code · pull · Apr 29, 2026 · Apr 19, 2026 · Apr 21, 2026 · Apr 21, 2026
diff --git a/bun.lock b/bun.lock
diff --git a/docs/admin-guide/guides/sso.mdx b/docs/admin-guide/guides/sso.mdx
@@ -131,6 +131,47 @@ Activepieces supports multiple SSO providers to integrate with your existing ide
     </Step>
 </Steps>
 
+### SAML with Microsoft Entra ID (Azure AD)
+
+<Steps>
+    <Step title="Create an Enterprise Application">
+        Go to the [Azure Portal](https://portal.azure.com/) → **Microsoft Entra ID** → **Enterprise applications** → **New application** → **Create your own application**.
+
+        Name it (e.g., "Activepieces") and select **Integrate any other application you don't find in the gallery (Non-gallery)**.
+    </Step>
+    <Step title="Configure SAML Single Sign-On">
+        Open the application → **Single sign-on** → select **SAML**.
+    </Step>
+    <Step title="Set Identifier and Reply URL">
+        Edit **Basic SAML Configuration**:
+        - **Identifier (Entity ID)**: `Activepieces`
+        - **Reply URL (Assertion Consumer Service URL)**: paste the SSO URL from the Activepieces configuration screen
+    </Step>
+    <Step title="Configure User Attributes & Claims">
+        Edit **Attributes & Claims** and add these additional claims (leave **Namespace** empty):
+
+        | Claim name | Source attribute |
+        |------------|------------------|
+        | `firstName` | `user.givenname` |
+        | `lastName` | `user.surname` |
+        | `email` | `user.mail` |
+    </Step>
+    <Step title="Copy the Federation Metadata">
+        In the **SAML Certificates** section, copy the **App Federation Metadata Url**.
+
+        You can paste this URL directly into the **IdP Metadata** field in Activepieces — Activepieces will fetch the metadata XML automatically. Alternatively, open the URL in a browser, save the XML, and paste its contents.
+    </Step>
+    <Step title="Copy the Signing Certificate">
+        Download the **Certificate (Base64)** from the **SAML Certificates** section. Open the file and copy its contents (including the `-----BEGIN CERTIFICATE-----` / `-----END CERTIFICATE-----` markers) into the **Signing Key** field in Activepieces.
+    </Step>
+    <Step title="Assign Users">
+        Go to **Users and groups** in the application and assign the users or groups that should be allowed to sign in.
+    </Step>
+    <Step title="Save Configuration">
+        Click **Save** in Activepieces to complete the setup.
+    </Step>
+</Steps>
+
 ### SAML with JumpCloud
 
 <Steps>
@@ -208,6 +249,7 @@ Activepieces supports multiple SSO providers to integrate with your existing ide
     </Accordion>
     <Accordion title="SAML authentication fails">
         - Confirm the IdP metadata is complete and correctly formatted
+        - If you pasted a metadata URL, make sure it is publicly reachable (Activepieces fetches it server-side)
         - Verify the signing certificate is properly formatted with BEGIN/END markers
         - Ensure all required attributes (firstName, lastName, email) are mapped
     </Accordion>

diff --git a/packages/pieces/community/ai/package.json b/packages/pieces/community/ai/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@activepieces/piece-ai",
-  "version": "0.3.9",
+  "version": "0.4.0",
   "type": "commonjs",
   "main": "./dist/src/index.js",
   "types": "./dist/src/index.d.ts",

diff --git a/packages/pieces/community/ai/src/i18n/translation.json b/packages/pieces/community/ai/src/i18n/translation.json
@@ -21,6 +21,9 @@
   "Web Search Options": "Web Search Options",
   "Text": "Text",
   "Advanced Options": "Advanced Options",
+  "Input Images": "Input Images",
+  "Image File": "Image File",
+  "Provide images for editing, variation, or merging. Support depends on the selected model.": "Provide images for editing, variation, or merging. Support depends on the selected model.",
   "Text to Classify": "Text to Classify",
   "Categories": "Categories",
   "Files": "Files",

diff --git a/packages/pieces/community/ai/src/lib/actions/image/generate-image.ts b/packages/pieces/community/ai/src/lib/actions/image/generate-image.ts
@@ -32,6 +32,18 @@ export const generateImageAction = createAction({
       displayName: 'Prompt',
       required: true,
     }),
+    inputImages: Property.Array({
+      displayName: 'Input Images',
+      description:
+        'Provide images for editing, variation, or merging. Support depends on the selected model.',
+      required: false,
+      properties: {
+        file: Property.File({
+          displayName: 'Image File',
+          required: true,
+        }),
+      },
+    }),
     advancedOptions: Property.DynamicProperties({
       displayName: 'Advanced Options',
       required: false,
@@ -120,25 +132,6 @@ export const generateImageAction = createAction({
           return options;
         }
 
