V1

Sg312 · Sg312 · commit ebfdb9ce3b8a · 2025-09-08T15:23:15.000-07:00
diff --git a/apps/sim/app/api/workflows/[id]/state/route.ts b/apps/sim/app/api/workflows/[id]/state/route.ts
@@ -7,6 +7,7 @@ import { getUserEntityPermissions } from '@/lib/permissions/utils'
 import { saveWorkflowToNormalizedTables } from '@/lib/workflows/db-helpers'
 import { db } from '@/db'
 import { workflow } from '@/db/schema'
+import { sanitizeAgentToolsInBlocks } from '@/lib/workflows/validation'
 
 const logger = createLogger('WorkflowStateAPI')
 
@@ -168,11 +169,14 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
       return NextResponse.json({ error: 'Access denied' }, { status: 403 })
     }
 
+    // Sanitize custom tools in agent blocks before saving
+    const { blocks: sanitizedBlocks, warnings } = sanitizeAgentToolsInBlocks(state.blocks as any)
+
     // Save to normalized tables
     // Ensure all required fields are present for WorkflowState type
     // Filter out blocks without type or name before saving
-    const filteredBlocks = Object.entries(state.blocks).reduce(
-      (acc, [blockId, block]) => {
+    const filteredBlocks = Object.entries(sanitizedBlocks).reduce(
+      (acc, [blockId, block]: [string, any]) => {
         if (block.type && block.name) {
           // Ensure all required fields are present
           acc[blockId] = {
@@ -184,7 +188,6 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
             height: block.height !== undefined ? block.height : 0,
             subBlocks: block.subBlocks || {},
             outputs: block.outputs || {},
-            data: block.data || {},
           }
         }
         return acc
@@ -227,29 +230,20 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
     logger.info(`[${requestId}] Successfully saved workflow ${workflowId} state in ${elapsed}ms`)
 
     return NextResponse.json(
-      {
-        success: true,
-        blocksCount: Object.keys(filteredBlocks).length,
-        edgesCount: state.edges.length,
-      },
+      { success: true, warnings },
       { status: 200 }
     )
-  } catch (error: unknown) {
+  } catch (error: any) {
     const elapsed = Date.now() - startTime
-    if (error instanceof z.ZodError) {
-      logger.warn(`[${requestId}] Invalid workflow state data for ${workflowId}`, {
-        errors: error.errors,
-      })
-      return NextResponse.json(
-        { error: 'Invalid state data', details: error.errors },
-        { status: 400 }
-      )
-    }
-
     logger.error(
       `[${requestId}] Error saving workflow ${workflowId} state after ${elapsed}ms`,
       error
     )
+
+    if (error instanceof z.ZodError) {
+      return NextResponse.json({ error: 'Invalid request body', details: error.errors }, { status: 400 })
+    }
+
     return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
   }
 }
diff --git a/apps/sim/app/api/workflows/[id]/yaml/route.ts b/apps/sim/app/api/workflows/[id]/yaml/route.ts
@@ -1,39 +1,62 @@
+import crypto from 'crypto'
 import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { env } from '@/lib/env'
 import { createLogger } from '@/lib/logs/console/logger'
-import { getUserEntityPermissions } from '@/lib/permissions/utils'
-import { SIM_AGENT_API_URL_DEFAULT, simAgentClient } from '@/lib/sim-agent'
-import {
-  loadWorkflowFromNormalizedTables,
-  saveWorkflowToNormalizedTables,
-} from '@/lib/workflows/db-helpers'
-import { getUserId as getOAuthUserId } from '@/app/api/auth/oauth/utils'
-import { getBlock } from '@/blocks'
-import { getAllBlocks } from '@/blocks/registry'
-import type { BlockConfig } from '@/blocks/types'
-import { resolveOutputType } from '@/blocks/utils'
 import { db } from '@/db'
-import { workflowCheckpoints, workflow as workflowTable } from '@/db/schema'
+import { workflow as workflowTable, workflowCheckpoints } from '@/db/schema'
+import { getAllBlocks, getBlock } from '@/blocks'
+import type { BlockConfig } from '@/blocks/types'
 import { generateLoopBlocks, generateParallelBlocks } from '@/stores/workflows/workflow/utils'
+import { resolveOutputType } from '@/blocks/utils'
+import { getUserId } from '@/app/api/auth/oauth/utils'
+import { simAgentClient } from '@/lib/sim-agent'
+import { sanitizeAgentToolsInBlocks } from '@/lib/workflows/validation'
+import { loadWorkflowFromNormalizedTables, saveWorkflowToNormalizedTables } from '@/lib/workflows/db-helpers'
 
