason
+  request?: NextRequest
+}
+
+/**
+ * Clears all stored references to the credential, deletes the row, and
+ * records an audit entry. Idempotent when the row no longer exists.
+ */
+export async function deleteCredential(params: DeleteCredentialParams): Promise<void> {
+  const { credentialId, actorId, actorName, actorEmail, reason, request } = params
+
+  const [row] = await db
+    .select({
+      id: schema.credential.id,
+      workspaceId: schema.credential.workspaceId,
+      type: schema.credential.type,
+      displayName: schema.credential.displayName,
+      providerId: schema.credential.providerId,
+      accountId: schema.credential.accountId,
+    })
+    .from(schema.credential)
+    .where(eq(schema.credential.id, credentialId))
+    .limit(1)
+
+  if (!row) return
+
+  await clearCredentialRefs(credentialId, row.workspaceId)
+
+  await db.delete(schema.credential).where(eq(schema.credential.id, credentialId))
+
+  recordAudit({
+    workspaceId: row.workspaceId,
+    actorId,
+    actorName: actorName ?? undefined,
+    actorEmail: actorEmail ?? undefined,
+    action: AuditAction.CREDENTIAL_DELETED,
+    resourceType: AuditResourceType.CREDENTIAL,
+    resourceId: credentialId,
+    resourceName: row.displayName,
+    description: `Deleted ${row.type} credential "${row.displayName}" (${reason})`,
+    metadata: {
+      reason,
+      credentialType: row.type,
+      providerId: row.providerId,
+      accountId: row.accountId,
+    },
+    request,
+  })
+
+  logger.info('Deleted credential', { credentialId, workspaceId: row.workspaceId, reason })
+}
+
+/**
+ * Clears stored references to a credential across mutable workspace state
+ * (editor blocks, copilot checkpoints, knowledge connectors) and frozen
+ * snapshots (deployed versions, paused executions). Frozen snapshots have
+ * the reference replaced with an empty string so resumed/redeployed runs
+ * fail fast at the affected block instead of with "credential not found".
+ */
+export async function clearCredentialRefs(
+  credentialId: string,
+  workspaceId: string
+): Promise<void> {
+  const needle = `%${credentialId}%`
+
+  await Promise.all([
+    clearInWorkflowBlocks(credentialId, workspaceId, needle),
+    clearInDeploymentVersions(credentialId, workspaceId, needle),
+    clearInPausedExecutions(credentialId, workspaceId, needle),
+    clearInWorkflowCheckpoints(credentialId, workspaceId, needle),
+    clearInKnowledgeConnectors(credentialId),
+  ])
+}
+
+async function clearInWorkflowBlocks(
+  credentialId: string,
+  workspaceId: string,
+  needle: string
+): Promise<void> {
+  const rows = await db
+    .select({
+      id: schema.workflowBlocks.id,
+      subBlocks: schema.workflowBlocks.subBlocks,
+    })
+    .from(schema.workflowBlocks)
+    .innerJoin(schema.workflow, eq(schema.workflow.id, schema.workflowBlocks.workflowId))
+    .where(
+      and(
+        eq(schema.workflow.workspaceId, workspaceId),
+        sql`${schema.workflowBlocks.subBlocks}::text LIKE ${needle}`
+      )
+    )
+
+  let updated = 0
+  for (const row of rows) {
+    const next = clearCredentialInValue(row.subBlocks, credentialId)
+    if (next.changed) {
+      await db
+        .update(schema.workflowBlocks)
+        .set({ subBlocks: next.value, updatedAt: new Date() })
+        .where(eq(schema.workflowBlocks.id, row.id))
+      updated += 1
+    }
+  }
+  if (updated > 0) {
+    logger.info('Cleared credential refs in workflow_blocks', {
+      credentialId,
+      workspaceId,
+      updated,
+    })
+  }
+}
+
+async function clearInDeploymentVersions(
+  credentialId: string,
+  workspaceId: string,
+  needle: string
+): Promise<void> {
+  const rows = await db
+    .select({
+      id: schema.workflowDeploymentVersion.id,
+      state: schema.workflowDeploymentVersion.state,
+    })
+    .from(schema.workflowDeploymentVersion)
+    .innerJoin(schema.workflow, eq(schema.workflow.id, schema.workflowDeploymentVersion.workflowId))
+    .where(
+      and(
+        eq(schema.workflow.workspaceId, workspaceId),
+        sql`${schema.workflowDeploymentVersion.state}::text LIKE ${needle}`
+      )
+    )
+
+  for (const row of rows) {
+    const next = clearCredentialInValue(row.state, credentialId)
+    if (next.changed) {
+      await db
+        .update(schema.workflowDeploymentVersion)
+        .set({ state: next.value })
+        .where(eq(schema.workflowDeploymentVersion.id, row.id))
+    }
+  }
+}
+
+async function clearInPausedExecutions(
+  credentialId: string,
+  workspaceId: string,
+  needle: string
+): Promise<void> {
+  const rows = await db
+    .select({
+      id: schema.pausedExecutions.id,
+      executionSnapshot: schema.pausedExecutions.executionSnapshot,
+    })
+    .from(schema.pausedExecutions)
+    .innerJoin(schema.workflow, eq(schema.workflow.id, schema.pausedExecutions.workflowId))
+    .where(
+      and(
+        eq(schema.workflow.workspaceId, workspaceId),
+        sql`${schema.pausedExecutions.executionSnapshot}::text LIKE ${needle}`
+      )
+    )
+
+  for (const row of rows) {
+    const next = clearCredentialInValue(row.executionSnapshot, credentialId)
+    if (next.changed) {
+      await db
+        .update(schema.pausedExecutions)
+        .set({ executionSnapshot: next.value, updatedAt: new Date() })
+        .where(eq(schema.pausedExecutions.id, row.id))
+    }
+  }
+}
+
+async function clearInWorkflowCheckpoints(
+  credentialId: string,
+  workspaceId: string,
+  needle: string
+): Promise<void> {
+  const rows = await db
+    .select({
+      id: schema.workflowCheckpoints.id,
+      workflowState: schema.workflowCheckpoints.workflowState,
+    })
+    .from(schema.workflowCheckpoints)
+    .innerJoin(schema.workflow, eq(schema.workflow.id, schema.workflowCheckpoints.workflowId))
+    .where(
+      and(
+        eq(schema.workflow.workspaceId, workspaceId),
+        sql`${schema.workflowCheckpoints.workflowState}::text LIKE ${needle}`
+      )
+    )
+
+  for (const row of rows) {
+    const next = clearCredentialInValue(row.workflowState, credentialId)
+    if (next.changed) {
+      await db
+        .update(schema.workflowCheckpoints)
+        .set({ workflowState: next.value, updatedAt: new Date() })
+        .where(eq(schema.workflowCheckpoints.id, row.id))
+    }
+  }
+}
+
+async function clearInKnowledgeConnectors(credentialId: string): Promise<void> {
+  await db
+    .update(schema.knowledgeConnector)
+    .set({ credentialId: null, updatedAt: new Date() })
+    .where(eq(schema.knowledgeConnector.credentialId, credentialId))
+}
+
+interface ClearResult {
+  value: unknown
+  changed: boolean
+}
+
+/**
+ * Recursively walks a JSON value and clears credential references matching
+ * `credentialId`. Recognizes the two reference shapes used in workflow state:
+ * subBlock entries (`{id: 'credential'|'manualCredential'|'triggerCredentials', value}`)
+ * and tool params (`{credential: <id>, ...}` inside a tool's `params` object).
+ * Returns the original reference when nothing matched so callers can skip writes.
+ */
+export function clearCredentialInValue(input: unknown, credentialId: string): ClearResult {
+  if (Array.isArray(input)) {
+    let changed = false
+    const next = input.map((item) => {
+      const result = clearCredentialInValue(item, credentialId)
+      if (result.changed) changed = true
+      return result.value
+    })
+    return changed ? { value: next, changed: true } : { value: input, changed: false }
+  }
+
+  if (input !== null && typeof input === 'object') {
+    const obj = input as Record<string, unknown>
+    const id = typeof obj.id === 'string' ? obj.id : null
+    const isCredentialSubBlock = id !== null && CREDENTIAL_SUBBLOCK_IDS.has(id)
+    let changed = false
+    const next: Record<string, unknown> = {}
+
+    for (const [key, value] of Object.entries(obj)) {
+      if (isCredentialSubBlock && key === 'value' && value === credentialId) {
+        next[key] = ''
+        changed = true
+        continue
+      }
+      if (key === 'credential' && value === credentialId) {
+        next[key] = ''
+        changed = true
+        continue
+      }
+      const result = clearCredentialInValue(value, credentialId)
+      next[key] = result.value
+      if (result.changed) changed = true
+    }
+
+    return changed ? { value: next, changed: true } : { value: input, changed: false }
+  }
+
+  return { value: input, changed: false }
+}
diff --git a/apps/sim/lib/credentials/draft-hooks.ts b/apps/sim/lib/credentials/draft-hooks.ts
index cacff50418e..c5768c96aee 100644
--- a/apps/sim/lib/credentials/draft-hooks.ts
+++ b/apps/sim/lib/credentials/draft-hooks.ts
@@ -1,3 +1,4 @@
+import { AuditAction, AuditResourceType, recordAudit } from '@sim/audit'
 import { db } from '@sim/db'
 import * as schema from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
@@ -51,6 +52,17 @@ export async function handleCreateCredentialFromDraft(params: {
       providerId,
       accountId,
     })
+
+    recordAudit({
+      workspaceId: draft.workspaceId,
+      actorId: userId,
+      action: AuditAction.CREDENTIAL_CREATED,
+      resourceType: AuditResourceType.CREDENTIAL,
+      resourceId: credentialId,
+      resourceName: draft.displayName,
+      description: `Created OAuth credential "${draft.displayName}"`,
+      metadata: { providerId, accountId },
+    })
   } catch (insertError: unknown) {
     const code =
       insertError && typeof insertError === 'object' && 'code' in insertError
@@ -74,9 +86,10 @@ export async function handleReconnectCredential(params: {
   draft: { credentialId: string | null; workspaceId: string; displayName: string }
   newAccountId: string
   workspaceId: string
+  userId: string
   now: Date
 }) {
-  const { draft, newAccountId, workspaceId, now } = params
+  const { draft, newAccountId, workspaceId, userId, now } = params
   if (!draft.credentialId) return
 
   const [existingCredential] = await db
@@ -134,6 +147,17 @@ export async function handleReconnectCredential(params: {
     newAccountId,
   })
 
+  recordAudit({
+    workspaceId,
+    actorId: userId,
+    action: AuditAction.CREDENTIAL_RECONNECTED,
+    resourceType: AuditResourceType.CREDENTIAL,
+    resourceId: draft.credentialId,
+    resourceName: draft.displayName,
+    description: `Reconnected OAuth credential "${draft.displayName}" to a new account`,
+    metadata: { oldAccountId, newAccountId },
+  })
+
   if (oldAccountId) {
     const [stillReferenced] = await db
       .select({ id: schema.credential.id })
diff --git a/apps/sim/lib/credentials/draft-processor.ts b/apps/sim/lib/credentials/draft-processor.ts
index 76cedc66179..b7b9f5cd931 100644
--- a/apps/sim/lib/credentials/draft-processor.ts
+++ b/apps/sim/lib/credentials/draft-processor.ts
@@ -44,6 +44,7 @@ export async function processCredentialDraft(params: ProcessCredentialDraftParam
       draft,
       newAccountId: accountId,
       workspaceId: draft.workspaceId,
+      userId,
       now,
     })
   } else {
diff --git a/apps/sim/lib/execution/sandbox/brokers/workspace-file.ts b/apps/sim/lib/execution/sandbox/brokers/workspace-file.ts
index c2fc4bd86e4..38ea0695863 100644
--- a/apps/sim/lib/execution/sandbox/brokers/workspace-file.ts
+++ b/apps/sim/lib/execution/sandbox/brokers/workspace-file.ts
@@ -1,7 +1,7 @@
 import { createLogger } from '@sim/logger'
 import type { SandboxBroker } from '@/lib/execution/sandbox/types'
 import {
-  downloadWorkspaceFile,
+  fetchWorkspaceFileBuffer,
   getWorkspaceFile,
 } from '@/lib/uploads/contexts/workspace/workspace-file-manager'
 
@@ -40,7 +40,7 @@ export const workspaceFileBroker: SandboxBroker<WorkspaceFileArgs, WorkspaceFile
       throw new Error(`File not found: ${args.fileId}`)
     }
 
-    const buffer = await downloadWorkspaceFile(record)
+    const buffer = await fetchWorkspaceFileBuffer(record)
     const mime = record.type || 'image/png'
     return { dataUri: `data:${mime};base64,${buffer.toString('base64')}` }
   },
diff --git a/apps/sim/lib/knowledge/documents/document-processor.ts b/apps/sim/lib/knowledge/documents/document-processor.ts
index 6f3a7d9e7b6..4c0ac6377fd 100644
--- a/apps/sim/lib/knowledge/documents/document-processor.ts
+++ b/apps/sim/lib/knowledge/documents/document-processor.ts
@@ -13,7 +13,7 @@ import {
   TokenChunker,
 } from '@/lib/chunkers'
 import type { ChunkingStrategy, StrategyOptions } from '@/lib/chunkers/types'
-import { env } from '@/lib/core/config/env'
+import { env, envNumber } from '@/lib/core/config/env'
 import { parseBuffer, parseFile } from '@/lib/file-parsers'
 import type { FileParseMetadata } from '@/lib/file-parsers/types'
 import { resolveParserExtension } from '@/lib/knowledge/documents/parser-extension'
@@ -30,7 +30,7 @@ const TIMEOUTS = {
   MISTRAL_OCR_API: 120000,
 } as const
 
-const MAX_CONCURRENT_CHUNKS = env.KB_CONFIG_CHUNK_CONCURRENCY
+const MAX_CONCURRENT_CHUNKS = envNumber(env.KB_CONFIG_CHUNK_CONCURRENCY, 10)
 
 type OCRResult = {
   success: boolean
diff --git a/apps/sim/lib/knowledge/documents/service.ts b/apps/sim/lib/knowledge/documents/service.ts
index e27a19de25e..2f108797d19 100644
--- a/apps/sim/lib/knowledge/documents/service.ts
+++ b/apps/sim/lib/knowledge/documents/service.ts
@@ -30,7 +30,7 @@ import {
 import { recordUsage } from '@/lib/billing/core/usage-log'
 import { checkAndBillOverageThreshold } from '@/lib/billing/threshold-billing'
 import type { ChunkingStrategy, StrategyOptions } from '@/lib/chunkers/types'
-import { env } from '@/lib/core/config/env'
+import { env, envNumber } from '@/lib/core/config/env'
 import { getCostMultiplier, isTriggerDevEnabled } from '@/lib/core/config/feature-flags'
 import { processDocument } from '@/lib/knowledge/documents/document-processor'
 import type { DocumentSortField, SortOrder } from '@/lib/knowledge/documents/types'
@@ -54,12 +54,12 @@ import { calculateCost } from '@/providers/utils'
 const logger = createLogger('DocumentService')
 
 const TIMEOUTS = {
-  OVERALL_PROCESSING: (env.KB_CONFIG_MAX_DURATION || 600) * 1000,
+  OVERALL_PROCESSING: envNumber(env.KB_CONFIG_MAX_DURATION, 600) * 1000,
 } as const
 
 const LARGE_DOC_CONFIG = {
   MAX_CHUNKS_PER_BATCH: 500,
-  MAX_EMBEDDING_BATCH: env.KB_CONFIG_BATCH_SIZE || 2000,
+  MAX_EMBEDDING_BATCH: envNumber(env.KB_CONFIG_BATCH_SIZE, 2000),
   MAX_FILE_SIZE: 100 * 1024 * 1024,
   MAX_CHUNKS_PER_DOCUMENT: 100000,
 }
@@ -78,10 +78,11 @@ function withTimeout<T>(
 }
 
 const PROCESSING_CONFIG = {
-  maxConcurrentDocuments: Math.max(1, Math.floor((env.KB_CONFIG_CONCURRENCY_LIMIT || 20) / 5)) || 4,
-  batchSize: Math.max(1, Math.floor((env.KB_CONFIG_BATCH_SIZE || 20) / 2)) || 10,
-  delayBetweenBatches: (env.KB_CONFIG_DELAY_BETWEEN_BATCHES || 100) * 2,
-  delayBetweenDocuments: (env.KB_CONFIG_DELAY_BETWEEN_DOCUMENTS || 50) * 2,
+  maxConcurrentDocuments:
+    Math.max(1, Math.floor(envNumber(env.KB_CONFIG_CONCURRENCY_LIMIT, 20) / 5)) || 4,
+  batchSize: Math.max(1, Math.floor(envNumber(env.KB_CONFIG_BATCH_SIZE, 20) / 2)) || 10,
+  delayBetweenBatches: envNumber(env.KB_CONFIG_DELAY_BETWEEN_BATCHES, 100) * 2,
+  delayBetweenDocuments: envNumber(env.KB_CONFIG_DELAY_BETWEEN_DOCUMENTS, 50) * 2,
 }
 
 export function getProcessingConfig() {
diff --git a/apps/sim/lib/knowledge/embeddings.ts b/apps/sim/lib/knowledge/embeddings.ts
index 1791cc08499..8b0d62da1e9 100644
--- a/apps/sim/lib/knowledge/embeddings.ts
+++ b/apps/sim/lib/knowledge/embeddings.ts
@@ -1,7 +1,7 @@
 import { createLogger } from '@sim/logger'
 import { getBYOKKey } from '@/lib/api-key/byok'
 import { getRotatingApiKey } from '@/lib/core/config/api-keys'
-import { env } from '@/lib/core/config/env'
+import { env, envNumber } from '@/lib/core/config/env'
 import { isRetryableError, retryWithExponentialBackoff } from '@/lib/knowledge/documents/utils'
 import {
   DEFAULT_EMBEDDING_MODEL,
@@ -15,7 +15,7 @@ import { batchByTokenLimit, estimateTokenCount } from '@/lib/tokenization'
 const logger = createLogger('EmbeddingUtils')
 
 const MAX_TOKENS_PER_REQUEST = 8000
-const MAX_CONCURRENT_BATCHES = env.KB_CONFIG_CONCURRENCY_LIMIT || 50
+const MAX_CONCURRENT_BATCHES = envNumber(env.KB_CONFIG_CONCURRENCY_LIMIT, 50)
 const EMBEDDING_REQUEST_TIMEOUT_MS = 60_000
 
 export type { EmbeddingModelInfo } from '@/lib/knowledge/embedding-models'
diff --git a/apps/sim/lib/table/billing.ts b/apps/sim/lib/table/billing.ts
index a517d094c58..dbe0bde215a 100644
--- a/apps/sim/lib/table/billing.ts
+++ b/apps/sim/lib/table/billing.ts
@@ -8,7 +8,7 @@ import { createLogger } from '@sim/logger'
 import { getHighestPrioritySubscription } from '@/lib/billing/core/subscription'
 import { getPlanTypeForLimits } from '@/lib/billing/plan-helpers'
 import { getWorkspaceBilledAccountUserId } from '@/lib/workspaces/utils'
-import { type PlanName, TABLE_PLAN_LIMITS, type TablePlanLimits } from './constants'
+import { getTablePlanLimits, type PlanName, type TablePlanLimits } from './constants'
 
 const logger = createLogger('TableBilling')
 
@@ -22,18 +22,20 @@ const logger = createLogger('TableBilling')
  * @returns Table limits based on the workspace's billing plan
  */
 export async function getWorkspaceTableLimits(workspaceId: string): Promise<TablePlanLimits> {
+  const planLimits = getTablePlanLimits()
+
   try {
     const billedAccountUserId = await getWorkspaceBilledAccountUserId(workspaceId)
 
     if (!billedAccountUserId) {
       logger.warn('No billed account found for workspace, using free tier limits', { workspaceId })
-      return TABLE_PLAN_LIMITS.free
+      return planLimits.free
     }
 
     const subscription = await getHighestPrioritySubscription(billedAccountUserId)
     const planName = getPlanTypeForLimits(subscription?.plan) as PlanName
 
-    const limits = TABLE_PLAN_LIMITS[planName] ?? TABLE_PLAN_LIMITS.free
+    const limits = planLimits[planName] ?? planLimits.free
 
     logger.info('Retrieved workspace table limits', {
       workspaceId,
@@ -48,7 +50,7 @@ export async function getWorkspaceTableLimits(workspaceId: string): Promise<Tabl
       workspaceId,
       error,
     })
-    return TABLE_PLAN_LIMITS.free
+    return planLimits.free
   }
 }
 
diff --git a/apps/sim/lib/table/cell-write.ts b/apps/sim/lib/table/cell-write.ts
new file mode 100644
index 00000000000..73f4fda251c
--- /dev/null
+++ b/apps/sim/lib/table/cell-write.ts
@@ -0,0 +1,134 @@
+/**
+ * Shared cell-write primitives for workflow-group execution paths.
+ *
+ * Both the scheduler (`runWorkflowGroupCell`) and the cell task body
+ * (`executeWorkflowGroupCellJob`) need to write `data` patches + `executions`
+ * patches together while honoring the `cancelled` state written by
+ * `cancelWorkflowGroupRuns` — without the guard, a stop click that lands
+ * mid-enqueue or mid-run would get clobbered by the in-flight code path's
+ * next write.
+ */
+
+import { createLogger } from '@sim/logger'
+import type { RowData, RowExecutionMetadata, RowExecutions, WorkflowGroup } from '@/lib/table/types'
+
+const logger = createLogger('WorkflowCellWrite')
+
+export interface WriteWorkflowGroupContext {
+  tableId: string
+  rowId: string
+  workspaceId: string
+  groupId: string
+  executionId: string
+  /** Used as the `requestId` passed to `updateRow` for log correlation. */
+  requestId?: string
+}
+
+export interface WriteWorkflowGroupStatePayload {
+  /** Plain primitives to merge into `row.data`. Empty patch is fine. */
+  dataPatch?: RowData
+  /** New execution state for `executions[groupId]`. */
+  executionState: RowExecutionMetadata
+}
+
+/**
+ * Writes the row unless `cancelWorkflowGroupRuns` has already authoritatively
+ * written `cancelled` for this run. Returns `'skipped'` so the caller can
+ * short-circuit any follow-up writes / job dispatch.
+ */
+export async function writeWorkflowGroupState(
+  ctx: WriteWorkflowGroupContext,
+  payload: WriteWorkflowGroupStatePayload
+): Promise<'wrote' | 'skipped'> {
+  const { tableId, rowId, workspaceId, groupId, executionId } = ctx
+  const requestId = ctx.requestId ?? `wfgrp-${executionId}`
+  const { getTableById, getRowById, updateRow } = await import('@/lib/table/service')
+
+  const table = await getTableById(tableId)
+  if (!table) {
+    logger.warn(`Table ${tableId} vanished before group state write`)
+    return 'wrote'
+  }
+  const row = await getRowById(tableId, rowId, workspaceId)
+  if (!row) {
+    logger.warn(`Row ${rowId} vanished before group state write`)
+    return 'wrote'
+  }
+  const current = row.executions?.[groupId] as RowExecutionMetadata | undefined
+  if (
+    current?.status === 'cancelled' &&
+    current.executionId === executionId &&
+    payload.executionState.status !== 'cancelled'
+  ) {
+    logger.info(
+      `Skipping group write — cancelled (table=${tableId} row=${rowId} group=${groupId} executionId=${executionId})`
+    )
+    return 'skipped'
+  }
+  // Skip writing `cancelled` state with the guard — that's an authoritative
+  // write from `cancelWorkflowGroupRuns` and must always land. Cell-task
+  // writes (running/completed/error) get the SQL guard so an in-flight
+  // partial can't clobber a stop click that already committed.
+  const cancellationGuard =
+    payload.executionState.status === 'cancelled' ? undefined : { groupId, executionId }
+  const result = await updateRow(
+    {
+      tableId,
+      rowId,
+      data: payload.dataPatch ?? {},
+      workspaceId,
+      executionsPatch: { [groupId]: payload.executionState },
+      cancellationGuard,
+    },
+    table,
+    requestId
+  )
+  if (result === null) {
+    logger.info(
+      `Skipping group write — SQL guard saw cancelled (table=${tableId} row=${rowId} group=${groupId} executionId=${executionId})`
+    )
+    return 'skipped'
+  }
+  return 'wrote'
+}
+
+/** Builds the canonical `cancelled` execution state used by every cancel path.
+ *  Preserves `blockErrors` from the prior state so errored cells keep
+ *  rendering Error after a stop click — only cells that hadn't yet produced
+ *  a value or an error should flip to "Cancelled". */
+export function buildCancelledExecution(
+  prev: Pick<RowExecutionMetadata, 'executionId' | 'workflowId' | 'blockErrors'>
+): RowExecutionMetadata {
+  return {
+    status: 'cancelled',
+    executionId: prev.executionId ?? null,
+    jobId: null,
+    workflowId: prev.workflowId,
+    error: 'Cancelled',
+    ...(prev.blockErrors ? { blockErrors: prev.blockErrors } : {}),
+  }
+}
+
+/**
+ * Maps a group's `outputs[]` to a `blockId → Array<{path, columnName}>` map.
+ * The cell task uses this to fan a single block-complete event into N column
+ * writes.
+ */
+export function buildOutputsByBlockId(
+  group: WorkflowGroup
+): Map<string, Array<{ path: string; columnName: string }>> {
+  const map = new Map<string, Array<{ path: string; columnName: string }>>()
+  for (const out of group.outputs) {
+    const list = map.get(out.blockId) ?? []
+    list.push({ path: out.path, columnName: out.columnName })
+    map.set(out.blockId, list)
+  }
+  return map
+}
+
+/** Type-narrowing helper used by readers that can't assume `executions` is set. */
+export function readExecutions(
+  row: { executions?: RowExecutions } | null | undefined
+): RowExecutions {
+  return row?.executions ?? {}
+}
diff --git a/apps/sim/lib/table/column-naming.ts b/apps/sim/lib/table/column-naming.ts
new file mode 100644
index 00000000000..9d993c346a1
--- /dev/null
+++ b/apps/sim/lib/table/column-naming.ts
@@ -0,0 +1,56 @@
+/**
+ * Shared column-naming helpers used by every path that auto-derives a
+ * column name + type from a workflow block output: the table column-sidebar
+ * UI, and the Copilot/Mothership `add_workflow_group` op. Keeping one
+ * implementation means the AI's auto-named columns match what a user would
+ * get from the sidebar.
+ */
+
+import type { ColumnDefinition } from './types'
+
+/**
+ * Slugifies a string into a `NAME_PATTERN`-safe column name. Lowercase,
+ * non-alphanum runs collapse to `_`, leading digits get a `c_` prefix, empty
+ * results fall back to `output`.
+ */
+export function slugifyColumnName(value: string): string {
+  let slug = value
+    .toLowerCase()
+    .replace(/[^a-z0-9_]+/g, '_')
+    .replace(/^_+|_+$/g, '')
+  if (!slug) slug = 'output'
+  if (/^[0-9]/.test(slug)) slug = `c_${slug}`
+  return slug
+}
+
+/**
+ * Pick a non-colliding column name for a block-output `path`. Uses the bare
+ * path slug; on collision, appends `_0`, `_1`, …
+ */
+export function deriveOutputColumnName(path: string, taken: Set<string>): string {
+  const base = slugifyColumnName(path)
+  if (!taken.has(base)) return base
+  for (let i = 0; i < 1000; i++) {
+    const candidate = `${base}_${i}`
+    if (!taken.has(candidate)) return candidate
+  }
+  return `${base}_${Date.now()}`
+}
+
+/**
+ * Map a block-output leaf type onto a table column type. Block schemas use
+ * a superset (`array`, `object`, etc.); anything outside the column-type
+ * union falls back to `json`, the most permissive shape that still validates.
+ */
+export function columnTypeForLeaf(leafType: string | undefined): ColumnDefinition['type'] {
+  switch (leafType) {
+    case 'string':
+    case 'number':
+    case 'boolean':
+    case 'date':
+    case 'json':
+      return leafType
+    default:
+      return 'json'
+  }
+}
diff --git a/apps/sim/lib/table/constants.ts b/apps/sim/lib/table/constants.ts
index 743da2950ac..fd165163f20 100644
--- a/apps/sim/lib/table/constants.ts
+++ b/apps/sim/lib/table/constants.ts
@@ -2,6 +2,8 @@
  * Limits and constants for user-defined tables.
  */
 
+import { env, envNumber } from '@/lib/core/config/env'
+
 export const TABLE_LIMITS = {
   MAX_TABLES_PER_WORKSPACE: 100,
   MAX_ROWS_PER_TABLE: 10000,
@@ -24,9 +26,11 @@ export const TABLE_LIMITS = {
 } as const
 
 /**
- * Plan-based table limits.
+ * Default plan-based table limits. Each value can be overridden via env vars
+ * (see `getTablePlanLimits`) so self-hosted deployments can raise the free-tier
+ * caps that apply when billing is disabled.
  */
-export const TABLE_PLAN_LIMITS = {
+export const DEFAULT_TABLE_PLAN_LIMITS = {
   free: {
     maxTables: 3,
     maxRowsPerTable: 1000,
@@ -45,13 +49,56 @@ export const TABLE_PLAN_LIMITS = {
   },
 } as const
 
-export type PlanName = keyof typeof TABLE_PLAN_LIMITS
+export type PlanName = keyof typeof DEFAULT_TABLE_PLAN_LIMITS
 
 export interface TablePlanLimits {
   maxTables: number
   maxRowsPerTable: number
 }
 
+export type TablePlanLimitsByPlan = Record<PlanName, TablePlanLimits>
+
+/**
+ * Returns plan-based table limits, applying env var overrides on top of the
+ * defaults. When no override is set the value falls back to the hosted-default
+ * constant so behavior is unchanged for the hosted product.
+ */
+export function getTablePlanLimits(): TablePlanLimitsByPlan {
+  return {
+    free: {
+      maxTables: envNumber(env.FREE_TABLES_LIMIT, DEFAULT_TABLE_PLAN_LIMITS.free.maxTables),
+      maxRowsPerTable: envNumber(
+        env.FREE_TABLE_ROWS_LIMIT,
+        DEFAULT_TABLE_PLAN_LIMITS.free.maxRowsPerTable
+      ),
+    },
+    pro: {
+      maxTables: envNumber(env.PRO_TABLES_LIMIT, DEFAULT_TABLE_PLAN_LIMITS.pro.maxTables),
+      maxRowsPerTable: envNumber(
+        env.PRO_TABLE_ROWS_LIMIT,
+        DEFAULT_TABLE_PLAN_LIMITS.pro.maxRowsPerTable
+      ),
+    },
+    team: {
+      maxTables: envNumber(env.TEAM_TABLES_LIMIT, DEFAULT_TABLE_PLAN_LIMITS.team.maxTables),
+      maxRowsPerTable: envNumber(
+        env.TEAM_TABLE_ROWS_LIMIT,
+        DEFAULT_TABLE_PLAN_LIMITS.team.maxRowsPerTable
+      ),
+    },
+    enterprise: {
+      maxTables: envNumber(
+        env.ENTERPRISE_TABLES_LIMIT,
+        DEFAULT_TABLE_PLAN_LIMITS.enterprise.maxTables
+      ),
+      maxRowsPerTable: envNumber(
+        env.ENTERPRISE_TABLE_ROWS_LIMIT,
+        DEFAULT_TABLE_PLAN_LIMITS.enterprise.maxRowsPerTable
+      ),
+    },
+  }
+}
+
 export const COLUMN_TYPES = ['string', 'number', 'boolean', 'date', 'json'] as const
 
 export const NAME_PATTERN = /^[a-z_][a-z0-9_]*$/i
diff --git a/apps/sim/lib/table/pluck.ts b/apps/sim/lib/table/pluck.ts
new file mode 100644
index 00000000000..a3cd7413ad2
--- /dev/null
+++ b/apps/sim/lib/table/pluck.ts
@@ -0,0 +1,26 @@
+/**
+ * Pure utility for plucking a dot-and-bracket path from a value.
+ *
+ * Lives in its own leaf file (no server-only imports) so client components
+ * can import it without dragging in the rest of `lib/table` (which transitively
+ * pulls `@sim/db` and `next/headers`).
+ */
+
+/**
+ * Walk a dot-and-bracket path into a value (e.g. `a.b[0].c` or `result.items.0`).
+ * Returns undefined for any missing segment.
+ */
+export function pluckByPath(source: unknown, path: string): unknown {
+  if (source === null || source === undefined || !path) return source
+  const segments = path
+    .replace(/\[(\w+)\]/g, '.$1')
+    .split('.')
+    .filter(Boolean)
+  let cursor: unknown = source
+  for (const seg of segments) {
+    if (cursor === null || cursor === undefined) return undefined
+    if (typeof cursor !== 'object') return undefined
+    cursor = (cursor as Record<string, unknown>)[seg]
+  }
+  return cursor
+}
diff --git a/apps/sim/lib/table/service.ts b/apps/sim/lib/table/service.ts
index 373b86cd097..2d8b0a7c96e 100644
--- a/apps/sim/lib/table/service.ts
+++ b/apps/sim/lib/table/service.ts
@@ -8,15 +8,19 @@
  */
 
 import { db } from '@sim/db'
-import { userTableDefinitions, userTableRows } from '@sim/db/schema'
+import { userTableDefinitions, userTableRows, workflowExecutionLogs } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
 import { getPostgresErrorCode } from '@sim/utils/errors'
 import { generateId } from '@sim/utils/id'
 import { and, count, eq, gt, gte, inArray, isNull, sql } from 'drizzle-orm'
+import { env } from '@/lib/core/config/env'
 import { generateRestoreName } from '@/lib/core/utils/restore-name'
+import { getSocketServerUrl } from '@/lib/core/utils/urls'
 import { COLUMN_TYPES, NAME_PATTERN, TABLE_LIMITS, USER_TABLE_ROWS_SQL_NAME } from './constants'
 import { buildFilterClause, buildSortClause } from './sql'
+import { fireTableTrigger } from './trigger'
 import type {
+  AddWorkflowGroupData,
   BatchInsertData,
   BatchUpdateByIdData,
   BulkDeleteByIdsData,
@@ -24,8 +28,10 @@ import type {
   BulkDeleteData,
   BulkOperationResult,
   BulkUpdateData,
+  ColumnDefinition,
   CreateTableData,
   DeleteColumnData,
+  DeleteWorkflowGroupData,
   InsertRowData,
   QueryOptions,
   QueryResult,
@@ -33,6 +39,8 @@ import type {
   ReplaceRowsData,
   ReplaceRowsResult,
   RowData,
+  RowExecutionMetadata,
+  RowExecutions,
   TableDefinition,
   TableMetadata,
   TableRow,
@@ -40,8 +48,11 @@ import type {
   UpdateColumnConstraintsData,
   UpdateColumnTypeData,
   UpdateRowData,
+  UpdateWorkflowGroupData,
   UpsertResult,
   UpsertRowData,
+  WorkflowGroup,
+  WorkflowGroupOutput,
 } from './types'
 import {
   checkBatchUniqueConstraintsDb,
@@ -52,9 +63,63 @@ import {
   validateTableName,
   validateTableSchema,
 } from './validation'
+import { assertValidSchema, scheduleWorkflowGroupRuns } from './workflow-columns'
 
 const logger = createLogger('TableService')
 
+/**
+ * Fire-and-forget bridge to the realtime socket server. Mirrors the
+ * `notifyWorkflowArchived` pattern in `lib/workflows/lifecycle.ts:35`.
+ * Failures are logged but never thrown — sockets are best-effort, polling
+ * is the fallback. Each helper sends a single row delta so the realtime
+ * server can broadcast to subscribed clients in the table room.
+ */
+function notifyTableRowUpdated(tableId: string, row: TableRow): void {
+  void fetch(`${getSocketServerUrl()}/api/table-row-updated`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'x-api-key': env.INTERNAL_API_SECRET,
+    },
+    body: JSON.stringify({
+      tableId,
+      rowId: row.id,
+      data: row.data,
+      executions: row.executions,
+      position: row.position,
+      updatedAt: row.updatedAt instanceof Date ? row.updatedAt.toISOString() : row.updatedAt,
+    }),
+  }).catch((err) => {
+    logger.warn(`table-row-updated bridge failed for ${tableId}/${row.id}:`, err)
+  })
+}
+
+function notifyTableRowDeleted(tableId: string, rowId: string): void {
+  void fetch(`${getSocketServerUrl()}/api/table-row-deleted`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'x-api-key': env.INTERNAL_API_SECRET,
+    },
+    body: JSON.stringify({ tableId, rowId }),
+  }).catch((err) => {
+    logger.warn(`table-row-deleted bridge failed for ${tableId}/${rowId}:`, err)
+  })
+}
+
+function notifyTableDeleted(tableId: string): void {
+  void fetch(`${getSocketServerUrl()}/api/table-deleted`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'x-api-key': env.INTERNAL_API_SECRET,
+    },
+    body: JSON.stringify({ tableId }),
+  }).catch((err) => {
+    logger.warn(`table-deleted bridge failed for ${tableId}:`, err)
+  })
+}
+
 export class TableConflictError extends Error {
   readonly code = 'TABLE_EXISTS' as const
   constructor(name: string) {
@@ -400,7 +465,13 @@ export async function createTable(
  */
 export async function addTableColumn(
   tableId: string,
-  column: { name: string; type: string; required?: boolean; unique?: boolean; position?: number },
+  column: {
+    name: string
+    type: string
+    required?: boolean
+    unique?: boolean
+    position?: number
+  },
   requestId: string
 ): Promise<TableDefinition> {
   const table = await getTableById(tableId)
@@ -437,7 +508,7 @@ export async function addTableColumn(
     )
   }
 
-  const newColumn = {
+  const newColumn: TableSchema['columns'][number] = {
     name: column.name,
     type: column.type as TableSchema['columns'][number]['type'],
     required: column.required ?? false,
@@ -451,7 +522,8 @@ export async function addTableColumn(
     columns.push(newColumn)
   }
 
-  const updatedSchema: TableSchema = { columns }
+  const updatedSchema: TableSchema = { ...schema, columns }
+  assertValidSchema(updatedSchema, table.metadata?.columnOrder)
 
   const now = new Date()
 
@@ -586,11 +658,11 @@ export async function renameTable(
 }
 
 /**
- * Updates a table's UI metadata (e.g. column widths).
- * Does not update `updatedAt` since metadata is UI-only state.
+ * Updates a table's metadata (UI state like column widths/order, plus behavioral
+ * settings like `workflowColumnBatchSize`). Merges into the existing metadata blob.
  *
  * @param tableId - Table ID to update
- * @param metadata - New metadata object (merged with existing)
+ * @param metadata - Partial metadata object (merged with existing)
  * @param existingMetadata - Existing metadata from a prior fetch (avoids redundant DB read)
  * @returns Updated metadata
  */
@@ -622,6 +694,78 @@ export async function deleteTable(tableId: string, requestId: string): Promise<v
     .where(eq(userTableDefinitions.id, tableId))
 
   logger.info(`[${requestId}] Archived table ${tableId}`)
+  notifyTableDeleted(tableId)
+}
+
+/**
+ * Drops references to deleted blocks from every workflow group on every table
+ * that targets the just-deployed workflow. Called from the workflow deploy
+ * orchestrator after the new deployment commits, so the table UI never holds
+ * stale `{blockId, path}` entries for blocks the user removed.
+ *
+ * - Filters `outputs[]` per group. If every output would be filtered out, the
+ *   group is left untouched and a warning is logged — the user must
+ *   reconfigure it manually.
+ * - Scoped to the workflow's workspace.
+ * - Idempotent: running twice with the same `validBlockIds` is a no-op on the
+ *   second pass. Existing row data is left alone.
+ */
+export async function pruneStaleWorkflowGroupOutputs({
+  workflowId,
+  workspaceId,
+  validBlockIds,
+  requestId,
+}: {
+  workflowId: string
+  workspaceId: string
+  validBlockIds: Set<string>
+  requestId: string
+}): Promise<void> {
+  const tables = await db
+    .select({
+      id: userTableDefinitions.id,
+      schema: userTableDefinitions.schema,
+    })
+    .from(userTableDefinitions)
+    .where(
+      and(
+        eq(userTableDefinitions.workspaceId, workspaceId),
+        isNull(userTableDefinitions.archivedAt)
+      )
+    )
+
+  for (const t of tables) {
+    const schema = t.schema as TableSchema
+    const groups = schema.workflowGroups ?? []
+    if (groups.length === 0) continue
+
+    let mutated = false
+    const nextGroups = groups.map((group) => {
+      if (group.workflowId !== workflowId) return group
+      const filtered = group.outputs.filter((o) => validBlockIds.has(o.blockId))
+      if (filtered.length === group.outputs.length) return group
+      if (filtered.length === 0) {
+        logger.warn(
+          `[${requestId}] All outputs for workflow group "${group.name ?? group.id}" in table ${t.id} reference deleted blocks; leaving group intact for user reconfiguration.`
+        )
+        return group
+      }
+      mutated = true
+      return { ...group, outputs: filtered }
+    })
+
+    if (!mutated) continue
+
+    await db
+      .update(userTableDefinitions)
+      .set({
+        schema: { ...schema, workflowGroups: nextGroups },
+        updatedAt: new Date(),
+      })
+      .where(eq(userTableDefinitions.id, t.id))
+
+    logger.info(`[${requestId}] Pruned stale workflow=${workflowId} block refs from table ${t.id}`)
+  }
 }
 
 /**
@@ -791,13 +935,28 @@ export async function insertRow(
 
   logger.info(`[${requestId}] Inserted row ${rowId} into table ${data.tableId}`)
 
-  return {
+  const insertedRow: TableRow = {
     id: row.id,
     data: row.data as RowData,
+    executions: (row.executions as RowExecutions) ?? {},
     position: row.position,
     createdAt: row.createdAt,
     updatedAt: row.updatedAt,
   }
+
+  void fireTableTrigger(
+    data.tableId,
+    table.name,
+    'insert',
+    [insertedRow],
+    null,
+    table.schema,
+    requestId
+  )
+  notifyTableRowUpdated(data.tableId, insertedRow)
+  void scheduleWorkflowGroupRuns(table, [insertedRow])
+
+  return insertedRow
 }
 
 /**
@@ -903,13 +1062,20 @@ export async function batchInsertRowsWithTx(
 
   logger.info(`[${requestId}] Batch inserted ${data.rows.length} rows into table ${data.tableId}`)
 
-  return insertedRows.map((r) => ({
+  const result: TableRow[] = insertedRows.map((r) => ({
     id: r.id,
     data: r.data as RowData,
+    executions: (r.executions as RowExecutions) ?? {},
     position: r.position,
     createdAt: r.createdAt,
     updatedAt: r.updatedAt,
   }))
+
+  void fireTableTrigger(data.tableId, table.name, 'insert', result, null, table.schema, requestId)
+  for (const row of result) notifyTableRowUpdated(data.tableId, row)
+  void scheduleWorkflowGroupRuns(table, result)
+
+  return result
 }
 
 /**
@@ -1155,14 +1321,14 @@ export async function upsertRow(
 
     // Resolve which row (if any) we should update. If the initial SELECT missed,
     // acquire the lock and re-check — a concurrent upsert may have inserted the
-    // matching row between our SELECT and the INSERT path, and without the
-    // re-check both transactions would insert and produce a duplicate that
-    // bypasses the app-level unique check.
+    // matching row between our SELECT and the INSERT path; without the re-check
+    // both transactions would insert and bypass the app-level unique check.
     let matchedRowId = existingRow?.id
+    let previousData = existingRow?.data as RowData | undefined
     if (!matchedRowId) {
       await acquireTablePositionLock(trx, data.tableId)
       const [racedRow] = await trx
-        .select({ id: userTableRows.id })
+        .select({ id: userTableRows.id, data: userTableRows.data })
         .from(userTableRows)
         .where(
           and(
@@ -1172,7 +1338,10 @@ export async function upsertRow(
           )
         )
         .limit(1)
-      matchedRowId = racedRow?.id
+      if (racedRow) {
+        matchedRowId = racedRow.id
+        previousData = racedRow.data as RowData
+      }
     }
 
     if (matchedRowId) {
@@ -1186,10 +1355,12 @@ export async function upsertRow(
         row: {
           id: updatedRow.id,
           data: updatedRow.data as RowData,
+          executions: (updatedRow.executions as RowExecutions) ?? {},
           position: updatedRow.position,
           createdAt: updatedRow.createdAt,
           updatedAt: updatedRow.updatedAt,
         },
+        previousData,
         operation: 'update' as const,
       }
     }
@@ -1212,6 +1383,7 @@ export async function upsertRow(
       row: {
         id: insertedRow.id,
         data: insertedRow.data as RowData,
+        executions: (insertedRow.executions as RowExecutions) ?? {},
         position: insertedRow.position,
         createdAt: insertedRow.createdAt,
         updatedAt: insertedRow.updatedAt,
@@ -1224,6 +1396,31 @@ export async function upsertRow(
     `[${requestId}] Upserted (${result.operation}) row ${result.row.id} in table ${data.tableId}`
   )
 
+  if (result.operation === 'insert') {
+    void fireTableTrigger(
+      data.tableId,
+      table.name,
+      'insert',
+      [result.row],
+      null,
+      table.schema,
+      requestId
+    )
+  } else if (result.operation === 'update' && result.previousData) {
+    const oldRows = new Map([[result.row.id, result.previousData]])
+    void fireTableTrigger(
+      data.tableId,
+      table.name,
+      'update',
+      [result.row],
+      oldRows,
+      table.schema,
+      requestId
+    )
+  }
+  notifyTableRowUpdated(data.tableId, result.row)
+  void scheduleWorkflowGroupRuns(table, [result.row])
+
   return result
 }
 
@@ -1311,6 +1508,7 @@ export async function queryRows(
     rows: rows.map((r) => ({
       id: r.id,
       data: r.data as RowData,
+      executions: (r.executions as RowExecutions) ?? {},
       position: r.position,
       createdAt: r.createdAt,
       updatedAt: r.updatedAt,
@@ -1353,12 +1551,30 @@ export async function getRowById(
   return {
     id: row.id,
     data: row.data as RowData,
+    executions: (row.executions as RowExecutions) ?? {},
     position: row.position,
     createdAt: row.createdAt,
     updatedAt: row.updatedAt,
   }
 }
 
+/** Merges an `executionsPatch` into the row's existing executions blob. */
+function applyExecutionsPatch(
+  existing: RowExecutions,
+  patch: Record<string, RowExecutionMetadata | null> | undefined
+): RowExecutions {
+  if (!patch) return existing
+  const next: RowExecutions = { ...existing }
+  for (const [gid, value] of Object.entries(patch)) {
+    if (value === null) {
+      delete next[gid]
+    } else {
+      next[gid] = value
+    }
+  }
+  return next
+}
+
 /**
  * Updates a single row.
  *
@@ -1372,7 +1588,7 @@ export async function updateRow(
   data: UpdateRowData,
   table: TableDefinition,
   requestId: string
-): Promise<TableRow> {
+): Promise<TableRow | null> {
   // Get existing row
   const existingRow = await getRowById(data.tableId, data.rowId, data.workspaceId)
   if (!existingRow) {
@@ -1384,6 +1600,7 @@ export async function updateRow(
     ...(existingRow.data as RowData),
     ...data.data,
   }
+  const mergedExecutions = applyExecutionsPatch(existingRow.executions, data.executionsPatch)
 
