feat(polling-groups): can invite multiple people to have their gmail/outlook inboxes connected to a workflow

[icecrasher321]

Summary

• Can invite people to connect gmail/outlook to credential groups. These can be used to poll hundreds of inboxes at once for a single workflow.

• Fix trigger config changes detected

• Remove provider specific code from route itself

• Fix collab on credential selection

• Fix UI/UX on different invite listings

Type of Change

• New feature

Testing

Tested manually with @aadamgough

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
docs	Ready	Preview, Comment	Jan 8, 2026 1:41am

[greptile-apps]

Greptile Summary

This PR implements "polling groups" (credential sets) that allow multiple users to connect their Gmail/Outlook accounts to a single workflow trigger. The implementation creates a new database schema with three tables (credential_set, credential_set_member, credential_set_invitation) to manage group membership and invitations. When a trigger uses a credential set, the system automatically "fans out" webhooks - creating one webhook per member's credential - so each inbox can be polled independently with its own state tracking (historyId, lastCheckedTimestamp).

Key changes:

• Database schema adds proper indexes and foreign key constraints with cascade deletes
• Invitation flow includes email notifications with 7-day expiration and transaction-based acceptance
• Webhook sync logic ensures webhooks stay synchronized when members join/leave or disconnect OAuth
• OAuth token management extended to fetch credentials for all active members in a set
• Polling services updated to use credentialId from webhook config instead of userId
• Disconnect flow properly syncs affected credential sets to remove stale webhooks

Architecture notes:

• Polling providers (gmail, outlook, rss, imap) get unique webhook paths per credential for independent state
• External webhook providers (WhatsApp, Slack) share paths since external services send to one URL
• Transaction wrapping in invitation acceptance ensures atomic member addition + webhook sync
• Graceful handling of email send failures and token refresh failures

Confidence Score: 4/5

• safe to merge with minor considerations around transaction scope and edge case handling
• the implementation is well-architected with proper database schema design, indexed queries, transaction safety, and comprehensive error handling. The webhook fan-out logic correctly handles member additions/removals and credential disconnections. However, the transaction in invitation acceptance includes webhook sync operations that could fail due to external factors (OAuth refresh failures, network issues), which would roll back the entire member addition. This is by design per the previous review thread, but creates coupling between member management and webhook operations.
• apps/sim/app/api/credential-sets/invite/[token]/route.ts - webhook sync within transaction couples member addition to webhook operation success

Important Files Changed

Filename	Overview
packages/db/migrations/0135_stormy_puff_adder.sql	adds credential set tables with proper indexes, foreign keys, and cascade deletes for polling group feature
packages/db/schema.ts	defines credential set, member, and invitation schemas with proper constraints and indexed fields
apps/sim/app/api/credential-sets/invite/[token]/route.ts	handles invitation acceptance with transaction to ensure atomic updates and webhook sync
apps/sim/app/api/auth/oauth/utils.ts	adds getCredentialsForCredentialSet to fetch and refresh tokens for all active members in a credential set
apps/sim/lib/webhooks/utils.server.ts	implements credential set webhook sync logic to fan out webhooks per member credential, with proper cleanup
apps/sim/lib/webhooks/gmail-polling-service.ts	updated to use credentialId from webhook config instead of userId for polling, supporting credential sets
apps/sim/app/api/auth/oauth/disconnect/route.ts	syncs credential set webhooks after disconnect to remove webhooks using disconnected credentials

Sequence Diagram

sequenceDiagram
    participant Admin as Admin User
    participant UI as Settings UI
    participant API as Credential Sets API
    participant DB as Database
    participant Email as Email Service
    participant Invitee as Invited User
    participant OAuth as OAuth Provider
    participant Webhook as Webhook Sync

    Admin->>UI: Create Credential Set
    UI->>API: POST /api/credential-sets
    API->>DB: Insert credential_set
    API-->>UI: Return credential set

    Admin->>UI: Invite User to Set
    UI->>API: POST /api/credential-sets/[id]/invite
    API->>DB: Insert credential_set_invitation
    API->>Email: Send invitation email
    API-->>UI: Return invite URL

    Invitee->>UI: Click invite link
    UI->>API: GET /api/credential-sets/invite/[token]
    API->>DB: Fetch invitation details
    API-->>UI: Return invitation info

    Invitee->>UI: Accept invitation
    UI->>API: POST /api/credential-sets/invite/[token]
    API->>DB: Start transaction
    API->>DB: Insert credential_set_member
    API->>DB: Update invitation status
    API->>Webhook: syncAllWebhooksForCredentialSet
    Webhook->>DB: Query existing webhooks
    Webhook->>DB: Create webhook per credential
    API->>DB: Commit transaction
    API-->>UI: Return success + providerId

    Invitee->>OAuth: Connect Gmail/Outlook
    OAuth-->>Invitee: Return access token
    Invitee->>DB: Store account credentials
    Invitee->>Webhook: Trigger webhook sync
    Webhook->>DB: Update webhook with credentialId
    Webhook-->>Invitee: Webhooks configured

    Note over Webhook,DB: Each member gets separate webhook<br/>for independent polling state

Loading

[greptile-apps]

_{49 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[icecrasher321]

@greptile