-const SIM_AGENT_API_URL = env.SIM_AGENT_API_URL || SIM_AGENT_API_URL_DEFAULT
-
-export const dynamic = 'force-dynamic'
-
-const logger = createLogger('WorkflowYamlAPI')
+const logger = createLogger('YamlWorkflowAPI')
 
 const YamlWorkflowRequestSchema = z.object({
   yamlContent: z.string().min(1, 'YAML content is required'),
   description: z.string().optional(),
-  chatId: z.string().optional(), // For copilot checkpoints
-  source: z.enum(['copilot', 'import', 'editor']).default('editor'),
-  applyAutoLayout: z.boolean().default(true),
-  createCheckpoint: z.boolean().default(false),
+  chatId: z.string().optional(),
+  source: z.enum(['copilot', 'editor', 'import']).default('editor'),
+  applyAutoLayout: z.boolean().optional().default(false),
+  createCheckpoint: z.boolean().optional().default(false),
 })
 
-type YamlWorkflowRequest = z.infer<typeof YamlWorkflowRequestSchema>
+function updateBlockReferences(
+  value: any,
+  blockIdMapping: Map<string, string>,
+  requestId: string
+): any {
+  if (typeof value === 'string') {
+    // Replace references in string values
+    for (const [oldId, newId] of blockIdMapping.entries()) {
+      if (value.includes(oldId)) {
+        value = value
+          .replaceAll(`<${oldId}.`, `<${newId}.`)
+          .replaceAll(`%${oldId}.`, `%${newId}.`)
+      }
+    }
+    return value
+  }
+
+  if (Array.isArray(value)) {
+    return value.map((item) => updateBlockReferences(item, blockIdMapping, requestId))
+  }
+
+  if (value && typeof value === 'object') {
+    const result: Record<string, any> = {}
+    for (const [key, val] of Object.entries(value)) {
+      result[key] = updateBlockReferences(val, blockIdMapping, requestId)
+    }
+    return result
+  }
+
+  return value
+}
 
 /**
  * Helper function to create a checkpoint before workflow changes
@@ -68,7 +91,7 @@ async function createWorkflowCheckpoint(
         {} as Record<string, BlockConfig>
       )
 
-      const generateResponse = await fetch(`${SIM_AGENT_API_URL}/api/workflow/to-yaml`, {
+      const generateResponse = await fetch(`${env.SIM_AGENT_API_URL}/api/workflow/to-yaml`, {
         method: 'POST',
         headers: {
           'Content-Type': 'application/json',
@@ -114,120 +137,6 @@ async function createWorkflowCheckpoint(
   }
 }
 
-/**
- * Helper function to get user ID with proper authentication for both tool calls and direct requests
- */
-async function getUserId(requestId: string, workflowId: string): Promise<string | null> {
-  // Use the OAuth utils function that handles both session and workflow-based auth
-  const userId = await getOAuthUserId(requestId, workflowId)
-
-  if (!userId) {
-    logger.warn(`[${requestId}] Could not determine user ID for workflow ${workflowId}`)
-    return null
-  }
-
-  // For additional security, verify the user has permission to access this workflow
-  const workflowData = await db
-    .select()
-    .from(workflowTable)
-    .where(eq(workflowTable.id, workflowId))
-    .then((rows) => rows[0])
-
-  if (!workflowData) {
-    logger.warn(`[${requestId}] Workflow ${workflowId} not found`)
-    return null
-  }
-
-  // Check if user has permission to update this workflow
-  let canUpdate = false
-
-  // Case 1: User owns the workflow
-  if (workflowData.userId === userId) {
-    canUpdate = true
-  }
-
-  // Case 2: Workflow belongs to a workspace and user has write or admin permission
-  if (!canUpdate && workflowData.workspaceId) {
-    try {
-      const userPermission = await getUserEntityPermissions(
-        userId,
-        'workspace',
-        workflowData.workspaceId
-      )
-      if (userPermission === 'write' || userPermission === 'admin') {
-        canUpdate = true
-      }
-    } catch (error) {
-      logger.warn(`[${requestId}] Error checking workspace permissions:`, error)
-    }
-  }
-
-  if (!canUpdate) {
-    logger.warn(`[${requestId}] User ${userId} denied permission to update workflow ${workflowId}`)
-    return null
-  }
-
-  return userId
-}
-
-/**
- * Helper function to update block references in values with new mapped IDs
- */
-function updateBlockReferences(
-  value: any,
-  blockIdMapping: Map<string, string>,
-  requestId: string
-): any {
-  if (typeof value === 'string' && value.includes('<') && value.includes('>')) {
-    let processedValue = value
-    const blockMatches = value.match(/<([^>]+)>/g)
-
-    if (blockMatches) {
-      for (const match of blockMatches) {
-        const path = match.slice(1, -1)
-        const [blockRef] = path.split('.')
-
-        // Skip system references (start, loop, parallel, variable)
-        if (['start', 'loop', 'parallel', 'variable'].includes(blockRef.toLowerCase())) {
-          continue
-        }
-
-        // Check if this references an old block ID that needs mapping
-        const newMappedId = blockIdMapping.get(blockRef)
-        if (newMappedId) {
-          logger.info(`[${requestId}] Updating block reference: ${blockRef} -> ${newMappedId}`)
-          processedValue = processedValue.replace(
-            new RegExp(`<${blockRef}\\.`, 'g'),
-            `<${newMappedId}.`
-          )
-          processedValue = processedValue.replace(
-            new RegExp(`<${blockRef}>`, 'g'),
-            `<${newMappedId}>`
-          )
-        }
-      }
-    }
-
-    return processedValue
-  }
-
-  // Handle arrays
-  if (Array.isArray(value)) {
-    return value.map((item) => updateBlockReferences(item, blockIdMapping, requestId))
-  }
-
-  // Handle objects
-  if (value !== null && typeof value === 'object') {
-    const result = { ...value }
-    for (const key in result) {
-      result[key] = updateBlockReferences(result[key], blockIdMapping, requestId)
-    }
-    return result
-  }
-
-  return value
-}
-
 /**
  * PUT /api/workflows/[id]/yaml
  * Consolidated YAML workflow saving endpoint
@@ -281,7 +190,7 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
       {} as Record<string, BlockConfig>
     )
 