   // Validate size
   const sizeValidation = validateRowSize(mergedData)
@@ -1413,20 +1630,67 @@ export async function updateRow(
 
   const now = new Date()
 
-  await db
+  // Cell-task partial writes pass `cancellationGuard` so the SQL update is a
+  // no-op when a stop click already wrote `cancelled` for this run between
+  // the in-process read and now. Without this, an in-flight `running`
+  // partial-write can land after `cancelled` and clobber it.
+  const guard = data.cancellationGuard
+  // The guard rejects writes only when the DB *already* shows
+  // `cancelled` + matching executionId. Wrap the JSON traversals in
+  // `IS DISTINCT FROM` so a missing `executions[groupId]` (NULL) cleanly
+  // evaluates as "different" — Postgres three-valued logic would otherwise
+  // make the whole expression NULL and the UPDATE would mistakenly become
+  // a no-op for any row that has no prior execution record.
+  const whereClause = guard
+    ? and(
+        eq(userTableRows.id, data.rowId),
+        sql`(executions->${guard.groupId}->>'status' IS DISTINCT FROM 'cancelled' OR executions->${guard.groupId}->>'executionId' IS DISTINCT FROM ${guard.executionId})`
+      )
+    : eq(userTableRows.id, data.rowId)
+
+  const updated = await db
     .update(userTableRows)
-    .set({ data: mergedData, updatedAt: now })
-    .where(eq(userTableRows.id, data.rowId))
+    .set({ data: mergedData, executions: mergedExecutions, updatedAt: now })
+    .where(whereClause)
+    .returning({ id: userTableRows.id })
+
+  // Only meaningful when a guard is set — `null` signals "guard rejected".
+  if (guard && updated.length === 0) {
+    return null
+  }
 
   logger.info(`[${requestId}] Updated row ${data.rowId} in table ${data.tableId}`)
 
-  return {
+  const updatedRow: TableRow = {
     id: data.rowId,
     data: mergedData,
+    executions: mergedExecutions,
     position: existingRow.position,
     createdAt: existingRow.createdAt,
     updatedAt: now,
   }
+
+  const oldRows = new Map([[data.rowId, existingRow.data as RowData]])
+  void fireTableTrigger(
+    data.tableId,
+    table.name,
+    'update',
+    [updatedRow],
+    oldRows,
+    table.schema,
+    requestId
+  )
+  // Notify BEFORE the scheduler so this event (carrying the user's data
+  // update with pre-scheduler executions) reaches the client first. The
+  // scheduler then fires its own per-write notifications with `pending`/
+  // `running` execution state — those land last, so the cached executions
+  // end on the live state instead of being clobbered by a stale envelope.
+  notifyTableRowUpdated(data.tableId, updatedRow)
+  // Awaited (not `void`) so cell tasks dispatch their cascade before the
+  // trigger.dev worker tears down on `run()` resolve.
+  await scheduleWorkflowGroupRuns(table, [updatedRow])
+
+  return updatedRow
 }
 
 /**
@@ -1466,6 +1730,7 @@ export async function deleteRow(
   })
 
   logger.info(`[${requestId}] Deleted row ${rowId} from table ${tableId}`)
+  notifyTableRowDeleted(tableId, rowId)
 }
 
 /**
@@ -1568,6 +1833,27 @@ export async function updateRowsByFilter(
 
   logger.info(`[${requestId}] Updated ${matchingRows.length} rows in table ${data.tableId}`)
 
+  const oldRows = new Map(matchingRows.map((r) => [r.id, r.data as RowData]))
+  const updatedRows: TableRow[] = matchingRows.map((r) => ({
+    id: r.id,
+    data: { ...(r.data as RowData), ...data.data },
+    executions: ((r as { executions?: unknown }).executions as RowExecutions) ?? {},
+    position: 0,
+    createdAt: now,
+    updatedAt: now,
+  }))
+  void fireTableTrigger(
+    data.tableId,
+    table.name,
+    'update',
+    updatedRows,
+    oldRows,
+    table.schema,
+    requestId
+  )
+  for (const row of updatedRows) notifyTableRowUpdated(data.tableId, row)
+  void scheduleWorkflowGroupRuns(table, updatedRows)
+
   return {
     affectedCount: matchingRows.length,
     affectedRowIds: ids,
@@ -1589,7 +1875,11 @@ export async function batchUpdateRows(
 
   const rowIds = data.updates.map((u) => u.rowId)
   const existingRows = await db
-    .select({ id: userTableRows.id, data: userTableRows.data })
+    .select({
+      id: userTableRows.id,
+      data: userTableRows.data,
+      executions: userTableRows.executions,
+    })
     .from(userTableRows)
     .where(
       and(
@@ -1599,17 +1889,28 @@ export async function batchUpdateRows(
       )
     )
 
-  const existingMap = new Map(existingRows.map((r) => [r.id, r.data as RowData]))
+  type ExistingRow = { data: RowData; executions: RowExecutions }
+  const existingMap = new Map<string, ExistingRow>(
+    existingRows.map((r) => [
+      r.id,
+      { data: r.data as RowData, executions: (r.executions as RowExecutions) ?? {} },
+    ])
+  )
 
   const missing = rowIds.filter((id) => !existingMap.has(id))
   if (missing.length > 0) {
     throw new Error(`Rows not found: ${missing.join(', ')}`)
   }
 
-  const mergedUpdates: Array<{ rowId: string; mergedData: RowData }> = []
+  const mergedUpdates: Array<{
+    rowId: string
+    mergedData: RowData
+    mergedExecutions: RowExecutions
+  }> = []
   for (const update of data.updates) {
     const existing = existingMap.get(update.rowId)!
-    const merged = { ...existing, ...update.data }
+    const merged = { ...existing.data, ...update.data }
+    const mergedExecutions = applyExecutionsPatch(existing.executions, update.executionsPatch)
 
     const sizeValidation = validateRowSize(merged)
     if (!sizeValidation.valid) {
@@ -1621,7 +1922,7 @@ export async function batchUpdateRows(
       throw new Error(`Row ${update.rowId}: ${schemaValidation.errors.join(', ')}`)
     }
 
-    mergedUpdates.push({ rowId: update.rowId, mergedData: merged })
+    mergedUpdates.push({ rowId: update.rowId, mergedData: merged, mergedExecutions })
   }
 
   const uniqueColumns = getUniqueColumns(table.schema)
@@ -1645,10 +1946,10 @@ export async function batchUpdateRows(
     await setTableTxTimeouts(trx, { statementMs: 60_000 })
     for (let i = 0; i < mergedUpdates.length; i += TABLE_LIMITS.UPDATE_BATCH_SIZE) {
       const batch = mergedUpdates.slice(i, i + TABLE_LIMITS.UPDATE_BATCH_SIZE)
-      const updatePromises = batch.map(({ rowId, mergedData }) =>
+      const updatePromises = batch.map(({ rowId, mergedData, mergedExecutions }) =>
         trx
           .update(userTableRows)
-          .set({ data: mergedData, updatedAt: now })
+          .set({ data: mergedData, executions: mergedExecutions, updatedAt: now })
           .where(eq(userTableRows.id, rowId))
       )
       await Promise.all(updatePromises)
@@ -1657,6 +1958,34 @@ export async function batchUpdateRows(
 
   logger.info(`[${requestId}] Batch updated ${mergedUpdates.length} rows in table ${data.tableId}`)
 
+  const oldRowsForTrigger = new Map(
+    data.updates.map((u) => [u.rowId, existingMap.get(u.rowId)!.data])
+  )
+  const updatedRowsForTrigger: TableRow[] = mergedUpdates.map(
+    ({ rowId, mergedData, mergedExecutions }) => ({
+      id: rowId,
+      data: mergedData,
+      executions: mergedExecutions,
+      position: 0,
+      createdAt: now,
+      updatedAt: now,
+    })
+  )
+  void fireTableTrigger(
+    data.tableId,
+    table.name,
+    'update',
+    updatedRowsForTrigger,
+    oldRowsForTrigger,
+    table.schema,
+    requestId
+  )
+  // Same ordering as `updateRow`: notify with the user's data update first
+  // so the scheduler's later per-write notifications (pending/running) land
+  // last and stick in the client cache.
+  for (const row of updatedRowsForTrigger) notifyTableRowUpdated(data.tableId, row)
+  void scheduleWorkflowGroupRuns(table, updatedRowsForTrigger)
+
   return {
     affectedCount: mergedUpdates.length,
     affectedRowIds: mergedUpdates.map((u) => u.rowId),
@@ -1766,6 +2095,7 @@ export async function deleteRowsByFilter(
   })
 
   logger.info(`[${requestId}] Deleted ${matchingRows.length} rows from table ${data.tableId}`)
+  for (const id of rowIds) notifyTableRowDeleted(data.tableId, id)
 
   return {
     affectedCount: matchingRows.length,
@@ -1823,6 +2153,7 @@ export async function deleteRowsByIds(
   const missingRowIds = uniqueRequestedRowIds.filter((id) => !deletedIdSet.has(id))
 
   logger.info(`[${requestId}] Deleted ${deletedIds.length} rows by ID from table ${data.tableId}`)
+  for (const id of deletedIds) notifyTableRowDeleted(data.tableId, id)
 
   return {
     deletedCount: deletedIds.length,
@@ -1881,7 +2212,32 @@ export async function renameColumn(
   const updatedColumns = schema.columns.map((c, i) =>
     i === columnIndex ? { ...c, name: data.newName } : c
   )
-  const updatedSchema: TableSchema = { columns: updatedColumns }
+  // Cascade rename into every workflow group: its output `columnName` refs
+  // and its `dependencies.columns` entries.
+  const updatedGroups = (schema.workflowGroups ?? []).map((group) => {
+    const renamedOutputs = group.outputs.map((o) =>
+      o.columnName === actualOldName ? { ...o, columnName: data.newName } : o
+    )
+    const renamedDeps = group.dependencies?.columns?.map((d) =>
+      d === actualOldName ? data.newName : d
+    )
+    const renamedGroupDeps = group.dependencies?.workflowGroups
+    const next = {
+      ...group,
+      outputs: renamedOutputs,
+      dependencies: {
+        ...(renamedDeps ? { columns: renamedDeps } : {}),
+        ...(renamedGroupDeps ? { workflowGroups: renamedGroupDeps } : {}),
+      },
+    }
+    return next
+  })
+  const updatedSchema: TableSchema = {
+    ...schema,
+    columns: updatedColumns,
+    ...(updatedGroups.length > 0 ? { workflowGroups: updatedGroups } : {}),
+  }
+  assertValidSchema(updatedSchema, table.metadata?.columnOrder)
 
   const metadata = table.metadata as TableMetadata | null
   let updatedMetadata = metadata
@@ -1889,6 +2245,12 @@ export async function renameColumn(
     const { [actualOldName]: width, ...rest } = metadata.columnWidths
     updatedMetadata = { ...metadata, columnWidths: { ...rest, [data.newName]: width } }
   }
+  if (updatedMetadata?.columnOrder?.includes(actualOldName)) {
+    updatedMetadata = {
+      ...updatedMetadata,
+      columnOrder: updatedMetadata.columnOrder.map((n) => (n === actualOldName ? data.newName : n)),
+    }
+  }
 
   const now = new Date()
   const statementMs = scaledStatementTimeoutMs(table.rowCount ?? 0, {
@@ -1944,10 +2306,61 @@ export async function deleteColumn(
     throw new Error('Cannot delete the last column in a table')
   }
 
-  const actualName = schema.columns[columnIndex].name
+  const targetColumn = schema.columns[columnIndex]
+  const actualName = targetColumn.name
+  const ownerGroupId = targetColumn.workflowGroupId
+
+  // Drop this column's reference from every group's outputs and `columns`
+  // dependency. If the column is the last output of its parent group, the
+  // group itself is also removed (a group with zero outputs is invalid),
+  // and any OTHER group depending on this group has the dep cleared too.
+  let groupRemovedId: string | null = null
+  let updatedGroups = (schema.workflowGroups ?? []).map((group) => {
+    let next = group
+    if (ownerGroupId && group.id === ownerGroupId) {
+      const remaining = group.outputs.filter((o) => o.columnName !== actualName)
+      if (remaining.length === 0) {
+        groupRemovedId = group.id
+      }
+      next = { ...next, outputs: remaining }
+    }
+    const filtered = next.dependencies?.columns?.filter((d) => d !== actualName)
+    if (filtered && filtered.length !== (next.dependencies?.columns?.length ?? 0)) {
+      next = {
+        ...next,
+        dependencies: {
+          ...(filtered.length > 0 ? { columns: filtered } : {}),
+          ...(next.dependencies?.workflowGroups
+            ? { workflowGroups: next.dependencies.workflowGroups }
+            : {}),
+        },
+      }
+    }
+    return next
+  })
+  if (groupRemovedId) {
+    const removed = groupRemovedId
+    updatedGroups = updatedGroups
+      .filter((g) => g.id !== removed)
+      .map((g) =>
+        g.dependencies?.workflowGroups
+          ? {
+              ...g,
+              dependencies: {
+                ...(g.dependencies.columns ? { columns: g.dependencies.columns } : {}),
+                workflowGroups: g.dependencies.workflowGroups.filter((id) => id !== removed),
+              },
+            }
+          : g
+      )
+  }
+
   const updatedSchema: TableSchema = {
+    ...schema,
     columns: schema.columns.filter((_, i) => i !== columnIndex),
+    ...(updatedGroups.length > 0 ? { workflowGroups: updatedGroups } : {}),
   }
+  assertValidSchema(updatedSchema, table.metadata?.columnOrder)
 
   const metadata = table.metadata as TableMetadata | null
   let updatedMetadata = metadata
@@ -2014,7 +2427,43 @@ export async function deleteColumns(
     throw new Error('Cannot delete all columns from a table')
   }
 
-  const updatedSchema: TableSchema = { columns: remaining }
+  // For each group, drop outputs whose column is being deleted. Groups that
+  // end up with zero outputs are removed entirely (they'd be invalid). Then
+  // any remaining group's dependencies referencing a removed group or
+  // deleted column are cleaned up.
+  const removedGroupIds = new Set<string>()
+  let updatedGroups = (schema.workflowGroups ?? []).map((group) => {
+    const remainingOutputs = group.outputs.filter((o) => !namesToDelete.has(o.columnName))
+    if (remainingOutputs.length === 0) {
+      removedGroupIds.add(group.id)
+    }
+    return remainingOutputs.length === group.outputs.length
+      ? group
+      : { ...group, outputs: remainingOutputs }
+  })
+  updatedGroups = updatedGroups
+    .filter((g) => !removedGroupIds.has(g.id))
+    .map((group) => {
+      const depCols = group.dependencies?.columns?.filter((d) => !namesToDelete.has(d))
+      const depGroups = group.dependencies?.workflowGroups?.filter((id) => !removedGroupIds.has(id))
+      const colsChanged = depCols && depCols.length !== (group.dependencies?.columns?.length ?? 0)
+      const groupsChanged =
+        depGroups && depGroups.length !== (group.dependencies?.workflowGroups?.length ?? 0)
+      if (!colsChanged && !groupsChanged) return group
+      return {
+        ...group,
+        dependencies: {
+          ...(depCols && depCols.length > 0 ? { columns: depCols } : {}),
+          ...(depGroups && depGroups.length > 0 ? { workflowGroups: depGroups } : {}),
+        },
+      }
+    })
+  const updatedSchema: TableSchema = {
+    ...schema,
+    columns: remaining,
+    ...(updatedGroups.length > 0 ? { workflowGroups: updatedGroups } : {}),
+  }
+  assertValidSchema(updatedSchema, table.metadata?.columnOrder)
 
   const metadata = table.metadata as TableMetadata | null
   let updatedMetadata = metadata
@@ -2121,7 +2570,7 @@ export async function updateColumnType(
   const updatedColumns = schema.columns.map((c, i) =>
     i === columnIndex ? { ...c, type: data.newType } : c
   )
-  const updatedSchema: TableSchema = { columns: updatedColumns }
+  const updatedSchema: TableSchema = { ...schema, columns: updatedColumns }
   const now = new Date()
 
   await db
@@ -2162,6 +2611,11 @@ export async function updateColumnConstraints(
   }
 
   const column = schema.columns[columnIndex]
+  if (column.workflowGroupId) {
+    throw new Error(
+      `Cannot change constraints on workflow-output column "${column.name}". Constraints aren't applicable to columns whose values come from workflow execution.`
+    )
+  }
   const escapedName = column.name.replace(/'/g, "''")
 
   if (data.required === true && !column.required) {
@@ -2201,7 +2655,7 @@ export async function updateColumnConstraints(
         }
       : c
   )
-  const updatedSchema: TableSchema = { columns: updatedColumns }
+  const updatedSchema: TableSchema = { ...schema, columns: updatedColumns }
   const now = new Date()
 
   await db
@@ -2216,6 +2670,708 @@ export async function updateColumnConstraints(
   return { ...table, schema: updatedSchema, updatedAt: now }
 }
 
+/**
+ * Atomically inserts a workflow group plus its output columns into a table's
+ * schema. Both arrays update in one DB write so the schema is never observed
+ * mid-mutation (e.g. columns referencing a group that doesn't yet exist).
+ */
+export async function addWorkflowGroup(
+  data: AddWorkflowGroupData,
+  requestId: string
+): Promise<TableDefinition> {
+  const table = await getTableById(data.tableId)
+  if (!table) {
+    throw new Error('Table not found')
+  }
+
+  const schema = table.schema
+  const groups = schema.workflowGroups ?? []
+  if (groups.some((g) => g.id === data.group.id)) {
+    throw new Error(`Workflow group "${data.group.id}" already exists`)
+  }
+
+  const existingNames = new Set(schema.columns.map((c) => c.name.toLowerCase()))
+  for (const col of data.outputColumns) {
+    if (!NAME_PATTERN.test(col.name)) {
+      throw new Error(
+        `Invalid output column name "${col.name}". Must satisfy ${NAME_PATTERN.source}.`
+      )
+    }
+    if (existingNames.has(col.name.toLowerCase())) {
+      throw new Error(`Column "${col.name}" already exists`)
+    }
+  }
+
+  if (schema.columns.length + data.outputColumns.length > TABLE_LIMITS.MAX_COLUMNS_PER_TABLE) {
+    throw new Error(
+      `Adding ${data.outputColumns.length} columns would exceed the maximum (${TABLE_LIMITS.MAX_COLUMNS_PER_TABLE}).`
+    )
+  }
+
+  const updatedSchema: TableSchema = {
+    ...schema,
+    columns: [...schema.columns, ...data.outputColumns],
+    workflowGroups: [...groups, data.group],
+  }
+  assertValidSchema(updatedSchema, table.metadata?.columnOrder)
+
+  const now = new Date()
+  await db
+    .update(userTableDefinitions)
+    .set({ schema: updatedSchema, updatedAt: now })
+    .where(eq(userTableDefinitions.id, data.tableId))
+
+  logger.info(
+    `[${requestId}] Added workflow group "${data.group.id}" with ${data.outputColumns.length} output column(s) to table ${data.tableId}`
+  )
+
+  const updatedTable: TableDefinition = { ...table, schema: updatedSchema, updatedAt: now }
+
+  // Schedule existing rows so already-filled deps trigger immediately. Skipped
+  // when the caller opted out (Mothership stages groups silently — `autoRun:
+  // false` — so the AI can compose multiple changes without firing rows mid-edit).
+  if (data.autoRun !== false) {
+    void (async () => {
+      try {
+        const rowRecords = await db
+          .select()
+          .from(userTableRows)
+          .where(eq(userTableRows.tableId, data.tableId))
+        if (rowRecords.length === 0) return
+        const rows: TableRow[] = rowRecords.map((r) => ({
+          id: r.id,
+          data: r.data as RowData,
+          executions: (r.executions as RowExecutions) ?? {},
+          position: r.position,
+          createdAt: r.createdAt,
+          updatedAt: r.updatedAt,
+        }))
+        await scheduleWorkflowGroupRuns(updatedTable, rows)
+      } catch (err) {
+        logger.error(`[${requestId}] Failed to schedule runs after group add:`, err)
+      }
+    })()
+  }
+
+  return updatedTable
+}
+
+/**
+ * Updates a workflow group: any combination of workflowId, name, dependencies,
+ * outputs[]. Computes added/removed outputs vs current state and inserts /
+ * removes columns transactionally. Removed outputs also clear their key from
+ * every row's `data`.
+ */
+export async function updateWorkflowGroup(
+  data: UpdateWorkflowGroupData,
+  requestId: string
+): Promise<TableDefinition> {
+  const table = await getTableById(data.tableId)
+  if (!table) {
+    throw new Error('Table not found')
+  }
+
+  const schema = table.schema
+  const groups = schema.workflowGroups ?? []
+  const groupIndex = groups.findIndex((g) => g.id === data.groupId)
+  if (groupIndex === -1) {
+    throw new Error(`Workflow group "${data.groupId}" not found`)
+  }
+  const group = groups[groupIndex]
+
+  const newOutputs = data.outputs ?? group.outputs
+  const oldKey = (o: WorkflowGroupOutput) => `${o.blockId}::${o.path}`
+  const oldByKey = new Map(group.outputs.map((o) => [oldKey(o), o]))
+  const newByKey = new Map(newOutputs.map((o) => [oldKey(o), o]))
+
+  const removed = group.outputs.filter((o) => !newByKey.has(oldKey(o)))
+  const added = newOutputs.filter((o) => !oldByKey.has(oldKey(o)))
+  const newColDefs = data.newOutputColumns ?? []
+  const newColByName = new Map(newColDefs.map((c) => [c.name, c]))
+
+  for (const out of added) {
+    if (!newColByName.has(out.columnName)) {
+      throw new Error(
+        `Missing column definition for new output "${out.columnName}" (group ${data.groupId}).`
+      )
+    }
+  }
+
+  const removedColumnNames = new Set(removed.map((o) => o.columnName))
+  let nextColumns = schema.columns.filter((c) => !removedColumnNames.has(c.name))
+  if (newColDefs.length > 0) {
+    // Splice the new column defs into the group's contiguous run rather than
+    // appending at the end. The desired in-group order is `newOutputs` (the
+    // sidebar's BFS-of-the-workflow ordering); we walk it, anchor at the first
+    // surviving sibling's index in `nextColumns`, and emit each output's
+    // column def in turn.
+    const groupColNames = new Set(newOutputs.map((o) => o.columnName))
+    const firstGroupIdx = nextColumns.findIndex((c) => groupColNames.has(c.name))
+    const anchorIdx = firstGroupIdx === -1 ? nextColumns.length : firstGroupIdx
+    const newColByLowerName = new Map(newColDefs.map((c) => [c.name.toLowerCase(), c]))
+    const orderedGroupCols: ColumnDefinition[] = []
+    for (const out of newOutputs) {
+      const fresh = newColByLowerName.get(out.columnName.toLowerCase())
+      if (fresh) {
+        orderedGroupCols.push(fresh)
+      } else {
+        const existing = nextColumns.find(
+          (c) => c.name.toLowerCase() === out.columnName.toLowerCase()
+        )
+        if (existing) orderedGroupCols.push(existing)
+      }
+    }
+    const remaining = nextColumns.filter((c) => !groupColNames.has(c.name))
+    nextColumns = [
+      ...remaining.slice(0, anchorIdx),
+      ...orderedGroupCols,
+      ...remaining.slice(anchorIdx),
+    ]
+  }
+
+  const updatedGroup: WorkflowGroup = {
+    ...group,
+    workflowId: data.workflowId ?? group.workflowId,
+    name: data.name ?? group.name,
+    dependencies: data.dependencies ?? group.dependencies,
+    outputs: newOutputs,
+  }
+  const nextGroups = groups.map((g, i) => (i === groupIndex ? updatedGroup : g))
+  const updatedSchema: TableSchema = {
+    ...schema,
+    columns: nextColumns,
+    workflowGroups: nextGroups,
+  }
+
+  // `columnOrder` mirrors the schema layout. Drop removed columns, then splice
+  // the new ones in at the same anchor as `nextColumns` so the table renders
+  // them inside the group's contiguous run instead of at the tail.
+  let updatedColumnOrder = table.metadata?.columnOrder?.filter((n) => !removedColumnNames.has(n))
+  if (updatedColumnOrder && newColDefs.length > 0) {
+    const newColNamesLower = new Set(newColDefs.map((c) => c.name.toLowerCase()))
+    const orderWithoutNew = updatedColumnOrder.filter((n) => !newColNamesLower.has(n.toLowerCase()))
+    const groupColNames = new Set(newOutputs.map((o) => o.columnName))
+    const orderedGroupNames = newOutputs.map((o) => o.columnName)
+    const firstGroupOrderIdx = orderWithoutNew.findIndex((n) => groupColNames.has(n))
+    const anchorOrderIdx = firstGroupOrderIdx === -1 ? orderWithoutNew.length : firstGroupOrderIdx
+    const remainingOrder = orderWithoutNew.filter((n) => !groupColNames.has(n))
+    updatedColumnOrder = [
+      ...remainingOrder.slice(0, anchorOrderIdx),
+      ...orderedGroupNames,
+      ...remainingOrder.slice(anchorOrderIdx),
+    ]
+  }
+  assertValidSchema(updatedSchema, updatedColumnOrder)
+
+  const updatedMetadata: TableMetadata | null =
+    updatedColumnOrder && table.metadata
+      ? { ...table.metadata, columnOrder: updatedColumnOrder }
+      : table.metadata
+        ? { ...table.metadata }
+        : null
+
+  const now = new Date()
+  await db.transaction(async (trx) => {
+    await setTableTxTimeouts(trx, { statementMs: 60_000 })
+    await trx
+      .update(userTableDefinitions)
+      .set({ schema: updatedSchema, metadata: updatedMetadata, updatedAt: now })
+      .where(eq(userTableDefinitions.id, data.tableId))
+    for (const name of removedColumnNames) {
+      await trx.execute(
+        sql`UPDATE user_table_rows SET data = data - ${name}::text WHERE table_id = ${data.tableId} AND data ? ${name}::text`
+      )
+    }
+  })
+
+  logger.info(
+    `[${requestId}] Updated workflow group "${data.groupId}" in table ${data.tableId} (added=${added.length}, removed=${removed.length})`
+  )
+
+  const updatedTable: TableDefinition = {
+    ...table,
+    schema: updatedSchema,
+    metadata: updatedMetadata,
+    updatedAt: now,
+  }
+
+  // Backfill the new outputs from execution logs so already-completed group
+  // runs surface the just-added columns without re-running the workflow.
+  // Awaited so the response only returns once row data is consistent — the
+  // client then refetches and sees the backfilled values immediately. A failed
+  // backfill is logged but doesn't fail the whole request, since the schema
+  // change has already committed.
+  if (added.length > 0) {
+    try {
+      await backfillAddedGroupOutputs({
+        table: updatedTable,
+        groupId: data.groupId,
+        addedOutputs: added,
+        requestId,
+      })
+    } catch (err) {
+      logger.warn(
+        `[${requestId}] Backfill from execution logs failed for ${data.tableId} group ${data.groupId}:`,
+        err
+      )
+    }
+  }
+
+  return updatedTable
+}
+
+/**
+ * Adds a single output to an existing workflow group. Mirrors `addTableColumn`
+ * for plain columns: one canonical op, one column created, type inferred from
+ * the workflow's flattened outputs (`leafType` for `(blockId, path)`). The
+ * column is spliced into the group's contiguous run so the table renders the
+ * new output next to its siblings.
+ */
+export async function addWorkflowGroupOutput(
+  data: {
+    tableId: string
+    groupId: string
+    blockId: string
+    path: string
+    /** Optional override; defaults to a slug derived from `path`. */
+    columnName?: string
+  },
+  requestId: string
+): Promise<TableDefinition> {
+  const table = await getTableById(data.tableId)
+  if (!table) throw new Error('Table not found')
+
+  const schema = table.schema
+  const groups = schema.workflowGroups ?? []
+  const groupIndex = groups.findIndex((g) => g.id === data.groupId)
+  if (groupIndex === -1) {
+    throw new Error(`Workflow group "${data.groupId}" not found`)
+  }
+  const group = groups[groupIndex]
+
+  if (group.outputs.some((o) => o.blockId === data.blockId && o.path === data.path)) {
+    throw new Error(
+      `Workflow group "${data.groupId}" already has an output at ${data.blockId}::${data.path}`
+    )
+  }
+
+  const [
+    { loadWorkflowFromNormalizedTables },
+    { flattenWorkflowOutputs, getBlockExecutionOrder },
+    { columnTypeForLeaf, deriveOutputColumnName },
+  ] = await Promise.all([
+    import('@/lib/workflows/persistence/utils'),
+    import('@/lib/workflows/blocks/flatten-outputs'),
+    import('./column-naming'),
+  ])
+  const normalized = await loadWorkflowFromNormalizedTables(group.workflowId)
+  if (!normalized) {
+    throw new Error(`Workflow ${group.workflowId} not found`)
+  }
+  const blocks = Object.values(normalized.blocks ?? {}).map((b) => ({
+    id: b.id,
+    type: b.type,
+    name: b.name,
+    triggerMode: (b as { triggerMode?: boolean }).triggerMode,
+    subBlocks: b.subBlocks as Record<string, unknown> | undefined,
+  }))
+  const flattened = flattenWorkflowOutputs(blocks, normalized.edges ?? [])
+  const match = flattened.find((f) => f.blockId === data.blockId && f.path === data.path)
+  if (!match) {
+    throw new Error(
+      `Output ${data.blockId}::${data.path} is not a valid pickable output on workflow ${group.workflowId}`
+    )
+  }
+  const distances = getBlockExecutionOrder(blocks, normalized.edges ?? [])
+  const flatIndex = new Map(flattened.map((f, i) => [`${f.blockId}::${f.path}`, i]))
+
+  const taken = new Set(schema.columns.map((c) => c.name))
+  const columnName = data.columnName ?? deriveOutputColumnName(data.path, taken)
+  if (!NAME_PATTERN.test(columnName)) {
+    throw new Error(`Invalid column name "${columnName}". Must satisfy ${NAME_PATTERN.source}.`)
+  }
+  if (taken.has(columnName)) {
+    throw new Error(`Column "${columnName}" already exists`)
+  }
+  if (schema.columns.length + 1 > TABLE_LIMITS.MAX_COLUMNS_PER_TABLE) {
+    throw new Error(
+      `Adding a column would exceed the maximum (${TABLE_LIMITS.MAX_COLUMNS_PER_TABLE}).`
+    )
+  }
+
+  const newColDef: ColumnDefinition = {
+    name: columnName,
+    type: columnTypeForLeaf(match.leafType),
+    required: false,
+    unique: false,
+    workflowGroupId: data.groupId,
+  }
+  const newOutput: WorkflowGroupOutput = {
+    blockId: data.blockId,
+    path: data.path,
+    columnName,
+  }
+
+  // Sort all of the group's outputs (existing + new) in workflow execution
+  // order: BFS distance from the start block ASC, with discovery order as
+  // tiebreak. This matches what the column-sidebar does at create time, so
+  // columns from the same workflow always read in the order their blocks run
+  // — regardless of whether they were added at create time or one-by-one.
+  const groupColNamesBefore = new Set(group.outputs.map((o) => o.columnName))
+  const orderKey = (o: { blockId: string; path: string }) => {
+    const d = distances[o.blockId]
+    const dist = d === undefined || d < 0 ? Number.POSITIVE_INFINITY : d
+    const idx = flatIndex.get(`${o.blockId}::${o.path}`) ?? Number.POSITIVE_INFINITY
+    return [dist, idx] as const
+  }
+  const allGroupOutputs = [...group.outputs, newOutput].sort((a, b) => {
+    const [da, ia] = orderKey(a)
+    const [db, ib] = orderKey(b)
+    return da !== db ? da - db : ia - ib
+  })
+  const orderedGroupColNames = allGroupOutputs.map((o) => o.columnName)
+  const updatedGroup: WorkflowGroup = {
+    ...group,
+    outputs: allGroupOutputs,
+  }
+  const nextGroups = groups.map((g, i) => (i === groupIndex ? updatedGroup : g))
+
+  // Splice the new column run into nextColumns: keep the columns outside the
+  // group where they were, replace the group's contiguous run with the
+  // BFS-ordered list. Anchor at the position of the first existing sibling
+  // (or append if the group was empty).
+  const colByName = new Map(schema.columns.map((c) => [c.name, c]))
+  const orderedGroupCols: ColumnDefinition[] = orderedGroupColNames.map((name) => {
+    if (name === columnName) return newColDef
+    const existing = colByName.get(name)
+    if (!existing) {
+      throw new Error(`Internal: column "${name}" missing while splicing group outputs`)
+    }
+    return existing
+  })
+  const remainingCols = schema.columns.filter((c) => !groupColNamesBefore.has(c.name))
+  const firstGroupIdx = schema.columns.findIndex((c) => groupColNamesBefore.has(c.name))
+  const colAnchor = firstGroupIdx === -1 ? remainingCols.length : firstGroupIdx
+  const nextColumns = [
+    ...remainingCols.slice(0, colAnchor),
+    ...orderedGroupCols,
+    ...remainingCols.slice(colAnchor),
+  ]
+
+  const updatedSchema: TableSchema = {
+    ...schema,
+    columns: nextColumns,
+    workflowGroups: nextGroups,
+  }
+
+  const updatedColumnOrder = table.metadata?.columnOrder
+    ? (() => {
+        const orderWithoutGroup = table.metadata!.columnOrder!.filter(
+          (n) => !groupColNamesBefore.has(n)
+        )
+        const firstGroupOrderIdx = table.metadata!.columnOrder!.findIndex((n) =>
+          groupColNamesBefore.has(n)
+        )
+        const orderAnchor =
+          firstGroupOrderIdx === -1 ? orderWithoutGroup.length : firstGroupOrderIdx
+        return [
+          ...orderWithoutGroup.slice(0, orderAnchor),
+          ...orderedGroupColNames,
+          ...orderWithoutGroup.slice(orderAnchor),
+        ]
+      })()
+    : undefined
+
+  assertValidSchema(updatedSchema, updatedColumnOrder)
+
+  const updatedMetadata: TableMetadata | null =
+    updatedColumnOrder && table.metadata
+      ? { ...table.metadata, columnOrder: updatedColumnOrder }
+      : table.metadata
+        ? { ...table.metadata }
+        : null
+
+  const now = new Date()
+  await db
+    .update(userTableDefinitions)
+    .set({ schema: updatedSchema, metadata: updatedMetadata, updatedAt: now })
+    .where(eq(userTableDefinitions.id, data.tableId))
+
+  logger.info(
+    `[${requestId}] Added output "${columnName}" (${newColDef.type}) to workflow group "${data.groupId}" in table ${data.tableId}`
+  )
+
+  // Backfill: re-run the group on every dep-satisfied row (including ones
+  // that previously completed) so the new column actually gets populated.
+  // Adding an output without values defeats the point — the user wants the
+  // values, not just the empty header.
+  void (async () => {
+    try {
+      const { triggerWorkflowGroupRun } = await import('./workflow-columns')
+      const { triggered } = await triggerWorkflowGroupRun({
+        tableId: data.tableId,
+        groupId: data.groupId,
+        workspaceId: table.workspaceId,
+        mode: 'all',
+        requestId,
+      })
+      logger.info(
+        `[${requestId}] Backfilled ${triggered} row(s) after adding output "${columnName}"`
+      )
+    } catch (err) {
+      logger.error(
+        `[${requestId}] Failed to backfill rows after adding output "${columnName}":`,
+        err
+      )
+    }
+  })()
+
+  return { ...table, schema: updatedSchema, metadata: updatedMetadata, updatedAt: now }
+}
+
+/**
+ * Removes a single output from a workflow group. Drops the bound column and
+ * strips the value from every row's `data` JSONB. If the output is the
+ * group's last, the empty group is left in place — drop it explicitly with
+ * `deleteWorkflowGroup` if needed.
+ */
+export async function deleteWorkflowGroupOutput(
+  data: { tableId: string; groupId: string; columnName: string },
+  requestId: string
+): Promise<TableDefinition> {
+  const table = await getTableById(data.tableId)
+  if (!table) throw new Error('Table not found')
+
+  const schema = table.schema
+  const groups = schema.workflowGroups ?? []
+  const groupIndex = groups.findIndex((g) => g.id === data.groupId)
+  if (groupIndex === -1) {
+    throw new Error(`Workflow group "${data.groupId}" not found`)
+  }
+  const group = groups[groupIndex]
+  if (!group.outputs.some((o) => o.columnName === data.columnName)) {
+    throw new Error(
+      `Workflow group "${data.groupId}" has no output bound to column "${data.columnName}"`
+    )
+  }
+
+  const updatedGroup: WorkflowGroup = {
+    ...group,
+    outputs: group.outputs.filter((o) => o.columnName !== data.columnName),
+  }
+  const nextGroups = groups.map((g, i) => (i === groupIndex ? updatedGroup : g))
+  const nextColumns = schema.columns.filter((c) => c.name !== data.columnName)
+  const updatedSchema: TableSchema = {
+    ...schema,
+    columns: nextColumns,
+    workflowGroups: nextGroups,
+  }
+
+  const updatedColumnOrder = table.metadata?.columnOrder?.filter((n) => n !== data.columnName)
+  assertValidSchema(updatedSchema, updatedColumnOrder)
+
+  const updatedMetadata: TableMetadata | null =
+    updatedColumnOrder && table.metadata
+      ? { ...table.metadata, columnOrder: updatedColumnOrder }
+      : table.metadata
+        ? { ...table.metadata }
+        : null
+
+  const now = new Date()
+  await db.transaction(async (trx) => {
+    await setTableTxTimeouts(trx, { statementMs: 60_000 })
+    await trx
+      .update(userTableDefinitions)
+      .set({ schema: updatedSchema, metadata: updatedMetadata, updatedAt: now })
+      .where(eq(userTableDefinitions.id, data.tableId))
+    await trx.execute(
+      sql`UPDATE user_table_rows SET data = data - ${data.columnName}::text WHERE table_id = ${data.tableId} AND data ? ${data.columnName}::text`
+    )
+  })
+
+  logger.info(
+    `[${requestId}] Removed output "${data.columnName}" from workflow group "${data.groupId}" in table ${data.tableId}`
+  )
+
+  return { ...table, schema: updatedSchema, metadata: updatedMetadata, updatedAt: now }
+}
+
+/**
+ * Removes a workflow group plus all its output columns. Also strips the
+ * group's `executions[groupId]` entry from every row.
+ */
+export async function deleteWorkflowGroup(
+  data: DeleteWorkflowGroupData,
+  requestId: string
+): Promise<TableDefinition> {
+  const table = await getTableById(data.tableId)
+  if (!table) {
+    throw new Error('Table not found')
+  }
+
+  const schema = table.schema
+  const groups = schema.workflowGroups ?? []
+  const group = groups.find((g) => g.id === data.groupId)
+  if (!group) {
+    throw new Error(`Workflow group "${data.groupId}" not found`)
+  }
+
+  const removedColumnNames = new Set(group.outputs.map((o) => o.columnName))
+  const nextGroups = groups
+    .filter((g) => g.id !== data.groupId)
+    .map((g) => ({
+      ...g,
+      dependencies: g.dependencies?.workflowGroups
+        ? {
+            ...(g.dependencies.columns ? { columns: g.dependencies.columns } : {}),
+            workflowGroups: g.dependencies.workflowGroups.filter((id) => id !== data.groupId),
+          }
+        : g.dependencies,
+    }))
+  const updatedSchema: TableSchema = {
+    ...schema,
+    columns: schema.columns.filter((c) => !removedColumnNames.has(c.name)),
+    workflowGroups: nextGroups,
+  }
+  const updatedColumnOrder = table.metadata?.columnOrder?.filter((n) => !removedColumnNames.has(n))
+  assertValidSchema(updatedSchema, updatedColumnOrder)
+
+  const updatedMetadata: TableMetadata | null =
+    updatedColumnOrder && table.metadata
+      ? { ...table.metadata, columnOrder: updatedColumnOrder }
+      : table.metadata
+        ? { ...table.metadata }
+        : null
+
+  const now = new Date()
+  await db.transaction(async (trx) => {
+    await setTableTxTimeouts(trx, { statementMs: 60_000 })
+    await trx
+      .update(userTableDefinitions)
+      .set({ schema: updatedSchema, metadata: updatedMetadata, updatedAt: now })
+      .where(eq(userTableDefinitions.id, data.tableId))
+    for (const name of removedColumnNames) {
+      await trx.execute(
+        sql`UPDATE user_table_rows SET data = data - ${name}::text WHERE table_id = ${data.tableId} AND data ? ${name}::text`
+      )
+    }
+    await trx.execute(
+      sql`UPDATE user_table_rows SET executions = executions - ${data.groupId}::text WHERE table_id = ${data.tableId} AND executions ? ${data.groupId}::text`
+    )
+  })
+
+  logger.info(`[${requestId}] Deleted workflow group "${data.groupId}" from table ${data.tableId}`)
+
+  return {
+    ...table,
+    schema: updatedSchema,
+    metadata: updatedMetadata,
+    updatedAt: now,
+  }
+}
+
+/** Minimal shape of a trace span we care about for backfill. */
+interface BackfillTraceSpan {
+  blockId?: string
+  output?: Record<string, unknown>
+  children?: BackfillTraceSpan[]
+}
+
+/** DFS the trace tree for the first span matching `blockId`. */
+function findSpanByBlockId(
+  spans: BackfillTraceSpan[] | undefined,
+  blockId: string
+): BackfillTraceSpan | undefined {
+  if (!spans) return undefined
+  for (const span of spans) {
+    if (span.blockId === blockId) return span
+    const child = findSpanByBlockId(span.children, blockId)
+    if (child) return child
+  }
+  return undefined
+}
+
+async function backfillAddedGroupOutputs(opts: {
+  table: TableDefinition
+  groupId: string
+  addedOutputs: WorkflowGroupOutput[]
+  requestId: string
+}): Promise<void> {
+  const { table, groupId, addedOutputs, requestId } = opts
+  if (addedOutputs.length === 0) return
+
+  const { pluckByPath } = await import('./pluck')
+
+  const rowRecords = await db
+    .select()
+    .from(userTableRows)
+    .where(eq(userTableRows.tableId, table.id))
+
+  // Collect unique executionIds across rows whose group execution completed.
+  const executionIdsByRow = new Map<string, string>()
+  for (const r of rowRecords) {
+    const exec = (r.executions as RowExecutions)?.[groupId]
+    if (!exec || exec.status !== 'completed' || !exec.executionId) continue
+    executionIdsByRow.set(r.id, exec.executionId)
+  }
+  if (executionIdsByRow.size === 0) return
+
+  const executionIds = Array.from(new Set(executionIdsByRow.values()))
+  const logs = await db
+    .select({
+      executionId: workflowExecutionLogs.executionId,
+      executionData: workflowExecutionLogs.executionData,
+    })
+    .from(workflowExecutionLogs)
+    .where(inArray(workflowExecutionLogs.executionId, executionIds))
+
+  const logByExecutionId = new Map<string, { traceSpans?: BackfillTraceSpan[] }>()
+  for (const log of logs) {
+    logByExecutionId.set(
+      log.executionId,
+      (log.executionData as { traceSpans?: BackfillTraceSpan[] }) ?? {}
+    )
+  }
+
+  const updates: Array<{ rowId: string; data: RowData }> = []
+  for (const r of rowRecords) {
+    const exec = (r.executions as RowExecutions)?.[groupId]
+    if (!exec?.executionId) continue
+    const log = logByExecutionId.get(exec.executionId)
+    if (!log) continue
+
+    const dataPatch: RowData = {}
+    let mutated = false
+    for (const out of addedOutputs) {
+      if ((r.data as RowData)[out.columnName] !== undefined) continue
+      const span = findSpanByBlockId(log.traceSpans, out.blockId)
+      if (!span?.output) continue
+      const picked = pluckByPath(span.output, out.path)
+      if (picked === undefined) continue
+      dataPatch[out.columnName] = picked as RowData[string]
+      mutated = true
+    }
+    if (!mutated) continue
+    updates.push({ rowId: r.id, data: dataPatch })
+  }
+
+  if (updates.length === 0) return
+
+  await batchUpdateRows(
+    {
+      tableId: table.id,
+      updates,
+      workspaceId: table.workspaceId,
+    },
+    table,
+    requestId
+  )
+
+  logger.info(
+    `[${requestId}] Backfilled ${updates.length} row(s) for group "${groupId}" in table ${table.id}`
+  )
+}
+
 /**
  * Checks if a value is compatible with a target column type.
  */
diff --git a/apps/sim/lib/table/trigger.ts b/apps/sim/lib/table/trigger.ts
new file mode 100644
index 00000000000..32ece5e7111
--- /dev/null
+++ b/apps/sim/lib/table/trigger.ts
@@ -0,0 +1,165 @@
+/**
+ * Direct trigger firing for table row events.
+ *
+ * When rows are inserted or updated in a table, this module looks up any
+ * active webhook triggers watching that table and fires workflow executions
+ * immediately - no polling or cron involved.
+ */
+
+import { createLogger } from '@sim/logger'
+import { generateShortId } from '@sim/utils/id'
+import type { RowData, TableRow, TableSchema } from '@/lib/table/types'
+import { fetchActiveWebhooks } from '@/lib/webhooks/polling/utils'
+import { processPolledWebhookEvent } from '@/lib/webhooks/processor'
+
+const logger = createLogger('TableTrigger')
+
+type EventType = 'insert' | 'update'
+
+interface TableTriggerPayload {
+  row: Record<string, unknown> | null
+  rawRow: Record<string, unknown>
+  previousRow: Record<string, unknown> | null
+  changedColumns: string[]
+  rowId: string
+  headers: string[]
+  rowNumber: number
+  tableId: string
+  tableName: string
+  timestamp: string
+}
+
+interface WebhookConfig {
+  tableId?: string
+  tableSelector?: string
+  manualTableId?: string
+  eventType?: string
+  watchColumns?: string | string[]
+  includeHeaders?: boolean
+}
+
+/**
+ * Fires workflow triggers for table row changes.
+ *
+ * This is fire-and-forget - errors are logged but never thrown.
+ * Call with `void fireTableTrigger(...)` to avoid blocking the caller.
+ *
+ * @param eventType - 'insert' for new rows, 'update' for changed rows
+ * @param oldRows - Map of row ID to previous data. Pass null for inserts.
+ */
+export async function fireTableTrigger(
+  tableId: string,
+  tableName: string,
+  eventType: EventType,
+  rows: TableRow[],
+  oldRows: Map<string, RowData> | null,
+  schema: TableSchema,
+  requestId: string
+): Promise<void> {
+  try {
+    const webhooks = await fetchActiveWebhooks('table')
+    if (webhooks.length === 0) return
+
+    const headers = schema.columns.map((c) => c.name)
+
+    // Filter to webhooks watching this table with a matching event type
+    const matching = webhooks.filter((entry) => {
+      const config = entry.webhook.providerConfig as WebhookConfig | null
+      const configTableId = config?.tableId ?? config?.tableSelector ?? config?.manualTableId
+      if (configTableId !== tableId) return false
+
+      const configEventType = config?.eventType ?? 'insert'
+      return configEventType === eventType
+    })
+
+    if (matching.length === 0) return
+
+    logger.info(
+      `[${requestId}] Firing ${matching.length} trigger(s) for ${rows.length} ${eventType} event(s) in table ${tableId}`
+    )
+
+    for (const { webhook: webhookData, workflow: workflowData } of matching) {
+      const config = webhookData.providerConfig as WebhookConfig | null
+      const watchColumns = parseWatchColumns(config?.watchColumns)
+      const includeHeaders = config?.includeHeaders !== false
+
+      for (const row of rows) {
+        const previousRow = oldRows?.get(row.id) ?? null
+        const changedColumns = previousRow ? detectChangedColumns(previousRow, row.data) : []
+
+        // For updates with watch columns, skip rows where no watched column changed
+        if (eventType === 'update' && watchColumns.length > 0) {
+          const hasWatchedChange = changedColumns.some((col) => watchColumns.includes(col))
+          if (!hasWatchedChange) continue
+        }
+
+        // Build mapped row if includeHeaders is enabled
+        let mappedRow: Record<string, unknown> | null = null
+        if (includeHeaders && headers.length > 0) {
+          mappedRow = {}
+          for (const header of headers) {
+            mappedRow[header] = row.data[header] ?? null
+          }
+        }
+
+        const payload: TableTriggerPayload = {
+          row: mappedRow,
+          rawRow: row.data,
+          previousRow,
+          changedColumns,
+          rowId: row.id,
+          headers,
+          rowNumber: row.position,
+          tableId,
+          tableName,
+          timestamp: new Date().toISOString(),
+        }
+
+        const eventRequestId = generateShortId()
+
+        try {
+          const result = await processPolledWebhookEvent(
+            webhookData,
+            workflowData,
+            payload,
+            eventRequestId
+          )
+
+          if (!result.success) {
+            logger.error(
+              `[${eventRequestId}] Failed to fire table trigger for row ${row.id}:`,
+              result.statusCode,
+              result.error
+            )
+          }
+        } catch (error) {
+          logger.error(`[${eventRequestId}] Error firing table trigger for row ${row.id}:`, error)
+        }
+      }
+    }
+  } catch (error) {
+    logger.error(`[${requestId}] Error in fireTableTrigger:`, error)
+  }
+}
+
+function parseWatchColumns(watchColumns: string | string[] | undefined): string[] {
+  if (!watchColumns) return []
+  if (Array.isArray(watchColumns)) return watchColumns.filter(Boolean)
+  return watchColumns
+    .split(',')
+    .map((c) => c.trim())
+    .filter(Boolean)
+}
+
+function detectChangedColumns(oldData: RowData, newData: RowData): string[] {
+  const changed: string[] = []
+  const allKeys = new Set([...Object.keys(oldData), ...Object.keys(newData)])
+
+  for (const key of allKeys) {
+    if (JSON.stringify(oldData[key]) !== JSON.stringify(newData[key])) {
+      changed.push(key)
+    }
+  }
+
+  return changed
+}
diff --git a/apps/sim/lib/table/types.ts b/apps/sim/lib/table/types.ts
index 070ff5771fa..e8976275aef 100644
--- a/apps/sim/lib/table/types.ts
+++ b/apps/sim/lib/table/types.ts
@@ -26,13 +26,88 @@ export interface ColumnDefinition {
   type: (typeof COLUMN_TYPES)[number]
   required?: boolean
   unique?: boolean
+  /**
+   * When set, this column is one of a workflow group's outputs. The value in
+   * `row.data[name]` is populated by the group's per-cell run.
+   */
+  workflowGroupId?: string
+}
+
+/** One workflow output → one plain column. */
+export interface WorkflowGroupOutput {
+  /** Source block id within the configured workflow. */
+  blockId: string
+  /** Dot-path into that block's output (e.g. `summary`, `result.items[0]`). */
+  path: string
+  /** Plain column in `schema.columns` that receives the plucked value. */
+  columnName: string
+}
+
+export interface WorkflowGroupDependencies {
+  /** Plain columns that must be non-empty before this group runs. */
+  columns?: string[]
+  /**
+   * Other workflow groups that must reach `status: completed` before this
+   * group runs. The dep graph is a first-class concept — you depend on a
+   * producing group, never on a sibling output value (which can legitimately
+   * be null on success).
+   */
+  workflowGroups?: string[]
+}
+
+export interface WorkflowGroup {
+  id: string
+  workflowId: string
+  /** Display name; defaults to the workflow's name. */
+  name?: string
+  dependencies?: WorkflowGroupDependencies
+  outputs: WorkflowGroupOutput[]
+}
+
+/**
+ * Per-row execution state for one workflow group, stored in
+ * `userTableRows.executions[groupId]`. Holds run metadata only — picked
+ * values land in `row.data` directly.
+ */
+export interface RowExecutionMetadata {
+  status: 'pending' | 'running' | 'completed' | 'error' | 'cancelled'
+  executionId: string | null
+  /**
+   * Async-job id (e.g. trigger.dev run id) for the in-flight execution.
+   * Persisted on `running` / `pending` rows so the cancel API can call
+   * `backend.cancelJob(jobId)` from any pod regardless of which one
+   * initiated the run. Null for terminal states.
+   */
+  jobId: string | null
+  workflowId: string
+  error: string | null
+  /** Block ids currently mid-execution. Empty / absent on terminal states. */
+  runningBlockIds?: string[]
+  /**
+   * Per-block error messages keyed by `blockId`. Errors are a normal Sim
+   * concept (error-port edges) — only the column sourced from the failing
+   * block should render `Error`, not every output column.
+   */
+  blockErrors?: Record<string, string>
 }
 
