feat(mothership):

.github/workflows/ci.yml

@@ -16,6 +16,7 @@ permissions:
 jobs:
   test-build:
     name: Test and Build
+    if: github.ref != 'refs/heads/dev' || github.event_name == 'pull_request'
     uses: ./.github/workflows/test-build.yml
     secrets: inherit
 
@@ -45,11 +46,66 @@ jobs:
             echo "ℹ️ Not a release commit"
           fi
 
-  # Build AMD64 images and push to ECR immediately (+ GHCR for main)
+  # Dev: build all 3 images for ECR only (no GHCR, no ARM64)
+  build-dev:
+    name: Build Dev ECR
+    needs: [detect-version]
+    if: github.event_name == 'push' && github.ref == 'refs/heads/dev'
+    runs-on: blacksmith-8vcpu-ubuntu-2404
+    permissions:
+      contents: read
+      id-token: write
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - dockerfile: ./docker/app.Dockerfile
+            ecr_repo_secret: ECR_APP
+          - dockerfile: ./docker/db.Dockerfile
+            ecr_repo_secret: ECR_MIGRATIONS
+          - dockerfile: ./docker/realtime.Dockerfile
+            ecr_repo_secret: ECR_REALTIME
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.DEV_AWS_ROLE_TO_ASSUME }}
+          aws-region: ${{ secrets.DEV_AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: useblacksmith/setup-docker-builder@v1
+
+      - name: Build and push
+        uses: useblacksmith/build-push-action@v2
+        with:
+          context: .
+          file: ${{ matrix.dockerfile }}
+          platforms: linux/amd64
+          push: true
+          tags: ${{ steps.login-ecr.outputs.registry }}/${{ secrets[matrix.ecr_repo_secret] }}:dev
+          provenance: false
+          sbom: false
+
+  # Main/staging: build AMD64 images and push to ECR + GHCR
   build-amd64:
     name: Build AMD64
-    needs: [detect-version]
-    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/staging' || github.ref == 'refs/heads/dev')
+    needs: [test-build, detect-version]
+    if: >-
+      github.event_name == 'push' &&
+      (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/staging')
     runs-on: blacksmith-8vcpu-ubuntu-2404
     permissions:
       contents: read
@@ -75,8 +131,8 @@ jobs:
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
-          role-to-assume: ${{ github.ref == 'refs/heads/main' && secrets.AWS_ROLE_TO_ASSUME || github.ref == 'refs/heads/dev' && secrets.DEV_AWS_ROLE_TO_ASSUME || secrets.STAGING_AWS_ROLE_TO_ASSUME }}
-          aws-region: ${{ github.ref == 'refs/heads/main' && secrets.AWS_REGION || github.ref == 'refs/heads/dev' && secrets.DEV_AWS_REGION || secrets.STAGING_AWS_REGION }}
+          role-to-assume: ${{ github.ref == 'refs/heads/main' && secrets.AWS_ROLE_TO_ASSUME || secrets.STAGING_AWS_ROLE_TO_ASSUME }}
+          aws-region: ${{ github.ref == 'refs/heads/main' && secrets.AWS_REGION || secrets.STAGING_AWS_REGION }}
 
       - name: Login to Amazon ECR
         id: login-ecr
@@ -106,26 +162,20 @@ jobs:
           ECR_REPO="${{ secrets[matrix.ecr_repo_secret] }}"
           GHCR_IMAGE="${{ matrix.ghcr_image }}"
 
-          # ECR tags (always build for ECR)
           if [ "${{ github.ref }}" = "refs/heads/main" ]; then
             ECR_TAG="latest"
-          elif [ "${{ github.ref }}" = "refs/heads/dev" ]; then
-            ECR_TAG="dev"
           else
             ECR_TAG="staging"
           fi
           ECR_IMAGE="${ECR_REGISTRY}/${ECR_REPO}:${ECR_TAG}"
 
