v0.6.64: table limits env vars, workspace files improvements, integration blocks/connectors updates#4417
Merged
waleedlatif1 merged 11 commits intomainfrom May 3, 2026
Merged
v0.6.64: table limits env vars, workspace files improvements, integration blocks/connectors updates#4417waleedlatif1 merged 11 commits intomainfrom
waleedlatif1 merged 11 commits intomainfrom
Conversation
* fix(chat): close SSO auth bypass via checkSSOAccess body flag - Remove checkSSOAccess short-circuit; SSO branch always validates via getSession() - Skip chat_auth cookie issuance/validation for SSO deployments to prevent replay - Split eligibility pre-flight into dedicated POST /api/chat/[identifier]/sso route - Drop .passthrough() and checkSSOAccess from deployed chat contracts - Add SSO branch test coverage in chat utils * fix(chat): cast allowedEmails to string[] for SSO eligibility check * fix(chat): close SSO GET cookie replay and add eligibility rate limit - Skip chat_auth cookie validation for SSO in GET handler (replay vector for pre-fix cookies) - Route SSO GET through getSession() instead of always returning auth_required_sso so post-IdP config fetch works - Add per-IP rate limiting to /api/chat/[identifier]/sso to prevent allowlist enumeration
* fix(blocks): depends on misalignment * fix overclearing finds
* feat(table): make plan table limits configurable via env vars * fix(table): coerce env table limits to number for skipValidation env * improvement(env): extract envNumber helper for numeric env coercion * improvement(knowledge): use envNumber helper for KB_CONFIG_* env reads * fix(testing): add envNumber to env mock factory * fix(env): allow zero in envNumber for max-throughput configs * fix(env): add min option to envNumber for strict-positive configs
* Add table triggers for columns and row added * Add async batching job for running column * Add ui improvements, stop mechanism * Use trigger dev for workflow runs * Use unified column sidebar for table * Add socket waits for tables, multi column workflow support * change back to cell based trigger jobs * Reuse code, add view log inline in table view * reorganize db to treat each column separately * adjust column naming strategy * Column ui improvements * fix live update on table * Change new column behavior * fixed errored workfows not showing as stopped * Column sidebar improvements * fix table column swapping behavior * fix bugs * add prompting, fix lint * fix ui stuff * flip feature flag * Add zod contracts fix initial auto-run of columns * ui improvements * Use db filter to query unran rows * Use live workflow run * Change wording for deleting workflow column * Update tools * Add tool to run selected rows * Add mothership tools * adjust col width * Restore ff * fix drizzle migration * fix test
* fix(connectors): harden 10 KB connectors after audit
Validated each issue against provider docs before fixing.
- jira: migrate from deprecated /rest/api/3/search (Atlassian sunset
May 2025) to /rest/api/3/search/jql with nextPageToken pagination
- confluence: unify stub hash across v1 CQL (`when`) and v2
(`createdAt`) paths via shared pageToStub helper using version.number
- salesforce: replace hardcoded login.salesforce.com userinfo with
host fallback so sandbox-issued tokens (test.salesforce.com) work
- servicenow: validate sys_id against /^[a-f0-9]{32}$/ and switch
getDocument to path-based /api/now/table/{table}/{sys_id} to close
encoded-query injection; reject `^` in kbCategory filter
- zendesk: URL-encode Search API query via URLSearchParams; whitelist
ticket statuses; encode locale path segment
- github: add 10MB cap and /git/blobs/{sha} fallback for files >1MB
that /contents/ returns with encoding:"none"
- slack: replace SHA-256 over formatted-message window with metadata
hash slack:{channelId}:{latestTs}:{count} so list and getDocument
agree; cache auth.test team_id on syncContext
- obsidian: drop syncRunId from stub hash (Local REST API has no
HEAD/Last-Modified per OpenAPI spec); fall back to path-only stub
so engine two-stage check short-circuits unchanged notes
- evernote: title fallback for attachments-only notes — breaks
infinite hydration loop where empty plaintext returned null
- google-docs: drop residual `error instanceof Error` pattern
Confluence and Slack hash format changes self-heal with a one-time
re-sync; no data loss.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix(connectors/slack): include oldestTs in hash to catch window-shift edits
Audit caught that the metadata hash slack:{channel}:{latestTs}:{count}
misses edits to the oldest message in the rolling window — count and
latestTs both stay constant. Adding oldestTs catches window-shift
when a new message arrives and pushes the oldest out without changing
the newest.
