next-workflow-builder 0.3.0

package/dist/server/api/index.js

@@ -0,0 +1,2672 @@
+import {
+  ARRAY_INDEX_PATTERN,
+  analyzeNodeUsage,
+  buildEdgeMap,
+  conditionAction,
+  databaseQueryAction,
+  escapeForTemplateLiteral,
+  findTriggerNodes,
+  generateWorkflowModule,
+  httpRequestAction,
+  sanitizeFunctionName,
+  sanitizeStepName,
+  sanitizeVarName
+} from "../../chunk-XJ67EFQA.js";
+import {
+  auth,
+  getAuthConfig
+} from "../../chunk-P3DTV3QS.js";
+import {
+  getErrorMessageAsync
+} from "../../chunk-5YYA34YV.js";
+import {
+  BOILERPLATE_PATH,
+  CODEGEN_TEMPLATES_PATH,
+  NON_ALPHANUMERIC_REGEX,
+  TEMPLATE_EXPORT_REGEX,
+  WHITESPACE_SPLIT_REGEX
+} from "../../chunk-OQHML4II.js";
+import {
+  createIntegration,
+  deleteIntegration,
+  getIntegration,
+  getIntegrations,
+  updateIntegration,
+  validateWorkflowIntegrations
+} from "../../chunk-BNYDOC3I.js";
+import {
+  findActionById,
+  getAllEnvVars,
+  getDependenciesForActions
+} from "../../chunk-Z3BJJYHM.js";
+import {
+  accounts,
+  apiKeys,
+  db,
+  generateId,
+  logWorkflowComplete,
+  users,
+  withStepLogging,
+  workflowExecutionLogs,
+  workflowExecutions,
+  workflows
+} from "../../chunk-3MSAF2TH.js";
+
+// src/server/api/index.ts
+import { NextResponse as NextResponse5 } from "next/server";
+
+// src/server/api/api-keys.ts
+import { and, eq } from "drizzle-orm";
+import { NextResponse } from "next/server";
+import { createHash } from "crypto";
+
+// src/server/auth/resolve-user.ts
+async function resolveUser(request) {
+  const config = getAuthConfig();
+  if (config.getUser) {
+    return config.getUser(request);
+  }
+  const session = await auth.api.getSession({
+    headers: request.headers
+  });
+  if (!session?.user) return null;
+  return {
+    id: session.user.id,
+    email: session.user.email ?? void 0,
+    name: session.user.name ?? void 0
+  };
+}
+
+// src/server/api/api-keys.ts
+async function handleGetApiKeys(request) {
+  try {
+    const user = await resolveUser(request);
+    if (!user) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    const keys = await db.query.apiKeys.findMany({
+      where: eq(apiKeys.userId, user.id),
+      columns: {
+        id: true,
+        name: true,
+        keyPrefix: true,
+        createdAt: true,
+        lastUsedAt: true
+      },
+      orderBy: (table, { desc: descFn }) => [descFn(table.createdAt)]
+    });
+    return NextResponse.json(keys);
+  } catch (error) {
+    console.error("Failed to list API keys:", error);
+    return NextResponse.json({ error: "Failed to list API keys" }, { status: 500 });
+  }
+}
+async function handleCreateApiKey(request) {
+  try {
+    const user = await resolveUser(request);
+    if (!user) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    const isAnonymous = user.name === "Anonymous" || user.email?.startsWith("temp-");
+    if (isAnonymous) {
+      return NextResponse.json(
+        { error: "Anonymous users cannot create API keys" },
+        { status: 403 }
+      );
+    }
+    const body = await request.json().catch(() => ({}));
+    const name = body.name || null;
+    const { randomBytes } = await import("crypto");
+    const randomPart = randomBytes(24).toString("base64url");
+    const key = `wfb_${randomPart}`;
+    const hash = createHash("sha256").update(key).digest("hex");
+    const prefix = key.slice(0, 11);
+    const [newKey] = await db.insert(apiKeys).values({
+      userId: user.id,
+      name,
+      keyHash: hash,
+      keyPrefix: prefix
+    }).returning({
+      id: apiKeys.id,
+      name: apiKeys.name,
+      keyPrefix: apiKeys.keyPrefix,
+      createdAt: apiKeys.createdAt
+    });
+    return NextResponse.json({ ...newKey, key });
+  } catch (error) {
+    console.error("Failed to create API key:", error);
+    return NextResponse.json({ error: "Failed to create API key" }, { status: 500 });
+  }
+}
+async function handleDeleteApiKey(request, keyId) {
+  try {
+    const user = await resolveUser(request);
+    if (!user) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    const result = await db.delete(apiKeys).where(and(eq(apiKeys.id, keyId), eq(apiKeys.userId, user.id))).returning({ id: apiKeys.id });
+    if (result.length === 0) {
+      return NextResponse.json({ error: "API key not found" }, { status: 404 });
+    }
+    return NextResponse.json({ success: true });
+  } catch (error) {
+    console.error("Failed to delete API key:", error);
+    return NextResponse.json({ error: "Failed to delete API key" }, { status: 500 });
+  }
+}
+
+// src/server/api/auth.ts
+import { toNextJsHandler } from "better-auth/next-js";
+
+// src/server/api/utils.ts
+import { eq as eq2 } from "drizzle-orm";
+import { readdir, readFile } from "fs/promises";
+import { join } from "path";
+
+// src/server/lib/condition-validator.ts
+var DANGEROUS_PATTERNS = [
+  // Assignment operators
+  /(?<![=!<>])=(?!=)/g,
+  // = but not ==, ===, !=, !==, <=, >=
+  /\+=|-=|\*=|\/=|%=|\^=|\|=|&=/g,
+  // Code execution
+  /\beval\s*\(/gi,
+  /\bFunction\s*\(/gi,
+  /\bimport\s*\(/gi,
+  /\brequire\s*\(/gi,
+  /\bnew\s+\w/gi,
+  // Dangerous globals
+  /\bprocess\b/gi,
+  /\bglobal\b/gi,
+  /\bwindow\b/gi,
+  /\bdocument\b/gi,
+  /\bconstructor\b/gi,
+  /\b__proto__\b/gi,
+  /\bprototype\b/gi,
+  // Control flow that could be exploited
+  /\bwhile\s*\(/gi,
+  /\bfor\s*\(/gi,
+  /\bdo\s*\{/gi,
+  /\bswitch\s*\(/gi,
+  /\btry\s*\{/gi,
+  /\bcatch\s*\(/gi,
+  /\bfinally\s*\{/gi,
+  /\bthrow\s+/gi,
+  /\breturn\s+/gi,
+  // Template literals with expressions (could execute code)
+  /`[^`]*\$\{/g,
+  // Object literals (but NOT bracket property access)
+  /\{\s*\w+\s*:/g,
+  // Increment/decrement
+  /\+\+|--/g,
+  // Bitwise operators (rarely needed, often used in exploits)
+  /<<|>>|>>>/g,
+  // Comma operator (can chain expressions)
+  /,(?![^(]*\))/g,
+  // Comma not inside function call parentheses
+  // Semicolons (statement separator)
+  /;/g
+];
+var ALLOWED_METHODS = /* @__PURE__ */ new Set([
+  "includes",
+  "startsWith",
+  "endsWith",
+  "toString",
+  "toLowerCase",
+  "toUpperCase",
+  "trim",
+  "length"
+  // Actually a property, but accessed like .length
+]);
+var METHOD_CALL_PATTERN = /\.(\w+)\s*\(/g;
+var BRACKET_EXPRESSION_PATTERN = /(\w+)\s*\[([^\]]+)\]/g;
+var VALID_BRACKET_ACCESS_PATTERN = /^__v\d+$/;
+var VALID_BRACKET_CONTENT_PATTERN = /^(\d+|'[^']*'|"[^"]*")$/;
+var WHITESPACE_SPLIT_PATTERN = /\s+/;
+var VARIABLE_TOKEN_PATTERN = /^__v\d+/;
+var STRING_TOKEN_PATTERN = /^['"]/;
+var NUMBER_TOKEN_PATTERN = /^\d/;
+var LITERAL_TOKEN_PATTERN = /^(true|false|null|undefined)$/;
+var OPERATOR_TOKEN_PATTERN = /^(===|!==|==|!=|>=|<=|>|<|&&|\|\||!|\(|\))$/;
+var IDENTIFIER_TOKEN_PATTERN = /^[a-zA-Z_]\w*$/;
+function checkDangerousPatterns(expression) {
+  for (const pattern of DANGEROUS_PATTERNS) {
+    pattern.lastIndex = 0;
+    if (pattern.test(expression)) {
+      pattern.lastIndex = 0;
+      const match = expression.match(pattern);
+      return {
+        valid: false,
+        error: `Condition contains disallowed syntax: "${match?.[0] || "unknown"}"`
+      };
+    }
+  }
+  return { valid: true };
+}
+function checkBracketExpressions(expression) {
+  BRACKET_EXPRESSION_PATTERN.lastIndex = 0;
+  let match = null;
+  while (true) {
+    match = BRACKET_EXPRESSION_PATTERN.exec(expression);
+    if (match === null) {
+      break;
+    }
+    const beforeBracket = match[1];
+    const insideBracket = match[2].trim();
+    if (!VALID_BRACKET_ACCESS_PATTERN.test(beforeBracket)) {
+      return {
+        valid: false,
+        error: `Bracket notation is only allowed on workflow variables. Found: "${beforeBracket}[...]"`
+      };
+    }
+    if (!VALID_BRACKET_CONTENT_PATTERN.test(insideBracket)) {
+      return {
+        valid: false,
+        error: `Invalid bracket content: "[${insideBracket}]". Only numeric indices or string literals are allowed.`
+      };
+    }
+  }
+  const standaloneArrayPattern = /(?:^|[=!<>&|(\s])\s*\[/g;
+  standaloneArrayPattern.lastIndex = 0;
+  if (standaloneArrayPattern.test(expression)) {
+    return {
+      valid: false,
+      error: "Array literals are not allowed in conditions. Use workflow variables instead."