-          # Build tags list
           TAGS="${ECR_IMAGE}"
 
-          # Add GHCR tags only for main branch
           if [ "${{ github.ref }}" = "refs/heads/main" ]; then
             GHCR_AMD64="${GHCR_IMAGE}:latest-amd64"
             GHCR_SHA="${GHCR_IMAGE}:${{ github.sha }}-amd64"
             TAGS="${TAGS},$GHCR_AMD64,$GHCR_SHA"
 
-            # Add version tag if this is a release commit
             if [ "${{ needs.detect-version.outputs.is_release }}" = "true" ]; then
               VERSION="${{ needs.detect-version.outputs.version }}"
               GHCR_VERSION="${GHCR_IMAGE}:${VERSION}-amd64"
@@ -256,6 +306,14 @@ jobs:
             docker manifest push "${IMAGE_BASE}:${VERSION}"
           fi
 
+  # Run database migrations for dev
+  migrate-dev:
+    name: Migrate Dev DB
+    needs: [build-dev]
+    if: github.event_name == 'push' && github.ref == 'refs/heads/dev'
+    uses: ./.github/workflows/migrations.yml
+    secrets: inherit
+
   # Check if docs changed
   check-docs-changes:
     name: Check Docs Changes

.github/workflows/migrations.yml

@@ -38,5 +38,5 @@ jobs:
       - name: Apply migrations
         working-directory: ./packages/db
         env:
-          DATABASE_URL: ${{ github.ref == 'refs/heads/main' && secrets.DATABASE_URL || secrets.STAGING_DATABASE_URL }}
+          DATABASE_URL: ${{ github.ref == 'refs/heads/main' && secrets.DATABASE_URL || github.ref == 'refs/heads/dev' && secrets.DEV_DATABASE_URL || secrets.STAGING_DATABASE_URL }}
         run: bunx drizzle-kit migrate --config=./drizzle.config.ts

README.md

@@ -74,10 +74,6 @@ docker compose -f docker-compose.prod.yml up -d
 
 Open [http://localhost:3000](http://localhost:3000)
 
-#### Background worker note
-
-The Docker Compose stack starts a dedicated worker container by default. If `REDIS_URL` is not configured, the worker will start, log that it is idle, and do no queue processing. This is expected. Queue-backed API, webhook, and schedule execution requires Redis; installs without Redis continue to use the inline execution path.
-
 Sim also supports local models via [Ollama](https://ollama.ai) and [vLLM](https://docs.vllm.ai/) — see the [Docker self-hosting docs](https://docs.sim.ai/self-hosting/docker) for setup details.
 
 ### Self-hosted: Manual Setup
@@ -123,12 +119,10 @@ cd packages/db && bun run db:migrate
 5. Start development servers:
 
 ```bash
-bun run dev:full  # Starts Next.js app, realtime socket server, and the BullMQ worker
+bun run dev:full  # Starts Next.js app and realtime socket server
 ```
 
-If `REDIS_URL` is not configured, the worker will remain idle and execution continues inline.
-
-Or run separately: `bun run dev` (Next.js), `cd apps/sim && bun run dev:sockets` (realtime), and `cd apps/sim && bun run worker` (BullMQ worker).
+Or run separately: `bun run dev` (Next.js) and `cd apps/sim && bun run dev:sockets` (realtime).
 
