FILES field - Attachment name display fix#18073
Merged
charlesBochet merged 1 commit intomainfrom Feb 19, 2026
Merged
Conversation
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
Comment on lines
+99
to
105
| getFileNameAndExtension( | ||
| isFilesFieldMigrated | ||
| ? (attachment.file?.[0]?.label as string) | ||
| : attachment.name, | ||
| ); | ||
|
|
||
| const [attachmentFileName, setAttachmentFileName] = |
There was a problem hiding this comment.
Bug: The getFileNameAndExtension function can receive an undefined value from attachment.file?.[0]?.label, causing a runtime crash when .lastIndexOf() is called on it.
Severity: HIGH
Suggested Fix
Provide a fallback value to the getFileNameAndExtension function to handle cases where attachment.file?.[0]?.label is undefined. A similar pattern with a fallback is used elsewhere in AttachmentList.tsx. For example: getFileNameAndExtension(attachment.file?.[0]?.label || '').
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location:
packages/twenty-front/src/modules/activities/files/components/AttachmentRow.tsx#L99-L105
Potential issue: When `isFilesFieldMigrated` is true, the code accesses
`attachment.file?.[0]?.label`. If any part of this optional chain is null or undefined,
the expression evaluates to `undefined`. This value is then passed to
`getFileNameAndExtension`, which does not handle null or undefined inputs and will crash
when calling `.lastIndexOf()`. This causes a runtime `TypeError`, preventing the
`AttachmentRow` component and the entire attachment list from rendering. The scenario is
considered realistic, especially if API users update the `file` field without providing
a `label`.
Did we get this right? 👍 / 👎 to inform future reviews.
Contributor
Greptile SummaryUpdates Major issues found:
Confidence Score: 2/5
Important Files Changed
Flowchart%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[AttachmentRow Component] --> B{isFilesFieldMigrated?}
B -->|true| C[Use attachment.file field]
B -->|false| D[Use legacy attachment.name]
C --> E[Extract file0.label for name]
C --> F[Extract file0.url for URL]
C --> G[Extract file0.extension for category]
D --> H[Use attachment.name]
D --> I[Use attachment.fullPath]
D --> J[Use attachment.fileCategory]
E --> K[getFileNameAndExtension]
H --> K
K --> L[Split into fileName + extension]
L --> M[Display in UI]
F --> M
I --> M
style C fill:#ff6b6b
style E fill:#ff6b6b
style F fill:#ff6b6b
Note1[Risk: file array could be empty/null]
Note1 -.-> C
Last reviewed commit: 31111fa |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Comment on lines
+100
to
+102
| isFilesFieldMigrated | ||
| ? (attachment.file?.[0]?.label as string) | ||
| : attachment.name, |
Contributor
There was a problem hiding this comment.
casting potentially undefined value to string will cause runtime error if attachment.file is empty/null or label is undefined. getFileNameAndExtension expects a string and will crash on undefined.
add fallback to attachment.name:
Suggested change
| isFilesFieldMigrated | |
| ? (attachment.file?.[0]?.label as string) | |
| : attachment.name, | |
| isFilesFieldMigrated | |
| ? (attachment.file?.[0]?.label ?? attachment.name) | |
| : attachment.name, |
Comment on lines
113
to
114
| ? (attachment.file?.[0]?.url as string) // TODO : fix attachment.file type after Files field migration | ||
| : attachment.fullPath; |
Contributor
There was a problem hiding this comment.
same null safety issue - casting undefined to string. AttachmentList.tsx:158 shows the correct pattern with fallback
Suggested change
| ? (attachment.file?.[0]?.url ?? attachment.fullPath) |
Comment on lines
24
to
+26
| import { | ||
| PermissionFlagType, | ||
| FeatureFlagKey, | ||
| PermissionFlagType, |
Contributor
There was a problem hiding this comment.
imports should be alphabetically ordered per ESLint rules
thomtrp
approved these changes
Feb 19, 2026
| getFileNameAndExtension(attachment.name); | ||
| getFileNameAndExtension( | ||
| isFilesFieldMigrated | ||
| ? (attachment.file?.[0]?.label as string) |
Contributor
There was a problem hiding this comment.
maybe ensure this is not null before trying to cast? do you actually really need that casting?
Contributor
Author
There was a problem hiding this comment.
Absolutely ! I'll improve Attachment type when removing feature flag
I added a todo few lines after
https://github.com/twentyhq/twenty/pull/18073/changes/BASE..31111faeb907e352befc8b47fc4763b9ed93f05f#diff-7f7fa74b775e635071c3fcfbb5e65f9554b941d26b5d99621cb8fef0bc6c4a32R113
Contributor
|
🚀 Preview Environment Ready! Your preview environment is available at: http://bore.pub:3380 This environment will automatically shut down when the PR is closed or after 5 hours. |
|
Hey @etiennejouan! After you've done the QA of your Pull Request, you can mark it as done here. Thank you! |
etiennejouan
added a commit
that referenced
this pull request
Feb 19, 2026
with new 'file' FILES field on attachment, UI should display attachment name from file field value. Issue with API users updating only 'file' FILES field (and not name field anymore)
walmat
added a commit
to Omnia-Insurance/crm
that referenced
this pull request
Feb 19, 2026
* Fix connected account permissions (#17598)
Fixes #17411
---------
Co-authored-by: neo773 <neo773@protonmail.com>
Co-authored-by: neo773 <62795688+neo773@users.noreply.github.com>
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* i18n - docs translations (#18017)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* i18n - docs translations (#18020)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Files command - fixes (#18016)
- Fixed "property entity not found" error when updating/creating a new
field and querying the same object repository just after
- Downgraded log type for unnecessary migration
* Date & DateTime validation fixes / improvements (#18009)
Fixes https://github.com/twentyhq/twenty/issues/17138
- Backend should have strict date/dateTime format validation
- FE in import csv is more permissive
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
* fixes: loosen up front validation, add resolveEntityRelationUniversalIdentifiers to update and restore (#18015)
closes https://github.com/twentyhq/private-issues/issues/419
* New field creates fields widget field (#18022)
## Context
Introducing "NewFieldDefaultConfiguration" to FIELDS widget
configurations
```typescript
{
isVisible: boolean;
viewFieldGroupId: string | null;
}
```
This configuration will define where a new field should be added (which
section) and its default visibility inside FIELDS widget views.
The new field position should always be at the end (meaning the last
position for the view fields OR the last position of a viewFieldGroup)
See "New fields" on this screenshot
<img width="401" height="724" alt="Layout V1"
src="https://github.com/user-attachments/assets/4969bcaa-f244-4504-8947-778a02c24c47"
/>
* App feedbacks (#18028)
as title
* Add SSE for metadata and plug front components (#17998)
Create the necessary tooling to listen to metadata events and plug it to
the front components. Now we have a hot reload like experience when we
edit a component in an app.
## Backend
- Split `EventWithQueryIds` into `ObjectRecordEventWithQueryIds` and
`MetadataEventWithQueryIds`
- Publish metadata event batches to active SSE streams in
`MetadataEventsToDbListener`
## Frontend
- Create a metadata event dispatching pipeline: SSE metadata events are
grouped by metadata name, transformed into
`MetadataOperationBrowserEventDetail` objects, and dispatched as browser
`CustomEvents`
- Add `useListenToMetadataOperationBrowserEvent` hook for consuming
metadata operation events filtered by metadata name and operation type
- Rename `useListenToObjectRecordEventsForQuery` to
`useListenToEventsForQuery`, now accepting both
`RecordGqlOperationSignature` and `MetadataGqlOperationSignature`
- Implement `useOnFrontComponentUpdated` which subscribes to front
component metadata events and updates the Apollo cache when the
component is modified
- Add `builtComponentChecksum` to the front component query and appends
it to the component URL for browser cache invalidation
* Improve API Client usage and add Typescript check (#18023)
## Summary
https://github.com/user-attachments/assets/1e75cc9d-d9d2-4ef2-99f9-34450f5d8de7
Add background incremental type checking (`tsc --watch`) to the SDK dev
mode, so type regressions are caught when the generated API client
changes — without requiring a full rebuild of source files.
Previously, removing a field from the data model would regenerate the
API client, but existing front components/logic functions referencing
the removed field wouldn't surface type errors (since their source
didn't change, esbuild wouldn't rebuild them).
## What changed
- **Background `tsc --watch`**: a long-lived TypeScript watcher runs
alongside esbuild watchers, incrementally re-checking all files when the
generated client changes. Only logs on state transitions (errors appear
/ errors clear) to stay quiet.
- **Atomic client generation**: API client is now generated into a temp
directory and swapped in atomically, avoiding a race condition where
`tsc --watch` could see an empty `generated/` directory
mid-regeneration.
- **Step decoupling**: orchestrator steps no longer receive
`uploadFilesStep` directly. Instead, they use callbacks (`onFileBuilt`,
`onApiClientGenerated`), and each step manages its own `builtFileInfos`
state.
- **`apiClientChecksum` omitted from `ApplicationConfig`**: it's a
build-time computed value, same as `packageJsonChecksum`.
<img width="327" height="177" alt="image"
src="https://github.com/user-attachments/assets/02bd25bb-fa41-42b0-8d96-01c51bd4580c"
/>
<img width="529" height="452" alt="image"
src="https://github.com/user-attachments/assets/61f6e968-365b-4a5b-8f2b-a8419d6b1bd3"
/>
* i18n - translations (#18029)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* v1.18 - Fix command (#18032)
Same as here https://github.com/twentyhq/twenty/pull/18016
* Fix Gmail thread awareness for custom labels (#18031)
This fixes two edge cases for Gmail
- When policy was set to `SELECTED_FOLDERS` excluding root INBOX, it
missed label changes, so messages with newly applied labels weren't
imported until a full resync.
- Gmail thread replies by default by default do no inherit parent
message's label properties so thread context was also lost because only
individually labeled messages were returned, dropping earlier parts of
the conversation.
Fixed by subscribing to `labelAdded`/`labelRemoved` history events and
fetching full thread context when at least one message in a thread
carries a synced label. `ALL_FOLDERS` path is untouched.
* Allow DATE_TIME IS operand to filter on a whole day (#17529)
Fixes: https://github.com/twentyhq/core-team-issues/issues/2027
We've replaced the DATE_TIME picker with DATE picker, and changed the
logic to filter for complete day period.
https://github.com/user-attachments/assets/ba7e1078-bab3-4c62-a803-d6a851f14b7d
---------
Co-authored-by: Arun kumar <arunkumar@Aruns-MacBook-Air.local>
Co-authored-by: Lucas Bordeau <bordeau.lucas@gmail.com>
* Replace generic "Unknown error" messages with descriptive error details (#18019)
## Summary
- Replace all generic `"Unknown error"` fallback messages across the
server codebase with messages that include the actual error details
- The most impactful change is in `guard-redirect.service.ts`, which
handles OAuth redirect errors — non-`AuthException` errors (e.g.,
passport state verification failures) now show `"Authentication error:
<actual message>"` instead of the opaque `"Unknown error"`
- Gmail/Google error handler services now include the error message in
the thrown exception instead of discarding it
- Other catch blocks (workflow delay resume, migration runner rollback,
code interpreter, marketplace) now use `String(error)` for non-Error
objects instead of a static fallback
Fixes the class of issues reported in
https://github.com/twentyhq/twenty/issues/17812, where a user saw
"Unknown error" during Google OAuth and had no way to diagnose the root
cause (which turned out to be a session cookie / SSL configuration
issue).
## Test plan
- [ ] Verify OAuth error flows (e.g., Google Auth with misconfigured
callback URL) now display the actual error message on the `/verify` page
instead of "Unknown error"
- [ ] Verify Gmail sync error handling still correctly classifies and
re-throws errors with descriptive messages
- [ ] Verify workflow delay resume failures include the error details in
the workflow run status
Made with [Cursor](https://cursor.com)
Co-authored-by: Cursor <cursoragent@cursor.com>
* Use proper PostgreSQL identifier/literal escaping in workspace DDL (#18024)
## Summary
- Replace the character-stripping approach (`removeSqlDDLInjection`)
with standard PostgreSQL `escapeIdentifier` and `escapeLiteral`
functions across all workspace schema manager services
- Add missing identifier escaping to `createForeignKey` (was the only
method in the FK manager without it)
- Add allowlist validation for index WHERE clauses and FK action types
- Harden tsvector expression builder with proper identifier quoting
## Context
The workspace schema managers build DDL dynamically from metadata (table
names, column names, enum values, etc.). The previous approach stripped
all non-alphanumeric characters — safe but lossy (silently corrupts
values with legitimate special characters). The new approach uses
PostgreSQL's standard escaping:
- **Identifiers**: double internal `"` and wrap → `"my""table"` (same
algorithm as `pg` driver's `escapeIdentifier`)
- **Literals**: double internal `'` and wrap → `'it''s a value'` (same
algorithm as `pg` driver's `escapeLiteral`)
`removeSqlDDLInjection` is kept only for name generation (e.g.,
`computePostgresEnumName`) where stripping to `[a-zA-Z0-9_]` is the
correct behavior.
## Files changed
| File | What |
|------|------|
| `remove-sql-injection.util.ts` | Added `escapeIdentifier` +
`escapeLiteral` |
| `validate-index-where-clause.util.ts` | New — allowlist for partial
index WHERE clauses |
| 5 schema manager services | Replaced strip+manual-quote with
`escapeIdentifier`/`escapeLiteral` |
| `build-sql-column-definition.util.ts` | `escapeIdentifier` for column
names, validated `generatedType` |
| `sanitize-default-value.util.ts` | `escapeLiteral` instead of
stripping |
| `serialize-default-value.util.ts` | `escapeLiteral` for values,
`escapeIdentifier` for enum casts |
| `get-ts-vector-column-expression.util.ts` | `escapeIdentifier` for
field names in expressions |
| `sanitize-default-value.util.spec.ts` | Updated tests for escape
behavior |
## Test plan
- [x] All 64 existing tests pass across 6 test suites
- [x] `lint:diff-with-main` passes
- [x] TypeScript typecheck — no new errors
- [ ] Verify workspace sync-metadata still works end-to-end
- [ ] Verify custom object/field creation works
- [ ] Verify enum field option changes work
Made with [Cursor](https://cursor.com)
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* Fixes - Workspace logo migration (#18035)
- Update migration command to handle case where workspace logo is
originated from workspace email and point to twenty-icons.com
- Update same logic for new workspaces
- Add feature-flag for all newly created workspaces
* [Chore] : Generate migration for DATE_TIME to DATE for DATE_TIME + IS operand filters (#17564)
migration command in response to the fix :
https://github.com/twentyhq/twenty/pull/17529 for the issue
https://github.com/twentyhq/core-team-issues/issues/2027
---------
Co-authored-by: Arun kumar <arunkumar@Aruns-MacBook-Air.local>
Co-authored-by: Lucas Bordeau <bordeau.lucas@gmail.com>
* 2094 extensibility define postinstall orand preinstall function to run in application (#18037)
- add a new optional key `postInstallLogicFunctionUniversalIdentifier`
in applicationConfig
- seed postInstall function in create-twenty-app
- update execute:function options
- update doc
* Nav Menu Item Migration command fix (#18041)
* i18n - docs translations (#18040)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Sync page Layout (#18034)
## Sync page layouts, tabs, and widgets
Adds the ability for SDK applications to synchronize `pageLayout`,
`pageLayoutTab`, and `pageLayoutWidget` entities, following the same
pattern established in #18003 for views and navigation menu items.
### Changes
**`twenty-shared`**
- New `PageLayoutManifest`, `PageLayoutTabManifest`, and
`PageLayoutWidgetManifest` types with a hierarchical structure (page
layout → tabs → widgets)
- Added `pageLayouts: PageLayoutManifest[]` to the `Manifest` type
**`twenty-sdk`**
- New `definePageLayout()` SDK function with validation for
universalIdentifier, name, and nested tabs/widgets
- Wired into the manifest extraction and build pipeline
(`DefinePageLayout` target function, `PageLayouts` entity key)
- Exported from the SDK entry point
**`twenty-server`**
- Added `pageLayout`, `pageLayoutTab`, `pageLayoutWidget` to
`APPLICATION_MANIFEST_METADATA_NAMES`
- New conversion utilities: manifest → universal flat entity for all
three entity types
- Updated `computeApplicationManifestAllUniversalFlatEntity
* Add example in create-twenty-app (#18043)
- add interactive mode to create-twenty-app
- by default create an example for each entities
<img width="1181" height="168" alt="image"
src="https://github.com/user-attachments/assets/a2490d8f-66a1-4cd5-bf41-57166cc20a1e"
/>
* i18n - docs translations (#18048)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Add missing objects to rich app integration tests (#18039)
Updating rich app so it also create:
- a many to many relation
- views
- navigation items
The app was built successfully.
Will still be missing front component examples
<img width="1498" height="660" alt="Capture d’écran 2026-02-18 à 17 47
25"
src="https://github.com/user-attachments/assets/acd5193f-3a36-4eb7-8276-3154e4e60f5e"
/>
* Refactor page layout types (#18042)
## Refactor page layout widget types into shared package and expose from
SDK
### Why
Widget configuration types were defined only on the server, forcing SDK
consumer apps to import from deep internal `twenty-shared/dist` paths —
fragile and breaks on structural changes. Server DTOs also had no
compile-time guarantee they matched the canonical types.
### What changed
- **`twenty-shared`**: Migrated `ChartFilter`, `GridPosition`,
`RatioAggregateConfig` and all 20 widget configuration variants into
`twenty-shared/types`. `PageLayoutWidgetConfiguration` (base, with
`SerializedRelation`) and `PageLayoutWidgetUniversalConfiguration`
(derived via `FormatRecordSerializedRelationProperties`) are now the
single source of truth.
- **`twenty-sdk`**: Re-exported `AggregateOperations`,
`ObjectRecordGroupByDateGranularity`, `PageLayoutTabLayoutMode`, and
`PageLayoutWidgetUniversalConfiguration` so consumer apps import from
`twenty-sdk` directly.
- **`twenty-server`**: All widget DTOs now `implements` their shared
type for compile-time enforcement. Added helpers to convert nested
`fieldMetadataId` ↔ `fieldMetadataUniversalIdentifier` inside chart
filters. Removed redundant local type re-exports.
* refactor workflow action messaging with callout (#18038)
## Summary
- remove the dedicated `WorkflowMessage` component and story
- update workflow action editor components to use the shared callout
patterns
- adjust `Callout` and its stories to support the new usage in workflow
actions
## Before/After
<img width="525" height="548" alt="image"
src="https://github.com/user-attachments/assets/ce57a84f-f070-4149-85ef-a4d162b2d878"
/>
<img width="518" height="593" alt="image"
src="https://github.com/user-attachments/assets/f7249cd0-221f-496d-9deb-d9966ee43382"
/>
* Add currency hover tooltip in CurrencyDisplay (#18045)
https://github.com/user-attachments/assets/af768ecb-b5e9-4e8d-a9f9-fee1a08ea9a0
Fixes https://github.com/twentyhq/twenty/issues/17756
* fix: show "Not shared" for junction relation fields when target or intermediate object is not readable (#18025)
When a user's role lacks read permission on the target object (e.g.,
Company) or the intermediate junction object (e.g., EmploymentHistory),
junction relation fields like "Previous Companies" displayed as blank
instead of showing "Not shared."
- In RecordFieldList, junction fields now check the junction object's
read permission and set isForbidden on the field context so FieldDisplay
renders "Not shared" instead of an empty field.
- In RelationFromManyFieldDisplay, if junction records exist but all
nested target records are null (permission-denied by the API), the
component renders "Not shared" instead of an empty list.
---------
Co-authored-by: Félix Malfait <felix@twenty.com>
* i18n - docs translations (#18050)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Restore old favorite design (#18049)
Issue : With IS_NAVIGATION_MENU_ITEM_ENABLED:true +
IS_NAVIGATION_MENU_ITEM_EDITING_ENABLED:false, nav menu design is
changed after 1.18.0 release : views expansion removed, system object
displayed, position re-ordered
We prefer keeping the same "old" favorite behaviour and design state
- After 1.18.0 all workspaces have up-to-date navigation menu items
(migrated)
- IS_NAVIGATION_MENU_ITEM_EDITING_ENABLED becomes the FF for nav menu
new design
---------
Co-authored-by: Charles Bochet <charles@twenty.com>
* Fix impossible scroll in sdk app:dev (#18051)
Issue is that we are refreshing the terminal because of icons animations
* Harden server-side input validation and auth defaults (#18018)
## Summary
- **File storage (LocalDriver):** Add realpath resolution and symlink
rejection to `writeFile`, `downloadFile`, and `downloadFolder` — brings
them in line with the existing `readFile` protections. Includes unit
tests.
- **JWT:** Pin signing/verification to HS256 explicitly.
- **Auth:** Revoke active refresh tokens when a user changes their
password.
- **Logic functions:** Validate `handlerName` as a safe JS identifier at
both DTO and runtime level, preventing injection into the generated
runner script.
- **User entity:** Remove `passwordHash` from the GraphQL schema
(`@Field` decorator removed, column stays).
- **Query params:** Use `crypto.randomBytes` instead of `Math.random`
for SQL parameter name generation.
- **Exception filter:** Mirror the request `Origin` header instead of
sending `Access-Control-Allow-Origin: *`.
## Test plan
- [x] `local.driver.spec.ts` — writeFile rejects symlinks, downloadFile
rejects paths outside storage
- [ ] Verify JWT auth flow still works (login, token refresh)
- [ ] Verify password change invalidates existing sessions
- [ ] Verify logic function creation with valid/invalid handler names
- [ ] Verify file upload/download in dev environment
Made with [Cursor](https://cursor.com)
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
* Prevent SSRF via IMAP/SMTP/CalDAV (#17973)
Prevents leaking of internal services by filtering out private IPs, same
way we do for webhooks
* Fix website build (#18052)
* i18n - translations (#18053)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* Improve security settings card grouping and description overflow (#17928)
# After
- Added a separtor between the two audit logs cards
- Rename the audit log card to avoid repetition
- Grouped "Invite by link" and "2 factor auth" in one group
- Changed the card component description to always be one line max with
truncation & tooltips
<img width="777" height="1278" alt="CleanShot 2026-02-13 at 17 02 36"
src="https://github.com/user-attachments/assets/685c792a-c85b-4521-8c1b-bd9adedc75d9"
/>
<img width="976" height="690"
alt="b49f2eb043b6712d013618bb0a4ef7f011cf2316e1163fbdee4c293bed036ac9"
src="https://github.com/user-attachments/assets/6e17aa11-ecdb-4f98-ba50-5cd9b9c5def6"
/>
---------
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
Co-authored-by: Charles Bochet <charlesBochet@users.noreply.github.com>
Co-authored-by: Charles Bochet <charles@twenty.com>
* i18n - translations (#18056)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* Fix website build (#18057)
* Messages Message Folder Association (#17398)
This PR adds Message folder association for message channel messages,
Currently under testing phase, not ready yet.
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Fix website build (#18061)
As per title
* i18n - docs translations (#18062)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Migrate dropdown to jotai (#18063)
Here we go again
* i18n - docs translations (#18067)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Bump @xyflow/react from 12.4.2 to 12.10.0 (#18070)
Bumps
[@xyflow/react](https://github.com/xyflow/xyflow/tree/HEAD/packages/react)
from 12.4.2 to 12.10.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/xyflow/xyflow/releases"><code>@xyflow/react</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.10.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5637">#5637</a> <a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Add <code>zIndexMode</code> to control how z-index is calculated for
nodes and edges</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5484">#5484</a> <a
href="https://github.com/xyflow/xyflow/commit/a523919d6789995e9d0f3dd29b0b47fc3b8d8439"><code>a523919d6</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Add
<code>experimental_useOnNodesChangeMiddleware</code> hook</p>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5629">#5629</a> <a
href="https://github.com/xyflow/xyflow/commit/9030fab2df8285fdfb649bda6e1e885dfd228d45"><code>9030fab2d</code></a>
Thanks <a
href="https://github.com/AlaricBaraou"><code>@AlaricBaraou</code></a>!
- Prevent unnecessary re-render in <code>FlowRenderer</code></p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5592">#5592</a> <a
href="https://github.com/xyflow/xyflow/commit/38dbf41c464550cc803b946a4ad1f46982385a03"><code>38dbf41c4</code></a>
Thanks <a
href="https://github.com/svilen-ivanov-kubit"><code>@svilen-ivanov-kubit</code></a>!
- Always create a new measured object in apply changes.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5635">#5635</a> <a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>
Thanks <a
href="https://github.com/tornado-softwares"><code>@tornado-softwares</code></a>!
- Update an ongoing connection when user moves node with keyboard.</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/8598b6bc2a9d052b12d5215706382da0aa84827b"><code>8598b6bc2</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.74</li>
</ul>
</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5621">#5621</a> <a
href="https://github.com/xyflow/xyflow/commit/c1304dba7a20bb8d74c7aceb23cd80b56e4c0482"><code>c1304dba7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Set <code>paneClickDistance</code> default value to
<code>1</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5578">#5578</a> <a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Pass
current pointer position to connection</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.73</li>
</ul>
</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.2</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/xyflow/xyflow/pull/5593">#5593</a> <a
href="https://github.com/xyflow/xyflow/commit/a8ee089d7689d9a58113690c8e90e1c1e109602a"><code>a8ee089d7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Reset selection box when user selects a node</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5572">#5572</a> <a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Fix
onPaneClick events being suppressed when selectionOnDrag=true</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.72</li>
</ul>
</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5544">#5544</a> <a
href="https://github.com/xyflow/xyflow/commit/c17b49f4c16167da3f791430163edd592159d27d"><code>c17b49f4c</code></a>
Thanks <a
href="https://github.com/0x0f0f0f"><code>@0x0f0f0f</code></a>! - Add
<code>EdgeToolbar</code> component</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5550">#5550</a> <a
href="https://github.com/xyflow/xyflow/commit/6ffb9f7901c32f5b335aee2517f41bf87f274f32"><code>6ffb9f790</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! -
Prevent child nodes of different parents from overlapping</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5551">#5551</a> <a
href="https://github.com/xyflow/xyflow/commit/6bb64b3ed60f26c9ea8bc01c8d62fb9bf74cd634"><code>6bb64b3ed</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Allow to start a selection above a node</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/xyflow/xyflow/blob/main/packages/react/CHANGELOG.md"><code>@xyflow/react</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>12.10.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5637">#5637</a> <a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Add <code>zIndexMode</code> to control how z-index is calculated for
nodes and edges</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5484">#5484</a> <a
href="https://github.com/xyflow/xyflow/commit/a523919d6789995e9d0f3dd29b0b47fc3b8d8439"><code>a523919d6</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Add
<code>experimental_useOnNodesChangeMiddleware</code> hook</p>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5629">#5629</a> <a
href="https://github.com/xyflow/xyflow/commit/9030fab2df8285fdfb649bda6e1e885dfd228d45"><code>9030fab2d</code></a>
Thanks <a
href="https://github.com/AlaricBaraou"><code>@AlaricBaraou</code></a>!
- Prevent unnecessary re-render in <code>FlowRenderer</code></p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5592">#5592</a> <a
href="https://github.com/xyflow/xyflow/commit/38dbf41c464550cc803b946a4ad1f46982385a03"><code>38dbf41c4</code></a>
Thanks <a
href="https://github.com/svilen-ivanov-kubit"><code>@svilen-ivanov-kubit</code></a>!
- Always create a new measured object in apply changes.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5635">#5635</a> <a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>
Thanks <a
href="https://github.com/tornado-softwares"><code>@tornado-softwares</code></a>!
- Update an ongoing connection when user moves node with keyboard.</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/8598b6bc2a9d052b12d5215706382da0aa84827b"><code>8598b6bc2</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.74</li>
</ul>
</li>
</ul>
<h2>12.9.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5621">#5621</a> <a
href="https://github.com/xyflow/xyflow/commit/c1304dba7a20bb8d74c7aceb23cd80b56e4c0482"><code>c1304dba7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Set <code>paneClickDistance</code> default value to
<code>1</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5578">#5578</a> <a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Pass
current pointer position to connection</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.73</li>
</ul>
</li>
</ul>
<h2>12.9.2</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/xyflow/xyflow/pull/5593">#5593</a> <a
href="https://github.com/xyflow/xyflow/commit/a8ee089d7689d9a58113690c8e90e1c1e109602a"><code>a8ee089d7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Reset selection box when user selects a node</li>
</ul>
<h2>12.9.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5572">#5572</a> <a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Fix
onPaneClick events being suppressed when selectionOnDrag=true</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.72</li>
</ul>
</li>
</ul>
<h2>12.9.0</h2>
<h3>Minor Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/xyflow/xyflow/pull/5544">#5544</a> <a
href="https://github.com/xyflow/xyflow/commit/c17b49f4c16167da3f791430163edd592159d27d"><code>c17b49f4c</code></a>
Thanks <a
href="https://github.com/0x0f0f0f"><code>@0x0f0f0f</code></a>! - Add
<code>EdgeToolbar</code> component</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/xyflow/xyflow/commit/c0ed3c33a3498877ab2a5755299ff84ee659782e"><code>c0ed3c3</code></a>
chore(packages): bump</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/83a312b2e1691a44223536653689f8f99f0d5b24"><code>83a312b</code></a>
chore(zIndexMode): use basic as default</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/14fd41b1f153406f1a21a61bf98ea07ad8275ec6"><code>14fd41b</code></a>
change default back to elevateEdgesOnSelect=false and
zIndexMode=basic</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/3680a6a0e623e19d1f983515273f11bdd355ec86"><code>3680a6a</code></a>
Merge branch 'main' into feat/zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/a523919d6789995e9d0f3dd29b0b47fc3b8d8439"><code>a523919</code></a>
chore(middleware): cleanup</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/e4e3605d62c8c710fe7ddb2ec3929af0a7962a6b"><code>e4e3605</code></a>
Merge branch 'main' into middlewares</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/2c05b3224a13e896dfb9a0c93f3af7bb592afc45"><code>2c05b32</code></a>
Merge branch 'feat/zindexmode' of github.com:xyflow/xyflow into
feat/zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/ddbb9280f6242794187205a207e993e2c721c244"><code>ddbb928</code></a>
chore(examples): add zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/9faca3357d5db68fdad6c96de06fd66dd1d0ba64"><code>9faca33</code></a>
Merge branch 'main' into feat/zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/4eb42952f01b947c9d36c25e6b30b7bd98224632"><code>4eb4295</code></a>
feat(svelte): add zIndexMode</li>
<li>Additional commits viewable in <a
href="https://github.com/xyflow/xyflow/commits/@xyflow/react@12.10.0/packages/react">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump eslint-config-next from 14.2.33 to 14.2.35 (#18069)
Bumps
[eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next)
from 14.2.33 to 14.2.35.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/vercel/next.js/commit/7b940d9ce96faddb9f92ff40f5e35c34ace04eb2"><code>7b940d9</code></a>
v14.2.35</li>
<li><a
href="https://github.com/vercel/next.js/commit/f3073688ce18878a674fdb9954da68e9d626a930"><code>f307368</code></a>
v14.2.34</li>
<li>See full diff in <a
href="https://github.com/vercel/next.js/commits/v14.2.35/packages/eslint-config-next">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump @emotion/is-prop-valid from 1.3.0 to 1.4.0 (#18068)
Bumps [@emotion/is-prop-valid](https://github.com/emotion-js/emotion)
from 1.3.0 to 1.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/emotion-js/emotion/releases"><code>@emotion/is-prop-valid</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@emotion/is-prop-valid</code><a
href="https://github.com/1"><code>@1</code></a>.4.0</h2>
<h3>Minor Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/emotion-js/emotion/pull/3306">#3306</a>
<a
href="https://github.com/emotion-js/emotion/commit/dfae1cbd98d3ebe449ce322b38cbf4a7fbfbfe96"><code>dfae1cb</code></a>
Thanks <a
href="https://github.com/EnzoAlbornoz"><code>@EnzoAlbornoz</code></a>!
- Adds <code>popover</code>, <code>popoverTarget</code> and
<code>popoverTargetAction</code> to the list of allowed props.</li>
</ul>
<h2><code>@emotion/is-prop-valid</code><a
href="https://github.com/1"><code>@1</code></a>.3.1</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/emotion-js/emotion/pull/3093">#3093</a>
<a
href="https://github.com/emotion-js/emotion/commit/532ff57cafd8ba04f3b624074556ea47ec76fc9a"><code>532ff57</code></a>
Thanks <a href="https://github.com/codejet"><code>@codejet</code></a>,
<a href="https://github.com/DustinBrett"><code>@DustinBrett</code></a>!
- Adds <code>fetchpriority</code> and <code>fetchPriority</code> to the
list of allowed props.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/emotion-js/emotion/commit/38db311adf024fe8a24b57c687824c47abbd0957"><code>38db311</code></a>
Version Packages (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3347">#3347</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/dfae1cbd98d3ebe449ce322b38cbf4a7fbfbfe96"><code>dfae1cb</code></a>
Adds <code>popover</code>, <code>popoverTarget</code> and
<code>popoverTargetAction</code> to the list of allo...</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/49229553967b6050c92d9602eb577bdc48167e91"><code>4922955</code></a>
Version Packages (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3335">#3335</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/0facbe47bd9099ae4ed22dc201822d910ac3dec5"><code>0facbe4</code></a>
Renamed default-exported variable in <code>@emotion/styled</code> to aid
inferred import...</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/cce67ec6b2fc94261028b4f4778aae8c3d6c5fd6"><code>cce67ec</code></a>
Bump parcel (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3258">#3258</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/3c19ce5997f73960679e546af47801205631dfde"><code>3c19ce5</code></a>
Version Packages (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3280">#3280</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/a19d019bd418ebc3b9cba0e58f58b36ac2862a42"><code>a19d019</code></a>
Convert <code>@emotion/styled</code>'s source code to TypeScript (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3284">#3284</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/5974e33fcb5e7aee177408684ac6fe8b38b3e353"><code>5974e33</code></a>
Fix JSX namespace <a
href="https://github.com/ts-ignores"><code>@ts-ignores</code></a> (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3282">#3282</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/fc4d7bd744c205f55513dcd4e4e5134198c219de"><code>fc4d7bd</code></a>
Convert <code>@emotion/react</code>'s source code to TypeScript (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3281">#3281</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/8dc1a6dd19d2dc9ce435ef0aff85ccf5647f5d2e"><code>8dc1a6d</code></a>
Convert <code>@emotion/cache</code>'s source code to TypeScript (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3277">#3277</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/emotion-js/emotion/compare/@emotion/is-prop-valid@1.3.0...@emotion/is-prop-valid@1.4.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* FILES field - Attachment name display fix (#18073)
with new 'file' FILES field on attachment, UI should display attachment
name from file field value.
Issue with API users updating only 'file' FILES field (and not name
field anymore)
* Add objectRecordCounts query to /metadata endpoint (#18054)
## Summary
- Adds an `objectRecordCounts` query on the `/metadata` GraphQL endpoint
that returns approximate record counts for all objects in the workspace
- Uses PostgreSQL's `pg_class.reltuples` catalog stats — a single
instant query instead of N `COUNT(*)` table scans
- Replaces the previous `CombinedFindManyRecords` approach which hit the
server's 20 root resolver limit and silently showed 0 for all counts on
the settings Data Model page
### Server
- `ObjectRecordCountDTO` — GraphQL type with `objectNamePlural` and
`totalCount`
- `ObjectRecordCountService` — reads `pg_class` catalog for the
workspace schema
- Query added to `ObjectMetadataResolver` with `@MetadataResolver()` +
`NoPermissionGuard`
### Frontend
- `OBJECT_RECORD_COUNTS` query added to
`object-metadata/graphql/queries.ts`
- `useCombinedGetTotalCount` simplified to a zero-argument hook using
the new query
- `SettingsObjectTable` simplified to a single hook call
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* Refactor and standardize `isSystem` field and object (#17992)
# Introduction
## Centralize system field definitions
- Extract a single `PARTIAL_SYSTEM_FLAT_FIELD_METADATAS` constant as the
source of truth for all 8 system fields (`id`, `createdAt`, `updatedAt`,
`deletedAt`, `createdBy`, `updatedBy`, `position`, `searchVector`),
eliminating duplication across custom object and standard app field
builders
- Refactor `buildDefaultFlatFieldMetadatasForCustomObject` to use the
shared constant via a new `buildObjectSystemFlatFieldMetadatas` helper
## Mark system fields as `isSystem: true`
- Fields `id`, `createdAt`, `updatedAt`, `deletedAt`, `createdBy`,
`updatedBy`, `position`, `searchVector` are now properly flagged as
system fields across all standard objects and custom object creation
- Standard app field builders for all ~30 standard objects updated to
set `isSystem: true` on `createdAt`, `updatedAt`, `deletedAt`,
`createdBy`, `updatedBy`
- System-only standard objects (blocklist, calendar channels, message
threads, etc.) now also include `createdBy`, `updatedBy`, `position`,
`searchVector` field definitions that were previously missing
## Validate system fields on object creation
- New transversal validation (`crossEntityTransversalValidation`) runs
after all atomic entity validations in the build orchestrator, ensuring
all 8 system fields are present with correct `type` and `isSystem: true`
when an object is created
- New `buildUniversalFlatObjectFieldByNameAndJoinColumnMaps` utility to
resolve field names to universal identifiers for a given object
- New exception codes: `MISSING_SYSTEM_FIELD` and `INVALID_SYSTEM_FIELD`
on `ObjectMetadataExceptionCode`
## Protect system fields and objects from mutation
- Field validators now block update/delete of `isSystem` fields by
non-system callers (`FIELD_MUTATION_NOT_ALLOWED`)
- Object validators now block update/delete of `isSystem` objects by
non-system callers
- `POSITION` and `TS_VECTOR` field type validators replaced: instead of
rejecting creation outright, they now validate that the field is named
correctly (`position` / `searchVector`) and has `isSystem: true`
## Distinguish `isSystemBuild` from `isCallerTwentyStandardApp`
- New `isCallerTwentyStandardApp` utility checks whether the caller's
`applicationUniversalIdentifier` matches the twenty standard app
- Name-sync logic (`isFlatFieldMetadataNameSyncedWithLabel`,
`areFlatObjectMetadataNamesSyncedWithLabels`) refactored to use
`isCallerTwentyStandardApp` for custom suffix decisions, keeping
`isSystemBuild` for mutation permission checks
- `WorkspaceMigrationBuilderOptions` type updated to include
`applicationUniversalIdentifier`
## Adapt frontend filtering
- New `HIDDEN_SYSTEM_FIELD_NAMES` constant (`id`, `position`,
`searchVector`) and `isHiddenSystemField` utility to only hide truly
internal fields while keeping user-facing system fields (`createdAt`,
`updatedAt`, `deletedAt`, `createdBy`, `updatedBy`) visible in the UI
- ~20 frontend files updated to replace `!field.isSystem` checks with
`!isHiddenSystemField(field)` across record index, settings, data model,
charts, workflows, spreadsheet import, aggregations, and role
permissions
## Add 1.19 upgrade commands
- **`backfill-system-fields-is-system`**: Raw SQL command to set
`isSystem = true` on existing workspace fields matching system field
names, and fix `position` field type from `NUMBER` to `POSITION` for
`favorite`/`favoriteFolder` objects. Includes proper cache invalidation.
- **`add-missing-system-fields-to-standard-objects`**: Codegen'd
workspace migration to create missing `position`, `searchVector`,
`createdBy`, `updatedBy` fields on standard objects that didn't
previously have them. Runs via `WorkspaceMigrationRunnerService` in a
single transaction with idempotency check. **Known limitation**: assumes
all standard objects exist and are valid in the target workspace.
## Add `universalIdentifier` for system fields in standard object
constants
- `standard-object.constant.ts` updated to include `universalIdentifier`
for `createdBy`, `updatedBy`, `position`, and `searchVector` across all
standard objects
- `fieldManifestType.ts` updated to support the new field manifest shape
## System relation
Completely removed and backfilled all `isSystem` relation to be false
false
As we won't require an object to have any relation system fields
## Add integration tests
- New test suite `failing-sync-application-object-system-fields`
covering: missing system fields, wrong field types (`id` as TEXT,
`createdAt` as TEXT, `position` as TEXT), system field deletion
attempts, and system field update attempts
- New test utilities: `buildDefaultObjectManifest` (builds an object
manifest with all 8 system fields) and `setupApplicationForSync`
(centralizes application setup)
- Existing successful sync test updated to verify system fields are
created with correct properties
## Next step
Make the builder scope the compared entity to be the currently built app
+ nor twenty standard app
* i18n - translations (#18079)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* fix: remove the error message for test failure in ci-front (#18076)
Introduced an error message on twenty-front CI earlier to try and inform
the user that test failure could be a coverage issue if no individual
test was failing. However, it led to the assumption that it must be
coverage failure in all cases even when it was test failure leading to
the CI being red.
This PR reverts the change.
* Keep migrating to jotai (#18064)
And we continue!
* Remove non positive integer constraint on Nav Menu Item (#18081)
To fit with position typed field logic + Ease favorite to nav menu item
migration (which have negative and float position)
* i18n - translations (#18086)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* Refactor message backfill command (#18078)
# Introduction
Atomically create the field and object to be created
And avoid synchronizing unrelated non up to date object and fields
Followup https://github.com/twentyhq/twenty/pull/17398
* Migrate more to Jotai (#18087)
Continue jotai migration
* Factorize and add public-assets/*path endpoint (#18080)
as title
* Twenty standard app static options id (#18089)
# Introduction
While preparing the twenty-standard as code migration to twenty-app
through sdk I've faced permanent field enum update as the id was
generated dynamically at each twenty standard app construction
Making them deterministic in order to avoid having this noise
Won't backfill this on existing workspace as it's not critical and that
we will rework the options in the future
* Create LLMS.md on create-twenty-app (#18091)
Managed to create a many to many app with minimal instructions. File
will need to be enriched with more pitfalls.
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* Fix google compose scope not gated by feature flag (#18093)
## Context
New google api scope has been introduced in
https://github.com/twentyhq/twenty/pull/17793 without being gated behind
a feature flag
Microsoft is using pre-existing Mail.ReadWrite scope there is nothing to
gate
## Before
<img width="553" height="445" alt="Screenshot 2026-02-19 at 14 57 58"
src="https://github.com/user-attachments/assets/59a4f76b-d38d-492f-b013-b6cad4091a7f"
/>
## After
<img width="535" height="392" alt="Screenshot 2026-02-19 at 14 58 44"
src="https://github.com/user-attachments/assets/0337bf15-ec30-4549-bb9d-571a982dffd8"
/>
* Remove non positive integer constraint on Nav Menu Item 2/2 (#18090)
Follow up https://github.com/twentyhq/twenty/pull/18081
* [FRONT COMPONENTS] Declare command menu items in front components (#18047)
## Description
- Adds support for declaring command menu items directly within
`defineFrontComponent` via an optional command config property
- Introduces a new `CommandMenuItemManifest` type in twenty-shared and
wires it through the manifest build pipeline
## Example Of usage
```tsx
import { defineFrontComponent } from "twenty-sdk";
const TestAction = () => {
return <div>Test Action</div>;
};
export default defineFrontComponent({
universalIdentifier: "6c289461-0007-4a62-a99f-69e5c11a4ce7",
name: "test-action",
description: "Test Action",
component: TestAction,
command: {
universalIdentifier: "c07df864-495f-46f3-9f5b-9d3ce2589e9b",
label: "Run My Action",
icon: "IconBolt",
isPinned: false,
},
});
```
## Video QA
https://github.com/user-attachments/assets/f910fc6a-44a9-45d1-87c5-f0ce64bb3878
* Fix: add a new style to the target text box (#18065)
### Approach
I add some new rules for the style of the target text box. (Fix: #13229
)
<img width="842" height="545" alt="target class"
src="https://github.com/user-attachments/assets/7cd0a615-392a-493b-831f-77ddb93de5fc"
/>
**This is what it looks like now.**
<img width="320" height="224" alt="image"
src="https://github.com/user-attachments/assets/26514102-e684-49ce-915d-43e5677520a5"
/>
* chore: upgrade @swc/core to 1.15.11 and align SWC ecosystem (#18088)
## Summary
- Upgrades `@swc/core` from 1.13.3 to **1.15.11** (swc_core v56), which
introduces CBOR-based plugin serialization replacing rkyv, eliminating
strict version-matching between SWC core and Wasm plugins
- Upgrades `@lingui/swc-plugin` from ^5.6.0 to **^5.11.0** (swc_core
50.2.3, built with `--cfg=swc_ast_unknown` for cross-version
compatibility)
- Upgrades `@swc/plugin-emotion` from 10.0.4 to **14.6.0** (swc_core 53,
also with backward-compat feature)
- Upgrades companion packages: `@swc-node/register` 1.8.0 → 1.11.1,
`@swc/helpers` ~0.5.2 → ~0.5.18, `@vitejs/plugin-react-swc` 3.11.0 →
4.2.3
### Why this is safe now
Starting from `@swc/core v1.15.0`, SWC replaced the rkyv serialization
scheme with CBOR (a self-describing format) and added `Unknown` AST enum
variants. Plugins built with `swc_core >= 47` and
`--cfg=swc_ast_unknown` are now forward-compatible across `@swc/core`
versions. Both `@lingui/swc-plugin@5.10.1+` and
`@swc/plugin-emotion@14.0.0+` have this support, meaning the old
version-matching nightmare between Lingui and SWC is largely solved.
Reference: https://github.com/lingui/swc-plugin/issues/179
## Test plan
- [x] `yarn install` resolves without errors
- [x] `npx nx build twenty-shared` succeeds
- [x] `npx nx build twenty-ui` succeeds (validates
@swc/plugin-emotion@14.6.0)
- [x] `npx nx typecheck twenty-front` succeeds
- [x] `npx nx build twenty-front` succeeds (validates vite + swc +
lingui pipeline)
- [x] `npx nx build twenty-emails` succeeds (validates lingui plugin)
- [x] Frontend jest tests pass (validates @swc/jest +
@lingui/swc-plugin)
- [x] Server jest tests pass (validates server-side SWC + lingui)
Made with [Cursor](https://cursor.com)
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* Rework types for logic function (#18074)
## Summary
- **Consolidate logic function services**: Remove
`LogicFunctionMetadataService` and consolidate all logic function CRUD
operations into `LogicFunctionFromSourceService`, with a new
`LogicFunctionFromSourceHelperService` for shared validation/migration
logic
- **Introduce typed conversion utils following the skill pattern**: Add
`fromCreateLogicFunctionFromSourceInputToUniversalFlatLogicFunctionToCreate`
and `fromUpdateLogicFunctionFromSourceInputToFlatLogicFunctionToUpdate`
that convert DTO inputs directly to flat entities
(`UniversalFlatLogicFunction` / `FlatLogicFunction`), replacing the
previous intermediate `UpdateLogicFunctionMetadataParams` indirection
- **Simplify `CodeStepBuildService`**: Remove ~100 lines of manual
duplication logic by delegating to
`LogicFunctionFromSourceService.duplicateOneWithSource`
- **Remove completed 1-17 migration**: Delete
`MigrateWorkflowCodeStepsCommand` and associated utils that migrated
workflow code steps from serverless functions to logic functions
* Add page layout backfill command (#18095)
## Context
Command to backfill record page layouts and related entities for legacy
workspaces.
## Test
Set SHOULD_SEED_STANDARD_RECORD_PAGE_LAYOUTS=false, reset DB then run
the command and compare with Set
SHOULD_SEED_STANDARD_RECORD_PAGE_LAYOUTS=true on a different workspace
* feat: added workspace member filter for actor fields (#16628)
Closes #16619
This PR adds support for filtering ACTOR fields by `Workspace Member`
subfield, enabling users to filter records by who created them with a
`Me` option.
I replicated the same UX and code structure as the Relation field filter
for consistency.
Each filter selection triggers a server-side GraphQL call. But there is
client-side filtering in `isRecordMatchingFilter.ts` which instantly
filters already-loaded records while the server is fetching new results.
I replicated this behaviour from how `FULL_NAME` and other composite
fields handle filtering.
UX decision that were taken by me (Let me know if changes are needed) :
- The filter shows comma separated selected workspace member names until
3 members are selected. After that it shows [no of selected members]
workspace members.