+/** Map of `WorkflowGroup.id` → execution state. Stored on every row. */
+export type RowExecutions = Record<string, RowExecutionMetadata>
+
 export interface TableSchema {
   columns: ColumnDefinition[]
+  /**
+   * Workflow groups keyed by id. Each group has N output columns (each
+   * referenced by `outputs[].columnName` in this same schema).
+   */
+  workflowGroups?: WorkflowGroup[]
 }
 
-/** UI-only metadata stored alongside the table definition. */
+/**
+ * Table-level metadata stored alongside the table definition. UI state only
+ * (column widths, column order) — workflow-group concurrency is enforced at
+ * the trigger.dev queue layer, not via metadata.
+ */
 export interface TableMetadata {
   columnWidths?: Record<string, number>
   columnOrder?: string[]
@@ -65,6 +140,8 @@ export interface TableSummary {
 export interface TableRow {
   id: string
   data: RowData
+  /** Per-group execution state for this row. Empty `{}` if nothing has run. */
+  executions: RowExecutions
   position: number
   createdAt: Date | string
   updatedAt: Date | string
@@ -204,6 +281,7 @@ export interface UpsertRowData {
 export interface UpsertResult {
   row: TableRow
   operation: 'insert' | 'update'
+  previousData?: RowData
 }
 
 export interface UpdateRowData {
@@ -211,6 +289,20 @@ export interface UpdateRowData {
   rowId: string
   data: RowData
   workspaceId: string
+  /**
+   * Optional partial patch to merge into `userTableRows.executions`. Top-level
+   * keys are `WorkflowGroup.id`; pass `null` for a key to delete that group's
+   * execution state. Used by the cell task and cancel paths.
+   */
+  executionsPatch?: Record<string, RowExecutionMetadata | null>
+  /**
+   * Optional SQL-level guard: the update is a no-op if the row's
+   * `executions[groupId]` already shows `cancelled` for the same
+   * `executionId`. The cell task passes this so a `running` partial-write
+   * landing after a stop click can't clobber the authoritative `cancelled`
+   * state. `updateRow` returns `null` when the guard rejects the write.
+   */
+  cancellationGuard?: { groupId: string; executionId: string }
 }
 
 export interface BulkUpdateData {
@@ -223,7 +315,11 @@ export interface BulkUpdateData {
 
 export interface BatchUpdateByIdData {
   tableId: string
-  updates: Array<{ rowId: string; data: RowData }>
+  updates: Array<{
+    rowId: string
+    data: RowData
+    executionsPatch?: Record<string, RowExecutionMetadata | null>
+  }>
   workspaceId: string
 }
 
@@ -282,3 +378,32 @@ export interface DeleteColumnData {
   tableId: string
   columnName: string
 }
+
+/** Payload for `addWorkflowGroup` — atomic insert of a group + its outputs. */
+export interface AddWorkflowGroupData {
+  tableId: string
+  group: WorkflowGroup
+  outputColumns: ColumnDefinition[]
+  /** When `false`, the post-add row-scheduling pass is skipped. Defaults to
+   *  `true` (UI behavior). Mothership passes `false` so groups can be staged
+   *  without firing every dep-satisfied row. */
+  autoRun?: boolean
+}
+
+/** Payload for `updateWorkflowGroup` — diffs outputs and writes columns. */
+export interface UpdateWorkflowGroupData {
+  tableId: string
+  groupId: string
+  workflowId?: string
+  name?: string
+  dependencies?: WorkflowGroupDependencies
+  /** Full replacement set; service computes adds/removes vs current state. */
+  outputs?: WorkflowGroupOutput[]
+  /** Column definitions for any newly-added outputs. */
+  newOutputColumns?: ColumnDefinition[]
+}
+
+export interface DeleteWorkflowGroupData {
+  tableId: string
+  groupId: string
+}
diff --git a/apps/sim/lib/table/workflow-columns.ts b/apps/sim/lib/table/workflow-columns.ts
new file mode 100644
index 00000000000..b50ae47d081
--- /dev/null
+++ b/apps/sim/lib/table/workflow-columns.ts
@@ -0,0 +1,629 @@
+/**
+ * Server-side scheduler for workflow-group auto-execution. The cascade is
+ * driven entirely by the eligibility predicate: each row-write fires the
+ * scheduler, which considers any newly-eligible (row × group) pair (deps
+ * just filled, upstream group just `completed`) and enqueues per-cell jobs.
+ */
+
+import { db } from '@sim/db'
+import { userTableRows } from '@sim/db/schema'
+import { createLogger } from '@sim/logger'
+import { toError } from '@sim/utils/errors'
+import { generateId } from '@sim/utils/id'
+import { and, asc, eq, inArray, sql } from 'drizzle-orm'
+import { buildCancelledExecution, writeWorkflowGroupState } from '@/lib/table/cell-write'
+import type {
+  RowData,
+  RowExecutionMetadata,
+  RowExecutions,
+  TableDefinition,
+  TableRow,
+  TableSchema,
+  WorkflowGroup,
+} from '@/lib/table/types'
+
+const logger = createLogger('WorkflowGroupScheduler')
+
+/**
+ * Returns true when every dependency this group needs is filled. Plain
+ * columns are filled when their value is non-empty; upstream groups are
+ * filled when `executions[gid].status === 'completed'`. Used both by the
+ * scheduler's eligibility check and by the manual "Run group" route, which
+ * needs the same gate WITHOUT the in-flight / terminal-state check.
+ */
+export function areGroupDepsSatisfied(group: WorkflowGroup, row: TableRow): boolean {
+  const deps = group.dependencies ?? {}
+  for (const colName of deps.columns ?? []) {
+    const value = row.data[colName]
+    if (value === null || value === undefined || value === '') return false
+  }
+  for (const gid of deps.workflowGroups ?? []) {
+    if (row.executions?.[gid]?.status !== 'completed') return false
+  }
+  return true
+}
+
+/**
+ * Per-(row, group) eligibility: returns true if a cell job should be enqueued
+ * for this pair right now. Skip when the group is in flight (`running`, or
+ * `pending` with a `jobId` already stamped) or in a terminal state. Plain
+ * `pending` without a jobId is the "ready to dispatch" state — the run route
+ * sets it and the scheduler is what actually enqueues the job.
+ */
+export function isGroupEligible(group: WorkflowGroup, row: TableRow): boolean {
+  const exec = row.executions?.[group.id]
+  const status = exec?.status
+  if (
+    status === 'running' ||
+    status === 'completed' ||
+    status === 'error' ||
+    status === 'cancelled'
+  ) {
+    return false
+  }
+  if (status === 'pending' && exec?.jobId) {
+    return false
+  }
+  return areGroupDepsSatisfied(group, row)
+}
+
+/**
+ * Iterates workflow groups × rows and enqueues eligible cell jobs. Safe to
+ * call after any row-write; errors are logged. Concurrency is bounded by the
+ * trigger.dev queue (`concurrencyKey: tableId`), so this just enqueues.
+ */
+export async function scheduleWorkflowGroupRuns(
+  table: TableDefinition,
+  rows: TableRow[]
+): Promise<void> {
+  try {
+    const groups = table.schema.workflowGroups ?? []
+    if (groups.length === 0) return
+    if (rows.length === 0) return
+
+    const orderedRows = rows.length <= 1 ? rows : [...rows].sort((a, b) => a.position - b.position)
+
+    const pendingRuns: RunGroupCellOptions[] = []
+
+    for (const row of orderedRows) {
+      for (const group of groups) {
+        if (!isGroupEligible(group, row)) continue
+        pendingRuns.push({
+          tableId: table.id,
+          tableName: table.name,
+          rowId: row.id,
+          groupId: group.id,
+          workflowId: group.workflowId,
+          workspaceId: table.workspaceId,
+          executionId: generateId(),
+        })
+      }
+    }
+
+    if (pendingRuns.length === 0) return
+
+    logger.info(`Scheduling ${pendingRuns.length} workflow group cell run(s) for table=${table.id}`)
+
+    await Promise.allSettled(pendingRuns.map((opts) => runWorkflowGroupCell(opts)))
+  } catch (err) {
+    logger.error('scheduleWorkflowGroupRuns failed:', err)
+  }
+}
+
+interface RunGroupCellOptions {
+  tableId: string
+  tableName: string
+  rowId: string
+  groupId: string
+  workflowId: string
+  workspaceId: string
+  executionId: string
+}
+
+/**
+ * Enqueues a workflow-group cell run as a `workflow-group-cell` async job
+ * and writes `running` (with the returned `jobId`) onto the row's
+ * `executions[groupId]`. The actual workflow execution and terminal write
+ * happen inside the cell task body. Cancellation is authoritative via
+ * `cancelWorkflowGroupRuns`.
+ */
+export async function runWorkflowGroupCell(opts: RunGroupCellOptions): Promise<void> {
+  const { tableId, tableName, rowId, groupId, workflowId, workspaceId, executionId } = opts
+
+  const { getJobQueue, shouldExecuteInline } = await import('@/lib/core/async-jobs/config')
+  const cellCtx = { tableId, rowId, workspaceId, groupId, executionId }
+
+  const taskPayload = {
+    tableId,
+    tableName,
+    rowId,
+    groupId,
+    workflowId,
+    workspaceId,
+    executionId,
+  }
+  let jobId: string
+  let queue: Awaited<ReturnType<typeof getJobQueue>>
+  try {
+    queue = await getJobQueue()
+    jobId = await queue.enqueue('workflow-group-cell', taskPayload, {
+      metadata: {
+        workflowId,
+        workspaceId,
+        correlation: {
+          executionId,
+          requestId: `wfgrp-${executionId}`,
+          source: 'workflow',
+          workflowId,
+          triggerType: 'table',
+        },
+      },
+      // Per-table sub-queue throttles cells within a table without blocking other tables.
+      concurrencyKey: tableId,
+      tags: [`tableId:${tableId}`, `rowId:${rowId}`, `group:${groupId}`],
+    })
+  } catch (err) {
+    const message = toError(err).message
+    logger.error(
+      `Failed to enqueue workflow-group-cell (table=${tableId} row=${rowId} group=${groupId}):`,
+      err
+    )
+    await writeWorkflowGroupState(cellCtx, {
+      executionState: {
+        status: 'error',
+        executionId,
+        jobId: null,
+        workflowId,
+        error: message,
+      },
+    })
+    return
+  }
+
+  // Single post-enqueue write: stamps `running` + jobId so the cancel API can
+  // reach this run from any pod. If cancel won the race the helper bails and
+  // we abort the just-enqueued job.
+  let stampResult: 'wrote' | 'skipped' = 'wrote'
+  try {
+    stampResult = await writeWorkflowGroupState(cellCtx, {
+      executionState: {
+        status: 'running',
+        executionId,
+        jobId,
+        workflowId,
+        error: null,
+      },
+    })
+  } catch (err) {
+    logger.error(
+      `Failed to persist jobId on group execution (table=${tableId} row=${rowId} group=${groupId}):`,
+      err
+    )
+  }
+  if (stampResult === 'skipped') {
+    try {
+      await queue.cancelJob(jobId)
+    } catch (cancelErr) {
+      logger.error(`Failed to cancel orphaned workflow-group-cell job (jobId=${jobId}):`, cancelErr)
+    }
+    return
+  }
+
+  // Trigger.dev disabled — execute the task body inline (DB queue records
+  // rows but doesn't dispatch), mirroring `workflow-execution`.
+  if (shouldExecuteInline()) {
+    const { registerInlineAbort, unregisterInlineAbort } = await import(
+      '@/lib/core/async-jobs/inline-abort'
+    )
+    const abortController = new AbortController()
+    registerInlineAbort(jobId, abortController)
+
+    void (async () => {
+      try {
+        const { executeWorkflowGroupCellJob } = await import(
+          '@/background/workflow-column-execution'
+        )
+        await queue.startJob(jobId)
+        await executeWorkflowGroupCellJob(taskPayload, abortController.signal)
+        await queue.completeJob(jobId, null)
+      } catch (err) {
+        const message = toError(err).message
+        logger.error(
+          `Inline workflow-group-cell failed (jobId=${jobId} table=${tableId} row=${rowId} group=${groupId}):`,
+          err
+        )
+        try {
+          await queue.markJobFailed(jobId, message)
+        } catch (markErr) {
+          logger.error('Also failed to mark job as failed:', markErr)
+        }
+      } finally {
+        unregisterInlineAbort(jobId)
+      }
+    })()
+  }
+}
+
+/**
+ * Cancels in-flight workflow-group runs for a table or single row. Writes
+ * `cancelled` authoritatively for every `running` or `pending` group
+ * execution — the client-side write is the source of truth, independent of
+ * whether the trigger.dev cancel reaches the worker before its terminal
+ * write.
+ */
+export async function cancelWorkflowGroupRuns(tableId: string, rowId?: string): Promise<number> {
+  const { getTableById, updateRow } = await import('@/lib/table/service')
+  const { getJobQueue } = await import('@/lib/core/async-jobs/config')
+
+  const table = await getTableById(tableId)
+  if (!table) {
+    logger.warn(`cancelWorkflowGroupRuns: table ${tableId} not found`)
+    return 0
+  }
+
+  const groups = table.schema.workflowGroups ?? []
+  if (groups.length === 0) return 0
+  const groupIds = new Set(groups.map((g) => g.id))
+
+  // Always filter by tableId — for the per-row case this prevents a
+  // cross-table rowId from doing a wasted DB round-trip and silently
+  // under-counting in the response. For the table-wide case it's the
+  // primary filter.
+  const rows = await db
+    .select()
+    .from(userTableRows)
+    .where(
+      rowId
+        ? and(eq(userTableRows.id, rowId), eq(userTableRows.tableId, tableId))
+        : eq(userTableRows.tableId, tableId)
+    )
+
+  const queue = await getJobQueue()
+
+  type RowMutation = {
+    rowId: string
+    executionsPatch: Record<string, RowExecutionMetadata>
+    jobIds: string[]
+    cancelledCount: number
+  }
+  const mutations: RowMutation[] = []
+
+  for (const row of rows) {
+    const executions = (row.executions ?? {}) as RowExecutions
+    const executionsPatch: Record<string, RowExecutionMetadata> = {}
+    const jobIds: string[] = []
+    let cancelledCount = 0
+    for (const [gid, exec] of Object.entries(executions)) {
+      if (!groupIds.has(gid)) continue
+      // `pending` covers the post-reset, pre-dispatch window — a stop click
+      // there must still stick once the scheduler picks the row up.
+      if (exec.status !== 'running' && exec.status !== 'pending') continue
+      if (exec.jobId) jobIds.push(exec.jobId)
+      executionsPatch[gid] = buildCancelledExecution(exec)
+      cancelledCount++
+    }
+    if (cancelledCount > 0) {
+      mutations.push({ rowId: row.id, executionsPatch, jobIds, cancelledCount })
+    }
+  }
+
+  // Cancel jobs and write rows in parallel — no ordering dependency, so
+  // serializing dozens-to-hundreds of rows per stop click is pure latency.
+  await Promise.allSettled(
+    mutations.flatMap((m) =>
+      m.jobIds.map((jobId) =>
+        queue.cancelJob(jobId).catch((err) => {
+          logger.error(`Failed to cancel job ${jobId} for ${tableId}/${m.rowId}:`, err)
+        })
+      )
+    )
+  )
+  await Promise.allSettled(
+    mutations.map((m) =>
+      updateRow(
+        {
+          tableId,
+          rowId: m.rowId,
+          data: {},
+          workspaceId: table.workspaceId,
+          executionsPatch: m.executionsPatch,
+        },
+        table,
+        `wfgrp-cancel-${m.rowId}`
+      ).catch((err) => {
+        logger.error(`Failed to write cancelled state for row ${m.rowId}:`, err)
+      })
+    )
+  )
+
+  return mutations.reduce((sum, m) => sum + m.cancelledCount, 0)
+}
+
+/**
+ * Manually triggers a workflow group for every dep-satisfied row in a table.
+ * `mode: 'all'` re-runs every eligible row; `mode: 'incomplete'` skips rows
+ * whose group is already `completed`. When `rowIds` is provided, only those
+ * rows are candidates — the same eligibility predicate still applies, so a
+ * mid-run row or one with unmet deps is silently skipped. Eligible rows have
+ * their output cells cleared and their `executions[groupId]` reset to
+ * `pending`; the scheduler picks them up and enqueues per-cell jobs. Returns
+ * the number of rows that were marked for re-run. Used by the
+ * `groups/[groupId]/run` HTTP route and the Copilot/Mothership
+ * `run_workflow_group` op so both share one eligibility predicate.
+ */
+export async function triggerWorkflowGroupRun(opts: {
+  tableId: string
+  groupId: string
+  workspaceId: string
+  mode: 'all' | 'incomplete'
+  requestId: string
+  rowIds?: string[]
+}): Promise<{ triggered: number }> {
+  const { tableId, groupId, workspaceId, mode, requestId, rowIds } = opts
+  const { getTableById, batchUpdateRows } = await import('./service')
+  const table = await getTableById(tableId)
+  if (!table) throw new Error('Table not found')
+  if (table.workspaceId !== workspaceId) throw new Error('Invalid workspace ID')
+
+  const group = (table.schema.workflowGroups ?? []).find((g) => g.id === groupId)
+  if (!group) throw new Error('Workflow group not found')
+
+  // Push the in-flight / terminal-state filters into SQL so we don't pull
+  // every row in the table into Node just to discard most of them. Dependency
+  // satisfaction is still checked in JS afterwards (it can span multiple
+  // columns and other groups' statuses, so it's awkward to express in JSONB).
+  const filters = [
+    eq(userTableRows.tableId, tableId),
+    eq(userTableRows.workspaceId, workspaceId),
+    sql`(executions->${groupId}->>'status') IS DISTINCT FROM 'running'`,
+    sql`((executions->${groupId}->>'status') IS DISTINCT FROM 'pending' OR (executions->${groupId}->>'jobId') IS NULL)`,
+  ]
+  if (rowIds && rowIds.length > 0) {
+    filters.push(inArray(userTableRows.id, rowIds))
+  }
+  if (mode === 'incomplete') {
+    filters.push(sql`(executions->${groupId}->>'status') IS DISTINCT FROM 'completed'`)
+  }
+  const candidateRows = await db
+    .select({
+      id: userTableRows.id,
+      position: userTableRows.position,
+      data: userTableRows.data,
+      executions: userTableRows.executions,
+      createdAt: userTableRows.createdAt,
+      updatedAt: userTableRows.updatedAt,
+    })
+    .from(userTableRows)
+    .where(and(...filters))
+    .orderBy(asc(userTableRows.position))
+
+  if (candidateRows.length === 0) return { triggered: 0 }
+
+  const eligibleRows = candidateRows.filter((r) => {
+    const tableRow: TableRow = {
+      id: r.id,
+      data: r.data as RowData,
+      executions: (r.executions as RowExecutions) ?? {},
+      position: r.position,
+      createdAt: r.createdAt,
+      updatedAt: r.updatedAt,
+    }
+    try {
+      return areGroupDepsSatisfied(group, tableRow)
+    } catch {
+      return false
+    }
+  })
+
+  if (eligibleRows.length === 0) return { triggered: 0 }
+
+  const clearedData = Object.fromEntries(group.outputs.map((o) => [o.columnName, null])) as RowData
+  const updates = eligibleRows.map((r) => {
+    const pendingExec: RowExecutionMetadata = {
+      status: 'pending',
+      executionId: generateId(),
+      jobId: null,
+      workflowId: group.workflowId,
+      error: null,
+    }
+    return {
+      rowId: r.id,
+      data: clearedData,
+      executionsPatch: { [groupId]: pendingExec },
+    }
+  })
+
+  const opResult = await batchUpdateRows({ tableId, updates, workspaceId }, table, requestId)
+  return { triggered: opResult.affectedCount }
+}
+
+// ───────────────────────────── Validation ─────────────────────────────
+
+/**
+ * Validates schema-level invariants. Run on every `addTableColumn`,
+ * `addWorkflowGroup`, `updateWorkflowGroup`, `renameColumn`, `reorderColumns`,
+ * etc. Returns a list of human-readable errors (empty if valid).
+ */
+export function validateSchema(schema: TableSchema, columnOrder: string[] | undefined): string[] {
+  const errors: string[] = []
+  const columnsByName = new Map(schema.columns.map((c) => [c.name, c]))
+  const groups = schema.workflowGroups ?? []
+  const groupsById = new Map(groups.map((g) => [g.id, g]))
+
+  // Reference integrity for group outputs.
+  const claimedColumns = new Map<string, string>() // columnName → groupId
+  for (const group of groups) {
+    if (group.outputs.length === 0) {
+      errors.push(`Workflow group "${group.name ?? group.id}" has no outputs.`)
+    }
+    for (const out of group.outputs) {
+      const col = columnsByName.get(out.columnName)
+      if (!col) {
+        errors.push(
+          `Workflow group "${group.name ?? group.id}" references missing column "${out.columnName}".`
+        )
+        continue
+      }
+      if (col.workflowGroupId !== group.id) {
+        errors.push(
+          `Column "${col.name}" is referenced by group "${group.id}" but its workflowGroupId is "${col.workflowGroupId ?? '(unset)'}".`
+        )
+      }
+      const claimer = claimedColumns.get(out.columnName)
+      if (claimer && claimer !== group.id) {
+        errors.push(
+          `Column "${out.columnName}" is claimed by both groups "${claimer}" and "${group.id}".`
+        )
+      } else {
+        claimedColumns.set(out.columnName, group.id)
+      }
+    }
+  }
+
+  // Every column flagged with a workflowGroupId must appear in exactly one group's outputs.
+  for (const col of schema.columns) {
+    if (!col.workflowGroupId) continue
+    if (!groupsById.has(col.workflowGroupId)) {
+      errors.push(
+        `Column "${col.name}" references missing workflow group "${col.workflowGroupId}".`
+      )
+      continue
+    }
+    if (claimedColumns.get(col.name) !== col.workflowGroupId) {
+      errors.push(
+        `Column "${col.name}" has workflowGroupId "${col.workflowGroupId}" but isn't in that group's outputs.`
+      )
+    }
+    if (col.required) {
+      errors.push(`Workflow-output column "${col.name}" cannot be required.`)
+    }
+    if (col.unique) {
+      errors.push(`Workflow-output column "${col.name}" cannot be unique.`)
+    }
+  }
+
+  // Dependency integrity.
+  for (const group of groups) {
+    const deps = group.dependencies ?? {}
+    for (const depCol of deps.columns ?? []) {
+      const col = columnsByName.get(depCol)
+      if (!col) {
+        errors.push(`Group "${group.name ?? group.id}" depends on missing column "${depCol}".`)
+        continue
+      }
+      if (col.workflowGroupId) {
+        errors.push(
+          `Group "${group.name ?? group.id}" depends on workflow-output column "${depCol}". Depend on the producing group instead.`
+        )
+      }
+    }
+    for (const depGroup of deps.workflowGroups ?? []) {
+      if (!groupsById.has(depGroup)) {
+        errors.push(
+          `Group "${group.name ?? group.id}" depends on missing workflow group "${depGroup}".`
+        )
+      }
+      if (depGroup === group.id) {
+        errors.push(`Group "${group.name ?? group.id}" depends on itself.`)
+      }
+    }
+  }
+
+  // Cycle detection on the group dependency graph.
+  const cycle = findGroupCycle(groups)
+  if (cycle) {
+    errors.push(
+      `Workflow groups form a dependency cycle: ${cycle.map((id) => groupsById.get(id)?.name ?? id).join(' → ')}.`
+    )
+  }
+
+  // Layout: every group's outputs must be contiguous in columnOrder (when set).
+  if (columnOrder && columnOrder.length > 0) {
+    for (const split of findSplitGroups(columnOrder, groups)) {
+      errors.push(
+        `Workflow group "${split.groupName}" output columns must be contiguous; got order [${split.actual.join(', ')}].`
+      )
+    }
+  }
+
+  return errors
+}
+
+/** Returns the cycle as an ordered list of group ids, or null if acyclic. */
+function findGroupCycle(groups: WorkflowGroup[]): string[] | null {
+  const adjacency = new Map<string, string[]>()
+  for (const g of groups) {
+    adjacency.set(g.id, g.dependencies?.workflowGroups ?? [])
+  }
+  const VISITING = 1
+  const VISITED = 2
+  const state = new Map<string, number>()
+  const stack: string[] = []
+
+  const dfs = (id: string): string[] | null => {
+    if (state.get(id) === VISITED) return null
+    if (state.get(id) === VISITING) {
+      const cycleStart = stack.indexOf(id)
+      return cycleStart >= 0 ? [...stack.slice(cycleStart), id] : [id]
+    }
+    state.set(id, VISITING)
+    stack.push(id)
+    for (const next of adjacency.get(id) ?? []) {
+      const found = dfs(next)
+      if (found) return found
+    }
+    stack.pop()
+    state.set(id, VISITED)
+    return null
+  }
+
+  for (const g of groups) {
+    const cycle = dfs(g.id)
+    if (cycle) return cycle
+  }
+  return null
+}
+
+interface SplitGroupReport {
+  groupId: string
+  groupName: string
+  actual: number[]
+}
+
+/**
+ * Returns groups whose output columns occupy non-contiguous positions in the
+ * given columnOrder. Empty array means all groups are cohesive.
+ */
+export function findSplitGroups(
+  columnOrder: string[],
+  groups: WorkflowGroup[]
+): SplitGroupReport[] {
+  const positions = new Map<string, number>()
+  columnOrder.forEach((name, idx) => positions.set(name, idx))
+  const reports: SplitGroupReport[] = []
+  for (const group of groups) {
+    const indices = group.outputs
+      .map((o) => positions.get(o.columnName))
+      .filter((i): i is number => i !== undefined)
+      .sort((a, b) => a - b)
+    if (indices.length < 2) continue
+    const min = indices[0]
+    const max = indices[indices.length - 1]
+    if (max - min + 1 !== indices.length) {
+      reports.push({
+        groupId: group.id,
+        groupName: group.name ?? group.id,
+        actual: indices,
+      })
+    }
+  }
+  return reports
+}
+
+/** Throws if the schema has any invariant violations. Convenience for callers. */
+export function assertValidSchema(schema: TableSchema, columnOrder: string[] | undefined): void {
+  const errs = validateSchema(schema, columnOrder)
+  if (errs.length > 0) {
+    throw new Error(`Schema validation failed: ${errs.join('; ')}`)
+  }
+}
diff --git a/apps/sim/lib/uploads/client/direct-upload.test.ts b/apps/sim/lib/uploads/client/direct-upload.test.ts
new file mode 100644
index 00000000000..26c8bb99a1e
--- /dev/null
+++ b/apps/sim/lib/uploads/client/direct-upload.test.ts
@@ -0,0 +1,225 @@
+/**
+ * @vitest-environment jsdom
+ */
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+import {
+  DirectUploadError,
+  type PresignedUploadInfo,
+  runUploadStrategy,
+} from '@/lib/uploads/client/direct-upload'
+
+const ONE_MB = 1024 * 1024
+const LARGE_THRESHOLD = 50 * ONE_MB
+
+const makeFile = (size: number, name = 'test.bin', type = 'application/octet-stream'): File => {
+  const file = new File([new Uint8Array(0)], name, { type })
+  Object.defineProperty(file, 'size', { value: size })
+  return file
+}
+
+const presigned = (overrides?: Partial<PresignedUploadInfo>): PresignedUploadInfo => ({
+  fileName: 'test.bin',
+  presignedUrl: 'https://s3/presigned',
+  fileInfo: {
+    path: '/api/files/serve/test',
+    key: 'workspace/ws-1/test.bin',
+    name: 'test.bin',
+    size: ONE_MB,
+    type: 'application/octet-stream',
+  },
+  uploadHeaders: undefined,
+  directUploadSupported: true,
+  ...overrides,
+})
+
+class MockXHR {
+  static instances: MockXHR[] = []
+  upload = { addEventListener: vi.fn() }
+  status = 200
+  statusText = 'OK'
+  private listeners: Record<string, Array<() => void>> = {}
+  open = vi.fn()
+  setRequestHeader = vi.fn()
+  abort = vi.fn()
+  send = vi.fn(() => {
+    queueMicrotask(() => this.listeners.load?.forEach((cb) => cb()))
+  })
+  addEventListener = (event: string, cb: () => void) => {
+    ;(this.listeners[event] ??= []).push(cb)
+  }
+  removeEventListener = vi.fn()
+  constructor() {
+    MockXHR.instances.push(this)
+  }
+}
+
+describe('runUploadStrategy', () => {
+  let originalXHR: typeof XMLHttpRequest
+
+  beforeEach(() => {
+    MockXHR.instances = []
+    originalXHR = globalThis.XMLHttpRequest
+    globalThis.XMLHttpRequest = MockXHR as unknown as typeof XMLHttpRequest
+  })
+
+  afterEach(() => {
+    globalThis.XMLHttpRequest = originalXHR
+    vi.restoreAllMocks()
+  })
+
+  it('uses presigned PUT for files at or below the multipart threshold', async () => {
+    const file = makeFile(LARGE_THRESHOLD)
+
+    const result = await runUploadStrategy({
+      file,
+      workspaceId: 'ws-1',
+      context: 'workspace',
+      presignedOverride: presigned(),
+    })
+
+    expect(result.key).toBe('workspace/ws-1/test.bin')
+    expect(MockXHR.instances).toHaveLength(1)
+    expect(MockXHR.instances[0].open).toHaveBeenCalledWith('PUT', 'https://s3/presigned')
+  })
+
+  it('throws FALLBACK_REQUIRED when server signals no cloud storage', async () => {
+    const file = makeFile(ONE_MB)
+
+    await expect(
+      runUploadStrategy({
+        file,
+        workspaceId: 'ws-1',
+        context: 'workspace',
+        presignedOverride: presigned({ presignedUrl: '', directUploadSupported: false }),
+      })
+    ).rejects.toMatchObject({
+      name: 'DirectUploadError',
+      code: 'FALLBACK_REQUIRED',
+    })
+  })
+
+  it('takes the multipart path for files larger than the threshold and posts unified parts', async () => {
+    const file = makeFile(LARGE_THRESHOLD + ONE_MB)
+    const calls: Array<{ url: string; body: unknown }> = []
+
+    const fetchMock = vi.fn(async (input: RequestInfo | URL, init?: RequestInit) => {
+      const url = typeof input === 'string' ? input : input.toString()
+      const rawBody = init?.body
+      const body = typeof rawBody === 'string' ? JSON.parse(rawBody) : undefined
+      calls.push({ url, body })
+
+      if (url.includes('action=initiate')) {
+        return new Response(
+          JSON.stringify({ uploadId: 'u1', key: 'workspace/ws-1/big.bin', uploadToken: 't' }),
+          { status: 200 }
+        )
+      }
+      if (url.includes('action=get-part-urls')) {
+        return new Response(
+          JSON.stringify({
+            presignedUrls: [
+              { partNumber: 1, url: 'https://s3/part1' },
+              { partNumber: 2, url: 'https://s3/part2' },
+            ],
+          }),
+          { status: 200 }
+        )
+      }
+      if (url.startsWith('https://s3/part')) {
+        return new Response(null, { status: 200, headers: { ETag: '"etag-x"' } })
+      }
+      if (url.includes('action=complete')) {
+        return new Response(JSON.stringify({ path: '/api/files/serve/big' }), { status: 200 })
+      }
+      throw new Error(`unexpected url ${url}`)
+    })
+
+    vi.stubGlobal('fetch', fetchMock)
+
+    const result = await runUploadStrategy({
+      file,
+      workspaceId: 'ws-1',
+      context: 'workspace',
+    })
+
+    expect(result.path).toBe('/api/files/serve/big')
+
+    const completeCall = calls.find((c) => c.url.includes('action=complete'))!
+    expect(completeCall.body).toMatchObject({
+      uploadToken: 't',
+      parts: [
+        { partNumber: 1, etag: 'etag-x' },
+        { partNumber: 2, etag: 'etag-x' },
+      ],
+    })
+  })
+
+  it('rejects with ABORTED when signal is already aborted before PUT begins', async () => {
+    const file = makeFile(ONE_MB)
+    const controller = new AbortController()
+    controller.abort()
+
+    await expect(
+      runUploadStrategy({
+        file,
+        workspaceId: 'ws-1',
+        context: 'workspace',
+        presignedOverride: presigned(),
+        signal: controller.signal,
+      })
+    ).rejects.toMatchObject({ name: 'DirectUploadError', code: 'ABORTED' })
+  })
+
+  it('fires action=abort when the multipart complete call fails', async () => {
+    const file = makeFile(LARGE_THRESHOLD + ONE_MB)
+    const calls: Array<{ url: string }> = []
+
+    const fetchMock = vi.fn(async (input: RequestInfo | URL) => {
+      const url = typeof input === 'string' ? input : input.toString()
+      calls.push({ url })
+
+      if (url.includes('action=initiate')) {
+        return new Response(
+          JSON.stringify({ uploadId: 'u1', key: 'workspace/ws-1/big.bin', uploadToken: 't' }),
+          { status: 200 }
+        )
+      }
+      if (url.includes('action=get-part-urls')) {
+        return new Response(
+          JSON.stringify({
+            presignedUrls: [
+              { partNumber: 1, url: 'https://s3/part1' },
+              { partNumber: 2, url: 'https://s3/part2' },
+            ],
+          }),
+          { status: 200 }
+        )
+      }
+      if (url.startsWith('https://s3/part')) {
+        return new Response(null, { status: 200, headers: { ETag: '"etag-x"' } })
+      }
+      if (url.includes('action=complete')) {
+        return new Response(JSON.stringify({ error: 'kaboom' }), { status: 500 })
+      }
+      if (url.includes('action=abort')) {
+        return new Response(null, { status: 200 })
+      }
+      throw new Error(`unexpected url ${url}`)
+    })
+
+    vi.stubGlobal('fetch', fetchMock)
+
+    await expect(
+      runUploadStrategy({ file, workspaceId: 'ws-1', context: 'workspace' })
+    ).rejects.toBeInstanceOf(DirectUploadError)
+
+    expect(calls.some((c) => c.url.includes('action=abort'))).toBe(true)
+  })
+
+  it('throws when neither presignedEndpoint nor presignedOverride is supplied', async () => {
+    const file = makeFile(ONE_MB)
+    await expect(
+      runUploadStrategy({ file, workspaceId: 'ws-1', context: 'workspace' })
+    ).rejects.toBeInstanceOf(DirectUploadError)
+  })
+})
diff --git a/apps/sim/lib/uploads/client/direct-upload.ts b/apps/sim/lib/uploads/client/direct-upload.ts
new file mode 100644
index 00000000000..07322b071f4
--- /dev/null
+++ b/apps/sim/lib/uploads/client/direct-upload.ts
@@ -0,0 +1,591 @@
+import { createLogger } from '@sim/logger'
+import { sleep } from '@sim/utils/helpers'
+import { getFileContentType, isAbortError } from '@/lib/uploads/utils/file-utils'
+
+const logger = createLogger('DirectUpload')
+
+const CHUNK_SIZE = 8 * 1024 * 1024
+export const LARGE_FILE_THRESHOLD = 50 * 1024 * 1024
+const BASE_TIMEOUT_MS = 2 * 60 * 1000
+const TIMEOUT_PER_MB_MS = 1500
+const MAX_TIMEOUT_MS = 10 * 60 * 1000
+export const MULTIPART_PART_CONCURRENCY = 3
+export const MULTIPART_MAX_RETRIES = 3
+export const MULTIPART_RETRY_DELAY_MS = 2000
+export const MULTIPART_RETRY_BACKOFF = 2
+export const WHOLE_FILE_PARALLEL_UPLOADS = 3
+
+export interface PresignedFileInfo {
+  path: string
+  key: string
+  name: string
+  size: number
+  type: string
+}
+
+export interface PresignedUploadInfo {
+  fileName: string
+  presignedUrl: string
+  fileInfo: PresignedFileInfo
+  uploadHeaders?: Record<string, string>
+  directUploadSupported: boolean
+}
+
+export interface UploadStrategyResult {
+  key: string
+  path: string
+  name: string
+  size: number
+  contentType: string
+}
+
+export interface UploadProgressEvent {
+  loaded: number
+  total: number
+  percent: number
+}
+
+export type DirectUploadErrorCode =
+  | 'PRESIGNED_URL_ERROR'
+  | 'DIRECT_UPLOAD_ERROR'
+  | 'MULTIPART_ERROR'
+  | 'ABORTED'
+  | 'FALLBACK_REQUIRED'
+
+export class DirectUploadError extends Error {
+  constructor(
+    message: string,
+    public code: DirectUploadErrorCode,
+    public details?: unknown,
+    public status?: number
+  ) {
+    super(message)
+    this.name = 'DirectUploadError'
+  }
+}
+
+/**
+ * Transport-level upload errors worth retrying at the outer level: timeouts,
+ * network failures, and 5xx from the storage backend. Excludes deterministic
+ * client failures (4xx, `PRESIGNED_URL_ERROR`, `FALLBACK_REQUIRED`) and aborts.
+ */
+export const isTransientUploadError = (error: unknown): boolean => {
+  if (!(error instanceof DirectUploadError)) return false
+  if (error.code !== 'DIRECT_UPLOAD_ERROR' && error.code !== 'MULTIPART_ERROR') return false
+  if (error.status === undefined) return true
+  return error.status >= 500 && error.status < 600
+}
+
+export const calculateUploadTimeoutMs = (fileSize: number): number => {
+  const sizeInMb = fileSize / (1024 * 1024)
+  const dynamicBudget = BASE_TIMEOUT_MS + sizeInMb * TIMEOUT_PER_MB_MS
+  return Math.min(dynamicBudget, MAX_TIMEOUT_MS)
+}
+
+/**
+ * Run `worker` over `items` with at most `limit` concurrent invocations.
+ * Returns a settled result per item (never rejects), so callers can handle
+ * partial failures explicitly.
+ */
+export const runWithConcurrency = async <T, R>(
+  items: T[],
+  limit: number,
+  worker: (item: T, index: number) => Promise<R>
+): Promise<Array<PromiseSettledResult<R>>> => {
+  const results: Array<PromiseSettledResult<R>> = Array(items.length)
+  if (items.length === 0) return results
+
+  const concurrency = Math.max(1, Math.min(limit, items.length))
+  let nextIndex = 0
+
+  const runners = Array.from({ length: concurrency }, async () => {
+    while (true) {
+      const currentIndex = nextIndex++
+      if (currentIndex >= items.length) break
+      try {
+        const value = await worker(items[currentIndex], currentIndex)
+        results[currentIndex] = { status: 'fulfilled', value }
+      } catch (error) {
+        results[currentIndex] = { status: 'rejected', reason: error }
+      }
+    }
+  })
+
+  await Promise.all(runners)
+  return results
+}
+
+/**
+ * Normalize a presigned-upload server response into a {@link PresignedUploadInfo}.
+ * Accepts both single (`/api/files/presigned`) and batch entry shapes, tolerates
+ * `presignedUrl` vs `uploadUrl` aliases, and short-circuits when the server
+ * signals no cloud storage (`directUploadSupported: false`) so callers can fall
+ * back to a server-proxied upload path.
+ *
+ * @throws {@link DirectUploadError} with code `PRESIGNED_URL_ERROR` if the
+ * response is missing a presigned URL or `fileInfo.path`.
+ */
+export const normalizePresignedData = (data: unknown, context: string): PresignedUploadInfo => {
+  const d = (data ?? {}) as Record<string, unknown>
+  const presignedUrl = (d.presignedUrl as string) || (d.uploadUrl as string) || ''
+  const fileInfo = d.fileInfo as Record<string, unknown> | undefined
+  const directUploadSupported = d.directUploadSupported !== false
+
+  if (!directUploadSupported) {
+    return {
+      fileName: (d.fileName as string) || context,
+      presignedUrl: '',
+      fileInfo: { path: '', key: '', name: context, size: 0, type: '' },
+      directUploadSupported: false,
+    }
+  }
+
+  if (!presignedUrl || !fileInfo?.path) {
+    throw new DirectUploadError(
+      `Invalid presigned response for ${context}`,
+      'PRESIGNED_URL_ERROR',
+      data
+    )
+  }
+
+  return {
+    fileName: (d.fileName as string) || (fileInfo.name as string) || context,
+    presignedUrl,
+    fileInfo: {
+      path: fileInfo.path as string,
+      key: (fileInfo.key as string) || '',
+      name: (fileInfo.name as string) || context,
+      size: (fileInfo.size as number) || (d.fileSize as number) || 0,
+      type: (fileInfo.type as string) || (d.contentType as string) || '',
+    },
+    uploadHeaders: (d.uploadHeaders as Record<string, string>) || undefined,
+    directUploadSupported: true,
+  }
+}
+
+export interface GetPresignedOptions {
+  endpoint: string
+  file: File
+  signal?: AbortSignal
+}
+
+/**
+ * Fetch a single presigned upload URL from a server endpoint that follows the
+ * `{ presignedUrl, fileInfo, uploadHeaders?, directUploadSupported }` contract.
+ */
+export const getPresignedUploadInfo = async (
+  opts: GetPresignedOptions
+): Promise<PresignedUploadInfo> => {
+  const { endpoint, file, signal } = opts
+  const response = await fetch(endpoint, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({
+      fileName: file.name,
+      contentType: getFileContentType(file),
+      fileSize: file.size,
+    }),
+    signal,
+  })
+
+  if (!response.ok) {
+    let errorDetails: unknown = null
+    try {
+      errorDetails = await response.json()
+    } catch {}
+    const serverMessage =
+      errorDetails != null &&
+      typeof errorDetails === 'object' &&
+      typeof (errorDetails as Record<string, unknown>).error === 'string'
+        ? ((errorDetails as Record<string, unknown>).error as string)
+        : null
+    throw new DirectUploadError(
+      serverMessage ||
+        `Failed to get presigned URL for ${file.name}: ${response.status} ${response.statusText}`,
+      'PRESIGNED_URL_ERROR',
+      errorDetails
+    )
+  }
+
+  return normalizePresignedData(await response.json(), file.name)
+}
+
+interface UploadViaPutOptions {
+  file: File
+  presignedUrl: string
+  uploadHeaders?: Record<string, string>
+  signal?: AbortSignal
+  onProgress?: (event: UploadProgressEvent) => void
+}
+
+const uploadViaPresignedPut = (opts: UploadViaPutOptions): Promise<void> => {
+  const { file, presignedUrl, uploadHeaders, signal, onProgress } = opts
+
+  return new Promise((resolve, reject) => {
+    const xhr = new XMLHttpRequest()
+    let isCompleted = false
+    const timeoutMs = calculateUploadTimeoutMs(file.size)
+
+    const timeoutId = setTimeout(() => {
+      if (isCompleted) return
+      isCompleted = true
+      signal?.removeEventListener('abort', abortHandler)
+      xhr.abort()
+      reject(new DirectUploadError(`Upload timeout for ${file.name}`, 'DIRECT_UPLOAD_ERROR'))
+    }, timeoutMs)
+
+    const abortHandler = () => {
+      if (isCompleted) return
+      isCompleted = true
+      clearTimeout(timeoutId)
+      xhr.abort()
+      reject(new DirectUploadError(`Upload aborted for ${file.name}`, 'ABORTED'))
+    }
+
+    if (signal) {
+      if (signal.aborted) {
+        abortHandler()
+        return
+      }
+      signal.addEventListener('abort', abortHandler)
+    }
+
+    xhr.upload.addEventListener('progress', (event) => {
+      if (event.lengthComputable && !isCompleted) {
+        onProgress?.({
+          loaded: event.loaded,
+          total: event.total,
+          percent: Math.round((event.loaded / event.total) * 100),
+        })
+      }
+    })
+
+    xhr.addEventListener('load', () => {
+      if (isCompleted) return
+      isCompleted = true
+      clearTimeout(timeoutId)
+      signal?.removeEventListener('abort', abortHandler)
+
+      if (xhr.status >= 200 && xhr.status < 300) {
+        onProgress?.({ loaded: file.size, total: file.size, percent: 100 })
+        resolve()
+      } else {
+        reject(
+          new DirectUploadError(
+            `Direct upload failed for ${file.name}: ${xhr.status} ${xhr.statusText}`,
+            'DIRECT_UPLOAD_ERROR',
+            undefined,
+            xhr.status
+          )
+        )
+      }
+    })
+
+    xhr.addEventListener('error', () => {
+      if (isCompleted) return
+      isCompleted = true
+      clearTimeout(timeoutId)
+      signal?.removeEventListener('abort', abortHandler)
+      reject(new DirectUploadError(`Network error uploading ${file.name}`, 'DIRECT_UPLOAD_ERROR'))
+    })
+
+    xhr.open('PUT', presignedUrl)
+    xhr.setRequestHeader('Content-Type', getFileContentType(file))
+    if (uploadHeaders) {
+      for (const [key, value] of Object.entries(uploadHeaders)) {
+        xhr.setRequestHeader(key, value)
+      }
+    }
+    xhr.send(file)
+  })
+}
+
+interface MultipartUploadOptions {
+  file: File
+  workspaceId: string
+  context: 'workspace' | 'knowledge-base'
+  signal?: AbortSignal
+  onProgress?: (event: UploadProgressEvent) => void
+}
+
+interface CompletedPart {
+  partNumber: number
+  etag?: string
+}
+
+interface PartUrl {
+  partNumber: number
+  url: string
+}
+
+const uploadViaMultipart = async (
+  opts: MultipartUploadOptions
+): Promise<{ key: string; path: string }> => {
+  const { file, workspaceId, context, signal, onProgress } = opts
+
+  // boundary-raw-fetch: multipart upload control plane uses action query strings; client lifecycle (initiate/get-part-urls/complete/abort) is sequenced manually and not modeled by a single contract
+  const initiateResponse = await fetch('/api/files/multipart?action=initiate', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({
+      fileName: file.name,
+      contentType: getFileContentType(file),
+      fileSize: file.size,
+      workspaceId,
+      context,
+    }),
+    signal,
+  })
+
+  if (!initiateResponse.ok) {
+    let errorBody: { error?: string } | null = null
+    try {
+      errorBody = (await initiateResponse.clone().json()) as { error?: string }
+    } catch {}
+    if (
+      initiateResponse.status === 400 &&
+      typeof errorBody?.error === 'string' &&
+      errorBody.error.toLowerCase().includes('cloud storage')
+    ) {
+      throw new DirectUploadError(
+        'Server signaled fallback to API upload',
+        'FALLBACK_REQUIRED',
+        errorBody
+      )
+    }
+    throw new DirectUploadError(
+      `Failed to initiate multipart upload: ${initiateResponse.statusText}`,
+      'MULTIPART_ERROR',
+      undefined,
+      initiateResponse.status
+    )
+  }
+
+  const { key, uploadToken } = (await initiateResponse.json()) as {
+    uploadId: string
+    key: string
+    uploadToken: string
+  }
+
+  const numParts = Math.ceil(file.size / CHUNK_SIZE)
+  const partNumbers = Array.from({ length: numParts }, (_, i) => i + 1)
+
+  const abortMultipart = async () => {
+    try {
+      // boundary-raw-fetch: fire-and-forget abort during multipart cleanup; intentionally avoids contract response parsing so cleanup cannot mask the original error
+      await fetch('/api/files/multipart?action=abort', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ uploadToken }),
+      })
+    } catch (err) {
+      logger.warn('Failed to abort multipart upload:', err)
+    }
+  }
+
+  let presignedUrls: PartUrl[]
+  try {
+    // boundary-raw-fetch: multipart upload control plane uses action query strings; sequenced with initiate/complete/abort outside the contract layer
+    const partUrlsResponse = await fetch('/api/files/multipart?action=get-part-urls', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ uploadToken, partNumbers }),
+      signal,
+    })
+
+    if (!partUrlsResponse.ok) {
+      throw new DirectUploadError(
+        `Failed to get part URLs: ${partUrlsResponse.statusText}`,
+        'MULTIPART_ERROR',
+        undefined,
+        partUrlsResponse.status
+      )
+    }
+
+    ;({ presignedUrls } = (await partUrlsResponse.json()) as { presignedUrls: PartUrl[] })
+  } catch (err) {
+    await abortMultipart()
+    throw err
+  }
+
+  const completedBytes = new Array<number>(numParts).fill(0)
+  const reportProgress = () => {
+    const loaded = completedBytes.reduce((a, b) => a + b, 0)
+    onProgress?.({
+      loaded,
+      total: file.size,
+      percent: Math.min(100, Math.round((loaded / file.size) * 100)),
+    })
+  }
+
+  const uploadedParts: CompletedPart[] = []
+
+  try {
+    const uploadPart = async ({ partNumber, url }: PartUrl): Promise<CompletedPart> => {
+      const start = (partNumber - 1) * CHUNK_SIZE
+      const end = Math.min(start + CHUNK_SIZE, file.size)
+      const chunk = file.slice(start, end)
+
+      for (let attempt = 0; attempt <= MULTIPART_MAX_RETRIES; attempt++) {
+        try {
+          const partResponse = await fetch(url, {
+            method: 'PUT',
+            body: chunk,
+            signal,
+            headers: { 'Content-Type': getFileContentType(file) },
+          })
+
+          if (!partResponse.ok) {
+            throw new DirectUploadError(
+              `Failed to upload part ${partNumber}: ${partResponse.statusText}`,
+              'MULTIPART_ERROR',
+              undefined,
+              partResponse.status
+            )
+          }
+
+          const etag = partResponse.headers.get('ETag') || undefined
+          completedBytes[partNumber - 1] = end - start
+          reportProgress()
+
+          return { partNumber, etag: etag?.replace(/"/g, '') }
+        } catch (partError) {
+          const isClientError =
+            partError instanceof DirectUploadError &&
+            partError.status !== undefined &&
+            partError.status >= 400 &&
+            partError.status < 500
+          if (isAbortError(partError) || isClientError || attempt >= MULTIPART_MAX_RETRIES) {
+            throw partError
+          }
+          const delay = MULTIPART_RETRY_DELAY_MS * MULTIPART_RETRY_BACKOFF ** attempt
+          logger.warn(
+            `Part ${partNumber} failed (attempt ${attempt + 1}), retrying in ${Math.round(delay / 1000)}s`
+          )
+          await sleep(delay)
+        }
+      }
+
+      throw new DirectUploadError(`Retries exhausted for part ${partNumber}`, 'MULTIPART_ERROR')
+    }
+
+    const partResults = await runWithConcurrency(
+      presignedUrls,
+      MULTIPART_PART_CONCURRENCY,
+      uploadPart
+    )
+
+    for (const result of partResults) {
+      if (result?.status === 'fulfilled') {
+        uploadedParts.push(result.value)
+      } else if (result?.status === 'rejected') {
+        throw result.reason
+      }
+    }
+  } catch (error) {
+    await abortMultipart()
+    throw error
+  }
+
+  let path: string
+  try {
+    // boundary-raw-fetch: multipart upload control plane uses action query strings; sequenced with initiate/get-part-urls/abort outside the contract layer
+    const completeResponse = await fetch('/api/files/multipart?action=complete', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ uploadToken, parts: uploadedParts }),
+      signal,
+    })
+
+    if (!completeResponse.ok) {
+      throw new DirectUploadError(
+        `Failed to complete multipart upload: ${completeResponse.statusText}`,
+        'MULTIPART_ERROR',
+        undefined,
+        completeResponse.status
+      )
+    }
+
+    ;({ path } = (await completeResponse.json()) as { path: string })
+  } catch (err) {
+    await abortMultipart()
+    throw err
+  }
+  return { key, path }
+}
+
+export interface RunUploadStrategyOptions {
+  file: File
+  workspaceId: string
+  context: 'workspace' | 'knowledge-base'
+  /** Endpoint to mint a presigned PUT URL. Required unless `presignedOverride` is provided. */
+  presignedEndpoint?: string
+  /** Pre-fetched presigned data (e.g. from a batch endpoint). Skips per-file fetch. */
+  presignedOverride?: PresignedUploadInfo
+  signal?: AbortSignal
+  onProgress?: (event: UploadProgressEvent) => void
+}
+
+/**
+ * Strategy ladder for client-side uploads:
+ * - Files larger than {@link LARGE_FILE_THRESHOLD} use multipart S3/Blob with chunked PUTs.
+ * - Smaller files use a presigned PUT URL (fetched per-file, or supplied via
+ *   `presignedOverride` for batched flows like KB).
+ * - If the server signals no cloud storage is configured, a {@link DirectUploadError}
+ *   with code `FALLBACK_REQUIRED` is thrown so callers can fall back to a server-proxied path.
+ */
+export const runUploadStrategy = async (
+  opts: RunUploadStrategyOptions
+): Promise<UploadStrategyResult> => {
+  const { file, presignedEndpoint, presignedOverride, workspaceId, context, signal, onProgress } =
+    opts
+  const contentType = getFileContentType(file)
+
+  if (presignedOverride && !presignedOverride.directUploadSupported) {
+    throw new DirectUploadError('Server signaled fallback to API upload', 'FALLBACK_REQUIRED')
+  }
+
+  if (file.size > LARGE_FILE_THRESHOLD) {
+    const { key, path } = await uploadViaMultipart({
+      file,
+      workspaceId,
+      context,
+      signal,
+      onProgress,
+    })
+    return { key, path, name: file.name, size: file.size, contentType }
+  }
+
+  let presigned: PresignedUploadInfo
+  if (presignedOverride) {
+    presigned = presignedOverride
+  } else {
+    if (!presignedEndpoint) {
+      throw new DirectUploadError(
+        'runUploadStrategy requires either presignedEndpoint or presignedOverride',
+        'PRESIGNED_URL_ERROR'
+      )
+    }
+    presigned = await getPresignedUploadInfo({ endpoint: presignedEndpoint, file, signal })
+  }
+
+  if (!presigned.directUploadSupported) {
+    throw new DirectUploadError('Server signaled fallback to API upload', 'FALLBACK_REQUIRED')
+  }
+
+  await uploadViaPresignedPut({
+    file,
+    presignedUrl: presigned.presignedUrl,
+    uploadHeaders: presigned.uploadHeaders,
+    signal,
+    onProgress,
+  })
+
+  return {
+    key: presigned.fileInfo.key,
+    path: presigned.fileInfo.path,
+    name: file.name,
+    size: file.size,
+    contentType,
+  }
+}
diff --git a/apps/sim/lib/uploads/client/download.ts b/apps/sim/lib/uploads/client/download.ts
new file mode 100644
index 00000000000..9cbdd88d263
--- /dev/null
+++ b/apps/sim/lib/uploads/client/download.ts
@@ -0,0 +1,26 @@
+import type { WorkspaceFileRecord } from '@/lib/uploads/contexts/workspace'
+
+export async function triggerFileDownload(record: WorkspaceFileRecord): Promise<void> {
+  const isMarkdown =
+    record.type === 'text/markdown' ||
+    record.type === 'text/x-markdown' ||
+    /\.(?:md|markdown)$/i.test(record.name)
+
+  const url = isMarkdown
+    ? `/api/files/export/${encodeURIComponent(record.id)}`
+    : `/api/files/serve/${encodeURIComponent(record.key)}?context=workspace&t=${Date.now()}`
+
+  const response = await fetch(url, { cache: 'no-store' })
+  if (!response.ok) throw new Error(`Failed to download file: ${response.statusText}`)
+
+  const blob = await response.blob()
+  const objectUrl = URL.createObjectURL(blob)
+  const a = document.createElement('a')
+  a.href = objectUrl
+  a.download =
+    response.headers.get('Content-Disposition')?.match(/filename="([^"]+)"/)?.[1] ?? record.name
+  document.body.appendChild(a)
+  a.click()
+  document.body.removeChild(a)
+  URL.revokeObjectURL(objectUrl)
+}
diff --git a/apps/sim/lib/uploads/contexts/workspace/workspace-file-manager.ts b/apps/sim/lib/uploads/contexts/workspace/workspace-file-manager.ts
index d79798bc3b5..3fe38de8570 100644
--- a/apps/sim/lib/uploads/contexts/workspace/workspace-file-manager.ts
+++ b/apps/sim/lib/uploads/contexts/workspace/workspace-file-manager.ts
@@ -7,6 +7,7 @@ import { db } from '@sim/db'
 import { workspaceFiles } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
 import { getPostgresErrorCode } from '@sim/utils/errors'
+import { generateShortId } from '@sim/utils/id'
 import { and, eq, isNull, sql } from 'drizzle-orm'
 import {
   checkStorageQuota,
@@ -16,8 +17,15 @@ import {
 import { normalizeVfsSegment } from '@/lib/copilot/vfs/normalize-segment'
 import { generateRestoreName } from '@/lib/core/utils/restore-name'
 import { getServePathPrefix } from '@/lib/uploads'
-import { downloadFile, hasCloudStorage, uploadFile } from '@/lib/uploads/core/storage-service'
+import {
+  deleteFile,
+  downloadFile,
+  hasCloudStorage,
+  headObject,
+  uploadFile,
+} from '@/lib/uploads/core/storage-service'
 import { getFileMetadataByKey, insertFileMetadata } from '@/lib/uploads/server/metadata'
+import { MAX_WORKSPACE_FILE_SIZE } from '@/lib/uploads/shared/types'
 import { getWorkspaceWithOwner } from '@/lib/workspaces/permissions/utils'
 import { isUuid, sanitizeFileName } from '@/executor/constants'
 import type { UserFile } from '@/executor/types'
@@ -152,7 +160,7 @@ export async function uploadWorkspaceFile(
   for (let attempt = 0; attempt < MAX_UPLOAD_UNIQUE_RETRIES; attempt++) {
     const uniqueName = await allocateUniqueWorkspaceFileName(workspaceId, fileName)
     const storageKey = generateWorkspaceFileKey(workspaceId, uniqueName)
-    let fileId = `wf_${Date.now()}_${Math.random().toString(36).substring(2, 9)}`
+    let fileId = `wf_${generateShortId()}`
 