-        if (
-          providerId === AIProviderName.GOOGLE &&
-          modelId === 'gemini-2.5-flash-image-preview'
-        ) {
-          options = {
-            image: Property.Array({
-              displayName: 'Images',
-              required: false,
-              properties: {
-                file: Property.File({
-                  displayName: 'Image File',
-                  required: true,
-                }),
-              },
-              description: 'The image(s) you want to edit/merge',
-            }),
-          };
-        }
-
         return options;
       },
     }),
@@ -147,12 +140,18 @@ export const generateImageAction = createAction({
     const provider = context.propsValue.provider;
     const modelId = context.propsValue.model;
 
+    const inputImages = collectInputImages({
+      inputImages: context.propsValue.inputImages,
+      advancedOptions: context.propsValue.advancedOptions,
+    });
+
     const image = await getGeneratedImage({
       provider: provider as AIProviderName,
       modelId,
       engineToken: context.server.token,
       apiUrl: context.server.apiUrl,
       prompt: context.propsValue.prompt,
+      inputImages,
       projectId: context.project.id,
       flowId: context.flows.current.id,
       runId: context.run.id,
@@ -171,12 +170,44 @@ export const generateImageAction = createAction({
   },
 });
 
+const collectInputImages = ({
+  inputImages,
+  advancedOptions,
+}: {
+  inputImages?: unknown;
+  advancedOptions?: DynamicPropsValue;
+}): ApFile[] => {
+  const fromTopLevel = extractImageFiles(inputImages);
+  if (fromTopLevel.length > 0) {
+    return fromTopLevel;
+  }
+  return extractImageFiles(advancedOptions?.['image']);
+};
+
+const extractImageFiles = (value: unknown): ApFile[] => {
+  if (!Array.isArray(value)) {
+    return [];
+  }
+  return value.flatMap((entry) => {
+    if (
+      entry &&
+      typeof entry === 'object' &&
+      'file' in entry &&
+      entry.file
+    ) {
+      return [entry.file as ApFile];
+    }
+    return [];
+  });
+};
+
 const getGeneratedImage = async ({
   provider,
   modelId,
   engineToken,
   apiUrl,
   prompt,
+  inputImages,
   projectId,
   flowId,
   runId,
@@ -187,6 +218,7 @@ const getGeneratedImage = async ({
   engineToken: string;
   apiUrl: string;
   prompt: string;
+  inputImages: ApFile[];
   projectId: string;
   flowId: string;
   runId: string;
@@ -206,49 +238,78 @@ const getGeneratedImage = async ({
   const { provider: effectiveProvider } = getEffectiveProviderAndModel({ provider, model: modelId });
   const resolvedProvider = (effectiveProvider ?? provider) as AIProviderName;
 