<img width="643" height="283" alt="Screenshot 2025-12-17 at 8 01 23 PM"
src="https://github.com/user-attachments/assets/18d524f4-979b-4d92-ad64-aa7b63be7897"
/>
<img width="774" height="309" alt="Screenshot 2025-12-17 at 8 01 33 PM"
src="https://github.com/user-attachments/assets/779f374f-1501-48f9-afa2-a78628e067b1"
/>
<img width="737" height="397" alt="Screenshot 2025-12-17 at 8 01 40 PM"
src="https://github.com/user-attachments/assets/4e8b963e-8a0f-467d-91ae-48bca4e1d842"
/>
<img width="697" height="334" alt="Screenshot 2025-12-17 at 8 01 53 PM"
src="https://github.com/user-attachments/assets/c9a0e4bb-48b4-486b-a4f9-d7c49ff3852c"
/>
<img width="684" height="343" alt="Screenshot 2025-12-17 at 8 02 04 PM"
src="https://github.com/user-attachments/assets/d5c45eba-06a3-40fc-b9d0-d585dc8bc136"
/>
---------
Co-authored-by: Lucas Bordeau <bordeau.lucas@gmail.com>
* fix: laggy edition of FormNumberFieldInput (#18011)
### What this PR do ?
Stops the delay fields from updating the workflow on every keystroke by
keeping values locally and saving them on blur, which fixes the cached
relation error
Fixed #15709
---------
Co-authored-by: Lucas Bordeau <bordeau.lucas@gmail.com>
* i18n - translations (#18100)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: BOHEUS <56270748+BOHEUS@users.noreply.github.com>
Co-authored-by: neo773 <neo773@protonmail.com>
Co-authored-by: neo773 <62795688+neo773@users.noreply.github.com>
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions <github-actions@twenty.com>
Co-authored-by: Etienne <45695613+etiennejouan@users.noreply.github.com>
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
Co-authored-by: nitin <142569587+ehconitin@users.noreply.github.com>
Co-authored-by: Weiko <corentin@twenty.com>
Co-authored-by: martmull <martmull@hotmail.fr>
Co-authored-by: Raphaël Bosi <71827178+bosiraphael@users.noreply.github.com>
Co-authored-by: Charles Bochet <charlesBochet@users.noreply.github.com>
Co-authored-by: Arun <184187559+carbonFibreCode@users.noreply.github.com>
Co-authored-by: Arun kumar <arunkumar@Aruns-MacBook-Air.local>
Co-authored-by: Lucas Bordeau <bordeau.lucas@gmail.com>
Co-authored-by: Félix Malfait <felix.malfait@gmail.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Thomas Trompette <thomas.trompette@sfr.fr>
Co-authored-by: Thomas des Francs <tdesfrancs@gmail.com>
Co-authored-by: Abdullah. <125115953+mabdullahabaid@users.noreply.github.com>
Co-authored-by: Félix Malfait <felix@twenty.com>
Co-authored-by: Charles Bochet <charles@twenty.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Paul Rastoin <45004772+prastoin@users.noreply.github.com>
Co-authored-by: BugIsGod <87571967+bugisthegod@users.noreply.github.com>
Co-authored-by: Abhishek Kumar <abhishek.dev585@gmail.com>
Co-authored-by: Ankit Chauhan <79359446+AnkittChauhan@users.noreply.github.com>
walmat
added a commit
to Omnia-Insurance/crm
that referenced
this pull request
Feb 20, 2026
* Add configurable ingestion pipeline system for no-code data import
Introduces a generalized pipeline system that replaces hardcoded webhook workers
with a configurable approach. Supports push (webhook) and pull (scheduled fetch)
modes with field mapping, transforms, relation resolution, and dedup/upsert.
Backend: NestJS module with entities, GraphQL resolvers, BullMQ jobs, per-pipeline
rate limiting (100 req/min via ThrottlerService), and 100 tests across 12 suites.
Frontend: Settings UI for pipeline CRUD, field mapping editor, dry-run testing,
and run history.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add configurable ingestion pipeline system for no-code data import
Introduces a generalized pipeline system that replaces hardcoded webhook workers
with a configurable approach. Supports push (webhook) and pull (scheduled fetch)
modes with field mapping, transforms, relation resolution, and dedup/upsert.
Backend: NestJS module with entities, GraphQL resolvers, BullMQ jobs, per-pipeline
rate limiting (100 req/min via ThrottlerService), and 100 tests across 12 suites.
Frontend: Settings UI for pipeline CRUD, field mapping editor, dry-run testing,
and run history.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix DB replication: disable triggers during restore, fix refreshToken table name
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix DB replication: enable pgcrypto extension for gen_random_bytes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix connected account permissions (#17598)
Fixes #17411
---------
Co-authored-by: neo773 <neo773@protonmail.com>
Co-authored-by: neo773 <62795688+neo773@users.noreply.github.com>
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* i18n - docs translations (#18017)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* Add Google OAuth callback URLs for staging domain
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix staging OAuth: rewrite prod domain in DB config during replication
Twenty's config system gives DB values priority over env vars, so we need
to rewrite crm.omniaagent.com -> staging-crm.omniaagent.com in the
configVariable table after replicating prod data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix config URL rewrite: use correct keyValuePair table with jsonb cast
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* i18n - docs translations (#18020)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Files command - fixes (#18016)
- Fixed "property entity not found" error when updating/creating a new
field and querying the same object repository just after
- Downgraded log type for unnecessary migration
* Date & DateTime validation fixes / improvements (#18009)
Fixes https://github.com/twentyhq/twenty/issues/17138
- Backend should have strict date/dateTime format validation
- FE in import csv is more permissive
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
* fixes: loosen up front validation, add resolveEntityRelationUniversalIdentifiers to update and restore (#18015)
closes https://github.com/twentyhq/private-issues/issues/419
* New field creates fields widget field (#18022)
## Context
Introducing "NewFieldDefaultConfiguration" to FIELDS widget
configurations
```typescript
{
isVisible: boolean;
viewFieldGroupId: string | null;
}
```
This configuration will define where a new field should be added (which
section) and its default visibility inside FIELDS widget views.
The new field position should always be at the end (meaning the last
position for the view fields OR the last position of a viewFieldGroup)
See "New fields" on this screenshot
<img width="401" height="724" alt="Layout V1"
src="https://github.com/user-attachments/assets/4969bcaa-f244-4504-8947-778a02c24c47"
/>
* App feedbacks (#18028)
as title
* Add SSE for metadata and plug front components (#17998)
Create the necessary tooling to listen to metadata events and plug it to
the front components. Now we have a hot reload like experience when we
edit a component in an app.
## Backend
- Split `EventWithQueryIds` into `ObjectRecordEventWithQueryIds` and
`MetadataEventWithQueryIds`
- Publish metadata event batches to active SSE streams in
`MetadataEventsToDbListener`
## Frontend
- Create a metadata event dispatching pipeline: SSE metadata events are
grouped by metadata name, transformed into
`MetadataOperationBrowserEventDetail` objects, and dispatched as browser
`CustomEvents`
- Add `useListenToMetadataOperationBrowserEvent` hook for consuming
metadata operation events filtered by metadata name and operation type
- Rename `useListenToObjectRecordEventsForQuery` to
`useListenToEventsForQuery`, now accepting both
`RecordGqlOperationSignature` and `MetadataGqlOperationSignature`
- Implement `useOnFrontComponentUpdated` which subscribes to front
component metadata events and updates the Apollo cache when the
component is modified
- Add `builtComponentChecksum` to the front component query and appends
it to the component URL for browser cache invalidation
* Improve API Client usage and add Typescript check (#18023)
## Summary
https://github.com/user-attachments/assets/1e75cc9d-d9d2-4ef2-99f9-34450f5d8de7
Add background incremental type checking (`tsc --watch`) to the SDK dev
mode, so type regressions are caught when the generated API client
changes — without requiring a full rebuild of source files.
Previously, removing a field from the data model would regenerate the
API client, but existing front components/logic functions referencing
the removed field wouldn't surface type errors (since their source
didn't change, esbuild wouldn't rebuild them).
## What changed
- **Background `tsc --watch`**: a long-lived TypeScript watcher runs
alongside esbuild watchers, incrementally re-checking all files when the
generated client changes. Only logs on state transitions (errors appear
/ errors clear) to stay quiet.
- **Atomic client generation**: API client is now generated into a temp
directory and swapped in atomically, avoiding a race condition where
`tsc --watch` could see an empty `generated/` directory
mid-regeneration.
- **Step decoupling**: orchestrator steps no longer receive
`uploadFilesStep` directly. Instead, they use callbacks (`onFileBuilt`,
`onApiClientGenerated`), and each step manages its own `builtFileInfos`
state.
- **`apiClientChecksum` omitted from `ApplicationConfig`**: it's a
build-time computed value, same as `packageJsonChecksum`.
<img width="327" height="177" alt="image"
src="https://github.com/user-attachments/assets/02bd25bb-fa41-42b0-8d96-01c51bd4580c"
/>
<img width="529" height="452" alt="image"
src="https://github.com/user-attachments/assets/61f6e968-365b-4a5b-8f2b-a8419d6b1bd3"
/>
* i18n - translations (#18029)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* v1.18 - Fix command (#18032)
Same as here https://github.com/twentyhq/twenty/pull/18016
* Fix Gmail thread awareness for custom labels (#18031)
This fixes two edge cases for Gmail
- When policy was set to `SELECTED_FOLDERS` excluding root INBOX, it
missed label changes, so messages with newly applied labels weren't
imported until a full resync.
- Gmail thread replies by default by default do no inherit parent
message's label properties so thread context was also lost because only
individually labeled messages were returned, dropping earlier parts of
the conversation.
Fixed by subscribing to `labelAdded`/`labelRemoved` history events and
fetching full thread context when at least one message in a thread
carries a synced label. `ALL_FOLDERS` path is untouched.
* Allow DATE_TIME IS operand to filter on a whole day (#17529)
Fixes: https://github.com/twentyhq/core-team-issues/issues/2027
We've replaced the DATE_TIME picker with DATE picker, and changed the
logic to filter for complete day period.
https://github.com/user-attachments/assets/ba7e1078-bab3-4c62-a803-d6a851f14b7d
---------
Co-authored-by: Arun kumar <arunkumar@Aruns-MacBook-Air.local>
Co-authored-by: Lucas Bordeau <bordeau.lucas@gmail.com>
* Replace generic "Unknown error" messages with descriptive error details (#18019)
## Summary
- Replace all generic `"Unknown error"` fallback messages across the
server codebase with messages that include the actual error details
- The most impactful change is in `guard-redirect.service.ts`, which
handles OAuth redirect errors — non-`AuthException` errors (e.g.,
passport state verification failures) now show `"Authentication error:
<actual message>"` instead of the opaque `"Unknown error"`
- Gmail/Google error handler services now include the error message in
the thrown exception instead of discarding it
- Other catch blocks (workflow delay resume, migration runner rollback,
code interpreter, marketplace) now use `String(error)` for non-Error
objects instead of a static fallback
Fixes the class of issues reported in
https://github.com/twentyhq/twenty/issues/17812, where a user saw
"Unknown error" during Google OAuth and had no way to diagnose the root
cause (which turned out to be a session cookie / SSL configuration
issue).
## Test plan
- [ ] Verify OAuth error flows (e.g., Google Auth with misconfigured
callback URL) now display the actual error message on the `/verify` page
instead of "Unknown error"
- [ ] Verify Gmail sync error handling still correctly classifies and
re-throws errors with descriptive messages
- [ ] Verify workflow delay resume failures include the error details in
the workflow run status
Made with [Cursor](https://cursor.com)
Co-authored-by: Cursor <cursoragent@cursor.com>
* Use proper PostgreSQL identifier/literal escaping in workspace DDL (#18024)
## Summary
- Replace the character-stripping approach (`removeSqlDDLInjection`)
with standard PostgreSQL `escapeIdentifier` and `escapeLiteral`
functions across all workspace schema manager services
- Add missing identifier escaping to `createForeignKey` (was the only
method in the FK manager without it)
- Add allowlist validation for index WHERE clauses and FK action types
- Harden tsvector expression builder with proper identifier quoting
## Context
The workspace schema managers build DDL dynamically from metadata (table
names, column names, enum values, etc.). The previous approach stripped
all non-alphanumeric characters — safe but lossy (silently corrupts
values with legitimate special characters). The new approach uses
PostgreSQL's standard escaping:
- **Identifiers**: double internal `"` and wrap → `"my""table"` (same
algorithm as `pg` driver's `escapeIdentifier`)
- **Literals**: double internal `'` and wrap → `'it''s a value'` (same
algorithm as `pg` driver's `escapeLiteral`)
`removeSqlDDLInjection` is kept only for name generation (e.g.,
`computePostgresEnumName`) where stripping to `[a-zA-Z0-9_]` is the
correct behavior.
## Files changed
| File | What |
|------|------|
| `remove-sql-injection.util.ts` | Added `escapeIdentifier` +
`escapeLiteral` |
| `validate-index-where-clause.util.ts` | New — allowlist for partial
index WHERE clauses |
| 5 schema manager services | Replaced strip+manual-quote with
`escapeIdentifier`/`escapeLiteral` |
| `build-sql-column-definition.util.ts` | `escapeIdentifier` for column
names, validated `generatedType` |
| `sanitize-default-value.util.ts` | `escapeLiteral` instead of
stripping |
| `serialize-default-value.util.ts` | `escapeLiteral` for values,
`escapeIdentifier` for enum casts |
| `get-ts-vector-column-expression.util.ts` | `escapeIdentifier` for
field names in expressions |
| `sanitize-default-value.util.spec.ts` | Updated tests for escape
behavior |
## Test plan
- [x] All 64 existing tests pass across 6 test suites
- [x] `lint:diff-with-main` passes
- [x] TypeScript typecheck — no new errors
- [ ] Verify workspace sync-metadata still works end-to-end
- [ ] Verify custom object/field creation works
- [ ] Verify enum field option changes work
Made with [Cursor](https://cursor.com)
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* Fixes - Workspace logo migration (#18035)
- Update migration command to handle case where workspace logo is
originated from workspace email and point to twenty-icons.com
- Update same logic for new workspaces
- Add feature-flag for all newly created workspaces
* [Chore] : Generate migration for DATE_TIME to DATE for DATE_TIME + IS operand filters (#17564)
migration command in response to the fix :
https://github.com/twentyhq/twenty/pull/17529 for the issue
https://github.com/twentyhq/core-team-issues/issues/2027
---------
Co-authored-by: Arun kumar <arunkumar@Aruns-MacBook-Air.local>
Co-authored-by: Lucas Bordeau <bordeau.lucas@gmail.com>
* Share APP_SECRET from prod to staging for encrypted config decryption
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* 2094 extensibility define postinstall orand preinstall function to run in application (#18037)
- add a new optional key `postInstallLogicFunctionUniversalIdentifier`
in applicationConfig
- seed postInstall function in create-twenty-app
- update execute:function options
- update doc
* Fix tokens secret copy: use replace --force to overwrite Helm-managed secret
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Nav Menu Item Migration command fix (#18041)
* Fix tokens secret sync: delete+create instead of replace to avoid Helm conflicts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Increase Helm timeout to 15m, remove cleanup-on-fail for staging
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* i18n - docs translations (#18040)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Sync page Layout (#18034)
## Sync page layouts, tabs, and widgets
Adds the ability for SDK applications to synchronize `pageLayout`,
`pageLayoutTab`, and `pageLayoutWidget` entities, following the same
pattern established in #18003 for views and navigation menu items.
### Changes
**`twenty-shared`**
- New `PageLayoutManifest`, `PageLayoutTabManifest`, and
`PageLayoutWidgetManifest` types with a hierarchical structure (page
layout → tabs → widgets)
- Added `pageLayouts: PageLayoutManifest[]` to the `Manifest` type
**`twenty-sdk`**
- New `definePageLayout()` SDK function with validation for
universalIdentifier, name, and nested tabs/widgets
- Wired into the manifest extraction and build pipeline
(`DefinePageLayout` target function, `PageLayouts` entity key)
- Exported from the SDK entry point
**`twenty-server`**
- Added `pageLayout`, `pageLayoutTab`, `pageLayoutWidget` to
`APPLICATION_MANIFEST_METADATA_NAMES`
- New conversion utilities: manifest → universal flat entity for all
three entity types
- Updated `computeApplicationManifestAllUniversalFlatEntity
* Fix tokens secret sync: patch existing secret instead of delete+recreate
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix tokens secret: patch existing or create new, keep Helm create as fallback
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix ingestion pipeline UI: compile Lingui i18n catalogs and stop scrambling emails on staging
Lingui message extraction and compilation was never run for the ingestion
pipeline files, causing all UI labels to show garbled hash IDs. Also removes
email scrambling from the DB replication script since staging is a private
environment used by the same team - scrambling caused userId mismatches that
blocked Google OAuth login.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add example in create-twenty-app (#18043)
- add interactive mode to create-twenty-app
- by default create an example for each entities
<img width="1181" height="168" alt="image"
src="https://github.com/user-attachments/assets/a2490d8f-66a1-4cd5-bf41-57166cc20a1e"
/>
* i18n - docs translations (#18048)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Add missing objects to rich app integration tests (#18039)
Updating rich app so it also create:
- a many to many relation
- views
- navigation items
The app was built successfully.
Will still be missing front component examples
<img width="1498" height="660" alt="Capture d’écran 2026-02-18 à 17 47
25"
src="https://github.com/user-attachments/assets/acd5193f-3a36-4eb7-8276-3154e4e60f5e"
/>
* Refactor page layout types (#18042)
## Refactor page layout widget types into shared package and expose from
SDK
### Why
Widget configuration types were defined only on the server, forcing SDK
consumer apps to import from deep internal `twenty-shared/dist` paths —
fragile and breaks on structural changes. Server DTOs also had no
compile-time guarantee they matched the canonical types.
### What changed
- **`twenty-shared`**: Migrated `ChartFilter`, `GridPosition`,
`RatioAggregateConfig` and all 20 widget configuration variants into
`twenty-shared/types`. `PageLayoutWidgetConfiguration` (base, with
`SerializedRelation`) and `PageLayoutWidgetUniversalConfiguration`
(derived via `FormatRecordSerializedRelationProperties`) are now the
single source of truth.
- **`twenty-sdk`**: Re-exported `AggregateOperations`,
`ObjectRecordGroupByDateGranularity`, `PageLayoutTabLayoutMode`, and
`PageLayoutWidgetUniversalConfiguration` so consumer apps import from
`twenty-sdk` directly.
- **`twenty-server`**: All widget DTOs now `implements` their shared
type for compile-time enforcement. Added helpers to convert nested
`fieldMetadataId` ↔ `fieldMetadataUniversalIdentifier` inside chart
filters. Removed redundant local type re-exports.
* refactor workflow action messaging with callout (#18038)
## Summary
- remove the dedicated `WorkflowMessage` component and story
- update workflow action editor components to use the shared callout
patterns
- adjust `Callout` and its stories to support the new usage in workflow
actions
## Before/After
<img width="525" height="548" alt="image"
src="https://github.com/user-attachments/assets/ce57a84f-f070-4149-85ef-a4d162b2d878"
/>
<img width="518" height="593" alt="image"
src="https://github.com/user-attachments/assets/f7249cd0-221f-496d-9deb-d9966ee43382"
/>
* Add currency hover tooltip in CurrencyDisplay (#18045)
https://github.com/user-attachments/assets/af768ecb-b5e9-4e8d-a9f9-fee1a08ea9a0
Fixes https://github.com/twentyhq/twenty/issues/17756
* Increase staging worker memory limit to 1024Mi to fix OOM crash
Worker was in CrashLoopBackOff with "JavaScript heap out of memory" error
at 512Mi. Matches production worker memory limit.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Increase staging worker memory limit to 1024Mi to fix OOM crash
Worker was in CrashLoopBackOff with "JavaScript heap out of memory" error
at 512Mi. Matches production worker memory limit.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: show "Not shared" for junction relation fields when target or intermediate object is not readable (#18025)
When a user's role lacks read permission on the target object (e.g.,
Company) or the intermediate junction object (e.g., EmploymentHistory),
junction relation fields like "Previous Companies" displayed as blank
instead of showing "Not shared."
- In RecordFieldList, junction fields now check the junction object's
read permission and set isForbidden on the field context so FieldDisplay
renders "Not shared" instead of an empty field.
- In RelationFromManyFieldDisplay, if junction records exist but all
nested target records are null (permission-denied by the API), the
component renders "Not shared" instead of an empty list.
---------
Co-authored-by: Félix Malfait <felix@twenty.com>
* Fix ingestion worker: wrap record processing in workspace context
The worker needs a workspace context (via AsyncLocalStorage) to use
GlobalWorkspaceOrmManager. Uses buildSystemAuthContext() like other
job processors in the codebase.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix ingestion worker: wrap record processing in workspace context
The worker needs a workspace context (via AsyncLocalStorage) to use
GlobalWorkspaceOrmManager. Uses buildSystemAuthContext() like other
job processors in the codebase.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* i18n - docs translations (#18050)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Restore old favorite design (#18049)
Issue : With IS_NAVIGATION_MENU_ITEM_ENABLED:true +
IS_NAVIGATION_MENU_ITEM_EDITING_ENABLED:false, nav menu design is
changed after 1.18.0 release : views expansion removed, system object
displayed, position re-ordered
We prefer keeping the same "old" favorite behaviour and design state
- After 1.18.0 all workspaces have up-to-date navigation menu items
(migrated)
- IS_NAVIGATION_MENU_ITEM_EDITING_ENABLED becomes the FF for nav menu
new design
---------
Co-authored-by: Charles Bochet <charles@twenty.com>
* Fix impossible scroll in sdk app:dev (#18051)
Issue is that we are refreshing the terminal because of icons animations
* Harden server-side input validation and auth defaults (#18018)
## Summary
- **File storage (LocalDriver):** Add realpath resolution and symlink
rejection to `writeFile`, `downloadFile`, and `downloadFolder` — brings
them in line with the existing `readFile` protections. Includes unit
tests.
- **JWT:** Pin signing/verification to HS256 explicitly.
- **Auth:** Revoke active refresh tokens when a user changes their
password.
- **Logic functions:** Validate `handlerName` as a safe JS identifier at
both DTO and runtime level, preventing injection into the generated
runner script.
- **User entity:** Remove `passwordHash` from the GraphQL schema
(`@Field` decorator removed, column stays).
- **Query params:** Use `crypto.randomBytes` instead of `Math.random`
for SQL parameter name generation.
- **Exception filter:** Mirror the request `Origin` header instead of
sending `Access-Control-Allow-Origin: *`.
## Test plan
- [x] `local.driver.spec.ts` — writeFile rejects symlinks, downloadFile
rejects paths outside storage
- [ ] Verify JWT auth flow still works (login, token refresh)
- [ ] Verify password change invalidates existing sessions
- [ ] Verify logic function creation with valid/invalid handler names
- [ ] Verify file upload/download in dev environment
Made with [Cursor](https://cursor.com)
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
* Add static transform type for constant field values in ingestion pipeline
Allows setting a fixed value regardless of source data, useful for
fields like leadStatus that need a default (e.g. "ASSIGNED").
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add static transform type for constant field values in ingestion pipeline
Allows setting a fixed value regardless of source data, useful for
fields like leadStatus that need a default (e.g. "ASSIGNED").
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Skip empty string source values in ingestion field mapping
Convoso sends empty strings for unpopulated fields. These should be
treated as absent rather than mapped to target fields where they'd
cause enum validation errors.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Skip empty string source values in ingestion field mapping
Convoso sends empty strings for unpopulated fields. These should be
treated as absent rather than mapped to target fields where they'd
cause enum validation errors.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Prevent SSRF via IMAP/SMTP/CalDAV (#17973)
Prevents leaking of internal services by filtering out private IPs, same
way we do for webhooks
* Fix website build (#18052)
* i18n - translations (#18053)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* Improve security settings card grouping and description overflow (#17928)
# After
- Added a separtor between the two audit logs cards
- Rename the audit log card to avoid repetition
- Grouped "Invite by link" and "2 factor auth" in one group
- Changed the card component description to always be one line max with
truncation & tooltips
<img width="777" height="1278" alt="CleanShot 2026-02-13 at 17 02 36"
src="https://github.com/user-attachments/assets/685c792a-c85b-4521-8c1b-bd9adedc75d9"
/>
<img width="976" height="690"
alt="b49f2eb043b6712d013618bb0a4ef7f011cf2316e1163fbdee4c293bed036ac9"
src="https://github.com/user-attachments/assets/6e17aa11-ecdb-4f98-ba50-5cd9b9c5def6"
/>
---------
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
Co-authored-by: Charles Bochet <charlesBochet@users.noreply.github.com>
Co-authored-by: Charles Bochet <charles@twenty.com>
* Fix empty string values bypassing enum validation in ingestion pipeline
The post-transform check only tested isDefined, so empty strings from map
transforms passed through and caused PostgreSQL enum errors (e.g. gender: "").
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix empty string values bypassing enum validation in ingestion pipeline
The post-transform check only tested isDefined, so empty strings from map
transforms passed through and caused PostgreSQL enum errors (e.g. gender: "").
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* i18n - translations (#18056)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* Fix website build (#18057)
* Add Health Sherpa policy ingestion with smart person matching
Implements automated policy data ingestion from Health Sherpa webhooks
using the existing ingestion pipeline infrastructure.
Features:
- Generic policy fields (carrier-agnostic): applicationId, externalSource, etc.
- Smart person matching with 4-strategy fallback system:
1. Match by phone (normalized)
2. Match by agent NPN + member name
3. Match by email (skip junk emails)
4. Auto-create person if no match
- Deduplication by applicationId (update vs create)
- Phone normalization: "(555) 123-4567" → "5551234567"
- Auto-assign to agent by NPN
- Duplicate email handling (retry without email)
- 17 field mappings (webhook → CRM)
- Full unit test coverage
New files:
- Migration: add-external-policy-fields (9 new columns + indexes)
- Seed: seed-healthsherpa-pipeline.command.ts
- Preprocessor: healthsherpa-policy.preprocessor.ts (smart matching)
- Registry: ingestion-preprocessor.registry.ts
- Tests: healthsherpa-policy.preprocessor.spec.ts (12 tests)
Modified files:
- ingestion-push-process.job.ts (call preprocessor)
- ingestion-pipeline.module.ts (register providers)
- ingestion-job.module.ts (register providers)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Messages Message Folder Association (#17398)
This PR adds Message folder association for message channel messages,
Currently under testing phase, not ready yet.
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Fix website build (#18061)
As per title
* i18n - docs translations (#18062)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Add Convoso call ingestion preprocessor for ingestion pipeline
Introduces ConvosoCallPreprocessor that enriches call payloads with
computed fields (direction, name, person/lead source resolution, billing)
and filters incomplete/system payloads. Updates the preprocessor registry
to support null returns for record skipping.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Wrap preprocessor in workspace context for DB access
The preprocessor runs before processRecords which has its own workspace
context. Preprocessors that access the database (like ConvosoCall and
HealthSherpa) need workspace context to resolve repositories.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Migrate dropdown to jotai (#18063)
Here we go again
* Add incoming payload viewer to ingestion pipeline run history
Stores the raw incoming webhook payload on each ingestion log entry and
displays it in an expandable row in the Run History table. Clicking a
row reveals the JSON payload and any errors.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* i18n - docs translations (#18067)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Bump @xyflow/react from 12.4.2 to 12.10.0 (#18070)
Bumps
[@xyflow/react](https://github.com/xyflow/xyflow/tree/HEAD/packages/react)
from 12.4.2 to 12.10.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/xyflow/xyflow/releases"><code>@xyflow/react</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.10.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5637">#5637</a> <a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Add <code>zIndexMode</code> to control how z-index is calculated for
nodes and edges</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5484">#5484</a> <a
href="https://github.com/xyflow/xyflow/commit/a523919d6789995e9d0f3dd29b0b47fc3b8d8439"><code>a523919d6</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Add
<code>experimental_useOnNodesChangeMiddleware</code> hook</p>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5629">#5629</a> <a
href="https://github.com/xyflow/xyflow/commit/9030fab2df8285fdfb649bda6e1e885dfd228d45"><code>9030fab2d</code></a>
Thanks <a
href="https://github.com/AlaricBaraou"><code>@AlaricBaraou</code></a>!
- Prevent unnecessary re-render in <code>FlowRenderer</code></p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5592">#5592</a> <a
href="https://github.com/xyflow/xyflow/commit/38dbf41c464550cc803b946a4ad1f46982385a03"><code>38dbf41c4</code></a>
Thanks <a
href="https://github.com/svilen-ivanov-kubit"><code>@svilen-ivanov-kubit</code></a>!
- Always create a new measured object in apply changes.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5635">#5635</a> <a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>
Thanks <a
href="https://github.com/tornado-softwares"><code>@tornado-softwares</code></a>!
- Update an ongoing connection when user moves node with keyboard.</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/8598b6bc2a9d052b12d5215706382da0aa84827b"><code>8598b6bc2</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.74</li>
</ul>
</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5621">#5621</a> <a
href="https://github.com/xyflow/xyflow/commit/c1304dba7a20bb8d74c7aceb23cd80b56e4c0482"><code>c1304dba7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Set <code>paneClickDistance</code> default value to
<code>1</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5578">#5578</a> <a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Pass
current pointer position to connection</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.73</li>
</ul>
</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.2</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/xyflow/xyflow/pull/5593">#5593</a> <a
href="https://github.com/xyflow/xyflow/commit/a8ee089d7689d9a58113690c8e90e1c1e109602a"><code>a8ee089d7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Reset selection box when user selects a node</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5572">#5572</a> <a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Fix
onPaneClick events being suppressed when selectionOnDrag=true</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.72</li>
</ul>
</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5544">#5544</a> <a
href="https://github.com/xyflow/xyflow/commit/c17b49f4c16167da3f791430163edd592159d27d"><code>c17b49f4c</code></a>
Thanks <a
href="https://github.com/0x0f0f0f"><code>@0x0f0f0f</code></a>! - Add
<code>EdgeToolbar</code> component</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5550">#5550</a> <a
href="https://github.com/xyflow/xyflow/commit/6ffb9f7901c32f5b335aee2517f41bf87f274f32"><code>6ffb9f790</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! -
Prevent child nodes of different parents from overlapping</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5551">#5551</a> <a
href="https://github.com/xyflow/xyflow/commit/6bb64b3ed60f26c9ea8bc01c8d62fb9bf74cd634"><code>6bb64b3ed</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Allow to start a selection above a node</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/xyflow/xyflow/blob/main/packages/react/CHANGELOG.md"><code>@xyflow/react</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>12.10.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5637">#5637</a> <a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Add <code>zIndexMode</code> to control how z-index is calculated for
nodes and edges</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5484">#5484</a> <a
href="https://github.com/xyflow/xyflow/commit/a523919d6789995e9d0f3dd29b0b47fc3b8d8439"><code>a523919d6</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Add
<code>experimental_useOnNodesChangeMiddleware</code> hook</p>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5629">#5629</a> <a
href="https://github.com/xyflow/xyflow/commit/9030fab2df8285fdfb649bda6e1e885dfd228d45"><code>9030fab2d</code></a>
Thanks <a
href="https://github.com/AlaricBaraou"><code>@AlaricBaraou</code></a>!
- Prevent unnecessary re-render in <code>FlowRenderer</code></p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5592">#5592</a> <a
href="https://github.com/xyflow/xyflow/commit/38dbf41c464550cc803b946a4ad1f46982385a03"><code>38dbf41c4</code></a>
Thanks <a
href="https://github.com/svilen-ivanov-kubit"><code>@svilen-ivanov-kubit</code></a>!
- Always create a new measured object in apply changes.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5635">#5635</a> <a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>
Thanks <a
href="https://github.com/tornado-softwares"><code>@tornado-softwares</code></a>!
- Update an ongoing connection when user moves node with keyboard.</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/8598b6bc2a9d052b12d5215706382da0aa84827b"><code>8598b6bc2</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.74</li>
</ul>
</li>
</ul>
<h2>12.9.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5621">#5621</a> <a
href="https://github.com/xyflow/xyflow/commit/c1304dba7a20bb8d74c7aceb23cd80b56e4c0482"><code>c1304dba7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Set <code>paneClickDistance</code> default value to
<code>1</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5578">#5578</a> <a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Pass
current pointer position to connection</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.73</li>
</ul>
</li>
</ul>
<h2>12.9.2</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/xyflow/xyflow/pull/5593">#5593</a> <a
href="https://github.com/xyflow/xyflow/commit/a8ee089d7689d9a58113690c8e90e1c1e109602a"><code>a8ee089d7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Reset selection box when user selects a node</li>
</ul>
<h2>12.9.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5572">#5572</a> <a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Fix
onPaneClick events being suppressed when selectionOnDrag=true</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.72</li>
</ul>
</li>
</ul>
<h2>12.9.0</h2>
<h3>Minor Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/xyflow/xyflow/pull/5544">#5544</a> <a
href="https://github.com/xyflow/xyflow/commit/c17b49f4c16167da3f791430163edd592159d27d"><code>c17b49f4c</code></a>
Thanks <a
href="https://github.com/0x0f0f0f"><code>@0x0f0f0f</code></a>! - Add
<code>EdgeToolbar</code> component</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/xyflow/xyflow/commit/c0ed3c33a3498877ab2a5755299ff84ee659782e"><code>c0ed3c3</code></a>
chore(packages): bump</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/83a312b2e1691a44223536653689f8f99f0d5b24"><code>83a312b</code></a>
chore(zIndexMode): use basic as default</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/14fd41b1f153406f1a21a61bf98ea07ad8275ec6"><code>14fd41b</code></a>
change default back to elevateEdgesOnSelect=false and
zIndexMode=basic</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/3680a6a0e623e19d1f983515273f11bdd355ec86"><code>3680a6a</code></a>
Merge branch 'main' into feat/zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/a523919d6789995e9d0f3dd29b0b47fc3b8d8439"><code>a523919</code></a>
chore(middleware): cleanup</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/e4e3605d62c8c710fe7ddb2ec3929af0a7962a6b"><code>e4e3605</code></a>
Merge branch 'main' into middlewares</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/2c05b3224a13e896dfb9a0c93f3af7bb592afc45"><code>2c05b32</code></a>
Merge branch 'feat/zindexmode' of github.com:xyflow/xyflow into
feat/zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/ddbb9280f6242794187205a207e993e2c721c244"><code>ddbb928</code></a>
chore(examples): add zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/9faca3357d5db68fdad6c96de06fd66dd1d0ba64"><code>9faca33</code></a>
Merge branch 'main' into feat/zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/4eb42952f01b947c9d36c25e6b30b7bd98224632"><code>4eb4295</code></a>
feat(svelte): add zIndexMode</li>
<li>Additional commits viewable in <a
href="https://github.com/xyflow/xyflow/commits/@xyflow/react@12.10.0/packages/react">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump eslint-config-next from 14.2.33 to 14.2.35 (#18069)
Bumps
[eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next)
from 14.2.33 to 14.2.35.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/vercel/next.js/commit/7b940d9ce96faddb9f92ff40f5e35c34ace04eb2"><code>7b940d9</code></a>
v14.2.35</li>
<li><a
href="https://github.com/vercel/next.js/commit/f3073688ce18878a674fdb9954da68e9d626a930"><code>f307368</code></a>
v14.2.34</li>
<li>See full diff in <a
href="https://github.com/vercel/next.js/commits/v14.2.35/packages/eslint-config-next">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump @emotion/is-prop-valid from 1.3.0 to 1.4.0 (#18068)
Bumps [@emotion/is-prop-valid](https://github.com/emotion-js/emotion)
from 1.3.0 to 1.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/emotion-js/emotion/releases"><code>@emotion/is-prop-valid</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@emotion/is-prop-valid</code><a
href="https://github.com/1"><code>@1</code></a>.4.0</h2>
<h3>Minor Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/emotion-js/emotion/pull/3306">#3306</a>
<a
href="https://github.com/emotion-js/emotion/commit/dfae1cbd98d3ebe449ce322b38cbf4a7fbfbfe96"><code>dfae1cb</code></a>
Thanks <a
href="https://github.com/EnzoAlbornoz"><code>@EnzoAlbornoz</code></a>!
- Adds <code>popover</code>, <code>popoverTarget</code> and
<code>popoverTargetAction</code> to the list of allowed props.</li>
</ul>
<h2><code>@emotion/is-prop-valid</code><a
href="https://github.com/1"><code>@1</code></a>.3.1</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/emotion-js/emotion/pull/3093">#3093</a>
<a
href="https://github.com/emotion-js/emotion/commit/532ff57cafd8ba04f3b624074556ea47ec76fc9a"><code>532ff57</code></a>
Thanks <a href="https://github.com/codejet"><code>@codejet</code></a>,
<a href="https://github.com/DustinBrett"><code>@DustinBrett</code></a>!
- Adds <code>fetchpriority</code> and <code>fetchPriority</code> to the
list of allowed props.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/emotion-js/emotion/commit/38db311adf024fe8a24b57c687824c47abbd0957"><code>38db311</code></a>
Version Packages (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3347">#3347</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/dfae1cbd98d3ebe449ce322b38cbf4a7fbfbfe96"><code>dfae1cb</code></a>
Adds <code>popover</code>, <code>popoverTarget</code> and
<code>popoverTargetAction</code> to the list of allo...</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/49229553967b6050c92d9602eb577bdc48167e91"><code>4922955</code></a>
Version Packages (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3335">#3335</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/0facbe47bd9099ae4ed22dc201822d910ac3dec5"><code>0facbe4</code></a>
Renamed default-exported variable in <code>@emotion/styled</code> to aid
inferred import...</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/cce67ec6b2fc94261028b4f4778aae8c3d6c5fd6"><code>cce67ec</code></a>
Bump parcel (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3258">#3258</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/3c19ce5997f73960679e546af47801205631dfde"><code>3c19ce5</code></a>
Version Packages (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3280">#3280</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/a19d019bd418ebc3b9cba0e58f58b36ac2862a42"><code>a19d019</code></a>
Convert <code>@emotion/styled</code>'s source code to TypeScript (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3284">#3284</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/5974e33fcb5e7aee177408684ac6fe8b38b3e353"><code>5974e33</code></a>
Fix JSX namespace <a
href="https://github.com/ts-ignores"><code>@ts-ignores</code></a> (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3282">#3282</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/fc4d7bd744c205f55513dcd4e4e5134198c219de"><code>fc4d7bd</code></a>
Convert <code>@emotion/react</code>'s source code to TypeScript (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3281">#3281</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/8dc1a6dd19d2dc9ce435ef0aff85ccf5647f5d2e"><code>8dc1a6d</code></a>
Convert <code>@emotion/cache</code>'s source code to TypeScript (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3277">#3277</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/emotion-js/emotion/compare/@emotion/is-prop-valid@1.3.0...@emotion/is-prop-valid@1.4.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* FILES field - Attachment name display fix (#18073)
with new 'file' FILES field on attachment, UI should display attachment
name from file field value.
Issue with API users updating only 'file' FILES field (and not name
field anymore)
* Add objectRecordCounts query to /metadata endpoint (#18054)
## Summary
- Adds an `objectRecordCounts` query on the `/metadata` GraphQL endpoint
that returns approximate record counts for all objects in the workspace
- Uses PostgreSQL's `pg_class.reltuples` catalog stats — a single
instant query instead of N `COUNT(*)` table scans
- Replaces the previous `CombinedFindManyRecords` approach which hit the
server's 20 root resolver limit and silently showed 0 for all counts on
the settings Data Model page
### Server
- `ObjectRecordCountDTO` — GraphQL type with `objectNamePlural` and
`totalCount`
- `ObjectRecordCountService` — reads `pg_class` catalog for the
workspace schema
- Query added to `ObjectMetadataResolver` with `@MetadataResolver()` +
`NoPermissionGuard`
### Frontend
- `OBJECT_RECORD_COUNTS` query added to
`object-metadata/graphql/queries.ts`
- `useCombinedGetTotalCount` simplified to a zero-argument hook using
the new query
- `SettingsObjectTable` simplified to a single hook call
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* Refactor and standardize `isSystem` field and object (#17992)
# Introduction
## Centralize system field definitions
- Extract a single `PARTIAL_SYSTEM_FLAT_FIELD_METADATAS` constant as the
source of truth for all 8 system fields (`id`, `createdAt`, `updatedAt`,
`deletedAt`, `createdBy`, `updatedBy`, `position`, `searchVector`),
eliminating duplication across custom object and standard app field
builders
- Refactor `buildDefaultFlatFieldMetadatasForCustomObject` to use the
shared constant via a new `buildObjectSystemFlatFieldMetadatas` helper
## Mark system fields as `isSystem: true`
- Fields `id`, `createdAt`, `updatedAt`, `deletedAt`, `createdBy`,
`updatedBy`, `position`, `searchVector` are now properly flagged as
system fields across all standard objects and custom object creation
- Standard app field builders for all ~30 standard objects updated to
set `isSystem: true` on `createdAt`, `updatedAt`, `deletedAt`,
`createdBy`, `updatedBy`
- System-only standard objects (blocklist, calendar channels, message
threads, etc.) now also include `createdBy`, `updatedBy`, `position`,
`searchVector` field definitions that were previously missing
## Validate system fields on object creation
- New transversal validation (`crossEntityTransversalValidation`) runs
after all atomic entity validations in the build orchestrator, ensuring
all 8 system fields are present with correct `type` and `isSystem: true`
when an object is created
- New `buildUniversalFlatObjectFieldByNameAndJoinColumnMaps` utility to
resolve field names to universal identifiers for a given object
- New exception codes: `MISSING_SYSTEM_FIELD` and `INVALID_SYSTEM_FIELD`
on `ObjectMetadataExceptionCode`
## Protect system fields and objects from mutation
- Field validators now block update/delete of `isSystem` fields by
non-system callers (`FIELD_MUTATION_NOT_ALLOWED`)
- Object validators now block update/delete of `isSystem` objects by
non-system callers
- `POSITION` and `TS_VECTOR` field type validators replaced: instead of
rejecting creation outright, they now validate that the field is named
correctly (`position` / `searchVector`) and has `isSystem: true`
## Distinguish `isSystemBuild` from `isCallerTwentyStandardApp`
- New `isCallerTwentyStandardApp` utility checks whether the caller's
`applicationUniversalIdentifier` matches the twenty standard app
- Name-sync logic (`isFlatFieldMetadataNameSyncedWithLabel`,
`areFlatObjectMetadataNamesSyncedWithLabels`) refactored to use
`isCallerTwentyStandardApp` for custom suffix decisions, keeping
`isSystemBuild` for mutation permission checks
- `WorkspaceMigrationBuilderOptions` type updated to include
`applicationUniversalIdentifier`
## Adapt frontend filtering
- New `HIDDEN_SYSTEM_FIELD_NAMES` constant (`id`, `position`,
`searchVector`) and `isHiddenSystemField` utility to only hide truly
internal fields while keeping user-facing system fields (`createdAt`,
`updatedAt`, `deletedAt`, `createdBy`, `updatedBy`) visible in the UI
- ~20 frontend files updated to replace `!field.isSystem` checks with
`!isHiddenSystemField(field)` across record index, settings, data model,
charts, workflows, spreadsheet import, aggregations, and role
permissions
## Add 1.19 upgrade commands
- **`backfill-system-fields-is-system`**: Raw SQL command to set
`isSystem = true` on existing workspace fields matching system field
names, and fix `position` field type from `NUMBER` to `POSITION` for
`favorite`/`favoriteFolder` objects. Includes proper cache invalidation.
- **`add-missing-system-fields-to-standard-objects`**: Codegen'd
workspace migration to create missing `position`, `searchVector`,
`createdBy`, `updatedBy` fields on standard objects that didn't
previously have them. Runs via `WorkspaceMigrationRunnerService` in a
single transaction with idempotency check. **Known limitation**: assumes
all standard objects exist and are valid in the target workspace.
## Add `universalIdentifier` for system fields in standard object
constants
- `standard-object.constant.ts` updated to include `universalIdentifier`
for `createdBy`, `updatedBy`, `position`, and `searchVector` across all
standard objects
- `fieldManifestType.ts` updated to support the new field manifest shape
## System relation
Completely removed and backfilled all `isSystem` relation to be false
false
As we won't require an object to have any relation system fields
## Add integration tests
- New test suite `failing-sync-application-object-system-fields`
covering: missing system fields, wrong field types (`id` as TEXT,
`createdAt` as TEXT, `position` as TEXT), system field deletion
attempts, and system field update attempts
- New test utilities: `buildDefaultObjectManifest` (builds an object
manifest with all 8 system fields) and `setupApplicationForSync`
(centralizes application setup)
- Existing successful sync test updated to verify system fields are
created with correct properties
## Next step
Make the builder scope the compared entity to be the currently built app
+ nor twenty standard app
* i18n - translations (#18079)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* fix: remove the error message for test failure in ci-front (#18076)
Introduced an error message on twenty-front CI earlier to try and inform
the user that test failure could be a coverage issue if no individual
test was failing. However, it led to the assumption that it must be
coverage failure in all cases even when it was test failure leading to
the CI being red.
This PR reverts the change.
* Keep migrating to jotai (#18064)
And we continue!
* Remove non positive integer constraint on Nav Menu Item (#18081)
To fit with position typed field logic + Ease favorite to nav menu item
migration (which have negative and float position)
* i18n - translations (#18086)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* Refactor message backfill command (#18078)
# Introduction
Atomically create the field and object to be created
And avoid synchronizing unrelated non up to date object and fields
Followup https://github.com/twentyhq/twenty/pull/17398
* Migrate more to Jotai (#18087)
Continue jotai migration
* Factorize and add public-assets/*path endpoint (#18080)
as title
* Twenty standard app static options id (#18089)
# Introduction
While preparing the twenty-standard as code migration to twenty-app
through sdk I've faced permanent field enum update as the id was
generated dynamically at each twenty standard app construction
Making them deterministic in order to avoid having this noise
Won't backfill this on existing workspace as it's not critical and that
we will rework the options in the future
* Create LLMS.md on create-twenty-app (#18091)
Managed to create a many to many app with minimal instructions. File
will need to be enriched with more pitfalls.
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* Fix google compose scope not gated by feature flag (#18093)
## Context
New google api scope has been introduced in
https://github.com/twentyhq/twenty/pull/17793 without being gated behind
a feature flag
Microsoft is using pre-existing Mail.ReadWrite scope there is nothing to
gate
## Before
<img width="553" height="445" alt="Screenshot 2026-02-19 at 14 57 58"
src="https://github.com/user-attachments/assets/59a4f76b-d38d-492f-b013-b6cad4091a7f"
/>
## After
<img width="535" height="392" alt="Screenshot 2026-02-19 at 14 58 44"
src="https://github.com/user-attachments/assets/0337bf15-ec30-4549-bb9d-571a982dffd8"
/>
* Remove non positive integer constraint on Nav Menu Item 2/2 (#18090)
Follow up https://github.com/twentyhq/twenty/pull/18081
* Resolve lead source from list_id via Convoso Lists API
When source_name is missing from the call payload (common with Convoso
Call Log API data), fall back to resolving the list_id to a list name
via the Convoso Lists API. The list map is cached in-memory for 10
minutes. The resolved name is used for lead source creation, call name
computation, and billing matching.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* [FRONT COMPONENTS] Declare command menu items in front components (#18047)
## Description
- Adds support for declaring command menu items directly within
`defineFrontComponent` via an optional command config property
- Introduces a new `CommandMenuItemManifest` type in twenty-shared and
wires it through the manifest build pipeline
## Example Of usage
```tsx
import { defineFrontComponent } from "twenty-sdk";
const TestAction = () => {
return <div>Test Action</div>;
};
export default defineFrontComponent({
universalIdentifier: "6c289461-0007-4a62-a99f-69e5c11a4ce7",
name: "test-action",
description: "Test Action",
component: TestAction,
command: {
universalIdentifier: "c07df864-495f-46f3-9f5b-9d3ce2589e9b",
label: "Run My Action",
icon: "IconBolt",
isPinned: false,
},
});
```
## Video QA
https://github.com/user-attachments/assets/f910fc6a-44a9-45d1-87c5-f0ce64bb3878
* Fix: add a new style to the target text box (#18065)
### Approach
I add some new rules for the style of the target text box. (Fix: #13229
)
<img width="842" height="545" alt="target class"
src="https://github.com/user-attachments/assets/7cd0a615-392a-493b-831f-77ddb93de5fc"
/>
**This is what it looks like now.**
<img width="320" height="224" alt="image"
src="https://github.com/user-attachments/assets/26514102-e684-49ce-915d-43e5677520a5"
/>
* Add CONVOSO_API_TOKEN to Helm staging values and worker extraEnv support
Adds extraEnv iteration to the worker deployment template (matching
the existing server template pattern) and configures CONVOSO_API_TOKEN
on both server and worker for the staging environment.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Use K8s secret for CONVOSO_API_TOKEN instead of hardcoded value
Adds extraEnvSecrets support to both server and worker Helm templates,
allowing env vars to be sourced from Kubernetes secrets via secretKeyRef.
The Convoso API token is now stored in a convoso-credentials secret
rather than being hardcoded in the values file.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add showInSidebar per-role permission to replace hardcoded sidebar filter
Adds a new `showInSidebar` boolean on ObjectPermission and a global
`showAllObjectsInSidebar` toggle on Role, following the same pattern as
canReadObjectRecords/canUpdateObjectRecords. The sidebar now filters
items based on this permission instead of the hardcoded MEMBER_VISIBLE_OBJECTS set.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Switch Convoso call pipeline to pull mode with date range params and preprocessor
Convoso Connect webhooks send lead data regardless of event type, so the push
pipeline doesn't receive call records. This switches to polling the Convoso Call
Log API (/v1/log/retrieve) on a cron schedule, matching the old Cloudflare Worker
approach.
- Add dateRangeParams to SourceRequestConfig for dynamic time-window queries
- Add envVar support to QueryParamAuthConfig for runtime env-based auth tokens
- Wire preprocessor + workspace context into IngestionPullJob (same as push job)
- Include SQL script to update pipeline config in staging DB
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: upgrade @swc/core to 1.15.11 and align SWC ecosystem (#18088)
## Summary
- Upgrades `@swc/core` from 1.13.3 to **1.15.11** (swc_core v56), which
introduces CBOR-based plugin serialization replacing rkyv, eliminating
strict version-matching between SWC core and Wasm plugins
- Upgrades `@lingui/swc-plugin` from ^5.6.0 to **^5.11.0** (swc_core
50.2.3, built with `--cfg=swc_ast_unknown` for cross-version
compatibility)
- Upgrades `@swc/plugin-emotion` from 10.0.4 to **14.6.0** (swc_core 53,
also with backward-compat feature)
- Upgrades companion packages: `@swc-node/register` 1.8.0 → 1.11.1,
`@swc/helpers` ~0.5.2 → ~0.5.18, `@vitejs/plugin-react-swc` 3.11.0 →
4.2.3
### Why this is safe now
Starting from `@swc/core v1.15.0`, SWC replaced the rkyv serialization
scheme with CBOR (a self-describing format) and added `Unknown` AST enum
variants. Plugins built with `swc_core >= 47` and
`--cfg=swc_ast_unkn…
walmat
added a commit
to Omnia-Insurance/crm
that referenced
this pull request
Feb 26, 2026
* Add configurable ingestion pipeline system for no-code data import
Introduces a generalized pipeline system that replaces hardcoded webhook workers
with a configurable approach. Supports push (webhook) and pull (scheduled fetch)
modes with field mapping, transforms, relation resolution, and dedup/upsert.