 ## Copilot API Keys
 

apps/sim/app/(landing)/components/features/components/features-preview.tsx

@@ -2,8 +2,8 @@
 
 import { type SVGProps, useEffect, useRef, useState } from 'react'
 import { AnimatePresence, motion, useInView } from 'framer-motion'
-import ReactMarkdown, { type Components } from 'react-markdown'
-import remarkGfm from 'remark-gfm'
+import { Streamdown } from 'streamdown'
+import 'streamdown/styles.css'
 import { ChevronDown } from '@/components/emcn'
 import { Database, File, Library, Table } from '@/components/emcn/icons'
 import {
@@ -557,26 +557,32 @@ The team agreed to prioritize the new onboarding flow. Key decisions:
 
 Follow up with engineering on the timeline for the API v2 migration. Draft the proposal for the board meeting next week.`
 
-const MD_COMPONENTS: Components = {
-  h1: ({ children }) => (
+const MD_COMPONENTS = {
+  h1: ({ children }: { children?: React.ReactNode }) => (
     <p
       role='presentation'
       className='mb-4 border-[#E5E5E5] border-b pb-2 font-semibold text-[#1C1C1C] text-[20px]'
     >
       {children}
     </p>
   ),
-  h2: ({ children }) => (
+  h2: ({ children }: { children?: React.ReactNode }) => (
     <h2 className='mt-5 mb-3 border-[#E5E5E5] border-b pb-1.5 font-semibold text-[#1C1C1C] text-[16px]'>
       {children}
     </h2>
   ),
-  ul: ({ children }) => <ul className='mb-3 list-disc pl-6'>{children}</ul>,
-  ol: ({ children }) => <ol className='mb-3 list-decimal pl-6'>{children}</ol>,
-  li: ({ children }) => (
+  ul: ({ children }: { children?: React.ReactNode }) => (
+    <ul className='mb-3 list-disc pl-6'>{children}</ul>
+  ),
+  ol: ({ children }: { children?: React.ReactNode }) => (
+    <ol className='mb-3 list-decimal pl-6'>{children}</ol>
+  ),
+  li: ({ children }: { children?: React.ReactNode }) => (
     <li className='mb-1 text-[#1C1C1C] text-[14px] leading-[1.6]'>{children}</li>
   ),
-  p: ({ children }) => <p className='mb-3 text-[#1C1C1C] text-[14px] leading-[1.6]'>{children}</p>,
+  p: ({ children }: { children?: React.ReactNode }) => (
+    <p className='mb-3 text-[#1C1C1C] text-[14px] leading-[1.6]'>{children}</p>
+  ),
 }
 
 function MockFullFiles() {
@@ -618,9 +624,9 @@ function MockFullFiles() {
           transition={{ duration: 0.4, delay: 0.5 }}
         >
           <div className='h-full overflow-auto p-6'>
-            <ReactMarkdown remarkPlugins={[remarkGfm]} components={MD_COMPONENTS}>
+            <Streamdown mode='static' components={MD_COMPONENTS}>
               {source}
-            </ReactMarkdown>
+            </Streamdown>
           </div>
         </motion.div>
       </div>