+    };
+  }
+  return { valid: true };
+}
+function checkMethodCalls(expression) {
+  METHOD_CALL_PATTERN.lastIndex = 0;
+  let match = null;
+  while (true) {
+    match = METHOD_CALL_PATTERN.exec(expression);
+    if (match === null) {
+      break;
+    }
+    const methodName = match[1];
+    if (!ALLOWED_METHODS.has(methodName)) {
+      return {
+        valid: false,
+        error: `Method "${methodName}" is not allowed in conditions. Allowed methods: ${Array.from(ALLOWED_METHODS).join(", ")}`
+      };
+    }
+  }
+  return { valid: true };
+}
+function checkParentheses(expression) {
+  let parenDepth = 0;
+  for (const char of expression) {
+    if (char === "(") {
+      parenDepth += 1;
+    }
+    if (char === ")") {
+      parenDepth -= 1;
+    }
+    if (parenDepth < 0) {
+      return { valid: false, error: "Unbalanced parentheses in condition" };
+    }
+  }
+  if (parenDepth !== 0) {
+    return { valid: false, error: "Unbalanced parentheses in condition" };
+  }
+  return { valid: true };
+}
+function isValidToken(token) {
+  if (VARIABLE_TOKEN_PATTERN.test(token)) {
+    return true;
+  }
+  if (STRING_TOKEN_PATTERN.test(token)) {
+    return true;
+  }
+  if (NUMBER_TOKEN_PATTERN.test(token)) {
+    return true;
+  }
+  if (LITERAL_TOKEN_PATTERN.test(token)) {
+    return true;
+  }
+  if (OPERATOR_TOKEN_PATTERN.test(token)) {
+    return true;
+  }
+  return false;
+}
+function checkUnauthorizedIdentifiers(expression) {
+  const tokens = expression.split(WHITESPACE_SPLIT_PATTERN).filter(Boolean);
+  for (const token of tokens) {
+    if (isValidToken(token)) {
+      continue;
+    }
+    if (IDENTIFIER_TOKEN_PATTERN.test(token) && !token.startsWith("__v")) {
+      return {
+        valid: false,
+        error: `Unknown identifier "${token}" in condition. Use template variables like {{@nodeId:Label.field}} to reference workflow data.`
+      };
+    }
+  }
+  return { valid: true };
+}
+function validateConditionExpression(expression) {
+  if (!expression || expression.trim() === "") {
+    return { valid: false, error: "Condition expression cannot be empty" };
+  }
+  const dangerousCheck = checkDangerousPatterns(expression);
+  if (!dangerousCheck.valid) {
+    return dangerousCheck;
+  }
+  const bracketCheck = checkBracketExpressions(expression);
+  if (!bracketCheck.valid) {
+    return bracketCheck;
+  }
+  const methodCheck = checkMethodCalls(expression);
+  if (!methodCheck.valid) {
+    return methodCheck;
+  }
+  const parenCheck = checkParentheses(expression);
+  if (!parenCheck.valid) {
+    return parenCheck;
+  }
+  const identifierCheck = checkUnauthorizedIdentifiers(expression);
+  if (!identifierCheck.valid) {
+    return identifierCheck;
+  }
+  return { valid: true };
+}
+function preValidateConditionExpression(expression) {
+  if (!expression || typeof expression !== "string") {
+    return { valid: false, error: "Condition must be a non-empty string" };
+  }
+  const dangerousKeywords = [
+    "eval",
+    "Function",
+    "import",
+    "require",
+    "process",
+    "global",
+    "window",
+    "document",
+    "__proto__",
+    "constructor",
+    "prototype"
+  ];
+  const lowerExpression = expression.toLowerCase();
+  for (const keyword of dangerousKeywords) {
+    if (lowerExpression.includes(keyword.toLowerCase())) {
+      return {
+        valid: false,
+        error: `Condition contains disallowed keyword: "${keyword}"`
+      };
+    }
+  }
+  return { valid: true };
+}
+
+// src/server/lib/steps/trigger.ts
+import "server-only";
+function executeTrigger(input) {
+  return {
+    success: true,
+    data: input.triggerData
+  };
+}
+async function triggerStep(input) {
+  "use step";
+  if (input._workflowComplete) {
+    await logWorkflowComplete(input._workflowComplete);
+    return { success: true, data: {} };
+  }
+  return withStepLogging(input, () => Promise.resolve(executeTrigger(input)));
+}
+triggerStep.maxRetries = 0;
+
+// src/server/lib/workflow-executor.workflow.ts
+var SYSTEM_ACTIONS = {
+  "Database Query": {
+    // biome-ignore lint/suspicious/noExplicitAny: Dynamic module import
+    importer: () => import("../../database-query-GRWP3S3M.js"),
+    stepFunction: "databaseQueryStep"
+  },
+  "HTTP Request": {
+    // biome-ignore lint/suspicious/noExplicitAny: Dynamic module import
+    importer: () => import("../../http-request-2HVCXQHK.js"),
+    stepFunction: "httpRequestStep"
+  },
+  Condition: {
+    // biome-ignore lint/suspicious/noExplicitAny: Dynamic module import
+    importer: () => import("../../condition-SFT7Y5YJ.js"),
+    stepFunction: "conditionStep"
+  }
+};
+function replaceTemplateVariable(match, nodeId, rest, outputs, evalContext, varCounter) {
+  const sanitizedNodeId = nodeId.replace(/[^a-zA-Z0-9]/g, "_");
+  const output = outputs[sanitizedNodeId];
+  if (!output) {
+    console.log("[Condition] Output not found for node:", sanitizedNodeId);
+    return match;
+  }
+  const dotIndex = rest.indexOf(".");
+  let value;
+  if (dotIndex === -1) {
+    value = output.data;
+  } else if (output.data === null || output.data === void 0) {
+    value = void 0;
+  } else {
+    const fieldPath = rest.substring(dotIndex + 1);
+    const fields = fieldPath.split(".");
+    let current = output.data;
+    const firstField = fields[0];
+    if (current && typeof current === "object" && "success" in current && "data" in current && firstField !== "success" && firstField !== "data" && firstField !== "error") {
+      current = current.data;
+    }
+    for (const field of fields) {
+      if (current && typeof current === "object") {
+        current = current[field];
+      } else {
+        console.log("[Condition] Field access failed:", fieldPath);
+        value = void 0;
+        break;
+      }
+    }
+    if (value === void 0 && current !== void 0) {
+      value = current;
+    }
+  }
+  const varName = `__v${varCounter.value}`;
+  varCounter.value += 1;
+  evalContext[varName] = value;
+  return varName;
+}
+function evaluateConditionExpression(conditionExpression, outputs) {
+  console.log("[Condition] Original expression:", conditionExpression);
+  if (typeof conditionExpression === "boolean") {
+    return { result: conditionExpression, resolvedValues: {} };
+  }
+  if (typeof conditionExpression === "string") {
+    const preValidation = preValidateConditionExpression(conditionExpression);
+    if (!preValidation.valid) {
+      console.error("[Condition] Pre-validation failed:", preValidation.error);
+      console.error("[Condition] Expression was:", conditionExpression);
+      return { result: false, resolvedValues: {} };
+    }
+    try {
+      const evalContext = {};
+      const resolvedValues = {};
+      let transformedExpression = conditionExpression;
+      const templatePattern = /\{\{@([^:]+):([^}]+)\}\}/g;
+      const varCounter = { value: 0 };
+      transformedExpression = transformedExpression.replace(
+        templatePattern,
+        (match, nodeId, rest) => {
+          const varName = replaceTemplateVariable(
+            match,
+            nodeId,
+            rest,
+            outputs,
+            evalContext,
+            varCounter
+          );
+          resolvedValues[rest] = evalContext[varName];
+          return varName;
+        }
+      );
+      const validation = validateConditionExpression(transformedExpression);
+      if (!validation.valid) {
+        console.error("[Condition] Validation failed:", validation.error);
+        console.error("[Condition] Original expression:", conditionExpression);
+        console.error(
+          "[Condition] Transformed expression:",
+          transformedExpression
+        );
+        return { result: false, resolvedValues };
+      }
+      const varNames = Object.keys(evalContext);
+      const varValues = Object.values(evalContext);
+      const evalFunc = new Function(
+        ...varNames,
+        `return (${transformedExpression});`
+      );
+      const result = evalFunc(...varValues);
+      return { result: Boolean(result), resolvedValues };
+    } catch (error) {
+      console.error("[Condition] Failed to evaluate condition:", error);
+      console.error("[Condition] Expression was:", conditionExpression);
+      return { result: false, resolvedValues: {} };
+    }
+  }
+  return { result: Boolean(conditionExpression), resolvedValues: {} };
+}
+async function executeActionStep(input) {
+  const { actionType, config, outputs, context } = input;
+  const stepInput = {
+    ...config,
+    _context: context
+  };
+  if (actionType === "Condition") {
+    const systemAction2 = SYSTEM_ACTIONS.Condition;
+    const module = await systemAction2.importer();
+    const originalExpression = stepInput.condition;
+    const { result: evaluatedCondition, resolvedValues } = evaluateConditionExpression(originalExpression, outputs);
+    console.log("[Condition] Final result:", evaluatedCondition);
+    return await module[systemAction2.stepFunction]({
+      condition: evaluatedCondition,
+      // Include original expression and resolved values for logging purposes
+      expression: typeof originalExpression === "string" ? originalExpression : void 0,
+      values: Object.keys(resolvedValues).length > 0 ? resolvedValues : void 0,
+      _context: context
+    });
+  }
+  const systemAction = SYSTEM_ACTIONS[actionType];
+  if (systemAction) {
+    const module = await systemAction.importer();
+    const stepFunction = module[systemAction.stepFunction];
+    return await stepFunction(stepInput);
+  }
+  const { getStepImporter } = await import("virtual:workflow-builder-step-registry");
+  const stepImporter = getStepImporter(actionType);
+  if (stepImporter) {
+    const module = await stepImporter.importer();
+    const stepFunction = module[stepImporter.stepFunction];
+    if (stepFunction) {
+      return await stepFunction(stepInput);
+    }
+    return {
+      success: false,
+      error: `Step function "${stepImporter.stepFunction}" not found in module for action "${actionType}". Check that the plugin exports the correct function name.`
+    };
+  }
+  return {
+    success: false,
+    error: `Unknown action type: "${actionType}". This action is not registered in the plugin system. Available system actions: ${Object.keys(SYSTEM_ACTIONS).join(", ")}.`
+  };
+}
+function processTemplates(config, outputs) {
+  const processed = {};
+  for (const [key, value] of Object.entries(config)) {
+    if (typeof value === "string") {
+      let processedValue = value;
+      const templatePattern = /\{\{@([^:]+):([^}]+)\}\}/g;
+      processedValue = processedValue.replace(
+        templatePattern,
+        // biome-ignore lint/complexity/noExcessiveCognitiveComplexity: Template processing requires nested logic
+        (match, nodeId, rest) => {
+          const sanitizedNodeId = nodeId.replace(/[^a-zA-Z0-9]/g, "_");
+          const output = outputs[sanitizedNodeId];
+          if (!output) {
+            return match;
+          }
+          const dotIndex = rest.indexOf(".");
+          if (dotIndex === -1) {
+            const data = output.data;
+            if (data === null || data === void 0) {
+              return "";
+            }
+            if (typeof data === "object") {
+              return JSON.stringify(data);
+            }
+            return String(data);
+          }
+          if (output.data === null || output.data === void 0) {
+            return "";
+          }
+          const fieldPath = rest.substring(dotIndex + 1);
+          const fields = fieldPath.split(".");
+          let current = output.data;
+          const firstField = fields[0];
+          if (current && typeof current === "object" && "success" in current && "data" in current && firstField !== "success" && firstField !== "data" && firstField !== "error") {
+            current = current.data;
+          }
+          for (const field of fields) {