Backend: NestJS module with entities, GraphQL resolvers, BullMQ jobs, per-pipeline
rate limiting (100 req/min via ThrottlerService), and 100 tests across 12 suites.
Frontend: Settings UI for pipeline CRUD, field mapping editor, dry-run testing,
and run history.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add configurable ingestion pipeline system for no-code data import
Introduces a generalized pipeline system that replaces hardcoded webhook workers
with a configurable approach. Supports push (webhook) and pull (scheduled fetch)
modes with field mapping, transforms, relation resolution, and dedup/upsert.
Backend: NestJS module with entities, GraphQL resolvers, BullMQ jobs, per-pipeline
rate limiting (100 req/min via ThrottlerService), and 100 tests across 12 suites.
Frontend: Settings UI for pipeline CRUD, field mapping editor, dry-run testing,
and run history.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix DB replication: disable triggers during restore, fix refreshToken table name
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix DB replication: enable pgcrypto extension for gen_random_bytes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix connected account permissions (#17598)
Fixes #17411
---------
Co-authored-by: neo773 <neo773@protonmail.com>
Co-authored-by: neo773 <62795688+neo773@users.noreply.github.com>
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* i18n - docs translations (#18017)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* Add Google OAuth callback URLs for staging domain
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix staging OAuth: rewrite prod domain in DB config during replication
Twenty's config system gives DB values priority over env vars, so we need
to rewrite crm.omniaagent.com -> staging-crm.omniaagent.com in the
configVariable table after replicating prod data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix config URL rewrite: use correct keyValuePair table with jsonb cast
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* i18n - docs translations (#18020)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Files command - fixes (#18016)
- Fixed "property entity not found" error when updating/creating a new
field and querying the same object repository just after
- Downgraded log type for unnecessary migration
* Date & DateTime validation fixes / improvements (#18009)
Fixes https://github.com/twentyhq/twenty/issues/17138
- Backend should have strict date/dateTime format validation
- FE in import csv is more permissive
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
* fixes: loosen up front validation, add resolveEntityRelationUniversalIdentifiers to update and restore (#18015)
closes https://github.com/twentyhq/private-issues/issues/419
* New field creates fields widget field (#18022)
## Context
Introducing "NewFieldDefaultConfiguration" to FIELDS widget
configurations
```typescript
{
isVisible: boolean;
viewFieldGroupId: string | null;
}
```
This configuration will define where a new field should be added (which
section) and its default visibility inside FIELDS widget views.
The new field position should always be at the end (meaning the last
position for the view fields OR the last position of a viewFieldGroup)
See "New fields" on this screenshot
<img width="401" height="724" alt="Layout V1"
src="https://github.com/user-attachments/assets/4969bcaa-f244-4504-8947-778a02c24c47"
/>
* App feedbacks (#18028)
as title
* Add SSE for metadata and plug front components (#17998)
Create the necessary tooling to listen to metadata events and plug it to
the front components. Now we have a hot reload like experience when we
edit a component in an app.
## Backend
- Split `EventWithQueryIds` into `ObjectRecordEventWithQueryIds` and
`MetadataEventWithQueryIds`
- Publish metadata event batches to active SSE streams in
`MetadataEventsToDbListener`
## Frontend
- Create a metadata event dispatching pipeline: SSE metadata events are
grouped by metadata name, transformed into
`MetadataOperationBrowserEventDetail` objects, and dispatched as browser
`CustomEvents`
- Add `useListenToMetadataOperationBrowserEvent` hook for consuming
metadata operation events filtered by metadata name and operation type
- Rename `useListenToObjectRecordEventsForQuery` to
`useListenToEventsForQuery`, now accepting both
`RecordGqlOperationSignature` and `MetadataGqlOperationSignature`
- Implement `useOnFrontComponentUpdated` which subscribes to front
component metadata events and updates the Apollo cache when the
component is modified
- Add `builtComponentChecksum` to the front component query and appends
it to the component URL for browser cache invalidation
* Improve API Client usage and add Typescript check (#18023)
## Summary
https://github.com/user-attachments/assets/1e75cc9d-d9d2-4ef2-99f9-34450f5d8de7
Add background incremental type checking (`tsc --watch`) to the SDK dev
mode, so type regressions are caught when the generated API client
changes — without requiring a full rebuild of source files.
Previously, removing a field from the data model would regenerate the
API client, but existing front components/logic functions referencing
the removed field wouldn't surface type errors (since their source
didn't change, esbuild wouldn't rebuild them).
## What changed
- **Background `tsc --watch`**: a long-lived TypeScript watcher runs
alongside esbuild watchers, incrementally re-checking all files when the
generated client changes. Only logs on state transitions (errors appear
/ errors clear) to stay quiet.
- **Atomic client generation**: API client is now generated into a temp
directory and swapped in atomically, avoiding a race condition where
`tsc --watch` could see an empty `generated/` directory
mid-regeneration.
- **Step decoupling**: orchestrator steps no longer receive
`uploadFilesStep` directly. Instead, they use callbacks (`onFileBuilt`,
`onApiClientGenerated`), and each step manages its own `builtFileInfos`
state.
- **`apiClientChecksum` omitted from `ApplicationConfig`**: it's a
build-time computed value, same as `packageJsonChecksum`.
<img width="327" height="177" alt="image"
src="https://github.com/user-attachments/assets/02bd25bb-fa41-42b0-8d96-01c51bd4580c"
/>
<img width="529" height="452" alt="image"
src="https://github.com/user-attachments/assets/61f6e968-365b-4a5b-8f2b-a8419d6b1bd3"
/>
* i18n - translations (#18029)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* v1.18 - Fix command (#18032)
Same as here https://github.com/twentyhq/twenty/pull/18016
* Fix Gmail thread awareness for custom labels (#18031)
This fixes two edge cases for Gmail
- When policy was set to `SELECTED_FOLDERS` excluding root INBOX, it
missed label changes, so messages with newly applied labels weren't
imported until a full resync.
- Gmail thread replies by default by default do no inherit parent
message's label properties so thread context was also lost because only
individually labeled messages were returned, dropping earlier parts of
the conversation.
Fixed by subscribing to `labelAdded`/`labelRemoved` history events and
fetching full thread context when at least one message in a thread
carries a synced label. `ALL_FOLDERS` path is untouched.
* Allow DATE_TIME IS operand to filter on a whole day (#17529)
Fixes: https://github.com/twentyhq/core-team-issues/issues/2027
We've replaced the DATE_TIME picker with DATE picker, and changed the
logic to filter for complete day period.
https://github.com/user-attachments/assets/ba7e1078-bab3-4c62-a803-d6a851f14b7d
---------
Co-authored-by: Arun kumar <arunkumar@Aruns-MacBook-Air.local>
Co-authored-by: Lucas Bordeau <bordeau.lucas@gmail.com>
* Replace generic "Unknown error" messages with descriptive error details (#18019)
## Summary
- Replace all generic `"Unknown error"` fallback messages across the
server codebase with messages that include the actual error details
- The most impactful change is in `guard-redirect.service.ts`, which
handles OAuth redirect errors — non-`AuthException` errors (e.g.,
passport state verification failures) now show `"Authentication error:
<actual message>"` instead of the opaque `"Unknown error"`
- Gmail/Google error handler services now include the error message in
the thrown exception instead of discarding it
- Other catch blocks (workflow delay resume, migration runner rollback,
code interpreter, marketplace) now use `String(error)` for non-Error
objects instead of a static fallback
Fixes the class of issues reported in
https://github.com/twentyhq/twenty/issues/17812, where a user saw
"Unknown error" during Google OAuth and had no way to diagnose the root
cause (which turned out to be a session cookie / SSL configuration
issue).
## Test plan
- [ ] Verify OAuth error flows (e.g., Google Auth with misconfigured
callback URL) now display the actual error message on the `/verify` page
instead of "Unknown error"
- [ ] Verify Gmail sync error handling still correctly classifies and
re-throws errors with descriptive messages
- [ ] Verify workflow delay resume failures include the error details in
the workflow run status
Made with [Cursor](https://cursor.com)
Co-authored-by: Cursor <cursoragent@cursor.com>
* Use proper PostgreSQL identifier/literal escaping in workspace DDL (#18024)
## Summary
- Replace the character-stripping approach (`removeSqlDDLInjection`)
with standard PostgreSQL `escapeIdentifier` and `escapeLiteral`
functions across all workspace schema manager services
- Add missing identifier escaping to `createForeignKey` (was the only
method in the FK manager without it)
- Add allowlist validation for index WHERE clauses and FK action types
- Harden tsvector expression builder with proper identifier quoting
## Context
The workspace schema managers build DDL dynamically from metadata (table
names, column names, enum values, etc.). The previous approach stripped
all non-alphanumeric characters — safe but lossy (silently corrupts
values with legitimate special characters). The new approach uses
PostgreSQL's standard escaping:
- **Identifiers**: double internal `"` and wrap → `"my""table"` (same
algorithm as `pg` driver's `escapeIdentifier`)
- **Literals**: double internal `'` and wrap → `'it''s a value'` (same
algorithm as `pg` driver's `escapeLiteral`)
`removeSqlDDLInjection` is kept only for name generation (e.g.,
`computePostgresEnumName`) where stripping to `[a-zA-Z0-9_]` is the
correct behavior.
## Files changed
| File | What |
|------|------|
| `remove-sql-injection.util.ts` | Added `escapeIdentifier` +
`escapeLiteral` |
| `validate-index-where-clause.util.ts` | New — allowlist for partial
index WHERE clauses |
| 5 schema manager services | Replaced strip+manual-quote with
`escapeIdentifier`/`escapeLiteral` |
| `build-sql-column-definition.util.ts` | `escapeIdentifier` for column
names, validated `generatedType` |
| `sanitize-default-value.util.ts` | `escapeLiteral` instead of
stripping |
| `serialize-default-value.util.ts` | `escapeLiteral` for values,
`escapeIdentifier` for enum casts |
| `get-ts-vector-column-expression.util.ts` | `escapeIdentifier` for
field names in expressions |
| `sanitize-default-value.util.spec.ts` | Updated tests for escape
behavior |
## Test plan
- [x] All 64 existing tests pass across 6 test suites
- [x] `lint:diff-with-main` passes
- [x] TypeScript typecheck — no new errors
- [ ] Verify workspace sync-metadata still works end-to-end
- [ ] Verify custom object/field creation works
- [ ] Verify enum field option changes work
Made with [Cursor](https://cursor.com)
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* Fixes - Workspace logo migration (#18035)
- Update migration command to handle case where workspace logo is
originated from workspace email and point to twenty-icons.com
- Update same logic for new workspaces
- Add feature-flag for all newly created workspaces
* [Chore] : Generate migration for DATE_TIME to DATE for DATE_TIME + IS operand filters (#17564)
migration command in response to the fix :
https://github.com/twentyhq/twenty/pull/17529 for the issue
https://github.com/twentyhq/core-team-issues/issues/2027
---------
Co-authored-by: Arun kumar <arunkumar@Aruns-MacBook-Air.local>
Co-authored-by: Lucas Bordeau <bordeau.lucas@gmail.com>
* Share APP_SECRET from prod to staging for encrypted config decryption
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* 2094 extensibility define postinstall orand preinstall function to run in application (#18037)
- add a new optional key `postInstallLogicFunctionUniversalIdentifier`
in applicationConfig
- seed postInstall function in create-twenty-app
- update execute:function options
- update doc
* Fix tokens secret copy: use replace --force to overwrite Helm-managed secret
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Nav Menu Item Migration command fix (#18041)
* Fix tokens secret sync: delete+create instead of replace to avoid Helm conflicts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Increase Helm timeout to 15m, remove cleanup-on-fail for staging
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* i18n - docs translations (#18040)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Sync page Layout (#18034)
## Sync page layouts, tabs, and widgets
Adds the ability for SDK applications to synchronize `pageLayout`,
`pageLayoutTab`, and `pageLayoutWidget` entities, following the same
pattern established in #18003 for views and navigation menu items.
### Changes
**`twenty-shared`**
- New `PageLayoutManifest`, `PageLayoutTabManifest`, and
`PageLayoutWidgetManifest` types with a hierarchical structure (page
layout → tabs → widgets)
- Added `pageLayouts: PageLayoutManifest[]` to the `Manifest` type
**`twenty-sdk`**
- New `definePageLayout()` SDK function with validation for
universalIdentifier, name, and nested tabs/widgets
- Wired into the manifest extraction and build pipeline
(`DefinePageLayout` target function, `PageLayouts` entity key)
- Exported from the SDK entry point
**`twenty-server`**
- Added `pageLayout`, `pageLayoutTab`, `pageLayoutWidget` to
`APPLICATION_MANIFEST_METADATA_NAMES`
- New conversion utilities: manifest → universal flat entity for all
three entity types
- Updated `computeApplicationManifestAllUniversalFlatEntity
* Fix tokens secret sync: patch existing secret instead of delete+recreate
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix tokens secret: patch existing or create new, keep Helm create as fallback
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix ingestion pipeline UI: compile Lingui i18n catalogs and stop scrambling emails on staging
Lingui message extraction and compilation was never run for the ingestion
pipeline files, causing all UI labels to show garbled hash IDs. Also removes
email scrambling from the DB replication script since staging is a private
environment used by the same team - scrambling caused userId mismatches that
blocked Google OAuth login.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add example in create-twenty-app (#18043)
- add interactive mode to create-twenty-app
- by default create an example for each entities
<img width="1181" height="168" alt="image"
src="https://github.com/user-attachments/assets/a2490d8f-66a1-4cd5-bf41-57166cc20a1e"
/>
* i18n - docs translations (#18048)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Add missing objects to rich app integration tests (#18039)
Updating rich app so it also create:
- a many to many relation
- views
- navigation items
The app was built successfully.
Will still be missing front component examples
<img width="1498" height="660" alt="Capture d’écran 2026-02-18 à 17 47
25"
src="https://github.com/user-attachments/assets/acd5193f-3a36-4eb7-8276-3154e4e60f5e"
/>
* Refactor page layout types (#18042)
## Refactor page layout widget types into shared package and expose from
SDK
### Why
Widget configuration types were defined only on the server, forcing SDK
consumer apps to import from deep internal `twenty-shared/dist` paths —
fragile and breaks on structural changes. Server DTOs also had no
compile-time guarantee they matched the canonical types.
### What changed
- **`twenty-shared`**: Migrated `ChartFilter`, `GridPosition`,
`RatioAggregateConfig` and all 20 widget configuration variants into
`twenty-shared/types`. `PageLayoutWidgetConfiguration` (base, with
`SerializedRelation`) and `PageLayoutWidgetUniversalConfiguration`
(derived via `FormatRecordSerializedRelationProperties`) are now the
single source of truth.
- **`twenty-sdk`**: Re-exported `AggregateOperations`,
`ObjectRecordGroupByDateGranularity`, `PageLayoutTabLayoutMode`, and
`PageLayoutWidgetUniversalConfiguration` so consumer apps import from
`twenty-sdk` directly.
- **`twenty-server`**: All widget DTOs now `implements` their shared
type for compile-time enforcement. Added helpers to convert nested
`fieldMetadataId` ↔ `fieldMetadataUniversalIdentifier` inside chart
filters. Removed redundant local type re-exports.
* refactor workflow action messaging with callout (#18038)
## Summary
- remove the dedicated `WorkflowMessage` component and story
- update workflow action editor components to use the shared callout
patterns
- adjust `Callout` and its stories to support the new usage in workflow
actions
## Before/After
<img width="525" height="548" alt="image"
src="https://github.com/user-attachments/assets/ce57a84f-f070-4149-85ef-a4d162b2d878"
/>
<img width="518" height="593" alt="image"
src="https://github.com/user-attachments/assets/f7249cd0-221f-496d-9deb-d9966ee43382"
/>
* Add currency hover tooltip in CurrencyDisplay (#18045)
https://github.com/user-attachments/assets/af768ecb-b5e9-4e8d-a9f9-fee1a08ea9a0
Fixes https://github.com/twentyhq/twenty/issues/17756
* Increase staging worker memory limit to 1024Mi to fix OOM crash
Worker was in CrashLoopBackOff with "JavaScript heap out of memory" error
at 512Mi. Matches production worker memory limit.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Increase staging worker memory limit to 1024Mi to fix OOM crash
Worker was in CrashLoopBackOff with "JavaScript heap out of memory" error
at 512Mi. Matches production worker memory limit.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: show "Not shared" for junction relation fields when target or intermediate object is not readable (#18025)
When a user's role lacks read permission on the target object (e.g.,
Company) or the intermediate junction object (e.g., EmploymentHistory),
junction relation fields like "Previous Companies" displayed as blank
instead of showing "Not shared."
- In RecordFieldList, junction fields now check the junction object's
read permission and set isForbidden on the field context so FieldDisplay
renders "Not shared" instead of an empty field.
- In RelationFromManyFieldDisplay, if junction records exist but all
nested target records are null (permission-denied by the API), the
component renders "Not shared" instead of an empty list.
---------
Co-authored-by: Félix Malfait <felix@twenty.com>
* Fix ingestion worker: wrap record processing in workspace context
The worker needs a workspace context (via AsyncLocalStorage) to use
GlobalWorkspaceOrmManager. Uses buildSystemAuthContext() like other
job processors in the codebase.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix ingestion worker: wrap record processing in workspace context
The worker needs a workspace context (via AsyncLocalStorage) to use
GlobalWorkspaceOrmManager. Uses buildSystemAuthContext() like other
job processors in the codebase.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* i18n - docs translations (#18050)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Restore old favorite design (#18049)
Issue : With IS_NAVIGATION_MENU_ITEM_ENABLED:true +
IS_NAVIGATION_MENU_ITEM_EDITING_ENABLED:false, nav menu design is
changed after 1.18.0 release : views expansion removed, system object
displayed, position re-ordered
We prefer keeping the same "old" favorite behaviour and design state
- After 1.18.0 all workspaces have up-to-date navigation menu items
(migrated)
- IS_NAVIGATION_MENU_ITEM_EDITING_ENABLED becomes the FF for nav menu
new design
---------
Co-authored-by: Charles Bochet <charles@twenty.com>
* Fix impossible scroll in sdk app:dev (#18051)
Issue is that we are refreshing the terminal because of icons animations
* Harden server-side input validation and auth defaults (#18018)
## Summary
- **File storage (LocalDriver):** Add realpath resolution and symlink
rejection to `writeFile`, `downloadFile`, and `downloadFolder` — brings
them in line with the existing `readFile` protections. Includes unit
tests.
- **JWT:** Pin signing/verification to HS256 explicitly.
- **Auth:** Revoke active refresh tokens when a user changes their
password.
- **Logic functions:** Validate `handlerName` as a safe JS identifier at
both DTO and runtime level, preventing injection into the generated
runner script.
- **User entity:** Remove `passwordHash` from the GraphQL schema
(`@Field` decorator removed, column stays).
- **Query params:** Use `crypto.randomBytes` instead of `Math.random`
for SQL parameter name generation.
- **Exception filter:** Mirror the request `Origin` header instead of
sending `Access-Control-Allow-Origin: *`.
## Test plan
- [x] `local.driver.spec.ts` — writeFile rejects symlinks, downloadFile
rejects paths outside storage
- [ ] Verify JWT auth flow still works (login, token refresh)
- [ ] Verify password change invalidates existing sessions
- [ ] Verify logic function creation with valid/invalid handler names
- [ ] Verify file upload/download in dev environment
Made with [Cursor](https://cursor.com)
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
* Add static transform type for constant field values in ingestion pipeline
Allows setting a fixed value regardless of source data, useful for
fields like leadStatus that need a default (e.g. "ASSIGNED").
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add static transform type for constant field values in ingestion pipeline
Allows setting a fixed value regardless of source data, useful for
fields like leadStatus that need a default (e.g. "ASSIGNED").
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Skip empty string source values in ingestion field mapping
Convoso sends empty strings for unpopulated fields. These should be
treated as absent rather than mapped to target fields where they'd
cause enum validation errors.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Skip empty string source values in ingestion field mapping
Convoso sends empty strings for unpopulated fields. These should be
treated as absent rather than mapped to target fields where they'd
cause enum validation errors.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Prevent SSRF via IMAP/SMTP/CalDAV (#17973)
Prevents leaking of internal services by filtering out private IPs, same
way we do for webhooks
* Fix website build (#18052)
* i18n - translations (#18053)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* Improve security settings card grouping and description overflow (#17928)
# After
- Added a separtor between the two audit logs cards
- Rename the audit log card to avoid repetition
- Grouped "Invite by link" and "2 factor auth" in one group
- Changed the card component description to always be one line max with
truncation & tooltips
<img width="777" height="1278" alt="CleanShot 2026-02-13 at 17 02 36"
src="https://github.com/user-attachments/assets/685c792a-c85b-4521-8c1b-bd9adedc75d9"
/>
<img width="976" height="690"
alt="b49f2eb043b6712d013618bb0a4ef7f011cf2316e1163fbdee4c293bed036ac9"
src="https://github.com/user-attachments/assets/6e17aa11-ecdb-4f98-ba50-5cd9b9c5def6"
/>
---------
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
Co-authored-by: Charles Bochet <charlesBochet@users.noreply.github.com>
Co-authored-by: Charles Bochet <charles@twenty.com>
* Fix empty string values bypassing enum validation in ingestion pipeline
The post-transform check only tested isDefined, so empty strings from map
transforms passed through and caused PostgreSQL enum errors (e.g. gender: "").
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix empty string values bypassing enum validation in ingestion pipeline
The post-transform check only tested isDefined, so empty strings from map
transforms passed through and caused PostgreSQL enum errors (e.g. gender: "").
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* i18n - translations (#18056)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* Fix website build (#18057)
* Add Health Sherpa policy ingestion with smart person matching
Implements automated policy data ingestion from Health Sherpa webhooks
using the existing ingestion pipeline infrastructure.
Features:
- Generic policy fields (carrier-agnostic): applicationId, externalSource, etc.
- Smart person matching with 4-strategy fallback system:
1. Match by phone (normalized)
2. Match by agent NPN + member name
3. Match by email (skip junk emails)
4. Auto-create person if no match
- Deduplication by applicationId (update vs create)
- Phone normalization: "(555) 123-4567" → "5551234567"
- Auto-assign to agent by NPN
- Duplicate email handling (retry without email)
- 17 field mappings (webhook → CRM)
- Full unit test coverage
New files:
- Migration: add-external-policy-fields (9 new columns + indexes)
- Seed: seed-healthsherpa-pipeline.command.ts
- Preprocessor: healthsherpa-policy.preprocessor.ts (smart matching)
- Registry: ingestion-preprocessor.registry.ts
- Tests: healthsherpa-policy.preprocessor.spec.ts (12 tests)
Modified files:
- ingestion-push-process.job.ts (call preprocessor)
- ingestion-pipeline.module.ts (register providers)
- ingestion-job.module.ts (register providers)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Messages Message Folder Association (#17398)
This PR adds Message folder association for message channel messages,
Currently under testing phase, not ready yet.
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Fix website build (#18061)
As per title
* i18n - docs translations (#18062)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Add Convoso call ingestion preprocessor for ingestion pipeline
Introduces ConvosoCallPreprocessor that enriches call payloads with
computed fields (direction, name, person/lead source resolution, billing)
and filters incomplete/system payloads. Updates the preprocessor registry
to support null returns for record skipping.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Wrap preprocessor in workspace context for DB access
The preprocessor runs before processRecords which has its own workspace
context. Preprocessors that access the database (like ConvosoCall and
HealthSherpa) need workspace context to resolve repositories.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Migrate dropdown to jotai (#18063)
Here we go again
* Add incoming payload viewer to ingestion pipeline run history
Stores the raw incoming webhook payload on each ingestion log entry and
displays it in an expandable row in the Run History table. Clicking a
row reveals the JSON payload and any errors.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* i18n - docs translations (#18067)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Bump @xyflow/react from 12.4.2 to 12.10.0 (#18070)
Bumps
[@xyflow/react](https://github.com/xyflow/xyflow/tree/HEAD/packages/react)
from 12.4.2 to 12.10.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/xyflow/xyflow/releases"><code>@xyflow/react</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.10.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5637">#5637</a> <a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Add <code>zIndexMode</code> to control how z-index is calculated for
nodes and edges</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5484">#5484</a> <a
href="https://github.com/xyflow/xyflow/commit/a523919d6789995e9d0f3dd29b0b47fc3b8d8439"><code>a523919d6</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Add
<code>experimental_useOnNodesChangeMiddleware</code> hook</p>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5629">#5629</a> <a
href="https://github.com/xyflow/xyflow/commit/9030fab2df8285fdfb649bda6e1e885dfd228d45"><code>9030fab2d</code></a>
Thanks <a
href="https://github.com/AlaricBaraou"><code>@AlaricBaraou</code></a>!
- Prevent unnecessary re-render in <code>FlowRenderer</code></p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5592">#5592</a> <a
href="https://github.com/xyflow/xyflow/commit/38dbf41c464550cc803b946a4ad1f46982385a03"><code>38dbf41c4</code></a>
Thanks <a
href="https://github.com/svilen-ivanov-kubit"><code>@svilen-ivanov-kubit</code></a>!
- Always create a new measured object in apply changes.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5635">#5635</a> <a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>
Thanks <a
href="https://github.com/tornado-softwares"><code>@tornado-softwares</code></a>!
- Update an ongoing connection when user moves node with keyboard.</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/8598b6bc2a9d052b12d5215706382da0aa84827b"><code>8598b6bc2</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.74</li>
</ul>
</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5621">#5621</a> <a
href="https://github.com/xyflow/xyflow/commit/c1304dba7a20bb8d74c7aceb23cd80b56e4c0482"><code>c1304dba7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Set <code>paneClickDistance</code> default value to
<code>1</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5578">#5578</a> <a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Pass
current pointer position to connection</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.73</li>
</ul>
</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.2</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/xyflow/xyflow/pull/5593">#5593</a> <a
href="https://github.com/xyflow/xyflow/commit/a8ee089d7689d9a58113690c8e90e1c1e109602a"><code>a8ee089d7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Reset selection box when user selects a node</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5572">#5572</a> <a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Fix
onPaneClick events being suppressed when selectionOnDrag=true</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.72</li>
</ul>
</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5544">#5544</a> <a
href="https://github.com/xyflow/xyflow/commit/c17b49f4c16167da3f791430163edd592159d27d"><code>c17b49f4c</code></a>
Thanks <a
href="https://github.com/0x0f0f0f"><code>@0x0f0f0f</code></a>! - Add
<code>EdgeToolbar</code> component</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5550">#5550</a> <a
href="https://github.com/xyflow/xyflow/commit/6ffb9f7901c32f5b335aee2517f41bf87f274f32"><code>6ffb9f790</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! -
Prevent child nodes of different parents from overlapping</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5551">#5551</a> <a
href="https://github.com/xyflow/xyflow/commit/6bb64b3ed60f26c9ea8bc01c8d62fb9bf74cd634"><code>6bb64b3ed</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Allow to start a selection above a node</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/xyflow/xyflow/blob/main/packages/react/CHANGELOG.md"><code>@xyflow/react</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>12.10.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5637">#5637</a> <a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Add <code>zIndexMode</code> to control how z-index is calculated for
nodes and edges</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5484">#5484</a> <a
href="https://github.com/xyflow/xyflow/commit/a523919d6789995e9d0f3dd29b0b47fc3b8d8439"><code>a523919d6</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Add
<code>experimental_useOnNodesChangeMiddleware</code> hook</p>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5629">#5629</a> <a
href="https://github.com/xyflow/xyflow/commit/9030fab2df8285fdfb649bda6e1e885dfd228d45"><code>9030fab2d</code></a>
Thanks <a
href="https://github.com/AlaricBaraou"><code>@AlaricBaraou</code></a>!
- Prevent unnecessary re-render in <code>FlowRenderer</code></p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5592">#5592</a> <a
href="https://github.com/xyflow/xyflow/commit/38dbf41c464550cc803b946a4ad1f46982385a03"><code>38dbf41c4</code></a>
Thanks <a
href="https://github.com/svilen-ivanov-kubit"><code>@svilen-ivanov-kubit</code></a>!
- Always create a new measured object in apply changes.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5635">#5635</a> <a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>
Thanks <a
href="https://github.com/tornado-softwares"><code>@tornado-softwares</code></a>!
- Update an ongoing connection when user moves node with keyboard.</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/8598b6bc2a9d052b12d5215706382da0aa84827b"><code>8598b6bc2</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.74</li>
</ul>
</li>
</ul>
<h2>12.9.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5621">#5621</a> <a
href="https://github.com/xyflow/xyflow/commit/c1304dba7a20bb8d74c7aceb23cd80b56e4c0482"><code>c1304dba7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Set <code>paneClickDistance</code> default value to
<code>1</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5578">#5578</a> <a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Pass
current pointer position to connection</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.73</li>
</ul>
</li>
</ul>
<h2>12.9.2</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/xyflow/xyflow/pull/5593">#5593</a> <a
href="https://github.com/xyflow/xyflow/commit/a8ee089d7689d9a58113690c8e90e1c1e109602a"><code>a8ee089d7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Reset selection box when user selects a node</li>
</ul>
<h2>12.9.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5572">#5572</a> <a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Fix
onPaneClick events being suppressed when selectionOnDrag=true</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.72</li>
</ul>
</li>
</ul>
<h2>12.9.0</h2>
<h3>Minor Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/xyflow/xyflow/pull/5544">#5544</a> <a
href="https://github.com/xyflow/xyflow/commit/c17b49f4c16167da3f791430163edd592159d27d"><code>c17b49f4c</code></a>
Thanks <a
href="https://github.com/0x0f0f0f"><code>@0x0f0f0f</code></a>! - Add
<code>EdgeToolbar</code> component</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/xyflow/xyflow/commit/c0ed3c33a3498877ab2a5755299ff84ee659782e"><code>c0ed3c3</code></a>
chore(packages): bump</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/83a312b2e1691a44223536653689f8f99f0d5b24"><code>83a312b</code></a>
chore(zIndexMode): use basic as default</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/14fd41b1f153406f1a21a61bf98ea07ad8275ec6"><code>14fd41b</code></a>
change default back to elevateEdgesOnSelect=false and
zIndexMode=basic</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/3680a6a0e623e19d1f983515273f11bdd355ec86"><code>3680a6a</code></a>
Merge branch 'main' into feat/zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/a523919d6789995e9d0f3dd29b0b47fc3b8d8439"><code>a523919</code></a>
chore(middleware): cleanup</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/e4e3605d62c8c710fe7ddb2ec3929af0a7962a6b"><code>e4e3605</code></a>
Merge branch 'main' into middlewares</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/2c05b3224a13e896dfb9a0c93f3af7bb592afc45"><code>2c05b32</code></a>
Merge branch 'feat/zindexmode' of github.com:xyflow/xyflow into
feat/zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/ddbb9280f6242794187205a207e993e2c721c244"><code>ddbb928</code></a>
chore(examples): add zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/9faca3357d5db68fdad6c96de06fd66dd1d0ba64"><code>9faca33</code></a>
Merge branch 'main' into feat/zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/4eb42952f01b947c9d36c25e6b30b7bd98224632"><code>4eb4295</code></a>
feat(svelte): add zIndexMode</li>
<li>Additional commits viewable in <a
href="https://github.com/xyflow/xyflow/commits/@xyflow/react@12.10.0/packages/react">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump eslint-config-next from 14.2.33 to 14.2.35 (#18069)
Bumps
[eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next)
from 14.2.33 to 14.2.35.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/vercel/next.js/commit/7b940d9ce96faddb9f92ff40f5e35c34ace04eb2"><code>7b940d9</code></a>
v14.2.35</li>
<li><a
href="https://github.com/vercel/next.js/commit/f3073688ce18878a674fdb9954da68e9d626a930"><code>f307368</code></a>
v14.2.34</li>
<li>See full diff in <a
href="https://github.com/vercel/next.js/commits/v14.2.35/packages/eslint-config-next">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump @emotion/is-prop-valid from 1.3.0 to 1.4.0 (#18068)
Bumps [@emotion/is-prop-valid](https://github.com/emotion-js/emotion)
from 1.3.0 to 1.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/emotion-js/emotion/releases"><code>@emotion/is-prop-valid</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@emotion/is-prop-valid</code><a
href="https://github.com/1"><code>@1</code></a>.4.0</h2>
<h3>Minor Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/emotion-js/emotion/pull/3306">#3306</a>
<a
href="https://github.com/emotion-js/emotion/commit/dfae1cbd98d3ebe449ce322b38cbf4a7fbfbfe96"><code>dfae1cb</code></a>
Thanks <a
href="https://github.com/EnzoAlbornoz"><code>@EnzoAlbornoz</code></a>!
- Adds <code>popover</code>, <code>popoverTarget</code> and
<code>popoverTargetAction</code> to the list of allowed props.</li>
</ul>
<h2><code>@emotion/is-prop-valid</code><a
href="https://github.com/1"><code>@1</code></a>.3.1</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/emotion-js/emotion/pull/3093">#3093</a>
<a
href="https://github.com/emotion-js/emotion/commit/532ff57cafd8ba04f3b624074556ea47ec76fc9a"><code>532ff57</code></a>
Thanks <a href="https://github.com/codejet"><code>@codejet</code></a>,
<a href="https://github.com/DustinBrett"><code>@DustinBrett</code></a>!
- Adds <code>fetchpriority</code> and <code>fetchPriority</code> to the
list of allowed props.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/emotion-js/emotion/commit/38db311adf024fe8a24b57c687824c47abbd0957"><code>38db311</code></a>
Version Packages (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3347">#3347</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/dfae1cbd98d3ebe449ce322b38cbf4a7fbfbfe96"><code>dfae1cb</code></a>
Adds <code>popover</code>, <code>popoverTarget</code> and
<code>popoverTargetAction</code> to the list of allo...</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/49229553967b6050c92d9602eb577bdc48167e91"><code>4922955</code></a>
Version Packages (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3335">#3335</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/0facbe47bd9099ae4ed22dc201822d910ac3dec5"><code>0facbe4</code></a>
Renamed default-exported variable in <code>@emotion/styled</code> to aid
inferred import...</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/cce67ec6b2fc94261028b4f4778aae8c3d6c5fd6"><code>cce67ec</code></a>
Bump parcel (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3258">#3258</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/3c19ce5997f73960679e546af47801205631dfde"><code>3c19ce5</code></a>
Version Packages (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3280">#3280</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/a19d019bd418ebc3b9cba0e58f58b36ac2862a42"><code>a19d019</code></a>
Convert <code>@emotion/styled</code>'s source code to TypeScript (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3284">#3284</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/5974e33fcb5e7aee177408684ac6fe8b38b3e353"><code>5974e33</code></a>
Fix JSX namespace <a
href="https://github.com/ts-ignores"><code>@ts-ignores</code></a> (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3282">#3282</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/fc4d7bd744c205f55513dcd4e4e5134198c219de"><code>fc4d7bd</code></a>
Convert <code>@emotion/react</code>'s source code to TypeScript (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3281">#3281</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/8dc1a6dd19d2dc9ce435ef0aff85ccf5647f5d2e"><code>8dc1a6d</code></a>
Convert <code>@emotion/cache</code>'s source code to TypeScript (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3277">#3277</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/emotion-js/emotion/compare/@emotion/is-prop-valid@1.3.0...@emotion/is-prop-valid@1.4.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* FILES field - Attachment name display fix (#18073)
with new 'file' FILES field on attachment, UI should display attachment
name from file field value.
Issue with API users updating only 'file' FILES field (and not name
field anymore)
* Add objectRecordCounts query to /metadata endpoint (#18054)
## Summary
- Adds an `objectRecordCounts` query on the `/metadata` GraphQL endpoint
that returns approximate record counts for all objects in the workspace
- Uses PostgreSQL's `pg_class.reltuples` catalog stats — a single
instant query instead of N `COUNT(*)` table scans
- Replaces the previous `CombinedFindManyRecords` approach which hit the
server's 20 root resolver limit and silently showed 0 for all counts on
the settings Data Model page
### Server
- `ObjectRecordCountDTO` — GraphQL type with `objectNamePlural` and
`totalCount`
- `ObjectRecordCountService` — reads `pg_class` catalog for the
workspace schema
- Query added to `ObjectMetadataResolver` with `@MetadataResolver()` +
`NoPermissionGuard`
### Frontend
- `OBJECT_RECORD_COUNTS` query added to
`object-metadata/graphql/queries.ts`
- `useCombinedGetTotalCount` simplified to a zero-argument hook using
the new query
- `SettingsObjectTable` simplified to a single hook call
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* Refactor and standardize `isSystem` field and object (#17992)
# Introduction
## Centralize system field definitions
- Extract a single `PARTIAL_SYSTEM_FLAT_FIELD_METADATAS` constant as the
source of truth for all 8 system fields (`id`, `createdAt`, `updatedAt`,
`deletedAt`, `createdBy`, `updatedBy`, `position`, `searchVector`),
eliminating duplication across custom object and standard app field
builders
- Refactor `buildDefaultFlatFieldMetadatasForCustomObject` to use the
shared constant via a new `buildObjectSystemFlatFieldMetadatas` helper
## Mark system fields as `isSystem: true`
- Fields `id`, `createdAt`, `updatedAt`, `deletedAt`, `createdBy`,
`updatedBy`, `position`, `searchVector` are now properly flagged as
system fields across all standard objects and custom object creation
- Standard app field builders for all ~30 standard objects updated to
set `isSystem: true` on `createdAt`, `updatedAt`, `deletedAt`,
`createdBy`, `updatedBy`
- System-only standard objects (blocklist, calendar channels, message
threads, etc.) now also include `createdBy`, `updatedBy`, `position`,
`searchVector` field definitions that were previously missing
## Validate system fields on object creation
- New transversal validation (`crossEntityTransversalValidation`) runs
after all atomic entity validations in the build orchestrator, ensuring
all 8 system fields are present with correct `type` and `isSystem: true`
when an object is created
- New `buildUniversalFlatObjectFieldByNameAndJoinColumnMaps` utility to
resolve field names to universal identifiers for a given object
- New exception codes: `MISSING_SYSTEM_FIELD` and `INVALID_SYSTEM_FIELD`
on `ObjectMetadataExceptionCode`
## Protect system fields and objects from mutation
- Field validators now block update/delete of `isSystem` fields by
non-system callers (`FIELD_MUTATION_NOT_ALLOWED`)
- Object validators now block update/delete of `isSystem` objects by
non-system callers
- `POSITION` and `TS_VECTOR` field type validators replaced: instead of
rejecting creation outright, they now validate that the field is named
correctly (`position` / `searchVector`) and has `isSystem: true`
## Distinguish `isSystemBuild` from `isCallerTwentyStandardApp`
- New `isCallerTwentyStandardApp` utility checks whether the caller's
`applicationUniversalIdentifier` matches the twenty standard app
- Name-sync logic (`isFlatFieldMetadataNameSyncedWithLabel`,
`areFlatObjectMetadataNamesSyncedWithLabels`) refactored to use
`isCallerTwentyStandardApp` for custom suffix decisions, keeping
`isSystemBuild` for mutation permission checks
- `WorkspaceMigrationBuilderOptions` type updated to include
`applicationUniversalIdentifier`
## Adapt frontend filtering
- New `HIDDEN_SYSTEM_FIELD_NAMES` constant (`id`, `position`,
`searchVector`) and `isHiddenSystemField` utility to only hide truly
internal fields while keeping user-facing system fields (`createdAt`,
`updatedAt`, `deletedAt`, `createdBy`, `updatedBy`) visible in the UI
- ~20 frontend files updated to replace `!field.isSystem` checks with
`!isHiddenSystemField(field)` across record index, settings, data model,
charts, workflows, spreadsheet import, aggregations, and role
permissions
## Add 1.19 upgrade commands
- **`backfill-system-fields-is-system`**: Raw SQL command to set
`isSystem = true` on existing workspace fields matching system field
names, and fix `position` field type from `NUMBER` to `POSITION` for
`favorite`/`favoriteFolder` objects. Includes proper cache invalidation.
- **`add-missing-system-fields-to-standard-objects`**: Codegen'd
workspace migration to create missing `position`, `searchVector`,
`createdBy`, `updatedBy` fields on standard objects that didn't
previously have them. Runs via `WorkspaceMigrationRunnerService` in a
single transaction with idempotency check. **Known limitation**: assumes
all standard objects exist and are valid in the target workspace.
## Add `universalIdentifier` for system fields in standard object
constants
- `standard-object.constant.ts` updated to include `universalIdentifier`
for `createdBy`, `updatedBy`, `position`, and `searchVector` across all
standard objects
- `fieldManifestType.ts` updated to support the new field manifest shape
## System relation
Completely removed and backfilled all `isSystem` relation to be false
false
As we won't require an object to have any relation system fields
## Add integration tests
- New test suite `failing-sync-application-object-system-fields`
covering: missing system fields, wrong field types (`id` as TEXT,
`createdAt` as TEXT, `position` as TEXT), system field deletion
attempts, and system field update attempts
- New test utilities: `buildDefaultObjectManifest` (builds an object
manifest with all 8 system fields) and `setupApplicationForSync`
(centralizes application setup)
- Existing successful sync test updated to verify system fields are
created with correct properties
## Next step
Make the builder scope the compared entity to be the currently built app
+ nor twenty standard app
* i18n - translations (#18079)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* fix: remove the error message for test failure in ci-front (#18076)
Introduced an error message on twenty-front CI earlier to try and inform
the user that test failure could be a coverage issue if no individual
test was failing. However, it led to the assumption that it must be
coverage failure in all cases even when it was test failure leading to
the CI being red.
This PR reverts the change.
* Keep migrating to jotai (#18064)
And we continue!
* Remove non positive integer constraint on Nav Menu Item (#18081)
To fit with position typed field logic + Ease favorite to nav menu item
migration (which have negative and float position)
* i18n - translations (#18086)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* Refactor message backfill command (#18078)
# Introduction
Atomically create the field and object to be created
And avoid synchronizing unrelated non up to date object and fields
Followup https://github.com/twentyhq/twenty/pull/17398
* Migrate more to Jotai (#18087)
Continue jotai migration
* Factorize and add public-assets/*path endpoint (#18080)
as title
* Twenty standard app static options id (#18089)
# Introduction
While preparing the twenty-standard as code migration to twenty-app
through sdk I've faced permanent field enum update as the id was
generated dynamically at each twenty standard app construction
Making them deterministic in order to avoid having this noise
Won't backfill this on existing workspace as it's not critical and that
we will rework the options in the future
* Create LLMS.md on create-twenty-app (#18091)
Managed to create a many to many app with minimal instructions. File
will need to be enriched with more pitfalls.
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* Fix google compose scope not gated by feature flag (#18093)
## Context
New google api scope has been introduced in
https://github.com/twentyhq/twenty/pull/17793 without being gated behind
a feature flag
Microsoft is using pre-existing Mail.ReadWrite scope there is nothing to
gate
## Before
<img width="553" height="445" alt="Screenshot 2026-02-19 at 14 57 58"
src="https://github.com/user-attachments/assets/59a4f76b-d38d-492f-b013-b6cad4091a7f"
/>
## After
<img width="535" height="392" alt="Screenshot 2026-02-19 at 14 58 44"
src="https://github.com/user-attachments/assets/0337bf15-ec30-4549-bb9d-571a982dffd8"
/>
* Remove non positive integer constraint on Nav Menu Item 2/2 (#18090)
Follow up https://github.com/twentyhq/twenty/pull/18081
* Resolve lead source from list_id via Convoso Lists API
When source_name is missing from the call payload (common with Convoso
Call Log API data), fall back to resolving the list_id to a list name
via the Convoso Lists API. The list map is cached in-memory for 10
minutes. The resolved name is used for lead source creation, call name
computation, and billing matching.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* [FRONT COMPONENTS] Declare command menu items in front components (#18047)
## Description
- Adds support for declaring command menu items directly within
`defineFrontComponent` via an optional command config property
- Introduces a new `CommandMenuItemManifest` type in twenty-shared and
wires it through the manifest build pipeline
## Example Of usage
```tsx
import { defineFrontComponent } from "twenty-sdk";
const TestAction = () => {
return <div>Test Action</div>;
};
export default defineFrontComponent({
universalIdentifier: "6c289461-0007-4a62-a99f-69e5c11a4ce7",
name: "test-action",
description: "Test Action",
component: TestAction,
command: {
universalIdentifier: "c07df864-495f-46f3-9f5b-9d3ce2589e9b",
label: "Run My Action",
icon: "IconBolt",
isPinned: false,
},
});
```
## Video QA
https://github.com/user-attachments/assets/f910fc6a-44a9-45d1-87c5-f0ce64bb3878
* Fix: add a new style to the target text box (#18065)
### Approach
I add some new rules for the style of the target text box. (Fix: #13229
)
<img width="842" height="545" alt="target class"
src="https://github.com/user-attachments/assets/7cd0a615-392a-493b-831f-77ddb93de5fc"
/>
**This is what it looks like now.**
<img width="320" height="224" alt="image"
src="https://github.com/user-attachments/assets/26514102-e684-49ce-915d-43e5677520a5"
/>
* Add CONVOSO_API_TOKEN to Helm staging values and worker extraEnv support
Adds extraEnv iteration to the worker deployment template (matching
the existing server template pattern) and configures CONVOSO_API_TOKEN
on both server and worker for the staging environment.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Use K8s secret for CONVOSO_API_TOKEN instead of hardcoded value
Adds extraEnvSecrets support to both server and worker Helm templates,
allowing env vars to be sourced from Kubernetes secrets via secretKeyRef.
The Convoso API token is now stored in a convoso-credentials secret
rather than being hardcoded in the values file.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add showInSidebar per-role permission to replace hardcoded sidebar filter
Adds a new `showInSidebar` boolean on ObjectPermission and a global
`showAllObjectsInSidebar` toggle on Role, following the same pattern as
canReadObjectRecords/canUpdateObjectRecords. The sidebar now filters
items based on this permission instead of the hardcoded MEMBER_VISIBLE_OBJECTS set.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Switch Convoso call pipeline to pull mode with date range params and preprocessor
Convoso Connect webhooks send lead data regardless of event type, so the push
pipeline doesn't receive call records. This switches to polling the Convoso Call
Log API (/v1/log/retrieve) on a cron schedule, matching the old Cloudflare Worker
approach.
- Add dateRangeParams to SourceRequestConfig for dynamic time-window queries
- Add envVar support to QueryParamAuthConfig for runtime env-based auth tokens
- Wire preprocessor + workspace context into IngestionPullJob (same as push job)
- Include SQL script to update pipeline config in staging DB
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: upgrade @swc/core to 1.15.11 and align SWC ecosystem (#18088)
## Summary
- Upgrades `@swc/core` from 1.13.3 to **1.15.11** (swc_core v56), which
introduces CBOR-based plugin serialization replacing rkyv, eliminating
strict version-matching between SWC core and Wasm plugins
- Upgrades `@lingui/swc-plugin` from ^5.6.0 to **^5.11.0** (swc_core
50.2.3, built with `--cfg=swc_ast_unknown` for cross-version
compatibility)
- Upgrades `@swc/plugin-emotion` from 10.0.4 to **14.6.0** (swc_core 53,
also with backward-compat feature)
- Upgrades companion packages: `@swc-node/register` 1.8.0 → 1.11.1,
`@swc/helpers` ~0.5.2 → ~0.5.18, `@vitejs/plugin-react-swc` 3.11.0 →
4.2.3
### Why this is safe now
Starting from `@swc/core v1.15.0`, SWC replaced the rkyv serialization
scheme with CBOR (a self-describing format) and added `Unknown` AST enum
variants. Plugins built with `swc_core >= 47` and
`--cfg=swc_ast_unknown` are now forwa…
walmat
added a commit
to Omnia-Insurance/crm
that referenced
this pull request
Feb 26, 2026
* Add configurable ingestion pipeline system for no-code data import
Introduces a generalized pipeline system that replaces hardcoded webhook workers
with a configurable approach. Supports push (webhook) and pull (scheduled fetch)
modes with field mapping, transforms, relation resolution, and dedup/upsert.
Backend: NestJS module with entities, GraphQL resolvers, BullMQ jobs, per-pipeline
rate limiting (100 req/min via ThrottlerService), and 100 tests across 12 suites.
Frontend: Settings UI for pipeline CRUD, field mapping editor, dry-run testing,
and run history.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add configurable ingestion pipeline system for no-code data import
Introduces a generalized pipeline system that replaces hardcoded webhook workers
with a configurable approach. Supports push (webhook) and pull (scheduled fetch)
modes with field mapping, transforms, relation resolution, and dedup/upsert.
Backend: NestJS module with entities, GraphQL resolvers, BullMQ jobs, per-pipeline
rate limiting (100 req/min via ThrottlerService), and 100 tests across 12 suites.
