* fix: allow pro plan workspace admins to preview apps
Pro plan has multiEnvironment=false. validateVersionEnvironment blocked any
request with environment_name set — including 'development' — causing a 403
that the frontend mapped to the restricted-preview error page.
Backend: allow 'development' env through even when multi-env is disabled;
only block staging/production to prevent URL manipulation.
Frontend: use featureAccess.multiEnvironment flag in isBasicPlan check
instead of hardcoded plan === 'starter', so pro plan also skips env in the
redirect URL.
* fix: align useAppPreviewLink isBasicPlan check with multiEnvironment flag
Same pattern as AppsRoute — was checking plan === 'starter', missing pro
and basic plans. Now uses !featureAccess.multiEnvironment consistently.
* fix: preserve original URL on app-scoped logout redirect
The app-scoped branch in redirectToLoginPage hardcoded
/applications/:slug/login with no redirectTo, dropping the env/version
preview params. After re-login, AppLoginPage fell back to
/applications/:slug (released-app viewer URL), which 501s for unreleased
apps and shows "App URL Unavailable".
Mirror the workspace branch's behavior: honor avoidRedirection and
preserve the original URL as redirectTo when false. Update logoutAction
to pass false so the runtime Logout event returns the user to the same
preview view after sign-in.
Regression introduced in #15716.
* chore: update package-lock files after lts-3.16 merge
* revert: remove frontend isBasicPlan changes, backend fix is sufficient
Stripping env from the URL on the frontend is the wrong approach — for
multi-env plans, an explicit env param (e.g. staging) must be preserved.
The backend fix (allowing development env through when multi-env is
disabled) is the correct and sufficient fix.
* fix: use multiEnvironment flag to gate env param in preview URLs
Plans without multi-env access (basic, pro, starter) should not include
?env= in preview URLs — it is meaningless for them and was causing the
backend to reject the request.
Plans with multi-env (team, enterprise) preserve the env param so
per-env per-version preview links continue to work correctly.
* fix: use strict equality for multiEnvironment check to preserve env when featureAccess is not yet loaded
---------
Co-authored-by: Akshay Sasidharan <akshaysasidharan93@gmail.com>
* feat(external-api): return per-workspace inviteUrl in POST /ext/users response
* test(external-api): expand POST /ext/users coverage — roles, multi-group, and failure conditions
Adds 8 new e2e tests covering role assignment, per-workspace role variance,
multiple custom groups, and all key failure paths (duplicate email, missing
workspace, default group in groups field, nonexistent group, end-user/builder
group conflict). Also seeds the builder default group in maybeCreateDefaultGroupPermissions
to unblock role-assignment tests against test orgs.
* test(external-api): clarify conflicting-permissions error shape in users spec
* feat(external-api): update default status to INVITED in user-related DTOs and add defaultOrganizationId field
* feat(external-api): enhance invited user session guard and expand user creation tests for archived status
* feat(external-api): add tests for org-invite URL behavior based on user and workspace status
* feat(external-api): update user status handling and invite URL logic in tests
* feat(external-api): update invite URL logic and OrganizationUser status handling for active users
* fix: gate JS library loading on license fetch to fix public/released apps
JS libraries were silently skipped on public and released apps because
featureAccess?.appJsLibraries was still undefined when isComponentLayoutReady
fired. Introduces isLicenseFetched flag and handles fetch errors so the
gate is never blocked indefinitely for unauthenticated users.
* feat: remove license check for JS libraries loading in frontend and backend
* feat: QueryManager - add fx and custom message for query confirmation
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* Minor fix
* Design update
* Yes button same size as cancel button
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat: AppCanvas - hidden widget collapses to 0px per Figma update
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix: AppCanvas - stack overlapping hidden widgets in drop order
* Fallback for collapseOnhide components with top alignment
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat: add QuickBooks Online marketplace plugin
Add a QuickBooks Online Accounting API plugin with OAuth2 authentication,
86 API operations via OpenAPI spec, and @spec/ convention for DB-stored
spec files. Includes server-side spec hosting infrastructure and a fix
for duplicate footer rendering on marketplace OAuth2 datasource config pages.
* chore: update submodule pointers
* fix: use parent transaction for spec file DB operations
storeSpecFiles and updateSpecFilesForReload were wrapping each file
insert/update in a separate dbTransactionWrap call, creating independent
transactions instead of participating in the outer install/upgrade
transaction. This could leave orphan File entities if the plugin save
failed. Now uses the parent manager directly.