+            if (current && typeof current === "object") {
+              current = current[field];
+            } else {
+              return "";
+            }
+          }
+          if (current === null || current === void 0) {
+            return "";
+          }
+          if (typeof current === "object") {
+            return JSON.stringify(current);
+          }
+          return String(current);
+        }
+      );
+      processed[key] = processedValue;
+    } else {
+      processed[key] = value;
+    }
+  }
+  return processed;
+}
+async function executeWorkflow(input) {
+  "use workflow";
+  console.log("[Workflow Executor] Starting workflow execution");
+  const { nodes, edges, triggerInput = {}, executionId, workflowId } = input;
+  console.log("[Workflow Executor] Input:", {
+    nodeCount: nodes.length,
+    edgeCount: edges.length,
+    hasExecutionId: !!executionId,
+    workflowId: workflowId || "none"
+  });
+  const outputs = {};
+  const results = {};
+  const nodeMap = new Map(nodes.map((n) => [n.id, n]));
+  const edgesBySource = /* @__PURE__ */ new Map();
+  for (const edge of edges) {
+    const targets = edgesBySource.get(edge.source) || [];
+    targets.push(edge.target);
+    edgesBySource.set(edge.source, targets);
+  }
+  const nodesWithIncoming = new Set(edges.map((e) => e.target));
+  const triggerNodes = nodes.filter(
+    (node) => node.data.type === "trigger" && !nodesWithIncoming.has(node.id)
+  );
+  console.log(
+    "[Workflow Executor] Found",
+    triggerNodes.length,
+    "trigger nodes"
+  );
+  const { getActionLabel } = await import("virtual:workflow-builder-step-registry");
+  function getNodeName(node) {
+    if (node.data.label) {
+      return node.data.label;
+    }
+    if (node.data.type === "action") {
+      const actionType = node.data.config?.actionType;
+      if (actionType) {
+        const label = getActionLabel(actionType);
+        if (label) {
+          return label;
+        }
+      }
+      return "Action";
+    }
+    if (node.data.type === "trigger") {
+      return node.data.config?.triggerType || "Trigger";
+    }
+    return node.data.type;
+  }
+  async function executeNode(nodeId, visited = /* @__PURE__ */ new Set()) {
+    console.log("[Workflow Executor] Executing node:", nodeId);
+    if (visited.has(nodeId)) {
+      console.log("[Workflow Executor] Node already visited, skipping");
+      return;
+    }
+    visited.add(nodeId);
+    const node = nodeMap.get(nodeId);
+    if (!node) {
+      console.log("[Workflow Executor] Node not found:", nodeId);
+      return;
+    }
+    if (node.data.enabled === false) {
+      console.log("[Workflow Executor] Skipping disabled node:", nodeId);
+      const sanitizedNodeId = nodeId.replace(/[^a-zA-Z0-9]/g, "_");
+      outputs[sanitizedNodeId] = {
+        label: node.data.label || nodeId,
+        data: null
+      };
+      const nextNodes = edgesBySource.get(nodeId) || [];
+      await Promise.all(
+        nextNodes.map((nextNodeId) => executeNode(nextNodeId, visited))
+      );
+      return;
+    }
+    try {
+      let result;
+      if (node.data.type === "trigger") {
+        console.log("[Workflow Executor] Executing trigger node");
+        const config = node.data.config || {};
+        const triggerType = config.triggerType;
+        let triggerData = {
+          triggered: true,
+          timestamp: Date.now()
+        };
+        if (triggerType === "Webhook" && config.webhookMockRequest && (!triggerInput || Object.keys(triggerInput).length === 0)) {
+          try {
+            const mockData = JSON.parse(config.webhookMockRequest);
+            triggerData = { ...triggerData, ...mockData };
+            console.log(
+              "[Workflow Executor] Using webhook mock request data:",
+              mockData
+            );
+          } catch (error) {
+            console.error(
+              "[Workflow Executor] Failed to parse webhook mock request:",
+              error
+            );
+          }
+        } else if (triggerInput && Object.keys(triggerInput).length > 0) {
+          triggerData = { ...triggerData, ...triggerInput };
+        }
+        const triggerContext = {
+          executionId,
+          nodeId: node.id,
+          nodeName: getNodeName(node),
+          nodeType: node.data.type
+        };
+        const triggerResult = await triggerStep({
+          triggerData,
+          _context: triggerContext
+        });
+        result = {
+          success: triggerResult.success,
+          data: triggerResult.data
+        };
+      } else if (node.data.type === "action") {
+        const config = node.data.config || {};
+        const actionType = config.actionType;
+        console.log("[Workflow Executor] Executing action node:", actionType);
+        if (!actionType) {
+          result = {
+            success: false,
+            error: `Action node "${node.data.label || node.id}" has no action type configured`
+          };
+          results[nodeId] = result;
+          return;
+        }
+        const configWithoutCondition = { ...config };
+        const originalCondition = config.condition;
+        configWithoutCondition.condition = void 0;
+        const processedConfig = processTemplates(
+          configWithoutCondition,
+          outputs
+        );
+        if (originalCondition !== void 0) {
+          processedConfig.condition = originalCondition;
+        }
+        const stepContext = {
+          executionId,
+          nodeId: node.id,
+          nodeName: getNodeName(node),
+          nodeType: actionType
+        };
+        console.log("[Workflow Executor] Calling executeActionStep");
+        const stepResult = await executeActionStep({
+          actionType,
+          config: processedConfig,
+          outputs,
+          context: stepContext
+        });
+        console.log("[Workflow Executor] Step result received:", {
+          hasResult: !!stepResult,
+          resultType: typeof stepResult
+        });
+        const isErrorResult = stepResult && typeof stepResult === "object" && "success" in stepResult && stepResult.success === false;
+        if (isErrorResult) {
+          const errorResult = stepResult;
+          const errorMessage = typeof errorResult.error === "string" ? errorResult.error : errorResult.error?.message || `Step "${actionType}" in node "${node.data.label || node.id}" failed without a specific error message.`;
+          console.error(`[Workflow Executor] Step "${actionType}" failed:`, errorMessage);
+          result = {
+            success: false,
+            error: errorMessage
+          };
+        } else {
+          result = {
+            success: true,
+            data: stepResult
+          };
+        }
+      } else {
+        console.log("[Workflow Executor] Unknown node type:", node.data.type);
+        result = {
+          success: false,
+          error: `Unknown node type "${node.data.type}" in node "${node.data.label || node.id}". Expected "trigger" or "action".`
+        };
+      }
+      results[nodeId] = result;
+      const sanitizedNodeId = nodeId.replace(/[^a-zA-Z0-9]/g, "_");
+      outputs[sanitizedNodeId] = {
+        label: node.data.label || nodeId,
+        data: result.data
+      };
+      console.log("[Workflow Executor] Node execution completed:", {
+        nodeId,
+        success: result.success
+      });
+      if (result.success) {
+        const isConditionNode = node.data.type === "action" && node.data.config?.actionType === "Condition";
+        if (isConditionNode) {
+          const conditionResult = result.data?.condition;
+          console.log(
+            "[Workflow Executor] Condition node result:",
+            conditionResult
+          );
+          if (conditionResult === true) {
+            const nextNodes = edgesBySource.get(nodeId) || [];
+            console.log(
+              "[Workflow Executor] Condition is true, executing",
+              nextNodes.length,
+              "next nodes in parallel"
+            );
+            await Promise.all(
+              nextNodes.map((nextNodeId) => executeNode(nextNodeId, visited))
+            );
+          } else {
+            console.log(
+              "[Workflow Executor] Condition is false, skipping next nodes"
+            );
+          }
+        } else {
+          const nextNodes = edgesBySource.get(nodeId) || [];
+          console.log(
+            "[Workflow Executor] Executing",
+            nextNodes.length,
+            "next nodes in parallel"
+          );
+          await Promise.all(
+            nextNodes.map((nextNodeId) => executeNode(nextNodeId, visited))
+          );
+        }
+      }
+    } catch (error) {
+      console.error("[Workflow Executor] Error executing node:", nodeId, error);
+      const errorMessage = await getErrorMessageAsync(error);
+      const errorResult = {
+        success: false,
+        error: errorMessage
+      };
+      results[nodeId] = errorResult;
+    }
+  }
+  try {
+    console.log("[Workflow Executor] Starting execution from trigger nodes");
+    const workflowStartTime = Date.now();
+    await Promise.all(triggerNodes.map((trigger) => executeNode(trigger.id)));
+    const finalSuccess = Object.values(results).every((r) => r.success);
+    const duration = Date.now() - workflowStartTime;
+    console.log("[Workflow Executor] Workflow execution completed:", {
+      success: finalSuccess,
+      resultCount: Object.keys(results).length,
+      duration
+    });
+    if (executionId) {
+      try {
+        await triggerStep({
+          triggerData: {},
+          _workflowComplete: {
+            executionId,
+            status: finalSuccess ? "success" : "error",
+            output: Object.values(results).at(-1)?.data,
+            error: Object.values(results).find((r) => !r.success)?.error,
+            startTime: workflowStartTime
+          }
+        });
+        console.log("[Workflow Executor] Updated execution record");
+      } catch (error) {
+        console.error(
+          "[Workflow Executor] Failed to update execution record:",
+          error
+        );
+      }
+    }
+    return {
+      success: finalSuccess,
+      results,
+      outputs
+    };
+  } catch (error) {
+    console.error(
+      "[Workflow Executor] Fatal error during workflow execution:",
+      error
+    );
+    const errorMessage = await getErrorMessageAsync(error);
+    if (executionId) {
+      try {
+        await triggerStep({
+          triggerData: {},
+          _workflowComplete: {
+            executionId,
+            status: "error",
+            error: errorMessage,
+            startTime: Date.now()
+          }
+        });
+      } catch (logError) {
+        console.error("[Workflow Executor] Failed to log error:", logError);
+      }
+    }
+    return {
+      success: false,
+      results,
+      outputs,
+      error: errorMessage
+    };
+  }
+}
+
+// src/server/api/utils.ts
+var corsHeaders = {
+  "Access-Control-Allow-Origin": "*",
+  "Access-Control-Allow-Methods": "POST, OPTIONS",
+  "Access-Control-Allow-Headers": "Content-Type, Authorization"
+};
+function extractPath(request) {
+  const url = new URL(request.url);
+  const pathname = url.pathname;
+  const prefix = "/api/workflow-builder/";
+  const idx = pathname.indexOf(prefix);
+  if (idx === -1) {
+    const apiIdx = pathname.indexOf("/api/");
+    if (apiIdx === -1) return [];
+    const afterApi = pathname.slice(apiIdx + 5);
+    return afterApi.split("/").filter(Boolean);
+  }
+  const afterPrefix = pathname.slice(idx + prefix.length);
+  return afterPrefix.split("/").filter(Boolean);
+}
+function rebuildRequest(request, newUrl) {
+  return new Request(newUrl, {
+    method: request.method,
+    headers: request.headers,
+    body: request.body,
+    duplex: "half"
+  });
+}