Frontend: Settings UI for pipeline CRUD, field mapping editor, dry-run testing,
and run history.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix DB replication: disable triggers during restore, fix refreshToken table name
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix DB replication: enable pgcrypto extension for gen_random_bytes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix connected account permissions (#17598)
Fixes #17411
---------
Co-authored-by: neo773 <neo773@protonmail.com>
Co-authored-by: neo773 <62795688+neo773@users.noreply.github.com>
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* i18n - docs translations (#18017)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* Add Google OAuth callback URLs for staging domain
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix staging OAuth: rewrite prod domain in DB config during replication
Twenty's config system gives DB values priority over env vars, so we need
to rewrite crm.omniaagent.com -> staging-crm.omniaagent.com in the
configVariable table after replicating prod data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix config URL rewrite: use correct keyValuePair table with jsonb cast
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* i18n - docs translations (#18020)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Files command - fixes (#18016)
- Fixed "property entity not found" error when updating/creating a new
field and querying the same object repository just after
- Downgraded log type for unnecessary migration
* Date & DateTime validation fixes / improvements (#18009)
Fixes https://github.com/twentyhq/twenty/issues/17138
- Backend should have strict date/dateTime format validation
- FE in import csv is more permissive
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
* fixes: loosen up front validation, add resolveEntityRelationUniversalIdentifiers to update and restore (#18015)
closes https://github.com/twentyhq/private-issues/issues/419
* New field creates fields widget field (#18022)
## Context
Introducing "NewFieldDefaultConfiguration" to FIELDS widget
configurations
```typescript
{
isVisible: boolean;
viewFieldGroupId: string | null;
}
```
This configuration will define where a new field should be added (which
section) and its default visibility inside FIELDS widget views.
The new field position should always be at the end (meaning the last
position for the view fields OR the last position of a viewFieldGroup)
See "New fields" on this screenshot
<img width="401" height="724" alt="Layout V1"
src="https://github.com/user-attachments/assets/4969bcaa-f244-4504-8947-778a02c24c47"
/>
* App feedbacks (#18028)
as title
* Add SSE for metadata and plug front components (#17998)
Create the necessary tooling to listen to metadata events and plug it to
the front components. Now we have a hot reload like experience when we
edit a component in an app.
## Backend
- Split `EventWithQueryIds` into `ObjectRecordEventWithQueryIds` and
`MetadataEventWithQueryIds`
- Publish metadata event batches to active SSE streams in
`MetadataEventsToDbListener`
## Frontend
- Create a metadata event dispatching pipeline: SSE metadata events are
grouped by metadata name, transformed into
`MetadataOperationBrowserEventDetail` objects, and dispatched as browser
`CustomEvents`
- Add `useListenToMetadataOperationBrowserEvent` hook for consuming
metadata operation events filtered by metadata name and operation type
- Rename `useListenToObjectRecordEventsForQuery` to
`useListenToEventsForQuery`, now accepting both
`RecordGqlOperationSignature` and `MetadataGqlOperationSignature`
- Implement `useOnFrontComponentUpdated` which subscribes to front
component metadata events and updates the Apollo cache when the
component is modified
- Add `builtComponentChecksum` to the front component query and appends
it to the component URL for browser cache invalidation
* Improve API Client usage and add Typescript check (#18023)
## Summary
https://github.com/user-attachments/assets/1e75cc9d-d9d2-4ef2-99f9-34450f5d8de7
Add background incremental type checking (`tsc --watch`) to the SDK dev
mode, so type regressions are caught when the generated API client
changes — without requiring a full rebuild of source files.
Previously, removing a field from the data model would regenerate the
API client, but existing front components/logic functions referencing
the removed field wouldn't surface type errors (since their source
didn't change, esbuild wouldn't rebuild them).
## What changed
- **Background `tsc --watch`**: a long-lived TypeScript watcher runs
alongside esbuild watchers, incrementally re-checking all files when the
generated client changes. Only logs on state transitions (errors appear
/ errors clear) to stay quiet.
- **Atomic client generation**: API client is now generated into a temp
directory and swapped in atomically, avoiding a race condition where
`tsc --watch` could see an empty `generated/` directory
mid-regeneration.
- **Step decoupling**: orchestrator steps no longer receive
`uploadFilesStep` directly. Instead, they use callbacks (`onFileBuilt`,
`onApiClientGenerated`), and each step manages its own `builtFileInfos`
state.
- **`apiClientChecksum` omitted from `ApplicationConfig`**: it's a
build-time computed value, same as `packageJsonChecksum`.
<img width="327" height="177" alt="image"
src="https://github.com/user-attachments/assets/02bd25bb-fa41-42b0-8d96-01c51bd4580c"
/>
<img width="529" height="452" alt="image"
src="https://github.com/user-attachments/assets/61f6e968-365b-4a5b-8f2b-a8419d6b1bd3"
/>
* i18n - translations (#18029)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* v1.18 - Fix command (#18032)
Same as here https://github.com/twentyhq/twenty/pull/18016
* Fix Gmail thread awareness for custom labels (#18031)
This fixes two edge cases for Gmail
- When policy was set to `SELECTED_FOLDERS` excluding root INBOX, it
missed label changes, so messages with newly applied labels weren't
imported until a full resync.
- Gmail thread replies by default by default do no inherit parent
message's label properties so thread context was also lost because only
individually labeled messages were returned, dropping earlier parts of
the conversation.
Fixed by subscribing to `labelAdded`/`labelRemoved` history events and
fetching full thread context when at least one message in a thread
carries a synced label. `ALL_FOLDERS` path is untouched.
* Allow DATE_TIME IS operand to filter on a whole day (#17529)
Fixes: https://github.com/twentyhq/core-team-issues/issues/2027
We've replaced the DATE_TIME picker with DATE picker, and changed the
logic to filter for complete day period.
https://github.com/user-attachments/assets/ba7e1078-bab3-4c62-a803-d6a851f14b7d
---------
Co-authored-by: Arun kumar <arunkumar@Aruns-MacBook-Air.local>
Co-authored-by: Lucas Bordeau <bordeau.lucas@gmail.com>
* Replace generic "Unknown error" messages with descriptive error details (#18019)
## Summary
- Replace all generic `"Unknown error"` fallback messages across the
server codebase with messages that include the actual error details
- The most impactful change is in `guard-redirect.service.ts`, which
handles OAuth redirect errors — non-`AuthException` errors (e.g.,
passport state verification failures) now show `"Authentication error:
<actual message>"` instead of the opaque `"Unknown error"`
- Gmail/Google error handler services now include the error message in
the thrown exception instead of discarding it
- Other catch blocks (workflow delay resume, migration runner rollback,
code interpreter, marketplace) now use `String(error)` for non-Error
objects instead of a static fallback
Fixes the class of issues reported in
https://github.com/twentyhq/twenty/issues/17812, where a user saw
"Unknown error" during Google OAuth and had no way to diagnose the root
cause (which turned out to be a session cookie / SSL configuration
issue).
## Test plan
- [ ] Verify OAuth error flows (e.g., Google Auth with misconfigured
callback URL) now display the actual error message on the `/verify` page
instead of "Unknown error"
- [ ] Verify Gmail sync error handling still correctly classifies and
re-throws errors with descriptive messages
- [ ] Verify workflow delay resume failures include the error details in
the workflow run status
Made with [Cursor](https://cursor.com)
Co-authored-by: Cursor <cursoragent@cursor.com>
* Use proper PostgreSQL identifier/literal escaping in workspace DDL (#18024)
## Summary
- Replace the character-stripping approach (`removeSqlDDLInjection`)
with standard PostgreSQL `escapeIdentifier` and `escapeLiteral`
functions across all workspace schema manager services
- Add missing identifier escaping to `createForeignKey` (was the only
method in the FK manager without it)
- Add allowlist validation for index WHERE clauses and FK action types
- Harden tsvector expression builder with proper identifier quoting
## Context
The workspace schema managers build DDL dynamically from metadata (table
names, column names, enum values, etc.). The previous approach stripped
all non-alphanumeric characters — safe but lossy (silently corrupts
values with legitimate special characters). The new approach uses
PostgreSQL's standard escaping:
- **Identifiers**: double internal `"` and wrap → `"my""table"` (same
algorithm as `pg` driver's `escapeIdentifier`)
- **Literals**: double internal `'` and wrap → `'it''s a value'` (same
algorithm as `pg` driver's `escapeLiteral`)
`removeSqlDDLInjection` is kept only for name generation (e.g.,
`computePostgresEnumName`) where stripping to `[a-zA-Z0-9_]` is the
correct behavior.
## Files changed
| File | What |
|------|------|
| `remove-sql-injection.util.ts` | Added `escapeIdentifier` +
`escapeLiteral` |
| `validate-index-where-clause.util.ts` | New — allowlist for partial
index WHERE clauses |
| 5 schema manager services | Replaced strip+manual-quote with
`escapeIdentifier`/`escapeLiteral` |
| `build-sql-column-definition.util.ts` | `escapeIdentifier` for column
names, validated `generatedType` |
| `sanitize-default-value.util.ts` | `escapeLiteral` instead of
stripping |
| `serialize-default-value.util.ts` | `escapeLiteral` for values,
`escapeIdentifier` for enum casts |
| `get-ts-vector-column-expression.util.ts` | `escapeIdentifier` for
field names in expressions |
| `sanitize-default-value.util.spec.ts` | Updated tests for escape
behavior |
## Test plan
- [x] All 64 existing tests pass across 6 test suites
- [x] `lint:diff-with-main` passes
- [x] TypeScript typecheck — no new errors
- [ ] Verify workspace sync-metadata still works end-to-end
- [ ] Verify custom object/field creation works
- [ ] Verify enum field option changes work
Made with [Cursor](https://cursor.com)
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* Fixes - Workspace logo migration (#18035)
- Update migration command to handle case where workspace logo is
originated from workspace email and point to twenty-icons.com
- Update same logic for new workspaces
- Add feature-flag for all newly created workspaces
* [Chore] : Generate migration for DATE_TIME to DATE for DATE_TIME + IS operand filters (#17564)
migration command in response to the fix :
https://github.com/twentyhq/twenty/pull/17529 for the issue
https://github.com/twentyhq/core-team-issues/issues/2027
---------
Co-authored-by: Arun kumar <arunkumar@Aruns-MacBook-Air.local>
Co-authored-by: Lucas Bordeau <bordeau.lucas@gmail.com>
* Share APP_SECRET from prod to staging for encrypted config decryption
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* 2094 extensibility define postinstall orand preinstall function to run in application (#18037)
- add a new optional key `postInstallLogicFunctionUniversalIdentifier`
in applicationConfig
- seed postInstall function in create-twenty-app
- update execute:function options
- update doc
* Fix tokens secret copy: use replace --force to overwrite Helm-managed secret
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Nav Menu Item Migration command fix (#18041)
* Fix tokens secret sync: delete+create instead of replace to avoid Helm conflicts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Increase Helm timeout to 15m, remove cleanup-on-fail for staging
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* i18n - docs translations (#18040)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Sync page Layout (#18034)
## Sync page layouts, tabs, and widgets
Adds the ability for SDK applications to synchronize `pageLayout`,
`pageLayoutTab`, and `pageLayoutWidget` entities, following the same
pattern established in #18003 for views and navigation menu items.
### Changes
**`twenty-shared`**
- New `PageLayoutManifest`, `PageLayoutTabManifest`, and
`PageLayoutWidgetManifest` types with a hierarchical structure (page
layout → tabs → widgets)
- Added `pageLayouts: PageLayoutManifest[]` to the `Manifest` type
**`twenty-sdk`**
- New `definePageLayout()` SDK function with validation for
universalIdentifier, name, and nested tabs/widgets
- Wired into the manifest extraction and build pipeline
(`DefinePageLayout` target function, `PageLayouts` entity key)
- Exported from the SDK entry point
**`twenty-server`**
- Added `pageLayout`, `pageLayoutTab`, `pageLayoutWidget` to
`APPLICATION_MANIFEST_METADATA_NAMES`
- New conversion utilities: manifest → universal flat entity for all
three entity types
- Updated `computeApplicationManifestAllUniversalFlatEntity
* Fix tokens secret sync: patch existing secret instead of delete+recreate
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix tokens secret: patch existing or create new, keep Helm create as fallback
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix ingestion pipeline UI: compile Lingui i18n catalogs and stop scrambling emails on staging
Lingui message extraction and compilation was never run for the ingestion
pipeline files, causing all UI labels to show garbled hash IDs. Also removes
email scrambling from the DB replication script since staging is a private
environment used by the same team - scrambling caused userId mismatches that
blocked Google OAuth login.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add example in create-twenty-app (#18043)
- add interactive mode to create-twenty-app
- by default create an example for each entities
<img width="1181" height="168" alt="image"
src="https://github.com/user-attachments/assets/a2490d8f-66a1-4cd5-bf41-57166cc20a1e"
/>
* i18n - docs translations (#18048)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Add missing objects to rich app integration tests (#18039)
Updating rich app so it also create:
- a many to many relation
- views
- navigation items
The app was built successfully.
Will still be missing front component examples
<img width="1498" height="660" alt="Capture d’écran 2026-02-18 à 17 47
25"
src="https://github.com/user-attachments/assets/acd5193f-3a36-4eb7-8276-3154e4e60f5e"
/>
* Refactor page layout types (#18042)
## Refactor page layout widget types into shared package and expose from
SDK
### Why
Widget configuration types were defined only on the server, forcing SDK
consumer apps to import from deep internal `twenty-shared/dist` paths —
fragile and breaks on structural changes. Server DTOs also had no
compile-time guarantee they matched the canonical types.
### What changed
- **`twenty-shared`**: Migrated `ChartFilter`, `GridPosition`,
`RatioAggregateConfig` and all 20 widget configuration variants into
`twenty-shared/types`. `PageLayoutWidgetConfiguration` (base, with
`SerializedRelation`) and `PageLayoutWidgetUniversalConfiguration`
(derived via `FormatRecordSerializedRelationProperties`) are now the
single source of truth.
- **`twenty-sdk`**: Re-exported `AggregateOperations`,
`ObjectRecordGroupByDateGranularity`, `PageLayoutTabLayoutMode`, and
`PageLayoutWidgetUniversalConfiguration` so consumer apps import from
`twenty-sdk` directly.
- **`twenty-server`**: All widget DTOs now `implements` their shared
type for compile-time enforcement. Added helpers to convert nested
`fieldMetadataId` ↔ `fieldMetadataUniversalIdentifier` inside chart
filters. Removed redundant local type re-exports.
* refactor workflow action messaging with callout (#18038)
## Summary
- remove the dedicated `WorkflowMessage` component and story
- update workflow action editor components to use the shared callout
patterns
- adjust `Callout` and its stories to support the new usage in workflow
actions
## Before/After
<img width="525" height="548" alt="image"
src="https://github.com/user-attachments/assets/ce57a84f-f070-4149-85ef-a4d162b2d878"
/>
<img width="518" height="593" alt="image"
src="https://github.com/user-attachments/assets/f7249cd0-221f-496d-9deb-d9966ee43382"
/>
* Add currency hover tooltip in CurrencyDisplay (#18045)
https://github.com/user-attachments/assets/af768ecb-b5e9-4e8d-a9f9-fee1a08ea9a0
Fixes https://github.com/twentyhq/twenty/issues/17756
* Increase staging worker memory limit to 1024Mi to fix OOM crash
Worker was in CrashLoopBackOff with "JavaScript heap out of memory" error
at 512Mi. Matches production worker memory limit.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Increase staging worker memory limit to 1024Mi to fix OOM crash
Worker was in CrashLoopBackOff with "JavaScript heap out of memory" error
at 512Mi. Matches production worker memory limit.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: show "Not shared" for junction relation fields when target or intermediate object is not readable (#18025)
When a user's role lacks read permission on the target object (e.g.,
Company) or the intermediate junction object (e.g., EmploymentHistory),
junction relation fields like "Previous Companies" displayed as blank
instead of showing "Not shared."
- In RecordFieldList, junction fields now check the junction object's
read permission and set isForbidden on the field context so FieldDisplay
renders "Not shared" instead of an empty field.
- In RelationFromManyFieldDisplay, if junction records exist but all
nested target records are null (permission-denied by the API), the
component renders "Not shared" instead of an empty list.
---------
Co-authored-by: Félix Malfait <felix@twenty.com>
* Fix ingestion worker: wrap record processing in workspace context
The worker needs a workspace context (via AsyncLocalStorage) to use
GlobalWorkspaceOrmManager. Uses buildSystemAuthContext() like other
job processors in the codebase.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix ingestion worker: wrap record processing in workspace context
The worker needs a workspace context (via AsyncLocalStorage) to use
GlobalWorkspaceOrmManager. Uses buildSystemAuthContext() like other
job processors in the codebase.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* i18n - docs translations (#18050)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Restore old favorite design (#18049)
Issue : With IS_NAVIGATION_MENU_ITEM_ENABLED:true +
IS_NAVIGATION_MENU_ITEM_EDITING_ENABLED:false, nav menu design is
changed after 1.18.0 release : views expansion removed, system object
displayed, position re-ordered
We prefer keeping the same "old" favorite behaviour and design state
- After 1.18.0 all workspaces have up-to-date navigation menu items
(migrated)
- IS_NAVIGATION_MENU_ITEM_EDITING_ENABLED becomes the FF for nav menu
new design
---------
Co-authored-by: Charles Bochet <charles@twenty.com>
* Fix impossible scroll in sdk app:dev (#18051)
Issue is that we are refreshing the terminal because of icons animations
* Harden server-side input validation and auth defaults (#18018)
## Summary
- **File storage (LocalDriver):** Add realpath resolution and symlink
rejection to `writeFile`, `downloadFile`, and `downloadFolder` — brings
them in line with the existing `readFile` protections. Includes unit
tests.
- **JWT:** Pin signing/verification to HS256 explicitly.
- **Auth:** Revoke active refresh tokens when a user changes their
password.
- **Logic functions:** Validate `handlerName` as a safe JS identifier at
both DTO and runtime level, preventing injection into the generated
runner script.
- **User entity:** Remove `passwordHash` from the GraphQL schema
(`@Field` decorator removed, column stays).
- **Query params:** Use `crypto.randomBytes` instead of `Math.random`
for SQL parameter name generation.
- **Exception filter:** Mirror the request `Origin` header instead of
sending `Access-Control-Allow-Origin: *`.
## Test plan
- [x] `local.driver.spec.ts` — writeFile rejects symlinks, downloadFile
rejects paths outside storage
- [ ] Verify JWT auth flow still works (login, token refresh)
- [ ] Verify password change invalidates existing sessions
- [ ] Verify logic function creation with valid/invalid handler names
- [ ] Verify file upload/download in dev environment
Made with [Cursor](https://cursor.com)
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
* Add static transform type for constant field values in ingestion pipeline
Allows setting a fixed value regardless of source data, useful for
fields like leadStatus that need a default (e.g. "ASSIGNED").
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add static transform type for constant field values in ingestion pipeline
Allows setting a fixed value regardless of source data, useful for
fields like leadStatus that need a default (e.g. "ASSIGNED").
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Skip empty string source values in ingestion field mapping
Convoso sends empty strings for unpopulated fields. These should be
treated as absent rather than mapped to target fields where they'd
cause enum validation errors.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Skip empty string source values in ingestion field mapping
Convoso sends empty strings for unpopulated fields. These should be
treated as absent rather than mapped to target fields where they'd
cause enum validation errors.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Prevent SSRF via IMAP/SMTP/CalDAV (#17973)
Prevents leaking of internal services by filtering out private IPs, same
way we do for webhooks
* Fix website build (#18052)
* i18n - translations (#18053)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* Improve security settings card grouping and description overflow (#17928)
# After
- Added a separtor between the two audit logs cards
- Rename the audit log card to avoid repetition
- Grouped "Invite by link" and "2 factor auth" in one group
- Changed the card component description to always be one line max with
truncation & tooltips
<img width="777" height="1278" alt="CleanShot 2026-02-13 at 17 02 36"
src="https://github.com/user-attachments/assets/685c792a-c85b-4521-8c1b-bd9adedc75d9"
/>
<img width="976" height="690"
alt="b49f2eb043b6712d013618bb0a4ef7f011cf2316e1163fbdee4c293bed036ac9"
src="https://github.com/user-attachments/assets/6e17aa11-ecdb-4f98-ba50-5cd9b9c5def6"
/>
---------
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
Co-authored-by: Charles Bochet <charlesBochet@users.noreply.github.com>
Co-authored-by: Charles Bochet <charles@twenty.com>
* Fix empty string values bypassing enum validation in ingestion pipeline
The post-transform check only tested isDefined, so empty strings from map
transforms passed through and caused PostgreSQL enum errors (e.g. gender: "").
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix empty string values bypassing enum validation in ingestion pipeline
The post-transform check only tested isDefined, so empty strings from map
transforms passed through and caused PostgreSQL enum errors (e.g. gender: "").
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* i18n - translations (#18056)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* Fix website build (#18057)
* Add Health Sherpa policy ingestion with smart person matching
Implements automated policy data ingestion from Health Sherpa webhooks
using the existing ingestion pipeline infrastructure.
Features:
- Generic policy fields (carrier-agnostic): applicationId, externalSource, etc.
- Smart person matching with 4-strategy fallback system:
1. Match by phone (normalized)
2. Match by agent NPN + member name
3. Match by email (skip junk emails)
4. Auto-create person if no match
- Deduplication by applicationId (update vs create)
- Phone normalization: "(555) 123-4567" → "5551234567"
- Auto-assign to agent by NPN
- Duplicate email handling (retry without email)
- 17 field mappings (webhook → CRM)
- Full unit test coverage
New files:
- Migration: add-external-policy-fields (9 new columns + indexes)
- Seed: seed-healthsherpa-pipeline.command.ts
- Preprocessor: healthsherpa-policy.preprocessor.ts (smart matching)
- Registry: ingestion-preprocessor.registry.ts
- Tests: healthsherpa-policy.preprocessor.spec.ts (12 tests)
Modified files:
- ingestion-push-process.job.ts (call preprocessor)
- ingestion-pipeline.module.ts (register providers)
- ingestion-job.module.ts (register providers)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Messages Message Folder Association (#17398)
This PR adds Message folder association for message channel messages,
Currently under testing phase, not ready yet.
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Fix website build (#18061)
As per title
* i18n - docs translations (#18062)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Add Convoso call ingestion preprocessor for ingestion pipeline
Introduces ConvosoCallPreprocessor that enriches call payloads with
computed fields (direction, name, person/lead source resolution, billing)
and filters incomplete/system payloads. Updates the preprocessor registry
to support null returns for record skipping.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Wrap preprocessor in workspace context for DB access
The preprocessor runs before processRecords which has its own workspace
context. Preprocessors that access the database (like ConvosoCall and
HealthSherpa) need workspace context to resolve repositories.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Migrate dropdown to jotai (#18063)
Here we go again
* Add incoming payload viewer to ingestion pipeline run history
Stores the raw incoming webhook payload on each ingestion log entry and
displays it in an expandable row in the Run History table. Clicking a
row reveals the JSON payload and any errors.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* i18n - docs translations (#18067)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Bump @xyflow/react from 12.4.2 to 12.10.0 (#18070)
Bumps
[@xyflow/react](https://github.com/xyflow/xyflow/tree/HEAD/packages/react)
from 12.4.2 to 12.10.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/xyflow/xyflow/releases"><code>@xyflow/react</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.10.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5637">#5637</a> <a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Add <code>zIndexMode</code> to control how z-index is calculated for
nodes and edges</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5484">#5484</a> <a
href="https://github.com/xyflow/xyflow/commit/a523919d6789995e9d0f3dd29b0b47fc3b8d8439"><code>a523919d6</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Add
<code>experimental_useOnNodesChangeMiddleware</code> hook</p>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5629">#5629</a> <a
href="https://github.com/xyflow/xyflow/commit/9030fab2df8285fdfb649bda6e1e885dfd228d45"><code>9030fab2d</code></a>
Thanks <a
href="https://github.com/AlaricBaraou"><code>@AlaricBaraou</code></a>!
- Prevent unnecessary re-render in <code>FlowRenderer</code></p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5592">#5592</a> <a
href="https://github.com/xyflow/xyflow/commit/38dbf41c464550cc803b946a4ad1f46982385a03"><code>38dbf41c4</code></a>
Thanks <a
href="https://github.com/svilen-ivanov-kubit"><code>@svilen-ivanov-kubit</code></a>!
- Always create a new measured object in apply changes.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5635">#5635</a> <a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>
Thanks <a
href="https://github.com/tornado-softwares"><code>@tornado-softwares</code></a>!
- Update an ongoing connection when user moves node with keyboard.</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/8598b6bc2a9d052b12d5215706382da0aa84827b"><code>8598b6bc2</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.74</li>
</ul>
</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5621">#5621</a> <a
href="https://github.com/xyflow/xyflow/commit/c1304dba7a20bb8d74c7aceb23cd80b56e4c0482"><code>c1304dba7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Set <code>paneClickDistance</code> default value to
<code>1</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5578">#5578</a> <a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Pass
current pointer position to connection</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.73</li>
</ul>
</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.2</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/xyflow/xyflow/pull/5593">#5593</a> <a
href="https://github.com/xyflow/xyflow/commit/a8ee089d7689d9a58113690c8e90e1c1e109602a"><code>a8ee089d7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Reset selection box when user selects a node</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5572">#5572</a> <a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Fix
onPaneClick events being suppressed when selectionOnDrag=true</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.72</li>
</ul>
</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5544">#5544</a> <a
href="https://github.com/xyflow/xyflow/commit/c17b49f4c16167da3f791430163edd592159d27d"><code>c17b49f4c</code></a>
Thanks <a
href="https://github.com/0x0f0f0f"><code>@0x0f0f0f</code></a>! - Add
<code>EdgeToolbar</code> component</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5550">#5550</a> <a
href="https://github.com/xyflow/xyflow/commit/6ffb9f7901c32f5b335aee2517f41bf87f274f32"><code>6ffb9f790</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! -
Prevent child nodes of different parents from overlapping</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5551">#5551</a> <a
href="https://github.com/xyflow/xyflow/commit/6bb64b3ed60f26c9ea8bc01c8d62fb9bf74cd634"><code>6bb64b3ed</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Allow to start a selection above a node</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/xyflow/xyflow/blob/main/packages/react/CHANGELOG.md"><code>@xyflow/react</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>12.10.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5637">#5637</a> <a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Add <code>zIndexMode</code> to control how z-index is calculated for
nodes and edges</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5484">#5484</a> <a
href="https://github.com/xyflow/xyflow/commit/a523919d6789995e9d0f3dd29b0b47fc3b8d8439"><code>a523919d6</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Add
<code>experimental_useOnNodesChangeMiddleware</code> hook</p>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5629">#5629</a> <a
href="https://github.com/xyflow/xyflow/commit/9030fab2df8285fdfb649bda6e1e885dfd228d45"><code>9030fab2d</code></a>
Thanks <a
href="https://github.com/AlaricBaraou"><code>@AlaricBaraou</code></a>!
- Prevent unnecessary re-render in <code>FlowRenderer</code></p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5592">#5592</a> <a
href="https://github.com/xyflow/xyflow/commit/38dbf41c464550cc803b946a4ad1f46982385a03"><code>38dbf41c4</code></a>
Thanks <a
href="https://github.com/svilen-ivanov-kubit"><code>@svilen-ivanov-kubit</code></a>!
- Always create a new measured object in apply changes.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5635">#5635</a> <a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>
Thanks <a
href="https://github.com/tornado-softwares"><code>@tornado-softwares</code></a>!
- Update an ongoing connection when user moves node with keyboard.</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/8598b6bc2a9d052b12d5215706382da0aa84827b"><code>8598b6bc2</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.74</li>
</ul>
</li>
</ul>
<h2>12.9.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5621">#5621</a> <a
href="https://github.com/xyflow/xyflow/commit/c1304dba7a20bb8d74c7aceb23cd80b56e4c0482"><code>c1304dba7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Set <code>paneClickDistance</code> default value to
<code>1</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5578">#5578</a> <a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Pass
current pointer position to connection</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.73</li>
</ul>
</li>
</ul>
<h2>12.9.2</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/xyflow/xyflow/pull/5593">#5593</a> <a
href="https://github.com/xyflow/xyflow/commit/a8ee089d7689d9a58113690c8e90e1c1e109602a"><code>a8ee089d7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Reset selection box when user selects a node</li>
</ul>
<h2>12.9.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5572">#5572</a> <a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Fix
onPaneClick events being suppressed when selectionOnDrag=true</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.72</li>
</ul>
</li>
</ul>
<h2>12.9.0</h2>
<h3>Minor Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/xyflow/xyflow/pull/5544">#5544</a> <a
href="https://github.com/xyflow/xyflow/commit/c17b49f4c16167da3f791430163edd592159d27d"><code>c17b49f4c</code></a>
Thanks <a
href="https://github.com/0x0f0f0f"><code>@0x0f0f0f</code></a>! - Add
<code>EdgeToolbar</code> component</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/xyflow/xyflow/commit/c0ed3c33a3498877ab2a5755299ff84ee659782e"><code>c0ed3c3</code></a>
chore(packages): bump</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/83a312b2e1691a44223536653689f8f99f0d5b24"><code>83a312b</code></a>
chore(zIndexMode): use basic as default</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/14fd41b1f153406f1a21a61bf98ea07ad8275ec6"><code>14fd41b</code></a>
change default back to elevateEdgesOnSelect=false and
zIndexMode=basic</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/3680a6a0e623e19d1f983515273f11bdd355ec86"><code>3680a6a</code></a>
Merge branch 'main' into feat/zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/a523919d6789995e9d0f3dd29b0b47fc3b8d8439"><code>a523919</code></a>
chore(middleware): cleanup</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/e4e3605d62c8c710fe7ddb2ec3929af0a7962a6b"><code>e4e3605</code></a>
Merge branch 'main' into middlewares</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/2c05b3224a13e896dfb9a0c93f3af7bb592afc45"><code>2c05b32</code></a>
Merge branch 'feat/zindexmode' of github.com:xyflow/xyflow into
feat/zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/ddbb9280f6242794187205a207e993e2c721c244"><code>ddbb928</code></a>
chore(examples): add zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/9faca3357d5db68fdad6c96de06fd66dd1d0ba64"><code>9faca33</code></a>
Merge branch 'main' into feat/zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/4eb42952f01b947c9d36c25e6b30b7bd98224632"><code>4eb4295</code></a>
feat(svelte): add zIndexMode</li>
<li>Additional commits viewable in <a
href="https://github.com/xyflow/xyflow/commits/@xyflow/react@12.10.0/packages/react">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump eslint-config-next from 14.2.33 to 14.2.35 (#18069)
Bumps
[eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next)
from 14.2.33 to 14.2.35.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/vercel/next.js/commit/7b940d9ce96faddb9f92ff40f5e35c34ace04eb2"><code>7b940d9</code></a>
v14.2.35</li>
<li><a
href="https://github.com/vercel/next.js/commit/f3073688ce18878a674fdb9954da68e9d626a930"><code>f307368</code></a>
v14.2.34</li>
<li>See full diff in <a
href="https://github.com/vercel/next.js/commits/v14.2.35/packages/eslint-config-next">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump @emotion/is-prop-valid from 1.3.0 to 1.4.0 (#18068)
Bumps [@emotion/is-prop-valid](https://github.com/emotion-js/emotion)
from 1.3.0 to 1.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/emotion-js/emotion/releases"><code>@emotion/is-prop-valid</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@emotion/is-prop-valid</code><a
href="https://github.com/1"><code>@1</code></a>.4.0</h2>
<h3>Minor Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/emotion-js/emotion/pull/3306">#3306</a>
<a
href="https://github.com/emotion-js/emotion/commit/dfae1cbd98d3ebe449ce322b38cbf4a7fbfbfe96"><code>dfae1cb</code></a>
Thanks <a
href="https://github.com/EnzoAlbornoz"><code>@EnzoAlbornoz</code></a>!
- Adds <code>popover</code>, <code>popoverTarget</code> and
<code>popoverTargetAction</code> to the list of allowed props.</li>
</ul>
<h2><code>@emotion/is-prop-valid</code><a
href="https://github.com/1"><code>@1</code></a>.3.1</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/emotion-js/emotion/pull/3093">#3093</a>
<a
href="https://github.com/emotion-js/emotion/commit/532ff57cafd8ba04f3b624074556ea47ec76fc9a"><code>532ff57</code></a>
Thanks <a href="https://github.com/codejet"><code>@codejet</code></a>,
<a href="https://github.com/DustinBrett"><code>@DustinBrett</code></a>!
- Adds <code>fetchpriority</code> and <code>fetchPriority</code> to the
list of allowed props.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/emotion-js/emotion/commit/38db311adf024fe8a24b57c687824c47abbd0957"><code>38db311</code></a>
Version Packages (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3347">#3347</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/dfae1cbd98d3ebe449ce322b38cbf4a7fbfbfe96"><code>dfae1cb</code></a>
Adds <code>popover</code>, <code>popoverTarget</code> and
<code>popoverTargetAction</code> to the list of allo...</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/49229553967b6050c92d9602eb577bdc48167e91"><code>4922955</code></a>
Version Packages (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3335">#3335</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/0facbe47bd9099ae4ed22dc201822d910ac3dec5"><code>0facbe4</code></a>
Renamed default-exported variable in <code>@emotion/styled</code> to aid
inferred import...</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/cce67ec6b2fc94261028b4f4778aae8c3d6c5fd6"><code>cce67ec</code></a>
Bump parcel (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3258">#3258</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/3c19ce5997f73960679e546af47801205631dfde"><code>3c19ce5</code></a>
Version Packages (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3280">#3280</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/a19d019bd418ebc3b9cba0e58f58b36ac2862a42"><code>a19d019</code></a>
Convert <code>@emotion/styled</code>'s source code to TypeScript (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3284">#3284</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/5974e33fcb5e7aee177408684ac6fe8b38b3e353"><code>5974e33</code></a>
Fix JSX namespace <a
href="https://github.com/ts-ignores"><code>@ts-ignores</code></a> (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3282">#3282</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/fc4d7bd744c205f55513dcd4e4e5134198c219de"><code>fc4d7bd</code></a>
Convert <code>@emotion/react</code>'s source code to TypeScript (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3281">#3281</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/8dc1a6dd19d2dc9ce435ef0aff85ccf5647f5d2e"><code>8dc1a6d</code></a>
Convert <code>@emotion/cache</code>'s source code to TypeScript (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3277">#3277</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/emotion-js/emotion/compare/@emotion/is-prop-valid@1.3.0...@emotion/is-prop-valid@1.4.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* FILES field - Attachment name display fix (#18073)
with new 'file' FILES field on attachment, UI should display attachment
name from file field value.
Issue with API users updating only 'file' FILES field (and not name
field anymore)
* Add objectRecordCounts query to /metadata endpoint (#18054)
## Summary
- Adds an `objectRecordCounts` query on the `/metadata` GraphQL endpoint
that returns approximate record counts for all objects in the workspace
- Uses PostgreSQL's `pg_class.reltuples` catalog stats — a single
instant query instead of N `COUNT(*)` table scans
- Replaces the previous `CombinedFindManyRecords` approach which hit the
server's 20 root resolver limit and silently showed 0 for all counts on
the settings Data Model page
### Server
- `ObjectRecordCountDTO` — GraphQL type with `objectNamePlural` and
`totalCount`
- `ObjectRecordCountService` — reads `pg_class` catalog for the
workspace schema
- Query added to `ObjectMetadataResolver` with `@MetadataResolver()` +
`NoPermissionGuard`
### Frontend
- `OBJECT_RECORD_COUNTS` query added to
`object-metadata/graphql/queries.ts`
- `useCombinedGetTotalCount` simplified to a zero-argument hook using
the new query
- `SettingsObjectTable` simplified to a single hook call
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* Refactor and standardize `isSystem` field and object (#17992)
# Introduction
## Centralize system field definitions
- Extract a single `PARTIAL_SYSTEM_FLAT_FIELD_METADATAS` constant as the
source of truth for all 8 system fields (`id`, `createdAt`, `updatedAt`,
`deletedAt`, `createdBy`, `updatedBy`, `position`, `searchVector`),
eliminating duplication across custom object and standard app field
builders
- Refactor `buildDefaultFlatFieldMetadatasForCustomObject` to use the
shared constant via a new `buildObjectSystemFlatFieldMetadatas` helper
## Mark system fields as `isSystem: true`
- Fields `id`, `createdAt`, `updatedAt`, `deletedAt`, `createdBy`,
`updatedBy`, `position`, `searchVector` are now properly flagged as
system fields across all standard objects and custom object creation
- Standard app field builders for all ~30 standard objects updated to
set `isSystem: true` on `createdAt`, `updatedAt`, `deletedAt`,
`createdBy`, `updatedBy`
- System-only standard objects (blocklist, calendar channels, message
threads, etc.) now also include `createdBy`, `updatedBy`, `position`,
`searchVector` field definitions that were previously missing
## Validate system fields on object creation
- New transversal validation (`crossEntityTransversalValidation`) runs
after all atomic entity validations in the build orchestrator, ensuring
all 8 system fields are present with correct `type` and `isSystem: true`
when an object is created
- New `buildUniversalFlatObjectFieldByNameAndJoinColumnMaps` utility to
resolve field names to universal identifiers for a given object
- New exception codes: `MISSING_SYSTEM_FIELD` and `INVALID_SYSTEM_FIELD`
on `ObjectMetadataExceptionCode`
## Protect system fields and objects from mutation
- Field validators now block update/delete of `isSystem` fields by
non-system callers (`FIELD_MUTATION_NOT_ALLOWED`)
- Object validators now block update/delete of `isSystem` objects by
non-system callers
- `POSITION` and `TS_VECTOR` field type validators replaced: instead of
rejecting creation outright, they now validate that the field is named
correctly (`position` / `searchVector`) and has `isSystem: true`
## Distinguish `isSystemBuild` from `isCallerTwentyStandardApp`
- New `isCallerTwentyStandardApp` utility checks whether the caller's
`applicationUniversalIdentifier` matches the twenty standard app
- Name-sync logic (`isFlatFieldMetadataNameSyncedWithLabel`,
`areFlatObjectMetadataNamesSyncedWithLabels`) refactored to use
`isCallerTwentyStandardApp` for custom suffix decisions, keeping
`isSystemBuild` for mutation permission checks
- `WorkspaceMigrationBuilderOptions` type updated to include
`applicationUniversalIdentifier`
## Adapt frontend filtering
- New `HIDDEN_SYSTEM_FIELD_NAMES` constant (`id`, `position`,
`searchVector`) and `isHiddenSystemField` utility to only hide truly
internal fields while keeping user-facing system fields (`createdAt`,
`updatedAt`, `deletedAt`, `createdBy`, `updatedBy`) visible in the UI
- ~20 frontend files updated to replace `!field.isSystem` checks with
`!isHiddenSystemField(field)` across record index, settings, data model,
charts, workflows, spreadsheet import, aggregations, and role
permissions
## Add 1.19 upgrade commands
- **`backfill-system-fields-is-system`**: Raw SQL command to set
`isSystem = true` on existing workspace fields matching system field
names, and fix `position` field type from `NUMBER` to `POSITION` for
`favorite`/`favoriteFolder` objects. Includes proper cache invalidation.
- **`add-missing-system-fields-to-standard-objects`**: Codegen'd
workspace migration to create missing `position`, `searchVector`,
`createdBy`, `updatedBy` fields on standard objects that didn't
previously have them. Runs via `WorkspaceMigrationRunnerService` in a
single transaction with idempotency check. **Known limitation**: assumes
all standard objects exist and are valid in the target workspace.
## Add `universalIdentifier` for system fields in standard object
constants
- `standard-object.constant.ts` updated to include `universalIdentifier`
for `createdBy`, `updatedBy`, `position`, and `searchVector` across all
standard objects
- `fieldManifestType.ts` updated to support the new field manifest shape
## System relation
Completely removed and backfilled all `isSystem` relation to be false
false
As we won't require an object to have any relation system fields
## Add integration tests
- New test suite `failing-sync-application-object-system-fields`
covering: missing system fields, wrong field types (`id` as TEXT,
`createdAt` as TEXT, `position` as TEXT), system field deletion
attempts, and system field update attempts
- New test utilities: `buildDefaultObjectManifest` (builds an object
manifest with all 8 system fields) and `setupApplicationForSync`
(centralizes application setup)
- Existing successful sync test updated to verify system fields are
created with correct properties
## Next step
Make the builder scope the compared entity to be the currently built app
+ nor twenty standard app
* i18n - translations (#18079)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* fix: remove the error message for test failure in ci-front (#18076)
Introduced an error message on twenty-front CI earlier to try and inform
the user that test failure could be a coverage issue if no individual
test was failing. However, it led to the assumption that it must be
coverage failure in all cases even when it was test failure leading to
the CI being red.
This PR reverts the change.
* Keep migrating to jotai (#18064)
And we continue!
* Remove non positive integer constraint on Nav Menu Item (#18081)
To fit with position typed field logic + Ease favorite to nav menu item
migration (which have negative and float position)
* i18n - translations (#18086)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* Refactor message backfill command (#18078)
# Introduction
Atomically create the field and object to be created
And avoid synchronizing unrelated non up to date object and fields
Followup https://github.com/twentyhq/twenty/pull/17398
* Migrate more to Jotai (#18087)
Continue jotai migration
* Factorize and add public-assets/*path endpoint (#18080)
as title
* Twenty standard app static options id (#18089)
# Introduction
While preparing the twenty-standard as code migration to twenty-app
through sdk I've faced permanent field enum update as the id was
generated dynamically at each twenty standard app construction
Making them deterministic in order to avoid having this noise
Won't backfill this on existing workspace as it's not critical and that
we will rework the options in the future
* Create LLMS.md on create-twenty-app (#18091)
Managed to create a many to many app with minimal instructions. File
will need to be enriched with more pitfalls.
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* Fix google compose scope not gated by feature flag (#18093)
## Context
New google api scope has been introduced in
https://github.com/twentyhq/twenty/pull/17793 without being gated behind
a feature flag
Microsoft is using pre-existing Mail.ReadWrite scope there is nothing to
gate
## Before
<img width="553" height="445" alt="Screenshot 2026-02-19 at 14 57 58"
src="https://github.com/user-attachments/assets/59a4f76b-d38d-492f-b013-b6cad4091a7f"
/>
## After
<img width="535" height="392" alt="Screenshot 2026-02-19 at 14 58 44"
src="https://github.com/user-attachments/assets/0337bf15-ec30-4549-bb9d-571a982dffd8"
/>
* Remove non positive integer constraint on Nav Menu Item 2/2 (#18090)
Follow up https://github.com/twentyhq/twenty/pull/18081
* Resolve lead source from list_id via Convoso Lists API
When source_name is missing from the call payload (common with Convoso
Call Log API data), fall back to resolving the list_id to a list name
via the Convoso Lists API. The list map is cached in-memory for 10
minutes. The resolved name is used for lead source creation, call name
computation, and billing matching.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* [FRONT COMPONENTS] Declare command menu items in front components (#18047)
## Description
- Adds support for declaring command menu items directly within
`defineFrontComponent` via an optional command config property
- Introduces a new `CommandMenuItemManifest` type in twenty-shared and
wires it through the manifest build pipeline
## Example Of usage
```tsx
import { defineFrontComponent } from "twenty-sdk";
const TestAction = () => {
return <div>Test Action</div>;
};
export default defineFrontComponent({
universalIdentifier: "6c289461-0007-4a62-a99f-69e5c11a4ce7",
name: "test-action",
description: "Test Action",
component: TestAction,
command: {
universalIdentifier: "c07df864-495f-46f3-9f5b-9d3ce2589e9b",
label: "Run My Action",
icon: "IconBolt",
isPinned: false,
},
});
```
## Video QA
https://github.com/user-attachments/assets/f910fc6a-44a9-45d1-87c5-f0ce64bb3878
* Fix: add a new style to the target text box (#18065)
### Approach
I add some new rules for the style of the target text box. (Fix: #13229
)
<img width="842" height="545" alt="target class"
src="https://github.com/user-attachments/assets/7cd0a615-392a-493b-831f-77ddb93de5fc"
/>
**This is what it looks like now.**
<img width="320" height="224" alt="image"
src="https://github.com/user-attachments/assets/26514102-e684-49ce-915d-43e5677520a5"
/>
* Add CONVOSO_API_TOKEN to Helm staging values and worker extraEnv support
Adds extraEnv iteration to the worker deployment template (matching
the existing server template pattern) and configures CONVOSO_API_TOKEN
on both server and worker for the staging environment.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Use K8s secret for CONVOSO_API_TOKEN instead of hardcoded value
Adds extraEnvSecrets support to both server and worker Helm templates,
allowing env vars to be sourced from Kubernetes secrets via secretKeyRef.
The Convoso API token is now stored in a convoso-credentials secret
rather than being hardcoded in the values file.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add showInSidebar per-role permission to replace hardcoded sidebar filter
Adds a new `showInSidebar` boolean on ObjectPermission and a global
`showAllObjectsInSidebar` toggle on Role, following the same pattern as
canReadObjectRecords/canUpdateObjectRecords. The sidebar now filters
items based on this permission instead of the hardcoded MEMBER_VISIBLE_OBJECTS set.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Switch Convoso call pipeline to pull mode with date range params and preprocessor
Convoso Connect webhooks send lead data regardless of event type, so the push
pipeline doesn't receive call records. This switches to polling the Convoso Call
Log API (/v1/log/retrieve) on a cron schedule, matching the old Cloudflare Worker
approach.
- Add dateRangeParams to SourceRequestConfig for dynamic time-window queries
- Add envVar support to QueryParamAuthConfig for runtime env-based auth tokens
- Wire preprocessor + workspace context into IngestionPullJob (same as push job)
- Include SQL script to update pipeline config in staging DB
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: upgrade @swc/core to 1.15.11 and align SWC ecosystem (#18088)
## Summary
- Upgrades `@swc/core` from 1.13.3 to **1.15.11** (swc_core v56), which
introduces CBOR-based plugin serialization replacing rkyv, eliminating
strict version-matching between SWC core and Wasm plugins
- Upgrades `@lingui/swc-plugin` from ^5.6.0 to **^5.11.0** (swc_core
50.2.3, built with `--cfg=swc_ast_unknown` for cross-version
compatibility)
- Upgrades `@swc/plugin-emotion` from 10.0.4 to **14.6.0** (swc_core 53,
also with backward-compat feature)
- Upgrades companion packages: `@swc-node/register` 1.8.0 → 1.11.1,
`@swc/helpers` ~0.5.2 → ~0.5.18, `@vitejs/plugin-react-swc` 3.11.0 →
4.2.3
### Why this is safe now
Starting from `@swc/core v1.15.0`, SWC replaced the rkyv serialization
scheme with CBOR (a self-describing format) and added `Unknown` AST enum
variants. Plugins built with `swc_core >= 47` and
`--c…
walmat
added a commit
to Omnia-Insurance/crm
that referenced
this pull request
Feb 26, 2026
* Add configurable ingestion pipeline system for no-code data import
Introduces a generalized pipeline system that replaces hardcoded webhook workers
with a configurable approach. Supports push (webhook) and pull (scheduled fetch)
modes with field mapping, transforms, relation resolution, and dedup/upsert.
Backend: NestJS module with entities, GraphQL resolvers, BullMQ jobs, per-pipeline
rate limiting (100 req/min via ThrottlerService), and 100 tests across 12 suites.
Frontend: Settings UI for pipeline CRUD, field mapping editor, dry-run testing,
and run history.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add configurable ingestion pipeline system for no-code data import
Introduces a generalized pipeline system that replaces hardcoded webhook workers
with a configurable approach. Supports push (webhook) and pull (scheduled fetch)
modes with field mapping, transforms, relation resolution, and dedup/upsert.
Backend: NestJS module with entities, GraphQL resolvers, BullMQ jobs, per-pipeline
rate limiting (100 req/min via ThrottlerService), and 100 tests across 12 suites.
Frontend: Settings UI for pipeline CRUD, field mapping editor, dry-run testing,
and run history.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix DB replication: disable triggers during restore, fix refreshToken table name
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix DB replication: enable pgcrypto extension for gen_random_bytes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix connected account permissions (#17598)
Fixes #17411
---------
Co-authored-by: neo773 <neo773@protonmail.com>
Co-authored-by: neo773 <62795688+neo773@users.noreply.github.com>
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* i18n - docs translations (#18017)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* Add Google OAuth callback URLs for staging domain
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix staging OAuth: rewrite prod domain in DB config during replication
Twenty's config system gives DB values priority over env vars, so we need
to rewrite crm.omniaagent.com -> staging-crm.omniaagent.com in the
configVariable table after replicating prod data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix config URL rewrite: use correct keyValuePair table with jsonb cast
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* i18n - docs translations (#18020)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Files command - fixes (#18016)
- Fixed "property entity not found" error when updating/creating a new
field and querying the same object repository just after
- Downgraded log type for unnecessary migration
* Date & DateTime validation fixes / improvements (#18009)
Fixes https://github.com/twentyhq/twenty/issues/17138
- Backend should have strict date/dateTime format validation
- FE in import csv is more permissive
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
* fixes: loosen up front validation, add resolveEntityRelationUniversalIdentifiers to update and restore (#18015)
closes https://github.com/twentyhq/private-issues/issues/419
* New field creates fields widget field (#18022)
## Context
Introducing "NewFieldDefaultConfiguration" to FIELDS widget
configurations
```typescript
{
isVisible: boolean;
viewFieldGroupId: string | null;
}
```
This configuration will define where a new field should be added (which
section) and its default visibility inside FIELDS widget views.