* fix: use sandbox API URL, remove testConnection, add state param
- Default to sandbox-quickbooks.api.intuit.com (development apps require it)
- Remove testConnection and customTesting (OAuth flow validates connection)
- Add state parameter to auth URL (required by QuickBooks)
- Add access_token validation guard in run()
- Preserve existing refresh_token if provider doesn't reissue
- Remove environment dropdown and company_id from manifest
- Add debug logging for OAuth flow tracing
* feat: add Intercom marketplace plugin and fix path-level param rendering
Add Intercom API v2.15 marketplace plugin with 162 endpoints across 30
resource groups using react-component-api-endpoint with @spec/ convention.
Fix ApiEndpointInput widget to merge path-level OpenAPI parameters into
each operation's parameters per the OpenAPI 3.0 inheritance rule. This
ensures path params declared at the path-item level (used by Intercom,
AWS, Stripe, and many others) are rendered as input fields.
* fix: set customTesting to false so framework renders Test Connection button
customTesting: false tells the framework to render its standard Test
Connection button which calls testConnection() on the backend.
customTesting: true (counterintuitively) hides the standard button,
expecting the plugin to provide custom testing UI.
* Chore: Migrate all OpenAPI plugins from external URLs to @spec/ convention (#15904)
* chore: migrate all OpenAPI plugins from external URLs to @spec/ convention
Downloads 78 OpenAPI spec files from external URLs (7 plugins from
adishM98/base-repo-testing personal repo, 2 from official provider repos,
1 from S3) and stores them locally in openapi-specs/ directories. Updates
all operations.json files to use @spec/<kind>/<name> references, which
are resolved to DB-stored specs at install time.
Eliminates runtime dependency on external GitHub repos for spec rendering.
* chore: remove one-time spec migration script
* chore: update package-locks for intercom plugin
Adds @tooljet-marketplace/intercom workspace links and dependency
entries that were missing from the prior commits.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* chore: update intercom plugin description
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat: add QuickBooks Online marketplace plugin
Add a QuickBooks Online Accounting API plugin with OAuth2 authentication,
86 API operations via OpenAPI spec, and @spec/ convention for DB-stored
spec files. Includes server-side spec hosting infrastructure and a fix
for duplicate footer rendering on marketplace OAuth2 datasource config pages.
* chore: update submodule pointers
* fix: use parent transaction for spec file DB operations
storeSpecFiles and updateSpecFilesForReload were wrapping each file
insert/update in a separate dbTransactionWrap call, creating independent
transactions instead of participating in the outer install/upgrade
transaction. This could leave orphan File entities if the plugin save
failed. Now uses the parent manager directly.
* fix: use sandbox API URL, remove testConnection, add state param
- Default to sandbox-quickbooks.api.intuit.com (development apps require it)
- Remove testConnection and customTesting (OAuth flow validates connection)
- Add state parameter to auth URL (required by QuickBooks)
- Add access_token validation guard in run()
- Preserve existing refresh_token if provider doesn't reissue
- Remove environment dropdown and company_id from manifest
- Add debug logging for OAuth flow tracing
* Chore: Migrate all OpenAPI plugins from external URLs to @spec/ convention (#15904)
* chore: migrate all OpenAPI plugins from external URLs to @spec/ convention
Downloads 78 OpenAPI spec files from external URLs (7 plugins from
adishM98/base-repo-testing personal repo, 2 from official provider repos,
1 from S3) and stores them locally in openapi-specs/ directories. Updates
all operations.json files to use @spec/<kind>/<name> references, which
are resolved to DB-stored specs at install time.
Eliminates runtime dependency on external GitHub repos for spec rendering.