+async function executeWorkflowBackground(executionId, workflowId, nodes, edges, input) {
+  try {
+    await executeWorkflow({
+      nodes,
+      edges,
+      triggerInput: input,
+      executionId,
+      workflowId
+    });
+  } catch (error) {
+    console.error("[Workflow Execute] Error during execution:", error);
+    await db.update(workflowExecutions).set({
+      status: "error",
+      error: error instanceof Error ? error.message : "Unknown error",
+      completedAt: /* @__PURE__ */ new Date()
+    }).where(eq2(workflowExecutions.id, executionId));
+  }
+}
+function buildWorkflowUpdateData(body) {
+  const updateData = { updatedAt: /* @__PURE__ */ new Date() };
+  if (body.name !== void 0) updateData.name = body.name;
+  if (body.description !== void 0) updateData.description = body.description;
+  if (body.nodes !== void 0) updateData.nodes = body.nodes;
+  if (body.edges !== void 0) updateData.edges = body.edges;
+  if (body.visibility !== void 0) updateData.visibility = body.visibility;
+  return updateData;
+}
+function sanitizeNodesForPublicView(nodes) {
+  return nodes.map((node) => {
+    const sanitizedNode = { ...node };
+    if (sanitizedNode.data && typeof sanitizedNode.data === "object" && sanitizedNode.data !== null) {
+      const data = { ...sanitizedNode.data };
+      if (data.config && typeof data.config === "object" && data.config !== null) {
+        const { integrationId: _, ...configWithoutIntegration } = data.config;
+        data.config = configWithoutIntegration;
+      }
+      sanitizedNode.data = data;
+    }
+    return sanitizedNode;
+  });
+}
+async function readDirectoryRecursive(dirPath, baseDir = dirPath) {
+  const files = {};
+  const entries = await readdir(dirPath, { withFileTypes: true });
+  for (const entry of entries) {
+    const fullPath = join(dirPath, entry.name);
+    if (entry.isDirectory()) {
+      const subFiles = await readDirectoryRecursive(fullPath, baseDir);
+      Object.assign(files, subFiles);
+    } else if (entry.isFile()) {
+      const content = await readFile(fullPath, "utf-8");
+      const relativePath = fullPath.substring(baseDir.length + 1);
+      files[relativePath] = content;
+    }
+  }
+  return files;
+}
+function generateWorkflowFiles(workflow) {
+  const files = {};
+  const baseName = workflow.name.replace(NON_ALPHANUMERIC_REGEX, "").split(WHITESPACE_SPLIT_REGEX).map((word, i) => {
+    if (i === 0) {
+      return word.toLowerCase();
+    }
+    return word.charAt(0).toUpperCase() + word.slice(1).toLowerCase();
+  }).join("") || "execute";
+  const functionName = `${baseName}Workflow`;
+  const workflowCode = generateWorkflowModule(
+    workflow.name,
+    workflow.nodes,
+    workflow.edges,
+    { functionName }
+  );
+  const fileName = sanitizeFileName(workflow.name);
+  files[`workflows/${fileName}.ts`] = workflowCode;
+  files[`app/api/workflows/${fileName}/route.ts`] = `import { start } from 'workflow/api';
+import { ${functionName} } from '@/workflows/${fileName}';
+import { NextResponse } from 'next/server';
+
+export async function POST(request: Request) {
+  try {
+    const body = await request.json();
+    
+    // Start the workflow execution
+    await start(${functionName}, [body]);
+    
+    return NextResponse.json({
+      success: true,
+      message: 'Workflow started successfully',
+    });
+  } catch (error) {
+    return NextResponse.json(
+      {
+        success: false,
+        error: error instanceof Error ? error.message : 'Unknown error',
+      },
+      { status: 500 }
+    );
+  }
+}
+`;
+  files["app/page.tsx"] = `export default function Home() {
+  return (
+    <main className="p-8">
+      <h1 className="text-2xl font-bold mb-4">Workflow: ${workflow.name}</h1>
+      <p className="mb-4 text-gray-600">API endpoint:</p>
+      <ul className="list-disc pl-6 space-y-2">
+        <li>
+          <a href="/api/workflows/${fileName}" className="text-blue-600 hover:underline">
+            /api/workflows/${fileName}
+          </a>
+        </li>
+      </ul>
+    </main>
+  );
+}
+`;
+  return files;
+}
+function getIntegrationDependencies(nodes) {
+  const actionTypes = nodes.filter((node) => node.data.type === "action").map((node) => node.data.config?.actionType).filter(Boolean);
+  return getDependenciesForActions(actionTypes);
+}
+function generateEnvExample() {
+  const lines = ["# Add your environment variables here"];
+  lines.push("");
+  lines.push("# For database integrations");
+  lines.push("DATABASE_URL=your_database_url");
+  const envVars = getAllEnvVars();
+  const groupedByPrefix = {};
+  for (const envVar of envVars) {
+    const prefix = envVar.name.split("_")[0];
+    if (!groupedByPrefix[prefix]) {
+      groupedByPrefix[prefix] = [];
+    }
+    groupedByPrefix[prefix].push(envVar);
+  }
+  for (const [prefix, vars] of Object.entries(groupedByPrefix)) {
+    lines.push(
+      `# For ${prefix.charAt(0) + prefix.slice(1).toLowerCase()} integration`
+    );
+    for (const v of vars) {
+      lines.push(`${v.name}=your_${v.name.toLowerCase()}`);
+    }
+    lines.push("");
+  }
+  return lines.join("\n");
+}
+function sanitizeFileName(name) {
+  return name.toLowerCase().replace(/[^a-z0-9]/g, "-").replace(/-+/g, "-").replace(/^-|-$/g, "");
+}
+
+// src/server/api/auth.ts
+var { GET: authGet, POST: authPost } = toNextJsHandler(auth);
+async function handleAuth(request, pathSegments) {
+  const authPath = "/api/auth/" + pathSegments.slice(1).join("/");
+  const url = new URL(request.url);
+  const newUrl = `${url.origin}${authPath}${url.search}`;
+  const newRequest = rebuildRequest(request, newUrl);
+  if (request.method === "GET")
+    return authGet(newRequest);
+  return authPost(newRequest);
+}
+
+// src/server/api/integrations.ts
+import { NextResponse as NextResponse2 } from "next/server";
+async function handleGetIntegrations(request) {
+  try {
+    const user = await resolveUser(request);
+    if (!user) return NextResponse2.json({ error: "Unauthorized" }, { status: 401 });
+    const { searchParams } = new URL(request.url);
+    const typeFilter = searchParams.get("type");
+    const intgList = await getIntegrations(user.id, typeFilter || void 0);
+    return NextResponse2.json(
+      intgList.map((i) => ({
+        id: i.id,
+        name: i.name,
+        type: i.type,
+        isManaged: i.isManaged ?? false,
+        createdAt: i.createdAt.toISOString(),
+        updatedAt: i.updatedAt.toISOString()
+      }))
+    );
+  } catch (error) {
+    console.error("Failed to get integrations:", error);
+    return NextResponse2.json(
+      { error: "Failed to get integrations", details: error instanceof Error ? error.message : "Unknown error" },
+      { status: 500 }
+    );
+  }
+}
+async function handleCreateIntegration(request) {
+  try {
+    const user = await resolveUser(request);
+    if (!user) return NextResponse2.json({ error: "Unauthorized" }, { status: 401 });
+    const body = await request.json();
+    if (!(body.type && body.config)) {
+      return NextResponse2.json({ error: "Type and config are required" }, { status: 400 });
+    }
+    const integration = await createIntegration(
+      user.id,
+      body.name || "",
+      body.type,
+      body.config
+    );
+    return NextResponse2.json({
+      id: integration.id,
+      name: integration.name,
+      type: integration.type,
+      createdAt: integration.createdAt.toISOString(),
+      updatedAt: integration.updatedAt.toISOString()
+    });
+  } catch (error) {
+    console.error("Failed to create integration:", error);
+    return NextResponse2.json(
+      { error: "Failed to create integration", details: error instanceof Error ? error.message : "Unknown error" },
+      { status: 500 }
+    );
+  }
+}
+async function handleGetIntegration(request, integrationId) {
+  try {
+    const user = await resolveUser(request);
+    if (!user) return NextResponse2.json({ error: "Unauthorized" }, { status: 401 });
+    const integration = await getIntegration(integrationId, user.id);
+    if (!integration) {
+      return NextResponse2.json({ error: "Integration not found" }, { status: 404 });
+    }
+    return NextResponse2.json({
+      id: integration.id,
+      name: integration.name,
+      type: integration.type,
+      config: integration.config,
+      createdAt: integration.createdAt.toISOString(),
+      updatedAt: integration.updatedAt.toISOString()
+    });
+  } catch (error) {
+    console.error("Failed to get integration:", error);
+    return NextResponse2.json(
+      { error: "Failed to get integration", details: error instanceof Error ? error.message : "Unknown error" },
+      { status: 500 }
+    );
+  }
+}
+async function handleUpdateIntegration(request, integrationId) {
+  try {
+    const user = await resolveUser(request);
+    if (!user) return NextResponse2.json({ error: "Unauthorized" }, { status: 401 });
+    const body = await request.json();
+    const integration = await updateIntegration(integrationId, user.id, body);
+    if (!integration) {
+      return NextResponse2.json({ error: "Integration not found" }, { status: 404 });
+    }
+    return NextResponse2.json({
+      id: integration.id,
+      name: integration.name,
+      type: integration.type,
+      config: integration.config,
+      createdAt: integration.createdAt.toISOString(),
+      updatedAt: integration.updatedAt.toISOString()
+    });
+  } catch (error) {
+    console.error("Failed to update integration:", error);
+    return NextResponse2.json(
+      { error: "Failed to update integration", details: error instanceof Error ? error.message : "Unknown error" },
+      { status: 500 }
+    );
+  }
+}
+async function handleDeleteIntegration(request, integrationId) {
+  try {
+    const user = await resolveUser(request);
+    if (!user) return NextResponse2.json({ error: "Unauthorized" }, { status: 401 });
+    const success = await deleteIntegration(integrationId, user.id);
+    if (!success) {
+      return NextResponse2.json({ error: "Integration not found" }, { status: 404 });
+    }
+    return NextResponse2.json({ success: true });
+  } catch (error) {
+    console.error("Failed to delete integration:", error);
+    return NextResponse2.json(
+      { error: "Failed to delete integration", details: error instanceof Error ? error.message : "Unknown error" },
+      { status: 500 }
+    );
+  }
+}
+async function handleTestIntegration(request, integrationId) {
+  try {
+    const user = await resolveUser(request);
+    if (!user) return NextResponse2.json({ error: "Unauthorized" }, { status: 401 });
+    const integration = await getIntegration(integrationId, user.id);
+    if (!integration) {
+      return NextResponse2.json({ error: "Integration not found" }, { status: 404 });
+    }
+    if (integration.type === "database") {
+      return NextResponse2.json({ status: "success", message: "Integration exists" });
+    }
+    return NextResponse2.json({ status: "success", message: "Integration exists" });
+  } catch (error) {
+    console.error("Failed to test integration:", error);
+    return NextResponse2.json(
+      { status: "error", message: error instanceof Error ? error.message : "Failed to test connection" },
+      { status: 500 }
+    );
+  }
+}
+async function handleTestIntegrationCredentials(request) {
+  try {
+    const user = await resolveUser(request);
+    if (!user) return NextResponse2.json({ error: "Unauthorized" }, { status: 401 });
+    const body = await request.json();
+    if (!(body.type && body.config)) {
+      return NextResponse2.json({ error: "Type and config are required" }, { status: 400 });
+    }
+    return NextResponse2.json({ status: "success", message: "Credentials accepted" });
+  } catch (error) {
+    console.error("Failed to test credentials:", error);
+    return NextResponse2.json(
+      { status: "error", message: error instanceof Error ? error.message : "Failed to test connection" },