The new field position should always be at the end (meaning the last
position for the view fields OR the last position of a viewFieldGroup)
See "New fields" on this screenshot
<img width="401" height="724" alt="Layout V1"
src="https://github.com/user-attachments/assets/4969bcaa-f244-4504-8947-778a02c24c47"
/>
* App feedbacks (#18028)
as title
* Add SSE for metadata and plug front components (#17998)
Create the necessary tooling to listen to metadata events and plug it to
the front components. Now we have a hot reload like experience when we
edit a component in an app.
## Backend
- Split `EventWithQueryIds` into `ObjectRecordEventWithQueryIds` and
`MetadataEventWithQueryIds`
- Publish metadata event batches to active SSE streams in
`MetadataEventsToDbListener`
## Frontend
- Create a metadata event dispatching pipeline: SSE metadata events are
grouped by metadata name, transformed into
`MetadataOperationBrowserEventDetail` objects, and dispatched as browser
`CustomEvents`
- Add `useListenToMetadataOperationBrowserEvent` hook for consuming
metadata operation events filtered by metadata name and operation type
- Rename `useListenToObjectRecordEventsForQuery` to
`useListenToEventsForQuery`, now accepting both
`RecordGqlOperationSignature` and `MetadataGqlOperationSignature`
- Implement `useOnFrontComponentUpdated` which subscribes to front
component metadata events and updates the Apollo cache when the
component is modified
- Add `builtComponentChecksum` to the front component query and appends
it to the component URL for browser cache invalidation
* Improve API Client usage and add Typescript check (#18023)
## Summary
https://github.com/user-attachments/assets/1e75cc9d-d9d2-4ef2-99f9-34450f5d8de7
Add background incremental type checking (`tsc --watch`) to the SDK dev
mode, so type regressions are caught when the generated API client
changes — without requiring a full rebuild of source files.
Previously, removing a field from the data model would regenerate the
API client, but existing front components/logic functions referencing
the removed field wouldn't surface type errors (since their source
didn't change, esbuild wouldn't rebuild them).
## What changed
- **Background `tsc --watch`**: a long-lived TypeScript watcher runs
alongside esbuild watchers, incrementally re-checking all files when the
generated client changes. Only logs on state transitions (errors appear
/ errors clear) to stay quiet.
- **Atomic client generation**: API client is now generated into a temp
directory and swapped in atomically, avoiding a race condition where
`tsc --watch` could see an empty `generated/` directory
mid-regeneration.
- **Step decoupling**: orchestrator steps no longer receive
`uploadFilesStep` directly. Instead, they use callbacks (`onFileBuilt`,
`onApiClientGenerated`), and each step manages its own `builtFileInfos`
state.
- **`apiClientChecksum` omitted from `ApplicationConfig`**: it's a
build-time computed value, same as `packageJsonChecksum`.
<img width="327" height="177" alt="image"
src="https://github.com/user-attachments/assets/02bd25bb-fa41-42b0-8d96-01c51bd4580c"
/>
<img width="529" height="452" alt="image"
src="https://github.com/user-attachments/assets/61f6e968-365b-4a5b-8f2b-a8419d6b1bd3"
/>
* i18n - translations (#18029)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* v1.18 - Fix command (#18032)
Same as here https://github.com/twentyhq/twenty/pull/18016
* Fix Gmail thread awareness for custom labels (#18031)
This fixes two edge cases for Gmail
- When policy was set to `SELECTED_FOLDERS` excluding root INBOX, it
missed label changes, so messages with newly applied labels weren't
imported until a full resync.
- Gmail thread replies by default by default do no inherit parent
message's label properties so thread context was also lost because only
individually labeled messages were returned, dropping earlier parts of
the conversation.
Fixed by subscribing to `labelAdded`/`labelRemoved` history events and
fetching full thread context when at least one message in a thread
carries a synced label. `ALL_FOLDERS` path is untouched.
* Allow DATE_TIME IS operand to filter on a whole day (#17529)
Fixes: https://github.com/twentyhq/core-team-issues/issues/2027
We've replaced the DATE_TIME picker with DATE picker, and changed the
logic to filter for complete day period.
https://github.com/user-attachments/assets/ba7e1078-bab3-4c62-a803-d6a851f14b7d
---------
Co-authored-by: Arun kumar <arunkumar@Aruns-MacBook-Air.local>
Co-authored-by: Lucas Bordeau <bordeau.lucas@gmail.com>
* Replace generic "Unknown error" messages with descriptive error details (#18019)
## Summary
- Replace all generic `"Unknown error"` fallback messages across the
server codebase with messages that include the actual error details
- The most impactful change is in `guard-redirect.service.ts`, which
handles OAuth redirect errors — non-`AuthException` errors (e.g.,
passport state verification failures) now show `"Authentication error:
<actual message>"` instead of the opaque `"Unknown error"`
- Gmail/Google error handler services now include the error message in
the thrown exception instead of discarding it
- Other catch blocks (workflow delay resume, migration runner rollback,
code interpreter, marketplace) now use `String(error)` for non-Error
objects instead of a static fallback
Fixes the class of issues reported in
https://github.com/twentyhq/twenty/issues/17812, where a user saw
"Unknown error" during Google OAuth and had no way to diagnose the root
cause (which turned out to be a session cookie / SSL configuration
issue).
## Test plan
- [ ] Verify OAuth error flows (e.g., Google Auth with misconfigured
callback URL) now display the actual error message on the `/verify` page
instead of "Unknown error"
- [ ] Verify Gmail sync error handling still correctly classifies and
re-throws errors with descriptive messages
- [ ] Verify workflow delay resume failures include the error details in
the workflow run status
Made with [Cursor](https://cursor.com)
Co-authored-by: Cursor <cursoragent@cursor.com>
* Use proper PostgreSQL identifier/literal escaping in workspace DDL (#18024)
## Summary
- Replace the character-stripping approach (`removeSqlDDLInjection`)
with standard PostgreSQL `escapeIdentifier` and `escapeLiteral`
functions across all workspace schema manager services
- Add missing identifier escaping to `createForeignKey` (was the only
method in the FK manager without it)
- Add allowlist validation for index WHERE clauses and FK action types
- Harden tsvector expression builder with proper identifier quoting
## Context
The workspace schema managers build DDL dynamically from metadata (table
names, column names, enum values, etc.). The previous approach stripped
all non-alphanumeric characters — safe but lossy (silently corrupts
values with legitimate special characters). The new approach uses
PostgreSQL's standard escaping:
- **Identifiers**: double internal `"` and wrap → `"my""table"` (same
algorithm as `pg` driver's `escapeIdentifier`)
- **Literals**: double internal `'` and wrap → `'it''s a value'` (same
algorithm as `pg` driver's `escapeLiteral`)
`removeSqlDDLInjection` is kept only for name generation (e.g.,
`computePostgresEnumName`) where stripping to `[a-zA-Z0-9_]` is the
correct behavior.
## Files changed
| File | What |
|------|------|
| `remove-sql-injection.util.ts` | Added `escapeIdentifier` +
`escapeLiteral` |
| `validate-index-where-clause.util.ts` | New — allowlist for partial
index WHERE clauses |
| 5 schema manager services | Replaced strip+manual-quote with
`escapeIdentifier`/`escapeLiteral` |
| `build-sql-column-definition.util.ts` | `escapeIdentifier` for column
names, validated `generatedType` |
| `sanitize-default-value.util.ts` | `escapeLiteral` instead of
stripping |
| `serialize-default-value.util.ts` | `escapeLiteral` for values,
`escapeIdentifier` for enum casts |
| `get-ts-vector-column-expression.util.ts` | `escapeIdentifier` for
field names in expressions |
| `sanitize-default-value.util.spec.ts` | Updated tests for escape
behavior |
## Test plan
- [x] All 64 existing tests pass across 6 test suites
- [x] `lint:diff-with-main` passes
- [x] TypeScript typecheck — no new errors
- [ ] Verify workspace sync-metadata still works end-to-end
- [ ] Verify custom object/field creation works
- [ ] Verify enum field option changes work
Made with [Cursor](https://cursor.com)
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* Fixes - Workspace logo migration (#18035)
- Update migration command to handle case where workspace logo is
originated from workspace email and point to twenty-icons.com
- Update same logic for new workspaces
- Add feature-flag for all newly created workspaces
* [Chore] : Generate migration for DATE_TIME to DATE for DATE_TIME + IS operand filters (#17564)
migration command in response to the fix :
https://github.com/twentyhq/twenty/pull/17529 for the issue
https://github.com/twentyhq/core-team-issues/issues/2027
---------
Co-authored-by: Arun kumar <arunkumar@Aruns-MacBook-Air.local>
Co-authored-by: Lucas Bordeau <bordeau.lucas@gmail.com>
* Share APP_SECRET from prod to staging for encrypted config decryption
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* 2094 extensibility define postinstall orand preinstall function to run in application (#18037)
- add a new optional key `postInstallLogicFunctionUniversalIdentifier`
in applicationConfig
- seed postInstall function in create-twenty-app
- update execute:function options
- update doc
* Fix tokens secret copy: use replace --force to overwrite Helm-managed secret
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Nav Menu Item Migration command fix (#18041)
* Fix tokens secret sync: delete+create instead of replace to avoid Helm conflicts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Increase Helm timeout to 15m, remove cleanup-on-fail for staging
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* i18n - docs translations (#18040)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Sync page Layout (#18034)
## Sync page layouts, tabs, and widgets
Adds the ability for SDK applications to synchronize `pageLayout`,
`pageLayoutTab`, and `pageLayoutWidget` entities, following the same
pattern established in #18003 for views and navigation menu items.
### Changes
**`twenty-shared`**
- New `PageLayoutManifest`, `PageLayoutTabManifest`, and
`PageLayoutWidgetManifest` types with a hierarchical structure (page
layout → tabs → widgets)
- Added `pageLayouts: PageLayoutManifest[]` to the `Manifest` type
**`twenty-sdk`**
- New `definePageLayout()` SDK function with validation for
universalIdentifier, name, and nested tabs/widgets
- Wired into the manifest extraction and build pipeline
(`DefinePageLayout` target function, `PageLayouts` entity key)
- Exported from the SDK entry point
**`twenty-server`**
- Added `pageLayout`, `pageLayoutTab`, `pageLayoutWidget` to
`APPLICATION_MANIFEST_METADATA_NAMES`
- New conversion utilities: manifest → universal flat entity for all
three entity types
- Updated `computeApplicationManifestAllUniversalFlatEntity
* Fix tokens secret sync: patch existing secret instead of delete+recreate
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix tokens secret: patch existing or create new, keep Helm create as fallback
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix ingestion pipeline UI: compile Lingui i18n catalogs and stop scrambling emails on staging
Lingui message extraction and compilation was never run for the ingestion
pipeline files, causing all UI labels to show garbled hash IDs. Also removes
email scrambling from the DB replication script since staging is a private
environment used by the same team - scrambling caused userId mismatches that
blocked Google OAuth login.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add example in create-twenty-app (#18043)
- add interactive mode to create-twenty-app
- by default create an example for each entities
<img width="1181" height="168" alt="image"
src="https://github.com/user-attachments/assets/a2490d8f-66a1-4cd5-bf41-57166cc20a1e"
/>
* i18n - docs translations (#18048)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Add missing objects to rich app integration tests (#18039)
Updating rich app so it also create:
- a many to many relation
- views
- navigation items
The app was built successfully.
Will still be missing front component examples
<img width="1498" height="660" alt="Capture d’écran 2026-02-18 à 17 47
25"
src="https://github.com/user-attachments/assets/acd5193f-3a36-4eb7-8276-3154e4e60f5e"
/>
* Refactor page layout types (#18042)
## Refactor page layout widget types into shared package and expose from
SDK
### Why
Widget configuration types were defined only on the server, forcing SDK
consumer apps to import from deep internal `twenty-shared/dist` paths —
fragile and breaks on structural changes. Server DTOs also had no
compile-time guarantee they matched the canonical types.
### What changed
- **`twenty-shared`**: Migrated `ChartFilter`, `GridPosition`,
`RatioAggregateConfig` and all 20 widget configuration variants into
`twenty-shared/types`. `PageLayoutWidgetConfiguration` (base, with
`SerializedRelation`) and `PageLayoutWidgetUniversalConfiguration`
(derived via `FormatRecordSerializedRelationProperties`) are now the
single source of truth.
- **`twenty-sdk`**: Re-exported `AggregateOperations`,
`ObjectRecordGroupByDateGranularity`, `PageLayoutTabLayoutMode`, and
`PageLayoutWidgetUniversalConfiguration` so consumer apps import from
`twenty-sdk` directly.
- **`twenty-server`**: All widget DTOs now `implements` their shared
type for compile-time enforcement. Added helpers to convert nested
`fieldMetadataId` ↔ `fieldMetadataUniversalIdentifier` inside chart
filters. Removed redundant local type re-exports.
* refactor workflow action messaging with callout (#18038)
## Summary
- remove the dedicated `WorkflowMessage` component and story
- update workflow action editor components to use the shared callout
patterns
- adjust `Callout` and its stories to support the new usage in workflow
actions
## Before/After
<img width="525" height="548" alt="image"
src="https://github.com/user-attachments/assets/ce57a84f-f070-4149-85ef-a4d162b2d878"
/>
<img width="518" height="593" alt="image"
src="https://github.com/user-attachments/assets/f7249cd0-221f-496d-9deb-d9966ee43382"
/>
* Add currency hover tooltip in CurrencyDisplay (#18045)
https://github.com/user-attachments/assets/af768ecb-b5e9-4e8d-a9f9-fee1a08ea9a0
Fixes https://github.com/twentyhq/twenty/issues/17756
* Increase staging worker memory limit to 1024Mi to fix OOM crash
Worker was in CrashLoopBackOff with "JavaScript heap out of memory" error
at 512Mi. Matches production worker memory limit.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Increase staging worker memory limit to 1024Mi to fix OOM crash
Worker was in CrashLoopBackOff with "JavaScript heap out of memory" error
at 512Mi. Matches production worker memory limit.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: show "Not shared" for junction relation fields when target or intermediate object is not readable (#18025)
When a user's role lacks read permission on the target object (e.g.,
Company) or the intermediate junction object (e.g., EmploymentHistory),
junction relation fields like "Previous Companies" displayed as blank
instead of showing "Not shared."
- In RecordFieldList, junction fields now check the junction object's
read permission and set isForbidden on the field context so FieldDisplay
renders "Not shared" instead of an empty field.
- In RelationFromManyFieldDisplay, if junction records exist but all
nested target records are null (permission-denied by the API), the
component renders "Not shared" instead of an empty list.
---------
Co-authored-by: Félix Malfait <felix@twenty.com>
* Fix ingestion worker: wrap record processing in workspace context
The worker needs a workspace context (via AsyncLocalStorage) to use
GlobalWorkspaceOrmManager. Uses buildSystemAuthContext() like other
job processors in the codebase.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix ingestion worker: wrap record processing in workspace context
The worker needs a workspace context (via AsyncLocalStorage) to use
GlobalWorkspaceOrmManager. Uses buildSystemAuthContext() like other
job processors in the codebase.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* i18n - docs translations (#18050)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Restore old favorite design (#18049)
Issue : With IS_NAVIGATION_MENU_ITEM_ENABLED:true +
IS_NAVIGATION_MENU_ITEM_EDITING_ENABLED:false, nav menu design is
changed after 1.18.0 release : views expansion removed, system object
displayed, position re-ordered
We prefer keeping the same "old" favorite behaviour and design state
- After 1.18.0 all workspaces have up-to-date navigation menu items
(migrated)
- IS_NAVIGATION_MENU_ITEM_EDITING_ENABLED becomes the FF for nav menu
new design
---------
Co-authored-by: Charles Bochet <charles@twenty.com>
* Fix impossible scroll in sdk app:dev (#18051)
Issue is that we are refreshing the terminal because of icons animations
* Harden server-side input validation and auth defaults (#18018)
## Summary
- **File storage (LocalDriver):** Add realpath resolution and symlink
rejection to `writeFile`, `downloadFile`, and `downloadFolder` — brings
them in line with the existing `readFile` protections. Includes unit
tests.
- **JWT:** Pin signing/verification to HS256 explicitly.
- **Auth:** Revoke active refresh tokens when a user changes their
password.
- **Logic functions:** Validate `handlerName` as a safe JS identifier at
both DTO and runtime level, preventing injection into the generated
runner script.
- **User entity:** Remove `passwordHash` from the GraphQL schema
(`@Field` decorator removed, column stays).
- **Query params:** Use `crypto.randomBytes` instead of `Math.random`
for SQL parameter name generation.
- **Exception filter:** Mirror the request `Origin` header instead of
sending `Access-Control-Allow-Origin: *`.
## Test plan
- [x] `local.driver.spec.ts` — writeFile rejects symlinks, downloadFile
rejects paths outside storage
- [ ] Verify JWT auth flow still works (login, token refresh)
- [ ] Verify password change invalidates existing sessions
- [ ] Verify logic function creation with valid/invalid handler names
- [ ] Verify file upload/download in dev environment
Made with [Cursor](https://cursor.com)
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
* Add static transform type for constant field values in ingestion pipeline
Allows setting a fixed value regardless of source data, useful for
fields like leadStatus that need a default (e.g. "ASSIGNED").
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add static transform type for constant field values in ingestion pipeline
Allows setting a fixed value regardless of source data, useful for
fields like leadStatus that need a default (e.g. "ASSIGNED").
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Skip empty string source values in ingestion field mapping
Convoso sends empty strings for unpopulated fields. These should be
treated as absent rather than mapped to target fields where they'd
cause enum validation errors.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Skip empty string source values in ingestion field mapping
Convoso sends empty strings for unpopulated fields. These should be
treated as absent rather than mapped to target fields where they'd
cause enum validation errors.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Prevent SSRF via IMAP/SMTP/CalDAV (#17973)
Prevents leaking of internal services by filtering out private IPs, same
way we do for webhooks
* Fix website build (#18052)
* i18n - translations (#18053)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* Improve security settings card grouping and description overflow (#17928)
# After
- Added a separtor between the two audit logs cards
- Rename the audit log card to avoid repetition
- Grouped "Invite by link" and "2 factor auth" in one group
- Changed the card component description to always be one line max with
truncation & tooltips
<img width="777" height="1278" alt="CleanShot 2026-02-13 at 17 02 36"
src="https://github.com/user-attachments/assets/685c792a-c85b-4521-8c1b-bd9adedc75d9"
/>
<img width="976" height="690"
alt="b49f2eb043b6712d013618bb0a4ef7f011cf2316e1163fbdee4c293bed036ac9"
src="https://github.com/user-attachments/assets/6e17aa11-ecdb-4f98-ba50-5cd9b9c5def6"
/>
---------
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
Co-authored-by: Charles Bochet <charlesBochet@users.noreply.github.com>
Co-authored-by: Charles Bochet <charles@twenty.com>
* Fix empty string values bypassing enum validation in ingestion pipeline
The post-transform check only tested isDefined, so empty strings from map
transforms passed through and caused PostgreSQL enum errors (e.g. gender: "").
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix empty string values bypassing enum validation in ingestion pipeline
The post-transform check only tested isDefined, so empty strings from map
transforms passed through and caused PostgreSQL enum errors (e.g. gender: "").
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* i18n - translations (#18056)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* Fix website build (#18057)
* Add Health Sherpa policy ingestion with smart person matching
Implements automated policy data ingestion from Health Sherpa webhooks
using the existing ingestion pipeline infrastructure.
Features:
- Generic policy fields (carrier-agnostic): applicationId, externalSource, etc.
- Smart person matching with 4-strategy fallback system:
1. Match by phone (normalized)
2. Match by agent NPN + member name
3. Match by email (skip junk emails)
4. Auto-create person if no match
- Deduplication by applicationId (update vs create)
- Phone normalization: "(555) 123-4567" → "5551234567"
- Auto-assign to agent by NPN
- Duplicate email handling (retry without email)
- 17 field mappings (webhook → CRM)
- Full unit test coverage
New files:
- Migration: add-external-policy-fields (9 new columns + indexes)
- Seed: seed-healthsherpa-pipeline.command.ts
- Preprocessor: healthsherpa-policy.preprocessor.ts (smart matching)
- Registry: ingestion-preprocessor.registry.ts
- Tests: healthsherpa-policy.preprocessor.spec.ts (12 tests)
Modified files:
- ingestion-push-process.job.ts (call preprocessor)
- ingestion-pipeline.module.ts (register providers)
- ingestion-job.module.ts (register providers)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Messages Message Folder Association (#17398)
This PR adds Message folder association for message channel messages,
Currently under testing phase, not ready yet.
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Fix website build (#18061)
As per title
* i18n - docs translations (#18062)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Add Convoso call ingestion preprocessor for ingestion pipeline
Introduces ConvosoCallPreprocessor that enriches call payloads with
computed fields (direction, name, person/lead source resolution, billing)
and filters incomplete/system payloads. Updates the preprocessor registry
to support null returns for record skipping.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Wrap preprocessor in workspace context for DB access
The preprocessor runs before processRecords which has its own workspace
context. Preprocessors that access the database (like ConvosoCall and
HealthSherpa) need workspace context to resolve repositories.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Migrate dropdown to jotai (#18063)
Here we go again
* Add incoming payload viewer to ingestion pipeline run history
Stores the raw incoming webhook payload on each ingestion log entry and
displays it in an expandable row in the Run History table. Clicking a
row reveals the JSON payload and any errors.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* i18n - docs translations (#18067)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Bump @xyflow/react from 12.4.2 to 12.10.0 (#18070)
Bumps
[@xyflow/react](https://github.com/xyflow/xyflow/tree/HEAD/packages/react)
from 12.4.2 to 12.10.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/xyflow/xyflow/releases"><code>@xyflow/react</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.10.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5637">#5637</a> <a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Add <code>zIndexMode</code> to control how z-index is calculated for
nodes and edges</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5484">#5484</a> <a
href="https://github.com/xyflow/xyflow/commit/a523919d6789995e9d0f3dd29b0b47fc3b8d8439"><code>a523919d6</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Add
<code>experimental_useOnNodesChangeMiddleware</code> hook</p>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5629">#5629</a> <a
href="https://github.com/xyflow/xyflow/commit/9030fab2df8285fdfb649bda6e1e885dfd228d45"><code>9030fab2d</code></a>
Thanks <a
href="https://github.com/AlaricBaraou"><code>@AlaricBaraou</code></a>!
- Prevent unnecessary re-render in <code>FlowRenderer</code></p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5592">#5592</a> <a
href="https://github.com/xyflow/xyflow/commit/38dbf41c464550cc803b946a4ad1f46982385a03"><code>38dbf41c4</code></a>
Thanks <a
href="https://github.com/svilen-ivanov-kubit"><code>@svilen-ivanov-kubit</code></a>!
- Always create a new measured object in apply changes.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5635">#5635</a> <a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>
Thanks <a
href="https://github.com/tornado-softwares"><code>@tornado-softwares</code></a>!
- Update an ongoing connection when user moves node with keyboard.</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/8598b6bc2a9d052b12d5215706382da0aa84827b"><code>8598b6bc2</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.74</li>
</ul>
</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5621">#5621</a> <a
href="https://github.com/xyflow/xyflow/commit/c1304dba7a20bb8d74c7aceb23cd80b56e4c0482"><code>c1304dba7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Set <code>paneClickDistance</code> default value to
<code>1</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5578">#5578</a> <a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Pass
current pointer position to connection</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.73</li>
</ul>
</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.2</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/xyflow/xyflow/pull/5593">#5593</a> <a
href="https://github.com/xyflow/xyflow/commit/a8ee089d7689d9a58113690c8e90e1c1e109602a"><code>a8ee089d7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Reset selection box when user selects a node</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5572">#5572</a> <a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Fix
onPaneClick events being suppressed when selectionOnDrag=true</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.72</li>
</ul>
</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5544">#5544</a> <a
href="https://github.com/xyflow/xyflow/commit/c17b49f4c16167da3f791430163edd592159d27d"><code>c17b49f4c</code></a>
Thanks <a
href="https://github.com/0x0f0f0f"><code>@0x0f0f0f</code></a>! - Add
<code>EdgeToolbar</code> component</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5550">#5550</a> <a
href="https://github.com/xyflow/xyflow/commit/6ffb9f7901c32f5b335aee2517f41bf87f274f32"><code>6ffb9f790</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! -
Prevent child nodes of different parents from overlapping</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5551">#5551</a> <a
href="https://github.com/xyflow/xyflow/commit/6bb64b3ed60f26c9ea8bc01c8d62fb9bf74cd634"><code>6bb64b3ed</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Allow to start a selection above a node</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/xyflow/xyflow/blob/main/packages/react/CHANGELOG.md"><code>@xyflow/react</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>12.10.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5637">#5637</a> <a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Add <code>zIndexMode</code> to control how z-index is calculated for
nodes and edges</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5484">#5484</a> <a
href="https://github.com/xyflow/xyflow/commit/a523919d6789995e9d0f3dd29b0b47fc3b8d8439"><code>a523919d6</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Add
<code>experimental_useOnNodesChangeMiddleware</code> hook</p>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5629">#5629</a> <a
href="https://github.com/xyflow/xyflow/commit/9030fab2df8285fdfb649bda6e1e885dfd228d45"><code>9030fab2d</code></a>
Thanks <a
href="https://github.com/AlaricBaraou"><code>@AlaricBaraou</code></a>!
- Prevent unnecessary re-render in <code>FlowRenderer</code></p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5592">#5592</a> <a
href="https://github.com/xyflow/xyflow/commit/38dbf41c464550cc803b946a4ad1f46982385a03"><code>38dbf41c4</code></a>
Thanks <a
href="https://github.com/svilen-ivanov-kubit"><code>@svilen-ivanov-kubit</code></a>!
- Always create a new measured object in apply changes.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5635">#5635</a> <a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>
Thanks <a
href="https://github.com/tornado-softwares"><code>@tornado-softwares</code></a>!
- Update an ongoing connection when user moves node with keyboard.</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/8598b6bc2a9d052b12d5215706382da0aa84827b"><code>8598b6bc2</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.74</li>
</ul>
</li>
</ul>
<h2>12.9.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5621">#5621</a> <a
href="https://github.com/xyflow/xyflow/commit/c1304dba7a20bb8d74c7aceb23cd80b56e4c0482"><code>c1304dba7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Set <code>paneClickDistance</code> default value to
<code>1</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5578">#5578</a> <a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Pass
current pointer position to connection</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.73</li>
</ul>
</li>
</ul>
<h2>12.9.2</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/xyflow/xyflow/pull/5593">#5593</a> <a
href="https://github.com/xyflow/xyflow/commit/a8ee089d7689d9a58113690c8e90e1c1e109602a"><code>a8ee089d7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Reset selection box when user selects a node</li>
</ul>
<h2>12.9.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5572">#5572</a> <a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Fix
onPaneClick events being suppressed when selectionOnDrag=true</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.72</li>
</ul>
</li>
</ul>
<h2>12.9.0</h2>
<h3>Minor Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/xyflow/xyflow/pull/5544">#5544</a> <a
href="https://github.com/xyflow/xyflow/commit/c17b49f4c16167da3f791430163edd592159d27d"><code>c17b49f4c</code></a>
Thanks <a
href="https://github.com/0x0f0f0f"><code>@0x0f0f0f</code></a>! - Add
<code>EdgeToolbar</code> component</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/xyflow/xyflow/commit/c0ed3c33a3498877ab2a5755299ff84ee659782e"><code>c0ed3c3</code></a>
chore(packages): bump</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/83a312b2e1691a44223536653689f8f99f0d5b24"><code>83a312b</code></a>
chore(zIndexMode): use basic as default</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/14fd41b1f153406f1a21a61bf98ea07ad8275ec6"><code>14fd41b</code></a>
change default back to elevateEdgesOnSelect=false and
zIndexMode=basic</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/3680a6a0e623e19d1f983515273f11bdd355ec86"><code>3680a6a</code></a>
Merge branch 'main' into feat/zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/a523919d6789995e9d0f3dd29b0b47fc3b8d8439"><code>a523919</code></a>
chore(middleware): cleanup</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/e4e3605d62c8c710fe7ddb2ec3929af0a7962a6b"><code>e4e3605</code></a>
Merge branch 'main' into middlewares</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/2c05b3224a13e896dfb9a0c93f3af7bb592afc45"><code>2c05b32</code></a>
Merge branch 'feat/zindexmode' of github.com:xyflow/xyflow into
feat/zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/ddbb9280f6242794187205a207e993e2c721c244"><code>ddbb928</code></a>
chore(examples): add zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/9faca3357d5db68fdad6c96de06fd66dd1d0ba64"><code>9faca33</code></a>
Merge branch 'main' into feat/zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/4eb42952f01b947c9d36c25e6b30b7bd98224632"><code>4eb4295</code></a>
feat(svelte): add zIndexMode</li>
<li>Additional commits viewable in <a
href="https://github.com/xyflow/xyflow/commits/@xyflow/react@12.10.0/packages/react">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump eslint-config-next from 14.2.33 to 14.2.35 (#18069)
Bumps
[eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next)
from 14.2.33 to 14.2.35.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/vercel/next.js/commit/7b940d9ce96faddb9f92ff40f5e35c34ace04eb2"><code>7b940d9</code></a>
v14.2.35</li>
<li><a
href="https://github.com/vercel/next.js/commit/f3073688ce18878a674fdb9954da68e9d626a930"><code>f307368</code></a>
v14.2.34</li>
<li>See full diff in <a
href="https://github.com/vercel/next.js/commits/v14.2.35/packages/eslint-config-next">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump @emotion/is-prop-valid from 1.3.0 to 1.4.0 (#18068)
Bumps [@emotion/is-prop-valid](https://github.com/emotion-js/emotion)
from 1.3.0 to 1.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/emotion-js/emotion/releases"><code>@emotion/is-prop-valid</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@emotion/is-prop-valid</code><a
href="https://github.com/1"><code>@1</code></a>.4.0</h2>
<h3>Minor Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/emotion-js/emotion/pull/3306">#3306</a>
<a
href="https://github.com/emotion-js/emotion/commit/dfae1cbd98d3ebe449ce322b38cbf4a7fbfbfe96"><code>dfae1cb</code></a>
Thanks <a
href="https://github.com/EnzoAlbornoz"><code>@EnzoAlbornoz</code></a>!
- Adds <code>popover</code>, <code>popoverTarget</code> and
<code>popoverTargetAction</code> to the list of allowed props.</li>
</ul>
<h2><code>@emotion/is-prop-valid</code><a
href="https://github.com/1"><code>@1</code></a>.3.1</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/emotion-js/emotion/pull/3093">#3093</a>
<a
href="https://github.com/emotion-js/emotion/commit/532ff57cafd8ba04f3b624074556ea47ec76fc9a"><code>532ff57</code></a>
Thanks <a href="https://github.com/codejet"><code>@codejet</code></a>,
<a href="https://github.com/DustinBrett"><code>@DustinBrett</code></a>!
- Adds <code>fetchpriority</code> and <code>fetchPriority</code> to the
list of allowed props.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/emotion-js/emotion/commit/38db311adf024fe8a24b57c687824c47abbd0957"><code>38db311</code></a>
Version Packages (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3347">#3347</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/dfae1cbd98d3ebe449ce322b38cbf4a7fbfbfe96"><code>dfae1cb</code></a>
Adds <code>popover</code>, <code>popoverTarget</code> and
<code>popoverTargetAction</code> to the list of allo...</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/49229553967b6050c92d9602eb577bdc48167e91"><code>4922955</code></a>
Version Packages (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3335">#3335</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/0facbe47bd9099ae4ed22dc201822d910ac3dec5"><code>0facbe4</code></a>
Renamed default-exported variable in <code>@emotion/styled</code> to aid
inferred import...</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/cce67ec6b2fc94261028b4f4778aae8c3d6c5fd6"><code>cce67ec</code></a>
Bump parcel (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3258">#3258</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/3c19ce5997f73960679e546af47801205631dfde"><code>3c19ce5</code></a>
Version Packages (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3280">#3280</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/a19d019bd418ebc3b9cba0e58f58b36ac2862a42"><code>a19d019</code></a>
Convert <code>@emotion/styled</code>'s source code to TypeScript (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3284">#3284</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/5974e33fcb5e7aee177408684ac6fe8b38b3e353"><code>5974e33</code></a>
Fix JSX namespace <a
href="https://github.com/ts-ignores"><code>@ts-ignores</code></a> (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3282">#3282</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/fc4d7bd744c205f55513dcd4e4e5134198c219de"><code>fc4d7bd</code></a>
Convert <code>@emotion/react</code>'s source code to TypeScript (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3281">#3281</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/8dc1a6dd19d2dc9ce435ef0aff85ccf5647f5d2e"><code>8dc1a6d</code></a>
Convert <code>@emotion/cache</code>'s source code to TypeScript (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3277">#3277</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/emotion-js/emotion/compare/@emotion/is-prop-valid@1.3.0...@emotion/is-prop-valid@1.4.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* FILES field - Attachment name display fix (#18073)
with new 'file' FILES field on attachment, UI should display attachment
name from file field value.
Issue with API users updating only 'file' FILES field (and not name
field anymore)
* Add objectRecordCounts query to /metadata endpoint (#18054)
## Summary
- Adds an `objectRecordCounts` query on the `/metadata` GraphQL endpoint
that returns approximate record counts for all objects in the workspace
- Uses PostgreSQL's `pg_class.reltuples` catalog stats — a single
instant query instead of N `COUNT(*)` table scans
- Replaces the previous `CombinedFindManyRecords` approach which hit the
server's 20 root resolver limit and silently showed 0 for all counts on
the settings Data Model page
### Server
- `ObjectRecordCountDTO` — GraphQL type with `objectNamePlural` and
`totalCount`
- `ObjectRecordCountService` — reads `pg_class` catalog for the
workspace schema
- Query added to `ObjectMetadataResolver` with `@MetadataResolver()` +
`NoPermissionGuard`
### Frontend
- `OBJECT_RECORD_COUNTS` query added to
`object-metadata/graphql/queries.ts`
- `useCombinedGetTotalCount` simplified to a zero-argument hook using
the new query
- `SettingsObjectTable` simplified to a single hook call
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* Refactor and standardize `isSystem` field and object (#17992)
# Introduction
## Centralize system field definitions
- Extract a single `PARTIAL_SYSTEM_FLAT_FIELD_METADATAS` constant as the
source of truth for all 8 system fields (`id`, `createdAt`, `updatedAt`,
`deletedAt`, `createdBy`, `updatedBy`, `position`, `searchVector`),
eliminating duplication across custom object and standard app field
builders
- Refactor `buildDefaultFlatFieldMetadatasForCustomObject` to use the
shared constant via a new `buildObjectSystemFlatFieldMetadatas` helper
## Mark system fields as `isSystem: true`
- Fields `id`, `createdAt`, `updatedAt`, `deletedAt`, `createdBy`,
`updatedBy`, `position`, `searchVector` are now properly flagged as
system fields across all standard objects and custom object creation
- Standard app field builders for all ~30 standard objects updated to
set `isSystem: true` on `createdAt`, `updatedAt`, `deletedAt`,
`createdBy`, `updatedBy`
- System-only standard objects (blocklist, calendar channels, message
threads, etc.) now also include `createdBy`, `updatedBy`, `position`,
`searchVector` field definitions that were previously missing
## Validate system fields on object creation
- New transversal validation (`crossEntityTransversalValidation`) runs
after all atomic entity validations in the build orchestrator, ensuring
all 8 system fields are present with correct `type` and `isSystem: true`
when an object is created
- New `buildUniversalFlatObjectFieldByNameAndJoinColumnMaps` utility to
resolve field names to universal identifiers for a given object
- New exception codes: `MISSING_SYSTEM_FIELD` and `INVALID_SYSTEM_FIELD`
on `ObjectMetadataExceptionCode`
## Protect system fields and objects from mutation
- Field validators now block update/delete of `isSystem` fields by
non-system callers (`FIELD_MUTATION_NOT_ALLOWED`)
- Object validators now block update/delete of `isSystem` objects by
non-system callers
- `POSITION` and `TS_VECTOR` field type validators replaced: instead of
rejecting creation outright, they now validate that the field is named
correctly (`position` / `searchVector`) and has `isSystem: true`
## Distinguish `isSystemBuild` from `isCallerTwentyStandardApp`
- New `isCallerTwentyStandardApp` utility checks whether the caller's
`applicationUniversalIdentifier` matches the twenty standard app
- Name-sync logic (`isFlatFieldMetadataNameSyncedWithLabel`,
`areFlatObjectMetadataNamesSyncedWithLabels`) refactored to use
`isCallerTwentyStandardApp` for custom suffix decisions, keeping
`isSystemBuild` for mutation permission checks
- `WorkspaceMigrationBuilderOptions` type updated to include
`applicationUniversalIdentifier`
## Adapt frontend filtering
- New `HIDDEN_SYSTEM_FIELD_NAMES` constant (`id`, `position`,
`searchVector`) and `isHiddenSystemField` utility to only hide truly
internal fields while keeping user-facing system fields (`createdAt`,
`updatedAt`, `deletedAt`, `createdBy`, `updatedBy`) visible in the UI
- ~20 frontend files updated to replace `!field.isSystem` checks with
`!isHiddenSystemField(field)` across record index, settings, data model,
charts, workflows, spreadsheet import, aggregations, and role
permissions
## Add 1.19 upgrade commands
- **`backfill-system-fields-is-system`**: Raw SQL command to set
`isSystem = true` on existing workspace fields matching system field
names, and fix `position` field type from `NUMBER` to `POSITION` for
`favorite`/`favoriteFolder` objects. Includes proper cache invalidation.
- **`add-missing-system-fields-to-standard-objects`**: Codegen'd
workspace migration to create missing `position`, `searchVector`,
`createdBy`, `updatedBy` fields on standard objects that didn't
previously have them. Runs via `WorkspaceMigrationRunnerService` in a
single transaction with idempotency check. **Known limitation**: assumes
all standard objects exist and are valid in the target workspace.
## Add `universalIdentifier` for system fields in standard object
constants
- `standard-object.constant.ts` updated to include `universalIdentifier`
for `createdBy`, `updatedBy`, `position`, and `searchVector` across all
standard objects
- `fieldManifestType.ts` updated to support the new field manifest shape
## System relation
Completely removed and backfilled all `isSystem` relation to be false
false
As we won't require an object to have any relation system fields
## Add integration tests
- New test suite `failing-sync-application-object-system-fields`
covering: missing system fields, wrong field types (`id` as TEXT,
`createdAt` as TEXT, `position` as TEXT), system field deletion
attempts, and system field update attempts
- New test utilities: `buildDefaultObjectManifest` (builds an object
manifest with all 8 system fields) and `setupApplicationForSync`
(centralizes application setup)
- Existing successful sync test updated to verify system fields are
created with correct properties
## Next step
Make the builder scope the compared entity to be the currently built app
+ nor twenty standard app
* i18n - translations (#18079)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* fix: remove the error message for test failure in ci-front (#18076)
Introduced an error message on twenty-front CI earlier to try and inform
the user that test failure could be a coverage issue if no individual
test was failing. However, it led to the assumption that it must be
coverage failure in all cases even when it was test failure leading to
the CI being red.
This PR reverts the change.
* Keep migrating to jotai (#18064)
And we continue!
* Remove non positive integer constraint on Nav Menu Item (#18081)
To fit with position typed field logic + Ease favorite to nav menu item
migration (which have negative and float position)
* i18n - translations (#18086)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* Refactor message backfill command (#18078)
# Introduction
Atomically create the field and object to be created
And avoid synchronizing unrelated non up to date object and fields
Followup https://github.com/twentyhq/twenty/pull/17398
* Migrate more to Jotai (#18087)
Continue jotai migration
* Factorize and add public-assets/*path endpoint (#18080)
as title
* Twenty standard app static options id (#18089)
# Introduction
While preparing the twenty-standard as code migration to twenty-app
through sdk I've faced permanent field enum update as the id was
generated dynamically at each twenty standard app construction
Making them deterministic in order to avoid having this noise
Won't backfill this on existing workspace as it's not critical and that
we will rework the options in the future
* Create LLMS.md on create-twenty-app (#18091)
Managed to create a many to many app with minimal instructions. File
will need to be enriched with more pitfalls.
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* Fix google compose scope not gated by feature flag (#18093)
## Context
New google api scope has been introduced in
https://github.com/twentyhq/twenty/pull/17793 without being gated behind
a feature flag
Microsoft is using pre-existing Mail.ReadWrite scope there is nothing to
gate
## Before
<img width="553" height="445" alt="Screenshot 2026-02-19 at 14 57 58"
src="https://github.com/user-attachments/assets/59a4f76b-d38d-492f-b013-b6cad4091a7f"
/>
## After
<img width="535" height="392" alt="Screenshot 2026-02-19 at 14 58 44"
src="https://github.com/user-attachments/assets/0337bf15-ec30-4549-bb9d-571a982dffd8"
/>
* Remove non positive integer constraint on Nav Menu Item 2/2 (#18090)
Follow up https://github.com/twentyhq/twenty/pull/18081
* Resolve lead source from list_id via Convoso Lists API
When source_name is missing from the call payload (common with Convoso
Call Log API data), fall back to resolving the list_id to a list name
via the Convoso Lists API. The list map is cached in-memory for 10
minutes. The resolved name is used for lead source creation, call name
computation, and billing matching.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* [FRONT COMPONENTS] Declare command menu items in front components (#18047)
## Description
- Adds support for declaring command menu items directly within
`defineFrontComponent` via an optional command config property
- Introduces a new `CommandMenuItemManifest` type in twenty-shared and
wires it through the manifest build pipeline
## Example Of usage
```tsx
import { defineFrontComponent } from "twenty-sdk";
const TestAction = () => {
return <div>Test Action</div>;
};
export default defineFrontComponent({
universalIdentifier: "6c289461-0007-4a62-a99f-69e5c11a4ce7",
name: "test-action",
description: "Test Action",
component: TestAction,
command: {
universalIdentifier: "c07df864-495f-46f3-9f5b-9d3ce2589e9b",
label: "Run My Action",
icon: "IconBolt",
isPinned: false,
},
});
```
## Video QA
https://github.com/user-attachments/assets/f910fc6a-44a9-45d1-87c5-f0ce64bb3878
* Fix: add a new style to the target text box (#18065)
### Approach
I add some new rules for the style of the target text box. (Fix: #13229
)
<img width="842" height="545" alt="target class"
src="https://github.com/user-attachments/assets/7cd0a615-392a-493b-831f-77ddb93de5fc"
/>
**This is what it looks like now.**
<img width="320" height="224" alt="image"
src="https://github.com/user-attachments/assets/26514102-e684-49ce-915d-43e5677520a5"
/>
* Add CONVOSO_API_TOKEN to Helm staging values and worker extraEnv support
Adds extraEnv iteration to the worker deployment template (matching
the existing server template pattern) and configures CONVOSO_API_TOKEN
on both server and worker for the staging environment.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Use K8s secret for CONVOSO_API_TOKEN instead of hardcoded value
Adds extraEnvSecrets support to both server and worker Helm templates,
allowing env vars to be sourced from Kubernetes secrets via secretKeyRef.
The Convoso API token is now stored in a convoso-credentials secret
rather than being hardcoded in the values file.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add showInSidebar per-role permission to replace hardcoded sidebar filter
Adds a new `showInSidebar` boolean on ObjectPermission and a global
`showAllObjectsInSidebar` toggle on Role, following the same pattern as
canReadObjectRecords/canUpdateObjectRecords. The sidebar now filters
items based on this permission instead of the hardcoded MEMBER_VISIBLE_OBJECTS set.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Switch Convoso call pipeline to pull mode with date range params and preprocessor
Convoso Connect webhooks send lead data regardless of event type, so the push
pipeline doesn't receive call records. This switches to polling the Convoso Call
Log API (/v1/log/retrieve) on a cron schedule, matching the old Cloudflare Worker
approach.