-  switch (resolvedProvider) {
-    case AIProviderName.GOOGLE:
-    case AIProviderName.ACTIVEPIECES:
-    case AIProviderName.OPENROUTER:
-    case AIProviderName.CLOUDFLARE_GATEWAY:
-      return generateImageUsingGenerateText({
-        model: model as unknown as LanguageModel,
-        prompt,
-        advancedOptions,
-      });
-    default: {
-      const { image } = await generateImage({
-        model,
-        prompt,
-        providerOptions: {
-          [resolvedProvider]: { ...advancedOptions },
-        },
-      });
-      return image
-    };
+  const hasInputImages = inputImages.length > 0;
+
+  return withImageInputErrorContext({ modelId, hasInputImages }, async () => {
+    switch (resolvedProvider) {
+      case AIProviderName.GOOGLE:
+      case AIProviderName.ACTIVEPIECES:
+      case AIProviderName.OPENROUTER:
+      case AIProviderName.CLOUDFLARE_GATEWAY:
+        return generateImageUsingGenerateText({
+          model: model as unknown as LanguageModel,
+          prompt,
+          inputImages,
+        });
+      default: {
+        const sanitizedAdvancedOptions = stripLegacyImageField(advancedOptions);
+        const sdkImages = inputImages.map((file) =>
+          Buffer.from(file.base64, 'base64'),
+        );
+        const { image } = await generateImage({
+          model,
+          prompt: hasInputImages
+            ? { text: prompt, images: sdkImages }
+            : prompt,
+          providerOptions: {
+            [resolvedProvider]: { ...sanitizedAdvancedOptions },
+          },
+        });
+        return image;
+      }
+    }
+  });
+};
+
+const withImageInputErrorContext = async <T>(
+  { modelId, hasInputImages }: { modelId: string; hasInputImages: boolean },
+  run: () => Promise<T>,
+): Promise<T> => {
+  try {
+    return await run();
+  } catch (error) {
+    if (!hasInputImages) {
+      throw error;
+    }
+    const original = error instanceof Error ? error.message : String(error);
+    throw new Error(
+      `Image generation failed for model "${modelId}". ` +
+      `This model may not support input images. Try a model that supports image editing — ` +
+      `for example gpt-image-1, dall-e-2, or a Gemini Nano Banana model — or remove the input images. ` +
+      `Original error: ${original}`,
+    );
   }
 };
 
 const generateImageUsingGenerateText = async ({
   model,
   prompt,
-  advancedOptions,
+  inputImages,
 }: {
   model: LanguageModel;
   prompt: string;
-  advancedOptions?: DynamicPropsValue;
+  inputImages: ApFile[];
 }): Promise<GeneratedFile> => {
-  const images =
-    (advancedOptions?.['image'] as Array<{ file: ApFile }> | undefined) ?? [];
-
-  const imageFiles = images.map<ImagePart>((image) => {
-    const fileType = image.file.extension
-      ? mime.lookup(image.file.extension)
-      : 'image/jpeg';
+  const imageFiles = inputImages.map<ImagePart>((file) => {
+    const detected = file.extension ? mime.lookup(file.extension) : false;
+    const fileType =
+      detected && ALLOWED_IMAGE_MIME_TYPES.has(detected)
+        ? detected
+        : 'image/jpeg';
 
     return {
       type: 'image',
-      image: `data:${fileType || 'image/jpeg'};base64,${image.file.base64}`,
+      image: `data:${fileType};base64,${file.base64}`,
     };
   });
 
@@ -271,6 +332,24 @@ const generateImageUsingGenerateText = async ({
   return result.files[0];
 };
 
+const stripLegacyImageField = (
+  advancedOptions: DynamicPropsValue | undefined,
+): DynamicPropsValue | undefined => {
+  if (isNil(advancedOptions)) {
+    return advancedOptions;
+  }
+  const { image: _legacy, ...rest } = advancedOptions as Record<string, unknown>;
+  return rest as DynamicPropsValue;
+};
+
+const ALLOWED_IMAGE_MIME_TYPES: ReadonlySet<string> = new Set([
+  'image/jpeg',
+  'image/png',
+  'image/gif',
+  'image/webp',
+  'image/avif',
+]);
+
 const assertImageGenerationSuccess = (
   result: GenerateTextResult<ToolSet, never>
 ): void => {

diff --git a/packages/pieces/community/baserow/package.json b/packages/pieces/community/baserow/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@activepieces/piece-baserow",
-  "version": "0.7.0",
+  "version": "0.8.0",
   "main": "./dist/src/index.js",
   "types": "./dist/src/index.d.ts",
   "scripts": {