     try {
       logger.info(`Generated storage key: ${storageKey}`)
@@ -167,12 +175,12 @@ export async function uploadWorkspaceFile(
 
       const uploadResult = await uploadFile({
         file: fileBuffer,
-        fileName: storageKey, // Use the full storageKey as fileName
+        fileName: storageKey,
         contentType,
         context: 'workspace',
-        preserveKey: true, // Don't add timestamp prefix
-        customKey: storageKey, // Explicitly set the key
-        metadata, // Pass metadata for cloud storage consistency
+        preserveKey: true,
+        customKey: storageKey,
+        metadata,
       })
 
       logger.info(`Upload returned key: ${uploadResult.key}`)
@@ -232,7 +240,7 @@ export async function uploadWorkspaceFile(
         name: uniqueName,
         size: fileBuffer.length,
         type: contentType,
-        url: serveUrl, // Use authenticated serve URL (enforces context)
+        url: serveUrl,
         key: uploadResult.key,
         context: 'workspace',
       }
@@ -261,6 +269,144 @@ export async function uploadWorkspaceFile(
   throw new FileConflictError(fileName)
 }
 
+/**
+ * Finalize a workspace file that was uploaded directly to cloud storage
+ * (presigned PUT or completed multipart). Verifies the object exists,
+ * checks quota, allocates a non-colliding display name, inserts metadata,
+ * and increments storage usage.
+ *
+ * Throws if the object is missing in storage, quota is exceeded, or the
+ * caller cannot resolve a unique name within the retry budget.
+ */
+export interface RegisterUploadedWorkspaceFileResult {
+  file: UserFile
+  /** True when a new metadata row was inserted; false when an existing row was reused. */
+  created: boolean
+}
+
+export async function registerUploadedWorkspaceFile(params: {
+  workspaceId: string
+  userId: string
+  key: string
+  originalName: string
+  contentType: string
+}): Promise<RegisterUploadedWorkspaceFileResult> {
+  const { workspaceId, userId, key, originalName, contentType } = params
+
+  if (!hasCloudStorage()) {
+    throw new Error('Direct-upload registration requires cloud storage')
+  }
+
+  if (parseWorkspaceFileKey(key) !== workspaceId) {
+    throw new Error('Storage key does not belong to this workspace')
+  }
+
+  const head = await headObject(key, 'workspace')
+  if (!head) {
+    throw new Error('Uploaded object not found in storage')
+  }
+  const verifiedSize = head.size
+
+  const cleanupOrphan = async (reason: string) => {
+    try {
+      await deleteFile({ key, context: 'workspace' })
+    } catch (deleteError) {
+      logger.error(`Failed to clean up orphaned object after ${reason}`, deleteError)
+    }
+  }
+
+  if (verifiedSize > MAX_WORKSPACE_FILE_SIZE) {
+    await cleanupOrphan('size-cap rejection')
+    throw new Error(`File size exceeds maximum of ${MAX_WORKSPACE_FILE_SIZE} bytes`)
+  }
+
+  /**
+   * Existence check precedes the quota guard so a network-dropped retry doesn't
+   * double-charge quota or orphan-cleanup an already-registered object.
+   */
+  const existing = await getFileMetadataByKey(key, 'workspace')
+
+  let fileId = existing?.id ?? ''
+  let displayName = existing?.originalName ?? ''
+  let created = false
+
+  if (!existing) {
+    const quotaCheck = await checkStorageQuota(userId, verifiedSize)
+    if (!quotaCheck.allowed) {
+      await cleanupOrphan('quota rejection')
+      throw new Error(quotaCheck.error || 'Storage limit exceeded')
+    }
+
+    let lastInsertError: unknown
+    for (let attempt = 0; attempt < MAX_UPLOAD_UNIQUE_RETRIES; attempt++) {
+      fileId = `wf_${generateShortId()}`
+      displayName = await allocateUniqueWorkspaceFileName(workspaceId, originalName)
+      try {
+        await insertFileMetadata({
+          id: fileId,
+          key,
+          userId,
+          workspaceId,
+          context: 'workspace',
+          originalName: displayName,
+          contentType,
+          size: verifiedSize,
+        })
+        created = true
+        lastInsertError = undefined
+        break
+      } catch (insertError) {
+        lastInsertError = insertError
+        if (getPostgresErrorCode(insertError) === '23505') {
+          logger.warn(
+            `Unique name conflict on register (attempt ${attempt + 1}/${MAX_UPLOAD_UNIQUE_RETRIES}), retrying with a new name`
+          )
+          continue
+        }
+        break
+      }
+    }
+
+    if (!created) {
+      logger.error(
+        'Failed to insert metadata after direct upload; cleaning up storage object',
+        lastInsertError
+      )
+      await cleanupOrphan('metadata insert failure')
+      if (getPostgresErrorCode(lastInsertError) === '23505') {
+        throw new FileConflictError(originalName)
+      }
+      throw lastInsertError instanceof Error
+        ? lastInsertError
+        : new Error('Failed to insert workspace file metadata')
+    }
+
+    try {
+      await incrementStorageUsage(userId, verifiedSize)
+    } catch (storageError) {
+      logger.error('Failed to update storage tracking:', storageError)
+    }
+  } else {
+    logger.info(`Using existing metadata record for direct upload: ${key}`)
+  }
+
+  const pathPrefix = getServePathPrefix()
+  const serveUrl = `${pathPrefix}${encodeURIComponent(key)}?context=workspace`
+
+  return {
+    file: {
+      id: fileId,
+      name: displayName,
+      size: verifiedSize,
+      type: contentType,
+      url: serveUrl,
+      key,
+      context: 'workspace',
+    },
+    created,
+  }
+}
+
 /**
  * Track a file that was already uploaded to workspace S3 as a chat-scoped upload.
  * Links the existing workspaceFiles metadata record (created by the storage service
@@ -293,7 +439,7 @@ export async function trackChatUpload(
     return
   }
 
-  const fileId = `wf_${Date.now()}_${Math.random().toString(36).substring(2, 9)}`
+  const fileId = `wf_${generateShortId()}`
 
   await db.insert(workspaceFiles).values({
     id: fileId,
@@ -574,7 +720,7 @@ export async function getWorkspaceFile(
 /**
  * Download workspace file content
  */
-export async function downloadWorkspaceFile(fileRecord: WorkspaceFileRecord): Promise<Buffer> {
+export async function fetchWorkspaceFileBuffer(fileRecord: WorkspaceFileRecord): Promise<Buffer> {
   logger.info(`Downloading workspace file: ${fileRecord.name}`)
 
   try {
diff --git a/apps/sim/lib/uploads/core/storage-service.ts b/apps/sim/lib/uploads/core/storage-service.ts
index b504db175e8..93ee3c734b7 100644
--- a/apps/sim/lib/uploads/core/storage-service.ts
+++ b/apps/sim/lib/uploads/core/storage-service.ts
@@ -237,6 +237,30 @@ export async function deleteFile(options: DeleteFileOptions): Promise<void> {
   await unlink(filePath)
 }
 
+/**
+ * Check whether an object exists in the configured cloud storage provider.
+ * Returns object size and content-type when present, or null when missing.
+ * Throws on errors other than "not found". For local filesystem, returns null.
+ */
+export async function headObject(
+  key: string,
+  context: StorageContext
+): Promise<{ size: number; contentType?: string } | null> {
+  const config = getStorageConfig(context)
+
+  if (USE_BLOB_STORAGE) {
+    const { headBlobObject } = await import('@/lib/uploads/providers/blob/client')
+    return headBlobObject(key, createBlobConfig(config))
+  }
+
+  if (USE_S3_STORAGE) {
+    const { headS3Object } = await import('@/lib/uploads/providers/s3/client')
+    return headS3Object(key, createS3Config(config))
+  }
+
+  return null
+}
+
 /**
  * Generate a presigned URL for direct file upload
  */
@@ -251,6 +275,7 @@ export async function generatePresignedUploadUrl(
     userId,
     expirationSeconds = 3600,
     metadata = {},
+    customKey,
   } = options
 
   const allMetadata = {
@@ -263,10 +288,15 @@ export async function generatePresignedUploadUrl(
 
   const config = getStorageConfig(context)
 
-  const timestamp = Date.now()
-  const uniqueId = Math.random().toString(36).substring(2, 9)
-  const safeFileName = fileName.replace(/[^a-zA-Z0-9.-]/g, '_')
-  const key = `${context}/${timestamp}-${uniqueId}-${safeFileName}`
+  let key: string
+  if (customKey) {
+    key = customKey
+  } else {
+    const timestamp = Date.now()
+    const uniqueId = Math.random().toString(36).substring(2, 9)
+    const safeFileName = fileName.replace(/[^a-zA-Z0-9.-]/g, '_')
+    key = `${context}/${timestamp}-${uniqueId}-${safeFileName}`
+  }
 
   if (USE_S3_STORAGE) {
     return generateS3PresignedUrl(
diff --git a/apps/sim/lib/uploads/providers/blob/client.ts b/apps/sim/lib/uploads/providers/blob/client.ts
index b32f4c616fe..ee1c0505661 100644
--- a/apps/sim/lib/uploads/providers/blob/client.ts
+++ b/apps/sim/lib/uploads/providers/blob/client.ts
@@ -305,6 +305,58 @@ export async function downloadFromBlob(key: string, customConfig?: BlobConfig):
   return downloaded
 }
 
+/**
+ * Check whether a blob exists (and return its size when it does).
+ * Returns null when the blob is missing.
+ */
+export async function headBlobObject(
+  key: string,
+  customConfig?: BlobConfig
+): Promise<{ size: number; contentType?: string } | null> {
+  const { BlobServiceClient, StorageSharedKeyCredential } = await import('@azure/storage-blob')
+  let blobServiceClient: BlobServiceClientType
+  let containerName: string
+
+  if (customConfig) {
+    if (customConfig.connectionString) {
+      blobServiceClient = BlobServiceClient.fromConnectionString(customConfig.connectionString)
+    } else if (customConfig.accountName && customConfig.accountKey) {
+      const credential = new StorageSharedKeyCredential(
+        customConfig.accountName,
+        customConfig.accountKey
+      )
+      blobServiceClient = new BlobServiceClient(
+        `https://${customConfig.accountName}.blob.core.windows.net`,
+        credential
+      )
+    } else {
+      throw new Error('Invalid custom blob configuration')
+    }
+    containerName = customConfig.containerName
+  } else {
+    blobServiceClient = await getBlobServiceClient()
+    containerName = BLOB_CONFIG.containerName
+  }
+
+  const containerClient = blobServiceClient.getContainerClient(containerName)
+  const blockBlobClient = containerClient.getBlockBlobClient(key)
+
+  try {
+    const properties = await blockBlobClient.getProperties()
+    return {
+      size: properties.contentLength ?? 0,
+      contentType: properties.contentType,
+    }
+  } catch (err) {
+    const status = (err as { statusCode?: number }).statusCode
+    const code = (err as { code?: string }).code
+    if (status === 404 || code === 'BlobNotFound') {
+      return null
+    }
+    throw err
+  }
+}
+
 /**
  * Delete a file from Azure Blob Storage
  * @param key Blob name
@@ -366,6 +418,16 @@ async function streamToBuffer(readableStream: NodeJS.ReadableStream): Promise<Bu
   })
 }
 
+/**
+ * Derive the deterministic Azure block id for a given part number.
+ * Block ids must be base64-encoded and equal length within an upload; using a
+ * fixed-width zero-padded counter gives both properties for free, and lets the
+ * server reconstruct the id from `partNumber` alone when completing an upload.
+ */
+export function deriveBlobBlockId(partNumber: number): string {
+  return Buffer.from(`block-${partNumber.toString().padStart(6, '0')}`).toString('base64')
+}
+
 /**
  * Initiate a multipart upload for Azure Blob Storage
  */
@@ -373,7 +435,7 @@ export async function initiateMultipartUpload(
   options: AzureMultipartUploadInit
 ): Promise<{ uploadId: string; key: string }> {
   const { BlobServiceClient, StorageSharedKeyCredential } = await import('@azure/storage-blob')
-  const { fileName, contentType, customConfig } = options
+  const { fileName, contentType, customConfig, customKey } = options
 
   let blobServiceClient: BlobServiceClientType
   let containerName: string
@@ -400,7 +462,7 @@ export async function initiateMultipartUpload(
   }
 
   const safeFileName = sanitizeFileName(fileName)
-  const uniqueKey = `kb/${generateId()}-${safeFileName}`
+  const uniqueKey = customKey || `kb/${generateId()}-${safeFileName}`
 
   const uploadId = generateId()
 
@@ -473,9 +535,7 @@ export async function getMultipartPartUrls(
   const blockBlobClient = containerClient.getBlockBlobClient(key)
 
   return partNumbers.map((partNumber) => {
-    const blockId = Buffer.from(`block-${partNumber.toString().padStart(6, '0')}`).toString(
-      'base64'
-    )
+    const blockId = deriveBlobBlockId(partNumber)
 
     const sasOptions = {
       containerName,
diff --git a/apps/sim/lib/uploads/providers/blob/types.ts b/apps/sim/lib/uploads/providers/blob/types.ts
index 8223b689384..b024e2a6363 100644
--- a/apps/sim/lib/uploads/providers/blob/types.ts
+++ b/apps/sim/lib/uploads/providers/blob/types.ts
@@ -10,6 +10,11 @@ export interface AzureMultipartUploadInit {
   contentType: string
   fileSize: number
   customConfig?: BlobConfig
+  /**
+   * When provided, overrides the default `kb/${id}-${name}` key derivation.
+   * Caller is responsible for uniqueness and prefix conventions.
+   */
+  customKey?: string
 }
 
 export interface AzurePartUploadUrl {
diff --git a/apps/sim/lib/uploads/providers/s3/client.ts b/apps/sim/lib/uploads/providers/s3/client.ts
index 0f27ceed16b..6f347a4bdd6 100644
--- a/apps/sim/lib/uploads/providers/s3/client.ts
+++ b/apps/sim/lib/uploads/providers/s3/client.ts
@@ -4,6 +4,7 @@ import {
   CreateMultipartUploadCommand,
   DeleteObjectCommand,
   GetObjectCommand,
+  HeadObjectCommand,
   PutObjectCommand,
   S3Client,
   UploadPartCommand,
@@ -197,6 +198,35 @@ export async function downloadFromS3(key: string, customConfig?: S3Config): Prom
   })
 }
 
+/**
+ * Check whether an object exists in S3 (and return its size when it does).
+ * Returns null when the object is missing.
+ */
+export async function headS3Object(
+  key: string,
+  customConfig?: S3Config
+): Promise<{ size: number; contentType?: string } | null> {
+  const config = customConfig || { bucket: S3_CONFIG.bucket, region: S3_CONFIG.region }
+
+  try {
+    const response = await getS3Client().send(
+      new HeadObjectCommand({ Bucket: config.bucket, Key: key })
+    )
+    return {
+      size: response.ContentLength ?? 0,
+      contentType: response.ContentType,
+    }
+  } catch (error) {
+    const code = (error as { name?: string; $metadata?: { httpStatusCode?: number } } | null)?.name
+    const status = (error as { $metadata?: { httpStatusCode?: number } } | null)?.$metadata
+      ?.httpStatusCode
+    if (code === 'NotFound' || code === 'NoSuchKey' || status === 404) {
+      return null
+    }
+    throw error
+  }
+}
+
 /**
  * Delete a file from S3
  * @param key S3 object key
@@ -227,13 +257,13 @@ export async function deleteFromS3(key: string, customConfig?: S3Config): Promis
 export async function initiateS3MultipartUpload(
   options: S3MultipartUploadInit
 ): Promise<{ uploadId: string; key: string }> {
-  const { fileName, contentType, customConfig } = options
+  const { fileName, contentType, customConfig, customKey, purpose } = options
 
   const config = customConfig || { bucket: S3_KB_CONFIG.bucket, region: S3_KB_CONFIG.region }
   const s3Client = getS3Client()
 
   const safeFileName = sanitizeFileName(fileName)
-  const uniqueKey = `kb/${generateId()}-${safeFileName}`
+  const uniqueKey = customKey || `kb/${generateId()}-${safeFileName}`
 
   const command = new CreateMultipartUploadCommand({
     Bucket: config.bucket,
@@ -242,7 +272,7 @@ export async function initiateS3MultipartUpload(
     Metadata: {
       originalName: sanitizeFilenameForMetadata(fileName),
       uploadedAt: new Date().toISOString(),
-      purpose: 'knowledge-base',
+      purpose: purpose || 'knowledge-base',
     },
   })
 
diff --git a/apps/sim/lib/uploads/providers/s3/types.ts b/apps/sim/lib/uploads/providers/s3/types.ts
index a4d7cb155f8..266a86a862c 100644
--- a/apps/sim/lib/uploads/providers/s3/types.ts
+++ b/apps/sim/lib/uploads/providers/s3/types.ts
@@ -8,6 +8,16 @@ export interface S3MultipartUploadInit {
   contentType: string
   fileSize: number
   customConfig?: S3Config
+  /**
+   * When provided, overrides the default `kb/${id}-${name}` key derivation.
+   * Caller is responsible for uniqueness and prefix conventions.
+   */
+  customKey?: string
+  /**
+   * Storage purpose tag persisted as object metadata. Defaults to `knowledge-base`
+   * for backwards compatibility.
+   */
+  purpose?: string
 }
 
 export interface S3PartUploadUrl {
diff --git a/apps/sim/lib/uploads/shared/types.ts b/apps/sim/lib/uploads/shared/types.ts
index f5d8210db56..30b5cd6b7b6 100644
--- a/apps/sim/lib/uploads/shared/types.ts
+++ b/apps/sim/lib/uploads/shared/types.ts
@@ -1,3 +1,16 @@
+/**
+ * Defense-in-depth ceiling on the size of any single workspace file upload.
+ * Enforced both server-side (presigned route) and client-side (Files tab) so
+ * users get fast feedback before bytes are streamed.
+ */
+export const MAX_WORKSPACE_FILE_SIZE = 5 * 1024 * 1024 * 1024
+
+/**
+ * Cap on the legacy FormData upload route, which buffers the whole file in
+ * worker memory. Direct-to-storage uploads use {@link MAX_WORKSPACE_FILE_SIZE}.
+ */
+export const MAX_WORKSPACE_FORMDATA_FILE_SIZE = 100 * 1024 * 1024
+
 export type StorageContext =
   | 'knowledge-base'
   | 'chat'
@@ -55,6 +68,11 @@ export interface GeneratePresignedUrlOptions {
   userId?: string
   expirationSeconds?: number
   metadata?: Record<string, string>
+  /**
+   * When provided, overrides the default `${context}/${timestamp}-${id}-${name}` key derivation.
+   * The caller takes responsibility for uniqueness and prefix conventions.
+   */
+  customKey?: string
 }
 
 export interface PresignedUrlResponse {
diff --git a/apps/sim/lib/uploads/utils/file-utils.test.ts b/apps/sim/lib/uploads/utils/file-utils.test.ts
new file mode 100644
index 00000000000..f5e3c45ebde
--- /dev/null
+++ b/apps/sim/lib/uploads/utils/file-utils.test.ts
@@ -0,0 +1,39 @@
+/**
+ * @vitest-environment node
+ */
+import { describe, expect, it } from 'vitest'
+import { isAbortError, isNetworkError } from '@/lib/uploads/utils/file-utils'
+
+describe('isAbortError', () => {
+  it('returns true for AbortError-named errors', () => {
+    const err = new Error('aborted')
+    err.name = 'AbortError'
+    expect(isAbortError(err)).toBe(true)
+  })
+
+  it('returns false for generic Errors', () => {
+    expect(isAbortError(new Error('boom'))).toBe(false)
+    expect(isAbortError(null)).toBe(false)
+    expect(isAbortError('AbortError')).toBe(false)
+  })
+})
+
+describe('isNetworkError', () => {
+  it.each([
+    'fetch failed',
+    'Network request failed',
+    'connection reset',
+    'request timeout',
+    'operation timed out',
+    'ECONNRESET while reading body',
+  ])('matches transient message %s', (msg) => {
+    expect(isNetworkError(new Error(msg))).toBe(true)
+  })
+
+  it('does not match deterministic errors', () => {
+    expect(isNetworkError(new Error('Forbidden'))).toBe(false)
+    expect(isNetworkError(new Error('Validation failed: name is required'))).toBe(false)
+    expect(isNetworkError('not an error')).toBe(false)
+    expect(isNetworkError(null)).toBe(false)
+  })
+})
diff --git a/apps/sim/lib/uploads/utils/file-utils.ts b/apps/sim/lib/uploads/utils/file-utils.ts
index bed6d19d919..3dc0d75506b 100644
--- a/apps/sim/lib/uploads/utils/file-utils.ts
+++ b/apps/sim/lib/uploads/utils/file-utils.ts
@@ -272,13 +272,63 @@ export function getMimeTypeFromExtension(extension: string): string {
 }
 
 /**
- * Resolve a reliable MIME type from a file, falling back to extension
- * when the browser reports empty or generic `application/octet-stream`
+ * Resolve a reliable MIME type from a file, falling back to the extension map
+ * when the browser reports an empty type. By default treats
+ * `application/octet-stream` as "unknown" and falls back to the extension —
+ * pass `{ preserveOctetStream: true }` for direct PUT uploads where the
+ * browser-supplied content-type must match the presigned handshake exactly.
+ */
+export function resolveFileType(
+  file: { type: string; name: string },
+  options?: { preserveOctetStream?: boolean }
+): string {
+  const browserType = file.type?.trim()
+  if (browserType) {
+    if (options?.preserveOctetStream || browserType !== 'application/octet-stream') {
+      return browserType
+    }
+  }
+  return getMimeTypeFromExtension(getFileExtension(file.name))
+}
+
+/**
+ * Upload `Content-Type` for direct PUT — preserves the browser's reported type
+ * verbatim (including `application/octet-stream`) so it matches the presigned
+ * URL's signed Content-Type header.
  */
-export function resolveFileType(file: { type: string; name: string }): string {
-  return file.type && file.type !== 'application/octet-stream'
-    ? file.type
-    : getMimeTypeFromExtension(getFileExtension(file.name))
+export function getFileContentType(file: File): string {
+  return resolveFileType(file, { preserveOctetStream: true })
+}
+
+/**
+ * Whether `error` is a DOM `AbortError` (XHR `abort()`, fetch `signal.aborted`,
+ * etc). Used in upload retry loops so aborts short-circuit instead of retrying.
+ */
+export function isAbortError(error: unknown): boolean {
+  return (
+    typeof error === 'object' &&
+    error !== null &&
+    'name' in error &&
+    String((error as { name?: unknown }).name) === 'AbortError'
+  )
+}
+
+/**
+ * Heuristic: whether `error` is a transient network/connection failure that's
+ * worth retrying (vs. a deterministic 4xx/auth/validation error). Sniffs the
+ * message because browsers and servers report these without standardized codes.
+ */
+export function isNetworkError(error: unknown): boolean {
+  if (!(error instanceof Error)) return false
+  const message = error.message.toLowerCase()
+  return (
+    message.includes('network') ||
+    message.includes('fetch') ||
+    message.includes('connection') ||
+    message.includes('timeout') ||
+    message.includes('timed out') ||
+    message.includes('econnreset')
+  )
 }
 
 const MIME_TO_EXTENSION: Record<string, string> = {
@@ -795,24 +845,3 @@ export function getViewerUrl(fileKey: string, workspaceId?: string): string | nu
 
   return `/workspace/${resolvedWorkspaceId}/files/${fileKey}`
 }
-
-/**
- * Downloads a workspace file to the user's device via the serve API.
- * Fetches the file as a blob and triggers a browser download.
- */
-export async function downloadWorkspaceFile(file: { key: string; name: string }): Promise<void> {
-  const serveUrl = `/api/files/serve/${encodeURIComponent(file.key)}?context=workspace&t=${Date.now()}`
-  const response = await fetch(serveUrl, { cache: 'no-store' })
-  if (!response.ok) {
-    throw new Error(`Failed to download file: ${response.statusText}`)
-  }
-  const blob = await response.blob()
-  const url = URL.createObjectURL(blob)
-  const a = document.createElement('a')
-  a.href = url
-  a.download = file.name
-  document.body.appendChild(a)
-  a.click()
-  document.body.removeChild(a)
-  URL.revokeObjectURL(url)
-}
diff --git a/apps/sim/lib/webhooks/processor.ts b/apps/sim/lib/webhooks/processor.ts
index 4c9569e4c5f..f5141c1ec4d 100644
--- a/apps/sim/lib/webhooks/processor.ts
+++ b/apps/sim/lib/webhooks/processor.ts
@@ -640,6 +640,7 @@ export interface PolledWebhookEventResult {
   success: boolean
   error?: string
   statusCode?: number
+  executionId?: string
 }
 
 type PolledWebhookRecord = typeof webhook.$inferSelect
@@ -793,7 +794,7 @@ export async function processPolledWebhookEvent(
       })()
     }
 
-    return { success: true }
+    return { success: true, executionId }
   } catch (error: unknown) {
     logger.error(`[${requestId}] Failed to process polled webhook event:`, error)
     return { success: false, error: 'Internal server error', statusCode: 500 }
diff --git a/apps/sim/lib/webhooks/providers/registry.ts b/apps/sim/lib/webhooks/providers/registry.ts
index a9d559a77dc..c20b58f3f02 100644
--- a/apps/sim/lib/webhooks/providers/registry.ts
+++ b/apps/sim/lib/webhooks/providers/registry.ts
@@ -33,6 +33,7 @@ import { salesforceHandler } from '@/lib/webhooks/providers/salesforce'
 import { servicenowHandler } from '@/lib/webhooks/providers/servicenow'
 import { slackHandler } from '@/lib/webhooks/providers/slack'
 import { stripeHandler } from '@/lib/webhooks/providers/stripe'
+import { tableProviderHandler } from '@/lib/webhooks/providers/table'
 import { telegramHandler } from '@/lib/webhooks/providers/telegram'
 import { twilioHandler } from '@/lib/webhooks/providers/twilio'
 import { twilioVoiceHandler } from '@/lib/webhooks/providers/twilio-voice'
@@ -80,6 +81,7 @@ const PROVIDER_HANDLERS: Record<string, WebhookProviderHandler> = {
   servicenow: servicenowHandler,
   slack: slackHandler,
   stripe: stripeHandler,
+  table: tableProviderHandler,
   telegram: telegramHandler,
   twilio: twilioHandler,
   twilio_voice: twilioVoiceHandler,
diff --git a/apps/sim/lib/webhooks/providers/table.ts b/apps/sim/lib/webhooks/providers/table.ts
new file mode 100644
index 00000000000..ed1e4fb202f
--- /dev/null
+++ b/apps/sim/lib/webhooks/providers/table.ts
@@ -0,0 +1,13 @@
+import type { FormatInputContext, FormatInputResult, WebhookProviderHandler } from './types'
+
+/**
+ * Provider handler for table triggers.
+ *
+ * Tables use direct triggering (fired from the insert codepath),
+ * so this handler only needs formatInput to pass the payload through.
+ */
+export const tableProviderHandler: WebhookProviderHandler = {
+  async formatInput({ body }: FormatInputContext): Promise<FormatInputResult> {
+    return { input: body }
+  },
+}
diff --git a/apps/sim/lib/workflows/blocks/flatten-outputs.ts b/apps/sim/lib/workflows/blocks/flatten-outputs.ts
new file mode 100644
index 00000000000..c00c367d28a
--- /dev/null
+++ b/apps/sim/lib/workflows/blocks/flatten-outputs.ts
@@ -0,0 +1,194 @@
+/**
+ * Flatten workflow block outputs into pickable paths.
+ *
+ * Shared helper used by any UI that needs to let a user pick one (or many) of a
+ * workflow's block outputs — deploy modal's OutputSelect, the table workflow-column
+ * config sidebar, etc. Keeping this in one place means the "what counts as an
+ * output" rules (excluded types, trigger-mode handling, recursion into nested
+ * output shapes, BFS sort order) don't drift between consumers.
+ */
+
+import { getEffectiveBlockOutputs } from '@/lib/workflows/blocks/block-outputs'
+
+/**
+ * Block types whose "outputs" are really workflow inputs (Start/starter) or flow
+ * control and should never appear in an output picker.
+ */
+export const EXCLUDED_OUTPUT_TYPES = new Set(['starter', 'start_trigger', 'human_in_the_loop'])
+
+export interface FlattenedBlockOutput {
+  blockId: string
+  blockName: string
+  blockType: string
+  /** Dot-path into the block's output (e.g. `content`, `content.text`). */
+  path: string
+  /** Type from the block's output schema (e.g. `string`, `number`, `json`).
+   *  Used by the table column-sidebar to pick the right column type. */
+  leafType?: string
+}
+
+/**
+ * Minimal shape we need off each block — compatible with both the normalized
+ * WorkflowState.blocks entries and the editor's live block state.
+ */
+export interface FlattenOutputsBlockInput {
+  id: string
+  type: string
+  name?: string
+  triggerMode?: boolean
+  subBlocks?: Record<string, unknown>
+}
+
+export interface FlattenOutputsEdgeInput {
+  source: string
+  target: string
+}
+
+/**
+ * Compute a flat list of pickable output paths across every eligible block in
+ * a workflow.
+ *
+ * @param blocks Iterable of blocks from the workflow state.
+ * @param edges  Optional edge list — when provided, results are sorted by BFS
+ *   distance from a start/trigger block (descending), so terminal blocks
+ *   appear first. This matches the deploy modal's grouping order.
+ */
+export function flattenWorkflowOutputs(
+  blocks: Iterable<FlattenOutputsBlockInput>,
+  edges: Iterable<FlattenOutputsEdgeInput> = []
+): FlattenedBlockOutput[] {
+  const blockList = Array.from(blocks)
+  const results: FlattenedBlockOutput[] = []
+
+  for (const block of blockList) {
+    if (!block?.id || !block?.type) continue
+    if (EXCLUDED_OUTPUT_TYPES.has(block.type)) continue
+
+    const normalizedSubBlocks: Record<string, { value: unknown }> = {}
+    if (block.subBlocks && typeof block.subBlocks === 'object') {
+      for (const [k, v] of Object.entries(block.subBlocks)) {
+        normalizedSubBlocks[k] =
+          v && typeof v === 'object' && 'value' in (v as object)
+            ? (v as { value: unknown })
+            : { value: v }
+      }
+    }
+
+    const effectiveTriggerMode = Boolean(block.triggerMode)
+    let outs: Record<string, unknown> = {}
+    try {
+      outs = getEffectiveBlockOutputs(block.type, normalizedSubBlocks, {
+        triggerMode: effectiveTriggerMode,
+        preferToolOutputs: !effectiveTriggerMode,
+      }) as Record<string, unknown>
+    } catch {
+      continue
+    }
+    if (!outs || Object.keys(outs).length === 0) continue
+
+    const blockName = block.name || `Block ${block.id}`
+    const add = (path: string, outputObj: unknown, prefix = ''): void => {
+      const fullPath = prefix ? `${prefix}.${path}` : path
+      const declaredType =
+        outputObj &&
+        typeof outputObj === 'object' &&
+        !Array.isArray(outputObj) &&
+        'type' in (outputObj as object) &&
+        typeof (outputObj as { type: unknown }).type === 'string'
+          ? (outputObj as { type: string }).type
+          : undefined
+      const isLeaf =
+        typeof outputObj !== 'object' ||
+        outputObj === null ||
+        declaredType !== undefined ||
+        Array.isArray(outputObj)
+      if (isLeaf) {
+        results.push({
+          blockId: block.id,
+          blockName,
+          blockType: block.type,
+          path: fullPath,
+          leafType: declaredType,
+        })
+        return
+      }
+      for (const [key, value] of Object.entries(outputObj as Record<string, unknown>)) {
+        add(key, value, fullPath)
+      }
+    }
+
+    for (const [key, value] of Object.entries(outs)) add(key, value)
+  }
+
+  const edgeList = Array.from(edges)
+  if (edgeList.length === 0 || results.length === 0) return results
+
+  // Sort by BFS distance from the first start/trigger block, descending — so terminal
+  // blocks group to the top. Matches the deploy modal's OutputSelect ordering.
+  const startBlock = blockList.find(
+    (b) => b.type === 'starter' || b.type === 'start_trigger' || !!b.triggerMode
+  )
+  if (!startBlock) return results
+
+  const adj: Record<string, string[]> = {}
+  for (const e of edgeList) {
+    if (!adj[e.source]) adj[e.source] = []
+    adj[e.source].push(e.target)
+  }
+  const distances: Record<string, number> = {}
+  const visited = new Set<string>()
+  const queue: Array<[string, number]> = [[startBlock.id, 0]]
+  while (queue.length > 0) {
+    const [id, d] = queue.shift()!
+    if (visited.has(id)) continue
+    visited.add(id)
+    distances[id] = d
+    for (const t of adj[id] ?? []) queue.push([t, d + 1])
+  }
+
+  return results
+    .map((r, i) => ({ r, d: distances[r.blockId] ?? -1, i }))
+    .sort((a, b) => {
+      if (b.d !== a.d) return b.d - a.d
+      return a.i - b.i // preserve discovery order within the same distance
+    })
+    .map(({ r }) => r)
+}
+
+/**
+ * BFS distance from the workflow's start/trigger block to every reachable block,
+ * keyed by blockId. Blocks unreachable from start get `-1`. Pure function over
+ * the same `blocks`/`edges` shape `flattenWorkflowOutputs` accepts; callers that
+ * want a *start-first* (execution-order ASC) sort use this map directly instead
+ * of `flattenWorkflowOutputs` (which sorts terminal-blocks-first for picker UX).
+ */
+export function getBlockExecutionOrder(
+  blocks: Iterable<FlattenOutputsBlockInput>,
+  edges: Iterable<FlattenOutputsEdgeInput>
+): Record<string, number> {
+  const blockList = Array.from(blocks)
+  const startBlock = blockList.find(
+    (b) => b.type === 'starter' || b.type === 'start_trigger' || !!b.triggerMode
+  )
+  const distances: Record<string, number> = {}
+  for (const b of blockList) {
+    if (b?.id) distances[b.id] = -1
+  }
+  if (!startBlock) return distances
+
+  const adj: Record<string, string[]> = {}
+  for (const e of edges) {
+    if (!adj[e.source]) adj[e.source] = []
+    adj[e.source].push(e.target)
+  }
+  const visited = new Set<string>()
+  const queue: Array<[string, number]> = [[startBlock.id, 0]]
+  while (queue.length > 0) {
+    const [id, d] = queue.shift()!
+    if (visited.has(id)) continue
+    visited.add(id)
+    distances[id] = d
+    for (const t of adj[id] ?? []) queue.push([t, d + 1])
+  }
+  return distances
+}
diff --git a/apps/sim/lib/workflows/executor/execute-workflow.ts b/apps/sim/lib/workflows/executor/execute-workflow.ts
index f812ed6b328..66788e8d8f9 100644
--- a/apps/sim/lib/workflows/executor/execute-workflow.ts
+++ b/apps/sim/lib/workflows/executor/execute-workflow.ts
@@ -15,9 +15,21 @@ export interface ExecuteWorkflowOptions {
   enabled: boolean
   selectedOutputs?: string[]
   isSecureMode?: boolean
-  workflowTriggerType?: 'api' | 'chat' | 'copilot'
+  workflowTriggerType?: 'api' | 'chat' | 'copilot' | 'table'
+  /**
+   * If set, the executor enters the workflow at this block instead of resolving a Start block.
+   * Use for trigger-originated runs (webhooks, table triggers, schedules) where the entry point
+   * is the trigger block itself.
+   */
   triggerBlockId?: string
   onStream?: (streamingExec: StreamingExecution) => Promise<void>
+  /** Fires before each block runs; lets callers track per-block lifecycle (e.g. table-cell live state). */
+  onBlockStart?: (
+    blockId: string,
+    blockName: string,
+    blockType: string,
+    executionOrder: number
+  ) => Promise<void>
   onBlockComplete?: (blockId: string, output: unknown) => Promise<void>
   skipLoggingComplete?: boolean
   includeFileBase64?: boolean
@@ -91,6 +103,16 @@ export async function executeWorkflow(
       snapshot,
       callbacks: {
         onStream: streamConfig?.onStream,
+        onBlockStart: streamConfig?.onBlockStart
+          ? async (
+              blockId: string,
+              blockName: string,
+              blockType: string,
+              executionOrder: number
+            ) => {
+              await streamConfig.onBlockStart!(blockId, blockName, blockType, executionOrder)
+            }
+          : undefined,
         onBlockComplete: streamConfig?.onBlockComplete
           ? async (blockId: string, _blockName: string, _blockType: string, output: unknown) => {
               await streamConfig.onBlockComplete!(blockId, output)
diff --git a/apps/sim/lib/workflows/orchestration/deploy.ts b/apps/sim/lib/workflows/orchestration/deploy.ts
index 5c1ecea5bf9..926ed2eeeb4 100644
--- a/apps/sim/lib/workflows/orchestration/deploy.ts
+++ b/apps/sim/lib/workflows/orchestration/deploy.ts
@@ -229,6 +229,27 @@ export async function performFullDeploy(
 
   await syncMcpToolsForWorkflow({ workflowId, requestId, context: 'deploy' })
 