- Add dateRangeParams to SourceRequestConfig for dynamic time-window queries
- Add envVar support to QueryParamAuthConfig for runtime env-based auth tokens
- Wire preprocessor + workspace context into IngestionPullJob (same as push job)
- Include SQL script to update pipeline config in staging DB
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: upgrade @swc/core to 1.15.11 and align SWC ecosystem (#18088)
## Summary
- Upgrades `@swc/core` from 1.13.3 to **1.15.11** (swc_core v56), which
introduces CBOR-based plugin serialization replacing rkyv, eliminating
strict version-matching between SWC core and Wasm plugins
- Upgrades `@lingui/swc-plugin` from ^5.6.0 to **^5.11.0** (swc_core
50.2.3, built with `--cfg=swc_ast_unknown` for cross-version
compatibility)
- Upgrades `@swc/plugin-emotion` from 10.0.4 to **14.6.0** (swc_core 53,
also with backward-compat feature)
- Upgrades companion packages: `@swc-node/register` 1.8.0 → 1.11.1,
`@swc/helpers` ~0.5.2 → ~0.5.18, `@vitejs/plugin-react-swc` 3.11.0 →
4.2.3
### Why this is safe now
Starting from `@swc/core v1.15.0`, SWC replaced the rkyv serialization
scheme with CBOR (a self-describing format) and added `Unknown` AST enum
variants. Plugins built with `swc_core >= 47` and
`--cfg=swc_ast_unknown` are now forward-compa…
walmat
added a commit
to Omnia-Insurance/crm
that referenced
this pull request
Feb 26, 2026
…ents (#34) * Add configurable ingestion pipeline system for no-code data import Introduces a generalized pipeline system that replaces hardcoded webhook workers with a configurable approach. Supports push (webhook) and pull (scheduled fetch) modes with field mapping, transforms, relation resolution, and dedup/upsert. Backend: NestJS module with entities, GraphQL resolvers, BullMQ jobs, per-pipeline rate limiting (100 req/min via ThrottlerService), and 100 tests across 12 suites. Frontend: Settings UI for pipeline CRUD, field mapping editor, dry-run testing, and run history. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add configurable ingestion pipeline system for no-code data import Introduces a generalized pipeline system that replaces hardcoded webhook workers with a configurable approach. Supports push (webhook) and pull (scheduled fetch) modes with field mapping, transforms, relation resolution, and dedup/upsert. Backend: NestJS module with entities, GraphQL resolvers, BullMQ jobs, per-pipeline rate limiting (100 req/min via ThrottlerService), and 100 tests across 12 suites. Frontend: Settings UI for pipeline CRUD, field mapping editor, dry-run testing, and run history. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix DB replication: disable triggers during restore, fix refreshToken table name Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix DB replication: enable pgcrypto extension for gen_random_bytes Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix connected account permissions (#17598) Fixes #17411 --------- Co-authored-by: neo773 <neo773@protonmail.com> Co-authored-by: neo773 <62795688+neo773@users.noreply.github.com> Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * i18n - docs translations (#18017) Created by Github action --------- Co-authored-by: github-actions <github-actions@twenty.com> * Add Google OAuth callback URLs for staging domain Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix staging OAuth: rewrite prod domain in DB config during replication Twenty's config system gives DB values priority over env vars, so we need to rewrite crm.omniaagent.com -> staging-crm.omniaagent.com in the configVariable table after replicating prod data. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix config URL rewrite: use correct keyValuePair table with jsonb cast Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * i18n - docs translations (#18020) Created by Github action Co-authored-by: github-actions <github-actions@twenty.com> * Files command - fixes (#18016) - Fixed "property entity not found" error when updating/creating a new field and querying the same object repository just after - Downgraded log type for unnecessary migration * Date & DateTime validation fixes / improvements (#18009) Fixes https://github.com/twentyhq/twenty/issues/17138 - Backend should have strict date/dateTime format validation - FE in import csv is more permissive --------- Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com> * fixes: loosen up front validation, add resolveEntityRelationUniversalIdentifiers to update and restore (#18015) closes https://github.com/twentyhq/private-issues/issues/419 * New field creates fields widget field (#18022) ## Context Introducing "NewFieldDefaultConfiguration" to FIELDS widget configurations ```typescript { isVisible: boolean; viewFieldGroupId: string | null; } ``` This configuration will define where a new field should be added (which section) and its default visibility inside FIELDS widget views. The new field position should always be at the end (meaning the last position for the view fields OR the last position of a viewFieldGroup) See "New fields" on this screenshot <img width="401" height="724" alt="Layout V1" src="https://github.com/user-attachments/assets/4969bcaa-f244-4504-8947-778a02c24c47" /> * App feedbacks (#18028) as title * Add SSE for metadata and plug front components (#17998) Create the necessary tooling to listen to metadata events and plug it to the front components. Now we have a hot reload like experience when we edit a component in an app. ## Backend - Split `EventWithQueryIds` into `ObjectRecordEventWithQueryIds` and `MetadataEventWithQueryIds` - Publish metadata event batches to active SSE streams in `MetadataEventsToDbListener` ## Frontend - Create a metadata event dispatching pipeline: SSE metadata events are grouped by metadata name, transformed into `MetadataOperationBrowserEventDetail` objects, and dispatched as browser `CustomEvents` - Add `useListenToMetadataOperationBrowserEvent` hook for consuming metadata operation events filtered by metadata name and operation type - Rename `useListenToObjectRecordEventsForQuery` to `useListenToEventsForQuery`, now accepting both `RecordGqlOperationSignature` and `MetadataGqlOperationSignature` - Implement `useOnFrontComponentUpdated` which subscribes to front component metadata events and updates the Apollo cache when the component is modified - Add `builtComponentChecksum` to the front component query and appends it to the component URL for browser cache invalidation * Improve API Client usage and add Typescript check (#18023) ## Summary https://github.com/user-attachments/assets/1e75cc9d-d9d2-4ef2-99f9-34450f5d8de7 Add background incremental type checking (`tsc --watch`) to the SDK dev mode, so type regressions are caught when the generated API client changes — without requiring a full rebuild of source files. Previously, removing a field from the data model would regenerate the API client, but existing front components/logic functions referencing the removed field wouldn't surface type errors (since their source didn't change, esbuild wouldn't rebuild them). ## What changed - **Background `tsc --watch`**: a long-lived TypeScript watcher runs alongside esbuild watchers, incrementally re-checking all files when the generated client changes. Only logs on state transitions (errors appear / errors clear) to stay quiet. - **Atomic client generation**: API client is now generated into a temp directory and swapped in atomically, avoiding a race condition where `tsc --watch` could see an empty `generated/` directory mid-regeneration. - **Step decoupling**: orchestrator steps no longer receive `uploadFilesStep` directly. Instead, they use callbacks (`onFileBuilt`, `onApiClientGenerated`), and each step manages its own `builtFileInfos` state. - **`apiClientChecksum` omitted from `ApplicationConfig`**: it's a build-time computed value, same as `packageJsonChecksum`. <img width="327" height="177" alt="image" src="https://github.com/user-attachments/assets/02bd25bb-fa41-42b0-8d96-01c51bd4580c" /> <img width="529" height="452" alt="image" src="https://github.com/user-attachments/assets/61f6e968-365b-4a5b-8f2b-a8419d6b1bd3" /> * i18n - translations (#18029) Created by Github action --------- Co-authored-by: github-actions <github-actions@twenty.com> * v1.18 - Fix command (#18032) Same as here https://github.com/twentyhq/twenty/pull/18016 * Fix Gmail thread awareness for custom labels (#18031) This fixes two edge cases for Gmail - When policy was set to `SELECTED_FOLDERS` excluding root INBOX, it missed label changes, so messages with newly applied labels weren't imported until a full resync. - Gmail thread replies by default by default do no inherit parent message's label properties so thread context was also lost because only individually labeled messages were returned, dropping earlier parts of the conversation. Fixed by subscribing to `labelAdded`/`labelRemoved` history events and fetching full thread context when at least one message in a thread carries a synced label. `ALL_FOLDERS` path is untouched. * Allow DATE_TIME IS operand to filter on a whole day (#17529) Fixes: https://github.com/twentyhq/core-team-issues/issues/2027 We've replaced the DATE_TIME picker with DATE picker, and changed the logic to filter for complete day period. https://github.com/user-attachments/assets/ba7e1078-bab3-4c62-a803-d6a851f14b7d --------- Co-authored-by: Arun kumar <arunkumar@Aruns-MacBook-Air.local> Co-authored-by: Lucas Bordeau <bordeau.lucas@gmail.com> * Replace generic "Unknown error" messages with descriptive error details (#18019) ## Summary - Replace all generic `"Unknown error"` fallback messages across the server codebase with messages that include the actual error details - The most impactful change is in `guard-redirect.service.ts`, which handles OAuth redirect errors — non-`AuthException` errors (e.g., passport state verification failures) now show `"Authentication error: <actual message>"` instead of the opaque `"Unknown error"` - Gmail/Google error handler services now include the error message in the thrown exception instead of discarding it - Other catch blocks (workflow delay resume, migration runner rollback, code interpreter, marketplace) now use `String(error)` for non-Error objects instead of a static fallback Fixes the class of issues reported in https://github.com/twentyhq/twenty/issues/17812, where a user saw "Unknown error" during Google OAuth and had no way to diagnose the root cause (which turned out to be a session cookie / SSL configuration issue). ## Test plan - [ ] Verify OAuth error flows (e.g., Google Auth with misconfigured callback URL) now display the actual error message on the `/verify` page instead of "Unknown error" - [ ] Verify Gmail sync error handling still correctly classifies and re-throws errors with descriptive messages - [ ] Verify workflow delay resume failures include the error details in the workflow run status Made with [Cursor](https://cursor.com) Co-authored-by: Cursor <cursoragent@cursor.com> * Use proper PostgreSQL identifier/literal escaping in workspace DDL (#18024) ## Summary - Replace the character-stripping approach (`removeSqlDDLInjection`) with standard PostgreSQL `escapeIdentifier` and `escapeLiteral` functions across all workspace schema manager services - Add missing identifier escaping to `createForeignKey` (was the only method in the FK manager without it) - Add allowlist validation for index WHERE clauses and FK action types - Harden tsvector expression builder with proper identifier quoting ## Context The workspace schema managers build DDL dynamically from metadata (table names, column names, enum values, etc.). The previous approach stripped all non-alphanumeric characters — safe but lossy (silently corrupts values with legitimate special characters). The new approach uses PostgreSQL's standard escaping: - **Identifiers**: double internal `"` and wrap → `"my""table"` (same algorithm as `pg` driver's `escapeIdentifier`) - **Literals**: double internal `'` and wrap → `'it''s a value'` (same algorithm as `pg` driver's `escapeLiteral`) `removeSqlDDLInjection` is kept only for name generation (e.g., `computePostgresEnumName`) where stripping to `[a-zA-Z0-9_]` is the correct behavior. ## Files changed | File | What | |------|------| | `remove-sql-injection.util.ts` | Added `escapeIdentifier` + `escapeLiteral` | | `validate-index-where-clause.util.ts` | New — allowlist for partial index WHERE clauses | | 5 schema manager services | Replaced strip+manual-quote with `escapeIdentifier`/`escapeLiteral` | | `build-sql-column-definition.util.ts` | `escapeIdentifier` for column names, validated `generatedType` | | `sanitize-default-value.util.ts` | `escapeLiteral` instead of stripping | | `serialize-default-value.util.ts` | `escapeLiteral` for values, `escapeIdentifier` for enum casts | | `get-ts-vector-column-expression.util.ts` | `escapeIdentifier` for field names in expressions | | `sanitize-default-value.util.spec.ts` | Updated tests for escape behavior | ## Test plan - [x] All 64 existing tests pass across 6 test suites - [x] `lint:diff-with-main` passes - [x] TypeScript typecheck — no new errors - [ ] Verify workspace sync-metadata still works end-to-end - [ ] Verify custom object/field creation works - [ ] Verify enum field option changes work Made with [Cursor](https://cursor.com) --------- Co-authored-by: Cursor <cursoragent@cursor.com> * Fixes - Workspace logo migration (#18035) - Update migration command to handle case where workspace logo is originated from workspace email and point to twenty-icons.com - Update same logic for new workspaces - Add feature-flag for all newly created workspaces * [Chore] : Generate migration for DATE_TIME to DATE for DATE_TIME + IS operand filters (#17564) migration command in response to the fix : https://github.com/twentyhq/twenty/pull/17529 for the issue https://github.com/twentyhq/core-team-issues/issues/2027 --------- Co-authored-by: Arun kumar <arunkumar@Aruns-MacBook-Air.local> Co-authored-by: Lucas Bordeau <bordeau.lucas@gmail.com> * Share APP_SECRET from prod to staging for encrypted config decryption Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * 2094 extensibility define postinstall orand preinstall function to run in application (#18037) - add a new optional key `postInstallLogicFunctionUniversalIdentifier` in applicationConfig - seed postInstall function in create-twenty-app - update execute:function options - update doc * Fix tokens secret copy: use replace --force to overwrite Helm-managed secret Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Nav Menu Item Migration command fix (#18041) * Fix tokens secret sync: delete+create instead of replace to avoid Helm conflicts Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Increase Helm timeout to 15m, remove cleanup-on-fail for staging Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * i18n - docs translations (#18040) Created by Github action Co-authored-by: github-actions <github-actions@twenty.com> * Sync page Layout (#18034) ## Sync page layouts, tabs, and widgets Adds the ability for SDK applications to synchronize `pageLayout`, `pageLayoutTab`, and `pageLayoutWidget` entities, following the same pattern established in #18003 for views and navigation menu items. ### Changes **`twenty-shared`** - New `PageLayoutManifest`, `PageLayoutTabManifest`, and `PageLayoutWidgetManifest` types with a hierarchical structure (page layout → tabs → widgets) - Added `pageLayouts: PageLayoutManifest[]` to the `Manifest` type **`twenty-sdk`** - New `definePageLayout()` SDK function with validation for universalIdentifier, name, and nested tabs/widgets - Wired into the manifest extraction and build pipeline (`DefinePageLayout` target function, `PageLayouts` entity key) - Exported from the SDK entry point **`twenty-server`** - Added `pageLayout`, `pageLayoutTab`, `pageLayoutWidget` to `APPLICATION_MANIFEST_METADATA_NAMES` - New conversion utilities: manifest → universal flat entity for all three entity types - Updated `computeApplicationManifestAllUniversalFlatEntity * Fix tokens secret sync: patch existing secret instead of delete+recreate Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix tokens secret: patch existing or create new, keep Helm create as fallback Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix ingestion pipeline UI: compile Lingui i18n catalogs and stop scrambling emails on staging Lingui message extraction and compilation was never run for the ingestion pipeline files, causing all UI labels to show garbled hash IDs. Also removes email scrambling from the DB replication script since staging is a private environment used by the same team - scrambling caused userId mismatches that blocked Google OAuth login. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add example in create-twenty-app (#18043) - add interactive mode to create-twenty-app - by default create an example for each entities <img width="1181" height="168" alt="image" src="https://github.com/user-attachments/assets/a2490d8f-66a1-4cd5-bf41-57166cc20a1e" /> * i18n - docs translations (#18048) Created by Github action Co-authored-by: github-actions <github-actions@twenty.com> * Add missing objects to rich app integration tests (#18039) Updating rich app so it also create: - a many to many relation - views - navigation items The app was built successfully. Will still be missing front component examples <img width="1498" height="660" alt="Capture d’écran 2026-02-18 à 17 47 25" src="https://github.com/user-attachments/assets/acd5193f-3a36-4eb7-8276-3154e4e60f5e" /> * Refactor page layout types (#18042) ## Refactor page layout widget types into shared package and expose from SDK ### Why Widget configuration types were defined only on the server, forcing SDK consumer apps to import from deep internal `twenty-shared/dist` paths — fragile and breaks on structural changes. Server DTOs also had no compile-time guarantee they matched the canonical types. ### What changed - **`twenty-shared`**: Migrated `ChartFilter`, `GridPosition`, `RatioAggregateConfig` and all 20 widget configuration variants into `twenty-shared/types`. `PageLayoutWidgetConfiguration` (base, with `SerializedRelation`) and `PageLayoutWidgetUniversalConfiguration` (derived via `FormatRecordSerializedRelationProperties`) are now the single source of truth. - **`twenty-sdk`**: Re-exported `AggregateOperations`, `ObjectRecordGroupByDateGranularity`, `PageLayoutTabLayoutMode`, and `PageLayoutWidgetUniversalConfiguration` so consumer apps import from `twenty-sdk` directly. - **`twenty-server`**: All widget DTOs now `implements` their shared type for compile-time enforcement. Added helpers to convert nested `fieldMetadataId` ↔ `fieldMetadataUniversalIdentifier` inside chart filters. Removed redundant local type re-exports. * refactor workflow action messaging with callout (#18038) ## Summary - remove the dedicated `WorkflowMessage` component and story - update workflow action editor components to use the shared callout patterns - adjust `Callout` and its stories to support the new usage in workflow actions ## Before/After <img width="525" height="548" alt="image" src="https://github.com/user-attachments/assets/ce57a84f-f070-4149-85ef-a4d162b2d878" /> <img width="518" height="593" alt="image" src="https://github.com/user-attachments/assets/f7249cd0-221f-496d-9deb-d9966ee43382" /> * Add currency hover tooltip in CurrencyDisplay (#18045) https://github.com/user-attachments/assets/af768ecb-b5e9-4e8d-a9f9-fee1a08ea9a0 Fixes https://github.com/twentyhq/twenty/issues/17756 * Increase staging worker memory limit to 1024Mi to fix OOM crash Worker was in CrashLoopBackOff with "JavaScript heap out of memory" error at 512Mi. Matches production worker memory limit. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Increase staging worker memory limit to 1024Mi to fix OOM crash Worker was in CrashLoopBackOff with "JavaScript heap out of memory" error at 512Mi. Matches production worker memory limit. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: show "Not shared" for junction relation fields when target or intermediate object is not readable (#18025) When a user's role lacks read permission on the target object (e.g., Company) or the intermediate junction object (e.g., EmploymentHistory), junction relation fields like "Previous Companies" displayed as blank instead of showing "Not shared." - In RecordFieldList, junction fields now check the junction object's read permission and set isForbidden on the field context so FieldDisplay renders "Not shared" instead of an empty field. - In RelationFromManyFieldDisplay, if junction records exist but all nested target records are null (permission-denied by the API), the component renders "Not shared" instead of an empty list. --------- Co-authored-by: Félix Malfait <felix@twenty.com> * Fix ingestion worker: wrap record processing in workspace context The worker needs a workspace context (via AsyncLocalStorage) to use GlobalWorkspaceOrmManager. Uses buildSystemAuthContext() like other job processors in the codebase. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix ingestion worker: wrap record processing in workspace context The worker needs a workspace context (via AsyncLocalStorage) to use GlobalWorkspaceOrmManager. Uses buildSystemAuthContext() like other job processors in the codebase. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * i18n - docs translations (#18050) Created by Github action Co-authored-by: github-actions <github-actions@twenty.com> * Restore old favorite design (#18049) Issue : With IS_NAVIGATION_MENU_ITEM_ENABLED:true + IS_NAVIGATION_MENU_ITEM_EDITING_ENABLED:false, nav menu design is changed after 1.18.0 release : views expansion removed, system object displayed, position re-ordered We prefer keeping the same "old" favorite behaviour and design state - After 1.18.0 all workspaces have up-to-date navigation menu items (migrated) - IS_NAVIGATION_MENU_ITEM_EDITING_ENABLED becomes the FF for nav menu new design --------- Co-authored-by: Charles Bochet <charles@twenty.com> * Fix impossible scroll in sdk app:dev (#18051) Issue is that we are refreshing the terminal because of icons animations * Harden server-side input validation and auth defaults (#18018) ## Summary - **File storage (LocalDriver):** Add realpath resolution and symlink rejection to `writeFile`, `downloadFile`, and `downloadFolder` — brings them in line with the existing `readFile` protections. Includes unit tests. - **JWT:** Pin signing/verification to HS256 explicitly. - **Auth:** Revoke active refresh tokens when a user changes their password. - **Logic functions:** Validate `handlerName` as a safe JS identifier at both DTO and runtime level, preventing injection into the generated runner script. - **User entity:** Remove `passwordHash` from the GraphQL schema (`@Field` decorator removed, column stays). - **Query params:** Use `crypto.randomBytes` instead of `Math.random` for SQL parameter name generation. - **Exception filter:** Mirror the request `Origin` header instead of sending `Access-Control-Allow-Origin: *`. ## Test plan - [x] `local.driver.spec.ts` — writeFile rejects symlinks, downloadFile rejects paths outside storage - [ ] Verify JWT auth flow still works (login, token refresh) - [ ] Verify password change invalidates existing sessions - [ ] Verify logic function creation with valid/invalid handler names - [ ] Verify file upload/download in dev environment Made with [Cursor](https://cursor.com) --------- Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com> * Add static transform type for constant field values in ingestion pipeline Allows setting a fixed value regardless of source data, useful for fields like leadStatus that need a default (e.g. "ASSIGNED"). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add static transform type for constant field values in ingestion pipeline Allows setting a fixed value regardless of source data, useful for fields like leadStatus that need a default (e.g. "ASSIGNED"). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Skip empty string source values in ingestion field mapping Convoso sends empty strings for unpopulated fields. These should be treated as absent rather than mapped to target fields where they'd cause enum validation errors. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Skip empty string source values in ingestion field mapping Convoso sends empty strings for unpopulated fields. These should be treated as absent rather than mapped to target fields where they'd cause enum validation errors. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Prevent SSRF via IMAP/SMTP/CalDAV (#17973) Prevents leaking of internal services by filtering out private IPs, same way we do for webhooks * Fix website build (#18052) * i18n - translations (#18053) Created by Github action --------- Co-authored-by: github-actions <github-actions@twenty.com> * Improve security settings card grouping and description overflow (#17928) # After - Added a separtor between the two audit logs cards - Rename the audit log card to avoid repetition - Grouped "Invite by link" and "2 factor auth" in one group - Changed the card component description to always be one line max with truncation & tooltips <img width="777" height="1278" alt="CleanShot 2026-02-13 at 17 02 36" src="https://github.com/user-attachments/assets/685c792a-c85b-4521-8c1b-bd9adedc75d9" /> <img width="976" height="690" alt="b49f2eb043b6712d013618bb0a4ef7f011cf2316e1163fbdee4c293bed036ac9" src="https://github.com/user-attachments/assets/6e17aa11-ecdb-4f98-ba50-5cd9b9c5def6" /> --------- Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com> Co-authored-by: Charles Bochet <charlesBochet@users.noreply.github.com> Co-authored-by: Charles Bochet <charles@twenty.com> * Fix empty string values bypassing enum validation in ingestion pipeline The post-transform check only tested isDefined, so empty strings from map transforms passed through and caused PostgreSQL enum errors (e.g. gender: ""). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix empty string values bypassing enum validation in ingestion pipeline The post-transform check only tested isDefined, so empty strings from map transforms passed through and caused PostgreSQL enum errors (e.g. gender: ""). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * i18n - translations (#18056) Created by Github action --------- Co-authored-by: github-actions <github-actions@twenty.com> * Fix website build (#18057) * Add Health Sherpa policy ingestion with smart person matching Implements automated policy data ingestion from Health Sherpa webhooks using the existing ingestion pipeline infrastructure. Features: - Generic policy fields (carrier-agnostic): applicationId, externalSource, etc. - Smart person matching with 4-strategy fallback system: 1. Match by phone (normalized) 2. Match by agent NPN + member name 3. Match by email (skip junk emails) 4. Auto-create person if no match - Deduplication by applicationId (update vs create) - Phone normalization: "(555) 123-4567" → "5551234567" - Auto-assign to agent by NPN - Duplicate email handling (retry without email) - 17 field mappings (webhook → CRM) - Full unit test coverage New files: - Migration: add-external-policy-fields (9 new columns + indexes) - Seed: seed-healthsherpa-pipeline.command.ts - Preprocessor: healthsherpa-policy.preprocessor.ts (smart matching) - Registry: ingestion-preprocessor.registry.ts - Tests: healthsherpa-policy.preprocessor.spec.ts (12 tests) Modified files: - ingestion-push-process.job.ts (call preprocessor) - ingestion-pipeline.module.ts (register providers) - ingestion-job.module.ts (register providers) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Messages Message Folder Association (#17398) This PR adds Message folder association for message channel messages, Currently under testing phase, not ready yet. --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * Fix website build (#18061) As per title * i18n - docs translations (#18062) Created by Github action Co-authored-by: github-actions <github-actions@twenty.com> * Add Convoso call ingestion preprocessor for ingestion pipeline Introduces ConvosoCallPreprocessor that enriches call payloads with computed fields (direction, name, person/lead source resolution, billing) and filters incomplete/system payloads. Updates the preprocessor registry to support null returns for record skipping. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Wrap preprocessor in workspace context for DB access The preprocessor runs before processRecords which has its own workspace context. Preprocessors that access the database (like ConvosoCall and HealthSherpa) need workspace context to resolve repositories. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Migrate dropdown to jotai (#18063) Here we go again * Add incoming payload viewer to ingestion pipeline run history Stores the raw incoming webhook payload on each ingestion log entry and displays it in an expandable row in the Run History table. Clicking a row reveals the JSON payload and any errors. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * i18n - docs translations (#18067) Created by Github action Co-authored-by: github-actions <github-actions@twenty.com> * Bump @xyflow/react from 12.4.2 to 12.10.0 (#18070) Bumps [@xyflow/react](https://github.com/xyflow/xyflow/tree/HEAD/packages/react) from 12.4.2 to 12.10.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/xyflow/xyflow/releases"><code>@xyflow/react</code>'s releases</a>.</em></p> <blockquote> <h2><code>@xyflow/react</code><a href="https://github.com/12"><code>@12</code></a>.10.0</h2> <h3>Minor Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/xyflow/xyflow/pull/5637">#5637</a> <a href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a> Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>! - Add <code>zIndexMode</code> to control how z-index is calculated for nodes and edges</p> </li> <li> <p><a href="https://redirect.github.com/xyflow/xyflow/pull/5484">#5484</a> <a href="https://github.com/xyflow/xyflow/commit/a523919d6789995e9d0f3dd29b0b47fc3b8d8439"><code>a523919d6</code></a> Thanks <a href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Add <code>experimental_useOnNodesChangeMiddleware</code> hook</p> </li> </ul> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/xyflow/xyflow/pull/5629">#5629</a> <a href="https://github.com/xyflow/xyflow/commit/9030fab2df8285fdfb649bda6e1e885dfd228d45"><code>9030fab2d</code></a> Thanks <a href="https://github.com/AlaricBaraou"><code>@AlaricBaraou</code></a>! - Prevent unnecessary re-render in <code>FlowRenderer</code></p> </li> <li> <p><a href="https://redirect.github.com/xyflow/xyflow/pull/5592">#5592</a> <a href="https://github.com/xyflow/xyflow/commit/38dbf41c464550cc803b946a4ad1f46982385a03"><code>38dbf41c4</code></a> Thanks <a href="https://github.com/svilen-ivanov-kubit"><code>@svilen-ivanov-kubit</code></a>! - Always create a new measured object in apply changes.</p> </li> <li> <p><a href="https://redirect.github.com/xyflow/xyflow/pull/5635">#5635</a> <a href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a> Thanks <a href="https://github.com/tornado-softwares"><code>@tornado-softwares</code></a>! - Update an ongoing connection when user moves node with keyboard.</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>, <a href="https://github.com/xyflow/xyflow/commit/8598b6bc2a9d052b12d5215706382da0aa84827b"><code>8598b6bc2</code></a>, <a href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>]:</p> <ul> <li><code>@xyflow/system</code><a href="https://github.com/0"><code>@0</code></a>.0.74</li> </ul> </li> </ul> <h2><code>@xyflow/react</code><a href="https://github.com/12"><code>@12</code></a>.9.3</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/xyflow/xyflow/pull/5621">#5621</a> <a href="https://github.com/xyflow/xyflow/commit/c1304dba7a20bb8d74c7aceb23cd80b56e4c0482"><code>c1304dba7</code></a> Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>! - Set <code>paneClickDistance</code> default value to <code>1</code>.</p> </li> <li> <p><a href="https://redirect.github.com/xyflow/xyflow/pull/5578">#5578</a> <a href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a> Thanks <a href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Pass current pointer position to connection</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>]:</p> <ul> <li><code>@xyflow/system</code><a href="https://github.com/0"><code>@0</code></a>.0.73</li> </ul> </li> </ul> <h2><code>@xyflow/react</code><a href="https://github.com/12"><code>@12</code></a>.9.2</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/xyflow/xyflow/pull/5593">#5593</a> <a href="https://github.com/xyflow/xyflow/commit/a8ee089d7689d9a58113690c8e90e1c1e109602a"><code>a8ee089d7</code></a> Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>! - Reset selection box when user selects a node</li> </ul> <h2><code>@xyflow/react</code><a href="https://github.com/12"><code>@12</code></a>.9.1</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/xyflow/xyflow/pull/5572">#5572</a> <a href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a> Thanks <a href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Fix onPaneClick events being suppressed when selectionOnDrag=true</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>]:</p> <ul> <li><code>@xyflow/system</code><a href="https://github.com/0"><code>@0</code></a>.0.72</li> </ul> </li> </ul> <h2><code>@xyflow/react</code><a href="https://github.com/12"><code>@12</code></a>.9.0</h2> <h3>Minor Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/xyflow/xyflow/pull/5544">#5544</a> <a href="https://github.com/xyflow/xyflow/commit/c17b49f4c16167da3f791430163edd592159d27d"><code>c17b49f4c</code></a> Thanks <a href="https://github.com/0x0f0f0f"><code>@0x0f0f0f</code></a>! - Add <code>EdgeToolbar</code> component</p> </li> <li> <p><a href="https://redirect.github.com/xyflow/xyflow/pull/5550">#5550</a> <a href="https://github.com/xyflow/xyflow/commit/6ffb9f7901c32f5b335aee2517f41bf87f274f32"><code>6ffb9f790</code></a> Thanks <a href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Prevent child nodes of different parents from overlapping</p> </li> <li> <p><a href="https://redirect.github.com/xyflow/xyflow/pull/5551">#5551</a> <a href="https://github.com/xyflow/xyflow/commit/6bb64b3ed60f26c9ea8bc01c8d62fb9bf74cd634"><code>6bb64b3ed</code></a> Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>! - Allow to start a selection above a node</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/xyflow/xyflow/blob/main/packages/react/CHANGELOG.md"><code>@xyflow/react</code>'s changelog</a>.</em></p> <blockquote> <h2>12.10.0</h2> <h3>Minor Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/xyflow/xyflow/pull/5637">#5637</a> <a href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a> Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>! - Add <code>zIndexMode</code> to control how z-index is calculated for nodes and edges</p> </li> <li> <p><a href="https://redirect.github.com/xyflow/xyflow/pull/5484">#5484</a> <a href="https://github.com/xyflow/xyflow/commit/a523919d6789995e9d0f3dd29b0b47fc3b8d8439"><code>a523919d6</code></a> Thanks <a href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Add <code>experimental_useOnNodesChangeMiddleware</code> hook</p> </li> </ul> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/xyflow/xyflow/pull/5629">#5629</a> <a href="https://github.com/xyflow/xyflow/commit/9030fab2df8285fdfb649bda6e1e885dfd228d45"><code>9030fab2d</code></a> Thanks <a href="https://github.com/AlaricBaraou"><code>@AlaricBaraou</code></a>! - Prevent unnecessary re-render in <code>FlowRenderer</code></p> </li> <li> <p><a href="https://redirect.github.com/xyflow/xyflow/pull/5592">#5592</a> <a href="https://github.com/xyflow/xyflow/commit/38dbf41c464550cc803b946a4ad1f46982385a03"><code>38dbf41c4</code></a> Thanks <a href="https://github.com/svilen-ivanov-kubit"><code>@svilen-ivanov-kubit</code></a>! - Always create a new measured object in apply changes.</p> </li> <li> <p><a href="https://redirect.github.com/xyflow/xyflow/pull/5635">#5635</a> <a href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a> Thanks <a href="https://github.com/tornado-softwares"><code>@tornado-softwares</code></a>! - Update an ongoing connection when user moves node with keyboard.</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>, <a href="https://github.com/xyflow/xyflow/commit/8598b6bc2a9d052b12d5215706382da0aa84827b"><code>8598b6bc2</code></a>, <a href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>]:</p> <ul> <li><code>@xyflow/system</code><a href="https://github.com/0"><code>@0</code></a>.0.74</li> </ul> </li> </ul> <h2>12.9.3</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/xyflow/xyflow/pull/5621">#5621</a> <a href="https://github.com/xyflow/xyflow/commit/c1304dba7a20bb8d74c7aceb23cd80b56e4c0482"><code>c1304dba7</code></a> Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>! - Set <code>paneClickDistance</code> default value to <code>1</code>.</p> </li> <li> <p><a href="https://redirect.github.com/xyflow/xyflow/pull/5578">#5578</a> <a href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a> Thanks <a href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Pass current pointer position to connection</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>]:</p> <ul> <li><code>@xyflow/system</code><a href="https://github.com/0"><code>@0</code></a>.0.73</li> </ul> </li> </ul> <h2>12.9.2</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/xyflow/xyflow/pull/5593">#5593</a> <a href="https://github.com/xyflow/xyflow/commit/a8ee089d7689d9a58113690c8e90e1c1e109602a"><code>a8ee089d7</code></a> Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>! - Reset selection box when user selects a node</li> </ul> <h2>12.9.1</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/xyflow/xyflow/pull/5572">#5572</a> <a href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a> Thanks <a href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Fix onPaneClick events being suppressed when selectionOnDrag=true</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>]:</p> <ul> <li><code>@xyflow/system</code><a href="https://github.com/0"><code>@0</code></a>.0.72</li> </ul> </li> </ul> <h2>12.9.0</h2> <h3>Minor Changes</h3> <ul> <li><a href="https://redirect.github.com/xyflow/xyflow/pull/5544">#5544</a> <a href="https://github.com/xyflow/xyflow/commit/c17b49f4c16167da3f791430163edd592159d27d"><code>c17b49f4c</code></a> Thanks <a href="https://github.com/0x0f0f0f"><code>@0x0f0f0f</code></a>! - Add <code>EdgeToolbar</code> component</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/xyflow/xyflow/commit/c0ed3c33a3498877ab2a5755299ff84ee659782e"><code>c0ed3c3</code></a> chore(packages): bump</li> <li><a href="https://github.com/xyflow/xyflow/commit/83a312b2e1691a44223536653689f8f99f0d5b24"><code>83a312b</code></a> chore(zIndexMode): use basic as default</li> <li><a href="https://github.com/xyflow/xyflow/commit/14fd41b1f153406f1a21a61bf98ea07ad8275ec6"><code>14fd41b</code></a> change default back to elevateEdgesOnSelect=false and zIndexMode=basic</li> <li><a href="https://github.com/xyflow/xyflow/commit/3680a6a0e623e19d1f983515273f11bdd355ec86"><code>3680a6a</code></a> Merge branch 'main' into feat/zindexmode</li> <li><a href="https://github.com/xyflow/xyflow/commit/a523919d6789995e9d0f3dd29b0b47fc3b8d8439"><code>a523919</code></a> chore(middleware): cleanup</li> <li><a href="https://github.com/xyflow/xyflow/commit/e4e3605d62c8c710fe7ddb2ec3929af0a7962a6b"><code>e4e3605</code></a> Merge branch 'main' into middlewares</li> <li><a href="https://github.com/xyflow/xyflow/commit/2c05b3224a13e896dfb9a0c93f3af7bb592afc45"><code>2c05b32</code></a> Merge branch 'feat/zindexmode' of github.com:xyflow/xyflow into feat/zindexmode</li> <li><a href="https://github.com/xyflow/xyflow/commit/ddbb9280f6242794187205a207e993e2c721c244"><code>ddbb928</code></a> chore(examples): add zindexmode</li> <li><a href="https://github.com/xyflow/xyflow/commit/9faca3357d5db68fdad6c96de06fd66dd1d0ba64"><code>9faca33</code></a> Merge branch 'main' into feat/zindexmode</li> <li><a href="https://github.com/xyflow/xyflow/commit/4eb42952f01b947c9d36c25e6b30b7bd98224632"><code>4eb4295</code></a> feat(svelte): add zIndexMode</li> <li>Additional commits viewable in <a href="https://github.com/xyflow/xyflow/commits/@xyflow/react@12.10.0/packages/react">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump eslint-config-next from 14.2.33 to 14.2.35 (#18069) Bumps [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) from 14.2.33 to 14.2.35. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel/next.js/commit/7b940d9ce96faddb9f92ff40f5e35c34ace04eb2"><code>7b940d9</code></a> v14.2.35</li> <li><a href="https://github.com/vercel/next.js/commit/f3073688ce18878a674fdb9954da68e9d626a930"><code>f307368</code></a> v14.2.34</li> <li>See full diff in <a href="https://github.com/vercel/next.js/commits/v14.2.35/packages/eslint-config-next">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump @emotion/is-prop-valid from 1.3.0 to 1.4.0 (#18068) Bumps [@emotion/is-prop-valid](https://github.com/emotion-js/emotion) from 1.3.0 to 1.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/emotion-js/emotion/releases"><code>@emotion/is-prop-valid</code>'s releases</a>.</em></p> <blockquote> <h2><code>@emotion/is-prop-valid</code><a href="https://github.com/1"><code>@1</code></a>.4.0</h2> <h3>Minor Changes</h3> <ul> <li><a href="https://redirect.github.com/emotion-js/emotion/pull/3306">#3306</a> <a href="https://github.com/emotion-js/emotion/commit/dfae1cbd98d3ebe449ce322b38cbf4a7fbfbfe96"><code>dfae1cb</code></a> Thanks <a href="https://github.com/EnzoAlbornoz"><code>@EnzoAlbornoz</code></a>! - Adds <code>popover</code>, <code>popoverTarget</code> and <code>popoverTargetAction</code> to the list of allowed props.</li> </ul> <h2><code>@emotion/is-prop-valid</code><a href="https://github.com/1"><code>@1</code></a>.3.1</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/emotion-js/emotion/pull/3093">#3093</a> <a href="https://github.com/emotion-js/emotion/commit/532ff57cafd8ba04f3b624074556ea47ec76fc9a"><code>532ff57</code></a> Thanks <a href="https://github.com/codejet"><code>@codejet</code></a>, <a href="https://github.com/DustinBrett"><code>@DustinBrett</code></a>! - Adds <code>fetchpriority</code> and <code>fetchPriority</code> to the list of allowed props.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/emotion-js/emotion/commit/38db311adf024fe8a24b57c687824c47abbd0957"><code>38db311</code></a> Version Packages (<a href="https://redirect.github.com/emotion-js/emotion/issues/3347">#3347</a>)</li> <li><a href="https://github.com/emotion-js/emotion/commit/dfae1cbd98d3ebe449ce322b38cbf4a7fbfbfe96"><code>dfae1cb</code></a> Adds <code>popover</code>, <code>popoverTarget</code> and <code>popoverTargetAction</code> to the list of allo...</li> <li><a href="https://github.com/emotion-js/emotion/commit/49229553967b6050c92d9602eb577bdc48167e91"><code>4922955</code></a> Version Packages (<a href="https://redirect.github.com/emotion-js/emotion/issues/3335">#3335</a>)</li> <li><a href="https://github.com/emotion-js/emotion/commit/0facbe47bd9099ae4ed22dc201822d910ac3dec5"><code>0facbe4</code></a> Renamed default-exported variable in <code>@emotion/styled</code> to aid inferred import...</li> <li><a href="https://github.com/emotion-js/emotion/commit/cce67ec6b2fc94261028b4f4778aae8c3d6c5fd6"><code>cce67ec</code></a> Bump parcel (<a href="https://redirect.github.com/emotion-js/emotion/issues/3258">#3258</a>)</li> <li><a href="https://github.com/emotion-js/emotion/commit/3c19ce5997f73960679e546af47801205631dfde"><code>3c19ce5</code></a> Version Packages (<a href="https://redirect.github.com/emotion-js/emotion/issues/3280">#3280</a>)</li> <li><a href="https://github.com/emotion-js/emotion/commit/a19d019bd418ebc3b9cba0e58f58b36ac2862a42"><code>a19d019</code></a> Convert <code>@emotion/styled</code>'s source code to TypeScript (<a href="https://redirect.github.com/emotion-js/emotion/issues/3284">#3284</a>)</li> <li><a href="https://github.com/emotion-js/emotion/commit/5974e33fcb5e7aee177408684ac6fe8b38b3e353"><code>5974e33</code></a> Fix JSX namespace <a href="https://github.com/ts-ignores"><code>@ts-ignores</code></a> (<a href="https://redirect.github.com/emotion-js/emotion/issues/3282">#3282</a>)</li> <li><a href="https://github.com/emotion-js/emotion/commit/fc4d7bd744c205f55513dcd4e4e5134198c219de"><code>fc4d7bd</code></a> Convert <code>@emotion/react</code>'s source code to TypeScript (<a href="https://redirect.github.com/emotion-js/emotion/issues/3281">#3281</a>)</li> <li><a href="https://github.com/emotion-js/emotion/commit/8dc1a6dd19d2dc9ce435ef0aff85ccf5647f5d2e"><code>8dc1a6d</code></a> Convert <code>@emotion/cache</code>'s source code to TypeScript (<a href="https://redirect.github.com/emotion-js/emotion/issues/3277">#3277</a>)</li> <li>Additional commits viewable in <a href="https://github.com/emotion-js/emotion/compare/@emotion/is-prop-valid@1.3.0...@emotion/is-prop-valid@1.4.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * FILES field - Attachment name display fix (#18073) with new 'file' FILES field on attachment, UI should display attachment name from file field value. Issue with API users updating only 'file' FILES field (and not name field anymore) * Add objectRecordCounts query to /metadata endpoint (#18054) ## Summary - Adds an `objectRecordCounts` query on the `/metadata` GraphQL endpoint that returns approximate record counts for all objects in the workspace - Uses PostgreSQL's `pg_class.reltuples` catalog stats — a single instant query instead of N `COUNT(*)` table scans - Replaces the previous `CombinedFindManyRecords` approach which hit the server's 20 root resolver limit and silently showed 0 for all counts on the settings Data Model page ### Server - `ObjectRecordCountDTO` — GraphQL type with `objectNamePlural` and `totalCount` - `ObjectRecordCountService` — reads `pg_class` catalog for the workspace schema - Query added to `ObjectMetadataResolver` with `@MetadataResolver()` + `NoPermissionGuard` ### Frontend - `OBJECT_RECORD_COUNTS` query added to `object-metadata/graphql/queries.ts` - `useCombinedGetTotalCount` simplified to a zero-argument hook using the new query - `SettingsObjectTable` simplified to a single hook call --------- Co-authored-by: Cursor <cursoragent@cursor.com> * Refactor and standardize `isSystem` field and object (#17992) # Introduction ## Centralize system field definitions - Extract a single `PARTIAL_SYSTEM_FLAT_FIELD_METADATAS` constant as the source of truth for all 8 system fields (`id`, `createdAt`, `updatedAt`, `deletedAt`, `createdBy`, `updatedBy`, `position`, `searchVector`), eliminating duplication across custom object and standard app field builders - Refactor `buildDefaultFlatFieldMetadatasForCustomObject` to use the shared constant via a new `buildObjectSystemFlatFieldMetadatas` helper ## Mark system fields as `isSystem: true` - Fields `id`, `createdAt`, `updatedAt`, `deletedAt`, `createdBy`, `updatedBy`, `position`, `searchVector` are now properly flagged as system fields across all standard objects and custom object creation - Standard app field builders for all ~30 standard objects updated to set `isSystem: true` on `createdAt`, `updatedAt`, `deletedAt`, `createdBy`, `updatedBy` - System-only standard objects (blocklist, calendar channels, message threads, etc.) now also include `createdBy`, `updatedBy`, `position`, `searchVector` field definitions that were previously missing ## Validate system fields on object creation - New transversal validation (`crossEntityTransversalValidation`) runs after all atomic entity validations in the build orchestrator, ensuring all 8 system fields are present with correct `type` and `isSystem: true` when an object is created - New `buildUniversalFlatObjectFieldByNameAndJoinColumnMaps` utility to resolve field names to universal identifiers for a given object - New exception codes: `MISSING_SYSTEM_FIELD` and `INVALID_SYSTEM_FIELD` on `ObjectMetadataExceptionCode` ## Protect system fields and objects from mutation - Field validators now block update/delete of `isSystem` fields by non-system callers (`FIELD_MUTATION_NOT_ALLOWED`) - Object validators now block update/delete of `isSystem` objects by non-system callers - `POSITION` and `TS_VECTOR` field type validators replaced: instead of rejecting creation outright, they now validate that the field is named correctly (`position` / `searchVector`) and has `isSystem: true` ## Distinguish `isSystemBuild` from `isCallerTwentyStandardApp` - New `isCallerTwentyStandardApp` utility checks whether the caller's `applicationUniversalIdentifier` matches the twenty standard app - Name-sync logic (`isFlatFieldMetadataNameSyncedWithLabel`, `areFlatObjectMetadataNamesSyncedWithLabels`) refactored to use `isCallerTwentyStandardApp` for custom suffix decisions, keeping `isSystemBuild` for mutation permission checks - `WorkspaceMigrationBuilderOptions` type updated to include `applicationUniversalIdentifier` ## Adapt frontend filtering - New `HIDDEN_SYSTEM_FIELD_NAMES` constant (`id`, `position`, `searchVector`) and `isHiddenSystemField` utility to only hide truly internal fields while keeping user-facing system fields (`createdAt`, `updatedAt`, `deletedAt`, `createdBy`, `updatedBy`) visible in the UI - ~20 frontend files updated to replace `!field.isSystem` checks with `!isHiddenSystemField(field)` across record index, settings, data model, charts, workflows, spreadsheet import, aggregations, and role permissions ## Add 1.19 upgrade commands - **`backfill-system-fields-is-system`**: Raw SQL command to set `isSystem = true` on existing workspace fields matching system field names, and fix `position` field type from `NUMBER` to `POSITION` for `favorite`/`favoriteFolder` objects. Includes proper cache invalidation. - **`add-missing-system-fields-to-standard-objects`**: Codegen'd workspace migration to create missing `position`, `searchVector`, `createdBy`, `updatedBy` fields on standard objects that didn't previously have them. Runs via `WorkspaceMigrationRunnerService` in a single transaction with idempotency check. **Known limitation**: assumes all standard objects exist and are valid in the target workspace. ## Add `universalIdentifier` for system fields in standard object constants - `standard-object.constant.ts` updated to include `universalIdentifier` for `createdBy`, `updatedBy`, `position`, and `searchVector` across all standard objects - `fieldManifestType.ts` updated to support the new field manifest shape ## System relation Completely removed and backfilled all `isSystem` relation to be false false As we won't require an object to have any relation system fields ## Add integration tests - New test suite `failing-sync-application-object-system-fields` covering: missing system fields, wrong field types (`id` as TEXT, `createdAt` as TEXT, `position` as TEXT), system field deletion attempts, and system field update attempts - New test utilities: `buildDefaultObjectManifest` (builds an object manifest with all 8 system fields) and `setupApplicationForSync` (centralizes application setup) - Existing successful sync test updated to verify system fields are created with correct properties ## Next step Make the builder scope the compared entity to be the currently built app + nor twenty standard app * i18n - translations (#18079) Created by Github action --------- Co-authored-by: github-actions <github-actions@twenty.com> * fix: remove the error message for test failure in ci-front (#18076) Introduced an error message on twenty-front CI earlier to try and inform the user that test failure could be a coverage issue if no individual test was failing. However, it led to the assumption that it must be coverage failure in all cases even when it was test failure leading to the CI being red. This PR reverts the change. * Keep migrating to jotai (#18064) And we continue! * Remove non positive integer constraint on Nav Menu Item (#18081) To fit with position typed field logic + Ease favorite to nav menu item migration (which have negative and float position) * i18n - translations (#18086) Created by Github action --------- Co-authored-by: github-actions <github-actions@twenty.com> * Refactor message backfill command (#18078) # Introduction Atomically create the field and object to be created And avoid synchronizing unrelated non up to date object and fields Followup https://github.com/twentyhq/twenty/pull/17398 * Migrate more to Jotai (#18087) Continue jotai migration * Factorize and add public-assets/*path endpoint (#18080) as title * Twenty standard app static options id (#18089) # Introduction While preparing the twenty-standard as code migration to twenty-app through sdk I've faced permanent field enum update as the id was generated dynamically at each twenty standard app construction Making them deterministic in order to avoid having this noise Won't backfill this on existing workspace as it's not critical and that we will rework the options in the future * Create LLMS.md on create-twenty-app (#18091) Managed to create a many to many app with minimal instructions. File will need to be enriched with more pitfalls. --------- Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * Fix google compose scope not gated by feature flag (#18093) ## Context New google api scope has been introduced in https://github.com/twentyhq/twenty/pull/17793 without being gated behind a feature flag Microsoft is using pre-existing Mail.ReadWrite scope there is nothing to gate ## Before <img width="553" height="445" alt="Screenshot 2026-02-19 at 14 57 58" src="https://github.com/user-attachments/assets/59a4f76b-d38d-492f-b013-b6cad4091a7f" /> ## After <img width="535" height="392" alt="Screenshot 2026-02-19 at 14 58 44" src="https://github.com/user-attachments/assets/0337bf15-ec30-4549-bb9d-571a982dffd8" /> * Remove non positive integer constraint on Nav Menu Item 2/2 (#18090) Follow up https://github.com/twentyhq/twenty/pull/18081 * Resolve lead source from list_id via Convoso Lists API When source_name is missing from the call payload (common with Convoso Call Log API data), fall back to resolving the list_id to a list name via the Convoso Lists API. The list map is cached in-memory for 10 minutes. The resolved name is used for lead source creation, call name computation, and billing matching. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * [FRONT COMPONENTS] Declare command menu items in front components (#18047) ## Description - Adds support for declaring command menu items directly within `defineFrontComponent` via an optional command config property - Introduces a new `CommandMenuItemManifest` type in twenty-shared and wires it through the manifest build pipeline ## Example Of usage ```tsx import { defineFrontComponent } from "twenty-sdk"; const TestAction = () => { return <div>Test Action</div>; }; export default defineFrontComponent({ universalIdentifier: "6c289461-0007-4a62-a99f-69e5c11a4ce7", name: "test-action", description: "Test Action", component: TestAction, command: { universalIdentifier: "c07df864-495f-46f3-9f5b-9d3ce2589e9b", label: "Run My Action", icon: "IconBolt", isPinned: false, }, }); ``` ## Video QA https://github.com/user-attachments/assets/f910fc6a-44a9-45d1-87c5-f0ce64bb3878 * Fix: add a new style to the target text box (#18065) ### Approach I add some new rules for the style of the target text box. (Fix: #13229 ) <img width="842" height="545" alt="target class" src="https://github.com/user-attachments/assets/7cd0a615-392a-493b-831f-77ddb93de5fc" /> **This is what it looks like now.** <img width="320" height="224" alt="image" src="https://github.com/user-attachments/assets/26514102-e684-49ce-915d-43e5677520a5" /> * Add CONVOSO_API_TOKEN to Helm staging values and worker extraEnv support Adds extraEnv iteration to the worker deployment template (matching the existing server template pattern) and configures CONVOSO_API_TOKEN on both server and worker for the staging environment. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Use K8s secret for CONVOSO_API_TOKEN instead of hardcoded value Adds extraEnvSecrets support to both server and worker Helm templates, allowing env vars to be sourced from Kubernetes secrets via secretKeyRef. The Convoso API token is now stored in a convoso-credentials secret rather than being hardcoded in the values file. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add showInSidebar per-role permission to replace hardcoded sidebar filter Adds a new `showInSidebar` boolean on ObjectPermission and a global `showAllObjectsInSidebar` toggle on Role, following the same pattern as canReadObjectRecords/canUpdateObjectRecords. The sidebar now filters items based on this permission instead of the hardcoded MEMBER_VISIBLE_OBJECTS set. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Switch Convoso call pipeline to pull mode with date range params and preprocessor Convoso Connect webhooks send lead data regardless of event type, so the push pipeline doesn't receive call records. This switches to polling the Convoso Call Log API (/v1/log/retrieve) on a cron schedule, matching the old Cloudflare Worker approach. - Add dateRangeParams to SourceRequestConfig for dynamic time-window queries - Add envVar support to QueryParamAuthConfig for runtime env-based auth tokens - Wire preprocessor + workspace context into IngestionPullJob (same as push job) - Include SQL script to update pipeline config in staging DB Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore: upgrade @swc/core to 1.15.11 and align SWC ecosystem (#18088) ## Summary - Upgrades `@swc/core` from 1.13.3 to **1.15.11** (swc_core v56), which introduces CBOR-based plugin serialization replacing rkyv, eliminating strict version-matching between SWC core and Wasm plugins - Upgrades `@lingui/swc-plugin` from ^5.6.0 to **^5.11.0** (swc_core 50.2.3, built with `--cfg=swc_ast_unknown` for cross-version compatibility) - Upgrades `@swc/plugin-emotion` from 10.0.4 to **14.6.0** (swc_core 53, also with backward-compat feature) - Upgrades companion packages: `@swc-node/register` 1.8.0 → 1.11.1, `@swc/helpers` ~0.5.2 → ~0.5.18, `@vitejs/plugin-react-swc` 3.11.0 → 4.2.3 ### Why this is safe now Starting from `@swc/core v1.15.0`, SWC replaced the rkyv serialization scheme with CBOR (a self-describing format) and added `Unknown` AST enum variants. Plugins built with …
walmat
added a commit
to Omnia-Insurance/crm
that referenced
this pull request
Feb 26, 2026
* Add configurable ingestion pipeline system for no-code data import
Introduces a generalized pipeline system that replaces hardcoded webhook workers
with a configurable approach. Supports push (webhook) and pull (scheduled fetch)
modes with field mapping, transforms, relation resolution, and dedup/upsert.
Backend: NestJS module with entities, GraphQL resolvers, BullMQ jobs, per-pipeline
rate limiting (100 req/min via ThrottlerService), and 100 tests across 12 suites.
Frontend: Settings UI for pipeline CRUD, field mapping editor, dry-run testing,
and run history.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add configurable ingestion pipeline system for no-code data import
Introduces a generalized pipeline system that replaces hardcoded webhook workers
with a configurable approach. Supports push (webhook) and pull (scheduled fetch)
modes with field mapping, transforms, relation resolution, and dedup/upsert.
Backend: NestJS module with entities, GraphQL resolvers, BullMQ jobs, per-pipeline
rate limiting (100 req/min via ThrottlerService), and 100 tests across 12 suites.
