v0.6.2: mothership stability, chat iframe embedding, KB upserts, new blog post

[waleedlatif1]

• fix(mothership): fix mothership file uploads (fix(mothership): fix mothership file uploads #3640)
• fix(workspace): prevent stale placeholder data from corrupting workflow registry on switch
• feat(csp): allow chat UI to be embedded in iframes (feat(csp): allow chat UI to be embedded in iframes #3643)
• fix(logs): add durable execution diagnostics foundation (fix(logs): add durable execution diagnostics foundation #3564)
• feat(knowledge): add upsert document operation (feat(knowledge): add upsert document operation #3644)
• feat(mothership): request ids (feat(mothership): request ids #3645)
• improvement(landing): added enterprise section (improvement(landing): added enterprise section #3637)
• fix(db): reduce connection pool sizes to prevent exhaustion (fix(db): reduce connection pool sizes to prevent exhaustion #3649)
• feat(home): resizable chat/resource panel divider (feat(home): resizable chat/resource panel divider #3648)
• feat(blog): add v0.6 blog post and email broadcast (feat(blog): add v0.6 blog post and email broadcast #3636)

[cursor]

You have used all Bugbot PR reviews included in your free trial for your GitHub account on this workspace.

To continue using Bugbot reviews, enable Bugbot for your team in the Cursor dashboard.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
docs	Skipped		Mar 18, 2026 10:26am

[greptile-apps]

Greptile Summary

This is a large staging PR that bundles ten separate fixes and features: mothership file-upload tracking, workspace registry corruption on switch, chat iframe embedding, durable execution diagnostics, knowledge base upsert, mothership request IDs, enterprise landing section, DB connection pool reduction, and a resizable resource panel divider.

Key changes:

• Knowledge upsert (feat(knowledge)): New /api/knowledge/[id]/documents/upsert route and knowledge_upsert_document tool implement a create-before-delete replacement strategy. The transformResponse function doesn't check response.ok, so API errors silently return success: true with an empty documentId. Additionally, the create+delete path lacks a database transaction — if the silent .catch(() => {}) rollback also fails, both the old and new document records survive.
• Durable execution diagnostics (fix(logs)): loggingSession.onBlockStart and onBlockComplete now write lastStartedBlock/lastCompletedBlock markers to the DB on every block event, drained before finalization. callOnBlockStart/callOnBlockComplete are correctly made async throughout the executor tree. External SSE callbacks (onBlockComplete, onBlockStart) are now fire-and-forget (void), relaxing real-time ordering guarantees.
• Chat iframe embedding (feat(csp)): /chat/:path* routes now set frame-ancestors: *, COEP: unsafe-none, COOP: unsafe-none via next.config.ts headers, and the middleware no longer applies runtime CSP to these routes. This is intentional for the embeddable chat feature.
• Workspace registry fix (fix(workspace)): completeMetadataLoad is now guarded with !query.isPlaceholderData, preventing stale placeholder data from replacing real workflow metadata on workspace switch.
• Mothership file upload fix (fix(mothership)): trackChatUpload now UPDATEs an existing workspaceFiles record before falling back to INSERT, eliminating duplicate DB records when the storage service has already created the row.
• DB connection pool reduction (fix(db)): Main pool reduced from 30→10, socket pool from 15→10 to prevent pool exhaustion.
• Resizable resource panel (feat(home)): New useMothershipResize hook uses Pointer Events + setPointerCapture for zero-re-render drag; clearWidth is called on collapse so the CSS class retakes control.

Confidence Score: 3/5

• Safe to merge after addressing the upsert tool error-handling and rollback logging issues; the rest of the changes are solid.
• Two concrete logic bugs in the knowledge upsert feature (silent error masking in transformResponse and a best-effort rollback that swallows its own errors) lower confidence. The rest of the PR — durable execution diagnostics, chat embedding, workspace registry fix, pool reduction, and resizable panel — are well-implemented. The executor async-ification is thorough and correctly propagated across the orchestrator tree.
• apps/sim/tools/knowledge/upsert_document.ts and apps/sim/app/api/knowledge/[id]/documents/upsert/route.ts require attention before the upsert feature is reliable in production.

Important Files Changed

Filename	Overview
apps/sim/app/api/knowledge/[id]/documents/upsert/route.ts	New upsert endpoint for knowledge base documents — create-then-delete replacement strategy works but lacks a DB transaction; silent rollback failure (.catch(() => {})) can leave orphaned records
apps/sim/tools/knowledge/upsert_document.ts	New upsert tool — transformResponse does not check response.ok, so 4xx/5xx API errors are silently returned as success: true with empty documentId
apps/sim/lib/logs/execution/logging-session.ts	Significant durable execution diagnostics addition — lastStartedBlock/lastCompletedBlock markers written to DB on each block event, drained before finalization; drainPendingProgressWrites while-loop is safe in practice but could theoretically spin if writes recursively add new writes
apps/sim/lib/workflows/executor/execution-core.ts	New wrappedOnBlockStart mirrors the existing wrappedOnBlockComplete pattern; external SSE callbacks are now fire-and-forget (void), which relaxes ordering guarantees for real-time streaming
apps/sim/lib/core/security/csp.ts	Refactors form embed CSP into a shared getEmbedCSPPolicy helper and adds getChatEmbedCSPPolicy; both use frame-ancestors: * which is intentional for the embedding feature
apps/sim/hooks/queries/workflows.ts	Bug fix: adds !query.isPlaceholderData guard to completeMetadataLoad effect, preventing stale placeholder data from corrupting the workflow registry on workspace switch
apps/sim/app/workspace/[workspaceId]/home/hooks/use-mothership-resize.ts	New hook implementing imperative resize via Pointer Events + setPointerCapture with zero React re-renders during drag; correctly handles cleanup on unmount and viewport resize clamping
packages/db/index.ts	Reduces main DB connection pool from 30 → 10 to prevent pool exhaustion; socket DB pool also reduced from 15 → 10

