Pull Request Explorer

Summary

Backport dependency bump for security fixes

Updates critical dependencies to address 21 CVEs, ensuring sandbox security and preventing potential exploits.

Health Assessment

• • Rapid review and merge due to automated bot handling and minimal changes.

Summary

Bump Axios, hono, vm2, fast-xml-parser

Updates critical dependencies to address 21 CVEs, ensuring sandbox security and stability.

Health Assessment

• • Quick review and merge, minimal changes, low risk.

Summary

Fix HTTPS connection issue after simple-git update

This backport resolves HTTPS connection failures caused by a recent simple-git update, ensuring stable operation for the release-candidate/2.19.x branch.

Health Assessment

• • Rapid resolution with minimal changes and a single AI-assisted review, indicating a straightforward bug fix with low risk.

Summary

Fix HTTPS connection issue in Simple-git

Resolved HTTPS connection failure caused by Simple-git update, ensuring reliable source control integration for users.

Health Assessment

• • Quick backport with minimal changes and no review friction, merged within 30 minutes.

Summary

Fix agent session query quoting for Postgres

Corrects Postgres query errors by quoting identifiers and respecting table prefixes, ensuring agent session endpoints work reliably.

Health Assessment

• • Fast cycle time with minimal rework; AI review bot flagged no issues, indicating high confidence in correctness.

Summary

Fix Simple-git HTTPS connection issue in 1.x

Backports a critical fix for HTTPS connection failures caused by a Simple-git update, ensuring reliable source control operations for users on the 1.x branch.

Health Assessment

• • Quick backport with minimal changes and no review comments indicates low risk and efficient resolution.

Summary

Limit shown credentials to current project or workflow

Restricts credential visibility to the current project or workflow, enhancing security and ensuring users only see relevant credentials.

Health Assessment

• • Fast review with AI bot, minimal rework, quick merge within 4.3 hours.

Summary

Fix trimmed placeholder leakage in editor

Prevents corrupted execution data from persisting, ensuring reliable workflow execution and a smoother user experience.

Health Assessment

• • The PR was reviewed quickly and merged after a single commit, indicating a smooth and low‑friction process.

Summary

Fix HTTPS connection after simple-git update

Restores HTTPS support in the source control service, preventing connection failures for users.

Health Assessment

• • Quick fix with minimal changes, AI review confirmed no issues, merged within 48 minutes.

Summary

Dependency bump for security fixes

Upgrades critical dependencies to address 21 CVEs, improving security and stability.

Health Assessment

• • Quick review and merge after automated dependency update; minimal friction.

Summary

Add prebuilt workflows flag to eval CLI

Enables evaluation of externally built workflows, reducing build overhead and supporting regular cadence of evaluations.

Health Assessment

• • The PR added a new CLI flag and extensive tests, received moderate review with a few issues, and was merged within 36 hours, reflecting efficient but complex change.

Summary

Correct node property usage

Fixes incorrect node property reference in the instance AI adapter and setup panel utilities, improving reliability and preventing runtime errors.

Health Assessment

• • Quick fix with minimal rework; AI review confirmed no issues; fast cycle and review times indicate low friction.

Summary

Add support for recurring event instances

Introduces a toggle in the Microsoft Outlook node to include individual recurring event instances, enabling expanded calendar views for users.

Health Assessment

• • PR merged in under two days with a single review and comprehensive tests, indicating a smooth and well‑tested implementation.

Summary

Scope CI path-filter to PR-only changes

Ensures CI jobs run only when relevant files change, reducing unnecessary runs and cost.

Health Assessment

• • Fast review and merge (under 1 hour), minimal changes, improves CI reliability by preventing spurious job triggers.

Summary

Use API v2 for Calendly webhook subscriptions

Migrates the Calendly Trigger node to use API v2 webhook subscriptions and updates credentials to use personal access token authentication, improving reliability and security for users.

Health Assessment

• • The PR required multiple merges from master to stay current, indicating a busy branch, but the review was quick and the change was a bugfix that improved API usage.

Summary

Gate web search tool behind approval checks

Ensures research tools' web-search action requires proper approval, preventing unauthorized external requests.

Health Assessment

• • The PR addressed a missing approval check for the web-search action, a critical security fix. Despite a quick review, the change required multiple commits, indicating iterative refinement but overall efficient review process.

Summary

Fix read-only background color visibility

Improves visibility of read-only canvas stripes in light mode, enhancing user experience.

Health Assessment

• • Quick backport with minimal changes and no review friction.

Summary

Make Chromatic visual checks non-blocking

Prevents Chromatic visual regression checks from blocking PR merges, allowing for non-blocking visual diffs.