+  // Drop stale block refs from any table workflow column targeting this workflow,
+  // so columns that referenced just-removed blocks collapse cleanly instead of
+  // showing perpetual "Waiting" indicators on future row runs.
+  if (workflowData.workspaceId) {
+    try {
+      const { pruneStaleWorkflowGroupOutputs } = await import('@/lib/table/service')
+      const validBlockIds = new Set(Object.keys(normalizedData.blocks))
+      await pruneStaleWorkflowGroupOutputs({
+        workflowId,
+        workspaceId: workflowData.workspaceId as string,
+        validBlockIds,
+        requestId,
+      })
+    } catch (pruneError) {
+      logger.warn(
+        `[${requestId}] Failed to prune stale workflow column outputs for ${workflowId}`,
+        pruneError
+      )
+    }
+  }
+
   recordAudit({
     workspaceId: (workflowData.workspaceId as string) || null,
     actorId: actorId,
diff --git a/apps/sim/lib/workflows/persistence/utils.ts b/apps/sim/lib/workflows/persistence/utils.ts
index 80af8e9dad4..cbe1258dd7d 100644
--- a/apps/sim/lib/workflows/persistence/utils.ts
+++ b/apps/sim/lib/workflows/persistence/utils.ts
@@ -235,7 +235,11 @@ export function migrateAgentBlocksToMessagesFormat(
   )
 }
 
-const CREDENTIAL_SUBBLOCK_IDS = new Set(['credential', 'triggerCredentials'])
+export const CREDENTIAL_SUBBLOCK_IDS = new Set([
+  'credential',
+  'manualCredential',
+  'triggerCredentials',
+])
 
 async function migrateCredentialIds(
   blocks: Record<string, BlockState>,
diff --git a/apps/sim/stores/logs/utils.ts b/apps/sim/stores/logs/utils.ts
index 778320066c0..e18c3ad65e0 100644
--- a/apps/sim/stores/logs/utils.ts
+++ b/apps/sim/stores/logs/utils.ts
@@ -1,9 +1,15 @@
 /**
  * Width constraints for the log details panel.
+ *
+ * The min is the floor below which the panel becomes unusable. On narrow
+ * viewports (e.g. tablets, side-by-side windows, Mothership task pages with
+ * a constrained content area) the viewport-ratio cap is what actually wins
+ * — `getMaxLogDetailsWidth` enforces this. We never let the floor exceed
+ * the cap, so the panel always leaves room for the surface behind it.
  */
-export const MIN_LOG_DETAILS_WIDTH = 600
-export const DEFAULT_LOG_DETAILS_WIDTH = 600
-export const MAX_LOG_DETAILS_WIDTH_RATIO = 0.65
+export const MIN_LOG_DETAILS_WIDTH = 320
+export const DEFAULT_LOG_DETAILS_WIDTH = 520
+export const MAX_LOG_DETAILS_WIDTH_RATIO = 0.4
 
 /**
  * Returns the maximum log details panel width (65vw).
@@ -14,6 +20,11 @@ export const getMaxLogDetailsWidth = () =>
 
 /**
  * Clamps a width value to the valid panel range for the current viewport.
+ * The floor (`MIN_LOG_DETAILS_WIDTH`) is itself capped by the viewport ratio
+ * so a small viewport never produces a panel that covers more than 65vw.
  */
-export const clampPanelWidth = (width: number) =>
-  Math.max(MIN_LOG_DETAILS_WIDTH, Math.min(width, getMaxLogDetailsWidth()))
+export const clampPanelWidth = (width: number) => {
+  const max = getMaxLogDetailsWidth()
+  const min = Math.min(MIN_LOG_DETAILS_WIDTH, max)
+  return Math.max(min, Math.min(width, max))
+}
diff --git a/apps/sim/tools/jira/utils.ts b/apps/sim/tools/jira/utils.ts
index 145301cdfe4..3ce0db24107 100644
--- a/apps/sim/tools/jira/utils.ts
+++ b/apps/sim/tools/jira/utils.ts
@@ -1,4 +1,5 @@
 import { createLogger } from '@sim/logger'
+import type { RetryOptions } from '@/lib/knowledge/documents/utils'
 import { fetchWithRetry } from '@/lib/knowledge/documents/utils'
 
 const logger = createLogger('JiraUtils')
@@ -61,6 +62,9 @@ export function extractAdfText(content: any): string | null {
     return content.map(extractAdfText).filter(Boolean).join(' ')
   }
   if (content.type === 'text') return content.text || ''
+  if (content.type === 'hardBreak') return '\n'
+  if (content.type === 'mention') return content.attrs?.text || ''
+  if (content.type === 'emoji') return content.attrs?.shortName || content.attrs?.text || ''
   if (content.content) return extractAdfText(content.content)
   return ''
 }
@@ -163,7 +167,11 @@ export function normalizeDomain(domain: string): string {
     .replace(/\/+$/, '')}`.toLowerCase()
 }
 
-export async function getJiraCloudId(domain: string, accessToken: string): Promise<string> {
+export async function getJiraCloudId(
+  domain: string,
+  accessToken: string,
+  retryOptions?: RetryOptions
+): Promise<string> {
   const response = await fetchWithRetry(
     'https://api.atlassian.com/oauth/token/accessible-resources',
     {
@@ -172,7 +180,8 @@ export async function getJiraCloudId(domain: string, accessToken: string): Promi
         Authorization: `Bearer ${accessToken}`,
         Accept: 'application/json',
       },
-    }
+    },
+    retryOptions
   )
 
   if (!response.ok) {
diff --git a/apps/sim/tools/mem0/add_memories.test.ts b/apps/sim/tools/mem0/add_memories.test.ts
new file mode 100644
index 00000000000..372669977c5
--- /dev/null
+++ b/apps/sim/tools/mem0/add_memories.test.ts
@@ -0,0 +1,73 @@
+/**
+ * @vitest-environment node
+ */
+import { describe, expect, it } from 'vitest'
+import { mem0AddMemoriesTool } from '@/tools/mem0/add_memories'
+import type { Mem0AddMemoriesParams } from '@/tools/mem0/types'
+
+describe('mem0AddMemoriesTool', () => {
+  const buildBody = mem0AddMemoriesTool.request.body!
+  const transformResponse = mem0AddMemoriesTool.transformResponse!
+
+  it('uses the v3 add memories endpoint', () => {
+    expect(mem0AddMemoriesTool.request.url).toBe('https://api.mem0.ai/v3/memories/add/')
+    expect(mem0AddMemoriesTool.request.method).toBe('POST')
+  })
+
+  it('builds the documented add memories request body', () => {
+    const body = buildBody({
+      apiKey: 'test-key',
+      userId: ' alice ',
+      messages: [{ role: 'user', content: 'I like Sim.' }],
+    })
+
+    expect(body).toEqual({
+      messages: [{ role: 'user', content: 'I like Sim.' }],
+      user_id: 'alice',
+    })
+  })
+
+  it('accepts JSON string messages from the block code input', () => {
+    const params: Mem0AddMemoriesParams = {
+      apiKey: 'test-key',
+      userId: 'alice',
+      messages: JSON.stringify([{ role: 'assistant', content: 'I will remember that.' }]),
+    }
+
+    expect(buildBody(params)).toEqual({
+      messages: [{ role: 'assistant', content: 'I will remember that.' }],
+      user_id: 'alice',
+    })
+  })
+
+  it('rejects unsupported message roles before building the request body', () => {
+    expect(() =>
+      buildBody({
+        apiKey: 'test-key',
+        userId: 'alice',
+        messages: JSON.stringify([{ role: 'system', content: 'Remember this.' }]),
+      })
+    ).toThrow('Each message must have role user or assistant and non-empty content')
+  })
+
+  it('extracts queued processing fields from v3 responses', async () => {
+    const result = await transformResponse(
+      new Response(
+        JSON.stringify({
+          message: 'Memory processing has been queued for background execution',
+          status: 'PENDING',
+          event_id: 'evt-123',
+        })
+      )
+    )
+
+    expect(result).toEqual({
+      success: true,
+      output: {
+        message: 'Memory processing has been queued for background execution',
+        status: 'PENDING',
+        event_id: 'evt-123',
+      },
+    })
+  })
+})
diff --git a/apps/sim/tools/mem0/add_memories.ts b/apps/sim/tools/mem0/add_memories.ts
index 0616e5a2be5..fc7ca732026 100644
--- a/apps/sim/tools/mem0/add_memories.ts
+++ b/apps/sim/tools/mem0/add_memories.ts
@@ -1,11 +1,16 @@
-import { ADD_MEMORY_OUTPUT_PROPERTIES } from '@/tools/mem0/types'
+import {
+  ADD_MEMORY_OUTPUT_PROPERTIES,
+  type Mem0AddMemoriesParams,
+  type Mem0AddMemoriesResponse,
+} from '@/tools/mem0/types'
+import { parseMem0Messages } from '@/tools/mem0/utils'
 import type { ToolConfig } from '@/tools/types'
 
 /**
  * Add Memories Tool
  * @see https://docs.mem0.ai/api-reference/memory/add-memories
  */
-export const mem0AddMemoriesTool: ToolConfig = {
+export const mem0AddMemoriesTool: ToolConfig<Mem0AddMemoriesParams, Mem0AddMemoriesResponse> = {
   id: 'mem0_add_memories',
   name: 'Add Memories',
   description: 'Add memories to Mem0 for persistent storage and retrieval',
@@ -34,107 +39,36 @@ export const mem0AddMemoriesTool: ToolConfig = {
   },
 
   request: {
-    url: 'https://api.mem0.ai/v1/memories/',
+    url: 'https://api.mem0.ai/v3/memories/add/',
     method: 'POST',
     headers: (params) => ({
       Authorization: `Token ${params.apiKey}`,
       'Content-Type': 'application/json',
     }),
     body: (params) => {
-      // First, ensure messages is an array
-      let messagesArray = params.messages
-      if (typeof messagesArray === 'string') {
-        try {
-          messagesArray = JSON.parse(messagesArray)
-        } catch (_e) {
-          throw new Error('Messages must be a valid JSON array of objects with role and content')
-        }
-      }
-
-      // Validate message format
-      if (!Array.isArray(messagesArray) || messagesArray.length === 0) {
-        throw new Error('Messages must be a non-empty array')
-      }
-
-      for (const msg of messagesArray) {
-        if (!msg.role || !msg.content) {
-          throw new Error('Each message must have role and content properties')
-        }
-      }
-
-      // Prepare request body
-      const body: Record<string, any> = {
-        messages: messagesArray,
-        version: 'v2',
-        user_id: params.userId,
+      const messages = parseMem0Messages(params.messages)
+      return {
+        messages,
+        user_id: params.userId.trim(),
       }
-
-      return body
     },
   },
 
-  transformResponse: async (response) => {
+  transformResponse: async (response): Promise<Mem0AddMemoriesResponse> => {
     const data = await response.json()
-
-    // If the API returns an empty array, this might be normal behavior on success
-    if (Array.isArray(data) && data.length === 0) {
-      return {
-        success: true,
-        output: {
-          memories: [],
-        },
-      }
-    }
-
-    // Handle array response with memory objects
-    if (Array.isArray(data) && data.length > 0) {
-      // Extract IDs for easy access
-      const memoryIds = data.map((memory) => memory.id)
-
-      return {
-        success: true,
-        output: {
-          ids: memoryIds,
-          memories: data,
-        },
-      }
-    }
-
-    // Handle non-array responses (single memory object)
-    if (data && !Array.isArray(data) && data.id) {
-      return {
-        success: true,
-        output: {
-          ids: [data.id],
-          memories: [data],
-        },
-      }
-    }
-
-    // Default response format if none of the above match
     return {
       success: true,
       output: {
-        memories: Array.isArray(data) ? data : [data],
+        message: data.message ?? '',
+        status: data.status ?? '',
+        event_id: data.event_id ?? '',
       },
     }
   },
 
   outputs: {
-    ids: {
-      type: 'array',
-      description: 'Array of memory IDs that were created',
-      items: {
-        type: 'string',
-      },
-    },
-    memories: {
-      type: 'array',
-      description: 'Array of memory objects that were created',
-      items: {
-        type: 'object',
-        properties: ADD_MEMORY_OUTPUT_PROPERTIES,
-      },
-    },
+    message: ADD_MEMORY_OUTPUT_PROPERTIES.message,
+    status: ADD_MEMORY_OUTPUT_PROPERTIES.status,
+    event_id: ADD_MEMORY_OUTPUT_PROPERTIES.event_id,
   },
 }
diff --git a/apps/sim/tools/mem0/get_memories.test.ts b/apps/sim/tools/mem0/get_memories.test.ts
new file mode 100644
index 00000000000..26451a71d32
--- /dev/null
+++ b/apps/sim/tools/mem0/get_memories.test.ts
@@ -0,0 +1,122 @@
+/**
+ * @vitest-environment node
+ */
+import { describe, expect, it } from 'vitest'
+import { mem0GetMemoriesTool } from '@/tools/mem0/get_memories'
+
+interface Mem0GetParams {
+  apiKey: string
+  userId?: string
+  memoryId?: string
+  startDate?: string
+  endDate?: string
+  page?: number
+  limit?: number
+}
+
+describe('mem0GetMemoriesTool', () => {
+  const buildUrl = mem0GetMemoriesTool.request.url as (params: Mem0GetParams) => string
+  const buildMethod = mem0GetMemoriesTool.request.method as (params: Mem0GetParams) => string
+  const buildBody = mem0GetMemoriesTool.request.body!
+  const transformResponse = mem0GetMemoriesTool.transformResponse!
+
+  it('uses scoped v3 list memories requests', () => {
+    const params = {
+      apiKey: 'test-key',
+      userId: 'user-123',
+      page: 3,
+      limit: 25,
+    }
+
+    expect(buildUrl(params)).toBe('https://api.mem0.ai/v3/memories/')
+    expect(buildMethod(params)).toBe('POST')
+    expect(buildBody(params)).toEqual({
+      filters: {
+        user_id: 'user-123',
+      },
+      page: 3,
+      page_size: 25,
+    })
+  })
+
+  it('keeps date filters inside the scoped filter object', () => {
+    const body = buildBody({
+      apiKey: 'test-key',
+      userId: 'user-123',
+      startDate: '2026-01-01',
+      endDate: '2026-01-31',
+    })
+
+    expect(body).toEqual({
+      filters: {
+        user_id: 'user-123',
+        created_at: {
+          gte: '2026-01-01',
+          lte: '2026-01-31',
+        },
+      },
+      page: 1,
+      page_size: 10,
+    })
+  })
+
+  it('uses the single-memory endpoint for memoryId requests', () => {
+    const params = {
+      apiKey: 'test-key',
+      userId: 'user-123',
+      memoryId: 'mem/123',
+    }
+
+    expect(buildUrl(params)).toBe('https://api.mem0.ai/v1/memories/mem%2F123/')
+    expect(buildMethod(params)).toBe('GET')
+    expect(buildBody(params)).toBeUndefined()
+  })
+
+  it('extracts memories from paginated v3 responses', async () => {
+    const result = await transformResponse(
+      new Response(
+        JSON.stringify({
+          count: 2,
+          next: 'https://api.mem0.ai/v3/memories/?page=2&page_size=25',
+          previous: null,
+          results: [
+            { id: 'mem-1', memory: 'First memory.', user_id: 'user-123' },
+            { id: 'mem-2', memory: 'Second memory.', user_id: 'user-123' },
+          ],
+        })
+      )
+    )
+
+    expect(result.output).toEqual({
+      memories: [
+        { id: 'mem-1', memory: 'First memory.', user_id: 'user-123' },
+        { id: 'mem-2', memory: 'Second memory.', user_id: 'user-123' },
+      ],
+      ids: ['mem-1', 'mem-2'],
+      count: 2,
+      next: 'https://api.mem0.ai/v3/memories/?page=2&page_size=25',
+      previous: null,
+    })
+  })
+
+  it('extracts direct single memory responses without rewriting fields', async () => {
+    const result = await transformResponse(
+      new Response(
+        JSON.stringify({
+          id: 'mem-1',
+          memory: 'Stored memory content.',
+          created_at: '2026-01-01T00:00:00Z',
+        })
+      )
+    )
+
+    expect(result.output.memories).toEqual([
+      {
+        id: 'mem-1',
+        memory: 'Stored memory content.',
+        created_at: '2026-01-01T00:00:00Z',
+      },
+    ])
+    expect(result.output.ids).toEqual(['mem-1'])
+  })
+})
diff --git a/apps/sim/tools/mem0/get_memories.ts b/apps/sim/tools/mem0/get_memories.ts
index c753a25fa02..74d2addcc37 100644
--- a/apps/sim/tools/mem0/get_memories.ts
+++ b/apps/sim/tools/mem0/get_memories.ts
@@ -1,11 +1,24 @@
-import { MEMORY_OUTPUT_PROPERTIES } from '@/tools/mem0/types'
+import { MEMORY_OUTPUT_PROPERTIES, type Mem0GetMemoriesParams } from '@/tools/mem0/types'
+import { isRecord } from '@/tools/mem0/utils'
 import type { ToolConfig } from '@/tools/types'
 
+const getMemoriesFromResponse = (data: unknown): unknown[] => {
+  if (Array.isArray(data)) return data
+  if (!isRecord(data)) return []
+  if (Array.isArray(data.results)) return data.results
+  if (isRecord(data.memory)) return [data.memory]
+  if (data.id) return [data]
+  return []
+}
+
+const getMemoryId = (memory: unknown): string | undefined =>
+  isRecord(memory) && typeof memory.id === 'string' ? memory.id : undefined
+
 /**
  * Get Memories Tool
  * @see https://docs.mem0.ai/api-reference/memory/get-memories
  */
-export const mem0GetMemoriesTool: ToolConfig = {
+export const mem0GetMemoriesTool: ToolConfig<Mem0GetMemoriesParams> = {
   id: 'mem0_get_memories',
   name: 'Get Memories',
   description: 'Retrieve memories from Mem0 by ID or filter criteria',
@@ -43,6 +56,13 @@ export const mem0GetMemoriesTool: ToolConfig = {
       visibility: 'user-or-llm',
       description: 'Maximum number of results to return (e.g., 10, 50, 100)',
     },
+    page: {
+      type: 'number',
+      required: false,
+      default: 1,
+      visibility: 'user-or-llm',
+      description: 'Page number to retrieve for paginated list results',
+    },
     apiKey: {
       type: 'string',
       required: true,
@@ -52,73 +72,63 @@ export const mem0GetMemoriesTool: ToolConfig = {
   },
 
   request: {
-    url: (params: Record<string, any>) => {
-      // For a specific memory ID, use the get single memory endpoint
-      if (params.memoryId) {
-        // Dynamically set method to GET for memory ID requests
-        params.method = 'GET'
-        return `https://api.mem0.ai/v1/memories/${params.memoryId}/`
+    url: (params) => {
+      const memoryId = typeof params.memoryId === 'string' ? params.memoryId.trim() : undefined
+      if (memoryId) {
+        return `https://api.mem0.ai/v1/memories/${encodeURIComponent(memoryId)}/`
       }
-      // Otherwise use v2 memories endpoint with filters
-      return 'https://api.mem0.ai/v2/memories/'
+      return 'https://api.mem0.ai/v3/memories/'
     },
-    method: 'POST', // Default to POST for filtering
+    method: (params) =>
+      typeof params.memoryId === 'string' && params.memoryId.trim() ? 'GET' : 'POST',
     headers: (params) => ({
       'Content-Type': 'application/json',
       Authorization: `Token ${params.apiKey}`,
     }),
-    body: (params: Record<string, any>) => {
-      // For specific memory ID, we'll use GET method instead and don't need a body
-      // But we still need to return an empty object to satisfy the type
-      if (params.memoryId) {
-        return {}
+    body: (params) => {
+      if (typeof params.memoryId === 'string' && params.memoryId.trim()) {
+        return undefined
       }
 
-      // Build filters array for AND condition
-      const andConditions = []
-
-      // Add user filter
-      andConditions.push({ user_id: params.userId })
-
-      // Add date range filter if provided
+      const filters: Record<string, unknown> = {
+        user_id: params.userId?.trim(),
+      }
       if (params.startDate || params.endDate) {
-        const dateFilter: Record<string, any> = {}
-
+        const dateFilter: Record<string, unknown> = {}
         if (params.startDate) {
           dateFilter.gte = params.startDate
         }
-
         if (params.endDate) {
           dateFilter.lte = params.endDate
         }
-
-        andConditions.push({ created_at: dateFilter })
+        filters.created_at = dateFilter
       }
 
-      // Build final filters object
-      const body: Record<string, any> = {
+      return {
+        filters,
+        page: Number(params.page ?? 1),
         page_size: Number(params.limit || 10),
       }
-
-      // Only add filters if we have any conditions
-      if (andConditions.length > 0) {
-        body.filters = { AND: andConditions }
-      }
-
-      return body
     },
   },
 
   transformResponse: async (response: Response) => {
     const data = await response.json()
-    const memories = Array.isArray(data) ? data : [data]
-    const ids = memories.map((memory) => memory.id).filter(Boolean)
+    const memories = getMemoriesFromResponse(data)
+    const ids = memories.map(getMemoryId).filter((id): id is string => Boolean(id))
 
     return {
       success: true,
       output: {
         memories,
         ids,
+        ...(isRecord(data) && typeof data.count === 'number' ? { count: data.count } : {}),
+        ...(isRecord(data) && (typeof data.next === 'string' || data.next === null)
+          ? { next: data.next }
+          : {}),
+        ...(isRecord(data) && (typeof data.previous === 'string' || data.previous === null)
+          ? { previous: data.previous }
+          : {}),
       },
     }
   },
@@ -139,5 +149,20 @@ export const mem0GetMemoriesTool: ToolConfig = {
         type: 'string',
       },
     },
+    count: {
+      type: 'number',
+      description: 'Total number of memories matching the filters',
+      optional: true,
+    },
+    next: {
+      type: 'string',
+      description: 'URL for the next page of results',
+      optional: true,
+    },
+    previous: {
+      type: 'string',
+      description: 'URL for the previous page of results',
+      optional: true,
+    },
   },
 }
diff --git a/apps/sim/tools/mem0/index.ts b/apps/sim/tools/mem0/index.ts
index 01b33170816..ba80251221c 100644
--- a/apps/sim/tools/mem0/index.ts
+++ b/apps/sim/tools/mem0/index.ts
@@ -3,3 +3,5 @@ import { mem0GetMemoriesTool } from '@/tools/mem0/get_memories'
 import { mem0SearchMemoriesTool } from '@/tools/mem0/search_memories'
 
 export { mem0AddMemoriesTool, mem0SearchMemoriesTool, mem0GetMemoriesTool }
+export * from '@/tools/mem0/types'
+export * from '@/tools/mem0/utils'
diff --git a/apps/sim/tools/mem0/search_memories.test.ts b/apps/sim/tools/mem0/search_memories.test.ts
new file mode 100644
index 00000000000..a7fec78dc08
--- /dev/null
+++ b/apps/sim/tools/mem0/search_memories.test.ts
@@ -0,0 +1,72 @@
+/**
+ * @vitest-environment node
+ */
+import { describe, expect, it } from 'vitest'
+import { mem0SearchMemoriesTool } from '@/tools/mem0/search_memories'
+
+describe('mem0SearchMemoriesTool', () => {
+  const buildBody = mem0SearchMemoriesTool.request.body!
+  const transformResponse = mem0SearchMemoriesTool.transformResponse!
+
+  it('uses the v3 search endpoint', () => {
+    expect(mem0SearchMemoriesTool.request.url).toBe('https://api.mem0.ai/v3/memories/search/')
+    expect(mem0SearchMemoriesTool.request.method).toBe('POST')
+  })
+
+  it('builds the documented search request body', () => {
+    const body = buildBody({
+      apiKey: 'test-key',
+      userId: ' alice ',
+      query: 'where does the user live?',
+      limit: 20,
+    })
+
+    expect(body).toEqual({
+      query: 'where does the user live?',
+      filters: {
+        user_id: 'alice',
+      },
+      top_k: 20,
+    })
+  })
+
+  it('extracts results from v3 response envelopes', async () => {
+    const result = await transformResponse(
+      new Response(
+        JSON.stringify({
+          results: [
+            {
+              id: 'mem-1',
+              memory: 'User lives in San Francisco.',
+              user_id: 'alice',
+              categories: ['location'],
+              score: 0.82,
+              created_at: '2026-01-15T10:30:00Z',
+              updated_at: '2026-01-15T10:30:00Z',
+            },
+          ],
+        })
+      )
+    )
+
+    expect(result.output).toEqual({
+      searchResults: [
+        {
+          id: 'mem-1',
+          memory: 'User lives in San Francisco.',
+          user_id: 'alice',
+          agent_id: undefined,
+          app_id: undefined,
+          run_id: undefined,
+          hash: undefined,
+          metadata: undefined,
+          categories: ['location'],
+          created_at: '2026-01-15T10:30:00Z',
+          updated_at: '2026-01-15T10:30:00Z',
+          score: 0.82,
+        },
+      ],
+      ids: ['mem-1'],
+    })
+  })
+})
diff --git a/apps/sim/tools/mem0/search_memories.ts b/apps/sim/tools/mem0/search_memories.ts
index c7fc4d3d7dd..5f8dde791f4 100644
--- a/apps/sim/tools/mem0/search_memories.ts
+++ b/apps/sim/tools/mem0/search_memories.ts
@@ -1,12 +1,29 @@
-import type { Mem0Response } from '@/tools/mem0/types'
+import type { Mem0Response, Mem0SearchMemoriesParams } from '@/tools/mem0/types'
 import { SEARCH_RESULT_OUTPUT_PROPERTIES } from '@/tools/mem0/types'
+import { isRecord, type JsonRecord } from '@/tools/mem0/utils'
 import type { ToolConfig } from '@/tools/types'
 
+const getSearchResults = (data: unknown): JsonRecord[] => {
+  if (!isRecord(data) || !Array.isArray(data.results)) return []
+  return data.results.filter(isRecord)
+}
+
+const getString = (value: unknown): string | undefined =>
+  typeof value === 'string' ? value : undefined
+
+const getStringArray = (value: unknown): string[] | undefined =>
+  Array.isArray(value)
+    ? value.filter((item): item is string => typeof item === 'string')
+    : undefined
+
+const getNumber = (value: unknown, fallback = 0): number =>
+  typeof value === 'number' ? value : fallback
+
 /**
  * Search Memories Tool
  * @see https://docs.mem0.ai/api-reference/memory/search-memories
  */
-export const mem0SearchMemoriesTool: ToolConfig<any, Mem0Response> = {
+export const mem0SearchMemoriesTool: ToolConfig<Mem0SearchMemoriesParams, Mem0Response> = {
   id: 'mem0_search_memories',
   name: 'Search Memories',
   description: 'Search for memories in Mem0 using semantic search',
@@ -41,71 +58,46 @@ export const mem0SearchMemoriesTool: ToolConfig<any, Mem0Response> = {
   },
 
   request: {
-    url: 'https://api.mem0.ai/v2/memories/search/',
+    url: 'https://api.mem0.ai/v3/memories/search/',
     method: 'POST',
     headers: (params) => ({
       'Content-Type': 'application/json',
       Authorization: `Token ${params.apiKey}`,
     }),
     body: (params) => {
-      // Create the request body with the format that the curl test confirms works
-      const body: Record<string, any> = {
-        query: params.query || 'test',
+      return {
+        query: params.query,
         filters: {
-          user_id: params.userId,
+          user_id: params.userId.trim(),
         },
         top_k: Number(params.limit || 10),
       }
-
-      return body
     },
   },
 
   transformResponse: async (response): Promise<Mem0Response> => {
     const data = await response.json()
-
-    if (!data || (Array.isArray(data) && data.length === 0)) {
-      return {
-        success: true,
-        output: {
-          searchResults: [],
-          ids: [],
-        },
-      }
-    }
-
-    if (Array.isArray(data)) {
-      const searchResults = data.map((item) => ({
-        id: item.id,
-        memory: item.memory || '',
-        user_id: item.user_id,
-        agent_id: item.agent_id,
-        app_id: item.app_id,
-        run_id: item.run_id,
-        hash: item.hash,
-        metadata: item.metadata,
-        categories: item.categories,
-        created_at: item.created_at,
-        updated_at: item.updated_at,
-        score: item.score || 0,
-      }))
-
-      const ids = data.map((item) => item.id).filter(Boolean)
-
-      return {
-        success: true,
-        output: {
-          searchResults,
-          ids,
-        },
-      }
-    }
+    const searchResults = getSearchResults(data).map((result) => ({
+      id: getString(result.id) ?? '',
+      memory: getString(result.memory) ?? '',
+      user_id: getString(result.user_id),
+      agent_id: getString(result.agent_id),
+      app_id: getString(result.app_id),
+      run_id: getString(result.run_id),
+      hash: getString(result.hash),
+      metadata: isRecord(result.metadata) ? result.metadata : undefined,
+      categories: getStringArray(result.categories),
+      created_at: getString(result.created_at),
+      updated_at: getString(result.updated_at),
+      score: getNumber(result.score),
+    }))
+    const ids = searchResults.map((result) => result.id).filter(Boolean)
 
     return {
       success: true,
       output: {
-        searchResults: [],
-        ids: [],
+        searchResults,
+        ids,
       },
     }
   },
diff --git a/apps/sim/tools/mem0/types.ts b/apps/sim/tools/mem0/types.ts
index 156926d65a4..63f18988df9 100644
--- a/apps/sim/tools/mem0/types.ts
+++ b/apps/sim/tools/mem0/types.ts
@@ -1,5 +1,41 @@
 import type { OutputProperty, ToolResponse } from '@/tools/types'
 
+export interface Mem0Message {
+  role: 'user' | 'assistant'
+  content: string
+}
+
+export interface Mem0AddMemoriesParams {
+  userId: string
+  messages: Mem0Message[] | string
+  apiKey: string
+}
+
+export interface Mem0SearchMemoriesParams {
+  userId: string
+  query: string
+  limit?: number
+  apiKey: string
+}
+
+export interface Mem0GetMemoriesParams {
+  userId?: string
+  memoryId?: string
+  startDate?: string
+  endDate?: string
+  page?: number
+  limit?: number
+  apiKey: string
+}
+
+export interface Mem0AddMemoriesResponse extends ToolResponse {
+  output: {
+    message: string
+    status: string
+    event_id: string
+  }
+}
+
 /**
  * Shared output property definitions for Mem0 API responses.
  * Based on official Mem0 REST API documentation.
@@ -7,21 +43,18 @@ import type { OutputProperty, ToolResponse } from '@/tools/types'
  */
 
 /**
- * Output definition for memory objects returned by add operations.
- * Add responses include event type indicating what operation was performed.
+ * Output definition for queued add-memory operations.
  * @see https://docs.mem0.ai/api-reference/memory/add-memories
  */
 export const ADD_MEMORY_OUTPUT_PROPERTIES = {
-  id: { type: 'string', description: 'Unique identifier for the memory' },
-  memory: { type: 'string', description: 'The content of the memory' },
-  event: {
+  message: { type: 'string', description: 'Status message for the queued memory processing job' },
+  status: {
     type: 'string',
-    description: 'Event type indicating operation performed (ADD, UPDATE, DELETE, NOOP)',
+    description: 'Processing status returned by Mem0',
   },
-  metadata: {
-    type: 'json',
-    description: 'Custom metadata associated with the memory',
-    optional: true,
+  event_id: {
+    type: 'string',
+    description: 'Event ID for polling memory processing status',
   },
 } as const satisfies Record<string, OutputProperty>
 
@@ -30,7 +63,7 @@ export const ADD_MEMORY_OUTPUT_PROPERTIES = {
  */
 export const ADD_MEMORY_OUTPUT: OutputProperty = {
   type: 'object',
-  description: 'Memory object returned from add operation with event type',
+  description: 'Queued memory processing job returned from add operation',
   properties: ADD_MEMORY_OUTPUT_PROPERTIES,
 }
 
@@ -66,18 +99,6 @@ export const MEMORY_OUTPUT_PROPERTIES = {
     type: 'string',
     description: 'ISO 8601 timestamp when the memory was last updated',
   },
-  owner: { type: 'string', description: 'Owner of the memory', optional: true },
-  organization: {
-    type: 'string',
-    description: 'Organization associated with the memory',
-    optional: true,
-  },
-  immutable: { type: 'boolean', description: 'Whether the memory can be modified', optional: true },
-  expiration_date: {
-    type: 'string',
-    description: 'Expiration date after which memory is not retrieved',
-    optional: true,
-  },
 } as const satisfies Record<string, OutputProperty>
 
 /**
@@ -139,7 +160,6 @@ export interface Mem0Response extends ToolResponse {
     memories?: Array<{
       id: string
       memory: string
-      event?: string
       user_id?: string
       agent_id?: string
       app_id?: string
@@ -149,11 +169,10 @@ export interface Mem0Response extends ToolResponse {
       categories?: string[]
       created_at?: string
       updated_at?: string
-      owner?: string
-      organization?: string
-      immutable?: boolean
-      expiration_date?: string
     }>
+    count?: number
+    next?: string | null
+    previous?: string | null
     searchResults?: Array<{
       id: string
       memory: string
diff --git a/apps/sim/tools/mem0/utils.ts b/apps/sim/tools/mem0/utils.ts
new file mode 100644
index 00000000000..8c6d7cedac9
--- /dev/null
+++ b/apps/sim/tools/mem0/utils.ts
@@ -0,0 +1,42 @@
+import { toError } from '@sim/utils/errors'
+import type { Mem0Message } from '@/tools/mem0/types'
+
+export type JsonRecord = Record<string, unknown>
+
+export const isRecord = (value: unknown): value is JsonRecord =>
+  value !== null && typeof value === 'object' && !Array.isArray(value)
+
+function isMem0Message(value: unknown): value is Mem0Message {
+  return (
+    value !== null &&
+    typeof value === 'object' &&
+    'role' in value &&
+    'content' in value &&
+    (value.role === 'user' || value.role === 'assistant') &&
+    typeof value.content === 'string' &&
+    value.content.length > 0
+  )
+}
+
+export function parseMem0Messages(value: unknown): Mem0Message[] {
+  let messages: unknown
+  try {
+    messages = typeof value === 'string' ? JSON.parse(value) : value
+  } catch (error) {
+    throw new Error(`Messages must be valid JSON: ${toError(error).message}`)
+  }
+
+  if (!Array.isArray(messages) || messages.length === 0) {
+    throw new Error('Messages must be a non-empty array')
+  }
+
+  const validMessages: Mem0Message[] = []
+  for (const message of messages) {
+    if (!isMem0Message(message)) {
+      throw new Error('Each message must have role user or assistant and non-empty content')
+    }
+    validMessages.push(message)
+  }
+
+  return validMessages
+}
diff --git a/apps/sim/tools/memory/get.test.ts b/apps/sim/tools/memory/get.test.ts
new file mode 100644
index 00000000000..0b7177d19d6
--- /dev/null
+++ b/apps/sim/tools/memory/get.test.ts
@@ -0,0 +1,65 @@
+/**
+ * @vitest-environment node
+ */
+import { describe, expect, it } from 'vitest'
+import { memoryGetTool } from '@/tools/memory/get'
+
+interface MemoryGetParams {
+  _context?: {
+    workspaceId?: string
+  }
+  conversationId?: string
+  id?: string
+}
+
+describe('memoryGetTool', () => {
+  const buildUrl = memoryGetTool.request.url as (params: MemoryGetParams) => string
+  const transformResponse = memoryGetTool.transformResponse!
+
+  it('builds an exact memory lookup URL', () => {
+    const url = buildUrl({
+      _context: { workspaceId: 'workspace-1' },
+      conversationId: 'user-123',
+    })
+
+    expect(url).toBe('/api/memory/user-123?workspaceId=workspace-1')
+    expect(url).not.toContain('query=')
+    expect(url).not.toContain('limit=')
+  })
+
+  it('encodes legacy id values in the path', () => {
+    const url = buildUrl({
+      _context: { workspaceId: 'workspace-1' },
+      id: 'team/user 123',
+    })
+
+    expect(url).toBe('/api/memory/team%2Fuser%20123?workspaceId=workspace-1')
+  })
+
+  it('wraps the exact memory response as a single result', async () => {
+    const result = await transformResponse(
+      new Response(
+        JSON.stringify({
+          success: true,
+          data: {
+            conversationId: 'user-123',
+            data: [{ role: 'user', content: 'Remember this' }],
+          },
+        })
+      )
+    )
+
+    expect(result).toEqual({
+      success: true,
+      output: {
+        memories: [
+          {
+            conversationId: 'user-123',
+            data: [{ role: 'user', content: 'Remember this' }],
+          },
+        ],
+        message: 'Found 1 memory',
+      },
+    })
+  })
+})
diff --git a/apps/sim/tools/memory/get.ts b/apps/sim/tools/memory/get.ts
index 27125637613..a9eed715403 100644
--- a/apps/sim/tools/memory/get.ts
+++ b/apps/sim/tools/memory/get.ts
@@ -35,12 +35,8 @@ export const memoryGetTool: ToolConfig<any, MemoryResponse> = {
       if (!conversationId) {
         throw new Error('conversationId or id is required')
       }
-      const query = conversationId
-
-      const url = new URL('/api/memory', 'http://dummy')
+      const url = new URL(`/api/memory/${encodeURIComponent(conversationId)}`, 'http://dummy')
       url.searchParams.set('workspaceId', workspaceId)
-      url.searchParams.set('query', query)
-      url.searchParams.set('limit', '1000')
 
       return url.pathname + url.search
     },
@@ -52,9 +48,9 @@ export const memoryGetTool: ToolConfig<any, MemoryResponse> = {
 
   transformResponse: async (response): Promise<MemoryResponse> => {
     const result = await response.json()
-    const memories = result.data?.memories || []
+    const memory = result.data
 