+      { status: 500 }
+    );
+  }
+}
+
+// src/server/api/users.ts
+import { eq as eq3 } from "drizzle-orm";
+import { NextResponse as NextResponse3 } from "next/server";
+async function handleGetUser(request) {
+  try {
+    const user = await resolveUser(request);
+    if (!user) return NextResponse3.json({ error: "Unauthorized" }, { status: 401 });
+    const userData = await db.query.users.findFirst({
+      where: eq3(users.id, user.id),
+      columns: {
+        id: true,
+        name: true,
+        email: true,
+        image: true,
+        isAnonymous: true
+      }
+    });
+    if (!userData) {
+      return NextResponse3.json({ error: "User not found" }, { status: 404 });
+    }
+    const userAccount = await db.query.accounts.findFirst({
+      where: eq3(accounts.userId, user.id),
+      columns: { providerId: true }
+    });
+    return NextResponse3.json({
+      ...userData,
+      providerId: userAccount?.providerId ?? null
+    });
+  } catch (error) {
+    console.error("Failed to get user:", error);
+    return NextResponse3.json(
+      { error: error instanceof Error ? error.message : "Failed to get user" },
+      { status: 500 }
+    );
+  }
+}
+async function handleUpdateUser(request) {
+  try {
+    const user = await resolveUser(request);
+    if (!user) return NextResponse3.json({ error: "Unauthorized" }, { status: 401 });
+    const userAccount = await db.query.accounts.findFirst({
+      where: eq3(accounts.userId, user.id),
+      columns: { providerId: true }
+    });
+    const oauthProviders = ["vercel", "github", "google"];
+    if (userAccount && oauthProviders.includes(userAccount.providerId)) {
+      return NextResponse3.json(
+        { error: "Cannot update profile for OAuth users" },
+        { status: 403 }
+      );
+    }
+    const body = await request.json();
+    const updates = {};
+    if (body.name !== void 0) updates.name = body.name;
+    if (body.email !== void 0) updates.email = body.email;
+    await db.update(users).set(updates).where(eq3(users.id, user.id));
+    return NextResponse3.json({ success: true });
+  } catch (error) {
+    console.error("Failed to update user:", error);
+    return NextResponse3.json(
+      { error: error instanceof Error ? error.message : "Failed to update user" },
+      { status: 500 }
+    );
+  }
+}
+
+// src/server/api/workflows.ts
+import { and as and2, desc, eq as eq4, inArray } from "drizzle-orm";
+import { NextResponse as NextResponse4 } from "next/server";
+import { createHash as createHash2 } from "crypto";
+
+// src/client/lib/workflow-codegen-sdk.ts
+import "server-only";
+var SYSTEM_CODEGEN_TEMPLATES = {
+  "Database Query": databaseQueryAction.codeGenerator,
+  "HTTP Request": httpRequestAction.codeGenerator,
+  Condition: conditionAction.codeGenerator
+};
+var FUNCTION_BODY_REGEX = /export\s+(?:async\s+)?function\s+\w+\s*\([^)]*\)\s*(?::\s*[^{]+)?\s*\{([\s\S]*)\}/;
+function loadStepImplementation(actionType) {
+  let template = SYSTEM_CODEGEN_TEMPLATES[actionType];
+  if (!template) {
+    const action = findActionById(actionType);
+    if (action?.codegenTemplate) {
+      template = action.codegenTemplate;
+    }
+  }
+  if (!template) {
+    return null;
+  }
+  try {
+    const functionMatch = template.match(FUNCTION_BODY_REGEX);
+    if (functionMatch) {
+      return functionMatch[1].trim();
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+function processNewFormatID(trimmed, match) {
+  const withoutAt = trimmed.substring(1);
+  const colonIndex = withoutAt.indexOf(":");
+  if (colonIndex === -1) {
+    return match;
+  }
+  const nodeId = withoutAt.substring(0, colonIndex);
+  const rest = withoutAt.substring(colonIndex + 1);
+  const dotIndex = rest.indexOf(".");
+  const fieldPath = dotIndex !== -1 ? rest.substring(dotIndex + 1) : "";
+  const sanitizedNodeId = nodeId.replace(/[^a-zA-Z0-9]/g, "_");
+  if (!fieldPath) {
+    return `\${outputs?.['${sanitizedNodeId}']?.data}`;
+  }
+  const accessPath = fieldPath.split(".").map((part) => {
+    const arrayMatch = part.match(ARRAY_INDEX_PATTERN);
+    if (arrayMatch) {
+      return `?.${arrayMatch[1]}?.[${arrayMatch[2]}]`;
+    }
+    return `?.${part}`;
+  }).join("");
+  return `\${outputs?.['${sanitizedNodeId}']?.data${accessPath}}`;
+}
+function processLegacyDollarRef(trimmed) {
+  const withoutDollar = trimmed.substring(1);
+  if (!(withoutDollar.includes(".") || withoutDollar.includes("["))) {
+    const sanitizedNodeId2 = withoutDollar.replace(/[^a-zA-Z0-9]/g, "_");
+    return `\${outputs?.['${sanitizedNodeId2}']?.data}`;
+  }
+  const parts = withoutDollar.split(".");
+  const nodeId = parts[0];
+  const sanitizedNodeId = nodeId.replace(/[^a-zA-Z0-9]/g, "_");
+  const fieldPath = parts.slice(1).join(".");
+  if (!fieldPath) {
+    return `\${outputs?.['${sanitizedNodeId}']?.data}`;
+  }
+  const accessPath = fieldPath.split(".").map((part) => {
+    const arrayMatch = part.match(ARRAY_INDEX_PATTERN);
+    if (arrayMatch) {
+      return `?.${arrayMatch[1]}?.[${arrayMatch[2]}]`;
+    }
+    return `?.${part}`;
+  }).join("");
+  return `\${outputs?.['${sanitizedNodeId}']?.data${accessPath}}`;
+}
+function convertTemplateToJS(template) {
+  if (!template || typeof template !== "string") {
+    return template;
+  }
+  const pattern = /\{\{([^}]+)\}\}/g;
+  return template.replace(pattern, (match, expression) => {
+    const trimmed = expression.trim();
+    if (trimmed.startsWith("@")) {
+      return processNewFormatID(trimmed, match);
+    }
+    if (trimmed.startsWith("$")) {
+      return processLegacyDollarRef(trimmed);
+    }
+    return match;
+  });
+}
+function analyzeNodeUsageSDK(nodes) {
+  const usedNodes = analyzeNodeUsage(nodes);
+  const lastNode = nodes.at(-1);
+  if (lastNode) {
+    usedNodes.add(lastNode.id);
+  }
+  return usedNodes;
+}
+function createStepNameMapping(nodes) {
+  const stepNameCounts = /* @__PURE__ */ new Map();
+  const nodeToStepName = /* @__PURE__ */ new Map();
+  for (const node of nodes) {
+    if (node.data.type === "action") {
+      const config = node.data.config || {};
+      const actionType = config.actionType;
+      const baseLabel = node.data.label || actionType || "UnnamedStep";
+      const baseName = sanitizeStepName(baseLabel);
+      const count = stepNameCounts.get(baseName) || 0;
+      stepNameCounts.set(baseName, count + 1);
+      const uniqueName = count > 0 ? `${baseName}${count + 1}` : baseName;
+      nodeToStepName.set(node.id, uniqueName);
+    }
+  }
+  return nodeToStepName;
+}
+function generateAllStepFunctions(nodes, nodeToStepName, generateStepFunc) {
+  const stepFunctions = [];
+  for (const node of nodes) {
+    if (node.data.type === "action") {
+      const uniqueName = nodeToStepName.get(node.id);
+      stepFunctions.push(generateStepFunc(node, uniqueName));
+    }
+  }
+  return stepFunctions;
+}
+function generateWorkflowSDKCode(workflowName, nodes, edges) {
+  const imports = /* @__PURE__ */ new Set();
+  const stepFunctions = [];
+  const nodeMap = new Map(nodes.map((n) => [n.id, n]));
+  const edgesBySource = buildEdgeMap(edges);
+  const triggerNodes = findTriggerNodes(nodes, edges);
+  const usedNodeOutputs = analyzeNodeUsageSDK(nodes);
+  imports.add("import { sleep, FatalError } from 'workflow';");
+  function buildEmailParams(config) {
+    imports.add("import { Resend } from 'resend';");
+    return [
+      `fromEmail: process.env.RESEND_FROM_EMAIL || 'noreply@example.com'`,
+      `emailTo: \`${convertTemplateToJS(config.emailTo || "user@example.com")}\``,
+      `emailSubject: \`${convertTemplateToJS(config.emailSubject || "Notification")}\``,
+      `emailBody: \`${convertTemplateToJS(config.emailBody || "No content")}\``,
+      "apiKey: process.env.RESEND_API_KEY!"
+    ];
+  }
+  function buildSlackParams(config) {
+    imports.add("import { WebClient } from '@slack/web-api';");
+    return [
+      `slackChannel: \`${convertTemplateToJS(config.slackChannel || "#general")}\``,
+      `slackMessage: \`${convertTemplateToJS(config.slackMessage || "No message")}\``,
+      "apiKey: process.env.SLACK_API_KEY!"
+    ];
+  }
+  function buildTicketParams(config) {
+    imports.add("import { LinearClient } from '@linear/sdk';");
+    const params = [
+      `ticketTitle: \`${convertTemplateToJS(config.ticketTitle || "New Issue")}\``,
+      `ticketDescription: \`${convertTemplateToJS(config.ticketDescription || "")}\``,
+      "apiKey: process.env.LINEAR_API_KEY!"
+    ];
+    if (config.teamId) {
+      params.push(`teamId: "${config.teamId}"`);
+    }
+    return params;
+  }
+  function buildAITextParams(config) {
+    imports.add("import { generateText } from 'ai';");
+    const modelId = config.aiModel || "meta/llama-4-scout";
+    let modelString;
+    if (modelId.includes("/")) {
+      modelString = modelId;
+    } else {
+      let provider;
+      if (modelId.startsWith("gpt-") || modelId.startsWith("o1-")) {
+        provider = "openai";
+      } else if (modelId.startsWith("claude-")) {
+        provider = "anthropic";
+      } else {
+        provider = "openai";
+      }
+      modelString = `${provider}/${modelId}`;
+    }
+    return [
+      `model: "${modelString}"`,
+      `prompt: \`${convertTemplateToJS(config.aiPrompt || "")}\``,
+      "apiKey: process.env.OPENAI_API_KEY!"
+    ];
+  }
+  function buildAIImageParams(config) {
+    imports.add(
+      "import { experimental_generateImage as generateImage } from 'ai';"
+    );
+    const imageModel = config.imageModel || "google/imagen-4.0-generate";
+    return [
+      `model: "${imageModel}"`,
+      `prompt: \`${convertTemplateToJS(config.imagePrompt || "")}\``,
+      'size: "1024x1024"',
+      "providerOptions: { openai: { apiKey: process.env.AI_GATEWAY_API_KEY! } }"
+    ];
+  }
+  function buildDatabaseParams(config) {
+    return [
+      `query: \`${convertTemplateToJS(config.dbQuery || "SELECT 1")}\``
+    ];
+  }
+  function buildHttpParams(config) {
+    const params = [
+      `url: "${config.endpoint || "https://api.example.com/endpoint"}"`,
+      `method: "${config.httpMethod || "POST"}"`,
+      `headers: ${config.httpHeaders || "{}"}`
+    ];
+    if (config.httpBody) {
+      params.push(`body: ${config.httpBody}`);
+    }
+    return params;
+  }
+  function buildConditionParams(config) {
+    return [
+      `condition: ${convertTemplateToJS(config.condition || "true")}`
+    ];
+  }
+  function buildFirecrawlParams(actionType, config) {
+    imports.add("import FirecrawlApp from '@mendable/firecrawl-js';");
+    const mode = actionType === "Search" ? "search" : "scrape";
+    const formats = config.formats ? JSON.stringify(config.formats) : "['markdown']";
+    const params = [
+      `mode: '${mode}'`,
+      "apiKey: process.env.FIRECRAWL_API_KEY!",
+      `formats: ${formats}`
+    ];
+    if (config.url) {
+      params.push(
+        `url: \`${convertTemplateToJS(config.url || "")}\``
+      );
+    }
+    if (config.query) {
+      params.push(
+        `query: \`${convertTemplateToJS(config.query || "")}\``
+      );
+    }
+    if (config.limit) {
+      params.push(`limit: ${config.limit}`);
+    }
+    return params;
+  }
+  function buildV0CreateChatParams(config) {
+    imports.add("import { createClient } from 'v0-sdk';");
+    const params = [
+      `message: \`${convertTemplateToJS(config.message || "")}\``,
+      "apiKey: process.env.V0_API_KEY!"
+    ];
+    if (config.system) {
+      params.push(
+        `system: \`${convertTemplateToJS(config.system || "")}\``
+      );
+    }
+    return params;
+  }
+  function buildV0SendMessageParams(config) {
+    imports.add("import { createClient } from 'v0-sdk';");
+    return [
+      `chatId: \`${convertTemplateToJS(config.chatId || "")}\``,
+      `message: \`${convertTemplateToJS(config.message || "")}\``,
+      "apiKey: process.env.V0_API_KEY!"