-    const conversionResponse = await fetch(`${SIM_AGENT_API_URL}/api/yaml/to-workflow`, {
+    const conversionResponse = await fetch(`${env.SIM_AGENT_API_URL}/api/yaml/to-workflow`, {
       method: 'POST',
       headers: {
         'Content-Type': 'application/json',
@@ -541,7 +450,6 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
       }
     }
 
-    // Debug: Log block parent-child relationships before generating loops
     // Generate loop and parallel configurations
     const loops = generateLoopBlocks(newWorkflowState.blocks)
     const parallels = generateParallelBlocks(newWorkflowState.blocks)
@@ -626,6 +534,17 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
       }
     }
 
+    // Sanitize custom tools in agent blocks before saving
+    const { blocks: sanitizedBlocks, warnings: sanitationWarnings } = sanitizeAgentToolsInBlocks(
+      newWorkflowState.blocks
+    )
+    if (sanitationWarnings.length > 0) {
+      logger.warn(
+        `[${requestId}] Tool sanitation produced ${sanitationWarnings.length} warning(s)`
+      )
+    }
+    newWorkflowState.blocks = sanitizedBlocks
+
     // Save to database
     const saveResult = await saveWorkflowToNormalizedTables(workflowId, newWorkflowState)
 
@@ -635,7 +554,7 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
         success: false,
         message: `Database save failed: ${saveResult.error || 'Unknown error'}`,
         errors: [saveResult.error || 'Database save failed'],
-        warnings,
+        warnings: [...warnings, ...sanitationWarnings],
       })
     }
 
@@ -687,7 +606,7 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
         parallelsCount: Object.keys(parallels).length,
       },
       errors: [],
-      warnings,
+      warnings: [...warnings, ...sanitationWarnings],
     })
   } catch (error) {
     const elapsed = Date.now() - startTime
diff --git a/apps/sim/lib/workflows/db-helpers.ts b/apps/sim/lib/workflows/db-helpers.ts
@@ -4,6 +4,7 @@ import { db } from '@/db'
 import { workflow, workflowBlocks, workflowEdges, workflowSubflows } from '@/db/schema'
 import type { WorkflowState } from '@/stores/workflows/workflow/types'
 import { SUBFLOW_TYPES } from '@/stores/workflows/workflow/types'
+import { sanitizeAgentToolsInBlocks } from '@/lib/workflows/validation'
 
 const logger = createLogger('WorkflowDBHelpers')
 
@@ -114,6 +115,14 @@ export async function loadWorkflowFromNormalizedTables(
       }
     })
 
+    // Sanitize any invalid custom tools in agent blocks to prevent client crashes
+    const { blocks: sanitizedBlocks, warnings } = sanitizeAgentToolsInBlocks(blocksMap)
+    if (warnings.length > 0) {
+      logger.warn(`Sanitized workflow ${workflowId} tools with ${warnings.length} warning(s)`, {
+        warnings,
+      })
+    }
+
     // Convert edges to the expected format
     const edgesArray = edges.map((edge) => ({
       id: edge.id,
@@ -146,7 +155,7 @@ export async function loadWorkflowFromNormalizedTables(
     })
 
     return {
-      blocks: blocksMap,
+      blocks: sanitizedBlocks,
       edges: edgesArray,
       loops,
       parallels,
diff --git a/apps/sim/lib/workflows/validation.ts b/apps/sim/lib/workflows/validation.ts