Also drop residual error instanceof Error pattern in validateConfig.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix(connectors): address remaining audit findings
- jira: thread VALIDATE_RETRY_OPTIONS through getJiraCloudId so the
validate path uses the tighter retry budget
- confluence: thread VALIDATE_RETRY_OPTIONS through getConfluenceCloudId;
drop residual error instanceof Error pattern
- zendesk: log a warning when statusFilter is set and limit exceeds
the Search API 1000-result cap; add priority to tagDefinitions and
mapTags so the metadata isn't orphaned
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix(connectors): address PR review comments
- github: skip blob fetch for empty 0-byte files
- salesforce: add fallback message for empty error
- zendesk: warn on invalid statusFilter instead of silent fallthrough
- evernote: remove dead content.trim() guard
* fix(zendesk): add fallback message for empty validateConfig error
* docs(obsidian): clarify hash strategy and re-hydration behavior
* fix(connectors): address parallel audit findings
- servicenow: case-insensitive sys_id pattern; validate workflowState/incidentState/incidentPriority as numeric, kbCategory via allowlist
- salesforce: include 400 in userinfo host fallthrough for sandbox tokens
- zendesk: add missing 'new' and 'hold' options to ticketStatus dropdown
* fix(servicenow): allow string workflowState values (published/draft/review/retired)
* fix(obsidian): validateConfig must check authenticated field, not just status
GET / is the only public endpoint per the Local REST API spec — it returns
200 regardless of auth and exposes the real signal via response.authenticated.
The prior status-based check let invalid API keys pass validation.
* fix(jira): encode collected count in cursor so maxIssues cap works without syncContext
* fix(connectors): address remaining audit findings
- slack: detect message edits and new threaded replies via edited.ts/latest_reply in contentHash
- github: skip binary files via NUL-byte sniff and filter oversized files at tree-list time
- servicenow: add 'outdated' workflow state to allowlist and dropdown; add Canceled (8) to incident state dropdown
- salesforce: drop 400 from userinfo host fallthrough (Salesforce returns 401/403 for cross-env tokens)
* fix(github): apply binary check to blob fallback path
fetchBlobContent now runs isBinaryBuffer on base64-decoded data and
returns null for binaries; getDocument propagates the null so 1-10MB
binary files are skipped instead of being decoded into garbled UTF-8.
* fix(confluence): reuse pageToStub in getDocument to keep hashes in sync
Replace duplicated versionKey/contentHash logic with a single call to
pageToStub so listDocuments and getDocument can never drift.
* fix(connectors): address audit findings across 7 connectors
- github: branch with slashes encoded per-segment in sourceUrl; treat 403
Contents API responses (>100MB or restricted) as null instead of
throwing; fetchBlobContent throws on unexpected encoding rather than
returning empty content
- jira: ADF extractor handles hardBreak, mention, and emoji nodes
- google-docs: paragraph join uses newline so heading/body boundaries
are preserved
- servicenow: drop legacy 'wiki' field from kb_knowledge requests; only
the 'text' field is reliably present on modern instances
- salesforce: KnowledgeArticleVersion query adds IsLatestVersion=true to
avoid duplicate historical versions; encode externalId in sObject GET
- slack: subtype filter switches to a denylist (SLACK_NOISE_SUBTYPES) so
thread_broadcast / me_message / reminder_add are kept; reply_count
folded into contentHash to detect threaded reply deletes
- confluence: drop bare-string cursor fallback; unparseable cursors now
restart the listing instead of silently re-listing blogposts from 0
* fix(servicenow): allow non-ASCII KB category names
Switch from a \w-based allowlist (ASCII only) to a denylist that
rejects only encoded-query-meaningful characters (^, control chars,
quotes). International category names like 'Général' or 'Ação' are
now accepted.
* fix(servicenow): restore wiki field fallback for kb_knowledge
Wiki-template KB articles populate the wiki field and leave text empty;
HTML-template articles do the opposite. Removing wiki caused wiki-format
articles to resolve to empty content and be silently skipped.