diff --git a/packages/pieces/community/baserow/src/i18n/ca.json b/packages/pieces/community/baserow/src/i18n/ca.json
@@ -3,7 +3,6 @@
   "Open-source online database tool, alternative to Airtable": "Open-source online database tool, alternative to Airtable",
   "API URL": "API URL",
   "Database Token": "Database Token",
-  "\n  1. Log in to your Baserow Account.\n  2. Click on your profile-pic(top-left) and navigate to **Settings->Database tokens**.\n  3. Create new token with any name and appropriate workspace.\n  4. After token creation,click on **:** right beside token name and copy database token.\n  5. Enter your Baserow API URL.If you are using baserow.io, you can leave the default one.": "\n  1. Log in to your Baserow Account.\n  2. Click on your profile-pic(top-left) and navigate to **Settings->Database tokens**.\n  3. Create new token with any name and appropriate workspace.\n  4. After token creation,click on **:** right beside token name and copy database token.\n  5. Enter your Baserow API URL.If you are using baserow.io, you can leave the default one.",
   "Create Row": "Create Row",
   "Delete Row": "Delete Row",
   "Get Row": "Get Row",
@@ -111,5 +110,15 @@
   "OR": "OR",
   "Filters": "Filters",
   "List of filters. Each filter is an object with \"field\" (field ID as number), \"type\" (operator), and \"value\" (filter value).": "List of filters. Each filter is an object with \"field\" (field ID as number), \"type\" (operator), and \"value\" (filter value).",
-  "Authenticate with your Baserow email and password. This mode enables automatic webhook registration for triggers — no manual setup needed.\n\n**Note:** Two-factor authentication (2FA) is not supported. If your Baserow account has 2FA enabled, use the Database Token authentication instead.": "Authenticate with your Baserow email and password. This mode enables automatic webhook registration for triggers — no manual setup needed.\n\n**Note:** Two-factor authentication (2FA) is not supported. If your Baserow account has 2FA enabled, use the Database Token authentication instead."
+  "Row Event": "Row Event",
+  "Triggers when a row is created, updated, or deleted in a Baserow table. To react to only one event type, use the dedicated Row Created, Row Updated, or Row Deleted triggers.": "Triggers when a row is created, updated, or deleted in a Baserow table. To react to only one event type, use the dedicated Row Created, Row Updated, or Row Deleted triggers.",
+  "Create missing select options": "Create missing select options",
+  "When enabled, single/multi-select values that do not yet exist in the field will be added before creating the row. Existing options are preserved.": "When enabled, single/multi-select values that do not yet exist in the field will be added before creating the row. Existing options are preserved.",
+  "When enabled, single/multi-select values that do not yet exist in the field will be added before updating the row. Existing options are preserved.": "When enabled, single/multi-select values that do not yet exist in the field will be added before updating the row. Existing options are preserved.",
+  "Authentication": "Authentication",
+  "Authentication Method": "Authentication Method",
+  "Choose how you want to authenticate with Baserow:\n\n**Database Token** — recommended. Per-table CRUD scoping, compatible with 2FA accounts. Triggers require manual webhook setup.\n  1. Log in to your Baserow account.\n  2. Click on your profile picture (top-left) and go to **Settings → Database tokens**.\n  3. Create a new token, then click **:** beside the token name to copy it.\n  4. Paste it into **Database Token** below. Leave **Email** and **Password** empty.\n\n**Email & Password (JWT)** — workspace-wide access, enables automatic webhook registration for triggers. Not compatible with accounts that have 2FA enabled.\n  1. Fill in **Email** and **Password** with your Baserow login credentials. Leave **Database Token** empty.\n\nIn both modes, set **API URL** to your Baserow instance (default: `https://api.baserow.io`).": "Choose how you want to authenticate with Baserow:\n\n**Database Token** — recommended. Per-table CRUD scoping, compatible with 2FA accounts. Triggers require manual webhook setup.\n  1. Log in to your Baserow account.\n  2. Click on your profile picture (top-left) and go to **Settings → Database tokens**.\n  3. Create a new token, then click **:** beside the token name to copy it.\n  4. Paste it into **Database Token** below. Leave **Email** and **Password** empty.\n\n**Email & Password (JWT)** — workspace-wide access, enables automatic webhook registration for triggers. Not compatible with accounts that have 2FA enabled.\n  1. Fill in **Email** and **Password** with your Baserow login credentials. Leave **Database Token** empty.\n\nIn both modes, set **API URL** to your Baserow instance (default: `https://api.baserow.io`).",
+  "Database Token is recommended. Use Email & Password (JWT) only if you need automatic webhook registration on triggers.": "Database Token is recommended. Use Email & Password (JWT) only if you need automatic webhook registration on triggers.",
+  "Required if Authentication Method is **Database Token**. Leave empty for JWT.": "Required if Authentication Method is **Database Token**. Leave empty for JWT.",
+  "Required if Authentication Method is **Email & Password (JWT)**. Leave empty for Database Token.": "Required if Authentication Method is **Email & Password (JWT)**. Leave empty for Database Token."
 }