Health Assessment

• • Fast review and merge cycle, low number of comments and commits indicate a smooth PR process.

Summary

Configure safechain options via JSON file

Enables easier maintenance of safechain settings by externalizing configuration into a JSON file, improving CI pipeline flexibility.

Health Assessment

• • Fast review and merge with minimal changes, indicating a straightforward CI improvement.

Summary

Fix WaitTracker to poll only waiting executions

Eliminates zombie execution rows that caused repeated timeout warnings, improving system stability and resource efficiency for users.

Health Assessment

• • Fast turnaround (21h cycle, 1h review) with minimal changes and AI assistance indicates a straightforward, low‑risk bug fix.

Summary

Correct rationale for no-overrides-field ESLint rule

Clarifies the rationale behind the no-overrides-field ESLint rule, preventing misunderstandings about dependency overrides and ensuring maintainers use correct practices without affecting runtime behavior. This change maintains the rule's enforcement while improving documentation accuracy, reducing potential misconfigurations in community node packages.

Health Assessment

• • Fast review and merge with minimal changes; documentation clarified without affecting functionality.

Summary

Change read-only background color for visibility

Improves visibility of read-only canvas stripes in light mode, enhancing user experience without affecting dark mode.

Health Assessment

• • Quick fix with AI review, minimal changes, fast merge.

Summary

Allow custom OAuth2 scopes for Strava Node

Enables users to request additional Strava permissions by toggling custom scopes, improving flexibility without breaking existing credentials.

Health Assessment

• • The PR was reviewed and merged within 1.2 hours, indicating a smooth process with minimal friction. The use of AI assistance likely contributed to the rapid turnaround. The change is small to medium in scope and does not introduce significant risk.

Summary

Match production builder step cap in pairwise eval

Aligns evaluation harness step limit with production, reducing false failure rates. Improves reliability of evaluation metrics.

Health Assessment

• • Fast review and merge with minimal changes; no major risk.

Summary

Show workflow-triggered runs in agent session history

Adds the ability to view and continue agent sessions triggered by workflow runs, improving traceability and user experience.

Health Assessment

• • Fast cycle time and minimal review rounds indicate efficient implementation; large scope suggests significant feature addition.

Summary

Add webhook request verification for Trello Trigger Node

Enables optional HMAC‑SHA1 verification of incoming Trello webhook requests, improving security while maintaining backward compatibility for existing workflows.

Health Assessment

• • The PR required over 9 days to merge with a slow review cycle, indicating potential bottlenecks in the review process. The large code addition and extensive test suite expansion suggest significant changes, but the single review round may reflect reviewer confidence.

Summary

Add test for JWE decryption in OAuth2 callback

Adds a regression test to guarantee that OAuth2 credentials with JWE enabled correctly decrypt tokens during dynamic-credential flows, preventing future failures in credential storage. This protects users from authentication errors and maintains data integrity.

Health Assessment

• • Fast review and single commit indicate a straightforward test addition with minimal risk.

Summary

Instance AI workflow setup nodes grouping

This PR groups instance AI setup nodes by credential type and parent/sub nodes, streamlining the configuration process and improving user experience. It also refactors backend schema to reduce data fetching.

Health Assessment

Summary

Add webhook request verification to Twilio Trigger node

Adds verification of webhook requests using Twilio's signing scheme, improving security and ensuring only legitimate requests are processed.

Health Assessment

• • The PR required nearly 10 days to merge with a single review cycle, indicating a slow review process but minimal rework. The addition of 389 lines across four files represents a large scope, contributing to the extended cycle time.

Summary

Validate URL type in older HTTP Request nodes

Ensures older HTTP Request nodes handle non‑string URLs gracefully, preventing runtime errors and improving stability.

Health Assessment

• • Quick fix with minimal rework; AI review confirmed no issues, leading to a fast merge.

Summary

Rename encryption keys column header to Status

Updates the UI to correctly label the encryption key status column, improving clarity for users.

Health Assessment

• • Quick, single‑commit fix with one review comment and no rework, indicating a low‑risk, low‑friction change.

Summary

Cap eval concurrency slider to admin limit

Aligns the evaluation concurrency slider with the admin-configured limit, preventing over-allocation and improving user experience.

Health Assessment

• • Fast review and minimal rework indicate a straightforward change with clear alignment to existing backend limits.

Summary

Validate MCP tool names and schemas

Ensures MCP tool ingestion is safe and bounded, preventing unsafe names and oversized schemas from compromising the Instance AI agent. Improves reliability and security for users integrating external MCP services.

Health Assessment

• • Fast review and merge after quick validation; minimal rework; high confidence in correctness.

