simstudioai
diff --git a/‎.agents/skills/ship/SKILL.md‎
Lines changed: 10 additions & 9 deletions b/‎.agents/skills/ship/SKILL.md‎
Lines changed: 10 additions & 9 deletions
diff --git a/‎.claude/commands/ship.md‎
Lines changed: 4 additions & 2 deletions b/‎.claude/commands/ship.md‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎.cursor/commands/ship.md‎
Lines changed: 4 additions & 2 deletions b/‎.cursor/commands/ship.md‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎apps/sim/app/api/table/[tableId]/export/route.ts‎
Lines changed: 131 additions & 0 deletions b/‎apps/sim/app/api/table/[tableId]/export/route.ts‎
Lines changed: 131 additions & 0 deletions
diff --git a/‎apps/sim/app/api/table/[tableId]/groups/[groupId]/run/route.ts‎
Lines changed: 2 additions & 2 deletions b/‎apps/sim/app/api/table/[tableId]/groups/[groupId]/run/route.ts‎
Lines changed: 2 additions & 2 deletions
@@ -13,21 +13,20 @@ When the user runs `/ship`:
 
 1. **Check git status** - See what files have changed
 2. **Generate a commit message** following this format: `type(scope): description`
-   - Types: `fix`, `feat`, `improvement`, `chore`
-   - Scope: short identifier (e.g., `undo-redo`, `api`, `ui`)
-   - Keep it concise
-
-3. **Run lint** - Run `bun run lint` from the repo root to fix formatting issues before staging
-
+  - Types: `fix`, `feat`, `improvement`, `chore`
+  - Scope: short identifier (e.g., `undo-redo`, `api`, `ui`)
+  - Keep it concise
+3. **Run pre-ship checks** from the repo root before staging:
+  - `bun run lint` to fix formatting issues
+  - `bun run check:api-validation:strict` to catch boundary contract failures before CI
 4. **Stage and commit** the changes with the generated message
-
 5. **Push to origin** using the current branch name
-
 6. **Create a PR** to staging with a description in the user's voice
 