Frontend: Settings UI for pipeline CRUD, field mapping editor, dry-run testing,
and run history.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix DB replication: disable triggers during restore, fix refreshToken table name
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix DB replication: enable pgcrypto extension for gen_random_bytes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix connected account permissions (#17598)
Fixes #17411
---------
Co-authored-by: neo773 <neo773@protonmail.com>
Co-authored-by: neo773 <62795688+neo773@users.noreply.github.com>
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* i18n - docs translations (#18017)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* Add Google OAuth callback URLs for staging domain
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix staging OAuth: rewrite prod domain in DB config during replication
Twenty's config system gives DB values priority over env vars, so we need
to rewrite crm.omniaagent.com -> staging-crm.omniaagent.com in the
configVariable table after replicating prod data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix config URL rewrite: use correct keyValuePair table with jsonb cast
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* i18n - docs translations (#18020)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Files command - fixes (#18016)
- Fixed "property entity not found" error when updating/creating a new
field and querying the same object repository just after
- Downgraded log type for unnecessary migration
* Date & DateTime validation fixes / improvements (#18009)
Fixes https://github.com/twentyhq/twenty/issues/17138
- Backend should have strict date/dateTime format validation
- FE in import csv is more permissive
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
* fixes: loosen up front validation, add resolveEntityRelationUniversalIdentifiers to update and restore (#18015)
closes https://github.com/twentyhq/private-issues/issues/419
* New field creates fields widget field (#18022)
## Context
Introducing "NewFieldDefaultConfiguration" to FIELDS widget
configurations
```typescript
{
isVisible: boolean;
viewFieldGroupId: string | null;
}
```
This configuration will define where a new field should be added (which
section) and its default visibility inside FIELDS widget views.
The new field position should always be at the end (meaning the last
position for the view fields OR the last position of a viewFieldGroup)
See "New fields" on this screenshot
<img width="401" height="724" alt="Layout V1"
src="https://github.com/user-attachments/assets/4969bcaa-f244-4504-8947-778a02c24c47"
/>
* App feedbacks (#18028)
as title
* Add SSE for metadata and plug front components (#17998)
Create the necessary tooling to listen to metadata events and plug it to
the front components. Now we have a hot reload like experience when we
edit a component in an app.
## Backend
- Split `EventWithQueryIds` into `ObjectRecordEventWithQueryIds` and
`MetadataEventWithQueryIds`
- Publish metadata event batches to active SSE streams in
`MetadataEventsToDbListener`
## Frontend
- Create a metadata event dispatching pipeline: SSE metadata events are
grouped by metadata name, transformed into
`MetadataOperationBrowserEventDetail` objects, and dispatched as browser
`CustomEvents`
- Add `useListenToMetadataOperationBrowserEvent` hook for consuming
metadata operation events filtered by metadata name and operation type
- Rename `useListenToObjectRecordEventsForQuery` to
`useListenToEventsForQuery`, now accepting both
`RecordGqlOperationSignature` and `MetadataGqlOperationSignature`
- Implement `useOnFrontComponentUpdated` which subscribes to front
component metadata events and updates the Apollo cache when the
component is modified
- Add `builtComponentChecksum` to the front component query and appends
it to the component URL for browser cache invalidation
* Improve API Client usage and add Typescript check (#18023)
## Summary
https://github.com/user-attachments/assets/1e75cc9d-d9d2-4ef2-99f9-34450f5d8de7
Add background incremental type checking (`tsc --watch`) to the SDK dev
mode, so type regressions are caught when the generated API client
changes — without requiring a full rebuild of source files.
Previously, removing a field from the data model would regenerate the
API client, but existing front components/logic functions referencing
the removed field wouldn't surface type errors (since their source
didn't change, esbuild wouldn't rebuild them).
## What changed
- **Background `tsc --watch`**: a long-lived TypeScript watcher runs
alongside esbuild watchers, incrementally re-checking all files when the
generated client changes. Only logs on state transitions (errors appear
/ errors clear) to stay quiet.
- **Atomic client generation**: API client is now generated into a temp
directory and swapped in atomically, avoiding a race condition where
`tsc --watch` could see an empty `generated/` directory
mid-regeneration.
- **Step decoupling**: orchestrator steps no longer receive
`uploadFilesStep` directly. Instead, they use callbacks (`onFileBuilt`,
`onApiClientGenerated`), and each step manages its own `builtFileInfos`
state.
- **`apiClientChecksum` omitted from `ApplicationConfig`**: it's a
build-time computed value, same as `packageJsonChecksum`.
<img width="327" height="177" alt="image"
src="https://github.com/user-attachments/assets/02bd25bb-fa41-42b0-8d96-01c51bd4580c"
/>
<img width="529" height="452" alt="image"
src="https://github.com/user-attachments/assets/61f6e968-365b-4a5b-8f2b-a8419d6b1bd3"
/>
* i18n - translations (#18029)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* v1.18 - Fix command (#18032)
Same as here https://github.com/twentyhq/twenty/pull/18016
* Fix Gmail thread awareness for custom labels (#18031)
This fixes two edge cases for Gmail
- When policy was set to `SELECTED_FOLDERS` excluding root INBOX, it
missed label changes, so messages with newly applied labels weren't
imported until a full resync.
- Gmail thread replies by default by default do no inherit parent
message's label properties so thread context was also lost because only
individually labeled messages were returned, dropping earlier parts of
the conversation.
Fixed by subscribing to `labelAdded`/`labelRemoved` history events and
fetching full thread context when at least one message in a thread
carries a synced label. `ALL_FOLDERS` path is untouched.
* Allow DATE_TIME IS operand to filter on a whole day (#17529)
Fixes: https://github.com/twentyhq/core-team-issues/issues/2027
We've replaced the DATE_TIME picker with DATE picker, and changed the
logic to filter for complete day period.
https://github.com/user-attachments/assets/ba7e1078-bab3-4c62-a803-d6a851f14b7d
---------
Co-authored-by: Arun kumar <arunkumar@Aruns-MacBook-Air.local>
Co-authored-by: Lucas Bordeau <bordeau.lucas@gmail.com>
* Replace generic "Unknown error" messages with descriptive error details (#18019)
## Summary
- Replace all generic `"Unknown error"` fallback messages across the
server codebase with messages that include the actual error details
- The most impactful change is in `guard-redirect.service.ts`, which
handles OAuth redirect errors — non-`AuthException` errors (e.g.,
passport state verification failures) now show `"Authentication error:
<actual message>"` instead of the opaque `"Unknown error"`
- Gmail/Google error handler services now include the error message in
the thrown exception instead of discarding it
- Other catch blocks (workflow delay resume, migration runner rollback,
code interpreter, marketplace) now use `String(error)` for non-Error
objects instead of a static fallback
Fixes the class of issues reported in
https://github.com/twentyhq/twenty/issues/17812, where a user saw
"Unknown error" during Google OAuth and had no way to diagnose the root
cause (which turned out to be a session cookie / SSL configuration
issue).
## Test plan
- [ ] Verify OAuth error flows (e.g., Google Auth with misconfigured
callback URL) now display the actual error message on the `/verify` page
instead of "Unknown error"
- [ ] Verify Gmail sync error handling still correctly classifies and
re-throws errors with descriptive messages
- [ ] Verify workflow delay resume failures include the error details in
the workflow run status
Made with [Cursor](https://cursor.com)
Co-authored-by: Cursor <cursoragent@cursor.com>
* Use proper PostgreSQL identifier/literal escaping in workspace DDL (#18024)
## Summary
- Replace the character-stripping approach (`removeSqlDDLInjection`)
with standard PostgreSQL `escapeIdentifier` and `escapeLiteral`
functions across all workspace schema manager services
- Add missing identifier escaping to `createForeignKey` (was the only
method in the FK manager without it)
- Add allowlist validation for index WHERE clauses and FK action types
- Harden tsvector expression builder with proper identifier quoting
## Context
The workspace schema managers build DDL dynamically from metadata (table
names, column names, enum values, etc.). The previous approach stripped
all non-alphanumeric characters — safe but lossy (silently corrupts
values with legitimate special characters). The new approach uses
PostgreSQL's standard escaping:
- **Identifiers**: double internal `"` and wrap → `"my""table"` (same
algorithm as `pg` driver's `escapeIdentifier`)
- **Literals**: double internal `'` and wrap → `'it''s a value'` (same
algorithm as `pg` driver's `escapeLiteral`)
`removeSqlDDLInjection` is kept only for name generation (e.g.,
`computePostgresEnumName`) where stripping to `[a-zA-Z0-9_]` is the
correct behavior.
## Files changed
| File | What |
|------|------|
| `remove-sql-injection.util.ts` | Added `escapeIdentifier` +
`escapeLiteral` |
| `validate-index-where-clause.util.ts` | New — allowlist for partial
index WHERE clauses |
| 5 schema manager services | Replaced strip+manual-quote with
`escapeIdentifier`/`escapeLiteral` |
| `build-sql-column-definition.util.ts` | `escapeIdentifier` for column
names, validated `generatedType` |
| `sanitize-default-value.util.ts` | `escapeLiteral` instead of
stripping |
| `serialize-default-value.util.ts` | `escapeLiteral` for values,
`escapeIdentifier` for enum casts |
| `get-ts-vector-column-expression.util.ts` | `escapeIdentifier` for
field names in expressions |
| `sanitize-default-value.util.spec.ts` | Updated tests for escape
behavior |
## Test plan
- [x] All 64 existing tests pass across 6 test suites
- [x] `lint:diff-with-main` passes
- [x] TypeScript typecheck — no new errors
- [ ] Verify workspace sync-metadata still works end-to-end
- [ ] Verify custom object/field creation works
- [ ] Verify enum field option changes work
Made with [Cursor](https://cursor.com)
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* Fixes - Workspace logo migration (#18035)
- Update migration command to handle case where workspace logo is
originated from workspace email and point to twenty-icons.com
- Update same logic for new workspaces
- Add feature-flag for all newly created workspaces
* [Chore] : Generate migration for DATE_TIME to DATE for DATE_TIME + IS operand filters (#17564)
migration command in response to the fix :
https://github.com/twentyhq/twenty/pull/17529 for the issue
https://github.com/twentyhq/core-team-issues/issues/2027
---------
Co-authored-by: Arun kumar <arunkumar@Aruns-MacBook-Air.local>
Co-authored-by: Lucas Bordeau <bordeau.lucas@gmail.com>
* Share APP_SECRET from prod to staging for encrypted config decryption
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* 2094 extensibility define postinstall orand preinstall function to run in application (#18037)
- add a new optional key `postInstallLogicFunctionUniversalIdentifier`
in applicationConfig
- seed postInstall function in create-twenty-app
- update execute:function options
- update doc
* Fix tokens secret copy: use replace --force to overwrite Helm-managed secret
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Nav Menu Item Migration command fix (#18041)
* Fix tokens secret sync: delete+create instead of replace to avoid Helm conflicts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Increase Helm timeout to 15m, remove cleanup-on-fail for staging
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* i18n - docs translations (#18040)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Sync page Layout (#18034)
## Sync page layouts, tabs, and widgets
Adds the ability for SDK applications to synchronize `pageLayout`,
`pageLayoutTab`, and `pageLayoutWidget` entities, following the same
pattern established in #18003 for views and navigation menu items.
### Changes
**`twenty-shared`**
- New `PageLayoutManifest`, `PageLayoutTabManifest`, and
`PageLayoutWidgetManifest` types with a hierarchical structure (page
layout → tabs → widgets)
- Added `pageLayouts: PageLayoutManifest[]` to the `Manifest` type
**`twenty-sdk`**
- New `definePageLayout()` SDK function with validation for
universalIdentifier, name, and nested tabs/widgets
- Wired into the manifest extraction and build pipeline
(`DefinePageLayout` target function, `PageLayouts` entity key)
- Exported from the SDK entry point
**`twenty-server`**
- Added `pageLayout`, `pageLayoutTab`, `pageLayoutWidget` to
`APPLICATION_MANIFEST_METADATA_NAMES`
- New conversion utilities: manifest → universal flat entity for all
three entity types
- Updated `computeApplicationManifestAllUniversalFlatEntity
* Fix tokens secret sync: patch existing secret instead of delete+recreate
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix tokens secret: patch existing or create new, keep Helm create as fallback
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix ingestion pipeline UI: compile Lingui i18n catalogs and stop scrambling emails on staging
Lingui message extraction and compilation was never run for the ingestion
pipeline files, causing all UI labels to show garbled hash IDs. Also removes
email scrambling from the DB replication script since staging is a private
environment used by the same team - scrambling caused userId mismatches that
blocked Google OAuth login.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add example in create-twenty-app (#18043)
- add interactive mode to create-twenty-app
- by default create an example for each entities
<img width="1181" height="168" alt="image"
src="https://github.com/user-attachments/assets/a2490d8f-66a1-4cd5-bf41-57166cc20a1e"
/>
* i18n - docs translations (#18048)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Add missing objects to rich app integration tests (#18039)
Updating rich app so it also create:
- a many to many relation
- views
- navigation items
The app was built successfully.
Will still be missing front component examples
<img width="1498" height="660" alt="Capture d’écran 2026-02-18 à 17 47
25"
src="https://github.com/user-attachments/assets/acd5193f-3a36-4eb7-8276-3154e4e60f5e"
/>
* Refactor page layout types (#18042)
## Refactor page layout widget types into shared package and expose from
SDK
### Why
Widget configuration types were defined only on the server, forcing SDK
consumer apps to import from deep internal `twenty-shared/dist` paths —
fragile and breaks on structural changes. Server DTOs also had no
compile-time guarantee they matched the canonical types.
### What changed
- **`twenty-shared`**: Migrated `ChartFilter`, `GridPosition`,
`RatioAggregateConfig` and all 20 widget configuration variants into
`twenty-shared/types`. `PageLayoutWidgetConfiguration` (base, with
`SerializedRelation`) and `PageLayoutWidgetUniversalConfiguration`
(derived via `FormatRecordSerializedRelationProperties`) are now the
single source of truth.
- **`twenty-sdk`**: Re-exported `AggregateOperations`,
`ObjectRecordGroupByDateGranularity`, `PageLayoutTabLayoutMode`, and
`PageLayoutWidgetUniversalConfiguration` so consumer apps import from
`twenty-sdk` directly.
- **`twenty-server`**: All widget DTOs now `implements` their shared
type for compile-time enforcement. Added helpers to convert nested
`fieldMetadataId` ↔ `fieldMetadataUniversalIdentifier` inside chart
filters. Removed redundant local type re-exports.
* refactor workflow action messaging with callout (#18038)
## Summary
- remove the dedicated `WorkflowMessage` component and story
- update workflow action editor components to use the shared callout
patterns
- adjust `Callout` and its stories to support the new usage in workflow
actions
## Before/After
<img width="525" height="548" alt="image"
src="https://github.com/user-attachments/assets/ce57a84f-f070-4149-85ef-a4d162b2d878"
/>
<img width="518" height="593" alt="image"
src="https://github.com/user-attachments/assets/f7249cd0-221f-496d-9deb-d9966ee43382"
/>
* Add currency hover tooltip in CurrencyDisplay (#18045)
https://github.com/user-attachments/assets/af768ecb-b5e9-4e8d-a9f9-fee1a08ea9a0
Fixes https://github.com/twentyhq/twenty/issues/17756
* Increase staging worker memory limit to 1024Mi to fix OOM crash
Worker was in CrashLoopBackOff with "JavaScript heap out of memory" error
at 512Mi. Matches production worker memory limit.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Increase staging worker memory limit to 1024Mi to fix OOM crash
Worker was in CrashLoopBackOff with "JavaScript heap out of memory" error
at 512Mi. Matches production worker memory limit.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: show "Not shared" for junction relation fields when target or intermediate object is not readable (#18025)
When a user's role lacks read permission on the target object (e.g.,
Company) or the intermediate junction object (e.g., EmploymentHistory),
junction relation fields like "Previous Companies" displayed as blank
instead of showing "Not shared."
- In RecordFieldList, junction fields now check the junction object's
read permission and set isForbidden on the field context so FieldDisplay
renders "Not shared" instead of an empty field.
- In RelationFromManyFieldDisplay, if junction records exist but all
nested target records are null (permission-denied by the API), the
component renders "Not shared" instead of an empty list.
---------
Co-authored-by: Félix Malfait <felix@twenty.com>
* Fix ingestion worker: wrap record processing in workspace context
The worker needs a workspace context (via AsyncLocalStorage) to use
GlobalWorkspaceOrmManager. Uses buildSystemAuthContext() like other
job processors in the codebase.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix ingestion worker: wrap record processing in workspace context
The worker needs a workspace context (via AsyncLocalStorage) to use
GlobalWorkspaceOrmManager. Uses buildSystemAuthContext() like other
job processors in the codebase.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* i18n - docs translations (#18050)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Restore old favorite design (#18049)
Issue : With IS_NAVIGATION_MENU_ITEM_ENABLED:true +
IS_NAVIGATION_MENU_ITEM_EDITING_ENABLED:false, nav menu design is
changed after 1.18.0 release : views expansion removed, system object
displayed, position re-ordered
We prefer keeping the same "old" favorite behaviour and design state
- After 1.18.0 all workspaces have up-to-date navigation menu items
(migrated)
- IS_NAVIGATION_MENU_ITEM_EDITING_ENABLED becomes the FF for nav menu
new design
---------
Co-authored-by: Charles Bochet <charles@twenty.com>
* Fix impossible scroll in sdk app:dev (#18051)
Issue is that we are refreshing the terminal because of icons animations
* Harden server-side input validation and auth defaults (#18018)
## Summary
- **File storage (LocalDriver):** Add realpath resolution and symlink
rejection to `writeFile`, `downloadFile`, and `downloadFolder` — brings
them in line with the existing `readFile` protections. Includes unit
tests.
- **JWT:** Pin signing/verification to HS256 explicitly.
- **Auth:** Revoke active refresh tokens when a user changes their
password.
- **Logic functions:** Validate `handlerName` as a safe JS identifier at
both DTO and runtime level, preventing injection into the generated
runner script.
- **User entity:** Remove `passwordHash` from the GraphQL schema
(`@Field` decorator removed, column stays).
- **Query params:** Use `crypto.randomBytes` instead of `Math.random`
for SQL parameter name generation.
- **Exception filter:** Mirror the request `Origin` header instead of
sending `Access-Control-Allow-Origin: *`.
## Test plan
- [x] `local.driver.spec.ts` — writeFile rejects symlinks, downloadFile
rejects paths outside storage
- [ ] Verify JWT auth flow still works (login, token refresh)
- [ ] Verify password change invalidates existing sessions
- [ ] Verify logic function creation with valid/invalid handler names
- [ ] Verify file upload/download in dev environment
Made with [Cursor](https://cursor.com)
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
* Add static transform type for constant field values in ingestion pipeline
Allows setting a fixed value regardless of source data, useful for
fields like leadStatus that need a default (e.g. "ASSIGNED").
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add static transform type for constant field values in ingestion pipeline
Allows setting a fixed value regardless of source data, useful for
fields like leadStatus that need a default (e.g. "ASSIGNED").
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Skip empty string source values in ingestion field mapping
Convoso sends empty strings for unpopulated fields. These should be
treated as absent rather than mapped to target fields where they'd
cause enum validation errors.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Skip empty string source values in ingestion field mapping
Convoso sends empty strings for unpopulated fields. These should be
treated as absent rather than mapped to target fields where they'd
cause enum validation errors.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Prevent SSRF via IMAP/SMTP/CalDAV (#17973)
Prevents leaking of internal services by filtering out private IPs, same
way we do for webhooks
* Fix website build (#18052)
* i18n - translations (#18053)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* Improve security settings card grouping and description overflow (#17928)
# After
- Added a separtor between the two audit logs cards
- Rename the audit log card to avoid repetition
- Grouped "Invite by link" and "2 factor auth" in one group
- Changed the card component description to always be one line max with
truncation & tooltips
<img width="777" height="1278" alt="CleanShot 2026-02-13 at 17 02 36"
src="https://github.com/user-attachments/assets/685c792a-c85b-4521-8c1b-bd9adedc75d9"
/>
<img width="976" height="690"
alt="b49f2eb043b6712d013618bb0a4ef7f011cf2316e1163fbdee4c293bed036ac9"
src="https://github.com/user-attachments/assets/6e17aa11-ecdb-4f98-ba50-5cd9b9c5def6"
/>
---------
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
Co-authored-by: Charles Bochet <charlesBochet@users.noreply.github.com>
Co-authored-by: Charles Bochet <charles@twenty.com>
* Fix empty string values bypassing enum validation in ingestion pipeline
The post-transform check only tested isDefined, so empty strings from map
transforms passed through and caused PostgreSQL enum errors (e.g. gender: "").
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix empty string values bypassing enum validation in ingestion pipeline
The post-transform check only tested isDefined, so empty strings from map
transforms passed through and caused PostgreSQL enum errors (e.g. gender: "").
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* i18n - translations (#18056)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* Fix website build (#18057)
* Add Health Sherpa policy ingestion with smart person matching
Implements automated policy data ingestion from Health Sherpa webhooks
using the existing ingestion pipeline infrastructure.
Features:
- Generic policy fields (carrier-agnostic): applicationId, externalSource, etc.
- Smart person matching with 4-strategy fallback system:
1. Match by phone (normalized)
2. Match by agent NPN + member name
3. Match by email (skip junk emails)
4. Auto-create person if no match
- Deduplication by applicationId (update vs create)
- Phone normalization: "(555) 123-4567" → "5551234567"
- Auto-assign to agent by NPN
- Duplicate email handling (retry without email)
- 17 field mappings (webhook → CRM)
- Full unit test coverage
New files:
- Migration: add-external-policy-fields (9 new columns + indexes)
- Seed: seed-healthsherpa-pipeline.command.ts
- Preprocessor: healthsherpa-policy.preprocessor.ts (smart matching)
- Registry: ingestion-preprocessor.registry.ts
- Tests: healthsherpa-policy.preprocessor.spec.ts (12 tests)
Modified files:
- ingestion-push-process.job.ts (call preprocessor)
- ingestion-pipeline.module.ts (register providers)
- ingestion-job.module.ts (register providers)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Messages Message Folder Association (#17398)
This PR adds Message folder association for message channel messages,
Currently under testing phase, not ready yet.
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Fix website build (#18061)
As per title
* i18n - docs translations (#18062)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Add Convoso call ingestion preprocessor for ingestion pipeline
Introduces ConvosoCallPreprocessor that enriches call payloads with
computed fields (direction, name, person/lead source resolution, billing)
and filters incomplete/system payloads. Updates the preprocessor registry
to support null returns for record skipping.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Wrap preprocessor in workspace context for DB access
The preprocessor runs before processRecords which has its own workspace
context. Preprocessors that access the database (like ConvosoCall and
HealthSherpa) need workspace context to resolve repositories.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Migrate dropdown to jotai (#18063)
Here we go again
* Add incoming payload viewer to ingestion pipeline run history
Stores the raw incoming webhook payload on each ingestion log entry and
displays it in an expandable row in the Run History table. Clicking a
row reveals the JSON payload and any errors.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* i18n - docs translations (#18067)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Bump @xyflow/react from 12.4.2 to 12.10.0 (#18070)
Bumps
[@xyflow/react](https://github.com/xyflow/xyflow/tree/HEAD/packages/react)
from 12.4.2 to 12.10.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/xyflow/xyflow/releases"><code>@xyflow/react</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.10.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5637">#5637</a> <a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Add <code>zIndexMode</code> to control how z-index is calculated for
nodes and edges</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5484">#5484</a> <a
href="https://github.com/xyflow/xyflow/commit/a523919d6789995e9d0f3dd29b0b47fc3b8d8439"><code>a523919d6</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Add
<code>experimental_useOnNodesChangeMiddleware</code> hook</p>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5629">#5629</a> <a
href="https://github.com/xyflow/xyflow/commit/9030fab2df8285fdfb649bda6e1e885dfd228d45"><code>9030fab2d</code></a>
Thanks <a
href="https://github.com/AlaricBaraou"><code>@AlaricBaraou</code></a>!
- Prevent unnecessary re-render in <code>FlowRenderer</code></p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5592">#5592</a> <a
href="https://github.com/xyflow/xyflow/commit/38dbf41c464550cc803b946a4ad1f46982385a03"><code>38dbf41c4</code></a>
Thanks <a
href="https://github.com/svilen-ivanov-kubit"><code>@svilen-ivanov-kubit</code></a>!
- Always create a new measured object in apply changes.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5635">#5635</a> <a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>
Thanks <a
href="https://github.com/tornado-softwares"><code>@tornado-softwares</code></a>!
- Update an ongoing connection when user moves node with keyboard.</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/8598b6bc2a9d052b12d5215706382da0aa84827b"><code>8598b6bc2</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.74</li>
</ul>
</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5621">#5621</a> <a
href="https://github.com/xyflow/xyflow/commit/c1304dba7a20bb8d74c7aceb23cd80b56e4c0482"><code>c1304dba7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Set <code>paneClickDistance</code> default value to
<code>1</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5578">#5578</a> <a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Pass
current pointer position to connection</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.73</li>
</ul>
</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.2</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/xyflow/xyflow/pull/5593">#5593</a> <a
href="https://github.com/xyflow/xyflow/commit/a8ee089d7689d9a58113690c8e90e1c1e109602a"><code>a8ee089d7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Reset selection box when user selects a node</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5572">#5572</a> <a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Fix
onPaneClick events being suppressed when selectionOnDrag=true</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.72</li>
</ul>
</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5544">#5544</a> <a
href="https://github.com/xyflow/xyflow/commit/c17b49f4c16167da3f791430163edd592159d27d"><code>c17b49f4c</code></a>
Thanks <a
href="https://github.com/0x0f0f0f"><code>@0x0f0f0f</code></a>! - Add
<code>EdgeToolbar</code> component</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5550">#5550</a> <a
href="https://github.com/xyflow/xyflow/commit/6ffb9f7901c32f5b335aee2517f41bf87f274f32"><code>6ffb9f790</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! -
Prevent child nodes of different parents from overlapping</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5551">#5551</a> <a
href="https://github.com/xyflow/xyflow/commit/6bb64b3ed60f26c9ea8bc01c8d62fb9bf74cd634"><code>6bb64b3ed</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Allow to start a selection above a node</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/xyflow/xyflow/blob/main/packages/react/CHANGELOG.md"><code>@xyflow/react</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>12.10.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5637">#5637</a> <a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Add <code>zIndexMode</code> to control how z-index is calculated for
nodes and edges</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5484">#5484</a> <a
href="https://github.com/xyflow/xyflow/commit/a523919d6789995e9d0f3dd29b0b47fc3b8d8439"><code>a523919d6</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Add
<code>experimental_useOnNodesChangeMiddleware</code> hook</p>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5629">#5629</a> <a
href="https://github.com/xyflow/xyflow/commit/9030fab2df8285fdfb649bda6e1e885dfd228d45"><code>9030fab2d</code></a>
Thanks <a
href="https://github.com/AlaricBaraou"><code>@AlaricBaraou</code></a>!
- Prevent unnecessary re-render in <code>FlowRenderer</code></p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5592">#5592</a> <a
href="https://github.com/xyflow/xyflow/commit/38dbf41c464550cc803b946a4ad1f46982385a03"><code>38dbf41c4</code></a>
Thanks <a
href="https://github.com/svilen-ivanov-kubit"><code>@svilen-ivanov-kubit</code></a>!
- Always create a new measured object in apply changes.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5635">#5635</a> <a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>
Thanks <a
href="https://github.com/tornado-softwares"><code>@tornado-softwares</code></a>!
- Update an ongoing connection when user moves node with keyboard.</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/8598b6bc2a9d052b12d5215706382da0aa84827b"><code>8598b6bc2</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.74</li>
</ul>
</li>
</ul>
<h2>12.9.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5621">#5621</a> <a
href="https://github.com/xyflow/xyflow/commit/c1304dba7a20bb8d74c7aceb23cd80b56e4c0482"><code>c1304dba7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Set <code>paneClickDistance</code> default value to
<code>1</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5578">#5578</a> <a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Pass
current pointer position to connection</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.73</li>
</ul>
</li>
</ul>
<h2>12.9.2</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/xyflow/xyflow/pull/5593">#5593</a> <a
href="https://github.com/xyflow/xyflow/commit/a8ee089d7689d9a58113690c8e90e1c1e109602a"><code>a8ee089d7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Reset selection box when user selects a node</li>
</ul>
<h2>12.9.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5572">#5572</a> <a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Fix
onPaneClick events being suppressed when selectionOnDrag=true</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.72</li>
</ul>
</li>
</ul>
<h2>12.9.0</h2>
<h3>Minor Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/xyflow/xyflow/pull/5544">#5544</a> <a
href="https://github.com/xyflow/xyflow/commit/c17b49f4c16167da3f791430163edd592159d27d"><code>c17b49f4c</code></a>
Thanks <a
href="https://github.com/0x0f0f0f"><code>@0x0f0f0f</code></a>! - Add
<code>EdgeToolbar</code> component</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/xyflow/xyflow/commit/c0ed3c33a3498877ab2a5755299ff84ee659782e"><code>c0ed3c3</code></a>
chore(packages): bump</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/83a312b2e1691a44223536653689f8f99f0d5b24"><code>83a312b</code></a>
chore(zIndexMode): use basic as default</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/14fd41b1f153406f1a21a61bf98ea07ad8275ec6"><code>14fd41b</code></a>
change default back to elevateEdgesOnSelect=false and
zIndexMode=basic</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/3680a6a0e623e19d1f983515273f11bdd355ec86"><code>3680a6a</code></a>
Merge branch 'main' into feat/zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/a523919d6789995e9d0f3dd29b0b47fc3b8d8439"><code>a523919</code></a>
chore(middleware): cleanup</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/e4e3605d62c8c710fe7ddb2ec3929af0a7962a6b"><code>e4e3605</code></a>
Merge branch 'main' into middlewares</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/2c05b3224a13e896dfb9a0c93f3af7bb592afc45"><code>2c05b32</code></a>
Merge branch 'feat/zindexmode' of github.com:xyflow/xyflow into
feat/zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/ddbb9280f6242794187205a207e993e2c721c244"><code>ddbb928</code></a>
chore(examples): add zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/9faca3357d5db68fdad6c96de06fd66dd1d0ba64"><code>9faca33</code></a>
Merge branch 'main' into feat/zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/4eb42952f01b947c9d36c25e6b30b7bd98224632"><code>4eb4295</code></a>
feat(svelte): add zIndexMode</li>
<li>Additional commits viewable in <a
href="https://github.com/xyflow/xyflow/commits/@xyflow/react@12.10.0/packages/react">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump eslint-config-next from 14.2.33 to 14.2.35 (#18069)
Bumps
[eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next)
from 14.2.33 to 14.2.35.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/vercel/next.js/commit/7b940d9ce96faddb9f92ff40f5e35c34ace04eb2"><code>7b940d9</code></a>
v14.2.35</li>
<li><a
href="https://github.com/vercel/next.js/commit/f3073688ce18878a674fdb9954da68e9d626a930"><code>f307368</code></a>
v14.2.34</li>
<li>See full diff in <a
href="https://github.com/vercel/next.js/commits/v14.2.35/packages/eslint-config-next">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump @emotion/is-prop-valid from 1.3.0 to 1.4.0 (#18068)
Bumps [@emotion/is-prop-valid](https://github.com/emotion-js/emotion)
from 1.3.0 to 1.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/emotion-js/emotion/releases"><code>@emotion/is-prop-valid</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@emotion/is-prop-valid</code><a
href="https://github.com/1"><code>@1</code></a>.4.0</h2>
<h3>Minor Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/emotion-js/emotion/pull/3306">#3306</a>
<a
href="https://github.com/emotion-js/emotion/commit/dfae1cbd98d3ebe449ce322b38cbf4a7fbfbfe96"><code>dfae1cb</code></a>
Thanks <a
href="https://github.com/EnzoAlbornoz"><code>@EnzoAlbornoz</code></a>!
- Adds <code>popover</code>, <code>popoverTarget</code> and
<code>popoverTargetAction</code> to the list of allowed props.</li>
</ul>
<h2><code>@emotion/is-prop-valid</code><a
href="https://github.com/1"><code>@1</code></a>.3.1</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/emotion-js/emotion/pull/3093">#3093</a>
<a
href="https://github.com/emotion-js/emotion/commit/532ff57cafd8ba04f3b624074556ea47ec76fc9a"><code>532ff57</code></a>
Thanks <a href="https://github.com/codejet"><code>@codejet</code></a>,
<a href="https://github.com/DustinBrett"><code>@DustinBrett</code></a>!
- Adds <code>fetchpriority</code> and <code>fetchPriority</code> to the
list of allowed props.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/emotion-js/emotion/commit/38db311adf024fe8a24b57c687824c47abbd0957"><code>38db311</code></a>
Version Packages (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3347">#3347</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/dfae1cbd98d3ebe449ce322b38cbf4a7fbfbfe96"><code>dfae1cb</code></a>
Adds <code>popover</code>, <code>popoverTarget</code> and
<code>popoverTargetAction</code> to the list of allo...</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/49229553967b6050c92d9602eb577bdc48167e91"><code>4922955</code></a>
Version Packages (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3335">#3335</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/0facbe47bd9099ae4ed22dc201822d910ac3dec5"><code>0facbe4</code></a>
Renamed default-exported variable in <code>@emotion/styled</code> to aid
inferred import...</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/cce67ec6b2fc94261028b4f4778aae8c3d6c5fd6"><code>cce67ec</code></a>
Bump parcel (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3258">#3258</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/3c19ce5997f73960679e546af47801205631dfde"><code>3c19ce5</code></a>
Version Packages (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3280">#3280</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/a19d019bd418ebc3b9cba0e58f58b36ac2862a42"><code>a19d019</code></a>
Convert <code>@emotion/styled</code>'s source code to TypeScript (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3284">#3284</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/5974e33fcb5e7aee177408684ac6fe8b38b3e353"><code>5974e33</code></a>
Fix JSX namespace <a
href="https://github.com/ts-ignores"><code>@ts-ignores</code></a> (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3282">#3282</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/fc4d7bd744c205f55513dcd4e4e5134198c219de"><code>fc4d7bd</code></a>
Convert <code>@emotion/react</code>'s source code to TypeScript (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3281">#3281</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/8dc1a6dd19d2dc9ce435ef0aff85ccf5647f5d2e"><code>8dc1a6d</code></a>
Convert <code>@emotion/cache</code>'s source code to TypeScript (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3277">#3277</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/emotion-js/emotion/compare/@emotion/is-prop-valid@1.3.0...@emotion/is-prop-valid@1.4.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* FILES field - Attachment name display fix (#18073)
with new 'file' FILES field on attachment, UI should display attachment
name from file field value.
Issue with API users updating only 'file' FILES field (and not name
field anymore)
* Add objectRecordCounts query to /metadata endpoint (#18054)
## Summary
- Adds an `objectRecordCounts` query on the `/metadata` GraphQL endpoint
that returns approximate record counts for all objects in the workspace
- Uses PostgreSQL's `pg_class.reltuples` catalog stats — a single
instant query instead of N `COUNT(*)` table scans
- Replaces the previous `CombinedFindManyRecords` approach which hit the
server's 20 root resolver limit and silently showed 0 for all counts on
the settings Data Model page
### Server
- `ObjectRecordCountDTO` — GraphQL type with `objectNamePlural` and
`totalCount`
- `ObjectRecordCountService` — reads `pg_class` catalog for the
workspace schema
- Query added to `ObjectMetadataResolver` with `@MetadataResolver()` +
`NoPermissionGuard`
### Frontend
- `OBJECT_RECORD_COUNTS` query added to
`object-metadata/graphql/queries.ts`
- `useCombinedGetTotalCount` simplified to a zero-argument hook using
the new query
- `SettingsObjectTable` simplified to a single hook call
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* Refactor and standardize `isSystem` field and object (#17992)
# Introduction
## Centralize system field definitions
- Extract a single `PARTIAL_SYSTEM_FLAT_FIELD_METADATAS` constant as the
source of truth for all 8 system fields (`id`, `createdAt`, `updatedAt`,
`deletedAt`, `createdBy`, `updatedBy`, `position`, `searchVector`),
eliminating duplication across custom object and standard app field
builders
- Refactor `buildDefaultFlatFieldMetadatasForCustomObject` to use the
shared constant via a new `buildObjectSystemFlatFieldMetadatas` helper
## Mark system fields as `isSystem: true`
- Fields `id`, `createdAt`, `updatedAt`, `deletedAt`, `createdBy`,
`updatedBy`, `position`, `searchVector` are now properly flagged as
system fields across all standard objects and custom object creation
- Standard app field builders for all ~30 standard objects updated to
set `isSystem: true` on `createdAt`, `updatedAt`, `deletedAt`,
`createdBy`, `updatedBy`
- System-only standard objects (blocklist, calendar channels, message
threads, etc.) now also include `createdBy`, `updatedBy`, `position`,
`searchVector` field definitions that were previously missing
## Validate system fields on object creation
- New transversal validation (`crossEntityTransversalValidation`) runs
after all atomic entity validations in the build orchestrator, ensuring
all 8 system fields are present with correct `type` and `isSystem: true`
when an object is created
- New `buildUniversalFlatObjectFieldByNameAndJoinColumnMaps` utility to
resolve field names to universal identifiers for a given object
- New exception codes: `MISSING_SYSTEM_FIELD` and `INVALID_SYSTEM_FIELD`
on `ObjectMetadataExceptionCode`
## Protect system fields and objects from mutation
- Field validators now block update/delete of `isSystem` fields by
non-system callers (`FIELD_MUTATION_NOT_ALLOWED`)
- Object validators now block update/delete of `isSystem` objects by
non-system callers
- `POSITION` and `TS_VECTOR` field type validators replaced: instead of
rejecting creation outright, they now validate that the field is named
correctly (`position` / `searchVector`) and has `isSystem: true`
## Distinguish `isSystemBuild` from `isCallerTwentyStandardApp`
- New `isCallerTwentyStandardApp` utility checks whether the caller's
`applicationUniversalIdentifier` matches the twenty standard app
- Name-sync logic (`isFlatFieldMetadataNameSyncedWithLabel`,
`areFlatObjectMetadataNamesSyncedWithLabels`) refactored to use
`isCallerTwentyStandardApp` for custom suffix decisions, keeping
`isSystemBuild` for mutation permission checks
- `WorkspaceMigrationBuilderOptions` type updated to include
`applicationUniversalIdentifier`
## Adapt frontend filtering
- New `HIDDEN_SYSTEM_FIELD_NAMES` constant (`id`, `position`,
`searchVector`) and `isHiddenSystemField` utility to only hide truly
internal fields while keeping user-facing system fields (`createdAt`,
`updatedAt`, `deletedAt`, `createdBy`, `updatedBy`) visible in the UI
- ~20 frontend files updated to replace `!field.isSystem` checks with
`!isHiddenSystemField(field)` across record index, settings, data model,
charts, workflows, spreadsheet import, aggregations, and role
permissions
## Add 1.19 upgrade commands
- **`backfill-system-fields-is-system`**: Raw SQL command to set
`isSystem = true` on existing workspace fields matching system field
names, and fix `position` field type from `NUMBER` to `POSITION` for
`favorite`/`favoriteFolder` objects. Includes proper cache invalidation.
- **`add-missing-system-fields-to-standard-objects`**: Codegen'd
workspace migration to create missing `position`, `searchVector`,
`createdBy`, `updatedBy` fields on standard objects that didn't
previously have them. Runs via `WorkspaceMigrationRunnerService` in a
single transaction with idempotency check. **Known limitation**: assumes
all standard objects exist and are valid in the target workspace.
## Add `universalIdentifier` for system fields in standard object
constants
- `standard-object.constant.ts` updated to include `universalIdentifier`
for `createdBy`, `updatedBy`, `position`, and `searchVector` across all
standard objects
- `fieldManifestType.ts` updated to support the new field manifest shape
## System relation
Completely removed and backfilled all `isSystem` relation to be false
false
As we won't require an object to have any relation system fields
## Add integration tests
- New test suite `failing-sync-application-object-system-fields`
covering: missing system fields, wrong field types (`id` as TEXT,
`createdAt` as TEXT, `position` as TEXT), system field deletion
attempts, and system field update attempts
- New test utilities: `buildDefaultObjectManifest` (builds an object
manifest with all 8 system fields) and `setupApplicationForSync`
(centralizes application setup)
- Existing successful sync test updated to verify system fields are
created with correct properties
## Next step
Make the builder scope the compared entity to be the currently built app
+ nor twenty standard app
* i18n - translations (#18079)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* fix: remove the error message for test failure in ci-front (#18076)
Introduced an error message on twenty-front CI earlier to try and inform
the user that test failure could be a coverage issue if no individual
test was failing. However, it led to the assumption that it must be
coverage failure in all cases even when it was test failure leading to
the CI being red.
This PR reverts the change.
* Keep migrating to jotai (#18064)
And we continue!
* Remove non positive integer constraint on Nav Menu Item (#18081)
To fit with position typed field logic + Ease favorite to nav menu item
migration (which have negative and float position)
* i18n - translations (#18086)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* Refactor message backfill command (#18078)
# Introduction
Atomically create the field and object to be created
And avoid synchronizing unrelated non up to date object and fields
Followup https://github.com/twentyhq/twenty/pull/17398
* Migrate more to Jotai (#18087)
Continue jotai migration
* Factorize and add public-assets/*path endpoint (#18080)
as title
* Twenty standard app static options id (#18089)
# Introduction
While preparing the twenty-standard as code migration to twenty-app
through sdk I've faced permanent field enum update as the id was
generated dynamically at each twenty standard app construction
Making them deterministic in order to avoid having this noise
Won't backfill this on existing workspace as it's not critical and that
we will rework the options in the future
* Create LLMS.md on create-twenty-app (#18091)
Managed to create a many to many app with minimal instructions. File
will need to be enriched with more pitfalls.
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* Fix google compose scope not gated by feature flag (#18093)
## Context
New google api scope has been introduced in
https://github.com/twentyhq/twenty/pull/17793 without being gated behind
a feature flag
Microsoft is using pre-existing Mail.ReadWrite scope there is nothing to
gate
## Before
<img width="553" height="445" alt="Screenshot 2026-02-19 at 14 57 58"
src="https://github.com/user-attachments/assets/59a4f76b-d38d-492f-b013-b6cad4091a7f"
/>
## After
<img width="535" height="392" alt="Screenshot 2026-02-19 at 14 58 44"
src="https://github.com/user-attachments/assets/0337bf15-ec30-4549-bb9d-571a982dffd8"
/>
* Remove non positive integer constraint on Nav Menu Item 2/2 (#18090)
Follow up https://github.com/twentyhq/twenty/pull/18081
* Resolve lead source from list_id via Convoso Lists API
When source_name is missing from the call payload (common with Convoso
Call Log API data), fall back to resolving the list_id to a list name
via the Convoso Lists API. The list map is cached in-memory for 10
minutes. The resolved name is used for lead source creation, call name
computation, and billing matching.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* [FRONT COMPONENTS] Declare command menu items in front components (#18047)
## Description
- Adds support for declaring command menu items directly within
`defineFrontComponent` via an optional command config property
- Introduces a new `CommandMenuItemManifest` type in twenty-shared and
wires it through the manifest build pipeline
## Example Of usage
```tsx
import { defineFrontComponent } from "twenty-sdk";
const TestAction = () => {
return <div>Test Action</div>;
};
export default defineFrontComponent({
universalIdentifier: "6c289461-0007-4a62-a99f-69e5c11a4ce7",
name: "test-action",
description: "Test Action",
component: TestAction,
command: {
universalIdentifier: "c07df864-495f-46f3-9f5b-9d3ce2589e9b",
label: "Run My Action",
icon: "IconBolt",
isPinned: false,
},
});
```
## Video QA
https://github.com/user-attachments/assets/f910fc6a-44a9-45d1-87c5-f0ce64bb3878
* Fix: add a new style to the target text box (#18065)
### Approach
I add some new rules for the style of the target text box. (Fix: #13229
)
<img width="842" height="545" alt="target class"
src="https://github.com/user-attachments/assets/7cd0a615-392a-493b-831f-77ddb93de5fc"
/>
**This is what it looks like now.**
<img width="320" height="224" alt="image"
src="https://github.com/user-attachments/assets/26514102-e684-49ce-915d-43e5677520a5"
/>
* Add CONVOSO_API_TOKEN to Helm staging values and worker extraEnv support
Adds extraEnv iteration to the worker deployment template (matching
the existing server template pattern) and configures CONVOSO_API_TOKEN
on both server and worker for the staging environment.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Use K8s secret for CONVOSO_API_TOKEN instead of hardcoded value
Adds extraEnvSecrets support to both server and worker Helm templates,
allowing env vars to be sourced from Kubernetes secrets via secretKeyRef.
The Convoso API token is now stored in a convoso-credentials secret
rather than being hardcoded in the values file.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add showInSidebar per-role permission to replace hardcoded sidebar filter
Adds a new `showInSidebar` boolean on ObjectPermission and a global
`showAllObjectsInSidebar` toggle on Role, following the same pattern as
canReadObjectRecords/canUpdateObjectRecords. The sidebar now filters
items based on this permission instead of the hardcoded MEMBER_VISIBLE_OBJECTS set.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Switch Convoso call pipeline to pull mode with date range params and preprocessor
Convoso Connect webhooks send lead data regardless of event type, so the push
pipeline doesn't receive call records. This switches to polling the Convoso Call
Log API (/v1/log/retrieve) on a cron schedule, matching the old Cloudflare Worker
approach.
- Add dateRangeParams to SourceRequestConfig for dynamic time-window queries
- Add envVar support to QueryParamAuthConfig for runtime env-based auth tokens
- Wire preprocessor + workspace context into IngestionPullJob (same as push job)
- Include SQL script to update pipeline config in staging DB
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: upgrade @swc/core to 1.15.11 and align SWC ecosystem (#18088)
## Summary
- Upgrades `@swc/core` from 1.13.3 to **1.15.11** (swc_core v56), which
introduces CBOR-based plugin serialization replacing rkyv, eliminating
strict version-matching between SWC core and Wasm plugins
- Upgrades `@lingui/swc-plugin` from ^5.6.0 to **^5.11.0** (swc_core
50.2.3, built with `--cfg=swc_ast_unknown` for cross-version
compatibility)
- Upgrades `@swc/plugin-emotion` from 10.0.4 to **14.6.0** (swc_core 53,
also with backward-compat feature)
- Upgrades companion packages: `@swc-node/register` 1.8.0 → 1.11.1,
`@swc/helpers` ~0.5.2 → ~0.5.18, `@vitejs/plugin-react-swc` 3.11.0 →
4.2.3
### Why this is safe now
Starting from `@swc/core v1.15.0`, SWC replaced the rkyv serialization
scheme with CBOR (a self-describing format) and added `Unknown` AST enum
variants. Plugins built with `swc_core >=…
walmat
added a commit
to Omnia-Insurance/crm
that referenced
this pull request
Mar 5, 2026
* Use proper PostgreSQL identifier/literal escaping in workspace DDL (#18024)
## Summary
- Replace the character-stripping approach (`removeSqlDDLInjection`)
with standard PostgreSQL `escapeIdentifier` and `escapeLiteral`
functions across all workspace schema manager services
- Add missing identifier escaping to `createForeignKey` (was the only
method in the FK manager without it)
- Add allowlist validation for index WHERE clauses and FK action types
- Harden tsvector expression builder with proper identifier quoting
## Context
The workspace schema managers build DDL dynamically from metadata (table
names, column names, enum values, etc.). The previous approach stripped
all non-alphanumeric characters — safe but lossy (silently corrupts
values with legitimate special characters). The new approach uses
PostgreSQL's standard escaping:
- **Identifiers**: double internal `"` and wrap → `"my""table"` (same
algorithm as `pg` driver's `escapeIdentifier`)
- **Literals**: double internal `'` and wrap → `'it''s a value'` (same
algorithm as `pg` driver's `escapeLiteral`)
`removeSqlDDLInjection` is kept only for name generation (e.g.,
`computePostgresEnumName`) where stripping to `[a-zA-Z0-9_]` is the
correct behavior.
## Files changed
| File | What |
|------|------|
| `remove-sql-injection.util.ts` | Added `escapeIdentifier` +
`escapeLiteral` |
| `validate-index-where-clause.util.ts` | New — allowlist for partial
index WHERE clauses |
| 5 schema manager services | Replaced strip+manual-quote with
`escapeIdentifier`/`escapeLiteral` |
| `build-sql-column-definition.util.ts` | `escapeIdentifier` for column
names, validated `generatedType` |
| `sanitize-default-value.util.ts` | `escapeLiteral` instead of
stripping |
| `serialize-default-value.util.ts` | `escapeLiteral` for values,
`escapeIdentifier` for enum casts |
| `get-ts-vector-column-expression.util.ts` | `escapeIdentifier` for
field names in expressions |
| `sanitize-default-value.util.spec.ts` | Updated tests for escape
behavior |
## Test plan
- [x] All 64 existing tests pass across 6 test suites
- [x] `lint:diff-with-main` passes
- [x] TypeScript typecheck — no new errors
- [ ] Verify workspace sync-metadata still works end-to-end
- [ ] Verify custom object/field creation works
- [ ] Verify enum field option changes work
Made with [Cursor](https://cursor.com)
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* Fixes - Workspace logo migration (#18035)
- Update migration command to handle case where workspace logo is
originated from workspace email and point to twenty-icons.com
- Update same logic for new workspaces
- Add feature-flag for all newly created workspaces
* [Chore] : Generate migration for DATE_TIME to DATE for DATE_TIME + IS operand filters (#17564)
migration command in response to the fix :
https://github.com/twentyhq/twenty/pull/17529 for the issue
https://github.com/twentyhq/core-team-issues/issues/2027
---------
Co-authored-by: Arun kumar <arunkumar@Aruns-MacBook-Air.local>
Co-authored-by: Lucas Bordeau <bordeau.lucas@gmail.com>
* 2094 extensibility define postinstall orand preinstall function to run in application (#18037)
- add a new optional key `postInstallLogicFunctionUniversalIdentifier`
in applicationConfig
- seed postInstall function in create-twenty-app
- update execute:function options
- update doc
* Nav Menu Item Migration command fix (#18041)
* i18n - docs translations (#18040)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Sync page Layout (#18034)
## Sync page layouts, tabs, and widgets
Adds the ability for SDK applications to synchronize `pageLayout`,
`pageLayoutTab`, and `pageLayoutWidget` entities, following the same
pattern established in #18003 for views and navigation menu items.