+    ];
+  }
+  function buildClerkGetUserParams(config) {
+    return [
+      `userId: \`${convertTemplateToJS(config.userId || "")}\``
+    ];
+  }
+  function buildClerkCreateUserParams(config) {
+    const params = [
+      `emailAddress: \`${convertTemplateToJS(config.emailAddress || "")}\``
+    ];
+    if (config.password) {
+      params.push(
+        `password: \`${convertTemplateToJS(config.password)}\``
+      );
+    }
+    if (config.firstName) {
+      params.push(
+        `firstName: \`${convertTemplateToJS(config.firstName)}\``
+      );
+    }
+    if (config.lastName) {
+      params.push(
+        `lastName: \`${convertTemplateToJS(config.lastName)}\``
+      );
+    }
+    if (config.publicMetadata) {
+      params.push(
+        `publicMetadata: \`${convertTemplateToJS(config.publicMetadata)}\``
+      );
+    }
+    if (config.privateMetadata) {
+      params.push(
+        `privateMetadata: \`${convertTemplateToJS(config.privateMetadata)}\``
+      );
+    }
+    return params;
+  }
+  function buildClerkUpdateUserParams(config) {
+    const params = [
+      `userId: \`${convertTemplateToJS(config.userId || "")}\``
+    ];
+    if (config.firstName) {
+      params.push(
+        `firstName: \`${convertTemplateToJS(config.firstName)}\``
+      );
+    }
+    if (config.lastName) {
+      params.push(
+        `lastName: \`${convertTemplateToJS(config.lastName)}\``
+      );
+    }
+    if (config.publicMetadata) {
+      params.push(
+        `publicMetadata: \`${convertTemplateToJS(config.publicMetadata)}\``
+      );
+    }
+    if (config.privateMetadata) {
+      params.push(
+        `privateMetadata: \`${convertTemplateToJS(config.privateMetadata)}\``
+      );
+    }
+    return params;
+  }
+  function buildClerkDeleteUserParams(config) {
+    return [
+      `userId: \`${convertTemplateToJS(config.userId || "")}\``
+    ];
+  }
+  function buildStepInputParams(actionType, config) {
+    const paramBuilders = {
+      "Send Email": () => buildEmailParams(config),
+      "Send Slack Message": () => buildSlackParams(config),
+      "Create Ticket": () => buildTicketParams(config),
+      "Generate Text": () => buildAITextParams(config),
+      "Generate Image": () => buildAIImageParams(config),
+      "Database Query": () => buildDatabaseParams(config),
+      "HTTP Request": () => buildHttpParams(config),
+      Condition: () => buildConditionParams(config),
+      Scrape: () => buildFirecrawlParams(actionType, config),
+      Search: () => buildFirecrawlParams(actionType, config),
+      "Create Chat": () => buildV0CreateChatParams(config),
+      "Send Message": () => buildV0SendMessageParams(config),
+      // Clerk
+      "Get User": () => buildClerkGetUserParams(config),
+      "Create User": () => buildClerkCreateUserParams(config),
+      "Update User": () => buildClerkUpdateUserParams(config),
+      "Delete User": () => buildClerkDeleteUserParams(config)
+    };
+    const builder = paramBuilders[actionType];
+    return builder ? builder() : [];
+  }
+  function generateStepFunction(node, uniqueStepName) {
+    const config = node.data.config || {};
+    const actionType = config.actionType;
+    const label = node.data.label || actionType || "UnnamedStep";
+    const stepName = uniqueStepName || sanitizeStepName(label);
+    const stepImplementation = loadStepImplementation(actionType);
+    let stepBody;
+    if (stepImplementation && node.data.type === "action") {
+      const inputParams = buildStepInputParams(actionType, config);
+      stepBody = `  // Call step function with constructed input
+  const stepInput = {
+    ${inputParams.join(",\n    ")}
+  };
+
+      // Execute step implementation
+      ${stepImplementation}`;
+    } else {
+      stepBody = "  return { success: true };";
+    }
+    return `async function ${stepName}(input: Record<string, unknown> & { outputs?: Record<string, { label: string; data: unknown }> }) {
+  "use step";
+  
+${stepBody}
+}`;
+  }
+  const nodeToStepName = createStepNameMapping(nodes);
+  stepFunctions.push(
+    ...generateAllStepFunctions(nodes, nodeToStepName, generateStepFunction)
+  );
+  function generateTriggerCode(nodeId, label, indent) {
+    if (!usedNodeOutputs.has(nodeId)) {
+      return [`${indent}// Trigger (outputs not used)`];
+    }
+    const varName = `result_${sanitizeVarName(nodeId)}`;
+    return [
+      `${indent}// Triggered`,
+      `${indent}let ${varName} = input;`,
+      `${indent}outputs['${sanitizeVarName(nodeId)}'] = { label: '${label}', data: ${varName} };`
+    ];
+  }
+  function generateActionTransformCode(nodeId, nodeConfig, label, indent) {
+    const nodeActionType = nodeConfig.actionType;
+    const nodeLabel = label || nodeActionType || "UnnamedStep";
+    const stepFnName = nodeToStepName.get(nodeId) || sanitizeStepName(nodeLabel);
+    const lines = [`${indent}// ${nodeLabel}`];
+    const outputIsUsed = usedNodeOutputs.has(nodeId);
+    if (outputIsUsed) {
+      const varName = `result_${sanitizeVarName(nodeId)}`;
+      lines.push(
+        `${indent}const ${varName} = await ${stepFnName}({ ...input, outputs });`
+      );
+      lines.push(
+        `${indent}outputs['${sanitizeVarName(nodeId)}'] = { label: '${nodeLabel}', data: ${varName} };`
+      );
+    } else {
+      lines.push(`${indent}await ${stepFnName}({ ...input, outputs });`);
+    }
+    return lines;
+  }
+  function generateConditionCode(nodeId, node, indent, visitedLocal) {
+    const condition = node.data.config?.condition || "true";
+    const convertedCondition = convertTemplateToJS(condition);
+    const nextNodes = edgesBySource.get(nodeId) || [];
+    const conditionVarName = `conditionValue_${sanitizeVarName(nodeId)}`;
+    const lines = [];
+    if (nextNodes.length > 0) {
+      lines.push(`${indent}// ${node.data.label}`);
+      lines.push(
+        `${indent}const ${conditionVarName} = \`${escapeForTemplateLiteral(convertedCondition)}\`;`
+      );
+      lines.push(`${indent}if (${conditionVarName}) {`);
+      if (nextNodes[0]) {
+        lines.push(
+          ...generateWorkflowBody(nextNodes[0], `${indent}  `, visitedLocal)
+        );
+      }
+      if (nextNodes[1]) {
+        lines.push(`${indent}} else {`);
+        lines.push(
+          ...generateWorkflowBody(nextNodes[1], `${indent}  `, visitedLocal)
+        );
+      }
+      lines.push(`${indent}}`);
+    }
+    return lines;
+  }
+  function generateWorkflowBody(nodeId, indent = "  ", visitedLocal = /* @__PURE__ */ new Set()) {
+    if (visitedLocal.has(nodeId)) {
+      return [];
+    }
+    visitedLocal.add(nodeId);
+    const node = nodeMap.get(nodeId);
+    if (!node) {
+      return [];
+    }
+    const lines = [];
+    switch (node.data.type) {
+      case "trigger":
+        lines.push(...generateTriggerCode(nodeId, node.data.label, indent));
+        break;
+      case "action": {
+        const actionType = node.data.config?.actionType;
+        if (actionType === "Condition") {
+          lines.push(
+            ...generateConditionCode(nodeId, node, indent, visitedLocal)
+          );
+          return lines;
+        }
+        lines.push(
+          ...generateActionTransformCode(
+            nodeId,
+            node.data.config || {},
+            node.data.label,
+            indent
+          )
+        );
+        break;
+      }
+      default:
+        lines.push(`${indent}// Unknown node type: ${node.data.type}`);
+        break;
+    }
+    const nextNodes = edgesBySource.get(nodeId) || [];
+    for (const nextNodeId of nextNodes) {
+      lines.push(...generateWorkflowBody(nextNodeId, indent, visitedLocal));
+    }
+    return lines;
+  }
+  const workflowBody = [];
+  if (triggerNodes.length === 0) {
+    workflowBody.push('  return { error: "No trigger nodes" };');
+  } else {
+    workflowBody.push(
+      "  // Track outputs from each node for template processing"
+    );
+    workflowBody.push(
+      "  const outputs: Record<string, { label: string; data: unknown }> = {};"
+    );
+    workflowBody.push("");
+    for (const trigger of triggerNodes) {
+      workflowBody.push(...generateWorkflowBody(trigger.id));
+    }
+    const lastNode = nodes.at(-1);
+    if (lastNode) {
+      const lastVarName = `result_${sanitizeVarName(lastNode.id)}`;
+      workflowBody.push("");
+      workflowBody.push(`  return ${lastVarName};`);
+    }
+  }
+  const functionName = sanitizeFunctionName(workflowName);
+  const mainFunction = `export async function ${functionName}() {
+  "use workflow";
+  
+  // Input from workflow trigger - replace with your trigger data
+  const input: Record<string, unknown> = {};
+  
+${workflowBody.join("\n")}
+}`;
+  const code = `${Array.from(imports).join("\n")}
+
+${stepFunctions.join("\n\n")}
+
+${mainFunction}
+`;
+  return code;
+}
+
+// src/server/api/workflows.ts
+async function handleExecuteWorkflow(request, workflowId) {
+  try {
+    const user = await resolveUser(request);
+    if (!user) return NextResponse4.json({ error: "Unauthorized" }, { status: 401 });
+    const workflow = await db.query.workflows.findFirst({
+      where: eq4(workflows.id, workflowId)
+    });
+    if (!workflow) {
+      return NextResponse4.json({ error: "Workflow not found" }, { status: 404 });
+    }
+    if (workflow.userId !== user.id) {
+      return NextResponse4.json({ error: "Forbidden" }, { status: 403 });
+    }
+    const validation = await validateWorkflowIntegrations(
+      workflow.nodes,
+      user.id
+    );
+    if (!validation.valid) {
+      return NextResponse4.json(
+        { error: "Workflow contains invalid integration references" },
+        { status: 403 }
+      );
+    }
+    const body = await request.json().catch(() => ({}));
+    const input = body.input || {};
+    const [execution] = await db.insert(workflowExecutions).values({
+      workflowId,
+      userId: user.id,
+      status: "running",
+      input
+    }).returning();
+    executeWorkflowBackground(
+      execution.id,
+      workflowId,
+      workflow.nodes,
+      workflow.edges,
+      input
+    );
+    return NextResponse4.json({ executionId: execution.id, status: "running" });
+  } catch (error) {
+    console.error("Failed to start workflow execution:", error);
+    return NextResponse4.json(
+      { error: error instanceof Error ? error.message : "Failed to execute workflow" },
+      { status: 500 }
+    );
+  }
+}
+async function handleGetWorkflow(request, workflowId) {
+  try {
+    const user = await resolveUser(request);
+    const workflow = await db.query.workflows.findFirst({
+      where: eq4(workflows.id, workflowId)
+    });
+    if (!workflow) {
+      return NextResponse4.json({ error: "Workflow not found" }, { status: 404 });
+    }
+    const isOwner = user?.id === workflow.userId;
+    if (!isOwner && workflow.visibility !== "public") {
+      return NextResponse4.json({ error: "Workflow not found" }, { status: 404 });
+    }
+    return NextResponse4.json({
+      ...workflow,
+      nodes: isOwner ? workflow.nodes : sanitizeNodesForPublicView(workflow.nodes),
+      createdAt: workflow.createdAt.toISOString(),
+      updatedAt: workflow.updatedAt.toISOString(),
+      isOwner
+    });
+  } catch (error) {
+    console.error("Failed to get workflow:", error);
+    return NextResponse4.json(
+      { error: error instanceof Error ? error.message : "Failed to get workflow" },
+      { status: 500 }
+    );
+  }
+}
+async function handleGetWorkflows(request) {
+  try {
+    const user = await resolveUser(request);
+    if (!user) return NextResponse4.json([], { status: 200 });
+    const userWorkflows = await db.select().from(workflows).where(eq4(workflows.userId, user.id)).orderBy(desc(workflows.updatedAt));
+    return NextResponse4.json(
+      userWorkflows.map((w) => ({
+        ...w,
+        createdAt: w.createdAt.toISOString(),
+        updatedAt: w.updatedAt.toISOString()
+      }))
+    );
+  } catch (error) {
+    console.error("Failed to get workflows:", error);
+    return NextResponse4.json(
+      { error: error instanceof Error ? error.message : "Failed to get workflows" },
+      { status: 500 }
+    );
+  }
+}
+async function handleCreateWorkflow(request) {
+  try {
+    const user = await resolveUser(request);
+    if (!user) return NextResponse4.json({ error: "Unauthorized" }, { status: 401 });
+    const body = await request.json();
+    if (!(body.name && body.nodes && body.edges)) {
+      return NextResponse4.json(
+        { error: "Name, nodes, and edges are required" },
+        { status: 400 }