 ## Commit Message Format
 
 Based on the repo's commit history:
+
 ```
 fix(scope): description for bug fixes
 feat(scope): description for new features
@@ -61,6 +60,7 @@ Tested manually (or describe testing)
 ## PR Creation Command
 
 Use this command structure:
+
 ```bash
 gh pr create --base staging --title "COMMIT_MESSAGE" --body "PR_BODY"
 ```
@@ -77,6 +77,7 @@ gh pr create --base staging --title "COMMIT_MESSAGE" --body "PR_BODY"
 
 - Short, direct bullet points
 - No unnecessary explanation
-- "Tested manually" is acceptable for testing section
+- "Tested manually" is acceptable for testing section; include lint and boundary validation results when run
 - Checkboxes filled in appropriately
 - No screenshots section unless UI changes
+
@@ -17,7 +17,9 @@ When the user runs `/ship`:
    - Scope: short identifier (e.g., `undo-redo`, `api`, `ui`)
    - Keep it concise
 
-3. **Run lint** - Run `bun run lint` from the repo root to fix formatting issues before staging
+3. **Run pre-ship checks** from the repo root before staging:
+   - `bun run lint` to fix formatting issues
+   - `bun run check:api-validation:strict` to catch boundary contract failures before CI
 
 4. **Stage and commit** the changes with the generated message
 
@@ -77,6 +79,6 @@ gh pr create --base staging --title "COMMIT_MESSAGE" --body "PR_BODY"
 
 - Short, direct bullet points
 - No unnecessary explanation
-- "Tested manually" is acceptable for testing section
+- "Tested manually" is acceptable for testing section; include lint and boundary validation results when run
 - Checkboxes filled in appropriately
 - No screenshots section unless UI changes
@@ -12,7 +12,9 @@ When the user runs `/ship`:
    - Scope: short identifier (e.g., `undo-redo`, `api`, `ui`)
    - Keep it concise
 
-3. **Run lint** - Run `bun run lint` from the repo root to fix formatting issues before staging
+3. **Run pre-ship checks** from the repo root before staging:
+   - `bun run lint` to fix formatting issues
+   - `bun run check:api-validation:strict` to catch boundary contract failures before CI
 
 4. **Stage and commit** the changes with the generated message
 
@@ -72,6 +74,6 @@ gh pr create --base staging --title "COMMIT_MESSAGE" --body "PR_BODY"
 
 - Short, direct bullet points
 - No unnecessary explanation
-- "Tested manually" is acceptable for testing section
+- "Tested manually" is acceptable for testing section; include lint and boundary validation results when run
 - Checkboxes filled in appropriately
 - No screenshots section unless UI changes
@@ -0,0 +1,131 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { tableExportFormatSchema, tableIdParamsSchema } from '@/lib/api/contracts/tables'
+import { getValidationErrorMessage } from '@/lib/api/server'
+import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
+import { queryRows } from '@/lib/table/service'
+import { accessError, checkAccess } from '@/app/api/table/utils'
+
+const logger = createLogger('TableExport')
+
+const EXPORT_BATCH_SIZE = 1000
+
+type ExportFormat = 'csv' | 'json'
+
+interface RouteParams {
+  params: Promise<{ tableId: string }>
+}
+
+/** GET /api/table/[tableId]/export - Streams the full table contents as CSV or JSON. */
+export const GET = withRouteHandler(async (request: NextRequest, { params }: RouteParams) => {
+  const requestId = generateRequestId()
+  const { tableId } = tableIdParamsSchema.parse(await params)
+
+  const auth = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
+  if (!auth.success || !auth.userId) {
+    return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
+  }
+
+  const { searchParams } = new URL(request.url)
+  const formatValidation = tableExportFormatSchema.safeParse(
+    searchParams.get('format') ?? undefined
+  )
+  if (!formatValidation.success) {
+    return NextResponse.json(
+      { error: getValidationErrorMessage(formatValidation.error) },
+      { status: 400 }
+    )
+  }
+  const format: ExportFormat = formatValidation.data
+
+  const access = await checkAccess(tableId, auth.userId, 'read')
+  if (!access.ok) return accessError(access, requestId, tableId)
+  const { table } = access
+
+  const columns = table.schema.columns
+  const safeName = sanitizeFilename(table.name)
+  const filename = `${safeName}.${format}`
+
+  const stream = new ReadableStream<Uint8Array>({
+    async start(controller) {
+      const encoder = new TextEncoder()
+      try {
+        if (format === 'csv') {
+          controller.enqueue(encoder.encode(`${toCsvRow(columns.map((c) => c.name))}\n`))
+        } else {
+          controller.enqueue(encoder.encode('['))
+        }
+
+        let offset = 0
+        let firstJsonRow = true
+        while (true) {
+          const result = await queryRows(
+            tableId,
+            table.workspaceId,
+            { limit: EXPORT_BATCH_SIZE, offset, includeTotal: false },
+            requestId
+          )
+
+          for (const row of result.rows) {
+            if (format === 'csv') {
+              const values = columns.map((c) => formatCsvValue(row.data[c.name]))
+              controller.enqueue(encoder.encode(`${toCsvRow(values)}\n`))
+            } else {
+              const prefix = firstJsonRow ? '' : ','
+              firstJsonRow = false
+              controller.enqueue(encoder.encode(prefix + JSON.stringify({ ...row.data })))
+            }
+          }
+
+          if (result.rows.length < EXPORT_BATCH_SIZE) break
+          offset += result.rows.length
+        }
+
+        if (format === 'json') controller.enqueue(encoder.encode(']'))
+        controller.close()
+
+        logger.info(`[${requestId}] Exported table ${tableId}`, {
+          format,
+          rowCount: table.rowCount,
+        })
+      } catch (err) {
+        logger.error(`[${requestId}] Export failed for table ${tableId}`, err)
+        controller.error(err)
+      }
+    },
+  })
+
+  return new NextResponse(stream, {
+    status: 200,
+    headers: {
+      'Content-Type': format === 'csv' ? 'text/csv; charset=utf-8' : 'application/json',
+      'Content-Disposition': `attachment; filename="${filename}"`,
+      'Cache-Control': 'no-store',
+    },
+  })
+})
+
+function sanitizeFilename(name: string): string {
+  const cleaned = name.replace(/[^a-zA-Z0-9_-]+/g, '_').replace(/^_+|_+$/g, '')
+  return cleaned || 'table'
+}
+
+function formatCsvValue(value: unknown): string {
+  if (value === null || value === undefined) return ''
+  if (value instanceof Date) return value.toISOString()
+  if (typeof value === 'object') return JSON.stringify(value)
+  return String(value)
+}
+
+function toCsvRow(values: string[]): string {
+  return values.map(escapeCsvField).join(',')
+}
+
+function escapeCsvField(field: string): string {
+  if (/[",\n\r]/.test(field)) {
+    return `"${field.replace(/"/g, '""')}"`
+  }
+  return field
+}
@@ -34,7 +34,7 @@ export const POST = withRouteHandler(async (request: NextRequest, { params }: Ro
     const parsed = await parseRequest(runWorkflowGroupContract, request, { params })
     if (!parsed.success) return parsed.response
     const { tableId, groupId } = parsed.data.params
-    const { workspaceId, mode, rowIds } = parsed.data.body
+    const { workspaceId, runMode, rowIds } = parsed.data.body
 
     const result = await checkAccess(tableId, authResult.userId, 'write')
     if (!result.ok) return accessError(result, requestId, tableId)
@@ -48,7 +48,7 @@ export const POST = withRouteHandler(async (request: NextRequest, { params }: Ro
       tableId,
       groupId,
       workspaceId,
-      mode,
+      mode: runMode,
       requestId,
       rowIds,
     })