* fix(connectors): jira pagination signal and google-docs paragraph join
- jira: rely solely on absence of nextPageToken for end-of-results;
data.isLast on /rest/api/3/search/jql is unreliable (JRACLOUD-95477)
and the OR-with-isLast logic could truncate pagination early
- google-docs: strip trailing newline from each paragraph before
joining so heading->body produces a single newline, not two
* fix(jira): rely solely on nextPageToken for end-of-results
data.isLast on /rest/api/3/search/jql is unreliable (JRACLOUD-95477)
and the previous OR-with-isLast logic could truncate pagination early
if Jira ever returned isLast=true alongside a valid nextPageToken.
* fix(slack): exclude DM channel IDs from direct lookup
DM (D...) channel IDs require im:*/mpim:* OAuth scopes, which the
connector does not request. The regex now matches only public (C) and
private (G) channel IDs to fail fast with a clearer error instead of
hitting missing_scope from Slack.
* fix(slack): align validateConfig channel ID regex with resolveChannel
The previous fix narrowed the regex in resolveChannel to [CG] but missed
the duplicate in validateConfig, which still admitted DM IDs and would
fall through to a name-based search returning 'Channel not found.'
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
) * fix(uploads): direct-to-S3 workspace files + shared transport * chore(testing): centralize posthog and storage-service mocks * fix(uploads): address PR review — abort propagation, orphan cleanup, error handling - Throw immediately on AbortError in KB retry loop (no useless 14s backoff) - Cleanup S3/Blob object on quota or size-cap rejection in registerUploadedWorkspaceFile - Enforce MAX_WORKSPACE_FILE_SIZE at registration (defense vs presigned PUT lying about size) - Handle non-OK / non-JSON responses in workspace-files upload paths * fix(uploads): add Zod contracts for workspace presigned/register routes * fix(uploads): correct BlobServiceClient type name in headBlobObject * fix(uploads): address PR review — typo, complete-failure cleanup, double-increment * fix(uploads): preserve fallback size and reuse existing display name on re-register * fix(uploads): surface server error message and bypass quota for local-storage fallback * fix(uploads): align register response schema with UserFile; skip presigned for KB large files - registerWorkspaceFileResponseSchema now matches the UserFile shape the route actually returns; previous schema required workspace DB-row fields that were never populated, causing requestJson validation to reject successful uploads. - KB batch presigned fetch now skips files >= LARGE_FILE_THRESHOLD since multipart bypasses the per-file presigned URL anyway. * fix(uploads): idempotent register skips duplicate audit/posthog; add edge-case tests - registerUploadedWorkspaceFile now returns { file, created } so the route can skip captureServerEvent and recordAudit on idempotent re-register (existing metadata reused). Previously a re-register fired duplicate analytics + audit log entries. - Add tests covering: idempotent re-register skips audit/analytics, isNetworkError matches econnreset/timeout/etc keywords, multipart complete failure fires action=abort cleanup. * fix(uploads): include 50MiB boundary in batch presigned fetch * fix(uploads): trust HEAD size to prevent quota inflation The head.size > 0 fallback let a client PUT 0 bytes and register with an inflated size, debiting quota without storing data. HEAD on an existing object always returns the true byte count, so trust it directly — a genuine 0-byte file correctly contributes 0. * fix(uploads): audit verified file size, not client-supplied * fix(uploads): handle register retries and name-collision races Two bugs in registerUploadedWorkspaceFile: 1. Register retry could orphan storage. When a successful response was lost on the wire and the client retried, the quota check saw the bytes already counted, failed, and cleanupOrphan deleted the already-registered storage object — leaving the DB row pointing to nothing. Fix: check getFileMetadataByKey before quota guard and short-circuit on existing record. 