apps/sim/app/api/admin/mothership/route.ts

@@ -0,0 +1,144 @@
+import { db } from '@sim/db'
+import { user } from '@sim/db/schema'
+import { eq } from 'drizzle-orm'
+import { type NextRequest, NextResponse } from 'next/server'
+import { getSession } from '@/lib/auth'
+import { env } from '@/lib/core/config/env'
+
+const ENV_URLS: Record<string, string | undefined> = {
+  dev: env.MOTHERSHIP_DEV_URL,
+  staging: env.MOTHERSHIP_STAGING_URL,
+  prod: env.MOTHERSHIP_PROD_URL,
+}
+
+function getMothershipUrl(environment: string): string | null {
+  return ENV_URLS[environment] ?? null
+}
+
+async function isAdminRequestAuthorized() {
+  const session = await getSession()
+  if (!session?.user?.id) return false
+
+  const [currentUser] = await db
+    .select({ role: user.role })
+    .from(user)
+    .where(eq(user.id, session.user.id))
+    .limit(1)
+
+  return currentUser?.role === 'admin'
+}
+
+/**
+ * Proxy to the mothership admin API.
+ *
+ * Query params:
+ *   env       - "dev" | "staging" | "prod"
+ *   endpoint  - the admin endpoint path, e.g. "requests", "licenses", "traces"
+ *
+ * The request body (for POST) is forwarded as-is. Additional query params
+ * (e.g. requestId for GET /traces) are forwarded.
+ */
+export async function POST(req: NextRequest) {
+  if (!(await isAdminRequestAuthorized())) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  const adminKey = env.MOTHERSHIP_API_ADMIN_KEY
+  if (!adminKey) {
+    return NextResponse.json({ error: 'MOTHERSHIP_API_ADMIN_KEY not configured' }, { status: 500 })
+  }
+
+  const { searchParams } = new URL(req.url)
+  const environment = searchParams.get('env') || 'dev'
+  const endpoint = searchParams.get('endpoint')
+
+  if (!endpoint) {
+    return NextResponse.json({ error: 'endpoint query param required' }, { status: 400 })
+  }
+
+  const baseUrl = getMothershipUrl(environment)
+  if (!baseUrl) {
+    return NextResponse.json(
+      { error: `No URL configured for environment: ${environment}` },
+      { status: 400 }
+    )
+  }
+
+  const targetUrl = `${baseUrl}/api/admin/${endpoint}`
+
+  try {
+    const body = await req.text()
+    const upstream = await fetch(targetUrl, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'x-api-key': adminKey,
+      },
+      ...(body ? { body } : {}),
+    })
+
+    const data = await upstream.json()
+    return NextResponse.json(data, { status: upstream.status })
+  } catch (error) {
+    return NextResponse.json(
+      {
+        error: `Failed to reach mothership (${environment}): ${error instanceof Error ? error.message : 'Unknown error'}`,
+      },
+      { status: 502 }
+    )
+  }
+}
+
+export async function GET(req: NextRequest) {
+  if (!(await isAdminRequestAuthorized())) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  const adminKey = env.MOTHERSHIP_API_ADMIN_KEY
+  if (!adminKey) {
+    return NextResponse.json({ error: 'MOTHERSHIP_API_ADMIN_KEY not configured' }, { status: 500 })
+  }
+
+  const { searchParams } = new URL(req.url)
+  const environment = searchParams.get('env') || 'dev'
+  const endpoint = searchParams.get('endpoint')
+
+  if (!endpoint) {
+    return NextResponse.json({ error: 'endpoint query param required' }, { status: 400 })
+  }
+
+  const baseUrl = getMothershipUrl(environment)
+  if (!baseUrl) {
+    return NextResponse.json(
+      { error: `No URL configured for environment: ${environment}` },
+      { status: 400 }
+    )
+  }
+
+  const forwardParams = new URLSearchParams()
+  searchParams.forEach((value, key) => {
+    if (key !== 'env' && key !== 'endpoint') {
+      forwardParams.set(key, value)
+    }
+  })
+
+  const qs = forwardParams.toString()
+  const targetUrl = `${baseUrl}/api/admin/${endpoint}${qs ? `?${qs}` : ''}`
+
+  try {
+    const upstream = await fetch(targetUrl, {
+      method: 'GET',
+      headers: { 'x-api-key': adminKey },
+    })
+
+    const data = await upstream.json()
+    return NextResponse.json(data, { status: upstream.status })
+  } catch (error) {
+    return NextResponse.json(
+      {
+        error: `Failed to reach mothership (${environment}): ${error instanceof Error ? error.message : 'Unknown error'}`,
+      },
+      { status: 502 }
+    )
+  }
+}

apps/sim/app/api/billing/update-cost/route.ts

@@ -4,7 +4,7 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { recordUsage } from '@/lib/billing/core/usage-log'
 import { checkAndBillOverageThreshold } from '@/lib/billing/threshold-billing'
-import { checkInternalApiKey } from '@/lib/copilot/utils'
+import { checkInternalApiKey } from '@/lib/copilot/request/http'
 import { isBillingEnabled } from '@/lib/core/config/feature-flags'
 import { generateRequestId } from '@/lib/core/utils/request'