-    if (!Array.isArray(memories) || memories.length === 0) {
+    if (!memory) {
       return {
         success: true,
         output: {
@@ -67,8 +63,8 @@ export const memoryGetTool: ToolConfig<any, MemoryResponse> = {
     return {
       success: true,
       output: {
-        memories,
-        message: `Found ${memories.length} memories`,
+        memories: [memory],
+        message: 'Found 1 memory',
       },
     }
   },
diff --git a/apps/sim/tools/stt/elevenlabs.ts b/apps/sim/tools/stt/elevenlabs.ts
index 26e074109d5..ee19379d502 100644
--- a/apps/sim/tools/stt/elevenlabs.ts
+++ b/apps/sim/tools/stt/elevenlabs.ts
@@ -24,7 +24,7 @@ export const elevenLabsSttTool: ToolConfig<SttParams, SttResponse> = {
       type: 'string',
       required: false,
       visibility: 'user-or-llm',
-      description: 'ElevenLabs model to use (scribe_v1, scribe_v1_experimental)',
+      description: 'ElevenLabs model to use (scribe_v2)',
     },
     audioFile: {
       type: 'file',
@@ -71,7 +71,7 @@ export const elevenLabsSttTool: ToolConfig<SttParams, SttResponse> = {
     ) => ({
       provider: 'elevenlabs',
       apiKey: params.apiKey,
-      model: params.model,
+      model: 'scribe_v2',
       audioFile: params.audioFile,
       audioFileReference: params.audioFileReference,
       audioUrl: params.audioUrl,
@@ -141,7 +141,7 @@ export const elevenLabsSttV2Tool: ToolConfig<SttV2Params, SttResponse> = {
     ) => ({
       provider: 'elevenlabs',
       apiKey: params.apiKey,
-      model: params.model,
+      model: 'scribe_v2',
       audioFile: params.audioFile,
       audioFileReference: params.audioFileReference,
       language: params.language || 'auto',
diff --git a/apps/sim/triggers/registry.ts b/apps/sim/triggers/registry.ts
index 62502116307..b32941173ab 100644
--- a/apps/sim/triggers/registry.ts
+++ b/apps/sim/triggers/registry.ts
@@ -281,6 +281,7 @@ import {
 } from '@/triggers/servicenow'
 import { slackWebhookTrigger } from '@/triggers/slack'
 import { stripeWebhookTrigger } from '@/triggers/stripe'
+import { tableNewRowTrigger } from '@/triggers/table'
 import { telegramWebhookTrigger } from '@/triggers/telegram'
 import { twilioVoiceWebhookTrigger } from '@/triggers/twilio_voice'
 import { typeformWebhookTrigger } from '@/triggers/typeform'
@@ -520,6 +521,7 @@ export const TRIGGER_REGISTRY: TriggerRegistry = {
   servicenow_change_request_updated: servicenowChangeRequestUpdatedTrigger,
   servicenow_webhook: servicenowWebhookTrigger,
   stripe_webhook: stripeWebhookTrigger,
+  table_new_row: tableNewRowTrigger,
   telegram_webhook: telegramWebhookTrigger,
   typeform_webhook: typeformWebhookTrigger,
   whatsapp_webhook: whatsappWebhookTrigger,
diff --git a/apps/sim/triggers/table/index.ts b/apps/sim/triggers/table/index.ts
new file mode 100644
index 00000000000..a555c99fd37
--- /dev/null
+++ b/apps/sim/triggers/table/index.ts
@@ -0,0 +1 @@
+export { tableNewRowTrigger } from './poller'
diff --git a/apps/sim/triggers/table/poller.ts b/apps/sim/triggers/table/poller.ts
new file mode 100644
index 00000000000..a611c297d79
--- /dev/null
+++ b/apps/sim/triggers/table/poller.ts
@@ -0,0 +1,166 @@
+import { TableIcon } from '@/components/icons'
+import { requestJson } from '@/lib/api/client/request'
+import { listTablesContract } from '@/lib/api/contracts/tables'
+import type { TableDefinition } from '@/lib/table'
+import { getQueryClient } from '@/app/_shell/providers/get-query-client'
+import { tableKeys } from '@/hooks/queries/tables'
+import { useWorkflowRegistry } from '@/stores/workflows/registry/store'
+import { useSubBlockStore } from '@/stores/workflows/subblock/store'
+import type { TriggerConfig } from '@/triggers/types'
+
+async function fetchTableColumns(blockId: string): Promise<Array<{ label: string; id: string }>> {
+  const activeWorkflowId = useWorkflowRegistry.getState().activeWorkflowId
+  const workspaceId = useWorkflowRegistry.getState().hydration.workspaceId
+  if (!activeWorkflowId || !workspaceId) return []
+
+  const blockValues = useSubBlockStore.getState().workflowValues[activeWorkflowId]?.[blockId]
+  const tableId = (blockValues?.tableSelector as string) || (blockValues?.manualTableId as string)
+  if (!tableId) return []
+
+  const tables = await getQueryClient().fetchQuery({
+    queryKey: tableKeys.list(workspaceId),
+    queryFn: async ({ signal }): Promise<TableDefinition[]> => {
+      const response = await requestJson(listTablesContract, {
+        query: { workspaceId, scope: 'active' },
+        signal,
+      })
+      return (response.data.tables ?? []) as TableDefinition[]
+    },
+    staleTime: 60 * 1000,
+  })
+
+  const table = tables.find((t: TableDefinition) => t.id === tableId)
+  if (!table?.schema?.columns) return []
+
+  return table.schema.columns.map((col) => ({ id: col.name, label: col.name }))
+}
+
+export const tableNewRowTrigger: TriggerConfig = {
+  id: 'table_new_row',
+  name: 'Table Trigger',
+  provider: 'table',
+  description: 'Triggers when rows are inserted or updated in a table',
+  version: '1.0.0',
+  icon: TableIcon,
+
+  subBlocks: [
+    {
+      id: 'tableSelector',
+      title: 'Table',
+      type: 'table-selector',
+      description: 'The table to monitor.',
+      required: true,
+      mode: 'trigger',
+      canonicalParamId: 'tableId',
+      placeholder: 'Select a table',
+    },
+    {
+      id: 'manualTableId',
+      title: 'Table ID',
+      type: 'short-input',
+      placeholder: 'Enter table ID',
+      description: 'The table to monitor.',
+      required: true,
+      mode: 'trigger-advanced',
+      canonicalParamId: 'tableId',
+    },
+    {
+      id: 'eventType',
+      title: 'Event',
+      type: 'dropdown',
+      options: [
+        { id: 'insert', label: 'Row Inserted' },
+        { id: 'update', label: 'Row Updated' },
+      ],
+      defaultValue: 'insert',
+      description: 'The type of event to trigger on.',
+      required: true,
+      mode: 'trigger',
+    },
+    {
+      id: 'watchColumns',
+      title: 'Watch Columns',
+      type: 'dropdown',
+      multiSelect: true,
+      options: [],
+      placeholder: 'All columns',
+      description: 'Only fire when these columns change. Leave empty to fire on any update.',
+      required: false,
+      mode: 'trigger',
+      condition: { field: 'eventType', value: 'update' },
+      dependsOn: { any: ['tableSelector', 'manualTableId'] },
+      fetchOptions: fetchTableColumns,
+    },
+    {
+      id: 'includeHeaders',
+      title: 'Map Row Values to Headers',
+      type: 'switch',
+      defaultValue: true,
+      description:
+        'When enabled, each row is returned as a key-value object mapped to column names.',
+      required: false,
+      mode: 'trigger',
+    },
+    {
+      id: 'triggerInstructions',
+      title: 'Setup Instructions',
+      hideFromPreview: true,
+      type: 'text',
+      defaultValue: [
+        'Select the table to monitor',
+        'Choose whether to trigger on row inserts or updates',
+        'For updates, optionally select specific columns to watch',
+        'The workflow will trigger automatically when the event occurs',
+      ]
+        .map(
+          (instruction, index) =>
+            `<div class="mb-3"><strong>${index + 1}.</strong> ${instruction}</div>`
+        )
+        .join(''),
+      mode: 'trigger',
+    },
+  ],
+
+  outputs: {
+    row: {
+      type: 'json',
+      description: 'Row data mapped to column names (when header mapping is enabled)',
+    },
+    rawRow: {
+      type: 'json',
+      description: 'Raw row data object',
+    },
+    previousRow: {
+      type: 'json',
+      description: 'Previous row data before the update (null for inserts)',
+    },
+    changedColumns: {
+      type: 'json',
+      description: 'List of column names that changed (empty for inserts)',
+    },
+    rowId: {
+      type: 'string',
+      description: 'The unique row ID',
+    },
+    headers: {
+      type: 'json',
+      description: 'Column names from the table schema',
+    },
+    rowNumber: {
+      type: 'number',
+      description: 'The position of the row in the table',
+    },
+    tableId: {
+      type: 'string',
+      description: 'The table ID',
+    },
+    tableName: {
+      type: 'string',
+      description: 'The table name',
+    },
+    timestamp: {
+      type: 'string',
+      description: 'Event timestamp in ISO format',
+    },
+  },
+}
diff --git a/helm/sim/values.yaml b/helm/sim/values.yaml
index 477122f218c..97fbeba5761 100644
--- a/helm/sim/values.yaml
+++ b/helm/sim/values.yaml
@@ -166,6 +166,17 @@ app:
     EXECUTION_TIMEOUT_ASYNC_TEAM: "5400"                  # Team tier async timeout (90 minutes)
     EXECUTION_TIMEOUT_ASYNC_ENTERPRISE: "5400"            # Enterprise tier async timeout (90 minutes)
 
+    # Table Feature Limits (per workspace, per plan)
+    # Apply when billing is disabled (free tier defaults) or for billed plans
+    FREE_TABLES_LIMIT: "3"                                # Max user tables per workspace on free tier
+    FREE_TABLE_ROWS_LIMIT: "1000"                         # Max rows per table on free tier
+    PRO_TABLES_LIMIT: "25"                                # Max user tables per workspace on pro tier
+    PRO_TABLE_ROWS_LIMIT: "5000"                          # Max rows per table on pro tier
+    TEAM_TABLES_LIMIT: "100"                              # Max user tables per workspace on team tier
+    TEAM_TABLE_ROWS_LIMIT: "10000"                        # Max rows per table on team tier
+    ENTERPRISE_TABLES_LIMIT: "10000"                      # Max user tables per workspace on enterprise tier
+    ENTERPRISE_TABLE_ROWS_LIMIT: "1000000"                # Max rows per table on enterprise tier
+
     # Isolated-VM Worker Pool Configuration
     IVM_POOL_SIZE: "4"                                    # Max worker processes in pool
     IVM_MAX_CONCURRENT: "10000"                           # Max concurrent executions globally
diff --git a/packages/audit/src/types.ts b/packages/audit/src/types.ts
index 2f9c1f53d96..25679b71596 100644
--- a/packages/audit/src/types.ts
+++ b/packages/audit/src/types.ts
@@ -107,6 +107,7 @@ export const AuditAction = {
   CREDENTIAL_CREATED: 'credential.created',
   CREDENTIAL_UPDATED: 'credential.updated',
   CREDENTIAL_RENAMED: 'credential.renamed',
+  CREDENTIAL_RECONNECTED: 'credential.reconnected',
   CREDENTIAL_DELETED: 'credential.deleted',
 