Summary

Improve filesystem read handling

Enhances reliability of file operations in the AI builder by enforcing consistent exclusion handling and accurate file type detection, reducing errors in file processing.

Health Assessment

• • Fast cycle time and minimal review rounds indicate a smooth process; AI review helped surface issues early, leading to a quick resolution.

Summary

Fix Computer Use setup token expiration

This change tightens the Computer Use setup flow by making pairing tokens short‑lived and single‑use. Users now see token expiry and receive fresh commands if the previous token has expired, enhancing security and usability.

Health Assessment

• • The PR was reviewed quickly by an AI agent, with minimal human intervention, and merged within a day, indicating a smooth, low‑risk change.

Summary

Health Assessment

Summary

Clarify Google Chat message resource name

Updates the Google Chat node to clarify the required message resource name format, improving user understanding and reducing errors.

Health Assessment

• • Quick turnaround with AI-assisted review, minimal changes, low risk.

Summary

Correct connect.html path in browser extension

Fixes the resolved URL for the MCP browser extension's connect page, ensuring the connect tab opens without a 404.

Health Assessment

• • Quick fix with minimal changes, reviewed by an AI bot and approved within a day, indicating low complexity and risk.

Summary

Add webhook request verification for Formstack Trigger node

Enables secure webhook handling by verifying HMAC signatures, improving security and reliability for Formstack integrations.

Health Assessment

• • PR took nearly 8 days to merge, with a single review round and moderate scope, indicating a straightforward but time‑consuming process.

Summary

Extract shared eval helpers

Refactor to extract shared evaluation helpers, improving maintainability and preparing for upcoming computer‑use evaluation harness.

Health Assessment

• • The PR was reviewed quickly with minimal back‑and‑forth, and the changes were merged within two days, indicating a smooth process.

Summary

Add merge.input(n) support in branch targets

Enables SDK consumers to wire merge inputs directly into IF/SWITCH branches, improving workflow composition and eliminating validation errors.

Health Assessment

• • Fast review (0.9h) and no post-review commits indicate clear intent and well-tested changes.

Summary

Add CLI to print Instance AI agent prompts

Provides a developer CLI that renders and writes system prompts for the Instance AI agents, enabling auditing and sharing of prompt content.

Health Assessment

• • Quick review and merge within 48 hours, minimal rework.

Summary

Add get_environment tool for runtime date and timezone

Adds a tool that provides current date/time, timezone, and day of week to agents, enabling accurate reasoning about time-sensitive tasks.

Health Assessment

• • Fast review cycle with AI review, minimal rework, quick merge.

Summary

Add agent-browser support to Computer Use

Enables stable browser automation via agent-browser, improving reliability and token usage for automated workflows.

Health Assessment

• • Rapid AI-assisted review and multiple post-review commits kept the cycle time under 24 hours, but the large code addition and several iterations suggest moderate risk of integration complexity.

Summary

Flip npm release order for idempotency

Reorders npm publish steps to enable safe retries, improving release reliability.

Health Assessment

• • Quick approval with minimal review, indicating a straightforward change.

Summary

Add webhook request verification

Adds HMAC SHA‑256 signature verification to incoming Cal.com webhook requests using the X‑Cal‑Signature‑256 header, improving security and ensuring only legitimate requests are processed.

Health Assessment

• • The PR had a long overall cycle time but the review was quick and the changes were straightforward, indicating low risk and minimal friction.

Summary

Add webhook request verification to Calendly node

Enables secure webhook handling by verifying signatures, improving reliability and security for Calendly integrations.

Health Assessment

• • The PR added webhook signature verification, received a quick review, and merged after a single commit, indicating a straightforward change with minimal friction.

Summary

Add webhook request verification to Customer.io node

Adds optional HMAC‑SHA256 verification of incoming Customer.io webhook requests, improving security and preventing unauthorized triggers.

Health Assessment

• • The PR added a significant number of lines to implement webhook verification, but the review was quick and the changes were straightforward, indicating a smooth process.

Summary

Add webhook request verification to Mautic Trigger node

Adds HMAC‑SHA256 verification for incoming Mautic webhook requests, improving security while maintaining backward compatibility.

Health Assessment

• • PR added webhook verification with AI assistance, reviewed quickly with minimal rework, moderate scope of 280 added lines across 4 files.

Summary

Add webhook request verification

Adds HMAC‑SHA256 signature verification for MailerLite webhooks, ensuring only valid requests are processed and improving security.

Health Assessment

• • The PR required a few iterations and a review by AI, but the final merge took almost 8 days, indicating moderate complexity and some review friction.