feat(workspace-vars): add workspace scoped environment + fix cancellation of assoc. workspace invites if org invite cancelled

[icecrasher321]

Summary

• Add workspace scoped environment that takes precedence
• Fix issue with cancelling org invites not cancelling associated "bulk" workspace invites.

Keeping migrations separate for clean separation of concerns.

Type of Change

• Bug fix
• New feature

Testing

In Progress

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

Screenshots

Regular view:

Naming Conflict:

Trying to Save with naming conflict:

Tooltip for making a var workspace scoped:

Envvar dropdown that shows set of all available envvars:

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
sim	Ready	Preview	Comment	Sep 1, 2025 11:00pm

1 Skipped Deployment

Project	Deployment	Preview	Comments	Updated (UTC)
docs	Skipped			Sep 1, 2025 11:00pm

[greptile-apps]

Greptile Summary

This PR implements workspace-scoped environment variables that take precedence over personal environment variables, along with a bug fix for workspace invitation cancellation. The changes introduce a hierarchical environment variable system where workspace-level variables override personal ones during workflow execution.

The implementation adds a new workspace_environment database table to store workspace-scoped environment variables, following the same encryption patterns as personal environment variables but scoped to workspaces. The system maintains backward compatibility by continuing to support personal environment variables while adding workspace-level overrides.

Key architectural changes include:

• New API endpoints at /api/workspaces/[id]/environment for CRUD operations on workspace environment variables
• Updated environment store with three new methods: loadWorkspaceEnvironment, upsertWorkspaceEnvironment, and removeWorkspaceEnvironmentKeys
• Enhanced workflow execution across all contexts (manual, scheduled, webhook, chat) to load both personal and workspace variables with workspace taking precedence
• New utility functions in lib/environment/utils.ts for merging environment variables with conflict detection
• UI updates to the settings modal allowing users to manage workspace variables and promote personal variables to workspace scope

The workspace invitation fix addresses a data consistency issue by adding an orgInvitationId column to link workspace invitations with their parent organization invitations. This enables proper cascading cancellation when organization invitations are cancelled, preventing orphaned workspace invitations.

The changes integrate seamlessly with the existing workspace-based architecture, where workflows, chats, and other resources are already scoped to workspaces. This enables teams to share common environment configurations while maintaining individual personal overrides.

Confidence score: 2/5

• This PR has significant implementation inconsistencies and potential issues that could cause problems in production
• Score lowered due to type safety violations, inconsistent API implementation patterns, and critical logic bugs in invitation handling
• Pay close attention to apps/sim/app/api/workspaces/[id]/environment/route.ts and apps/sim/app/api/organizations/invitations/accept/route.ts for type assertions and inconsistent invitation logic

Context used:

Context - Avoid using type assertions to 'any' in TypeScript. Instead, ensure proper type definitions are used to maintain type safety. (link)

_{24 files reviewed, 8 comments}

_{Edit Code Review Bot Settings | Greptile}