feat(deployments): add v1 deployment endpoints and Deployments block

[waleedlatif1]

Summary

• Adds v1 API endpoints to manage workflow deployments: POST /api/v1/workflows/{id}/deploy, DELETE /api/v1/workflows/{id}/deploy, and POST /api/v1/workflows/{id}/rollback (defaults to the previous version, accepts an explicit version)
• Adds a Deployments core block (Sim logo, black tile / green logo) with deploy, undeploy, promote-to-live, list versions, and get version details operations — workflow selector scoped to the current workspace like the Logs block
• Block tools call internal /api/tools/deployments/* routes authenticated via session or internal token (no API key needed)
• All surfaces (UI routes, v1 API, block tools, copilot) funnel through the same orchestration helpers (performFullDeploy, performFullUndeploy, performActivateVersion)
• Deploy/undeploy/promote require workspace admin permission; version reads require workspace access
• Adds the three v1 endpoints to the OpenAPI reference + generated API docs, a "Managing Deployments via the API" section in the deployment docs, and a generated Deployments block page

Type of Change

• New feature

Testing

• Route tests for the v1 endpoints (19) and the deployment tool routes (12); registry/block validation suites pass
• Typecheck, check:api-validation:strict, and docs build pass

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
docs	Ready	Preview, Comment	Jun 12, 2026 11:34pm

[cursor]

PR Summary

Medium Risk
Deployment mutations affect live API execution, schedules, and webhooks; admin-gated paths are consistent but mistakes can take workflows offline or roll back production versions.

Overview
Adds programmatic workflow deployment management on the v1 API (POST/DELETE /api/v1/workflows/{id}/deploy, POST /api/v1/workflows/{id}/rollback) with workspace admin checks, optional deploy metadata via parseOptionalJsonBody, and shared orchestration (performFullDeploy, performFullUndeploy, performActivateVersion). Rollback defaults to the previous live version via new findPreviousDeploymentVersion.

Introduces a Deployments core block and five internal tool routes under /api/tools/deployments/* (session/internal auth, workspace-bound, rate-limited) for deploy, undeploy, promote, list versions, and get version snapshot—wired through contracts, tool registry, and generated integration docs.

Sim trigger gains Workflow Undeployed (emitWorkflowUndeployedEvent on undeploy). OpenAPI/docs add the new endpoints and a deployment API section; example IDs shift to UUID-style samples. validateWorkspaceAccess now supports admin via permission ranks; version listing includes description and centralized deployedByName fallback.

^{Reviewed by Cursor Bugbot for commit 1543da4. Configure here.}

[greptile-apps]

Greptile Summary

This PR adds three v1 API endpoints and a new Deployments core block with five operations. All surfaces funnel through shared orchestration helpers, and a new workflow_undeployed workspace event type mirrors the existing workflow_deployed one.

• New v1 endpoints enforce API-key or session auth, require workspace admin permission for mutations, and return normalized warnings: [] arrays in all success responses.
• Tool routes accept only session or internal-token auth (API keys rejected), apply per-user rate limiting, and bind each request to its calling workspace to prevent cross-workspace access.
• findPreviousDeploymentVersion resolves the auto-detect rollback target by selecting the highest version number strictly below the current active one; the rollback route guards isDeployed before entering either path.

Confidence Score: 5/5

Safe to merge. All three previously flagged issues have been addressed in c0d450a. Auth separation between the v1 and tool surfaces is correct and tested.

The new endpoints and block are well-structured. Workspace binding, permission checks, and the isDeployed guard are all in place. 31 new route tests cover the key paths.

No files require special attention. The two observations are minor style notes on the Deployments block config callbacks.

Important Files Changed

Filename	Overview
apps/sim/app/api/v1/workflows/[id]/deploy/route.ts	Adds POST deploy and DELETE undeploy v1 handlers with proper rate-limiting, workspace scoping, isDeployed guards, and normalized warnings.
apps/sim/app/api/v1/workflows/[id]/rollback/route.ts	Adds POST rollback v1 handler; isDeployed guard applies to both explicit-version and auto-detect paths.
apps/sim/app/api/tools/deployments/utils.ts	Shared auth helpers: rejects API keys, applies per-user rate limiting, enforces workspace binding.
apps/sim/lib/workflows/persistence/utils.ts	Adds findPreviousDeploymentVersion and description field to listWorkflowVersions; deployedByName fallback now centralized here.
apps/sim/blocks/blocks/deployments.ts	New Deployments block with 5 operations; tool/params callbacks use Record<string, any>.
apps/sim/lib/workspace-events/emitter.ts	Shared lifecycle event helper; fire-and-forget semantics and self-notification guard retained for both event types.
apps/sim/app/api/tools/deployments/version/route.ts	GET handler for single deployment version details with read-level authorization.

_{Reviews (5): Last reviewed commit: "feat(deployments): resolve workflow name..." | Re-trigger Greptile}

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit c0d450a. Configure here.}

[waleedlatif1]

Pushed a hardening round from a full line-by-line audit (5 parallel reviewers) plus a rebase onto latest staging:

• Workspace-bound tool routes: /api/tools/deployments/* now require the executing workflow's workspaceId and reject cross-workspace targets (404) — workflow-driven executions (schedules/webhooks) can no longer reach into other workspaces the actor administers
• Optional-body parsing: v1 deploy/rollback read bodies via a new parseOptionalJsonBody helper — size-capped and 400 on malformed JSON (previously a typo'd body was silently treated as empty)
• Version bounds: version numbers are bounded to the Postgres integer range across all contracts (was a potential 500 on overflow)
• 404 masking: v1 mutation routes mask access failures as 404, matching GET /api/v1/workflows/{id} and closing an existence oracle
• Mothership parity: listWorkflowVersions now returns description and normalizes deployedByName for admin-API deploys (same shape as the mothership get_deployment_log tool); promote semantics documented as identical to promote_to_live
• UX: the workflow selector no longer auto-selects the first workflow in the workspace (new autoSelectFirstOption opt-out on the dropdown subblock)
• CI: rebased onto latest staging and updated the api-validation route baseline (Vanta landed +7 routes)

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit 94870e2. Configure here.}

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit 079b6a6. Configure here.}

[waleedlatif1]

Final round pushed (1543da4):

• Deployments block now uses the workflow-selector subblock — the canvas tile shows the workflow name instead of the raw ID, matching the Workflow block
• Added Workflow Undeployed to the Sim trigger (emitted from performFullUndeploy via a shared lifecycle-event dispatch loop; subscription validation derives from the shared event-type constant)
• OpenAPI examples now use real ID formats (UUIDs for workflows/workspaces/executions/KBs, wf_-prefixed short IDs for files, tbl_/row_ + hex for tables)
• Security scan of the full PR diff (auth ordering, workspace binding, PERMISSION_RANK semantics, parsing primitives, SQL parameterization): no findings
• Live-tested all three v1 endpoints against a local workflow: 17/17 scenarios pass

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit 1543da4. Configure here.}