2. Concurrent same-named uploads could lose data. allocateUniqueWorkspaceFileName is best-effort; two racing uploads can pass it and both attempt the same display name. The loser's insert hits 23505, the catch block called cleanupOrphan, and successfully-uploaded bytes were deleted. Fix: retry on 23505 with a fresh allocateUniqueWorkspaceFileName, matching the pattern in uploadWorkspaceFile. Throw FileConflictError after exhaustion. * fix(uploads): retry transient DirectUploadErrors at outer KB level The KB outer retry only triggered on isNetworkError, missing transient 5xx from S3/Azure (DirectUploadError code DIRECT_UPLOAD_ERROR or MULTIPART_ERROR). Adds isTransientUploadError and retries on it, restoring resilience for small-file presigned PUTs against flaky cloud storage. * fix(uploads): only retry transient 5xx, not deterministic 4xx DirectUploadError now carries the HTTP status. isTransientUploadError gates on 5xx so callers don't loop on 400/403/404 (e.g., malformed request, expired signature). Multipart per-part retry also short-circuits on 4xx — same reasoning. * refactor(uploads): collapse getFileContentType into resolveFileType The two helpers differed only in whether application/octet-stream falls back to the extension map. Add an option flag to resolveFileType and keep getFileContentType as a thin wrapper for direct-PUT callers that need to preserve the exact browser-reported content-type. * chore(uploads): trim verbose comments Drop inline comments that restate code ("Use the full storageKey as fileName"), collapse a multi-line block comment into a tighter TSDoc on the existence check, and prune verbose vitest file headers — describe blocks already document what's tested. * fix(uploads): regenerate fileId per insert retry; require cloud storage for register * fix(uploads): cap formdata fallback at 100MB; drop unused size param * fix(uploads): abort multipart on get-part-urls failure; retry register on transient errors * fix(uploads): drop vestigial size field from register contract * fix(uploads): abort multipart on complete-fetch throw * fix(uploads): set kb presignedEndpoint fallback; race-safe blob HEAD * fix(uploads): include ?type=knowledge-base on kb presigned fallback * fix(uploads): remove abort listener on xhr timeout * fix(uploads): add timeout/abort to kb api fallback upload
* improvement(sidebar): overlay lock indicator on leading icon * fix(sidebar): correct lock indicator HTML nesting and a11y * improvement(sidebar): swap lock indicator with more button on hover * fix(sidebar): gate pointer-events on lock and more button visibility * fix(sidebar): add role=img so lock indicator is announced by AT
* hide new workflow column feature * fix lint * fix unit test timout * fix lint
* fix(memories): get memory tool, mem0 integration update * timeout test * address comments * address more comments * remove flaky test
|
The latest updates on your projects. Learn more about Vercel for GitHub. |
PR SummaryHigh Risk Overview Expands the tables API surface to manage workflow groups and execution runs (new endpoints for group CRUD, group runs, row group runs, and canceling runs), and extends table responses to include Introduces direct-to-storage workspace uploads via new workspace-scoped presign + register routes with quota/size checks and key ownership validation, and refactors multipart upload completion to validate/normalize client part payloads and provider-specific config (S3 ETags vs Blob block IDs). Related tests are updated to use shared storage/posthog mocks. Hardens chat SSO by preventing cookie issuance/replay for Reviewed by Cursor Bugbot for commit 7921449. Configure here. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 7921449. Configure here.
* feat(files): export markdown as zip with embedded images in assets/ folder * fix(files): sanitize zip filenames, fix storage context cast, cap embedded image count * fix(files): fix race condition in asset filename deduplication * chore(files): remove extraneous comments from export route * fix(files): sanitize markdown zip entry name, full uuid fallback for filename dedup * fix(files): extract userId const to satisfy TypeScript narrowing in async callback * fix(files): use replacer function to prevent $ special-char corruption in markdown URL rewrite * fix(files): wrap zip buffer in Uint8Array for NextResponse BodyInit compatibility * lock behavior * fix(workflow): track resolved isAdmin in prevIsAdminRef to prevent stale lock notification When workspacePermissions loads asynchronously, prevCanAdminRef (which only tracked effectivePermissions.canAdmin) would not detect the change, causing the early-return guard to skip rebuilding the notification with the correct unlock-button visibility. Track the same resolved value (workspacePermissions ?.viewer?.isAdmin ?? effectivePermissions.canAdmin) that is actually used to build the notification. * refactor(uploads): rename server fn to fetchWorkspaceFileBuffer, move client download to uploads/client/download.ts as triggerFileDownload * more lock updates * fix(tests): update mocks for fetchWorkspaceFileBuffer rename
…ilent cascade orphaning (#4418) * fix(credentials): clear stored refs on credential delete to prevent silent cascade orphaning * fix(testing): sync auditMock with new CREDENTIAL_RECONNECTED action * improvement(credentials): parallelize independent ref-clearing scans
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.