### Changes
**`twenty-shared`**
- New `PageLayoutManifest`, `PageLayoutTabManifest`, and
`PageLayoutWidgetManifest` types with a hierarchical structure (page
layout → tabs → widgets)
- Added `pageLayouts: PageLayoutManifest[]` to the `Manifest` type
**`twenty-sdk`**
- New `definePageLayout()` SDK function with validation for
universalIdentifier, name, and nested tabs/widgets
- Wired into the manifest extraction and build pipeline
(`DefinePageLayout` target function, `PageLayouts` entity key)
- Exported from the SDK entry point
**`twenty-server`**
- Added `pageLayout`, `pageLayoutTab`, `pageLayoutWidget` to
`APPLICATION_MANIFEST_METADATA_NAMES`
- New conversion utilities: manifest → universal flat entity for all
three entity types
- Updated `computeApplicationManifestAllUniversalFlatEntity
* Add example in create-twenty-app (#18043)
- add interactive mode to create-twenty-app
- by default create an example for each entities
<img width="1181" height="168" alt="image"
src="https://github.com/user-attachments/assets/a2490d8f-66a1-4cd5-bf41-57166cc20a1e"
/>
* i18n - docs translations (#18048)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Add missing objects to rich app integration tests (#18039)
Updating rich app so it also create:
- a many to many relation
- views
- navigation items
The app was built successfully.
Will still be missing front component examples
<img width="1498" height="660" alt="Capture d’écran 2026-02-18 à 17 47
25"
src="https://github.com/user-attachments/assets/acd5193f-3a36-4eb7-8276-3154e4e60f5e"
/>
* Refactor page layout types (#18042)
## Refactor page layout widget types into shared package and expose from
SDK
### Why
Widget configuration types were defined only on the server, forcing SDK
consumer apps to import from deep internal `twenty-shared/dist` paths —
fragile and breaks on structural changes. Server DTOs also had no
compile-time guarantee they matched the canonical types.
### What changed
- **`twenty-shared`**: Migrated `ChartFilter`, `GridPosition`,
`RatioAggregateConfig` and all 20 widget configuration variants into
`twenty-shared/types`. `PageLayoutWidgetConfiguration` (base, with
`SerializedRelation`) and `PageLayoutWidgetUniversalConfiguration`
(derived via `FormatRecordSerializedRelationProperties`) are now the
single source of truth.
- **`twenty-sdk`**: Re-exported `AggregateOperations`,
`ObjectRecordGroupByDateGranularity`, `PageLayoutTabLayoutMode`, and
`PageLayoutWidgetUniversalConfiguration` so consumer apps import from
`twenty-sdk` directly.
- **`twenty-server`**: All widget DTOs now `implements` their shared
type for compile-time enforcement. Added helpers to convert nested
`fieldMetadataId` ↔ `fieldMetadataUniversalIdentifier` inside chart
filters. Removed redundant local type re-exports.
* refactor workflow action messaging with callout (#18038)
## Summary
- remove the dedicated `WorkflowMessage` component and story
- update workflow action editor components to use the shared callout
patterns
- adjust `Callout` and its stories to support the new usage in workflow
actions
## Before/After
<img width="525" height="548" alt="image"
src="https://github.com/user-attachments/assets/ce57a84f-f070-4149-85ef-a4d162b2d878"
/>
<img width="518" height="593" alt="image"
src="https://github.com/user-attachments/assets/f7249cd0-221f-496d-9deb-d9966ee43382"
/>
* Add currency hover tooltip in CurrencyDisplay (#18045)
https://github.com/user-attachments/assets/af768ecb-b5e9-4e8d-a9f9-fee1a08ea9a0
Fixes https://github.com/twentyhq/twenty/issues/17756
* fix: show "Not shared" for junction relation fields when target or intermediate object is not readable (#18025)
When a user's role lacks read permission on the target object (e.g.,
Company) or the intermediate junction object (e.g., EmploymentHistory),
junction relation fields like "Previous Companies" displayed as blank
instead of showing "Not shared."
- In RecordFieldList, junction fields now check the junction object's
read permission and set isForbidden on the field context so FieldDisplay
renders "Not shared" instead of an empty field.
- In RelationFromManyFieldDisplay, if junction records exist but all
nested target records are null (permission-denied by the API), the
component renders "Not shared" instead of an empty list.
---------
Co-authored-by: Félix Malfait <felix@twenty.com>
* i18n - docs translations (#18050)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Restore old favorite design (#18049)
Issue : With IS_NAVIGATION_MENU_ITEM_ENABLED:true +
IS_NAVIGATION_MENU_ITEM_EDITING_ENABLED:false, nav menu design is
changed after 1.18.0 release : views expansion removed, system object
displayed, position re-ordered
We prefer keeping the same "old" favorite behaviour and design state
- After 1.18.0 all workspaces have up-to-date navigation menu items
(migrated)
- IS_NAVIGATION_MENU_ITEM_EDITING_ENABLED becomes the FF for nav menu
new design
---------
Co-authored-by: Charles Bochet <charles@twenty.com>
* Fix impossible scroll in sdk app:dev (#18051)
Issue is that we are refreshing the terminal because of icons animations
* Harden server-side input validation and auth defaults (#18018)
## Summary
- **File storage (LocalDriver):** Add realpath resolution and symlink
rejection to `writeFile`, `downloadFile`, and `downloadFolder` — brings
them in line with the existing `readFile` protections. Includes unit
tests.
- **JWT:** Pin signing/verification to HS256 explicitly.
- **Auth:** Revoke active refresh tokens when a user changes their
password.
- **Logic functions:** Validate `handlerName` as a safe JS identifier at
both DTO and runtime level, preventing injection into the generated
runner script.
- **User entity:** Remove `passwordHash` from the GraphQL schema
(`@Field` decorator removed, column stays).
- **Query params:** Use `crypto.randomBytes` instead of `Math.random`
for SQL parameter name generation.
- **Exception filter:** Mirror the request `Origin` header instead of
sending `Access-Control-Allow-Origin: *`.
## Test plan
- [x] `local.driver.spec.ts` — writeFile rejects symlinks, downloadFile
rejects paths outside storage
- [ ] Verify JWT auth flow still works (login, token refresh)
- [ ] Verify password change invalidates existing sessions
- [ ] Verify logic function creation with valid/invalid handler names
- [ ] Verify file upload/download in dev environment
Made with [Cursor](https://cursor.com)
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
* Prevent SSRF via IMAP/SMTP/CalDAV (#17973)
Prevents leaking of internal services by filtering out private IPs, same
way we do for webhooks
* Fix website build (#18052)
* i18n - translations (#18053)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* Improve security settings card grouping and description overflow (#17928)
# After
- Added a separtor between the two audit logs cards
- Rename the audit log card to avoid repetition
- Grouped "Invite by link" and "2 factor auth" in one group
- Changed the card component description to always be one line max with
truncation & tooltips
<img width="777" height="1278" alt="CleanShot 2026-02-13 at 17 02 36"
src="https://github.com/user-attachments/assets/685c792a-c85b-4521-8c1b-bd9adedc75d9"
/>
<img width="976" height="690"
alt="b49f2eb043b6712d013618bb0a4ef7f011cf2316e1163fbdee4c293bed036ac9"
src="https://github.com/user-attachments/assets/6e17aa11-ecdb-4f98-ba50-5cd9b9c5def6"
/>
---------
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
Co-authored-by: Charles Bochet <charlesBochet@users.noreply.github.com>
Co-authored-by: Charles Bochet <charles@twenty.com>
* i18n - translations (#18056)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* Fix website build (#18057)
* Messages Message Folder Association (#17398)
This PR adds Message folder association for message channel messages,
Currently under testing phase, not ready yet.
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Fix website build (#18061)
As per title
* i18n - docs translations (#18062)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Migrate dropdown to jotai (#18063)
Here we go again
* i18n - docs translations (#18067)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Bump @xyflow/react from 12.4.2 to 12.10.0 (#18070)
Bumps
[@xyflow/react](https://github.com/xyflow/xyflow/tree/HEAD/packages/react)
from 12.4.2 to 12.10.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/xyflow/xyflow/releases"><code>@xyflow/react</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.10.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5637">#5637</a> <a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Add <code>zIndexMode</code> to control how z-index is calculated for
nodes and edges</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5484">#5484</a> <a
href="https://github.com/xyflow/xyflow/commit/a523919d6789995e9d0f3dd29b0b47fc3b8d8439"><code>a523919d6</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Add
<code>experimental_useOnNodesChangeMiddleware</code> hook</p>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5629">#5629</a> <a
href="https://github.com/xyflow/xyflow/commit/9030fab2df8285fdfb649bda6e1e885dfd228d45"><code>9030fab2d</code></a>
Thanks <a
href="https://github.com/AlaricBaraou"><code>@AlaricBaraou</code></a>!
- Prevent unnecessary re-render in <code>FlowRenderer</code></p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5592">#5592</a> <a
href="https://github.com/xyflow/xyflow/commit/38dbf41c464550cc803b946a4ad1f46982385a03"><code>38dbf41c4</code></a>
Thanks <a
href="https://github.com/svilen-ivanov-kubit"><code>@svilen-ivanov-kubit</code></a>!
- Always create a new measured object in apply changes.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5635">#5635</a> <a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>
Thanks <a
href="https://github.com/tornado-softwares"><code>@tornado-softwares</code></a>!
- Update an ongoing connection when user moves node with keyboard.</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/8598b6bc2a9d052b12d5215706382da0aa84827b"><code>8598b6bc2</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.74</li>
</ul>
</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5621">#5621</a> <a
href="https://github.com/xyflow/xyflow/commit/c1304dba7a20bb8d74c7aceb23cd80b56e4c0482"><code>c1304dba7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Set <code>paneClickDistance</code> default value to
<code>1</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5578">#5578</a> <a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Pass
current pointer position to connection</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.73</li>
</ul>
</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.2</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/xyflow/xyflow/pull/5593">#5593</a> <a
href="https://github.com/xyflow/xyflow/commit/a8ee089d7689d9a58113690c8e90e1c1e109602a"><code>a8ee089d7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Reset selection box when user selects a node</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5572">#5572</a> <a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Fix
onPaneClick events being suppressed when selectionOnDrag=true</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.72</li>
</ul>
</li>
</ul>
<h2><code>@xyflow/react</code><a
href="https://github.com/12"><code>@12</code></a>.9.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5544">#5544</a> <a
href="https://github.com/xyflow/xyflow/commit/c17b49f4c16167da3f791430163edd592159d27d"><code>c17b49f4c</code></a>
Thanks <a
href="https://github.com/0x0f0f0f"><code>@0x0f0f0f</code></a>! - Add
<code>EdgeToolbar</code> component</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5550">#5550</a> <a
href="https://github.com/xyflow/xyflow/commit/6ffb9f7901c32f5b335aee2517f41bf87f274f32"><code>6ffb9f790</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! -
Prevent child nodes of different parents from overlapping</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5551">#5551</a> <a
href="https://github.com/xyflow/xyflow/commit/6bb64b3ed60f26c9ea8bc01c8d62fb9bf74cd634"><code>6bb64b3ed</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Allow to start a selection above a node</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/xyflow/xyflow/blob/main/packages/react/CHANGELOG.md"><code>@xyflow/react</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>12.10.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5637">#5637</a> <a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Add <code>zIndexMode</code> to control how z-index is calculated for
nodes and edges</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5484">#5484</a> <a
href="https://github.com/xyflow/xyflow/commit/a523919d6789995e9d0f3dd29b0b47fc3b8d8439"><code>a523919d6</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Add
<code>experimental_useOnNodesChangeMiddleware</code> hook</p>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5629">#5629</a> <a
href="https://github.com/xyflow/xyflow/commit/9030fab2df8285fdfb649bda6e1e885dfd228d45"><code>9030fab2d</code></a>
Thanks <a
href="https://github.com/AlaricBaraou"><code>@AlaricBaraou</code></a>!
- Prevent unnecessary re-render in <code>FlowRenderer</code></p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5592">#5592</a> <a
href="https://github.com/xyflow/xyflow/commit/38dbf41c464550cc803b946a4ad1f46982385a03"><code>38dbf41c4</code></a>
Thanks <a
href="https://github.com/svilen-ivanov-kubit"><code>@svilen-ivanov-kubit</code></a>!
- Always create a new measured object in apply changes.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5635">#5635</a> <a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>
Thanks <a
href="https://github.com/tornado-softwares"><code>@tornado-softwares</code></a>!
- Update an ongoing connection when user moves node with keyboard.</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/0c7261a6dc94f1aa58333a6aebcaca8ced9b5ad2"><code>0c7261a6d</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/8598b6bc2a9d052b12d5215706382da0aa84827b"><code>8598b6bc2</code></a>,
<a
href="https://github.com/xyflow/xyflow/commit/2d7fa40e2684a0fcdd4eca7800ccf2c34338e549"><code>2d7fa40e2</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.74</li>
</ul>
</li>
</ul>
<h2>12.9.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5621">#5621</a> <a
href="https://github.com/xyflow/xyflow/commit/c1304dba7a20bb8d74c7aceb23cd80b56e4c0482"><code>c1304dba7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Set <code>paneClickDistance</code> default value to
<code>1</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5578">#5578</a> <a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Pass
current pointer position to connection</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/00bcb9f5f45f49814b9ac19b3f55cfe069ee3773"><code>00bcb9f5f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.73</li>
</ul>
</li>
</ul>
<h2>12.9.2</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/xyflow/xyflow/pull/5593">#5593</a> <a
href="https://github.com/xyflow/xyflow/commit/a8ee089d7689d9a58113690c8e90e1c1e109602a"><code>a8ee089d7</code></a>
Thanks <a href="https://github.com/moklick"><code>@moklick</code></a>!
- Reset selection box when user selects a node</li>
</ul>
<h2>12.9.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/xyflow/xyflow/pull/5572">#5572</a> <a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>
Thanks <a
href="https://github.com/peterkogo"><code>@peterkogo</code></a>! - Fix
onPaneClick events being suppressed when selectionOnDrag=true</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/xyflow/xyflow/commit/5ec0cac7fad21109b74839969c0818f88ddc87d9"><code>5ec0cac7f</code></a>]:</p>
<ul>
<li><code>@xyflow/system</code><a
href="https://github.com/0"><code>@0</code></a>.0.72</li>
</ul>
</li>
</ul>
<h2>12.9.0</h2>
<h3>Minor Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/xyflow/xyflow/pull/5544">#5544</a> <a
href="https://github.com/xyflow/xyflow/commit/c17b49f4c16167da3f791430163edd592159d27d"><code>c17b49f4c</code></a>
Thanks <a
href="https://github.com/0x0f0f0f"><code>@0x0f0f0f</code></a>! - Add
<code>EdgeToolbar</code> component</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/xyflow/xyflow/commit/c0ed3c33a3498877ab2a5755299ff84ee659782e"><code>c0ed3c3</code></a>
chore(packages): bump</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/83a312b2e1691a44223536653689f8f99f0d5b24"><code>83a312b</code></a>
chore(zIndexMode): use basic as default</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/14fd41b1f153406f1a21a61bf98ea07ad8275ec6"><code>14fd41b</code></a>
change default back to elevateEdgesOnSelect=false and
zIndexMode=basic</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/3680a6a0e623e19d1f983515273f11bdd355ec86"><code>3680a6a</code></a>
Merge branch 'main' into feat/zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/a523919d6789995e9d0f3dd29b0b47fc3b8d8439"><code>a523919</code></a>
chore(middleware): cleanup</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/e4e3605d62c8c710fe7ddb2ec3929af0a7962a6b"><code>e4e3605</code></a>
Merge branch 'main' into middlewares</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/2c05b3224a13e896dfb9a0c93f3af7bb592afc45"><code>2c05b32</code></a>
Merge branch 'feat/zindexmode' of github.com:xyflow/xyflow into
feat/zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/ddbb9280f6242794187205a207e993e2c721c244"><code>ddbb928</code></a>
chore(examples): add zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/9faca3357d5db68fdad6c96de06fd66dd1d0ba64"><code>9faca33</code></a>
Merge branch 'main' into feat/zindexmode</li>
<li><a
href="https://github.com/xyflow/xyflow/commit/4eb42952f01b947c9d36c25e6b30b7bd98224632"><code>4eb4295</code></a>
feat(svelte): add zIndexMode</li>
<li>Additional commits viewable in <a
href="https://github.com/xyflow/xyflow/commits/@xyflow/react@12.10.0/packages/react">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump eslint-config-next from 14.2.33 to 14.2.35 (#18069)
Bumps
[eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next)
from 14.2.33 to 14.2.35.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/vercel/next.js/commit/7b940d9ce96faddb9f92ff40f5e35c34ace04eb2"><code>7b940d9</code></a>
v14.2.35</li>
<li><a
href="https://github.com/vercel/next.js/commit/f3073688ce18878a674fdb9954da68e9d626a930"><code>f307368</code></a>
v14.2.34</li>
<li>See full diff in <a
href="https://github.com/vercel/next.js/commits/v14.2.35/packages/eslint-config-next">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump @emotion/is-prop-valid from 1.3.0 to 1.4.0 (#18068)
Bumps [@emotion/is-prop-valid](https://github.com/emotion-js/emotion)
from 1.3.0 to 1.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/emotion-js/emotion/releases"><code>@emotion/is-prop-valid</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@emotion/is-prop-valid</code><a
href="https://github.com/1"><code>@1</code></a>.4.0</h2>
<h3>Minor Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/emotion-js/emotion/pull/3306">#3306</a>
<a
href="https://github.com/emotion-js/emotion/commit/dfae1cbd98d3ebe449ce322b38cbf4a7fbfbfe96"><code>dfae1cb</code></a>
Thanks <a
href="https://github.com/EnzoAlbornoz"><code>@EnzoAlbornoz</code></a>!
- Adds <code>popover</code>, <code>popoverTarget</code> and
<code>popoverTargetAction</code> to the list of allowed props.</li>
</ul>
<h2><code>@emotion/is-prop-valid</code><a
href="https://github.com/1"><code>@1</code></a>.3.1</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/emotion-js/emotion/pull/3093">#3093</a>
<a
href="https://github.com/emotion-js/emotion/commit/532ff57cafd8ba04f3b624074556ea47ec76fc9a"><code>532ff57</code></a>
Thanks <a href="https://github.com/codejet"><code>@codejet</code></a>,
<a href="https://github.com/DustinBrett"><code>@DustinBrett</code></a>!
- Adds <code>fetchpriority</code> and <code>fetchPriority</code> to the
list of allowed props.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/emotion-js/emotion/commit/38db311adf024fe8a24b57c687824c47abbd0957"><code>38db311</code></a>
Version Packages (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3347">#3347</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/dfae1cbd98d3ebe449ce322b38cbf4a7fbfbfe96"><code>dfae1cb</code></a>
Adds <code>popover</code>, <code>popoverTarget</code> and
<code>popoverTargetAction</code> to the list of allo...</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/49229553967b6050c92d9602eb577bdc48167e91"><code>4922955</code></a>
Version Packages (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3335">#3335</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/0facbe47bd9099ae4ed22dc201822d910ac3dec5"><code>0facbe4</code></a>
Renamed default-exported variable in <code>@emotion/styled</code> to aid
inferred import...</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/cce67ec6b2fc94261028b4f4778aae8c3d6c5fd6"><code>cce67ec</code></a>
Bump parcel (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3258">#3258</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/3c19ce5997f73960679e546af47801205631dfde"><code>3c19ce5</code></a>
Version Packages (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3280">#3280</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/a19d019bd418ebc3b9cba0e58f58b36ac2862a42"><code>a19d019</code></a>
Convert <code>@emotion/styled</code>'s source code to TypeScript (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3284">#3284</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/5974e33fcb5e7aee177408684ac6fe8b38b3e353"><code>5974e33</code></a>
Fix JSX namespace <a
href="https://github.com/ts-ignores"><code>@ts-ignores</code></a> (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3282">#3282</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/fc4d7bd744c205f55513dcd4e4e5134198c219de"><code>fc4d7bd</code></a>
Convert <code>@emotion/react</code>'s source code to TypeScript (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3281">#3281</a>)</li>
<li><a
href="https://github.com/emotion-js/emotion/commit/8dc1a6dd19d2dc9ce435ef0aff85ccf5647f5d2e"><code>8dc1a6d</code></a>
Convert <code>@emotion/cache</code>'s source code to TypeScript (<a
href="https://redirect.github.com/emotion-js/emotion/issues/3277">#3277</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/emotion-js/emotion/compare/@emotion/is-prop-valid@1.3.0...@emotion/is-prop-valid@1.4.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* FILES field - Attachment name display fix (#18073)
with new 'file' FILES field on attachment, UI should display attachment
name from file field value.
Issue with API users updating only 'file' FILES field (and not name
field anymore)
* Add objectRecordCounts query to /metadata endpoint (#18054)
## Summary
- Adds an `objectRecordCounts` query on the `/metadata` GraphQL endpoint
that returns approximate record counts for all objects in the workspace
- Uses PostgreSQL's `pg_class.reltuples` catalog stats — a single
instant query instead of N `COUNT(*)` table scans
- Replaces the previous `CombinedFindManyRecords` approach which hit the
server's 20 root resolver limit and silently showed 0 for all counts on
the settings Data Model page
### Server
- `ObjectRecordCountDTO` — GraphQL type with `objectNamePlural` and
`totalCount`
- `ObjectRecordCountService` — reads `pg_class` catalog for the
workspace schema
- Query added to `ObjectMetadataResolver` with `@MetadataResolver()` +
`NoPermissionGuard`
### Frontend
- `OBJECT_RECORD_COUNTS` query added to
`object-metadata/graphql/queries.ts`
- `useCombinedGetTotalCount` simplified to a zero-argument hook using
the new query
- `SettingsObjectTable` simplified to a single hook call
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* Refactor and standardize `isSystem` field and object (#17992)
# Introduction
## Centralize system field definitions
- Extract a single `PARTIAL_SYSTEM_FLAT_FIELD_METADATAS` constant as the
source of truth for all 8 system fields (`id`, `createdAt`, `updatedAt`,
`deletedAt`, `createdBy`, `updatedBy`, `position`, `searchVector`),
eliminating duplication across custom object and standard app field
builders
- Refactor `buildDefaultFlatFieldMetadatasForCustomObject` to use the
shared constant via a new `buildObjectSystemFlatFieldMetadatas` helper
## Mark system fields as `isSystem: true`
- Fields `id`, `createdAt`, `updatedAt`, `deletedAt`, `createdBy`,
`updatedBy`, `position`, `searchVector` are now properly flagged as
system fields across all standard objects and custom object creation
- Standard app field builders for all ~30 standard objects updated to
set `isSystem: true` on `createdAt`, `updatedAt`, `deletedAt`,
`createdBy`, `updatedBy`
- System-only standard objects (blocklist, calendar channels, message
threads, etc.) now also include `createdBy`, `updatedBy`, `position`,
`searchVector` field definitions that were previously missing
## Validate system fields on object creation
- New transversal validation (`crossEntityTransversalValidation`) runs
after all atomic entity validations in the build orchestrator, ensuring
all 8 system fields are present with correct `type` and `isSystem: true`
when an object is created
- New `buildUniversalFlatObjectFieldByNameAndJoinColumnMaps` utility to
resolve field names to universal identifiers for a given object
- New exception codes: `MISSING_SYSTEM_FIELD` and `INVALID_SYSTEM_FIELD`
on `ObjectMetadataExceptionCode`
## Protect system fields and objects from mutation
- Field validators now block update/delete of `isSystem` fields by
non-system callers (`FIELD_MUTATION_NOT_ALLOWED`)
- Object validators now block update/delete of `isSystem` objects by
non-system callers
- `POSITION` and `TS_VECTOR` field type validators replaced: instead of
rejecting creation outright, they now validate that the field is named
correctly (`position` / `searchVector`) and has `isSystem: true`
## Distinguish `isSystemBuild` from `isCallerTwentyStandardApp`
- New `isCallerTwentyStandardApp` utility checks whether the caller's
`applicationUniversalIdentifier` matches the twenty standard app
- Name-sync logic (`isFlatFieldMetadataNameSyncedWithLabel`,
`areFlatObjectMetadataNamesSyncedWithLabels`) refactored to use
`isCallerTwentyStandardApp` for custom suffix decisions, keeping
`isSystemBuild` for mutation permission checks
- `WorkspaceMigrationBuilderOptions` type updated to include
`applicationUniversalIdentifier`
## Adapt frontend filtering
- New `HIDDEN_SYSTEM_FIELD_NAMES` constant (`id`, `position`,
`searchVector`) and `isHiddenSystemField` utility to only hide truly
internal fields while keeping user-facing system fields (`createdAt`,
`updatedAt`, `deletedAt`, `createdBy`, `updatedBy`) visible in the UI
- ~20 frontend files updated to replace `!field.isSystem` checks with
`!isHiddenSystemField(field)` across record index, settings, data model,
charts, workflows, spreadsheet import, aggregations, and role
permissions
## Add 1.19 upgrade commands
- **`backfill-system-fields-is-system`**: Raw SQL command to set
`isSystem = true` on existing workspace fields matching system field
names, and fix `position` field type from `NUMBER` to `POSITION` for
`favorite`/`favoriteFolder` objects. Includes proper cache invalidation.
- **`add-missing-system-fields-to-standard-objects`**: Codegen'd
workspace migration to create missing `position`, `searchVector`,
`createdBy`, `updatedBy` fields on standard objects that didn't
previously have them. Runs via `WorkspaceMigrationRunnerService` in a
single transaction with idempotency check. **Known limitation**: assumes
all standard objects exist and are valid in the target workspace.
## Add `universalIdentifier` for system fields in standard object
constants
- `standard-object.constant.ts` updated to include `universalIdentifier`
for `createdBy`, `updatedBy`, `position`, and `searchVector` across all
standard objects
- `fieldManifestType.ts` updated to support the new field manifest shape
## System relation
Completely removed and backfilled all `isSystem` relation to be false
false
As we won't require an object to have any relation system fields
## Add integration tests
- New test suite `failing-sync-application-object-system-fields`
covering: missing system fields, wrong field types (`id` as TEXT,
`createdAt` as TEXT, `position` as TEXT), system field deletion
attempts, and system field update attempts
- New test utilities: `buildDefaultObjectManifest` (builds an object
manifest with all 8 system fields) and `setupApplicationForSync`
(centralizes application setup)
- Existing successful sync test updated to verify system fields are
created with correct properties
## Next step
Make the builder scope the compared entity to be the currently built app
+ nor twenty standard app
* i18n - translations (#18079)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* fix: remove the error message for test failure in ci-front (#18076)
Introduced an error message on twenty-front CI earlier to try and inform
the user that test failure could be a coverage issue if no individual
test was failing. However, it led to the assumption that it must be
coverage failure in all cases even when it was test failure leading to
the CI being red.
This PR reverts the change.
* Keep migrating to jotai (#18064)
And we continue!
* Remove non positive integer constraint on Nav Menu Item (#18081)
To fit with position typed field logic + Ease favorite to nav menu item
migration (which have negative and float position)
* i18n - translations (#18086)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* Refactor message backfill command (#18078)
# Introduction
Atomically create the field and object to be created
And avoid synchronizing unrelated non up to date object and fields
Followup https://github.com/twentyhq/twenty/pull/17398
* Migrate more to Jotai (#18087)
Continue jotai migration
* Factorize and add public-assets/*path endpoint (#18080)
as title
* Twenty standard app static options id (#18089)
# Introduction
While preparing the twenty-standard as code migration to twenty-app
through sdk I've faced permanent field enum update as the id was
generated dynamically at each twenty standard app construction
Making them deterministic in order to avoid having this noise
Won't backfill this on existing workspace as it's not critical and that
we will rework the options in the future
* Create LLMS.md on create-twenty-app (#18091)
Managed to create a many to many app with minimal instructions. File
will need to be enriched with more pitfalls.
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* Fix google compose scope not gated by feature flag (#18093)
## Context
New google api scope has been introduced in
https://github.com/twentyhq/twenty/pull/17793 without being gated behind
a feature flag
Microsoft is using pre-existing Mail.ReadWrite scope there is nothing to
gate
## Before
<img width="553" height="445" alt="Screenshot 2026-02-19 at 14 57 58"
src="https://github.com/user-attachments/assets/59a4f76b-d38d-492f-b013-b6cad4091a7f"
/>
## After
<img width="535" height="392" alt="Screenshot 2026-02-19 at 14 58 44"
src="https://github.com/user-attachments/assets/0337bf15-ec30-4549-bb9d-571a982dffd8"
/>
* Remove non positive integer constraint on Nav Menu Item 2/2 (#18090)
Follow up https://github.com/twentyhq/twenty/pull/18081
* [FRONT COMPONENTS] Declare command menu items in front components (#18047)
## Description
- Adds support for declaring command menu items directly within
`defineFrontComponent` via an optional command config property
- Introduces a new `CommandMenuItemManifest` type in twenty-shared and
wires it through the manifest build pipeline
## Example Of usage
```tsx
import { defineFrontComponent } from "twenty-sdk";
const TestAction = () => {
return <div>Test Action</div>;
};
export default defineFrontComponent({
universalIdentifier: "6c289461-0007-4a62-a99f-69e5c11a4ce7",
name: "test-action",
description: "Test Action",
component: TestAction,
command: {
universalIdentifier: "c07df864-495f-46f3-9f5b-9d3ce2589e9b",
label: "Run My Action",
icon: "IconBolt",
isPinned: false,
},
});
```
## Video QA
https://github.com/user-attachments/assets/f910fc6a-44a9-45d1-87c5-f0ce64bb3878
* Fix: add a new style to the target text box (#18065)
### Approach
I add some new rules for the style of the target text box. (Fix: #13229
)
<img width="842" height="545" alt="target class"
src="https://github.com/user-attachments/assets/7cd0a615-392a-493b-831f-77ddb93de5fc"
/>
**This is what it looks like now.**
<img width="320" height="224" alt="image"
src="https://github.com/user-attachments/assets/26514102-e684-49ce-915d-43e5677520a5"
/>
* chore: upgrade @swc/core to 1.15.11 and align SWC ecosystem (#18088)
## Summary
- Upgrades `@swc/core` from 1.13.3 to **1.15.11** (swc_core v56), which
introduces CBOR-based plugin serialization replacing rkyv, eliminating
strict version-matching between SWC core and Wasm plugins
- Upgrades `@lingui/swc-plugin` from ^5.6.0 to **^5.11.0** (swc_core
50.2.3, built with `--cfg=swc_ast_unknown` for cross-version
compatibility)
- Upgrades `@swc/plugin-emotion` from 10.0.4 to **14.6.0** (swc_core 53,
also with backward-compat feature)
- Upgrades companion packages: `@swc-node/register` 1.8.0 → 1.11.1,
`@swc/helpers` ~0.5.2 → ~0.5.18, `@vitejs/plugin-react-swc` 3.11.0 →
4.2.3
### Why this is safe now
Starting from `@swc/core v1.15.0`, SWC replaced the rkyv serialization
scheme with CBOR (a self-describing format) and added `Unknown` AST enum
variants. Plugins built with `swc_core >= 47` and
`--cfg=swc_ast_unknown` are now forward-compatible across `@swc/core`
versions. Both `@lingui/swc-plugin@5.10.1+` and
`@swc/plugin-emotion@14.0.0+` have this support, meaning the old
version-matching nightmare between Lingui and SWC is largely solved.
Reference: https://github.com/lingui/swc-plugin/issues/179
## Test plan
- [x] `yarn install` resolves without errors
- [x] `npx nx build twenty-shared` succeeds
- [x] `npx nx build twenty-ui` succeeds (validates
@swc/plugin-emotion@14.6.0)
- [x] `npx nx typecheck twenty-front` succeeds
- [x] `npx nx build twenty-front` succeeds (validates vite + swc +
lingui pipeline)
- [x] `npx nx build twenty-emails` succeeds (validates lingui plugin)
- [x] Frontend jest tests pass (validates @swc/jest +
@lingui/swc-plugin)
- [x] Server jest tests pass (validates server-side SWC + lingui)
Made with [Cursor](https://cursor.com)
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* Rework types for logic function (#18074)
## Summary
- **Consolidate logic function services**: Remove
`LogicFunctionMetadataService` and consolidate all logic function CRUD
operations into `LogicFunctionFromSourceService`, with a new
`LogicFunctionFromSourceHelperService` for shared validation/migration
logic
- **Introduce typed conversion utils following the skill pattern**: Add
`fromCreateLogicFunctionFromSourceInputToUniversalFlatLogicFunctionToCreate`
and `fromUpdateLogicFunctionFromSourceInputToFlatLogicFunctionToUpdate`
that convert DTO inputs directly to flat entities
(`UniversalFlatLogicFunction` / `FlatLogicFunction`), replacing the
previous intermediate `UpdateLogicFunctionMetadataParams` indirection
- **Simplify `CodeStepBuildService`**: Remove ~100 lines of manual
duplication logic by delegating to
`LogicFunctionFromSourceService.duplicateOneWithSource`
- **Remove completed 1-17 migration**: Delete
`MigrateWorkflowCodeStepsCommand` and associated utils that migrated
workflow code steps from serverless functions to logic functions
* Add page layout backfill command (#18095)
## Context
Command to backfill record page layouts and related entities for legacy
workspaces.
## Test
Set SHOULD_SEED_STANDARD_RECORD_PAGE_LAYOUTS=false, reset DB then run
the command and compare with Set
SHOULD_SEED_STANDARD_RECORD_PAGE_LAYOUTS=true on a different workspace
* feat: added workspace member filter for actor fields (#16628)
Closes #16619
This PR adds support for filtering ACTOR fields by `Workspace Member`
subfield, enabling users to filter records by who created them with a
`Me` option.
I replicated the same UX and code structure as the Relation field filter
for consistency.
Each filter selection triggers a server-side GraphQL call. But there is
client-side filtering in `isRecordMatchingFilter.ts` which instantly
filters already-loaded records while the server is fetching new results.
I replicated this behaviour from how `FULL_NAME` and other composite
fields handle filtering.
UX decision that were taken by me (Let me know if changes are needed) :
- The filter shows comma separated selected workspace member names until
3 members are selected. After that it shows [no of selected members]
workspace members.
<img width="643" height="283" alt="Screenshot 2025-12-17 at 8 01 23 PM"
src="https://github.com/user-attachments/assets/18d524f4-979b-4d92-ad64-aa7b63be7897"
/>
<img width="774" height="309" alt="Screenshot 2025-12-17 at 8 01 33 PM"
src="https://github.com/user-attachments/assets/779f374f-1501-48f9-afa2-a78628e067b1"
/>
<img width="737" height="397" alt="Screenshot 2025-12-17 at 8 01 40 PM"
src="https://github.com/user-attachments/assets/4e8b963e-8a0f-467d-91ae-48bca4e1d842"
/>
<img width="697" height="334" alt="Screenshot 2025-12-17 at 8 01 53 PM"
src="https://github.com/user-attachments/assets/c9a0e4bb-48b4-486b-a4f9-d7c49ff3852c"
/>
<img width="684" height="343" alt="Screenshot 2025-12-17 at 8 02 04 PM"
src="https://github.com/user-attachments/assets/d5c45eba-06a3-40fc-b9d0-d585dc8bc136"
/>
---------
Co-authored-by: Lucas Bordeau <bordeau.lucas@gmail.com>
* fix: laggy edition of FormNumberFieldInput (#18011)
### What this PR do ?
Stops the delay fields from updating the workflow on every keystroke by
keeping values locally and saving them on blur, which fixes the cached
relation error
Fixed #15709
---------
Co-authored-by: Lucas Bordeau <bordeau.lucas@gmail.com>
* i18n - translations (#18100)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* fix: convert metered tier upTo from internal to display credits in listPlans (#18108)
## Summary
- The `listPlans` GraphQL query was returning metered tier `upTo` values
in internal credit units (1000x the display value), causing "Credits by
period" and "Credit Plan" dropdowns to show "50M" instead of "50k"
- Applied the existing `INTERNAL_CREDITS_PER_DISPLAY_CREDIT` (1000)
divisor in `formatBillingDatabasePriceToMeteredPriceDTO`, matching the
conversion already used in `getMeteredProductsUsage` resolver
- Updated frontend mock data to reflect the corrected display-unit
values
## Test plan
- [x] Unit tests pass for `format-database-product-to-graphql-dto.util`
- [x] Unit tests pass for `metered-credit.service` and
`billing-credit-rollover.service`
- [ ] Verify billing page shows correct credit amounts (50k, not 50M)
for "Credits by period" and "Credit Plan"
Made with [Cursor](https://cursor.com)
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
* Fix: Person avatar upload fails with unknown field error (#18109)
## Automated fix for [bug None](https://sonarly.com/issue/None?type=bug)
**Severity:** `critical`
### Summary
When uploading a person avatar with the new FILES field migration
enabled, the optimistic record validation in
computeOptimisticRecordFromInput throws because the avatarFile field may
not be recognized in the person object metadata, crashing the upload
flow.
### User Impact
Users with the IS_FILES_FIELD_MIGRATED feature flag enabled cannot
upload or change a person's avatar photo. The upload operation throws an
unhandled error, preventing the avatar update from completing.
### Root Cause
The usePersonAvatarUpload hook passes avatarFile as a field in
updateOneRecordInput when calling updateOneRecord. This input goes
through computeOptimisticRecordFromInput, which validates that every
field in the record input exists in objectMetadataItem.fields. The
avatarFile field (type FILES) was recently added as a standard field on
the person object, but may not yet be present in the frontend's cached
object metadata for all workspaces (e.g., workspaces where the metadata
has not been synced after the migration, or SSE events arriving before
metadata refresh). When avatarFile is not found in the metadata fields
array, the validation throws. The useUpdateOneRecord hook supports an
optimisticRecord parameter that bypasses this validation entirely, but
usePersonAvatarUpload did not provide it.
Introduced by Etienne in commit d0c1841f0f8 on 2026-02-11, which added
the avatar file migration and upload logic but did not supply an
optimisticRecord to bypass the strict field validation in
computeOptimisticRecordFromInput.
**Introduced by:** Etienne on 2026-02-11 in commit
[`d0c1841`](https://github.com/twentyhq/twenty/commit/d0c1841f0f8a6a9069bbe2e9cafacf4ff6137f82)
### Suggested Fix
Pass an explicit optimisticRecord parameter when calling updateOneRecord
from usePersonAvatarUpload. The useUpdateOneRecord hook uses
optimisticRecord via nullish coalescing (optimisticRecord ??
computeOptimisticRecordFromInput(...)), so providing it bypasses the
strict field validation in computeOptimisticRecordFromInput entirely.
The avatarFile value is extracted into a shared variable to avoid
duplication between updateOneRecordInput and optimisticRecord.
---
*Generated by [Sonarly](https://sonarly.com)*
---------
Co-authored-by: Sonarly Claude Code <claude-code@sonarly.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
Co-authored-by: Etienne <etiennejouan@users.noreply.github.com>
* Fix participant matching failing due to updating all columns instead of only changed fields (#18105)
The updateMany in matchParticipants was spreading the entire participant
object into the SET clause, which included generated columns
(searchVector) and composite field columns (createdBySource) that can't
be written to. Narrowed the update to only set personId and
workspaceMemberId.
```
[1] query failed: UPDATE "workspace_3ixj3i1a5avy16ptijtb3lae3"."calendarEventParticipant" SET "id" = $1, "createdAt" = $2, "updatedAt" = $3, "deletedAt" = $4, "createdBySource" = $5, "createdByWorkspaceMemberId" = $6, "createdByName" = $7, "createdByContext" = $8, "updatedBySource" = $9, "updatedByWorkspaceMemberId" = $10, "updatedByName" = $11, "updatedByContext" = $12, "position" = $13, "searchVector" = $14, "handle" = $15, "displayName" = $16, "isOrganizer" = $17, "responseStatus" = $18, "calendarEventId" = $19, "personId" = $20, "workspaceMemberId" = $21 WHERE "id" = $22 RETURNING * -- PARAMETERS: ["f1526103-451a-429f-9743-3a81c3a3e3aa","2026-02-19T22:23:32.354Z","2026-02-19T22:23:32.354Z",null,"MANUAL",null,"System",null,"MANUAL",null,"System",null,0,"'test@test.com':1","test@test.com","",false,"NEEDS_ACTION","fb1892a8-6daf-435b-a43b-e8fe8693eb99","60bf9e82-f1b7-4bed-a1af-7039fb9c32f5",null,"f1526103-451a-429f-9743-3a81c3a3e3aa"]
[1] error: error: column "searchVector" can only be updated to DEFAULT
[1] Exception Captured
[1] undefined
[1] [
[1] PostgresException [Error]: Data validation error.
[1] at computeTwentyORMException (/Users/huzef/Documents/bounties/twenty/packages/twenty-server/dist/engine/twenty-orm/error-handling/compute-twenty-orm-exception.js:35:19)
[1] at WorkspaceUpdateQueryBuilder.executeMany (/Users/huzef/Documents/bounties/twenty/packages/twenty-server/dist/engine/twenty-orm/repository/workspace-update-query-builder.js:269:82)
[1] at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
[1] at async WorkspaceRepository.updateMany (/Users/huzef/Documents/bounties/twenty/packages/twenty-server/dist/engine/twenty-orm/repository/workspace.repository.js:234:25)
[1] at async MatchParticipantService.matchParticipants (/Users/huzef/Documents/bounties/twenty/packages/twenty-server/dist/modules/match-participant/match-participant.service.js:93:13)
[1] at async /Users/huzef/Documents/bounties/twenty/packages/twenty-server/dist/modules/match-participant/match-participant.service.js:160:13
[1] at async MatchParticipantService.matchParticipantsForPeople (/Users/huzef/Documents/bounties/twenty/packages/twenty-server/dist/modules/match-participant/match-participant.service.js:130:9)
[1] at async CalendarEventParticipantMatchParticipantJob.handle (/Users/huzef/Documents/bounties/twenty/packages/twenty-server/dist/modules/calendar/calendar-event-participant-manager/jobs/calendar-event-participant-match-participant.job.js:45:13)
[1] at async MessageQueueExplorer.invokeProcessMethods (/Users/huzef/Documents/bounties/twenty/packages/twenty-server/dist/engine/core-modules/message-queue/message-queue.explorer.js:113:17)
[1] at async MessageQueueExplorer.handleProcessor (/Users/huzef/Documents/bounties/twenty/packages/twenty-server/dist/engine/core-modules/message-queue/message-queue.explorer.js:104:13) {
[1] code: '428C9'
[1] }
[1] ]
```
* Fix global search for CJK and non-tokenizable text (#18030)
## Summary
Fixes #12962
- Adds a two-pass ILIKE fallback to the global search service
(`search.service.ts`)
- **Fast path**: runs the tsvector query first (uses GIN index,
sub-millisecond)
- **Fallback**: only if tsvector returns fewer results than the limit,
runs an ILIKE query on `searchVector::text` to catch cases where
PostgreSQL's `simple` text search config fails to tokenize (continuous
CJK text, etc.)
- Zero performance impact for the common case (Latin text where tsvector
works)
- Also adds `escapeForIlike` utility to properly escape `%`, `_`, `\` in
user input
### Why tsvector fails for CJK
PostgreSQL's `simple` config treats continuous CJK text as a single
lexeme:
- `to_tsvector('simple', '示例商业线索')` → `'示例商业线索':1`
- Searching `商业:*` only prefix-matches from the start, so it misses `商业`
in the middle
The ILIKE fallback catches these substring matches when the tsvector
path can't.
### What this fixes
- Global search (command menu / sidebar)
- Relation picker (single and multi-object)
- Morph relation picker
All three use `search.service.ts` under the hood.
Co-authored-by: mykh-hailo (original direction in #18021)
## Test plan
- [ ] Search `示例` with records `示例商业线索` and `示例-商业-线索` → both should
appear
- [ ] Search `商业` → both should appear (previously only the hyphenated
one did)
- [ ] Search for Latin text (e.g. `john`) → same performance, results
unchanged
- [ ] Relation picker search with CJK text → results appear
- [ ] Search input with special chars like `%` or `_` → no SQL
injection, results correct
Made with [Cursor](https://cursor.com)
---------
Co-authored-by: mykh-hailo <mykh-hailo@users.noreply.github.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
* Support `Skill` in manifest (#18092)
# Introduction
Support skill in manifest, pre-requisite for the twenty standard app
migration
* Remove sse feature flag (#18114)
As title
* Add default relation to standard object on custom object in manifest (#18033)
add default relation fields when creating an object from an application
---------
Co-authored-by: prastoin <paul@twenty.com>
* Unify MCP into single endpoint with lazy tool discovery (#18113)
## Summary
- Consolidates the MCP server from two endpoints (`/mcp` +
`/mcp/metadata`) into a **single `POST /mcp`** endpoint exposing five
high-level tools: `get_tool_catalog`, `learn_tools`, `execute_tool`,
`load_skills`, and `search_help_center`
- Fixes **DATABASE_CRUD tools not accessible via API key auth** by
removing an unnecessary `userId`/`userWorkspaceId` guard in
`DatabaseToolProvider` and threading `ApiKeyWorkspaceAuthContext`
through the tool context chain
- Improves tool descriptions with **STEP 1/2/3 workflow guidance** so AI
clients follow the correct discovery flow (catalog → learn → execute)
instead of guessing tool names
- Simplifies the **frontend AI settings** by removing the schema picker
dropdown (no more "Core Schema" vs "Metadata Schema" choice)
## Changes
### Backend
- **Deleted**: `mcp-metadata.controller.ts`, `mcp-metadata.service.ts`
(merged into core)
- **New**: `get-tool-catalog.tool.ts` — browsable, categorized tool
discovery
- **Fixed**: `DatabaseToolProvider.generateDescriptors` — removed guard
that blocked API key access to CRUD tools
- **Fixed**: `ToolContext` type + `ToolRegistryService` — `authContext`
now flows through so API key CRUD execution works end-to-end
- **Updated**: `McpProtocolService` — builds
`ApiKeyWorkspaceAuthContext` for API key requests
- **Updated**: All MCP tool descriptions with explicit step numbering
### Frontend
- **Simplified**: `SettingsAIMCP.tsx` — removed schema selector
dropdown, shows single MCP config
## Test plan
- [x] All 19 MCP unit tests pass (controller + protocol service)
- [x] Server and frontend lint clean
- [x] Server and frontend typecheck pass
- [x] Live-tested on localhost:3000 with API key: `get_tool_catalog`
returns 236 tools including 196 DATABASE_CRUD tools
- [x] Live-tested `execute_tool` with `find_companies` via API key —
returns real data
- [x] Tested MCP connection from Cursor IDE via project-level
`.cursor/mcp.json`
Made with [Cursor](https://cursor.com)
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* fix: hover appearing on not shared for junction relations (#18058)
Hovering over "Not Shared" in junction relations shows the placeholder
text.
<img width="1039" height="862" alt="image"
src="https://github.com/user-attachments/assets/a9523f51-c417-41b0-9926-d154c9601fd8"
/>
<br />
<br />
This PR fixes it.
<img width="1040" height="860" alt="image"
src="https://github.com/user-attachments/assets/09d5fecf-1faa-449d-86d9-a105464d31c3"
/>
* Typecheck main sdk (#18124)
* i18n - translations (#18120)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* i18n - docs translations (#18122)
Created by Github action
Co-authored-by: github-actions <github-actions@twenty.com>
* Fix search edge case with permissions (#18123)
Fix E2E tests
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* Wire fields widget to backend + basic edition (#17965)
Closes https://github.com/twentyhq/core-team-issues/issues/2215
Closes https://github.com/twentyhq/core-team-issues/issues/2216
Closes https://github.com/twentyhq/core-team-issues/issues/2218
## Fields widget edition demo
https://github.com/user-attachments/assets/08626d70-8fcb-4ae2-9222-10ef57e75f90
## Dashboards still work
https://github.com/user-attachments/assets/aa9a9c45-a0a2-481e-b132-bc52254778da
* Fix flaky 2FA encryption test for AES-256-CBC wrong-key behavior (#18126)
## Summary
- Fixes a flaky test in `simple-secret-encryption.util.spec.ts` that
fails ~1 in 256 runs
- AES-256-CBC doesn't guarantee wrong-key decryption throws — PKCS7
padding validation is probabilistic. When padding accidentally looks
valid, decryption silently returns garbage instead of throwing.
- Changed the test to verify the correct security property: wrong-key
decryption must never return the original secret (both throw and garbage
are acceptable)
- Audited both production `decryptSecret` call sites in
`two-factor-authentication.service.ts` — they always use the correct
key, so end users are not affected
## Test plan
- [x] Test passes 5/5 consecutive runs locally
- [x] Lint passes
Made with [Cursor](https://cursor.com)
Co-authored-by: Cursor <cursoragent@cursor.com>
* i18n - translations (#18127)
Created by Github action
---------
Co-authored-by: github-actions <github-actions@twenty.com>
* [FRONT COMPONENTS] Headless components (#18096)
## Description
- Add `isHeadless` field to `FrontComponent` entity so front components
can run without rendering UI in the command menu
- Introduce headless front component mounting logic:
`HeadlessFrontCompo…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
with new 'file' FILES field on attachment, UI should display attachment name from file field value.
Issue with API users updating only 'file' FILES field (and not name field anymore)