Sequence Diagram

sequenceDiagram
    participant Client
    participant ExecutionCore as execution-core.ts
    participant BlockExecutor as block-executor.ts
    participant LogSession as LoggingSession
    participant DB as Database

    Client->>ExecutionCore: executeWorkflowCore()
    ExecutionCore->>LogSession: initialize()
    LogSession->>DB: INSERT workflow_execution_logs

    loop For each block
        BlockExecutor->>ExecutionCore: wrappedOnBlockStart(blockId, ...)
        ExecutionCore->>LogSession: onBlockStart() [await]
        LogSession->>DB: UPDATE execution_data.lastStartedBlock [async/tracked]
        ExecutionCore-->>BlockExecutor: (external onBlockStart fired void)

        BlockExecutor->>BlockExecutor: execute block

        BlockExecutor->>ExecutionCore: wrappedOnBlockComplete(blockId, output, ...)
        ExecutionCore->>LogSession: onBlockComplete() [await]
        LogSession->>DB: UPDATE execution_data.lastCompletedBlock [async/tracked]
        LogSession->>DB: UPDATE cost [void/tracked]
        ExecutionCore-->>BlockExecutor: (external onBlockComplete fired void)
    end

    ExecutionCore->>LogSession: safeComplete()
    LogSession->>LogSession: drainPendingProgressWrites()
    LogSession->>DB: UPDATE workflow_execution_logs (status, traceSpans, finalizationPath)

Loading

_{Last reviewed commit: "feat(home): resizabl..."}

[greptile-apps]

transformResponse ignores HTTP error status

If the API returns a 4xx or 5xx response (e.g. { error: 'Unauthorized' }), this function never checks response.ok. It falls through to result.data ?? result, which becomes the raw error body, documentsCreated is undefined → [], firstDocument is undefined, and documentId resolves to ''. The function then unconditionally returns { success: true, output: { documentId: '' } }, masking the failure entirely.

Compare this to how other knowledge tools handle errors – they guard on response.ok before parsing the success path. The same pattern should be applied here:

transformResponse: async (response): Promise<KnowledgeUpsertDocumentResponse> => {
  const result = await response.json()

  if (!response.ok) {
    return {
      success: false,
      output: { data: {} as any, message: result.error || 'Failed to upsert document', documentId: '' },
      error: result.error || `HTTP ${response.status}`,
    }
  }

  const data = result.data ?? result
  // ... rest of success path
}

[greptile-apps]

Silent rollback failure leaves orphaned records

The create-then-delete rollback silently swallows errors:

await deleteDocument(firstDocument.documentId, requestId).catch(() => {})

If the rollback itself fails (e.g. transient DB error), both the old document and the newly created document record will exist in the knowledge base simultaneously. The caller receives a 500, but neither record is cleaned up, leading to duplicate documents that are invisible to normal user flows but still consume storage and can surface in search results.

Since the whole operation is logically atomic (replace), wrapping createDocumentRecords and deleteDocument in a database transaction would be the safest fix. If a transaction isn't feasible here (e.g. the service layer doesn't expose transaction contexts), at minimum the rollback failure should be logged at error level with enough context to trigger manual cleanup:

await deleteDocument(firstDocument.documentId, requestId).catch((rollbackError) => {
  logger.error(
    `[${requestId}] Rollback failed — orphaned document ${firstDocument.documentId} may exist`,
    rollbackError
  )
})

[greptile-apps]

External onBlockComplete callback is now fire-and-forget

Previously onBlockComplete (the real-time SSE/streaming callback) was awaited, ensuring events were delivered before the block execution pipeline advanced. The new wrapper fires it with void ... .catch(...) — unblocking execution but giving up ordering guarantees.

In practice this means a fast-executing workflow could advance to the next block (and emit its start event) before the previous block's complete event has been flushed to the SSE client, potentially causing out-of-order events visible to the user.

If ordering is acceptable to relax here (e.g. the SSE layer has its own sequencing), this is intentional. If not, consider keeping the await for the external callback while only making loggingSession.onBlockComplete fire-and-forget:

await loggingSession.onBlockComplete(blockId, blockName, blockType, output)
if (onBlockComplete) {
  await onBlockComplete(blockId, blockName, blockType, output, iterationContext, childWorkflowContext)
}

[greptile-apps]

drainPendingProgressWrites could spin if writes keep scheduling new writes

The drain loop snapshots the current set and awaits all of them, then loops back if the set is still non-empty. This correctly handles the case where a write completes and removes itself while another is still in progress. However, if any in-flight write schedules a new write (via trackProgressWrite) before the allSettled call returns, that new write is added to pendingProgressWrites and will be caught by the next iteration.

Currently this chain terminates because persistLastStartedBlock / persistLastCompletedBlock / flushAccumulatedCost don't recursively add more writes. But as this class evolves, a write that calls another trackProgressWrite internally would create an unbounded loop.

A simpler and safer drain strategy is to await a fixed snapshot once, then return – relying on safeComplete* callers to call drain only after block execution is fully finished (which is already the case):

private async drainPendingProgressWrites(): Promise<void> {
  if (this.pendingProgressWrites.size > 0) {
    await Promise.allSettled(Array.from(this.pendingProgressWrites))
  }
}