* chore: remove one-time spec migration script
* POST string body
---------
Co-authored-by: Rudhra Deep Biswas <rudra21ultra@gmail.com>
Co-authored-by: gsmithun4 <gsmithun4@gmail.com>
* feat(external-apis): add LIST_MODULES, EXPORT_MODULE, IMPORT_MODULE feature keys, DTOs, and ability grants
* feat(external-apis): add CE stub modules controller and register in module
* feat(external-apis): add end-to-end tests for ExternalApisModulesController
* refactor(external-apis): simplify exportModule method signature in ExternalApisModulesController
* feat(external-apis): enhance tests for ExternalApisModulesController with additional cases for non-existent UUIDs
* feat(external-apis): update exportModule method to include exportTjdb parameter and enhance tests for its functionality
* feat(external-apis): enhance tooljet_database import schema validation and add module import/export helpers
* feat(external-apis): add tests for ExternalApisModulesController in starter and CE plans with appropriate status checks
* feat(external-apis): add tests for module and app import endpoints to validate JSON rejection
* fix: elevate role when SSO group sync maps user to builder-level custom group
* fixed falky case
* fixed granular access case
* updated selector
---------
Co-authored-by: gsmithun4 <gsmithun4@gmail.com>
Co-authored-by: Yukti Goyal <yuktigoyal02@gmail.com>
Co-authored-by: YuktiGoyal02 <100783212+YuktiGoyal02@users.noreply.github.com>
* feat(ai): add getThreadTokenUsage feature and related service methods
* chore: update subproject commit reference in frontend/ee
* chore: update subproject commit references in frontend and server
---------
Co-authored-by: johnsoncherian <johnsonc.dev@gmail.com>
* Fix: Change popover title and and add new cta label in component inspector for button group v2
* Fix: Remove width type field from label styles since only 'of the component' supported for new components
* Fix: Vertical spacing between radio buttons when layout is set to wrap
* feat: add auto-sort feature to AI queries and update related components
* feat: add Generate Query button and update selected query handling in data query slice
* chore: update subproject commits for frontend and server
* support to build modules with prompt
* module ai chat bug fix
* submodule update
* AI message bug fix
* module description added in ai metadata
* submodule update: update example prompts and icons
* submodule update: sync frontend and server submodules to latest commits
* submodule update: sync frontend and server submodules to latest commits
* submodule update: sync frontend and server submodules to latest commits
---------
Co-authored-by: Avinash <vavinash992@gmail.com>
Co-authored-by: johnsoncherian <johnsonc.dev@gmail.com>
* refresh token flow
* new auth with error standardisation
* Sbowflake improvements
* Snowflake invoke method made accessible
* snowflake improvement update
* dev testing bug fixes
* removed context file
* list tables and columns now use respective users token
* Snowflake bearer token field adding empty key value pair while editing
* PAT token flow authenticator updated
* Username for PAT token flow
* snowflake sdk version updated
* Updated placeholder for automation
* chore: update version to 3.20.152-lts
---------
Co-authored-by: Srimanitejas123 <mani@tooljet.com>
Co-authored-by: gsmithun4 <gsmithun4@gmail.com>
* feat: add auto-sort feature to AI queries and update related components
* feat: add Generate Query button and update selected query handling in data query slice
* chore: update subproject commits for frontend and server
* chore: update subproject commits for frontend and server
* chore: update subproject commits for frontend and server
* Feat: Expandable rows in Table component (#15827)
* Add event and toggle for expandable rows
* Add column to expand in table
* Setup store
* Implement expandable rows in table
* expose rowData for children components and make all containers other than first row not editable
* Added support for dynamic height for each expandable row
* Update submodule reference
* Fix: Virtualizer not getting updated in a few cases when row is expanded or collapsed and nested table wasn't getting expanded as expected
* Update submodule references
* Fix: Remove 'children' and 'data' exposed variables from Table
* Fix: Clear exposed values when expandable rows is toggled
* Fix: Remove dynamic height for expanded row for phase 1
* Fix: Move 'Enable expnadable rows' toggle to 'Row selection' section instead of 'Additional Actions'
* Update submodule references
* Implement lazy resolution for expandable rows in Table component
- Introduced `updateCustomResolvablesLazy` and `resolveExpandedRows` to handle row data without immediate resolution, improving performance for expandable rows.
- Added `clearLazyRowIndices` to manage row indices when rows are expanded or collapsed.
- Updated the store to include `lazyResolvableParents` and `lazyRowIndices` for better state management of lazy-loaded components.
- Created a new `tableComponentSlice` to encapsulate logic related to table components, enhancing modularity and maintainability.
