feat(ee): enterprise feature flags, permission group platform controls, audit logs ui, delete account

[waleedlatif1]

Summary

• Add WHITELABELING_ENABLED and AUDIT_LOGS_ENABLED enterprise feature flags with full pattern consistency (env.ts, feature-flags.ts, navigation.ts, helm values, docs)
• Fix whitelabeling nav using billing flag as override — now uses dedicated isWhitelabelingEnabled
• Add selfHostedOverride to audit logs nav item so it shows on self-hosted when flag is enabled
• Add platform controls to permission groups: hideIntegrationsTab, hideSecretsTab, hideInboxTab, disablePublicApi; migrate existing hideEnvironmentTab → hideSecretsTab
• Overhaul permission groups UI: blacklisted providers query, platform feature controls, tab layout refactor, unified scroll container
• Audit logs UI: expandable rows with metadata rendering helpers, inline vs pre formatting
• Add delete account feature with typed confirmation modal
• Settings sidebar: dynamic skeleton sections from nav items, subscription/permission loading gates, SSO query gated to self-hosted only
• Prefetch subscription data server-side to avoid tab flash on first paint
• Remove "Hide Powered by Sim branding" toggle from whitelabeling settings (not ready)

Type of Change

• New feature

Testing

Tested manually

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
docs	Skipped		Apr 12, 2026 3:40am

[cursor]

PR Summary

Medium Risk
Medium risk: changes touch access-control/permission-group APIs and settings navigation gating, which could affect who can see/use features if flags or config parsing are wrong. Most other updates are UI/layout and new read-only endpoints, but they impact first-paint behavior and enterprise feature visibility.

Overview
Adds self-hosted enterprise feature overrides for WHITELABELING_ENABLED and AUDIT_LOGS_ENABLED (env schema, feature flags, Helm values, docs) and updates settings navigation so Whitelabeling/Audit Logs appear based on these dedicated flags (fixing the prior whitelabeling billing-based override).

Expands permission groups with new platform controls (hideIntegrationsTab, hideSecretsTab with fallback from legacy hideEnvironmentTab, hideInboxTab, disablePublicApi), updates the settings sidebar to hide tabs accordingly, and wraps permission-group create/update/delete flows in DB transactions to keep autoAddNewMembers and cascading deletes consistent.

Improves enterprise UI: adds server-side subscription prefetch to avoid settings-tab flash, refines sidebar loading/skeleton logic and gates SSO provider fetching on self-hosted only, overhauls the Access Control permissions modal (including filtering out blacklisted model providers via new GET /api/settings/allowed-providers + query hook), and upgrades Audit Logs to expandable rows with structured metadata rendering. Also removes the whitelabeling “Hide Powered by Sim” toggle, tweaks modal/layout sizing, and bumps turbo to 2.9.5.

^{Reviewed by Cursor Bugbot for commit 2774363. Configure here.}

[greptile-apps]

Greptile Summary

This PR adds WHITELABELING_ENABLED and AUDIT_LOGS_ENABLED enterprise feature flags, overhauls the permission groups UI with new platform controls (hideIntegrationsTab, hideSecretsTab, hideInboxTab, disablePublicApi), builds the audit-logs expandable-row UI, adds server-side subscription prefetching to eliminate the tab flash on first paint, and gates the SSO query to self-hosted only. The backward-compat migration from hideEnvironmentTab → hideSecretsTab is correctly handled in parsePermissionGroupConfig and the new flags follow the established selfHostedOverride pattern.

Confidence Score: 5/5

Safe to merge; the two remaining findings are both P2 edge cases that don't affect the primary user path.

Both outstanding comments are P2: an extremely unlikely concurrent-delete race in the PUT audit log fetch, and a cosmetic skeleton-count undershoot on self-hosted with enterprise flags. The previous P1 (inline useQuery) was resolved. Feature flags, permission-group migrations, and SSO gating all follow established patterns correctly.

apps/sim/app/api/permission-groups/[id]/route.ts (minor: null-safe audit name) and apps/sim/app/workspace/.../settings-sidebar.tsx (minor: skeleton count for selfHostedOverride enterprise items)

Important Files Changed

Filename	Overview
apps/sim/app/api/permission-groups/[id]/route.ts	PUT handler re-fetches the updated record for audit purposes; the destructured updated can be undefined if a concurrent delete races the select, throwing before the 200 response is returned.
apps/sim/lib/permission-groups/types.ts	Adds new platform control fields; parsePermissionGroupConfig correctly migrates legacy hideEnvironmentTab → hideSecretsTab as a fallback while keeping the old field for backward compat.
apps/sim/app/workspace/[workspaceId]/settings/navigation.ts	Adds isWhitelabelingEnabled / isAuditLogsEnabled flags and wires selfHostedOverride on the audit-logs nav item, following the same pattern as SSO and access-control.
apps/sim/app/workspace/[workspaceId]/settings/[section]/prefetch.ts	New server-side prefetchSubscriptionData with a 5-minute staleTime, matching the SettingsSidebar consumer's override; eliminates the enterprise-tab flash on first paint.
apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-sidebar/settings-sidebar.tsx	Dynamic skeleton derived from nav config; SSO query correctly gated to self-hosted; permission config controls filter sidebar items. Clean refactor.
apps/sim/ee/audit-logs/components/audit-logs.tsx	New expandable-row UI with metadata rendering helpers; debounce pattern and infinite-scroll load-more are correctly implemented.
apps/sim/ee/access-control/components/access-control.tsx	New platform controls tab; useBlacklistedProviders is now correctly extracted to hooks/queries/allowed-providers.ts with a proper key factory per the previous review round.
apps/sim/hooks/queries/allowed-providers.ts	Correct key factory (allowedProvidersKeys) and useBlacklistedProviders hook with signal forwarding and explicit staleTime.
apps/sim/ee/access-control/utils/permission-check.test.ts	Inline DEFAULT_PERMISSION_GROUP_CONFIG mock kept in sync with the new fields; uses correct vi.hoisted() + vi.mock() pattern throughout.
apps/sim/lib/core/config/feature-flags.ts	Adds isWhitelabelingEnabled and isAuditLogsEnabled following the established isTruthy(env.*) pattern; no issues.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Settings Page Load] --> B[Server: prefetchSubscriptionData\nstaleTime 5m]
    B --> C[HydrationBoundary\ndehydrate queryClient]
    C --> D[SettingsSidebar Client]

    D --> E{isBillingEnabled?}
    E -- No --> F[Skip subscriptionLoading gate]
    E -- Yes --> G[useSubscriptionData\nstaleTime 5m, served from cache]

    D --> H{isHosted?}
    H -- No --> I[useSSOProviders\nenabled: true]
    H -- Yes --> J[useSSOProviders\nenabled: false, skip]

    D --> K[usePermissionConfig]
    K --> L{permissionConfig flags}
    L --> M[Filter nav items\nhideIntegrationsTab / hideSecretsTab\nhideInboxTab / disablePublicApi]

    G --> N{hasEnterprisePlan +\nisOrgAdminOrOwner?}
    N -- Yes --> O[Show enterprise items]
    N -- No --> P[Hide enterprise items]

    I --> Q{selfHostedOverride?}
    Q -- sso + hasProviders --> R[Show if provider owner]
    Q -- other flags --> S[Show unconditionally]

Loading

_{Reviews (7): Last reviewed commit: "fix(access-control): fix blocks Select A..." | Re-trigger Greptile}

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[waleedlatif1]

@cursor review

[waleedlatif1]

@greptile

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit 2774363. Configure here.}