v0.6.53: permissions groups migration, docs updates

[waleedlatif1]

• fix(migration): permission group migration error (fix(migration): permission group migration error #4258)
• fix(docs): update simstudio.ai URLs to sim.ai in SSO docs (fix(docs): update simstudio.ai URLs to sim.ai in SSO docs #4257)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
docs	Building	Preview, Comment	Apr 22, 2026 4:19am

[cursor]

PR Summary

Medium Risk
Touches a production database migration that reshapes permission_group/membership data and constraints; a mistake could drop or mis-associate access-control data. Docs-only changes are low risk but won’t mitigate migration execution issues.

Overview
Database: Updates migration 0194_careless_pete_wisdom.sql to be idempotent by adding IF NOT EXISTS/DROP ... IF EXISTS guards, conditional FK creation, and relaxing permission_group.organization_id to allow workspace-scoped clone rows before removing legacy org-scoped structures.

Docs: Refreshes Enterprise docs by removing Callout wrappers in favor of plain text, simplifying/clarifying Access Control and Data Retention copy, reorganizing the Enterprise landing page (adds sections for Audit Logs/Data Retention/Whitelabeling and a new self-hosted env var table), and updating SSO callback/issuer examples from simstudio.ai to sim.ai.

^{Reviewed by Cursor Bugbot for commit 7941dcd. Configure here.}

[greptile-apps]

Greptile Summary

This PR fixes a partial-failure bug in the permission group migration by making every step idempotent (IF NOT EXISTS / IF EXISTS guards, conditional FK constraint blocks, and a new DROP NOT NULL on organization_id required before the clone-insert step), and updates enterprise docs to reflect the new sim.ai domain and a simplified, cloud-only content structure.

Confidence Score: 5/5

Safe to merge — the migration fix is well-reasoned and all doc changes are straightforward URL and content updates.

No P0 or P1 findings. The idempotency guards are correct PostgreSQL patterns; the added DROP NOT NULL on organization_id is necessary for the clone-insert step and is safe since the column is dropped entirely in step 7. Doc changes are content-only with no logic.

No files require special attention.

Important Files Changed

Filename	Overview
packages/db/migrations/0194_careless_pete_wisdom.sql	Makes the permission group migration idempotent via IF NOT EXISTS guards, conditional FK constraint blocks, DROP NOT NULL on organization_id, and IF EXISTS/IF NOT EXISTS on index/column drops and creates.
apps/docs/content/docs/en/enterprise/sso.mdx	Updates all simstudio.ai callback/redirect URLs to sim.ai; removes several Callout info blocks and self-hosted-specific notes about ORGANIZATIONS_ENABLED and instance hostname replacement.
apps/docs/content/docs/en/enterprise/index.mdx	Major restructure: removes detailed self-hosted config section and replaces it with a concise env-var table at the bottom; adds short sections for Whitelabeling, Audit Logs, and Data Retention; simplifies FAQ.
apps/docs/content/docs/en/enterprise/data-retention.mdx	Removes Callout import and callout blocks; collapses plan-based defaults table into a single generic defaults paragraph; minor prose polish.
apps/docs/content/docs/en/enterprise/audit-logs.mdx	Removes unused Callout import and converts one callout (API key / rate-limit note) to inline prose.
apps/docs/content/docs/en/enterprise/whitelabeling.mdx	Removes Callout import and converts one info callout to inline prose; minor wording cleanup at end of file.
apps/docs/content/docs/en/enterprise/access-control.mdx	Single FAQ answer simplified to drop the self-hosted ACCESS_CONTROL_ENABLED mention; no structural changes.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    S0["Step 0: Backfill org links\nfor grandfathered workspaces"]
    S1["Step 1: ADD COLUMN IF NOT EXISTS\nworkspace_id (nullable)\n+ conditional FK constraints"]
    S1b["Step 1b: DROP NOT NULL\non organization_id\n(allows NULL in clone rows)"]
    S2["Step 2: CREATE TEMP TABLE\nclone_plan\n(source_id, cloned_id, workspace_id)"]
    S3["Step 3: INSERT clone rows\n(workspace-scoped, org_id = NULL)"]
    S4["Step 4: INSERT clone member rows"]
    S5["Step 5: DELETE legacy\norg-scoped members + groups"]
    S6["Step 6: SET NOT NULL\non workspace_id columns"]
    S7["Step 7: DROP old constraints/indexes\nCREATE new unique indexes\n(all IF EXISTS / IF NOT EXISTS)"]
    S8["Step 8: Sweep dead config keys"]

    S0 --> S1 --> S1b --> S2 --> S3 --> S4 --> S5 --> S6 --> S7 --> S8

Loading

_{Reviews (1): Last reviewed commit: "fix(docs): update simstudio.ai URLs to s..." | Re-trigger Greptile}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 7941dcd. Configure here.}

[cursor]

Non-idempotent DROP NOT NULL breaks re-run safety

Medium Severity

The migration explicitly claims idempotency (lines 9–10), and every other DDL statement is carefully guarded with IF EXISTS/IF NOT EXISTS. However, step 1b's ALTER TABLE "permission_group" ALTER COLUMN "organization_id" DROP NOT NULL is unguarded. On a re-run after a successful first run, organization_id no longer exists (dropped by step 7), causing a "column does not exist" error. This needs to be wrapped in a DO $$ ... IF EXISTS block that checks information_schema.columns for the column before altering it.

Additional Locations (1)

• packages/db/migrations/0194_careless_pete_wisdom.sql#L8-L10

 

^{Reviewed by Cursor Bugbot for commit 7941dcd. Configure here.}