* Fix: Use similar approach for finding indices to be resolved using separate utility function
* Fix: Implement proper store cleanup incase table is deleted or expandable rows is disabled
* Refactor: Rename `clearLazyRowIndices` to `cleanupLazyResolvables` for clarity
- Updated the Table component to use `cleanupLazyResolvables` instead of `clearLazyRowIndices` for better readability and understanding of its purpose.
- Adjusted the logic in the `resolveExpandedRows` function to populate custom resolvables only for expanded rows, improving performance and state management.
- Enhanced cleanup logic in the component's effect hooks to ensure proper resource management when the component unmounts or when expandable rows are toggled.
* Update submodule reference
* Fix: Grid outline not getting highlighted when component is being dragged inside it
* Fix: Default height of expanded container
* Fix: Row expand trigger style
* Fix: Expanded container background color and padding
* Fix: Container component crashes when components is dropped from Table row's expanded container
* Update submodule references
* updat esubmodule references
* Update submodule references
* Refactor TableData component to use constants for row heights, improving readability and maintainability.
* Refactor TableContainer and useTable hooks to integrate expandedRows state, enhancing row expansion functionality.
* Add 'Table' to restricted widgets configuration
* Enhance appCanvasConstants with row-scoped widget types and resolvable key mappings; refactor Container and codeHinterSlice to utilize new constants for improved readability and maintainability.
* Add nesting level limits for widgets in appCanvasConstants; refactor Grid and dragEnd logic to enforce nesting restrictions based on new limits, enhancing widget organization and preventing excessive nesting.
* Update sbumodule reference
* feat: add refresh button functionality to table components (#15912)
* feat: add refresh button functionality to table components
* fix: update refresh button icon from IconRefresh to IconReload
* Made the showRefershButton to false by default
* supported support for data queries as well other than raw json
* Used dependency graph to check the query reference
* Added migration for show refresh button to support backward compatibility
* fix: update loading state handling to include refresh status in Table and Header components
* enhanceed migration to backfill showRefreshButton property for Table components
* [enhancement] : Added caption in the options for dropdown and multi-select components (#15935)
* Feature: Add caption support to DropdownV2 options
* Feature: Enhance DropdownV2 and MultiselectV2 with caption support
* Chore: Add migration to backfill Table component properties (#15982)
* feat: add migration to backfill refresh button and expandable rows properties for Table components
* Implemented a new migration to set default values for showRefreshButton, enableExpandableRows, and expansionHeight in Table components.
* Added logging for migration progress and success.
* Included functionality to delete app history for structural migrations if updates occur.
* chore: remove obsolete migration for backfilling showRefreshButton property in Table components
* Deleted the migration file that backfilled the showRefreshButton property, as it is no longer needed.
* This cleanup helps maintain the codebase by removing unused files.
* fixed selector issue (#15988)
* fix: gate JS library loading on license fetch to fix public/released apps (#15994)
JS libraries were silently skipped on public and released apps because
featureAccess?.appJsLibraries was still undefined when isComponentLayoutReady
fired. Introduces isLicenseFetched flag and handles fetch errors so the
gate is never blocked indefinitely for unauthenticated users.
* Fix: Listview children not getting rendered inside Table expanded row (#16000)
* Refactor componentsSlice to generalize ancestor type checks for row-scoped widgets. Removed obsolete check for Listview and Kanban, replacing it with a more flexible ROW_SCOPED_WIDGET_TYPES array. Updated comments for clarity on parent index handling.
* Updated comments to reflect changes in handling parent indices and replaced references to Listview with a more general row-scoped ancestor terminology.
* Unable to clone/import app with multiple versions (#16001)
* feat: add workflow, module, workspace, and custom group counts to telemetry (#15932)
* feat: add workflow, module, workspace, and user group counts to telemetry
Add 4 new metrics to the telemetry payload sent to hub.tooljet.io:
- total_workflows: count of apps with type 'workflow'
- total_modules: count of apps with type 'module'
- total_workspaces: count of all organizations
- total_user_groups: count of all permission groups
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: filter telemetry user group count to custom groups only
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fixed case (#16003)
* Fixed the Ui for supabase for where and sort fields (#15965)
* Fixed the Ui for supabase for where and sort fields
* Bump version to 3.20.148-lts across all components
---------
Co-authored-by: gsmithun4 <gsmithun4@gmail.com>
* fix: handle null check in PreviewCodeBlock (#15597)
* Fix: read AWS secret key from AWS_SECRET_ACCESS_KEY in marketplace upload-to-s3 (#16047)
aws-actions/configure-aws-credentials@v4 exports AWS_SECRET_ACCESS_KEY (with
the AWS_ prefix), but the S3 uploader was reading SECRET_ACCESS_KEY, leaving
credentials.secretAccessKey undefined. aws-sdk v2 silently fell back to the
default credential provider chain so this typo went unnoticed for years; the
aws-sdk v3 migration in #15147 made an explicit credentials object
authoritative, so every upload since has failed with "Resolved credential
object is not valid" (0/567 files on recent runs).