+      );
+    }
+    const validation = await validateWorkflowIntegrations(body.nodes, user.id);
+    if (!validation.valid) {
+      return NextResponse4.json(
+        { error: "Invalid integration references in workflow" },
+        { status: 403 }
+      );
+    }
+    let nodes = body.nodes;
+    if (nodes.length === 0) {
+      nodes = [
+        {
+          id: generateId(),
+          type: "trigger",
+          position: { x: 0, y: 0 },
+          data: {
+            label: "",
+            description: "",
+            type: "trigger",
+            config: { triggerType: "Manual" },
+            status: "idle"
+          }
+        }
+      ];
+    }
+    let workflowName = body.name;
+    if (body.name === "Untitled Workflow") {
+      const userWorkflows = await db.query.workflows.findMany({
+        where: eq4(workflows.userId, user.id)
+      });
+      workflowName = `Untitled ${userWorkflows.length + 1}`;
+    }
+    const workflowId = generateId();
+    const [newWorkflow] = await db.insert(workflows).values({
+      id: workflowId,
+      name: workflowName,
+      description: body.description,
+      nodes,
+      edges: body.edges,
+      userId: user.id
+    }).returning();
+    return NextResponse4.json({
+      ...newWorkflow,
+      createdAt: newWorkflow.createdAt.toISOString(),
+      updatedAt: newWorkflow.updatedAt.toISOString()
+    });
+  } catch (error) {
+    console.error("Failed to create workflow:", error);
+    return NextResponse4.json(
+      { error: error instanceof Error ? error.message : "Failed to create workflow" },
+      { status: 500 }
+    );
+  }
+}
+var CURRENT_WORKFLOW_NAME = "~~__CURRENT__~~";
+async function handleGetCurrentWorkflow(request) {
+  try {
+    const user = await resolveUser(request);
+    if (!user) return NextResponse4.json({ error: "Unauthorized" }, { status: 401 });
+    const [currentWorkflow] = await db.select().from(workflows).where(and2(eq4(workflows.name, CURRENT_WORKFLOW_NAME), eq4(workflows.userId, user.id))).orderBy(desc(workflows.updatedAt)).limit(1);
+    if (!currentWorkflow) {
+      return NextResponse4.json({ nodes: [], edges: [] });
+    }
+    return NextResponse4.json({
+      id: currentWorkflow.id,
+      nodes: currentWorkflow.nodes,
+      edges: currentWorkflow.edges
+    });
+  } catch (error) {
+    console.error("Failed to get current workflow:", error);
+    return NextResponse4.json(
+      { error: error instanceof Error ? error.message : "Failed to get current workflow" },
+      { status: 500 }
+    );
+  }
+}
+async function handleSaveCurrentWorkflow(request) {
+  try {
+    const user = await resolveUser(request);
+    if (!user) return NextResponse4.json({ error: "Unauthorized" }, { status: 401 });
+    const body = await request.json();
+    const { nodes, edges } = body;
+    if (!(nodes && edges)) {
+      return NextResponse4.json({ error: "Nodes and edges are required" }, { status: 400 });
+    }
+    const [existing] = await db.select().from(workflows).where(and2(eq4(workflows.name, CURRENT_WORKFLOW_NAME), eq4(workflows.userId, user.id))).limit(1);
+    if (existing) {
+      const [updated] = await db.update(workflows).set({ nodes, edges, updatedAt: /* @__PURE__ */ new Date() }).where(eq4(workflows.id, existing.id)).returning();
+      return NextResponse4.json({ id: updated.id, nodes: updated.nodes, edges: updated.edges });
+    }
+    const workflowId = generateId();
+    const [saved] = await db.insert(workflows).values({
+      id: workflowId,
+      name: CURRENT_WORKFLOW_NAME,
+      description: "Auto-saved current workflow",
+      nodes,
+      edges,
+      userId: user.id
+    }).returning();
+    return NextResponse4.json({ id: saved.id, nodes: saved.nodes, edges: saved.edges });
+  } catch (error) {
+    console.error("Failed to save current workflow:", error);
+    return NextResponse4.json(
+      { error: error instanceof Error ? error.message : "Failed to save current workflow" },
+      { status: 500 }
+    );
+  }
+}
+async function handleGetExecutionStatus(request, executionId) {
+  try {
+    const user = await resolveUser(request);
+    if (!user) return NextResponse4.json({ error: "Unauthorized" }, { status: 401 });
+    const execution = await db.query.workflowExecutions.findFirst({
+      where: eq4(workflowExecutions.id, executionId),
+      with: { workflow: true }
+    });
+    if (!execution) {
+      return NextResponse4.json({ error: "Execution not found" }, { status: 404 });
+    }
+    if (execution.workflow.userId !== user.id) {
+      return NextResponse4.json({ error: "Forbidden" }, { status: 403 });
+    }
+    const logs = await db.query.workflowExecutionLogs.findMany({
+      where: eq4(workflowExecutionLogs.executionId, executionId)
+    });
+    const nodeStatuses = logs.map((log) => ({
+      nodeId: log.nodeId,
+      status: log.status
+    }));
+    return NextResponse4.json({ status: execution.status, nodeStatuses });
+  } catch (error) {
+    console.error("Failed to get execution status:", error);
+    return NextResponse4.json(
+      { error: error instanceof Error ? error.message : "Failed to get execution status" },
+      { status: 500 }
+    );
+  }
+}
+async function handleGetExecutionLogs(request, executionId) {
+  try {
+    const user = await resolveUser(request);
+    if (!user) return NextResponse4.json({ error: "Unauthorized" }, { status: 401 });
+    const execution = await db.query.workflowExecutions.findFirst({
+      where: eq4(workflowExecutions.id, executionId),
+      with: { workflow: true }
+    });
+    if (!execution) {
+      return NextResponse4.json({ error: "Execution not found" }, { status: 404 });
+    }
+    if (execution.workflow.userId !== user.id) {
+      return NextResponse4.json({ error: "Forbidden" }, { status: 403 });
+    }
+    const logs = await db.query.workflowExecutionLogs.findMany({
+      where: eq4(workflowExecutionLogs.executionId, executionId),
+      orderBy: [desc(workflowExecutionLogs.timestamp)]
+    });
+    return NextResponse4.json({ execution, logs });
+  } catch (error) {
+    console.error("Failed to get execution logs:", error);
+    return NextResponse4.json(
+      { error: error instanceof Error ? error.message : "Failed to get execution logs" },
+      { status: 500 }
+    );
+  }
+}
+async function handlePatchWorkflow(request, workflowId) {
+  try {
+    const user = await resolveUser(request);
+    if (!user) return NextResponse4.json({ error: "Unauthorized" }, { status: 401 });
+    const existingWorkflow = await db.query.workflows.findFirst({
+      where: and2(eq4(workflows.id, workflowId), eq4(workflows.userId, user.id))
+    });
+    if (!existingWorkflow) {
+      return NextResponse4.json({ error: "Workflow not found" }, { status: 404 });
+    }
+    const body = await request.json();
+    if (Array.isArray(body.nodes)) {
+      const validation = await validateWorkflowIntegrations(body.nodes, user.id);
+      if (!validation.valid) {
+        return NextResponse4.json(
+          { error: "Invalid integration references in workflow" },
+          { status: 403 }
+        );
+      }
+    }
+    if (body.visibility !== void 0 && body.visibility !== "private" && body.visibility !== "public") {
+      return NextResponse4.json(
+        { error: "Invalid visibility value. Must be 'private' or 'public'" },
+        { status: 400 }
+      );
+    }
+    const updateData = buildWorkflowUpdateData(body);
+    const [updatedWorkflow] = await db.update(workflows).set(updateData).where(eq4(workflows.id, workflowId)).returning();
+    if (!updatedWorkflow) {
+      return NextResponse4.json({ error: "Workflow not found" }, { status: 404 });
+    }
+    return NextResponse4.json({
+      ...updatedWorkflow,
+      createdAt: updatedWorkflow.createdAt.toISOString(),
+      updatedAt: updatedWorkflow.updatedAt.toISOString(),
+      isOwner: true
+    });
+  } catch (error) {
+    console.error("Failed to update workflow:", error);
+    return NextResponse4.json(
+      { error: error instanceof Error ? error.message : "Failed to update workflow" },
+      { status: 500 }
+    );
+  }
+}
+async function handleDeleteWorkflow(request, workflowId) {
+  try {
+    const user = await resolveUser(request);
+    if (!user) return NextResponse4.json({ error: "Unauthorized" }, { status: 401 });
+    const existingWorkflow = await db.query.workflows.findFirst({
+      where: and2(eq4(workflows.id, workflowId), eq4(workflows.userId, user.id))
+    });
+    if (!existingWorkflow) {
+      return NextResponse4.json({ error: "Workflow not found" }, { status: 404 });
+    }
+    await db.delete(workflows).where(eq4(workflows.id, workflowId));
+    return NextResponse4.json({ success: true });
+  } catch (error) {
+    console.error("Failed to delete workflow:", error);
+    return NextResponse4.json(
+      { error: error instanceof Error ? error.message : "Failed to delete workflow" },
+      { status: 500 }
+    );
+  }
+}
+async function handleDuplicateWorkflow(request, workflowId) {
+  try {
+    const user = await resolveUser(request);
+    if (!user) return NextResponse4.json({ error: "Unauthorized" }, { status: 401 });
+    const sourceWorkflow = await db.query.workflows.findFirst({
+      where: eq4(workflows.id, workflowId)
+    });
+    if (!sourceWorkflow) {
+      return NextResponse4.json({ error: "Workflow not found" }, { status: 404 });
+    }
+    const isOwner = user.id === sourceWorkflow.userId;
+    if (!isOwner && sourceWorkflow.visibility !== "public") {
+      return NextResponse4.json({ error: "Workflow not found" }, { status: 404 });
+    }
+    const oldNodes = sourceWorkflow.nodes;
+    const newNodes = oldNodes.map((node) => {
+      const newNode = { ...node, id: generateId() };
+      if (newNode.data) {
+        const data = { ...newNode.data };
+        if (data.config) {
+          const { integrationId: _, ...configWithout } = data.config;
+          data.config = configWithout;
+        }
+        data.status = "idle";
+        newNode.data = data;
+      }
+      return newNode;
+    });
+    const idMap = new Map(oldNodes.map((n, i) => [n.id, newNodes[i].id]));
+    const newEdges = sourceWorkflow.edges.map((edge) => ({
+      ...edge,
+      id: generateId(),
+      source: idMap.get(edge.source) || edge.source,
+      target: idMap.get(edge.target) || edge.target
+    }));
+    const userWorkflows = await db.query.workflows.findMany({
+      where: eq4(workflows.userId, user.id)
+    });
+    const baseName = `${sourceWorkflow.name} (Copy)`;
+    let workflowName = baseName;
+    const existingNames = new Set(userWorkflows.map((w) => w.name));
+    if (existingNames.has(workflowName)) {
+      let counter = 2;
+      while (existingNames.has(`${baseName} ${counter}`)) counter++;
+      workflowName = `${baseName} ${counter}`;
+    }
+    const newWorkflowId = generateId();
+    const [newWorkflow] = await db.insert(workflows).values({
+      id: newWorkflowId,
+      name: workflowName,
+      description: sourceWorkflow.description,
+      nodes: newNodes,
+      edges: newEdges,
+      userId: user.id,
+      visibility: "private"
+    }).returning();
+    return NextResponse4.json({
+      ...newWorkflow,
+      createdAt: newWorkflow.createdAt.toISOString(),
+      updatedAt: newWorkflow.updatedAt.toISOString(),
+      isOwner: true
+    });
+  } catch (error) {
+    console.error("Failed to duplicate workflow:", error);
+    return NextResponse4.json(
+      { error: error instanceof Error ? error.message : "Failed to duplicate workflow" },
+      { status: 500 }
+    );
+  }
+}
+async function handleGetWorkflowExecutions(request, workflowId) {
+  try {
+    const user = await resolveUser(request);
+    if (!user) return NextResponse4.json({ error: "Unauthorized" }, { status: 401 });
+    const workflow = await db.query.workflows.findFirst({
+      where: and2(eq4(workflows.id, workflowId), eq4(workflows.userId, user.id))
+    });
+    if (!workflow) {
+      return NextResponse4.json({ error: "Workflow not found" }, { status: 404 });
+    }
+    const executions = await db.query.workflowExecutions.findMany({
+      where: eq4(workflowExecutions.workflowId, workflowId),
+      orderBy: [desc(workflowExecutions.startedAt)],
+      limit: 50
+    });
+    return NextResponse4.json(executions);
+  } catch (error) {
+    console.error("Failed to get executions:", error);
+    return NextResponse4.json(
+      { error: error instanceof Error ? error.message : "Failed to get executions" },
+      { status: 500 }
+    );
+  }
+}