   // Password
diff --git a/packages/db/migrations/0201_shiny_skullbuster.sql b/packages/db/migrations/0201_shiny_skullbuster.sql
new file mode 100644
index 00000000000..0768d1a248b
--- /dev/null
+++ b/packages/db/migrations/0201_shiny_skullbuster.sql
@@ -0,0 +1 @@
+ALTER TABLE "user_table_rows" ADD COLUMN "executions" jsonb DEFAULT '{}'::jsonb NOT NULL;
\ No newline at end of file
diff --git a/packages/db/migrations/meta/0201_snapshot.json b/packages/db/migrations/meta/0201_snapshot.json
new file mode 100644
index 00000000000..9a465f5bcb3
--- /dev/null
+++ b/packages/db/migrations/meta/0201_snapshot.json
@@ -0,0 +1,15260 @@
+{
+  "id": "f7dc3eab-9b08-4ed7-99b0-d952797d86eb",
+  "prevId": "c3b13ff7-cc49-4fa2-bb5a-4efcddd787dc",
+  "version": "7",
+  "dialect": "postgresql",
+  "tables": {
+    "public.a2a_agent": {
+      "name": "a2a_agent",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "version": {
+          "name": "version",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'1.0.0'"
+        },
+        "capabilities": {
+          "name": "capabilities",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "skills": {
+          "name": "skills",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'[]'"
+        },
+        "authentication": {
+          "name": "authentication",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "signatures": {
+          "name": "signatures",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'[]'"
+        },
+        "is_published": {
+          "name": "is_published",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "published_at": {
+          "name": "published_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "archived_at": {
+          "name": "archived_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "a2a_agent_workflow_id_idx": {
+          "name": "a2a_agent_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "a2a_agent_created_by_idx": {
+          "name": "a2a_agent_created_by_idx",
+          "columns": [
+            {
+              "expression": "created_by",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "a2a_agent_workspace_workflow_unique": {
+          "name": "a2a_agent_workspace_workflow_unique",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "where": "\"a2a_agent\".\"archived_at\" IS NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "a2a_agent_archived_at_idx": {
+          "name": "a2a_agent_archived_at_idx",
+          "columns": [
+            {
+              "expression": "archived_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "a2a_agent_workspace_archived_partial_idx": {
+          "name": "a2a_agent_workspace_archived_partial_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "archived_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"a2a_agent\".\"archived_at\" IS NOT NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "a2a_agent_workspace_id_workspace_id_fk": {
+          "name": "a2a_agent_workspace_id_workspace_id_fk",
+          "tableFrom": "a2a_agent",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "a2a_agent_workflow_id_workflow_id_fk": {
+          "name": "a2a_agent_workflow_id_workflow_id_fk",
+          "tableFrom": "a2a_agent",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "a2a_agent_created_by_user_id_fk": {
+          "name": "a2a_agent_created_by_user_id_fk",
+          "tableFrom": "a2a_agent",
+          "tableTo": "user",
+          "columnsFrom": ["created_by"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.a2a_push_notification_config": {
+      "name": "a2a_push_notification_config",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "task_id": {
+          "name": "task_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "url": {
+          "name": "url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "token": {
+          "name": "token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "auth_schemes": {
+          "name": "auth_schemes",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'[]'"
+        },
+        "auth_credentials": {
+          "name": "auth_credentials",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "is_active": {
+          "name": "is_active",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "a2a_push_notification_config_task_unique": {
+          "name": "a2a_push_notification_config_task_unique",
+          "columns": [
+            {
+              "expression": "task_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "a2a_push_notification_config_task_id_a2a_task_id_fk": {
+          "name": "a2a_push_notification_config_task_id_a2a_task_id_fk",
+          "tableFrom": "a2a_push_notification_config",
+          "tableTo": "a2a_task",
+          "columnsFrom": ["task_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.a2a_task": {
+      "name": "a2a_task",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "agent_id": {
+          "name": "agent_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "session_id": {
+          "name": "session_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "status": {
+          "name": "status",
+          "type": "a2a_task_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'submitted'"
+        },
+        "messages": {
+          "name": "messages",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'[]'"
+        },
+        "artifacts": {
+          "name": "artifacts",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'[]'"
+        },
+        "execution_id": {
+          "name": "execution_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "metadata": {
+          "name": "metadata",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'{}'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "completed_at": {
+          "name": "completed_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "a2a_task_agent_id_idx": {
+          "name": "a2a_task_agent_id_idx",
+          "columns": [
+            {
+              "expression": "agent_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "a2a_task_session_id_idx": {
+          "name": "a2a_task_session_id_idx",
+          "columns": [
+            {
+              "expression": "session_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "a2a_task_status_idx": {
+          "name": "a2a_task_status_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "a2a_task_execution_id_idx": {
+          "name": "a2a_task_execution_id_idx",
+          "columns": [
+            {
+              "expression": "execution_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "a2a_task_created_at_idx": {
+          "name": "a2a_task_created_at_idx",
+          "columns": [
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "a2a_task_agent_id_a2a_agent_id_fk": {
+          "name": "a2a_task_agent_id_a2a_agent_id_fk",
+          "tableFrom": "a2a_task",
+          "tableTo": "a2a_agent",
+          "columnsFrom": ["agent_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.academy_certificate": {
+      "name": "academy_certificate",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "course_id": {
+          "name": "course_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "academy_cert_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'active'"
+        },
+        "issued_at": {
+          "name": "issued_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "certificate_number": {
+          "name": "certificate_number",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "metadata": {
+          "name": "metadata",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "academy_certificate_user_id_idx": {
+          "name": "academy_certificate_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "academy_certificate_course_id_idx": {
+          "name": "academy_certificate_course_id_idx",
+          "columns": [
+            {
+              "expression": "course_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "academy_certificate_user_course_unique": {
+          "name": "academy_certificate_user_course_unique",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "course_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "academy_certificate_number_idx": {
+          "name": "academy_certificate_number_idx",
+          "columns": [
+            {
+              "expression": "certificate_number",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "academy_certificate_status_idx": {
+          "name": "academy_certificate_status_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "academy_certificate_user_id_user_id_fk": {
+          "name": "academy_certificate_user_id_user_id_fk",
+          "tableFrom": "academy_certificate",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "academy_certificate_certificate_number_unique": {
+          "name": "academy_certificate_certificate_number_unique",
+          "nullsNotDistinct": false,
+          "columns": ["certificate_number"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.account": {
+      "name": "account",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "provider_id": {
+          "name": "provider_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "access_token": {
+          "name": "access_token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "refresh_token": {
+          "name": "refresh_token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "id_token": {
+          "name": "id_token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "access_token_expires_at": {
+          "name": "access_token_expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "refresh_token_expires_at": {
+          "name": "refresh_token_expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "scope": {
+          "name": "scope",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "password": {
+          "name": "password",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "account_user_id_idx": {
+          "name": "account_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "idx_account_on_account_id_provider_id": {
+          "name": "idx_account_on_account_id_provider_id",
+          "columns": [
+            {
+              "expression": "account_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "provider_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "account_user_id_user_id_fk": {
+          "name": "account_user_id_user_id_fk",
+          "tableFrom": "account",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.api_key": {
+      "name": "api_key",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "key_hash": {
+          "name": "key_hash",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'personal'"
+        },
+        "last_used": {
+          "name": "last_used",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "api_key_workspace_type_idx": {
+          "name": "api_key_workspace_type_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "api_key_user_type_idx": {
+          "name": "api_key_user_type_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "api_key_key_hash_idx": {
+          "name": "api_key_key_hash_idx",
+          "columns": [
+            {
+              "expression": "key_hash",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "api_key_user_id_user_id_fk": {
+          "name": "api_key_user_id_user_id_fk",
+          "tableFrom": "api_key",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "api_key_workspace_id_workspace_id_fk": {
+          "name": "api_key_workspace_id_workspace_id_fk",
+          "tableFrom": "api_key",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "api_key_created_by_user_id_fk": {
+          "name": "api_key_created_by_user_id_fk",
+          "tableFrom": "api_key",
+          "tableTo": "user",
+          "columnsFrom": ["created_by"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "api_key_key_unique": {
+          "name": "api_key_key_unique",
+          "nullsNotDistinct": false,
+          "columns": ["key"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {
+        "workspace_type_check": {
+          "name": "workspace_type_check",
+          "value": "(type = 'workspace' AND workspace_id IS NOT NULL) OR (type = 'personal' AND workspace_id IS NULL)"
+        }
+      },
+      "isRLSEnabled": false
+    },
+    "public.async_jobs": {
+      "name": "async_jobs",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "payload": {
+          "name": "payload",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "started_at": {
+          "name": "started_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "completed_at": {
+          "name": "completed_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "run_at": {
+          "name": "run_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "attempts": {
+          "name": "attempts",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "max_attempts": {
+          "name": "max_attempts",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 3
+        },
+        "error": {
+          "name": "error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "output": {
+          "name": "output",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "metadata": {
+          "name": "metadata",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "async_jobs_status_started_at_idx": {
+          "name": "async_jobs_status_started_at_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "started_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "async_jobs_status_completed_at_idx": {
+          "name": "async_jobs_status_completed_at_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "completed_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.audit_log": {
+      "name": "audit_log",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "actor_id": {
+          "name": "actor_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "action": {
+          "name": "action",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "resource_type": {
+          "name": "resource_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "resource_id": {
+          "name": "resource_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "actor_name": {
+          "name": "actor_name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "actor_email": {
+          "name": "actor_email",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "resource_name": {
+          "name": "resource_name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "metadata": {
+          "name": "metadata",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'{}'"
+        },
+        "ip_address": {
+          "name": "ip_address",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "user_agent": {
+          "name": "user_agent",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "audit_log_workspace_created_idx": {
+          "name": "audit_log_workspace_created_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "audit_log_actor_created_idx": {
+          "name": "audit_log_actor_created_idx",
+          "columns": [
+            {
+              "expression": "actor_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "audit_log_resource_idx": {
+          "name": "audit_log_resource_idx",
+          "columns": [
+            {
+              "expression": "resource_type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "resource_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "audit_log_action_idx": {
+          "name": "audit_log_action_idx",
+          "columns": [
+            {
+              "expression": "action",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "audit_log_workspace_id_workspace_id_fk": {
+          "name": "audit_log_workspace_id_workspace_id_fk",
+          "tableFrom": "audit_log",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        },
+        "audit_log_actor_id_user_id_fk": {
+          "name": "audit_log_actor_id_user_id_fk",
+          "tableFrom": "audit_log",
+          "tableTo": "user",
+          "columnsFrom": ["actor_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.chat": {
+      "name": "chat",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "identifier": {
+          "name": "identifier",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "title": {
+          "name": "title",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "is_active": {
+          "name": "is_active",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "customizations": {
+          "name": "customizations",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'{}'"
+        },
+        "auth_type": {
+          "name": "auth_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'public'"
+        },
+        "password": {
+          "name": "password",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "allowed_emails": {
+          "name": "allowed_emails",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'[]'"
+        },
+        "output_configs": {
+          "name": "output_configs",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'[]'"
+        },
+        "archived_at": {
+          "name": "archived_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "identifier_idx": {
+          "name": "identifier_idx",
+          "columns": [
+            {
+              "expression": "identifier",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "where": "\"chat\".\"archived_at\" IS NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "chat_archived_at_partial_idx": {
+          "name": "chat_archived_at_partial_idx",
+          "columns": [
+            {
+              "expression": "archived_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"chat\".\"archived_at\" IS NOT NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "chat_workflow_id_workflow_id_fk": {
+          "name": "chat_workflow_id_workflow_id_fk",
+          "tableFrom": "chat",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "chat_user_id_user_id_fk": {
+          "name": "chat_user_id_user_id_fk",
+          "tableFrom": "chat",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.copilot_async_tool_calls": {
+      "name": "copilot_async_tool_calls",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true,
+          "default": "gen_random_uuid()"
+        },
+        "run_id": {
+          "name": "run_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "checkpoint_id": {
+          "name": "checkpoint_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tool_call_id": {
+          "name": "tool_call_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "tool_name": {
+          "name": "tool_name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "args": {
+          "name": "args",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "status": {
+          "name": "status",
+          "type": "copilot_async_tool_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "result": {
+          "name": "result",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "error": {
+          "name": "error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "claimed_at": {
+          "name": "claimed_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "claimed_by": {
+          "name": "claimed_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "completed_at": {
+          "name": "completed_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "copilot_async_tool_calls_run_id_idx": {
+          "name": "copilot_async_tool_calls_run_id_idx",
+          "columns": [
+            {
+              "expression": "run_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_async_tool_calls_checkpoint_id_idx": {
+          "name": "copilot_async_tool_calls_checkpoint_id_idx",
+          "columns": [
+            {
+              "expression": "checkpoint_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_async_tool_calls_tool_call_id_idx": {
+          "name": "copilot_async_tool_calls_tool_call_id_idx",
+          "columns": [
+            {
+              "expression": "tool_call_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_async_tool_calls_status_idx": {
+          "name": "copilot_async_tool_calls_status_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_async_tool_calls_run_status_idx": {
+          "name": "copilot_async_tool_calls_run_status_idx",
+          "columns": [
+            {
+              "expression": "run_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_async_tool_calls_tool_call_id_unique": {
+          "name": "copilot_async_tool_calls_tool_call_id_unique",
+          "columns": [
+            {
+              "expression": "tool_call_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "copilot_async_tool_calls_run_id_copilot_runs_id_fk": {
+          "name": "copilot_async_tool_calls_run_id_copilot_runs_id_fk",
+          "tableFrom": "copilot_async_tool_calls",
+          "tableTo": "copilot_runs",
+          "columnsFrom": ["run_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "copilot_async_tool_calls_checkpoint_id_copilot_run_checkpoints_id_fk": {
+          "name": "copilot_async_tool_calls_checkpoint_id_copilot_run_checkpoints_id_fk",
+          "tableFrom": "copilot_async_tool_calls",
+          "tableTo": "copilot_run_checkpoints",
+          "columnsFrom": ["checkpoint_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.copilot_chats": {
+      "name": "copilot_chats",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true,
+          "default": "gen_random_uuid()"
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "type": {
+          "name": "type",
+          "type": "chat_type",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'copilot'"
+        },
+        "title": {
+          "name": "title",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "messages": {
+          "name": "messages",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'[]'"
+        },
+        "model": {
+          "name": "model",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'claude-3-7-sonnet-latest'"
+        },
+        "conversation_id": {
+          "name": "conversation_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "preview_yaml": {
+          "name": "preview_yaml",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "plan_artifact": {
+          "name": "plan_artifact",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "config": {
+          "name": "config",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "resources": {
+          "name": "resources",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'[]'"
+        },
+        "last_seen_at": {
+          "name": "last_seen_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "copilot_chats_user_id_idx": {
+          "name": "copilot_chats_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_chats_workflow_id_idx": {
+          "name": "copilot_chats_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_chats_user_workflow_idx": {
+          "name": "copilot_chats_user_workflow_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_chats_user_workspace_idx": {
+          "name": "copilot_chats_user_workspace_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_chats_created_at_idx": {
+          "name": "copilot_chats_created_at_idx",
+          "columns": [
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_chats_updated_at_idx": {
+          "name": "copilot_chats_updated_at_idx",
+          "columns": [
+            {
+              "expression": "updated_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "copilot_chats_user_id_user_id_fk": {
+          "name": "copilot_chats_user_id_user_id_fk",
+          "tableFrom": "copilot_chats",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "copilot_chats_workflow_id_workflow_id_fk": {
+          "name": "copilot_chats_workflow_id_workflow_id_fk",
+          "tableFrom": "copilot_chats",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "copilot_chats_workspace_id_workspace_id_fk": {
+          "name": "copilot_chats_workspace_id_workspace_id_fk",
+          "tableFrom": "copilot_chats",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.copilot_feedback": {
+      "name": "copilot_feedback",
+      "schema": "",
+      "columns": {
+        "feedback_id": {
+          "name": "feedback_id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true,
+          "default": "gen_random_uuid()"
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "chat_id": {
+          "name": "chat_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "user_query": {
+          "name": "user_query",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "agent_response": {
+          "name": "agent_response",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "is_positive": {
+          "name": "is_positive",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "feedback": {
+          "name": "feedback",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "workflow_yaml": {
+          "name": "workflow_yaml",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "copilot_feedback_user_id_idx": {
+          "name": "copilot_feedback_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_feedback_chat_id_idx": {
+          "name": "copilot_feedback_chat_id_idx",
+          "columns": [
+            {
+              "expression": "chat_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_feedback_user_chat_idx": {
+          "name": "copilot_feedback_user_chat_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "chat_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_feedback_is_positive_idx": {
+          "name": "copilot_feedback_is_positive_idx",
+          "columns": [
+            {
+              "expression": "is_positive",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_feedback_created_at_idx": {
+          "name": "copilot_feedback_created_at_idx",
+          "columns": [
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "copilot_feedback_user_id_user_id_fk": {
+          "name": "copilot_feedback_user_id_user_id_fk",
+          "tableFrom": "copilot_feedback",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "copilot_feedback_chat_id_copilot_chats_id_fk": {
+          "name": "copilot_feedback_chat_id_copilot_chats_id_fk",
+          "tableFrom": "copilot_feedback",
+          "tableTo": "copilot_chats",
+          "columnsFrom": ["chat_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.copilot_run_checkpoints": {
+      "name": "copilot_run_checkpoints",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true,
+          "default": "gen_random_uuid()"
+        },
+        "run_id": {
+          "name": "run_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "pending_tool_call_id": {
+          "name": "pending_tool_call_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "conversation_snapshot": {
+          "name": "conversation_snapshot",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "agent_state": {
+          "name": "agent_state",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "provider_request": {
+          "name": "provider_request",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "copilot_run_checkpoints_run_id_idx": {
+          "name": "copilot_run_checkpoints_run_id_idx",
+          "columns": [
+            {
+              "expression": "run_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_run_checkpoints_pending_tool_call_id_idx": {
+          "name": "copilot_run_checkpoints_pending_tool_call_id_idx",
+          "columns": [
+            {
+              "expression": "pending_tool_call_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_run_checkpoints_run_pending_tool_unique": {
+          "name": "copilot_run_checkpoints_run_pending_tool_unique",
+          "columns": [
+            {
+              "expression": "run_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "pending_tool_call_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "copilot_run_checkpoints_run_id_copilot_runs_id_fk": {
+          "name": "copilot_run_checkpoints_run_id_copilot_runs_id_fk",
+          "tableFrom": "copilot_run_checkpoints",
+          "tableTo": "copilot_runs",
+          "columnsFrom": ["run_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.copilot_runs": {
+      "name": "copilot_runs",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true,
+          "default": "gen_random_uuid()"
+        },
+        "execution_id": {
+          "name": "execution_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "parent_run_id": {
+          "name": "parent_run_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "chat_id": {
+          "name": "chat_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "stream_id": {
+          "name": "stream_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "agent": {
+          "name": "agent",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "model": {
+          "name": "model",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "provider": {
+          "name": "provider",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "status": {
+          "name": "status",
+          "type": "copilot_run_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'active'"
+        },
+        "request_context": {
+          "name": "request_context",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "started_at": {
+          "name": "started_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "completed_at": {
+          "name": "completed_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "error": {
+          "name": "error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "copilot_runs_execution_id_idx": {
+          "name": "copilot_runs_execution_id_idx",
+          "columns": [
+            {
+              "expression": "execution_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_runs_parent_run_id_idx": {
+          "name": "copilot_runs_parent_run_id_idx",
+          "columns": [
+            {
+              "expression": "parent_run_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_runs_chat_id_idx": {
+          "name": "copilot_runs_chat_id_idx",
+          "columns": [
+            {
+              "expression": "chat_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_runs_user_id_idx": {
+          "name": "copilot_runs_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_runs_workflow_id_idx": {
+          "name": "copilot_runs_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_runs_workspace_id_idx": {
+          "name": "copilot_runs_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_runs_status_idx": {
+          "name": "copilot_runs_status_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_runs_chat_execution_idx": {
+          "name": "copilot_runs_chat_execution_idx",
+          "columns": [
+            {
+              "expression": "chat_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "execution_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_runs_execution_started_at_idx": {
+          "name": "copilot_runs_execution_started_at_idx",
+          "columns": [
+            {
+              "expression": "execution_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "started_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_runs_stream_id_unique": {
+          "name": "copilot_runs_stream_id_unique",
+          "columns": [
+            {
+              "expression": "stream_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "copilot_runs_chat_id_copilot_chats_id_fk": {
+          "name": "copilot_runs_chat_id_copilot_chats_id_fk",
+          "tableFrom": "copilot_runs",
+          "tableTo": "copilot_chats",
+          "columnsFrom": ["chat_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "copilot_runs_user_id_user_id_fk": {
+          "name": "copilot_runs_user_id_user_id_fk",
+          "tableFrom": "copilot_runs",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "copilot_runs_workflow_id_workflow_id_fk": {
+          "name": "copilot_runs_workflow_id_workflow_id_fk",
+          "tableFrom": "copilot_runs",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "copilot_runs_workspace_id_workspace_id_fk": {
+          "name": "copilot_runs_workspace_id_workspace_id_fk",
+          "tableFrom": "copilot_runs",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.copilot_workflow_read_hashes": {
+      "name": "copilot_workflow_read_hashes",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true,
+          "default": "gen_random_uuid()"
+        },
+        "chat_id": {
+          "name": "chat_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "hash": {
+          "name": "hash",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "copilot_workflow_read_hashes_chat_id_idx": {
+          "name": "copilot_workflow_read_hashes_chat_id_idx",
+          "columns": [
+            {
+              "expression": "chat_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_workflow_read_hashes_workflow_id_idx": {
+          "name": "copilot_workflow_read_hashes_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "copilot_workflow_read_hashes_chat_workflow_unique": {
+          "name": "copilot_workflow_read_hashes_chat_workflow_unique",
+          "columns": [
+            {
+              "expression": "chat_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "copilot_workflow_read_hashes_chat_id_copilot_chats_id_fk": {
+          "name": "copilot_workflow_read_hashes_chat_id_copilot_chats_id_fk",
+          "tableFrom": "copilot_workflow_read_hashes",
+          "tableTo": "copilot_chats",
+          "columnsFrom": ["chat_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "copilot_workflow_read_hashes_workflow_id_workflow_id_fk": {
+          "name": "copilot_workflow_read_hashes_workflow_id_workflow_id_fk",
+          "tableFrom": "copilot_workflow_read_hashes",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.credential": {
+      "name": "credential",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "credential_type",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "display_name": {
+          "name": "display_name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "provider_id": {
+          "name": "provider_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "env_key": {
+          "name": "env_key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "env_owner_user_id": {
+          "name": "env_owner_user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "encrypted_service_account_key": {
+          "name": "encrypted_service_account_key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "credential_workspace_id_idx": {
+          "name": "credential_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_type_idx": {
+          "name": "credential_type_idx",
+          "columns": [
+            {
+              "expression": "type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_provider_id_idx": {
+          "name": "credential_provider_id_idx",
+          "columns": [
+            {
+              "expression": "provider_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_account_id_idx": {
+          "name": "credential_account_id_idx",
+          "columns": [
+            {
+              "expression": "account_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_env_owner_user_id_idx": {
+          "name": "credential_env_owner_user_id_idx",
+          "columns": [
+            {
+              "expression": "env_owner_user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_workspace_account_unique": {
+          "name": "credential_workspace_account_unique",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "account_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "where": "account_id IS NOT NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_workspace_env_unique": {
+          "name": "credential_workspace_env_unique",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "env_key",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "where": "type = 'env_workspace'",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_workspace_personal_env_unique": {
+          "name": "credential_workspace_personal_env_unique",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "env_key",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "env_owner_user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "where": "type = 'env_personal'",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "credential_workspace_id_workspace_id_fk": {
+          "name": "credential_workspace_id_workspace_id_fk",
+          "tableFrom": "credential",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "credential_account_id_account_id_fk": {
+          "name": "credential_account_id_account_id_fk",
+          "tableFrom": "credential",
+          "tableTo": "account",
+          "columnsFrom": ["account_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "credential_env_owner_user_id_user_id_fk": {
+          "name": "credential_env_owner_user_id_user_id_fk",
+          "tableFrom": "credential",
+          "tableTo": "user",
+          "columnsFrom": ["env_owner_user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "credential_created_by_user_id_fk": {
+          "name": "credential_created_by_user_id_fk",
+          "tableFrom": "credential",
+          "tableTo": "user",
+          "columnsFrom": ["created_by"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {
+        "credential_oauth_source_check": {
+          "name": "credential_oauth_source_check",
+          "value": "(type <> 'oauth') OR (account_id IS NOT NULL AND provider_id IS NOT NULL)"
+        },
+        "credential_workspace_env_source_check": {
+          "name": "credential_workspace_env_source_check",
+          "value": "(type <> 'env_workspace') OR (env_key IS NOT NULL AND env_owner_user_id IS NULL)"
+        },
+        "credential_personal_env_source_check": {
+          "name": "credential_personal_env_source_check",
+          "value": "(type <> 'env_personal') OR (env_key IS NOT NULL AND env_owner_user_id IS NOT NULL)"
+        }
+      },
+      "isRLSEnabled": false
+    },
+    "public.credential_member": {
+      "name": "credential_member",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "credential_id": {
+          "name": "credential_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "role": {
+          "name": "role",
+          "type": "credential_member_role",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'member'"
+        },
+        "status": {
+          "name": "status",
+          "type": "credential_member_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'active'"
+        },
+        "joined_at": {
+          "name": "joined_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "invited_by": {
+          "name": "invited_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "credential_member_user_id_idx": {
+          "name": "credential_member_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_member_role_idx": {
+          "name": "credential_member_role_idx",
+          "columns": [
+            {
+              "expression": "role",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_member_status_idx": {
+          "name": "credential_member_status_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_member_unique": {
+          "name": "credential_member_unique",
+          "columns": [
+            {
+              "expression": "credential_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "credential_member_credential_id_credential_id_fk": {
+          "name": "credential_member_credential_id_credential_id_fk",
+          "tableFrom": "credential_member",
+          "tableTo": "credential",
+          "columnsFrom": ["credential_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "credential_member_user_id_user_id_fk": {
+          "name": "credential_member_user_id_user_id_fk",
+          "tableFrom": "credential_member",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "credential_member_invited_by_user_id_fk": {
+          "name": "credential_member_invited_by_user_id_fk",
+          "tableFrom": "credential_member",
+          "tableTo": "user",
+          "columnsFrom": ["invited_by"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.credential_set": {
+      "name": "credential_set",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "organization_id": {
+          "name": "organization_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "provider_id": {
+          "name": "provider_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "credential_set_created_by_idx": {
+          "name": "credential_set_created_by_idx",
+          "columns": [
+            {
+              "expression": "created_by",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_set_org_name_unique": {
+          "name": "credential_set_org_name_unique",
+          "columns": [
+            {
+              "expression": "organization_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "name",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_set_provider_id_idx": {
+          "name": "credential_set_provider_id_idx",
+          "columns": [
+            {
+              "expression": "provider_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "credential_set_organization_id_organization_id_fk": {
+          "name": "credential_set_organization_id_organization_id_fk",
+          "tableFrom": "credential_set",
+          "tableTo": "organization",
+          "columnsFrom": ["organization_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "credential_set_created_by_user_id_fk": {
+          "name": "credential_set_created_by_user_id_fk",
+          "tableFrom": "credential_set",
+          "tableTo": "user",
+          "columnsFrom": ["created_by"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.credential_set_invitation": {
+      "name": "credential_set_invitation",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "credential_set_id": {
+          "name": "credential_set_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "email": {
+          "name": "email",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "token": {
+          "name": "token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "invited_by": {
+          "name": "invited_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "credential_set_invitation_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "accepted_at": {
+          "name": "accepted_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "accepted_by_user_id": {
+          "name": "accepted_by_user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "credential_set_invitation_set_id_idx": {
+          "name": "credential_set_invitation_set_id_idx",
+          "columns": [
+            {
+              "expression": "credential_set_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_set_invitation_token_idx": {
+          "name": "credential_set_invitation_token_idx",
+          "columns": [
+            {
+              "expression": "token",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_set_invitation_status_idx": {
+          "name": "credential_set_invitation_status_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_set_invitation_expires_at_idx": {
+          "name": "credential_set_invitation_expires_at_idx",
+          "columns": [
+            {
+              "expression": "expires_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "credential_set_invitation_credential_set_id_credential_set_id_fk": {
+          "name": "credential_set_invitation_credential_set_id_credential_set_id_fk",
+          "tableFrom": "credential_set_invitation",
+          "tableTo": "credential_set",
+          "columnsFrom": ["credential_set_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "credential_set_invitation_invited_by_user_id_fk": {
+          "name": "credential_set_invitation_invited_by_user_id_fk",
+          "tableFrom": "credential_set_invitation",
+          "tableTo": "user",
+          "columnsFrom": ["invited_by"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "credential_set_invitation_accepted_by_user_id_user_id_fk": {
+          "name": "credential_set_invitation_accepted_by_user_id_user_id_fk",
+          "tableFrom": "credential_set_invitation",
+          "tableTo": "user",
+          "columnsFrom": ["accepted_by_user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "credential_set_invitation_token_unique": {
+          "name": "credential_set_invitation_token_unique",
+          "nullsNotDistinct": false,
+          "columns": ["token"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.credential_set_member": {
+      "name": "credential_set_member",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "credential_set_id": {
+          "name": "credential_set_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "credential_set_member_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "joined_at": {
+          "name": "joined_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "invited_by": {
+          "name": "invited_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "credential_set_member_user_id_idx": {
+          "name": "credential_set_member_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_set_member_unique": {
+          "name": "credential_set_member_unique",
+          "columns": [
+            {
+              "expression": "credential_set_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "credential_set_member_status_idx": {
+          "name": "credential_set_member_status_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "credential_set_member_credential_set_id_credential_set_id_fk": {
+          "name": "credential_set_member_credential_set_id_credential_set_id_fk",
+          "tableFrom": "credential_set_member",
+          "tableTo": "credential_set",
+          "columnsFrom": ["credential_set_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "credential_set_member_user_id_user_id_fk": {
+          "name": "credential_set_member_user_id_user_id_fk",
+          "tableFrom": "credential_set_member",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "credential_set_member_invited_by_user_id_fk": {
+          "name": "credential_set_member_invited_by_user_id_fk",
+          "tableFrom": "credential_set_member",
+          "tableTo": "user",
+          "columnsFrom": ["invited_by"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.custom_tools": {
+      "name": "custom_tools",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "title": {
+          "name": "title",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "schema": {
+          "name": "schema",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "code": {
+          "name": "code",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "custom_tools_workspace_id_idx": {
+          "name": "custom_tools_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "custom_tools_workspace_title_unique": {
+          "name": "custom_tools_workspace_title_unique",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "title",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "custom_tools_workspace_id_workspace_id_fk": {
+          "name": "custom_tools_workspace_id_workspace_id_fk",
+          "tableFrom": "custom_tools",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "custom_tools_user_id_user_id_fk": {
+          "name": "custom_tools_user_id_user_id_fk",
+          "tableFrom": "custom_tools",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.docs_embeddings": {
+      "name": "docs_embeddings",
+      "schema": "",
+      "columns": {
+        "chunk_id": {
+          "name": "chunk_id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true,
+          "default": "gen_random_uuid()"
+        },
+        "chunk_text": {
+          "name": "chunk_text",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "source_document": {
+          "name": "source_document",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "source_link": {
+          "name": "source_link",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "header_text": {
+          "name": "header_text",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "header_level": {
+          "name": "header_level",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "token_count": {
+          "name": "token_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "embedding": {
+          "name": "embedding",
+          "type": "vector(1536)",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "embedding_model": {
+          "name": "embedding_model",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'text-embedding-3-small'"
+        },
+        "metadata": {
+          "name": "metadata",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "chunk_text_tsv": {
+          "name": "chunk_text_tsv",
+          "type": "tsvector",
+          "primaryKey": false,
+          "notNull": false,
+          "generated": {
+            "as": "to_tsvector('english', \"docs_embeddings\".\"chunk_text\")",
+            "type": "stored"
+          }
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "docs_emb_source_document_idx": {
+          "name": "docs_emb_source_document_idx",
+          "columns": [
+            {
+              "expression": "source_document",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "docs_emb_header_level_idx": {
+          "name": "docs_emb_header_level_idx",
+          "columns": [
+            {
+              "expression": "header_level",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "docs_emb_source_header_idx": {
+          "name": "docs_emb_source_header_idx",
+          "columns": [
+            {
+              "expression": "source_document",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "header_level",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "docs_emb_model_idx": {
+          "name": "docs_emb_model_idx",
+          "columns": [
+            {
+              "expression": "embedding_model",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "docs_emb_created_at_idx": {
+          "name": "docs_emb_created_at_idx",
+          "columns": [
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "docs_embedding_vector_hnsw_idx": {
+          "name": "docs_embedding_vector_hnsw_idx",
+          "columns": [
+            {
+              "expression": "embedding",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last",
+              "opclass": "vector_cosine_ops"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "hnsw",
+          "with": {
+            "m": 16,
+            "ef_construction": 64
+          }
+        },
+        "docs_emb_metadata_gin_idx": {
+          "name": "docs_emb_metadata_gin_idx",
+          "columns": [
+            {
+              "expression": "metadata",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "gin",
+          "with": {}
+        },
+        "docs_emb_chunk_text_fts_idx": {
+          "name": "docs_emb_chunk_text_fts_idx",
+          "columns": [
+            {
+              "expression": "chunk_text_tsv",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "gin",
+          "with": {}
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {
+        "docs_embedding_not_null_check": {
+          "name": "docs_embedding_not_null_check",
+          "value": "\"embedding\" IS NOT NULL"
+        },
+        "docs_header_level_check": {
+          "name": "docs_header_level_check",
+          "value": "\"header_level\" >= 1 AND \"header_level\" <= 6"
+        }
+      },
+      "isRLSEnabled": false
+    },
+    "public.document": {
+      "name": "document",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "knowledge_base_id": {
+          "name": "knowledge_base_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "filename": {
+          "name": "filename",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "file_url": {
+          "name": "file_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "file_size": {
+          "name": "file_size",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "mime_type": {
+          "name": "mime_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "chunk_count": {
+          "name": "chunk_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "token_count": {
+          "name": "token_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "character_count": {
+          "name": "character_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "processing_status": {
+          "name": "processing_status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "processing_started_at": {
+          "name": "processing_started_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "processing_completed_at": {
+          "name": "processing_completed_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "processing_error": {
+          "name": "processing_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "archived_at": {
+          "name": "archived_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "deleted_at": {
+          "name": "deleted_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "user_excluded": {
+          "name": "user_excluded",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "tag1": {
+          "name": "tag1",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag2": {
+          "name": "tag2",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag3": {
+          "name": "tag3",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag4": {
+          "name": "tag4",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag5": {
+          "name": "tag5",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag6": {
+          "name": "tag6",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag7": {
+          "name": "tag7",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number1": {
+          "name": "number1",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number2": {
+          "name": "number2",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number3": {
+          "name": "number3",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number4": {
+          "name": "number4",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number5": {
+          "name": "number5",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "date1": {
+          "name": "date1",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "date2": {
+          "name": "date2",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "boolean1": {
+          "name": "boolean1",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "boolean2": {
+          "name": "boolean2",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "boolean3": {
+          "name": "boolean3",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "connector_id": {
+          "name": "connector_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "external_id": {
+          "name": "external_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "content_hash": {
+          "name": "content_hash",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "source_url": {
+          "name": "source_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "uploaded_at": {
+          "name": "uploaded_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "doc_kb_id_idx": {
+          "name": "doc_kb_id_idx",
+          "columns": [
+            {
+              "expression": "knowledge_base_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_filename_idx": {
+          "name": "doc_filename_idx",
+          "columns": [
+            {
+              "expression": "filename",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_processing_status_idx": {
+          "name": "doc_processing_status_idx",
+          "columns": [
+            {
+              "expression": "knowledge_base_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "processing_status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_connector_external_id_idx": {
+          "name": "doc_connector_external_id_idx",
+          "columns": [
+            {
+              "expression": "connector_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "external_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "where": "\"document\".\"deleted_at\" IS NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_connector_id_idx": {
+          "name": "doc_connector_id_idx",
+          "columns": [
+            {
+              "expression": "connector_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_archived_at_partial_idx": {
+          "name": "doc_archived_at_partial_idx",
+          "columns": [
+            {
+              "expression": "archived_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"document\".\"archived_at\" IS NOT NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_deleted_at_partial_idx": {
+          "name": "doc_deleted_at_partial_idx",
+          "columns": [
+            {
+              "expression": "deleted_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"document\".\"deleted_at\" IS NOT NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_tag1_idx": {
+          "name": "doc_tag1_idx",
+          "columns": [
+            {
+              "expression": "tag1",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_tag2_idx": {
+          "name": "doc_tag2_idx",
+          "columns": [
+            {
+              "expression": "tag2",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_tag3_idx": {
+          "name": "doc_tag3_idx",
+          "columns": [
+            {
+              "expression": "tag3",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_tag4_idx": {
+          "name": "doc_tag4_idx",
+          "columns": [
+            {
+              "expression": "tag4",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_tag5_idx": {
+          "name": "doc_tag5_idx",
+          "columns": [
+            {
+              "expression": "tag5",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_tag6_idx": {
+          "name": "doc_tag6_idx",
+          "columns": [
+            {
+              "expression": "tag6",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_tag7_idx": {
+          "name": "doc_tag7_idx",
+          "columns": [
+            {
+              "expression": "tag7",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_number1_idx": {
+          "name": "doc_number1_idx",
+          "columns": [
+            {
+              "expression": "number1",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_number2_idx": {
+          "name": "doc_number2_idx",
+          "columns": [
+            {
+              "expression": "number2",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_number3_idx": {
+          "name": "doc_number3_idx",
+          "columns": [
+            {
+              "expression": "number3",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_number4_idx": {
+          "name": "doc_number4_idx",
+          "columns": [
+            {
+              "expression": "number4",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_number5_idx": {
+          "name": "doc_number5_idx",
+          "columns": [
+            {
+              "expression": "number5",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_date1_idx": {
+          "name": "doc_date1_idx",
+          "columns": [
+            {
+              "expression": "date1",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_date2_idx": {
+          "name": "doc_date2_idx",
+          "columns": [
+            {
+              "expression": "date2",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_boolean1_idx": {
+          "name": "doc_boolean1_idx",
+          "columns": [
+            {
+              "expression": "boolean1",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_boolean2_idx": {
+          "name": "doc_boolean2_idx",
+          "columns": [
+            {
+              "expression": "boolean2",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "doc_boolean3_idx": {
+          "name": "doc_boolean3_idx",
+          "columns": [
+            {
+              "expression": "boolean3",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "document_knowledge_base_id_knowledge_base_id_fk": {
+          "name": "document_knowledge_base_id_knowledge_base_id_fk",
+          "tableFrom": "document",
+          "tableTo": "knowledge_base",
+          "columnsFrom": ["knowledge_base_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "document_connector_id_knowledge_connector_id_fk": {
+          "name": "document_connector_id_knowledge_connector_id_fk",
+          "tableFrom": "document",
+          "tableTo": "knowledge_connector",
+          "columnsFrom": ["connector_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.embedding": {
+      "name": "embedding",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "knowledge_base_id": {
+          "name": "knowledge_base_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "document_id": {
+          "name": "document_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "chunk_index": {
+          "name": "chunk_index",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "chunk_hash": {
+          "name": "chunk_hash",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "content": {
+          "name": "content",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "content_length": {
+          "name": "content_length",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "token_count": {
+          "name": "token_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "embedding": {
+          "name": "embedding",
+          "type": "vector(1536)",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "embedding_model": {
+          "name": "embedding_model",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'text-embedding-3-small'"
+        },
+        "start_offset": {
+          "name": "start_offset",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "end_offset": {
+          "name": "end_offset",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "tag1": {
+          "name": "tag1",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag2": {
+          "name": "tag2",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag3": {
+          "name": "tag3",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag4": {
+          "name": "tag4",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag5": {
+          "name": "tag5",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag6": {
+          "name": "tag6",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "tag7": {
+          "name": "tag7",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number1": {
+          "name": "number1",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number2": {
+          "name": "number2",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number3": {
+          "name": "number3",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number4": {
+          "name": "number4",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "number5": {
+          "name": "number5",
+          "type": "double precision",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "date1": {
+          "name": "date1",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "date2": {
+          "name": "date2",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "boolean1": {
+          "name": "boolean1",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "boolean2": {
+          "name": "boolean2",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "boolean3": {
+          "name": "boolean3",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "content_tsv": {
+          "name": "content_tsv",
+          "type": "tsvector",
+          "primaryKey": false,
+          "notNull": false,
+          "generated": {
+            "as": "to_tsvector('english', \"embedding\".\"content\")",
+            "type": "stored"
+          }
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "emb_kb_id_idx": {
+          "name": "emb_kb_id_idx",
+          "columns": [
+            {
+              "expression": "knowledge_base_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_doc_id_idx": {
+          "name": "emb_doc_id_idx",
+          "columns": [
+            {
+              "expression": "document_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_doc_chunk_idx": {
+          "name": "emb_doc_chunk_idx",
+          "columns": [
+            {
+              "expression": "document_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "chunk_index",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_kb_model_idx": {
+          "name": "emb_kb_model_idx",
+          "columns": [
+            {
+              "expression": "knowledge_base_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "embedding_model",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_kb_enabled_idx": {
+          "name": "emb_kb_enabled_idx",
+          "columns": [
+            {
+              "expression": "knowledge_base_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "enabled",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_doc_enabled_idx": {
+          "name": "emb_doc_enabled_idx",
+          "columns": [
+            {
+              "expression": "document_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "enabled",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "embedding_vector_hnsw_idx": {
+          "name": "embedding_vector_hnsw_idx",
+          "columns": [
+            {
+              "expression": "embedding",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last",
+              "opclass": "vector_cosine_ops"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "hnsw",
+          "with": {
+            "m": 16,
+            "ef_construction": 64
+          }
+        },
+        "emb_tag1_idx": {
+          "name": "emb_tag1_idx",
+          "columns": [
+            {
+              "expression": "tag1",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_tag2_idx": {
+          "name": "emb_tag2_idx",
+          "columns": [
+            {
+              "expression": "tag2",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_tag3_idx": {
+          "name": "emb_tag3_idx",
+          "columns": [
+            {
+              "expression": "tag3",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_tag4_idx": {
+          "name": "emb_tag4_idx",
+          "columns": [
+            {
+              "expression": "tag4",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_tag5_idx": {
+          "name": "emb_tag5_idx",
+          "columns": [
+            {
+              "expression": "tag5",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_tag6_idx": {
+          "name": "emb_tag6_idx",
+          "columns": [
+            {
+              "expression": "tag6",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_tag7_idx": {
+          "name": "emb_tag7_idx",
+          "columns": [
+            {
+              "expression": "tag7",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_number1_idx": {
+          "name": "emb_number1_idx",
+          "columns": [
+            {
+              "expression": "number1",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_number2_idx": {
+          "name": "emb_number2_idx",
+          "columns": [
+            {
+              "expression": "number2",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_number3_idx": {
+          "name": "emb_number3_idx",
+          "columns": [
+            {
+              "expression": "number3",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_number4_idx": {
+          "name": "emb_number4_idx",
+          "columns": [
+            {
+              "expression": "number4",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_number5_idx": {
+          "name": "emb_number5_idx",
+          "columns": [
+            {
+              "expression": "number5",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_date1_idx": {
+          "name": "emb_date1_idx",
+          "columns": [
+            {
+              "expression": "date1",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_date2_idx": {
+          "name": "emb_date2_idx",
+          "columns": [
+            {
+              "expression": "date2",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_boolean1_idx": {
+          "name": "emb_boolean1_idx",
+          "columns": [
+            {
+              "expression": "boolean1",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_boolean2_idx": {
+          "name": "emb_boolean2_idx",
+          "columns": [
+            {
+              "expression": "boolean2",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_boolean3_idx": {
+          "name": "emb_boolean3_idx",
+          "columns": [
+            {
+              "expression": "boolean3",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "emb_content_fts_idx": {
+          "name": "emb_content_fts_idx",
+          "columns": [
+            {
+              "expression": "content_tsv",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "gin",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "embedding_knowledge_base_id_knowledge_base_id_fk": {
+          "name": "embedding_knowledge_base_id_knowledge_base_id_fk",
+          "tableFrom": "embedding",
+          "tableTo": "knowledge_base",
+          "columnsFrom": ["knowledge_base_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "embedding_document_id_document_id_fk": {
+          "name": "embedding_document_id_document_id_fk",
+          "tableFrom": "embedding",
+          "tableTo": "document",
+          "columnsFrom": ["document_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {
+        "embedding_not_null_check": {
+          "name": "embedding_not_null_check",
+          "value": "\"embedding\" IS NOT NULL"
+        }
+      },
+      "isRLSEnabled": false
+    },
+    "public.environment": {
+      "name": "environment",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "variables": {
+          "name": "variables",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "environment_user_id_user_id_fk": {
+          "name": "environment_user_id_user_id_fk",
+          "tableFrom": "environment",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "environment_user_id_unique": {
+          "name": "environment_user_id_unique",
+          "nullsNotDistinct": false,
+          "columns": ["user_id"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.form": {
+      "name": "form",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "identifier": {
+          "name": "identifier",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "title": {
+          "name": "title",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "is_active": {
+          "name": "is_active",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "customizations": {
+          "name": "customizations",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'{}'"
+        },
+        "auth_type": {
+          "name": "auth_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'public'"
+        },
+        "password": {
+          "name": "password",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "allowed_emails": {
+          "name": "allowed_emails",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'[]'"
+        },
+        "show_branding": {
+          "name": "show_branding",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "archived_at": {
+          "name": "archived_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "form_identifier_idx": {
+          "name": "form_identifier_idx",
+          "columns": [
+            {
+              "expression": "identifier",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "where": "\"form\".\"archived_at\" IS NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "form_workflow_id_idx": {
+          "name": "form_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "form_user_id_idx": {
+          "name": "form_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "form_archived_at_partial_idx": {
+          "name": "form_archived_at_partial_idx",
+          "columns": [
+            {
+              "expression": "archived_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"form\".\"archived_at\" IS NOT NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "form_workflow_id_workflow_id_fk": {
+          "name": "form_workflow_id_workflow_id_fk",
+          "tableFrom": "form",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "form_user_id_user_id_fk": {
+          "name": "form_user_id_user_id_fk",
+          "tableFrom": "form",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.idempotency_key": {
+      "name": "idempotency_key",
+      "schema": "",
+      "columns": {
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "result": {
+          "name": "result",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "idempotency_key_created_at_idx": {
+          "name": "idempotency_key_created_at_idx",
+          "columns": [
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.invitation": {
+      "name": "invitation",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "kind": {
+          "name": "kind",
+          "type": "invitation_kind",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'organization'"
+        },
+        "email": {
+          "name": "email",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "inviter_id": {
+          "name": "inviter_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "organization_id": {
+          "name": "organization_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "membership_intent": {
+          "name": "membership_intent",
+          "type": "invitation_membership_intent",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'internal'"
+        },
+        "role": {
+          "name": "role",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "invitation_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "token": {
+          "name": "token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "invitation_email_idx": {
+          "name": "invitation_email_idx",
+          "columns": [
+            {
+              "expression": "email",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "invitation_organization_id_idx": {
+          "name": "invitation_organization_id_idx",
+          "columns": [
+            {
+              "expression": "organization_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "invitation_status_idx": {
+          "name": "invitation_status_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "invitation_pending_email_org_unique": {
+          "name": "invitation_pending_email_org_unique",
+          "columns": [
+            {
+              "expression": "email",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "organization_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "where": "\"invitation\".\"status\" = 'pending' AND \"invitation\".\"organization_id\" IS NOT NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "invitation_inviter_id_user_id_fk": {
+          "name": "invitation_inviter_id_user_id_fk",
+          "tableFrom": "invitation",
+          "tableTo": "user",
+          "columnsFrom": ["inviter_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "invitation_organization_id_organization_id_fk": {
+          "name": "invitation_organization_id_organization_id_fk",
+          "tableFrom": "invitation",
+          "tableTo": "organization",
+          "columnsFrom": ["organization_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "invitation_token_unique": {
+          "name": "invitation_token_unique",
+          "nullsNotDistinct": false,
+          "columns": ["token"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.invitation_workspace_grant": {
+      "name": "invitation_workspace_grant",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "invitation_id": {
+          "name": "invitation_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "permission": {
+          "name": "permission",
+          "type": "permission_type",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "invitation_workspace_grant_unique": {
+          "name": "invitation_workspace_grant_unique",
+          "columns": [
+            {
+              "expression": "invitation_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "invitation_workspace_grant_workspace_id_idx": {
+          "name": "invitation_workspace_grant_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "invitation_workspace_grant_invitation_id_invitation_id_fk": {
+          "name": "invitation_workspace_grant_invitation_id_invitation_id_fk",
+          "tableFrom": "invitation_workspace_grant",
+          "tableTo": "invitation",
+          "columnsFrom": ["invitation_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "invitation_workspace_grant_workspace_id_workspace_id_fk": {
+          "name": "invitation_workspace_grant_workspace_id_workspace_id_fk",
+          "tableFrom": "invitation_workspace_grant",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.job_execution_logs": {
+      "name": "job_execution_logs",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "schedule_id": {
+          "name": "schedule_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "execution_id": {
+          "name": "execution_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "level": {
+          "name": "level",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'running'"
+        },
+        "trigger": {
+          "name": "trigger",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "started_at": {
+          "name": "started_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "ended_at": {
+          "name": "ended_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "total_duration_ms": {
+          "name": "total_duration_ms",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "execution_data": {
+          "name": "execution_data",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "cost": {
+          "name": "cost",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "job_execution_logs_schedule_id_idx": {
+          "name": "job_execution_logs_schedule_id_idx",
+          "columns": [
+            {
+              "expression": "schedule_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "job_execution_logs_workspace_started_at_idx": {
+          "name": "job_execution_logs_workspace_started_at_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "started_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "job_execution_logs_execution_id_unique": {
+          "name": "job_execution_logs_execution_id_unique",
+          "columns": [
+            {
+              "expression": "execution_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "job_execution_logs_trigger_idx": {
+          "name": "job_execution_logs_trigger_idx",
+          "columns": [
+            {
+              "expression": "trigger",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "job_execution_logs_schedule_id_workflow_schedule_id_fk": {
+          "name": "job_execution_logs_schedule_id_workflow_schedule_id_fk",
+          "tableFrom": "job_execution_logs",
+          "tableTo": "workflow_schedule",
+          "columnsFrom": ["schedule_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        },
+        "job_execution_logs_workspace_id_workspace_id_fk": {
+          "name": "job_execution_logs_workspace_id_workspace_id_fk",
+          "tableFrom": "job_execution_logs",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.jwks": {
+      "name": "jwks",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "public_key": {
+          "name": "public_key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "private_key": {
+          "name": "private_key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.knowledge_base": {
+      "name": "knowledge_base",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "token_count": {
+          "name": "token_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "embedding_model": {
+          "name": "embedding_model",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'text-embedding-3-small'"
+        },
+        "embedding_dimension": {
+          "name": "embedding_dimension",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 1536
+        },
+        "chunking_config": {
+          "name": "chunking_config",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{\"maxSize\": 1024, \"minSize\": 1, \"overlap\": 200}'"
+        },
+        "deleted_at": {
+          "name": "deleted_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "kb_user_id_idx": {
+          "name": "kb_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "kb_workspace_id_idx": {
+          "name": "kb_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "kb_user_workspace_idx": {
+          "name": "kb_user_workspace_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "kb_deleted_at_idx": {
+          "name": "kb_deleted_at_idx",
+          "columns": [
+            {
+              "expression": "deleted_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "kb_workspace_deleted_partial_idx": {
+          "name": "kb_workspace_deleted_partial_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "deleted_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"knowledge_base\".\"deleted_at\" IS NOT NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "kb_workspace_name_active_unique": {
+          "name": "kb_workspace_name_active_unique",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "name",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "where": "\"knowledge_base\".\"deleted_at\" IS NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "knowledge_base_user_id_user_id_fk": {
+          "name": "knowledge_base_user_id_user_id_fk",
+          "tableFrom": "knowledge_base",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "knowledge_base_workspace_id_workspace_id_fk": {
+          "name": "knowledge_base_workspace_id_workspace_id_fk",
+          "tableFrom": "knowledge_base",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.knowledge_base_tag_definitions": {
+      "name": "knowledge_base_tag_definitions",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "knowledge_base_id": {
+          "name": "knowledge_base_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "tag_slot": {
+          "name": "tag_slot",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "display_name": {
+          "name": "display_name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "field_type": {
+          "name": "field_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'text'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "kb_tag_definitions_kb_slot_idx": {
+          "name": "kb_tag_definitions_kb_slot_idx",
+          "columns": [
+            {
+              "expression": "knowledge_base_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "tag_slot",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "kb_tag_definitions_kb_display_name_idx": {
+          "name": "kb_tag_definitions_kb_display_name_idx",
+          "columns": [
+            {
+              "expression": "knowledge_base_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "display_name",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "kb_tag_definitions_kb_id_idx": {
+          "name": "kb_tag_definitions_kb_id_idx",
+          "columns": [
+            {
+              "expression": "knowledge_base_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "knowledge_base_tag_definitions_knowledge_base_id_knowledge_base_id_fk": {
+          "name": "knowledge_base_tag_definitions_knowledge_base_id_knowledge_base_id_fk",
+          "tableFrom": "knowledge_base_tag_definitions",
+          "tableTo": "knowledge_base",
+          "columnsFrom": ["knowledge_base_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.knowledge_connector": {
+      "name": "knowledge_connector",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "knowledge_base_id": {
+          "name": "knowledge_base_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "connector_type": {
+          "name": "connector_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "credential_id": {
+          "name": "credential_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "encrypted_api_key": {
+          "name": "encrypted_api_key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "source_config": {
+          "name": "source_config",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "sync_mode": {
+          "name": "sync_mode",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'full'"
+        },
+        "sync_interval_minutes": {
+          "name": "sync_interval_minutes",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 1440
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'active'"
+        },
+        "last_sync_at": {
+          "name": "last_sync_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "last_sync_error": {
+          "name": "last_sync_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "last_sync_doc_count": {
+          "name": "last_sync_doc_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "next_sync_at": {
+          "name": "next_sync_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "consecutive_failures": {
+          "name": "consecutive_failures",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "archived_at": {
+          "name": "archived_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "deleted_at": {
+          "name": "deleted_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "kc_knowledge_base_id_idx": {
+          "name": "kc_knowledge_base_id_idx",
+          "columns": [
+            {
+              "expression": "knowledge_base_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "kc_status_next_sync_idx": {
+          "name": "kc_status_next_sync_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "next_sync_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "kc_archived_at_partial_idx": {
+          "name": "kc_archived_at_partial_idx",
+          "columns": [
+            {
+              "expression": "archived_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"knowledge_connector\".\"archived_at\" IS NOT NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "kc_deleted_at_partial_idx": {
+          "name": "kc_deleted_at_partial_idx",
+          "columns": [
+            {
+              "expression": "deleted_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"knowledge_connector\".\"deleted_at\" IS NOT NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "knowledge_connector_knowledge_base_id_knowledge_base_id_fk": {
+          "name": "knowledge_connector_knowledge_base_id_knowledge_base_id_fk",
+          "tableFrom": "knowledge_connector",
+          "tableTo": "knowledge_base",
+          "columnsFrom": ["knowledge_base_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.knowledge_connector_sync_log": {
+      "name": "knowledge_connector_sync_log",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "connector_id": {
+          "name": "connector_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "started_at": {
+          "name": "started_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "completed_at": {
+          "name": "completed_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "docs_added": {
+          "name": "docs_added",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "docs_updated": {
+          "name": "docs_updated",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "docs_deleted": {
+          "name": "docs_deleted",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "docs_unchanged": {
+          "name": "docs_unchanged",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "docs_failed": {
+          "name": "docs_failed",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "error_message": {
+          "name": "error_message",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "kcsl_connector_id_idx": {
+          "name": "kcsl_connector_id_idx",
+          "columns": [
+            {
+              "expression": "connector_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "knowledge_connector_sync_log_connector_id_knowledge_connector_id_fk": {
+          "name": "knowledge_connector_sync_log_connector_id_knowledge_connector_id_fk",
+          "tableFrom": "knowledge_connector_sync_log",
+          "tableTo": "knowledge_connector",
+          "columnsFrom": ["connector_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.mcp_servers": {
+      "name": "mcp_servers",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "transport": {
+          "name": "transport",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "url": {
+          "name": "url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "headers": {
+          "name": "headers",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'{}'"
+        },
+        "timeout": {
+          "name": "timeout",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 30000
+        },
+        "retries": {
+          "name": "retries",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 3
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "last_connected": {
+          "name": "last_connected",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "connection_status": {
+          "name": "connection_status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'disconnected'"
+        },
+        "last_error": {
+          "name": "last_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "status_config": {
+          "name": "status_config",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'{}'"
+        },
+        "tool_count": {
+          "name": "tool_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 0
+        },
+        "last_tools_refresh": {
+          "name": "last_tools_refresh",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "total_requests": {
+          "name": "total_requests",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 0
+        },
+        "last_used": {
+          "name": "last_used",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "deleted_at": {
+          "name": "deleted_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "mcp_servers_workspace_enabled_idx": {
+          "name": "mcp_servers_workspace_enabled_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "enabled",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "mcp_servers_workspace_deleted_partial_idx": {
+          "name": "mcp_servers_workspace_deleted_partial_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "deleted_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"mcp_servers\".\"deleted_at\" IS NOT NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "mcp_servers_workspace_id_workspace_id_fk": {
+          "name": "mcp_servers_workspace_id_workspace_id_fk",
+          "tableFrom": "mcp_servers",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "mcp_servers_created_by_user_id_fk": {
+          "name": "mcp_servers_created_by_user_id_fk",
+          "tableFrom": "mcp_servers",
+          "tableTo": "user",
+          "columnsFrom": ["created_by"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.member": {
+      "name": "member",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "organization_id": {
+          "name": "organization_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "role": {
+          "name": "role",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "member_user_id_unique": {
+          "name": "member_user_id_unique",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "member_organization_id_idx": {
+          "name": "member_organization_id_idx",
+          "columns": [
+            {
+              "expression": "organization_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "member_user_id_user_id_fk": {
+          "name": "member_user_id_user_id_fk",
+          "tableFrom": "member",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "member_organization_id_organization_id_fk": {
+          "name": "member_organization_id_organization_id_fk",
+          "tableFrom": "member",
+          "tableTo": "organization",
+          "columnsFrom": ["organization_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.memory": {
+      "name": "memory",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "data": {
+          "name": "data",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "deleted_at": {
+          "name": "deleted_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "memory_key_idx": {
+          "name": "memory_key_idx",
+          "columns": [
+            {
+              "expression": "key",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "memory_workspace_idx": {
+          "name": "memory_workspace_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "memory_workspace_key_idx": {
+          "name": "memory_workspace_key_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "key",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "memory_workspace_deleted_partial_idx": {
+          "name": "memory_workspace_deleted_partial_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "deleted_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"memory\".\"deleted_at\" IS NOT NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "memory_workspace_id_workspace_id_fk": {
+          "name": "memory_workspace_id_workspace_id_fk",
+          "tableFrom": "memory",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.mothership_inbox_allowed_sender": {
+      "name": "mothership_inbox_allowed_sender",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "email": {
+          "name": "email",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "label": {
+          "name": "label",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "added_by": {
+          "name": "added_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "inbox_sender_ws_email_idx": {
+          "name": "inbox_sender_ws_email_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "email",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "mothership_inbox_allowed_sender_workspace_id_workspace_id_fk": {
+          "name": "mothership_inbox_allowed_sender_workspace_id_workspace_id_fk",
+          "tableFrom": "mothership_inbox_allowed_sender",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "mothership_inbox_allowed_sender_added_by_user_id_fk": {
+          "name": "mothership_inbox_allowed_sender_added_by_user_id_fk",
+          "tableFrom": "mothership_inbox_allowed_sender",
+          "tableTo": "user",
+          "columnsFrom": ["added_by"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.mothership_inbox_task": {
+      "name": "mothership_inbox_task",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "from_email": {
+          "name": "from_email",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "from_name": {
+          "name": "from_name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "subject": {
+          "name": "subject",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "body_preview": {
+          "name": "body_preview",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "body_text": {
+          "name": "body_text",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "body_html": {
+          "name": "body_html",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "email_message_id": {
+          "name": "email_message_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "in_reply_to": {
+          "name": "in_reply_to",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "response_message_id": {
+          "name": "response_message_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "agentmail_message_id": {
+          "name": "agentmail_message_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'received'"
+        },
+        "chat_id": {
+          "name": "chat_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "trigger_job_id": {
+          "name": "trigger_job_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "result_summary": {
+          "name": "result_summary",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "error_message": {
+          "name": "error_message",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "rejection_reason": {
+          "name": "rejection_reason",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "has_attachments": {
+          "name": "has_attachments",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "cc_recipients": {
+          "name": "cc_recipients",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "processing_started_at": {
+          "name": "processing_started_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "completed_at": {
+          "name": "completed_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "inbox_task_ws_created_at_idx": {
+          "name": "inbox_task_ws_created_at_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "inbox_task_ws_status_idx": {
+          "name": "inbox_task_ws_status_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "inbox_task_response_msg_id_idx": {
+          "name": "inbox_task_response_msg_id_idx",
+          "columns": [
+            {
+              "expression": "response_message_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "inbox_task_email_msg_id_idx": {
+          "name": "inbox_task_email_msg_id_idx",
+          "columns": [
+            {
+              "expression": "email_message_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "mothership_inbox_task_workspace_id_workspace_id_fk": {
+          "name": "mothership_inbox_task_workspace_id_workspace_id_fk",
+          "tableFrom": "mothership_inbox_task",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "mothership_inbox_task_chat_id_copilot_chats_id_fk": {
+          "name": "mothership_inbox_task_chat_id_copilot_chats_id_fk",
+          "tableFrom": "mothership_inbox_task",
+          "tableTo": "copilot_chats",
+          "columnsFrom": ["chat_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.mothership_inbox_webhook": {
+      "name": "mothership_inbox_webhook",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "webhook_id": {
+          "name": "webhook_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "secret": {
+          "name": "secret",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "mothership_inbox_webhook_workspace_id_workspace_id_fk": {
+          "name": "mothership_inbox_webhook_workspace_id_workspace_id_fk",
+          "tableFrom": "mothership_inbox_webhook",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "mothership_inbox_webhook_workspace_id_unique": {
+          "name": "mothership_inbox_webhook_workspace_id_unique",
+          "nullsNotDistinct": false,
+          "columns": ["workspace_id"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.oauth_access_token": {
+      "name": "oauth_access_token",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "access_token": {
+          "name": "access_token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "refresh_token": {
+          "name": "refresh_token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "access_token_expires_at": {
+          "name": "access_token_expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "refresh_token_expires_at": {
+          "name": "refresh_token_expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "client_id": {
+          "name": "client_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "scopes": {
+          "name": "scopes",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "oauth_access_token_access_token_idx": {
+          "name": "oauth_access_token_access_token_idx",
+          "columns": [
+            {
+              "expression": "access_token",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "oauth_access_token_refresh_token_idx": {
+          "name": "oauth_access_token_refresh_token_idx",
+          "columns": [
+            {
+              "expression": "refresh_token",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "oauth_access_token_client_id_oauth_application_client_id_fk": {
+          "name": "oauth_access_token_client_id_oauth_application_client_id_fk",
+          "tableFrom": "oauth_access_token",
+          "tableTo": "oauth_application",
+          "columnsFrom": ["client_id"],
+          "columnsTo": ["client_id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "oauth_access_token_user_id_user_id_fk": {
+          "name": "oauth_access_token_user_id_user_id_fk",
+          "tableFrom": "oauth_access_token",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "oauth_access_token_access_token_unique": {
+          "name": "oauth_access_token_access_token_unique",
+          "nullsNotDistinct": false,
+          "columns": ["access_token"]
+        },
+        "oauth_access_token_refresh_token_unique": {
+          "name": "oauth_access_token_refresh_token_unique",
+          "nullsNotDistinct": false,
+          "columns": ["refresh_token"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.oauth_application": {
+      "name": "oauth_application",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "icon": {
+          "name": "icon",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "metadata": {
+          "name": "metadata",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "client_id": {
+          "name": "client_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "client_secret": {
+          "name": "client_secret",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "redirect_urls": {
+          "name": "redirect_urls",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "disabled": {
+          "name": "disabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": false,
+          "default": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "oauth_application_client_id_idx": {
+          "name": "oauth_application_client_id_idx",
+          "columns": [
+            {
+              "expression": "client_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "oauth_application_user_id_user_id_fk": {
+          "name": "oauth_application_user_id_user_id_fk",
+          "tableFrom": "oauth_application",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "oauth_application_client_id_unique": {
+          "name": "oauth_application_client_id_unique",
+          "nullsNotDistinct": false,
+          "columns": ["client_id"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.oauth_consent": {
+      "name": "oauth_consent",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "client_id": {
+          "name": "client_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "scopes": {
+          "name": "scopes",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "consent_given": {
+          "name": "consent_given",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "oauth_consent_user_client_idx": {
+          "name": "oauth_consent_user_client_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "client_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "oauth_consent_client_id_oauth_application_client_id_fk": {
+          "name": "oauth_consent_client_id_oauth_application_client_id_fk",
+          "tableFrom": "oauth_consent",
+          "tableTo": "oauth_application",
+          "columnsFrom": ["client_id"],
+          "columnsTo": ["client_id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "oauth_consent_user_id_user_id_fk": {
+          "name": "oauth_consent_user_id_user_id_fk",
+          "tableFrom": "oauth_consent",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.organization": {
+      "name": "organization",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "slug": {
+          "name": "slug",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "logo": {
+          "name": "logo",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "metadata": {
+          "name": "metadata",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "whitelabel_settings": {
+          "name": "whitelabel_settings",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "data_retention_settings": {
+          "name": "data_retention_settings",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "org_usage_limit": {
+          "name": "org_usage_limit",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "storage_used_bytes": {
+          "name": "storage_used_bytes",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "departed_member_usage": {
+          "name": "departed_member_usage",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "credit_balance": {
+          "name": "credit_balance",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.outbox_event": {
+      "name": "outbox_event",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "event_type": {
+          "name": "event_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "payload": {
+          "name": "payload",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "attempts": {
+          "name": "attempts",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "max_attempts": {
+          "name": "max_attempts",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 10
+        },
+        "available_at": {
+          "name": "available_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "locked_at": {
+          "name": "locked_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "last_error": {
+          "name": "last_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "processed_at": {
+          "name": "processed_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "outbox_event_status_available_idx": {
+          "name": "outbox_event_status_available_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "available_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "outbox_event_locked_at_idx": {
+          "name": "outbox_event_locked_at_idx",
+          "columns": [
+            {
+              "expression": "locked_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.paused_executions": {
+      "name": "paused_executions",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "execution_id": {
+          "name": "execution_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "execution_snapshot": {
+          "name": "execution_snapshot",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "pause_points": {
+          "name": "pause_points",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "total_pause_count": {
+          "name": "total_pause_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "resumed_count": {
+          "name": "resumed_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'paused'"
+        },
+        "metadata": {
+          "name": "metadata",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'::jsonb"
+        },
+        "paused_at": {
+          "name": "paused_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "paused_executions_workflow_id_idx": {
+          "name": "paused_executions_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "paused_executions_status_idx": {
+          "name": "paused_executions_status_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "paused_executions_execution_id_unique": {
+          "name": "paused_executions_execution_id_unique",
+          "columns": [
+            {
+              "expression": "execution_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "paused_executions_workflow_id_workflow_id_fk": {
+          "name": "paused_executions_workflow_id_workflow_id_fk",
+          "tableFrom": "paused_executions",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.pending_credential_draft": {
+      "name": "pending_credential_draft",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "provider_id": {
+          "name": "provider_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "display_name": {
+          "name": "display_name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "credential_id": {
+          "name": "credential_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "pending_draft_user_provider_ws": {
+          "name": "pending_draft_user_provider_ws",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "provider_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "pending_credential_draft_user_id_user_id_fk": {
+          "name": "pending_credential_draft_user_id_user_id_fk",
+          "tableFrom": "pending_credential_draft",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "pending_credential_draft_workspace_id_workspace_id_fk": {
+          "name": "pending_credential_draft_workspace_id_workspace_id_fk",
+          "tableFrom": "pending_credential_draft",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "pending_credential_draft_credential_id_credential_id_fk": {
+          "name": "pending_credential_draft_credential_id_credential_id_fk",
+          "tableFrom": "pending_credential_draft",
+          "tableTo": "credential",
+          "columnsFrom": ["credential_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.permission_group": {
+      "name": "permission_group",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "config": {
+          "name": "config",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "auto_add_new_members": {
+          "name": "auto_add_new_members",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        }
+      },
+      "indexes": {
+        "permission_group_created_by_idx": {
+          "name": "permission_group_created_by_idx",
+          "columns": [
+            {
+              "expression": "created_by",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "permission_group_workspace_name_unique": {
+          "name": "permission_group_workspace_name_unique",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "name",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "permission_group_workspace_auto_add_unique": {
+          "name": "permission_group_workspace_auto_add_unique",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "where": "auto_add_new_members = true",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "permission_group_workspace_id_workspace_id_fk": {
+          "name": "permission_group_workspace_id_workspace_id_fk",
+          "tableFrom": "permission_group",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "permission_group_created_by_user_id_fk": {
+          "name": "permission_group_created_by_user_id_fk",
+          "tableFrom": "permission_group",
+          "tableTo": "user",
+          "columnsFrom": ["created_by"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.permission_group_member": {
+      "name": "permission_group_member",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "permission_group_id": {
+          "name": "permission_group_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "assigned_by": {
+          "name": "assigned_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "assigned_at": {
+          "name": "assigned_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "permission_group_member_group_id_idx": {
+          "name": "permission_group_member_group_id_idx",
+          "columns": [
+            {
+              "expression": "permission_group_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "permission_group_member_group_user_unique": {
+          "name": "permission_group_member_group_user_unique",
+          "columns": [
+            {
+              "expression": "permission_group_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "permission_group_member_workspace_user_unique": {
+          "name": "permission_group_member_workspace_user_unique",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "permission_group_member_permission_group_id_permission_group_id_fk": {
+          "name": "permission_group_member_permission_group_id_permission_group_id_fk",
+          "tableFrom": "permission_group_member",
+          "tableTo": "permission_group",
+          "columnsFrom": ["permission_group_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "permission_group_member_workspace_id_workspace_id_fk": {
+          "name": "permission_group_member_workspace_id_workspace_id_fk",
+          "tableFrom": "permission_group_member",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "permission_group_member_user_id_user_id_fk": {
+          "name": "permission_group_member_user_id_user_id_fk",
+          "tableFrom": "permission_group_member",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "permission_group_member_assigned_by_user_id_fk": {
+          "name": "permission_group_member_assigned_by_user_id_fk",
+          "tableFrom": "permission_group_member",
+          "tableTo": "user",
+          "columnsFrom": ["assigned_by"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.permissions": {
+      "name": "permissions",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "entity_type": {
+          "name": "entity_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "entity_id": {
+          "name": "entity_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "permission_type": {
+          "name": "permission_type",
+          "type": "permission_type",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "permissions_user_id_idx": {
+          "name": "permissions_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "permissions_entity_idx": {
+          "name": "permissions_entity_idx",
+          "columns": [
+            {
+              "expression": "entity_type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "entity_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "permissions_user_entity_type_idx": {
+          "name": "permissions_user_entity_type_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "entity_type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "permissions_user_entity_permission_idx": {
+          "name": "permissions_user_entity_permission_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "entity_type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "permission_type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "permissions_user_entity_idx": {
+          "name": "permissions_user_entity_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "entity_type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "entity_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "permissions_unique_constraint": {
+          "name": "permissions_unique_constraint",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "entity_type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "entity_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "permissions_user_id_user_id_fk": {
+          "name": "permissions_user_id_user_id_fk",
+          "tableFrom": "permissions",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.rate_limit_bucket": {
+      "name": "rate_limit_bucket",
+      "schema": "",
+      "columns": {
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "tokens": {
+          "name": "tokens",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "last_refill_at": {
+          "name": "last_refill_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.resume_queue": {
+      "name": "resume_queue",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "paused_execution_id": {
+          "name": "paused_execution_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "parent_execution_id": {
+          "name": "parent_execution_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "new_execution_id": {
+          "name": "new_execution_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "context_id": {
+          "name": "context_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "resume_input": {
+          "name": "resume_input",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "queued_at": {
+          "name": "queued_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "claimed_at": {
+          "name": "claimed_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "completed_at": {
+          "name": "completed_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "failure_reason": {
+          "name": "failure_reason",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "resume_queue_parent_status_idx": {
+          "name": "resume_queue_parent_status_idx",
+          "columns": [
+            {
+              "expression": "parent_execution_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "queued_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "resume_queue_new_execution_idx": {
+          "name": "resume_queue_new_execution_idx",
+          "columns": [
+            {
+              "expression": "new_execution_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "resume_queue_paused_execution_id_paused_executions_id_fk": {
+          "name": "resume_queue_paused_execution_id_paused_executions_id_fk",
+          "tableFrom": "resume_queue",
+          "tableTo": "paused_executions",
+          "columnsFrom": ["paused_execution_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.session": {
+      "name": "session",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "token": {
+          "name": "token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "ip_address": {
+          "name": "ip_address",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "user_agent": {
+          "name": "user_agent",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "active_organization_id": {
+          "name": "active_organization_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "impersonated_by": {
+          "name": "impersonated_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "session_user_id_idx": {
+          "name": "session_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "session_token_idx": {
+          "name": "session_token_idx",
+          "columns": [
+            {
+              "expression": "token",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "session_user_id_user_id_fk": {
+          "name": "session_user_id_user_id_fk",
+          "tableFrom": "session",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "session_active_organization_id_organization_id_fk": {
+          "name": "session_active_organization_id_organization_id_fk",
+          "tableFrom": "session",
+          "tableTo": "organization",
+          "columnsFrom": ["active_organization_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "session_token_unique": {
+          "name": "session_token_unique",
+          "nullsNotDistinct": false,
+          "columns": ["token"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.settings": {
+      "name": "settings",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "theme": {
+          "name": "theme",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'system'"
+        },
+        "auto_connect": {
+          "name": "auto_connect",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "telemetry_enabled": {
+          "name": "telemetry_enabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "email_preferences": {
+          "name": "email_preferences",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "billing_usage_notifications_enabled": {
+          "name": "billing_usage_notifications_enabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "show_training_controls": {
+          "name": "show_training_controls",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "super_user_mode_enabled": {
+          "name": "super_user_mode_enabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "error_notifications_enabled": {
+          "name": "error_notifications_enabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "snap_to_grid_size": {
+          "name": "snap_to_grid_size",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "show_action_bar": {
+          "name": "show_action_bar",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "copilot_enabled_models": {
+          "name": "copilot_enabled_models",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "copilot_auto_allowed_tools": {
+          "name": "copilot_auto_allowed_tools",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'[]'"
+        },
+        "last_active_workspace_id": {
+          "name": "last_active_workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "settings_user_id_user_id_fk": {
+          "name": "settings_user_id_user_id_fk",
+          "tableFrom": "settings",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "settings_user_id_unique": {
+          "name": "settings_user_id_unique",
+          "nullsNotDistinct": false,
+          "columns": ["user_id"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.skill": {
+      "name": "skill",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "content": {
+          "name": "content",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "skill_workspace_name_unique": {
+          "name": "skill_workspace_name_unique",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "name",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "skill_workspace_id_workspace_id_fk": {
+          "name": "skill_workspace_id_workspace_id_fk",
+          "tableFrom": "skill",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "skill_user_id_user_id_fk": {
+          "name": "skill_user_id_user_id_fk",
+          "tableFrom": "skill",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.sso_provider": {
+      "name": "sso_provider",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "issuer": {
+          "name": "issuer",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "domain": {
+          "name": "domain",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "oidc_config": {
+          "name": "oidc_config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "saml_config": {
+          "name": "saml_config",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "provider_id": {
+          "name": "provider_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "organization_id": {
+          "name": "organization_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "sso_provider_provider_id_idx": {
+          "name": "sso_provider_provider_id_idx",
+          "columns": [
+            {
+              "expression": "provider_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "sso_provider_domain_idx": {
+          "name": "sso_provider_domain_idx",
+          "columns": [
+            {
+              "expression": "domain",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "sso_provider_user_id_idx": {
+          "name": "sso_provider_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "sso_provider_organization_id_idx": {
+          "name": "sso_provider_organization_id_idx",
+          "columns": [
+            {
+              "expression": "organization_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "sso_provider_user_id_user_id_fk": {
+          "name": "sso_provider_user_id_user_id_fk",
+          "tableFrom": "sso_provider",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "sso_provider_organization_id_organization_id_fk": {
+          "name": "sso_provider_organization_id_organization_id_fk",
+          "tableFrom": "sso_provider",
+          "tableTo": "organization",
+          "columnsFrom": ["organization_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.subscription": {
+      "name": "subscription",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "plan": {
+          "name": "plan",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "reference_id": {
+          "name": "reference_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "stripe_customer_id": {
+          "name": "stripe_customer_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "stripe_subscription_id": {
+          "name": "stripe_subscription_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "period_start": {
+          "name": "period_start",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "period_end": {
+          "name": "period_end",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "cancel_at_period_end": {
+          "name": "cancel_at_period_end",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "seats": {
+          "name": "seats",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "trial_start": {
+          "name": "trial_start",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "trial_end": {
+          "name": "trial_end",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "metadata": {
+          "name": "metadata",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "subscription_reference_status_idx": {
+          "name": "subscription_reference_status_idx",
+          "columns": [
+            {
+              "expression": "reference_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {
+        "check_enterprise_metadata": {
+          "name": "check_enterprise_metadata",
+          "value": "plan != 'enterprise' OR metadata IS NOT NULL"
+        }
+      },
+      "isRLSEnabled": false
+    },
+    "public.template_creators": {
+      "name": "template_creators",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "reference_type": {
+          "name": "reference_type",
+          "type": "template_creator_type",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "reference_id": {
+          "name": "reference_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "profile_image_url": {
+          "name": "profile_image_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "details": {
+          "name": "details",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "verified": {
+          "name": "verified",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "template_creators_reference_idx": {
+          "name": "template_creators_reference_idx",
+          "columns": [
+            {
+              "expression": "reference_type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "reference_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "template_creators_reference_id_idx": {
+          "name": "template_creators_reference_id_idx",
+          "columns": [
+            {
+              "expression": "reference_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "template_creators_created_by_idx": {
+          "name": "template_creators_created_by_idx",
+          "columns": [
+            {
+              "expression": "created_by",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "template_creators_created_by_user_id_fk": {
+          "name": "template_creators_created_by_user_id_fk",
+          "tableFrom": "template_creators",
+          "tableTo": "user",
+          "columnsFrom": ["created_by"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.template_stars": {
+      "name": "template_stars",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "template_id": {
+          "name": "template_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "starred_at": {
+          "name": "starred_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "template_stars_user_id_idx": {
+          "name": "template_stars_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "template_stars_template_id_idx": {
+          "name": "template_stars_template_id_idx",
+          "columns": [
+            {
+              "expression": "template_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "template_stars_user_template_idx": {
+          "name": "template_stars_user_template_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "template_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "template_stars_template_user_idx": {
+          "name": "template_stars_template_user_idx",
+          "columns": [
+            {
+              "expression": "template_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "template_stars_starred_at_idx": {
+          "name": "template_stars_starred_at_idx",
+          "columns": [
+            {
+              "expression": "starred_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "template_stars_template_starred_at_idx": {
+          "name": "template_stars_template_starred_at_idx",
+          "columns": [
+            {
+              "expression": "template_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "starred_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "template_stars_user_template_unique": {
+          "name": "template_stars_user_template_unique",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "template_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "template_stars_user_id_user_id_fk": {
+          "name": "template_stars_user_id_user_id_fk",
+          "tableFrom": "template_stars",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "template_stars_template_id_templates_id_fk": {
+          "name": "template_stars_template_id_templates_id_fk",
+          "tableFrom": "template_stars",
+          "tableTo": "templates",
+          "columnsFrom": ["template_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.templates": {
+      "name": "templates",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "details": {
+          "name": "details",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "creator_id": {
+          "name": "creator_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "views": {
+          "name": "views",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "stars": {
+          "name": "stars",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "status": {
+          "name": "status",
+          "type": "template_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "tags": {
+          "name": "tags",
+          "type": "text[]",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'::text[]"
+        },
+        "required_credentials": {
+          "name": "required_credentials",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'[]'"
+        },
+        "state": {
+          "name": "state",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "og_image_url": {
+          "name": "og_image_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "templates_status_idx": {
+          "name": "templates_status_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "templates_creator_id_idx": {
+          "name": "templates_creator_id_idx",
+          "columns": [
+            {
+              "expression": "creator_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "templates_views_idx": {
+          "name": "templates_views_idx",
+          "columns": [
+            {
+              "expression": "views",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "templates_stars_idx": {
+          "name": "templates_stars_idx",
+          "columns": [
+            {
+              "expression": "stars",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "templates_status_views_idx": {
+          "name": "templates_status_views_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "views",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "templates_status_stars_idx": {
+          "name": "templates_status_stars_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "stars",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "templates_created_at_idx": {
+          "name": "templates_created_at_idx",
+          "columns": [
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "templates_updated_at_idx": {
+          "name": "templates_updated_at_idx",
+          "columns": [
+            {
+              "expression": "updated_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "templates_workflow_id_workflow_id_fk": {
+          "name": "templates_workflow_id_workflow_id_fk",
+          "tableFrom": "templates",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        },
+        "templates_creator_id_template_creators_id_fk": {
+          "name": "templates_creator_id_template_creators_id_fk",
+          "tableFrom": "templates",
+          "tableTo": "template_creators",
+          "columnsFrom": ["creator_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.usage_log": {
+      "name": "usage_log",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "category": {
+          "name": "category",
+          "type": "usage_log_category",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "source": {
+          "name": "source",
+          "type": "usage_log_source",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "metadata": {
+          "name": "metadata",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "cost": {
+          "name": "cost",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "execution_id": {
+          "name": "execution_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "usage_log_user_created_at_idx": {
+          "name": "usage_log_user_created_at_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "usage_log_source_idx": {
+          "name": "usage_log_source_idx",
+          "columns": [
+            {
+              "expression": "source",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "usage_log_workspace_id_idx": {
+          "name": "usage_log_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "usage_log_workflow_id_idx": {
+          "name": "usage_log_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "usage_log_workspace_created_at_idx": {
+          "name": "usage_log_workspace_created_at_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "usage_log_user_id_user_id_fk": {
+          "name": "usage_log_user_id_user_id_fk",
+          "tableFrom": "usage_log",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "usage_log_workspace_id_workspace_id_fk": {
+          "name": "usage_log_workspace_id_workspace_id_fk",
+          "tableFrom": "usage_log",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        },
+        "usage_log_workflow_id_workflow_id_fk": {
+          "name": "usage_log_workflow_id_workflow_id_fk",
+          "tableFrom": "usage_log",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.user": {
+      "name": "user",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "email": {
+          "name": "email",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "normalized_email": {
+          "name": "normalized_email",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "email_verified": {
+          "name": "email_verified",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "image": {
+          "name": "image",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "stripe_customer_id": {
+          "name": "stripe_customer_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "role": {
+          "name": "role",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'user'"
+        },
+        "banned": {
+          "name": "banned",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": false,
+          "default": false
+        },
+        "ban_reason": {
+          "name": "ban_reason",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "ban_expires": {
+          "name": "ban_expires",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "user_email_unique": {
+          "name": "user_email_unique",
+          "nullsNotDistinct": false,
+          "columns": ["email"]
+        },
+        "user_normalized_email_unique": {
+          "name": "user_normalized_email_unique",
+          "nullsNotDistinct": false,
+          "columns": ["normalized_email"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.user_stats": {
+      "name": "user_stats",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "total_manual_executions": {
+          "name": "total_manual_executions",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "total_api_calls": {
+          "name": "total_api_calls",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "total_webhook_triggers": {
+          "name": "total_webhook_triggers",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "total_scheduled_executions": {
+          "name": "total_scheduled_executions",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "total_chat_executions": {
+          "name": "total_chat_executions",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "total_mcp_executions": {
+          "name": "total_mcp_executions",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "total_a2a_executions": {
+          "name": "total_a2a_executions",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "total_tokens_used": {
+          "name": "total_tokens_used",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "total_cost": {
+          "name": "total_cost",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "current_usage_limit": {
+          "name": "current_usage_limit",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'5'"
+        },
+        "usage_limit_updated_at": {
+          "name": "usage_limit_updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "now()"
+        },
+        "current_period_cost": {
+          "name": "current_period_cost",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "last_period_cost": {
+          "name": "last_period_cost",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'0'"
+        },
+        "billed_overage_this_period": {
+          "name": "billed_overage_this_period",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "pro_period_cost_snapshot": {
+          "name": "pro_period_cost_snapshot",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'0'"
+        },
+        "pro_period_cost_snapshot_at": {
+          "name": "pro_period_cost_snapshot_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "credit_balance": {
+          "name": "credit_balance",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "total_copilot_cost": {
+          "name": "total_copilot_cost",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "current_period_copilot_cost": {
+          "name": "current_period_copilot_cost",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "last_period_copilot_cost": {
+          "name": "last_period_copilot_cost",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'0'"
+        },
+        "total_copilot_tokens": {
+          "name": "total_copilot_tokens",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "total_copilot_calls": {
+          "name": "total_copilot_calls",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "total_mcp_copilot_calls": {
+          "name": "total_mcp_copilot_calls",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "total_mcp_copilot_cost": {
+          "name": "total_mcp_copilot_cost",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "current_period_mcp_copilot_cost": {
+          "name": "current_period_mcp_copilot_cost",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "storage_used_bytes": {
+          "name": "storage_used_bytes",
+          "type": "bigint",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "last_active": {
+          "name": "last_active",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "billing_blocked": {
+          "name": "billing_blocked",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "billing_blocked_reason": {
+          "name": "billing_blocked_reason",
+          "type": "billing_blocked_reason",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "user_stats_user_id_user_id_fk": {
+          "name": "user_stats_user_id_user_id_fk",
+          "tableFrom": "user_stats",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "user_stats_user_id_unique": {
+          "name": "user_stats_user_id_unique",
+          "nullsNotDistinct": false,
+          "columns": ["user_id"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.user_table_definitions": {
+      "name": "user_table_definitions",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "schema": {
+          "name": "schema",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "metadata": {
+          "name": "metadata",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "max_rows": {
+          "name": "max_rows",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 10000
+        },
+        "row_count": {
+          "name": "row_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "archived_at": {
+          "name": "archived_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "user_table_def_workspace_id_idx": {
+          "name": "user_table_def_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "user_table_def_workspace_name_unique": {
+          "name": "user_table_def_workspace_name_unique",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "name",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "where": "\"user_table_definitions\".\"archived_at\" IS NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "user_table_def_archived_at_idx": {
+          "name": "user_table_def_archived_at_idx",
+          "columns": [
+            {
+              "expression": "archived_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "user_table_def_workspace_archived_partial_idx": {
+          "name": "user_table_def_workspace_archived_partial_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "archived_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"user_table_definitions\".\"archived_at\" IS NOT NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "user_table_definitions_workspace_id_workspace_id_fk": {
+          "name": "user_table_definitions_workspace_id_workspace_id_fk",
+          "tableFrom": "user_table_definitions",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "user_table_definitions_created_by_user_id_fk": {
+          "name": "user_table_definitions_created_by_user_id_fk",
+          "tableFrom": "user_table_definitions",
+          "tableTo": "user",
+          "columnsFrom": ["created_by"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.user_table_rows": {
+      "name": "user_table_rows",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "table_id": {
+          "name": "table_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "data": {
+          "name": "data",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "executions": {
+          "name": "executions",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'::jsonb"
+        },
+        "position": {
+          "name": "position",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "user_table_rows_table_id_idx": {
+          "name": "user_table_rows_table_id_idx",
+          "columns": [
+            {
+              "expression": "table_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "user_table_rows_data_gin_idx": {
+          "name": "user_table_rows_data_gin_idx",
+          "columns": [
+            {
+              "expression": "data",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "gin",
+          "with": {}
+        },
+        "user_table_rows_workspace_table_idx": {
+          "name": "user_table_rows_workspace_table_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "table_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "user_table_rows_table_position_idx": {
+          "name": "user_table_rows_table_position_idx",
+          "columns": [
+            {
+              "expression": "table_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "position",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "user_table_rows_table_id_user_table_definitions_id_fk": {
+          "name": "user_table_rows_table_id_user_table_definitions_id_fk",
+          "tableFrom": "user_table_rows",
+          "tableTo": "user_table_definitions",
+          "columnsFrom": ["table_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "user_table_rows_workspace_id_workspace_id_fk": {
+          "name": "user_table_rows_workspace_id_workspace_id_fk",
+          "tableFrom": "user_table_rows",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "user_table_rows_created_by_user_id_fk": {
+          "name": "user_table_rows_created_by_user_id_fk",
+          "tableFrom": "user_table_rows",
+          "tableTo": "user",
+          "columnsFrom": ["created_by"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.verification": {
+      "name": "verification",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "identifier": {
+          "name": "identifier",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "value": {
+          "name": "value",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "verification_identifier_idx": {
+          "name": "verification_identifier_idx",
+          "columns": [
+            {
+              "expression": "identifier",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "verification_expires_at_idx": {
+          "name": "verification_expires_at_idx",
+          "columns": [
+            {
+              "expression": "expires_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.waitlist": {
+      "name": "waitlist",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "email": {
+          "name": "email",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "waitlist_email_unique": {
+          "name": "waitlist_email_unique",
+          "nullsNotDistinct": false,
+          "columns": ["email"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.webhook": {
+      "name": "webhook",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "deployment_version_id": {
+          "name": "deployment_version_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "block_id": {
+          "name": "block_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "path": {
+          "name": "path",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "provider": {
+          "name": "provider",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "provider_config": {
+          "name": "provider_config",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "is_active": {
+          "name": "is_active",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "failed_count": {
+          "name": "failed_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "default": 0
+        },
+        "last_failed_at": {
+          "name": "last_failed_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "credential_set_id": {
+          "name": "credential_set_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "archived_at": {
+          "name": "archived_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "path_deployment_unique": {
+          "name": "path_deployment_unique",
+          "columns": [
+            {
+              "expression": "path",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "deployment_version_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "where": "\"webhook\".\"archived_at\" IS NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "idx_webhook_on_workflow_id_block_id": {
+          "name": "idx_webhook_on_workflow_id_block_id",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "block_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "webhook_workflow_deployment_idx": {
+          "name": "webhook_workflow_deployment_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "deployment_version_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "webhook_credential_set_id_idx": {
+          "name": "webhook_credential_set_id_idx",
+          "columns": [
+            {
+              "expression": "credential_set_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "webhook_archived_at_partial_idx": {
+          "name": "webhook_archived_at_partial_idx",
+          "columns": [
+            {
+              "expression": "archived_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"webhook\".\"archived_at\" IS NOT NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "webhook_workflow_id_workflow_id_fk": {
+          "name": "webhook_workflow_id_workflow_id_fk",
+          "tableFrom": "webhook",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "webhook_deployment_version_id_workflow_deployment_version_id_fk": {
+          "name": "webhook_deployment_version_id_workflow_deployment_version_id_fk",
+          "tableFrom": "webhook",
+          "tableTo": "workflow_deployment_version",
+          "columnsFrom": ["deployment_version_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "webhook_credential_set_id_credential_set_id_fk": {
+          "name": "webhook_credential_set_id_credential_set_id_fk",
+          "tableFrom": "webhook",
+          "tableTo": "credential_set",
+          "columnsFrom": ["credential_set_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow": {
+      "name": "workflow",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "folder_id": {
+          "name": "folder_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "sort_order": {
+          "name": "sort_order",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "color": {
+          "name": "color",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'#3972F6'"
+        },
+        "last_synced": {
+          "name": "last_synced",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "is_deployed": {
+          "name": "is_deployed",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "deployed_at": {
+          "name": "deployed_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "is_public_api": {
+          "name": "is_public_api",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "locked": {
+          "name": "locked",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "run_count": {
+          "name": "run_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "last_run_at": {
+          "name": "last_run_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "variables": {
+          "name": "variables",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'{}'"
+        },
+        "archived_at": {
+          "name": "archived_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "workflow_user_id_idx": {
+          "name": "workflow_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_workspace_id_idx": {
+          "name": "workflow_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_user_workspace_idx": {
+          "name": "workflow_user_workspace_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_workspace_folder_name_active_unique": {
+          "name": "workflow_workspace_folder_name_active_unique",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "coalesce(\"folder_id\", '')",
+              "asc": true,
+              "isExpression": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "name",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "where": "\"workflow\".\"archived_at\" IS NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_folder_sort_idx": {
+          "name": "workflow_folder_sort_idx",
+          "columns": [
+            {
+              "expression": "folder_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "sort_order",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_archived_at_idx": {
+          "name": "workflow_archived_at_idx",
+          "columns": [
+            {
+              "expression": "archived_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_workspace_archived_partial_idx": {
+          "name": "workflow_workspace_archived_partial_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "archived_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"workflow\".\"archived_at\" IS NOT NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_user_id_user_id_fk": {
+          "name": "workflow_user_id_user_id_fk",
+          "tableFrom": "workflow",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_workspace_id_workspace_id_fk": {
+          "name": "workflow_workspace_id_workspace_id_fk",
+          "tableFrom": "workflow",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_folder_id_workflow_folder_id_fk": {
+          "name": "workflow_folder_id_workflow_folder_id_fk",
+          "tableFrom": "workflow",
+          "tableTo": "workflow_folder",
+          "columnsFrom": ["folder_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_blocks": {
+      "name": "workflow_blocks",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "position_x": {
+          "name": "position_x",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "position_y": {
+          "name": "position_y",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "horizontal_handles": {
+          "name": "horizontal_handles",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "is_wide": {
+          "name": "is_wide",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "advanced_mode": {
+          "name": "advanced_mode",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "trigger_mode": {
+          "name": "trigger_mode",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "locked": {
+          "name": "locked",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "height": {
+          "name": "height",
+          "type": "numeric",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'0'"
+        },
+        "sub_blocks": {
+          "name": "sub_blocks",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "outputs": {
+          "name": "outputs",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "data": {
+          "name": "data",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'{}'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_blocks_workflow_id_idx": {
+          "name": "workflow_blocks_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_blocks_type_idx": {
+          "name": "workflow_blocks_type_idx",
+          "columns": [
+            {
+              "expression": "type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_blocks_workflow_id_workflow_id_fk": {
+          "name": "workflow_blocks_workflow_id_workflow_id_fk",
+          "tableFrom": "workflow_blocks",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_checkpoints": {
+      "name": "workflow_checkpoints",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true,
+          "default": "gen_random_uuid()"
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "chat_id": {
+          "name": "chat_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "message_id": {
+          "name": "message_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "workflow_state": {
+          "name": "workflow_state",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_checkpoints_user_id_idx": {
+          "name": "workflow_checkpoints_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_checkpoints_workflow_id_idx": {
+          "name": "workflow_checkpoints_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_checkpoints_chat_id_idx": {
+          "name": "workflow_checkpoints_chat_id_idx",
+          "columns": [
+            {
+              "expression": "chat_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_checkpoints_message_id_idx": {
+          "name": "workflow_checkpoints_message_id_idx",
+          "columns": [
+            {
+              "expression": "message_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_checkpoints_user_workflow_idx": {
+          "name": "workflow_checkpoints_user_workflow_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_checkpoints_workflow_chat_idx": {
+          "name": "workflow_checkpoints_workflow_chat_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "chat_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_checkpoints_created_at_idx": {
+          "name": "workflow_checkpoints_created_at_idx",
+          "columns": [
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_checkpoints_chat_created_at_idx": {
+          "name": "workflow_checkpoints_chat_created_at_idx",
+          "columns": [
+            {
+              "expression": "chat_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_checkpoints_user_id_user_id_fk": {
+          "name": "workflow_checkpoints_user_id_user_id_fk",
+          "tableFrom": "workflow_checkpoints",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_checkpoints_workflow_id_workflow_id_fk": {
+          "name": "workflow_checkpoints_workflow_id_workflow_id_fk",
+          "tableFrom": "workflow_checkpoints",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_checkpoints_chat_id_copilot_chats_id_fk": {
+          "name": "workflow_checkpoints_chat_id_copilot_chats_id_fk",
+          "tableFrom": "workflow_checkpoints",
+          "tableTo": "copilot_chats",
+          "columnsFrom": ["chat_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_deployment_version": {
+      "name": "workflow_deployment_version",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "version": {
+          "name": "version",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "state": {
+          "name": "state",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "is_active": {
+          "name": "is_active",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "workflow_deployment_version_workflow_version_unique": {
+          "name": "workflow_deployment_version_workflow_version_unique",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "version",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_deployment_version_workflow_active_idx": {
+          "name": "workflow_deployment_version_workflow_active_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "is_active",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_deployment_version_created_at_idx": {
+          "name": "workflow_deployment_version_created_at_idx",
+          "columns": [
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_deployment_version_workflow_id_workflow_id_fk": {
+          "name": "workflow_deployment_version_workflow_id_workflow_id_fk",
+          "tableFrom": "workflow_deployment_version",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_edges": {
+      "name": "workflow_edges",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "source_block_id": {
+          "name": "source_block_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "target_block_id": {
+          "name": "target_block_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "source_handle": {
+          "name": "source_handle",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "target_handle": {
+          "name": "target_handle",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_edges_workflow_id_idx": {
+          "name": "workflow_edges_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_edges_workflow_source_idx": {
+          "name": "workflow_edges_workflow_source_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "source_block_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_edges_workflow_target_idx": {
+          "name": "workflow_edges_workflow_target_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "target_block_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_edges_workflow_id_workflow_id_fk": {
+          "name": "workflow_edges_workflow_id_workflow_id_fk",
+          "tableFrom": "workflow_edges",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_edges_source_block_id_workflow_blocks_id_fk": {
+          "name": "workflow_edges_source_block_id_workflow_blocks_id_fk",
+          "tableFrom": "workflow_edges",
+          "tableTo": "workflow_blocks",
+          "columnsFrom": ["source_block_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_edges_target_block_id_workflow_blocks_id_fk": {
+          "name": "workflow_edges_target_block_id_workflow_blocks_id_fk",
+          "tableFrom": "workflow_edges",
+          "tableTo": "workflow_blocks",
+          "columnsFrom": ["target_block_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_execution_logs": {
+      "name": "workflow_execution_logs",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "execution_id": {
+          "name": "execution_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "state_snapshot_id": {
+          "name": "state_snapshot_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "deployment_version_id": {
+          "name": "deployment_version_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "level": {
+          "name": "level",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'running'"
+        },
+        "trigger": {
+          "name": "trigger",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "started_at": {
+          "name": "started_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "ended_at": {
+          "name": "ended_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "total_duration_ms": {
+          "name": "total_duration_ms",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "execution_data": {
+          "name": "execution_data",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "cost": {
+          "name": "cost",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "files": {
+          "name": "files",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_execution_logs_workflow_id_idx": {
+          "name": "workflow_execution_logs_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_execution_logs_state_snapshot_id_idx": {
+          "name": "workflow_execution_logs_state_snapshot_id_idx",
+          "columns": [
+            {
+              "expression": "state_snapshot_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_execution_logs_deployment_version_id_idx": {
+          "name": "workflow_execution_logs_deployment_version_id_idx",
+          "columns": [
+            {
+              "expression": "deployment_version_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_execution_logs_trigger_idx": {
+          "name": "workflow_execution_logs_trigger_idx",
+          "columns": [
+            {
+              "expression": "trigger",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_execution_logs_level_idx": {
+          "name": "workflow_execution_logs_level_idx",
+          "columns": [
+            {
+              "expression": "level",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_execution_logs_started_at_idx": {
+          "name": "workflow_execution_logs_started_at_idx",
+          "columns": [
+            {
+              "expression": "started_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_execution_logs_execution_id_unique": {
+          "name": "workflow_execution_logs_execution_id_unique",
+          "columns": [
+            {
+              "expression": "execution_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_execution_logs_workflow_started_at_idx": {
+          "name": "workflow_execution_logs_workflow_started_at_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "started_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_execution_logs_workspace_started_at_idx": {
+          "name": "workflow_execution_logs_workspace_started_at_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "started_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_execution_logs_running_started_at_idx": {
+          "name": "workflow_execution_logs_running_started_at_idx",
+          "columns": [
+            {
+              "expression": "started_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "status = 'running'",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_execution_logs_workflow_id_workflow_id_fk": {
+          "name": "workflow_execution_logs_workflow_id_workflow_id_fk",
+          "tableFrom": "workflow_execution_logs",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        },
+        "workflow_execution_logs_workspace_id_workspace_id_fk": {
+          "name": "workflow_execution_logs_workspace_id_workspace_id_fk",
+          "tableFrom": "workflow_execution_logs",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_execution_logs_state_snapshot_id_workflow_execution_snapshots_id_fk": {
+          "name": "workflow_execution_logs_state_snapshot_id_workflow_execution_snapshots_id_fk",
+          "tableFrom": "workflow_execution_logs",
+          "tableTo": "workflow_execution_snapshots",
+          "columnsFrom": ["state_snapshot_id"],
+          "columnsTo": ["id"],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        },
+        "workflow_execution_logs_deployment_version_id_workflow_deployment_version_id_fk": {
+          "name": "workflow_execution_logs_deployment_version_id_workflow_deployment_version_id_fk",
+          "tableFrom": "workflow_execution_logs",
+          "tableTo": "workflow_deployment_version",
+          "columnsFrom": ["deployment_version_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_execution_snapshots": {
+      "name": "workflow_execution_snapshots",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "state_hash": {
+          "name": "state_hash",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "state_data": {
+          "name": "state_data",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_snapshots_workflow_id_idx": {
+          "name": "workflow_snapshots_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_snapshots_hash_idx": {
+          "name": "workflow_snapshots_hash_idx",
+          "columns": [
+            {
+              "expression": "state_hash",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_snapshots_workflow_hash_idx": {
+          "name": "workflow_snapshots_workflow_hash_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "state_hash",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_snapshots_created_at_idx": {
+          "name": "workflow_snapshots_created_at_idx",
+          "columns": [
+            {
+              "expression": "created_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_execution_snapshots_workflow_id_workflow_id_fk": {
+          "name": "workflow_execution_snapshots_workflow_id_workflow_id_fk",
+          "tableFrom": "workflow_execution_snapshots",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_folder": {
+      "name": "workflow_folder",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "parent_id": {
+          "name": "parent_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "color": {
+          "name": "color",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'#6B7280'"
+        },
+        "is_expanded": {
+          "name": "is_expanded",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "locked": {
+          "name": "locked",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "sort_order": {
+          "name": "sort_order",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "archived_at": {
+          "name": "archived_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {
+        "workflow_folder_user_idx": {
+          "name": "workflow_folder_user_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_folder_workspace_parent_idx": {
+          "name": "workflow_folder_workspace_parent_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "parent_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_folder_parent_sort_idx": {
+          "name": "workflow_folder_parent_sort_idx",
+          "columns": [
+            {
+              "expression": "parent_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "sort_order",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_folder_archived_at_idx": {
+          "name": "workflow_folder_archived_at_idx",
+          "columns": [
+            {
+              "expression": "archived_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_folder_workspace_archived_partial_idx": {
+          "name": "workflow_folder_workspace_archived_partial_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "archived_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"workflow_folder\".\"archived_at\" IS NOT NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_folder_user_id_user_id_fk": {
+          "name": "workflow_folder_user_id_user_id_fk",
+          "tableFrom": "workflow_folder",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_folder_workspace_id_workspace_id_fk": {
+          "name": "workflow_folder_workspace_id_workspace_id_fk",
+          "tableFrom": "workflow_folder",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_mcp_server": {
+      "name": "workflow_mcp_server",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "is_public": {
+          "name": "is_public",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "deleted_at": {
+          "name": "deleted_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_mcp_server_workspace_id_idx": {
+          "name": "workflow_mcp_server_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_mcp_server_created_by_idx": {
+          "name": "workflow_mcp_server_created_by_idx",
+          "columns": [
+            {
+              "expression": "created_by",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_mcp_server_deleted_at_idx": {
+          "name": "workflow_mcp_server_deleted_at_idx",
+          "columns": [
+            {
+              "expression": "deleted_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_mcp_server_workspace_deleted_partial_idx": {
+          "name": "workflow_mcp_server_workspace_deleted_partial_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "deleted_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"workflow_mcp_server\".\"deleted_at\" IS NOT NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_mcp_server_workspace_id_workspace_id_fk": {
+          "name": "workflow_mcp_server_workspace_id_workspace_id_fk",
+          "tableFrom": "workflow_mcp_server",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_mcp_server_created_by_user_id_fk": {
+          "name": "workflow_mcp_server_created_by_user_id_fk",
+          "tableFrom": "workflow_mcp_server",
+          "tableTo": "user",
+          "columnsFrom": ["created_by"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_mcp_tool": {
+      "name": "workflow_mcp_tool",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "server_id": {
+          "name": "server_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "tool_name": {
+          "name": "tool_name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "tool_description": {
+          "name": "tool_description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "parameter_schema": {
+          "name": "parameter_schema",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "archived_at": {
+          "name": "archived_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_mcp_tool_server_id_idx": {
+          "name": "workflow_mcp_tool_server_id_idx",
+          "columns": [
+            {
+              "expression": "server_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_mcp_tool_workflow_id_idx": {
+          "name": "workflow_mcp_tool_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_mcp_tool_server_workflow_unique": {
+          "name": "workflow_mcp_tool_server_workflow_unique",
+          "columns": [
+            {
+              "expression": "server_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "where": "\"workflow_mcp_tool\".\"archived_at\" IS NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_mcp_tool_archived_at_partial_idx": {
+          "name": "workflow_mcp_tool_archived_at_partial_idx",
+          "columns": [
+            {
+              "expression": "archived_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"workflow_mcp_tool\".\"archived_at\" IS NOT NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_mcp_tool_server_id_workflow_mcp_server_id_fk": {
+          "name": "workflow_mcp_tool_server_id_workflow_mcp_server_id_fk",
+          "tableFrom": "workflow_mcp_tool",
+          "tableTo": "workflow_mcp_server",
+          "columnsFrom": ["server_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_mcp_tool_workflow_id_workflow_id_fk": {
+          "name": "workflow_mcp_tool_workflow_id_workflow_id_fk",
+          "tableFrom": "workflow_mcp_tool",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_schedule": {
+      "name": "workflow_schedule",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "deployment_version_id": {
+          "name": "deployment_version_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "block_id": {
+          "name": "block_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "cron_expression": {
+          "name": "cron_expression",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "next_run_at": {
+          "name": "next_run_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "last_ran_at": {
+          "name": "last_ran_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "last_queued_at": {
+          "name": "last_queued_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "trigger_type": {
+          "name": "trigger_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "timezone": {
+          "name": "timezone",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'UTC'"
+        },
+        "failed_count": {
+          "name": "failed_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'active'"
+        },
+        "last_failed_at": {
+          "name": "last_failed_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "source_type": {
+          "name": "source_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'workflow'"
+        },
+        "job_title": {
+          "name": "job_title",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "prompt": {
+          "name": "prompt",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "lifecycle": {
+          "name": "lifecycle",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'persistent'"
+        },
+        "success_condition": {
+          "name": "success_condition",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "max_runs": {
+          "name": "max_runs",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "run_count": {
+          "name": "run_count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "source_chat_id": {
+          "name": "source_chat_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "source_task_name": {
+          "name": "source_task_name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "source_user_id": {
+          "name": "source_user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "source_workspace_id": {
+          "name": "source_workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "job_history": {
+          "name": "job_history",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "archived_at": {
+          "name": "archived_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_schedule_workflow_block_deployment_unique": {
+          "name": "workflow_schedule_workflow_block_deployment_unique",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "block_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "deployment_version_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "where": "\"workflow_schedule\".\"archived_at\" IS NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_schedule_workflow_deployment_idx": {
+          "name": "workflow_schedule_workflow_deployment_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "deployment_version_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_schedule_archived_at_partial_idx": {
+          "name": "workflow_schedule_archived_at_partial_idx",
+          "columns": [
+            {
+              "expression": "archived_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"workflow_schedule\".\"archived_at\" IS NOT NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_schedule_workflow_id_workflow_id_fk": {
+          "name": "workflow_schedule_workflow_id_workflow_id_fk",
+          "tableFrom": "workflow_schedule",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_schedule_deployment_version_id_workflow_deployment_version_id_fk": {
+          "name": "workflow_schedule_deployment_version_id_workflow_deployment_version_id_fk",
+          "tableFrom": "workflow_schedule",
+          "tableTo": "workflow_deployment_version",
+          "columnsFrom": ["deployment_version_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_schedule_source_user_id_user_id_fk": {
+          "name": "workflow_schedule_source_user_id_user_id_fk",
+          "tableFrom": "workflow_schedule",
+          "tableTo": "user",
+          "columnsFrom": ["source_user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workflow_schedule_source_workspace_id_workspace_id_fk": {
+          "name": "workflow_schedule_source_workspace_id_workspace_id_fk",
+          "tableFrom": "workflow_schedule",
+          "tableTo": "workspace",
+          "columnsFrom": ["source_workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workflow_subflows": {
+      "name": "workflow_subflows",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "config": {
+          "name": "config",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workflow_subflows_workflow_id_idx": {
+          "name": "workflow_subflows_workflow_id_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workflow_subflows_workflow_type_idx": {
+          "name": "workflow_subflows_workflow_type_idx",
+          "columns": [
+            {
+              "expression": "workflow_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workflow_subflows_workflow_id_workflow_id_fk": {
+          "name": "workflow_subflows_workflow_id_workflow_id_fk",
+          "tableFrom": "workflow_subflows",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workspace": {
+      "name": "workspace",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "color": {
+          "name": "color",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'#33C482'"
+        },
+        "logo_url": {
+          "name": "logo_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "owner_id": {
+          "name": "owner_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "organization_id": {
+          "name": "organization_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "workspace_mode": {
+          "name": "workspace_mode",
+          "type": "workspace_mode",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'grandfathered_shared'"
+        },
+        "billed_account_user_id": {
+          "name": "billed_account_user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "allow_personal_api_keys": {
+          "name": "allow_personal_api_keys",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "inbox_enabled": {
+          "name": "inbox_enabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "inbox_address": {
+          "name": "inbox_address",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "inbox_provider_id": {
+          "name": "inbox_provider_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "archived_at": {
+          "name": "archived_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workspace_owner_id_idx": {
+          "name": "workspace_owner_id_idx",
+          "columns": [
+            {
+              "expression": "owner_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_organization_id_idx": {
+          "name": "workspace_organization_id_idx",
+          "columns": [
+            {
+              "expression": "organization_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_mode_idx": {
+          "name": "workspace_mode_idx",
+          "columns": [
+            {
+              "expression": "workspace_mode",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workspace_owner_id_user_id_fk": {
+          "name": "workspace_owner_id_user_id_fk",
+          "tableFrom": "workspace",
+          "tableTo": "user",
+          "columnsFrom": ["owner_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workspace_organization_id_organization_id_fk": {
+          "name": "workspace_organization_id_organization_id_fk",
+          "tableFrom": "workspace",
+          "tableTo": "organization",
+          "columnsFrom": ["organization_id"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        },
+        "workspace_billed_account_user_id_user_id_fk": {
+          "name": "workspace_billed_account_user_id_user_id_fk",
+          "tableFrom": "workspace",
+          "tableTo": "user",
+          "columnsFrom": ["billed_account_user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workspace_byok_keys": {
+      "name": "workspace_byok_keys",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "provider_id": {
+          "name": "provider_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "encrypted_api_key": {
+          "name": "encrypted_api_key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workspace_byok_provider_unique": {
+          "name": "workspace_byok_provider_unique",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "provider_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_byok_workspace_idx": {
+          "name": "workspace_byok_workspace_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workspace_byok_keys_workspace_id_workspace_id_fk": {
+          "name": "workspace_byok_keys_workspace_id_workspace_id_fk",
+          "tableFrom": "workspace_byok_keys",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workspace_byok_keys_created_by_user_id_fk": {
+          "name": "workspace_byok_keys_created_by_user_id_fk",
+          "tableFrom": "workspace_byok_keys",
+          "tableTo": "user",
+          "columnsFrom": ["created_by"],
+          "columnsTo": ["id"],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workspace_environment": {
+      "name": "workspace_environment",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "variables": {
+          "name": "variables",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workspace_environment_workspace_unique": {
+          "name": "workspace_environment_workspace_unique",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workspace_environment_workspace_id_workspace_id_fk": {
+          "name": "workspace_environment_workspace_id_workspace_id_fk",
+          "tableFrom": "workspace_environment",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workspace_file": {
+      "name": "workspace_file",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "size": {
+          "name": "size",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "uploaded_by": {
+          "name": "uploaded_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "deleted_at": {
+          "name": "deleted_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "uploaded_at": {
+          "name": "uploaded_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workspace_file_workspace_id_idx": {
+          "name": "workspace_file_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_file_key_idx": {
+          "name": "workspace_file_key_idx",
+          "columns": [
+            {
+              "expression": "key",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_file_deleted_at_idx": {
+          "name": "workspace_file_deleted_at_idx",
+          "columns": [
+            {
+              "expression": "deleted_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_file_workspace_deleted_partial_idx": {
+          "name": "workspace_file_workspace_deleted_partial_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "deleted_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"workspace_file\".\"deleted_at\" IS NOT NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workspace_file_workspace_id_workspace_id_fk": {
+          "name": "workspace_file_workspace_id_workspace_id_fk",
+          "tableFrom": "workspace_file",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workspace_file_uploaded_by_user_id_fk": {
+          "name": "workspace_file_uploaded_by_user_id_fk",
+          "tableFrom": "workspace_file",
+          "tableTo": "user",
+          "columnsFrom": ["uploaded_by"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "workspace_file_key_unique": {
+          "name": "workspace_file_key_unique",
+          "nullsNotDistinct": false,
+          "columns": ["key"]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workspace_files": {
+      "name": "workspace_files",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "key": {
+          "name": "key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "context": {
+          "name": "context",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "chat_id": {
+          "name": "chat_id",
+          "type": "uuid",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "original_name": {
+          "name": "original_name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "content_type": {
+          "name": "content_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "size": {
+          "name": "size",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "deleted_at": {
+          "name": "deleted_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "uploaded_at": {
+          "name": "uploaded_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workspace_files_key_active_unique": {
+          "name": "workspace_files_key_active_unique",
+          "columns": [
+            {
+              "expression": "key",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "where": "\"workspace_files\".\"deleted_at\" IS NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_files_workspace_name_active_unique": {
+          "name": "workspace_files_workspace_name_active_unique",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "original_name",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": true,
+          "where": "\"workspace_files\".\"deleted_at\" IS NULL AND \"workspace_files\".\"context\" = 'workspace' AND \"workspace_files\".\"workspace_id\" IS NOT NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_files_key_idx": {
+          "name": "workspace_files_key_idx",
+          "columns": [
+            {
+              "expression": "key",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_files_user_id_idx": {
+          "name": "workspace_files_user_id_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_files_workspace_id_idx": {
+          "name": "workspace_files_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_files_context_idx": {
+          "name": "workspace_files_context_idx",
+          "columns": [
+            {
+              "expression": "context",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_files_chat_id_idx": {
+          "name": "workspace_files_chat_id_idx",
+          "columns": [
+            {
+              "expression": "chat_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_files_deleted_at_idx": {
+          "name": "workspace_files_deleted_at_idx",
+          "columns": [
+            {
+              "expression": "deleted_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_files_workspace_deleted_partial_idx": {
+          "name": "workspace_files_workspace_deleted_partial_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "deleted_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "where": "\"workspace_files\".\"deleted_at\" IS NOT NULL",
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workspace_files_user_id_user_id_fk": {
+          "name": "workspace_files_user_id_user_id_fk",
+          "tableFrom": "workspace_files",
+          "tableTo": "user",
+          "columnsFrom": ["user_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workspace_files_workspace_id_workspace_id_fk": {
+          "name": "workspace_files_workspace_id_workspace_id_fk",
+          "tableFrom": "workspace_files",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workspace_files_chat_id_copilot_chats_id_fk": {
+          "name": "workspace_files_chat_id_copilot_chats_id_fk",
+          "tableFrom": "workspace_files",
+          "tableTo": "copilot_chats",
+          "columnsFrom": ["chat_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workspace_notification_delivery": {
+      "name": "workspace_notification_delivery",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "subscription_id": {
+          "name": "subscription_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workflow_id": {
+          "name": "workflow_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "execution_id": {
+          "name": "execution_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status": {
+          "name": "status",
+          "type": "notification_delivery_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'pending'"
+        },
+        "attempts": {
+          "name": "attempts",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "default": 0
+        },
+        "last_attempt_at": {
+          "name": "last_attempt_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "next_attempt_at": {
+          "name": "next_attempt_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "response_status": {
+          "name": "response_status",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "response_body": {
+          "name": "response_body",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "error_message": {
+          "name": "error_message",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workspace_notification_delivery_subscription_id_idx": {
+          "name": "workspace_notification_delivery_subscription_id_idx",
+          "columns": [
+            {
+              "expression": "subscription_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_notification_delivery_execution_id_idx": {
+          "name": "workspace_notification_delivery_execution_id_idx",
+          "columns": [
+            {
+              "expression": "execution_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_notification_delivery_status_idx": {
+          "name": "workspace_notification_delivery_status_idx",
+          "columns": [
+            {
+              "expression": "status",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_notification_delivery_next_attempt_idx": {
+          "name": "workspace_notification_delivery_next_attempt_idx",
+          "columns": [
+            {
+              "expression": "next_attempt_at",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workspace_notification_delivery_subscription_id_workspace_notification_subscription_id_fk": {
+          "name": "workspace_notification_delivery_subscription_id_workspace_notification_subscription_id_fk",
+          "tableFrom": "workspace_notification_delivery",
+          "tableTo": "workspace_notification_subscription",
+          "columnsFrom": ["subscription_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workspace_notification_delivery_workflow_id_workflow_id_fk": {
+          "name": "workspace_notification_delivery_workflow_id_workflow_id_fk",
+          "tableFrom": "workspace_notification_delivery",
+          "tableTo": "workflow",
+          "columnsFrom": ["workflow_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.workspace_notification_subscription": {
+      "name": "workspace_notification_subscription",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "notification_type": {
+          "name": "notification_type",
+          "type": "notification_type",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "workflow_ids": {
+          "name": "workflow_ids",
+          "type": "text[]",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'{}'::text[]"
+        },
+        "all_workflows": {
+          "name": "all_workflows",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "level_filter": {
+          "name": "level_filter",
+          "type": "text[]",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "ARRAY['info', 'error']::text[]"
+        },
+        "trigger_filter": {
+          "name": "trigger_filter",
+          "type": "text[]",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "ARRAY['api', 'webhook', 'schedule', 'manual', 'chat']::text[]"
+        },
+        "include_final_output": {
+          "name": "include_final_output",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "include_trace_spans": {
+          "name": "include_trace_spans",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "include_rate_limits": {
+          "name": "include_rate_limits",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "include_usage_data": {
+          "name": "include_usage_data",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "webhook_config": {
+          "name": "webhook_config",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "email_recipients": {
+          "name": "email_recipients",
+          "type": "text[]",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "slack_config": {
+          "name": "slack_config",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "alert_config": {
+          "name": "alert_config",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "last_alert_at": {
+          "name": "last_alert_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "active": {
+          "name": "active",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "workspace_notification_workspace_id_idx": {
+          "name": "workspace_notification_workspace_id_idx",
+          "columns": [
+            {
+              "expression": "workspace_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_notification_active_idx": {
+          "name": "workspace_notification_active_idx",
+          "columns": [
+            {
+              "expression": "active",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        },
+        "workspace_notification_type_idx": {
+          "name": "workspace_notification_type_idx",
+          "columns": [
+            {
+              "expression": "notification_type",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "workspace_notification_subscription_workspace_id_workspace_id_fk": {
+          "name": "workspace_notification_subscription_workspace_id_workspace_id_fk",
+          "tableFrom": "workspace_notification_subscription",
+          "tableTo": "workspace",
+          "columnsFrom": ["workspace_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workspace_notification_subscription_created_by_user_id_fk": {
+          "name": "workspace_notification_subscription_created_by_user_id_fk",
+          "tableFrom": "workspace_notification_subscription",
+          "tableTo": "user",
+          "columnsFrom": ["created_by"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    }
+  },
+  "enums": {
+    "public.a2a_task_status": {
+      "name": "a2a_task_status",
+      "schema": "public",
+      "values": [
+        "submitted",
+        "working",
+        "input-required",
+        "completed",
+        "failed",
+        "canceled",
+        "rejected",
+        "auth-required",
+        "unknown"
+      ]
+    },
+    "public.academy_cert_status": {
+      "name": "academy_cert_status",
+      "schema": "public",
+      "values": ["active", "revoked", "expired"]
+    },
+    "public.billing_blocked_reason": {
+      "name": "billing_blocked_reason",
+      "schema": "public",
+      "values": ["payment_failed", "dispute"]
+    },
+    "public.chat_type": {
+      "name": "chat_type",
+      "schema": "public",
+      "values": ["mothership", "copilot"]
+    },
+    "public.copilot_async_tool_status": {
+      "name": "copilot_async_tool_status",
+      "schema": "public",
+      "values": ["pending", "running", "completed", "failed", "cancelled", "delivered"]
+    },
+    "public.copilot_run_status": {
+      "name": "copilot_run_status",
+      "schema": "public",
+      "values": ["active", "paused_waiting_for_tool", "resuming", "complete", "error", "cancelled"]
+    },
+    "public.credential_member_role": {
+      "name": "credential_member_role",
+      "schema": "public",
+      "values": ["admin", "member"]
+    },
+    "public.credential_member_status": {
+      "name": "credential_member_status",
+      "schema": "public",
+      "values": ["active", "pending", "revoked"]
+    },
+    "public.credential_set_invitation_status": {
+      "name": "credential_set_invitation_status",
+      "schema": "public",
+      "values": ["pending", "accepted", "expired", "cancelled"]
+    },
+    "public.credential_set_member_status": {
+      "name": "credential_set_member_status",
+      "schema": "public",
+      "values": ["active", "pending", "revoked"]
+    },
+    "public.credential_type": {
+      "name": "credential_type",
+      "schema": "public",
+      "values": ["oauth", "env_workspace", "env_personal", "service_account"]
+    },
+    "public.invitation_kind": {
+      "name": "invitation_kind",
+      "schema": "public",
+      "values": ["organization", "workspace"]
+    },
+    "public.invitation_membership_intent": {
+      "name": "invitation_membership_intent",
+      "schema": "public",
+      "values": ["internal", "external"]
+    },
+    "public.invitation_status": {
+      "name": "invitation_status",
+      "schema": "public",
+      "values": ["pending", "accepted", "rejected", "cancelled", "expired"]
+    },
+    "public.notification_delivery_status": {
+      "name": "notification_delivery_status",
+      "schema": "public",
+      "values": ["pending", "in_progress", "success", "failed"]
+    },
+    "public.notification_type": {
+      "name": "notification_type",
+      "schema": "public",
+      "values": ["webhook", "email", "slack"]
+    },
+    "public.permission_type": {
+      "name": "permission_type",
+      "schema": "public",
+      "values": ["admin", "write", "read"]
+    },
+    "public.template_creator_type": {
+      "name": "template_creator_type",
+      "schema": "public",
+      "values": ["user", "organization"]
+    },
+    "public.template_status": {
+      "name": "template_status",
+      "schema": "public",
+      "values": ["pending", "approved", "rejected"]
+    },
+    "public.usage_log_category": {
+      "name": "usage_log_category",
+      "schema": "public",
+      "values": ["model", "fixed"]
+    },
+    "public.usage_log_source": {
+      "name": "usage_log_source",
+      "schema": "public",
+      "values": [
+        "workflow",
+        "wand",
+        "copilot",
+        "workspace-chat",
+        "mcp_copilot",
+        "mothership_block",
+        "knowledge-base",
+        "voice-input"
+      ]
+    },
+    "public.workspace_mode": {
+      "name": "workspace_mode",
+      "schema": "public",
+      "values": ["personal", "organization", "grandfathered_shared"]
+    }
+  },
+  "schemas": {},
+  "sequences": {},
+  "roles": {},
+  "policies": {},
+  "views": {},
+  "_meta": {
+    "columns": {},
+    "schemas": {},
+    "tables": {}
+  }
+}
diff --git a/packages/db/migrations/meta/_journal.json b/packages/db/migrations/meta/_journal.json
index 75dea85f071..c5dd3082c59 100644
--- a/packages/db/migrations/meta/_journal.json
+++ b/packages/db/migrations/meta/_journal.json
@@ -1401,6 +1401,13 @@
       "when": 1777664689974,
       "tag": "0200_workflow_folder_locks",
       "breakpoints": true
+    },
+    {
+      "idx": 201,
+      "version": "7",
+      "when": 1777747122663,
+      "tag": "0201_shiny_skullbuster",
+      "breakpoints": true
     }
   ]
 }
diff --git a/packages/db/schema.ts b/packages/db/schema.ts
index 9056fd30bf6..8b21941cc12 100644
--- a/packages/db/schema.ts
+++ b/packages/db/schema.ts
@@ -2873,6 +2873,13 @@ export const userTableRows = pgTable(
       .notNull()
       .references(() => workspace.id, { onDelete: 'cascade' }),
     data: jsonb('data').notNull(),
+    /**
+     * Per-row workflow-group execution state, keyed by `WorkflowGroup.id`.
+     * Each entry holds status / executionId / jobId / blockErrors /
+     * runningBlockIds for one group's run on this row. Empty `{}` means no
+     * group has run for this row yet.
+     */
+    executions: jsonb('executions').notNull().default({}),
     position: integer('position').notNull().default(0),
     createdAt: timestamp('created_at').notNull().defaultNow(),
     updatedAt: timestamp('updated_at').notNull().defaultNow(),
diff --git a/packages/testing/src/mocks/audit.mock.ts b/packages/testing/src/mocks/audit.mock.ts
index 58671d6ba46..04bd12d908b 100644
--- a/packages/testing/src/mocks/audit.mock.ts
+++ b/packages/testing/src/mocks/audit.mock.ts
@@ -40,8 +40,9 @@ export const auditMock = {
     CHAT_DELETED: 'chat.deleted',
     CREDENTIAL_CREATED: 'credential.created',
     CREDENTIAL_UPDATED: 'credential.updated',
-    CREDENTIAL_DELETED: 'credential.deleted',
     CREDENTIAL_RENAMED: 'credential.renamed',
+    CREDENTIAL_RECONNECTED: 'credential.reconnected',
+    CREDENTIAL_DELETED: 'credential.deleted',
     CREDIT_PURCHASED: 'credit.purchased',
     CREDENTIAL_SET_CREATED: 'credential_set.created',
     CREDENTIAL_SET_UPDATED: 'credential_set.updated',
diff --git a/packages/testing/src/mocks/env.mock.ts b/packages/testing/src/mocks/env.mock.ts
index f216721afa2..61f733c1ec2 100644
--- a/packages/testing/src/mocks/env.mock.ts
+++ b/packages/testing/src/mocks/env.mock.ts
@@ -53,6 +53,17 @@ export function createEnvMock(overrides: Record<string, string | undefined> = {}
       typeof value === 'string'
         ? value.toLowerCase() === 'false' || value === '0'
         : value === false,
+    envNumber: (
+      value: number | string | undefined | null,
+      fallback: number,
+      options: { min?: number } = {}
+    ): number => {
+      const min = options.min ?? 0
+      if (typeof value === 'number' && Number.isFinite(value) && value >= min) return value
+      if (value === undefined || value === null || value === '') return fallback
+      const parsed = Number(value)
+      return Number.isFinite(parsed) && parsed >= min ? parsed : fallback
+    },
   }
 }
 