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix(file-button): update default icon and fix section categorization (#15734)
* fix(file-button): update default icon and fix section categorization
- Change default icon of FileButton component from IconHome2 to IconFileUpload for better UX
- Set iconVisibility to true by default for FileButton
- Add FileButton to Miscellaneous section in component library
- Replace ButtonGroup with ButtonGroupV2 in Buttons section in component library
* Apply suggestions from code review
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Apply suggestion from @Copilot
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* fix(file-button): align icon validation defaultValue with new default (IconFileUpload)
Agent-Logs-Url: https://github.com/ToolJet/ToolJet/sessions/d37904fa-086e-42be-afd6-7a2918bce6e2
Co-authored-by: johnsoncherian <57667706+johnsoncherian@users.noreply.github.com>
* feat(sectionConfig): add FileButton to Buttons section and remove from Miscellaneous
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
* Dynamic height (#15993)
* Dynamic height revamp
* Redundant code cleanup
* Minor fix
* Add collapse on hide toggle to button component
* Fixed table collapse on hidden toggle missing
* Fixed listview min height issue
* Listview footer not at the bottom when dynamic height enabled fix
* Extra padding removed from textarea
* Fixed CollapseOnHide missing for KeyValuePair, CodeEditor, Richtextarea
* Fixed container height not getting properly calculated when a component with alignment set to top is present
* Accordian causing overlap fix
* Fix for container based components not recomputing height when invisible by default
* Toggling dynamic height toggle using fx fix
* Backfill CollapseOnHidden
* Minor listview fix
* Feat : MSSQL gui mode (#15826)
* GUI mode abstraction and GUI mode for postgresql
* CSS Issue and Query response fixes
* mssql changes for GUI mode
* mssql upsert operation
* mssql bug fix for errors faced in pgsql
* bug fix for MSSQL operations
* ui changes (#15964)
* dev testing bug fixes
* Bulk update backward compatibility fix
* chore: update version to 3.20.149-lts
---------
Co-authored-by: abhijeet760 <abhijeet@tooljet.com>
Co-authored-by: gsmithun4 <gsmithun4@gmail.com>
---------
Co-authored-by: Devanshu Rastogi <devanshu.rastogi05@gmail.com>
Co-authored-by: Manish Kushare <37823141+manishkushare@users.noreply.github.com>
Co-authored-by: YuktiGoyal02 <100783212+YuktiGoyal02@users.noreply.github.com>
Co-authored-by: Kavin Venkatachalam <50441969+kavinvenkatachalam@users.noreply.github.com>
Co-authored-by: Shaurya Sharma <79473274+shaurya-sharma064@users.noreply.github.com>
Co-authored-by: Akshay <akshaysasidrn@gmail.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Siddharth Pundir <145639697+Siddharthpl@users.noreply.github.com>
Co-authored-by: gsmithun4 <gsmithun4@gmail.com>
Co-authored-by: Johnson Cherian <johnsonc.dev@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Ganesh Kumar <40178541+ganesh8056@users.noreply.github.com>
Co-authored-by: abhijeet760 <abhijeet@tooljet.com>
* Dynamic height revamp
* Redundant code cleanup
* Minor fix
* Add collapse on hide toggle to button component
* Fixed table collapse on hidden toggle missing
* Fixed listview min height issue
* Listview footer not at the bottom when dynamic height enabled fix
* Extra padding removed from textarea
* Fixed CollapseOnHide missing for KeyValuePair, CodeEditor, Richtextarea
* Fixed container height not getting properly calculated when a component with alignment set to top is present
* Accordian causing overlap fix
* Fix for container based components not recomputing height when invisible by default
* Toggling dynamic height toggle using fx fix
* Backfill CollapseOnHidden
* Minor listview fix