+async function handleDeleteWorkflowExecutions(request, workflowId) {
+  try {
+    const user = await resolveUser(request);
+    if (!user) return NextResponse4.json({ error: "Unauthorized" }, { status: 401 });
+    const workflow = await db.query.workflows.findFirst({
+      where: and2(eq4(workflows.id, workflowId), eq4(workflows.userId, user.id))
+    });
+    if (!workflow) {
+      return NextResponse4.json({ error: "Workflow not found" }, { status: 404 });
+    }
+    const execList = await db.query.workflowExecutions.findMany({
+      where: eq4(workflowExecutions.workflowId, workflowId),
+      columns: { id: true }
+    });
+    const executionIds = execList.map((e) => e.id);
+    if (executionIds.length > 0) {
+      await db.delete(workflowExecutionLogs).where(inArray(workflowExecutionLogs.executionId, executionIds));
+      await db.delete(workflowExecutions).where(eq4(workflowExecutions.workflowId, workflowId));
+    }
+    return NextResponse4.json({ success: true, deletedCount: executionIds.length });
+  } catch (error) {
+    console.error("Failed to delete executions:", error);
+    return NextResponse4.json(
+      { error: error instanceof Error ? error.message : "Failed to delete executions" },
+      { status: 500 }
+    );
+  }
+}
+async function handleWebhookWorkflow(request, workflowId) {
+  try {
+    const workflow = await db.query.workflows.findFirst({
+      where: eq4(workflows.id, workflowId)
+    });
+    if (!workflow) {
+      return NextResponse4.json(
+        { error: "Workflow not found" },
+        { status: 404, headers: corsHeaders }
+      );
+    }
+    const authHeader = request.headers.get("Authorization");
+    if (!authHeader) {
+      return NextResponse4.json(
+        { error: "Missing Authorization header" },
+        { status: 401, headers: corsHeaders }
+      );
+    }
+    const key = authHeader.startsWith("Bearer ") ? authHeader.slice(7) : authHeader;
+    if (!key?.startsWith("wfb_")) {
+      return NextResponse4.json(
+        { error: "Invalid API key format" },
+        { status: 401, headers: corsHeaders }
+      );
+    }
+    const keyHash = createHash2("sha256").update(key).digest("hex");
+    const apiKey = await db.query.apiKeys.findFirst({
+      where: eq4(apiKeys.keyHash, keyHash)
+    });
+    if (!apiKey || apiKey.userId !== workflow.userId) {
+      return NextResponse4.json(
+        { error: "Invalid API key or insufficient permissions" },
+        { status: 401, headers: corsHeaders }
+      );
+    }
+    db.update(apiKeys).set({ lastUsedAt: /* @__PURE__ */ new Date() }).where(eq4(apiKeys.id, apiKey.id)).catch(() => {
+    });
+    const triggerNode = workflow.nodes.find(
+      (node) => node.data.type === "trigger"
+    );
+    if (!triggerNode || triggerNode.data.config?.triggerType !== "Webhook") {
+      return NextResponse4.json(
+        { error: "This workflow is not configured for webhook triggers" },
+        { status: 400, headers: corsHeaders }
+      );
+    }
+    const validation = await validateWorkflowIntegrations(
+      workflow.nodes,
+      workflow.userId
+    );
+    if (!validation.valid) {
+      return NextResponse4.json(
+        { error: "Workflow contains invalid integration references" },
+        { status: 403, headers: corsHeaders }
+      );
+    }
+    const body = await request.json().catch(() => ({}));
+    const [execution] = await db.insert(workflowExecutions).values({
+      workflowId,
+      userId: workflow.userId,
+      status: "running",
+      input: body
+    }).returning();
+    executeWorkflowBackground(
+      execution.id,
+      workflowId,
+      workflow.nodes,
+      workflow.edges,
+      body
+    );
+    return NextResponse4.json(
+      { executionId: execution.id, status: "running" },
+      { headers: corsHeaders }
+    );
+  } catch (error) {
+    console.error("Failed to start webhook execution:", error);
+    return NextResponse4.json(
+      { error: error instanceof Error ? error.message : "Failed to execute workflow" },
+      { status: 500, headers: corsHeaders }
+    );
+  }
+}
+async function handleGetWorkflowCode(request, workflowId) {
+  try {
+    const session = await auth.api.getSession({
+      headers: request.headers
+    });
+    if (!session?.user) {
+      return NextResponse4.json({ error: "Unauthorized" }, { status: 401 });
+    }
+    const workflow = await db.query.workflows.findFirst({
+      where: and2(
+        eq4(workflows.id, workflowId),
+        eq4(workflows.userId, session.user.id)
+      )
+    });
+    if (!workflow) {
+      return NextResponse4.json(
+        { error: "Workflow not found" },
+        { status: 404 }
+      );
+    }
+    const code = generateWorkflowSDKCode(
+      workflow.name,
+      workflow.nodes,
+      workflow.edges
+    );
+    return NextResponse4.json({
+      code,
+      workflowName: workflow.name
+    });
+  } catch (error) {
+    console.error("Failed to get workflow code:", error);
+    return NextResponse4.json(
+      {
+        error: error instanceof Error ? error.message : "Failed to get workflow code"
+      },
+      { status: 500 }
+    );
+  }
+}
+async function handleGetWorkflowDownload(request, workflowId) {
+  try {
+    const session = await auth.api.getSession({
+      headers: request.headers
+    });
+    if (!session?.user) {
+      return NextResponse4.json({ error: "Unauthorized" }, { status: 401 });
+    }
+    const workflow = await db.query.workflows.findFirst({
+      where: and2(
+        eq4(workflows.id, workflowId),
+        eq4(workflows.userId, session.user.id)
+      )
+    });
+    if (!workflow) {
+      return NextResponse4.json(
+        { error: "Workflow not found" },
+        { status: 404 }
+      );
+    }
+    const boilerplateFiles = await readDirectoryRecursive(BOILERPLATE_PATH);
+    const templateFiles = await readDirectoryRecursive(CODEGEN_TEMPLATES_PATH);
+    const stepFiles = {};
+    for (const [path, content] of Object.entries(templateFiles)) {
+      const templateMatch = content.match(TEMPLATE_EXPORT_REGEX);
+      if (templateMatch) {
+        stepFiles[`lib/steps/${path}`] = templateMatch[1];
+      }
+    }
+    const workflowFiles = generateWorkflowFiles({
+      name: workflow.name,
+      nodes: workflow.nodes,
+      edges: workflow.edges
+    });
+    const allFiles = { ...boilerplateFiles, ...stepFiles, ...workflowFiles };
+    const packageJson = JSON.parse(allFiles["package.json"]);
+    packageJson.dependencies = {
+      ...packageJson.dependencies,
+      workflow: "4.0.1-beta.7",
+      ...getIntegrationDependencies(workflow.nodes)
+    };
+    allFiles["package.json"] = JSON.stringify(packageJson, null, 2);
+    allFiles["next.config.ts"] = `import { withWorkflow } from 'workflow/next';
+import type { NextConfig } from 'next';
+
+const nextConfig: NextConfig = {};
+
+export default withWorkflow(nextConfig);
+`;
+    const tsConfig = JSON.parse(allFiles["tsconfig.json"]);
+    tsConfig.compilerOptions.plugins = [{ name: "next" }, { name: "workflow" }];
+    allFiles["tsconfig.json"] = JSON.stringify(tsConfig, null, 2);
+    allFiles["README.md"] = `# ${workflow.name}
+
+This is a Next.js workflow project generated from Workflow Builder.
+
+## Getting Started
+
+1. Install dependencies:
+\`\`\`bash
+pnpm install
+\`\`\`
+
+2. Set up environment variables:
+\`\`\`bash
+cp .env.example .env.local
+\`\`\`
+
+3. Run the development server:
+\`\`\`bash
+pnpm dev
+\`\`\`
+
+Open [http://localhost:3000](http://localhost:3000) with your browser to see the result.
+
+## Workflow API
+
+Your workflow is available at \`/api/workflows/${sanitizeFileName(workflow.name)}\`.
+
+Send a POST request with a JSON body to trigger the workflow:
+
+\`\`\`bash
+curl -X POST http://localhost:3000/api/workflows/${sanitizeFileName(workflow.name)} \\
+  -H "Content-Type: application/json" \\
+  -d '{"key": "value"}'
+\`\`\`
+
+## Deployment
+
+Deploy your workflow to Vercel:
+
+\`\`\`bash
+vercel deploy
+\`\`\`
+
+For more information, visit the [Workflow documentation](https://workflow.is).
+`;
+    allFiles[".env.example"] = generateEnvExample();
+    return NextResponse4.json({
+      success: true,
+      files: allFiles
+    });
+  } catch (error) {
+    console.error("Failed to prepare workflow download:", error);
+    return NextResponse4.json(
+      {
+        success: false,
+        error: error instanceof Error ? error.message : "Failed to prepare workflow download"
+      },
+      { status: 500 }
+    );
+  }
+}
+
+// src/server/api/index.ts
+import "virtual:workflow-builder-plugins";
+async function route(request) {
+  const segments = extractPath(request);
+  const method = request.method.toUpperCase();
+  if (segments.length === 0) {
+    return NextResponse5.json({ error: "Not found" }, { status: 404 });
+  }
+  const [s0, s1, s2, s3] = segments;
+  if (s0 === "auth") {
+    return handleAuth(request, segments);
+  }
+  if (s0 === "workflows") {
+    if (s1 === void 0) {
+      if (method === "GET") return handleGetWorkflows(request);
+    }
+    if (s1 === "create") {
+      if (method === "POST") return handleCreateWorkflow(request);
+    }
+    if (s1 === "current") {
+      if (method === "GET") return handleGetCurrentWorkflow(request);
+      if (method === "POST") return handleSaveCurrentWorkflow(request);
+    }
+    if (s1 === "executions" && s2) {
+      const executionId = s2;
+      if (s3 === "status" && method === "GET") return handleGetExecutionStatus(request, executionId);
+      if (s3 === "logs" && method === "GET") return handleGetExecutionLogs(request, executionId);
+    }
+    if (s1 && s1 !== "create" && s1 !== "current" && s1 !== "executions") {
+      const workflowId = s1;
+      if (s2 === void 0) {
+        if (method === "GET") return handleGetWorkflow(request, workflowId);
+        if (method === "PATCH") return handlePatchWorkflow(request, workflowId);
+        if (method === "DELETE") return handleDeleteWorkflow(request, workflowId);
+      }
+      if (s2 === "code" && method === "GET") return handleGetWorkflowCode(request, workflowId);
+      if (s2 === "download" && method === "GET") return handleGetWorkflowDownload(request, workflowId);
+      if (s2 === "duplicate" && method === "POST") return handleDuplicateWorkflow(request, workflowId);
+      if (s2 === "executions") {
+        if (method === "GET") return handleGetWorkflowExecutions(request, workflowId);
+        if (method === "DELETE") return handleDeleteWorkflowExecutions(request, workflowId);
+      }
+      if (s2 === "webhook" && method === "POST") return handleWebhookWorkflow(request, workflowId);
+    }
+  }
+  if (s0 === "workflow" && s1 && s2 === "execute") {
+    if (method === "POST") return handleExecuteWorkflow(request, s1);
+  }
+  if (s0 === "integrations") {
+    if (s1 === void 0) {
+      if (method === "GET") return handleGetIntegrations(request);
+      if (method === "POST") return handleCreateIntegration(request);
+    }
+    if (s1 === "test" && s2 === void 0) {
+      if (method === "POST") return handleTestIntegrationCredentials(request);
+    }
+    if (s1 && s1 !== "test") {
+      const integrationId = s1;
+      if (s2 === void 0) {
+        if (method === "GET") return handleGetIntegration(request, integrationId);
+        if (method === "PUT") return handleUpdateIntegration(request, integrationId);
+        if (method === "DELETE") return handleDeleteIntegration(request, integrationId);
+      }
+      if (s2 === "test" && method === "POST") return handleTestIntegration(request, integrationId);
+    }
+  }
+  if (s0 === "user") {
+    if (method === "GET") return handleGetUser(request);
+    if (method === "PATCH") return handleUpdateUser(request);
+  }
+  if (s0 === "api-keys") {
+    if (s1 === void 0) {
+      if (method === "GET") return handleGetApiKeys(request);
+      if (method === "POST") return handleCreateApiKey(request);
+    }
+    if (s1 && s2 === void 0) {
+      if (method === "DELETE") return handleDeleteApiKey(request, s1);
+    }
+  }
+  return NextResponse5.json({ error: "Not found" }, { status: 404 });
+}
+async function GET(request) {
+  return route(request);
+}
+async function POST(request) {
+  return route(request);
+}
+async function PUT(request) {
+  return route(request);
+}
+async function PATCH(request) {
+  return route(request);
+}
+async function DELETE(request) {
+  return route(request);
+}
+async function OPTIONS(_request) {
+  return NextResponse5.json({}, { headers: corsHeaders });
+}
+export {
+  DELETE,
+  GET,
+  OPTIONS,
+  PATCH,
+  POST,
+  PUT
+};