diff --git a/packages/testing/src/mocks/index.ts b/packages/testing/src/mocks/index.ts
index 22ecd6449df..c945ebf3bfc 100644
--- a/packages/testing/src/mocks/index.ts
+++ b/packages/testing/src/mocks/index.ts
@@ -86,6 +86,8 @@ export {
 } from './logging-session.mock'
 // Permission mocks
 export { permissionsMock, permissionsMockFns } from './permissions.mock'
+// PostHog server mocks (for @/lib/posthog/server)
+export { posthogServerMock, posthogServerMockFns } from './posthog-server.mock'
 // Redis client mocks (for Redis client objects)
 export { clearRedisMocks, createMockRedis, type MockRedis } from './redis.mock'
 // Redis config mocks (for @/lib/core/config/redis)
@@ -106,8 +108,10 @@ export {
   type MockSocket,
   type MockSocketServer,
 } from './socket.mock'
-// Storage mocks
+// Storage mocks (browser localStorage/sessionStorage)
 export { clearStorageMocks, createMockStorage, setupGlobalStorageMocks } from './storage.mock'
+// Storage service mocks (for @/lib/uploads/core/storage-service)
+export { storageServiceMock, storageServiceMockFns } from './storage-service.mock'
 // Stripe mocks
 export {
   createMockStripeEvent,
diff --git a/packages/testing/src/mocks/posthog-server.mock.ts b/packages/testing/src/mocks/posthog-server.mock.ts
new file mode 100644
index 00000000000..1c8a01716ea
--- /dev/null
+++ b/packages/testing/src/mocks/posthog-server.mock.ts
@@ -0,0 +1,30 @@
+import { vi } from 'vitest'
+
+/**
+ * Controllable mock functions for `@/lib/posthog/server`.
+ * All defaults are bare `vi.fn()` — configure per-test as needed.
+ *
+ * @example
+ * ```ts
+ * import { posthogServerMockFns } from '@sim/testing'
+ *
+ * expect(posthogServerMockFns.mockCaptureServerEvent).toHaveBeenCalledWith(...)
+ * ```
+ */
+export const posthogServerMockFns = {
+  mockCaptureServerEvent: vi.fn(),
+  mockGetPostHogClient: vi.fn(() => null),
+}
+
+/**
+ * Static mock module for `@/lib/posthog/server`.
+ *
+ * @example
+ * ```ts
+ * vi.mock('@/lib/posthog/server', () => posthogServerMock)
+ * ```
+ */
+export const posthogServerMock = {
+  captureServerEvent: posthogServerMockFns.mockCaptureServerEvent,
+  getPostHogClient: posthogServerMockFns.mockGetPostHogClient,
+}
diff --git a/packages/testing/src/mocks/storage-service.mock.ts b/packages/testing/src/mocks/storage-service.mock.ts
new file mode 100644
index 00000000000..effa9666f11
--- /dev/null
+++ b/packages/testing/src/mocks/storage-service.mock.ts
@@ -0,0 +1,47 @@
+import { vi } from 'vitest'
+
+/**
+ * Controllable mock functions for `@/lib/uploads/core/storage-service`.
+ * All defaults are bare `vi.fn()` — configure per-test as needed.
+ *
+ * @example
+ * ```ts
+ * import { storageServiceMockFns } from '@sim/testing'
+ *
+ * storageServiceMockFns.mockHasCloudStorage.mockReturnValue(true)
+ * storageServiceMockFns.mockGeneratePresignedUploadUrl.mockResolvedValue({
+ *   uploadUrl: 'https://s3/test', key: 'workspace/x/y', ...
+ * })
+ * ```
+ */
+export const storageServiceMockFns = {
+  mockUploadFile: vi.fn(),
+  mockDownloadFile: vi.fn(),
+  mockDeleteFile: vi.fn(),
+  mockHeadObject: vi.fn(),
+  mockGeneratePresignedUploadUrl: vi.fn(),
+  mockGenerateBatchPresignedUploadUrls: vi.fn(),
+  mockGeneratePresignedDownloadUrl: vi.fn(),
+  mockHasCloudStorage: vi.fn(() => false),
+  mockGetS3InfoForKey: vi.fn(),
+}
+
+/**
+ * Static mock module for `@/lib/uploads/core/storage-service`.
+ *
+ * @example
+ * ```ts
+ * vi.mock('@/lib/uploads/core/storage-service', () => storageServiceMock)
+ * ```
+ */
+export const storageServiceMock = {
+  uploadFile: storageServiceMockFns.mockUploadFile,
+  downloadFile: storageServiceMockFns.mockDownloadFile,
+  deleteFile: storageServiceMockFns.mockDeleteFile,
+  headObject: storageServiceMockFns.mockHeadObject,
+  generatePresignedUploadUrl: storageServiceMockFns.mockGeneratePresignedUploadUrl,
+  generateBatchPresignedUploadUrls: storageServiceMockFns.mockGenerateBatchPresignedUploadUrls,
+  generatePresignedDownloadUrl: storageServiceMockFns.mockGeneratePresignedDownloadUrl,
+  hasCloudStorage: storageServiceMockFns.mockHasCloudStorage,
+  getS3InfoForKey: storageServiceMockFns.mockGetS3InfoForKey,
+}
diff --git a/scripts/check-api-validation-contracts.ts b/scripts/check-api-validation-contracts.ts
index 751c1919f54..34cbacb0f6e 100644
--- a/scripts/check-api-validation-contracts.ts
+++ b/scripts/check-api-validation-contracts.ts
@@ -9,8 +9,8 @@ const QUERY_HOOKS_DIR = path.join(ROOT, 'apps/sim/hooks/queries')
 const SELECTOR_HOOKS_DIR = path.join(ROOT, 'apps/sim/hooks/selectors')
 
 const BASELINE = {
-  totalRoutes: 717,
-  zodRoutes: 717,
+  totalRoutes: 725,
+  zodRoutes: 725,
   nonZodRoutes: 0,
 } as const