v0.6.30: slack trigger enhancements, secrets performance, polling refactors, drag resources in mothership#4038
Merged
waleedlatif1 merged 15 commits intomainfrom Apr 8, 2026
Merged
v0.6.30: slack trigger enhancements, secrets performance, polling refactors, drag resources in mothership#4038waleedlatif1 merged 15 commits intomainfrom
waleedlatif1 merged 15 commits intomainfrom
Conversation
Co-authored-by: Theodore Li <[email protected]>
* fix(signup): fix turnstile key loading * fix(login): fix captcha header passing * Catch user already exists, remove login form captcha --------- Co-authored-by: Theodore Li <[email protected]>
…igger (#4030) * feat(slack): add subtype field and signature verification to Slack trigger * fix(slack): guard against NaN timestamp and align null/empty-string convention
…lity for workspace secrets (#4032) * improvement(secrets): parallelize save mutations and add admin visibility for workspace secrets * fix(secrets): sequence workspace upsert/delete to avoid read-modify-write race * fix(secrets): use Promise.allSettled to ensure credential invalidation after all mutations settle
…4028) * feat(chat): drag workflows and folders from sidebar into chat input * fix(chat): fix effectAllowed, stale atInsertPosRef, and drag-enter overlay for resource drags * feat(chat): add task dragging and visible drag ghost for sidebar items * feat(sidebar): add drag ghost with icons and task icon to context chips * refactor(types): narrow ChatMessageContext.kind to ChatContextKind union and add workflowBorderColor utility * feat(user-input): support Tab to select resource in mention dropdown * fix(user-input): narrow ChatContext discriminated union before accessing workflowId * fix(colors): overload workflowBorderColor to accept string | undefined * fix(colors): simplify workflowBorderColor to single string | undefined signature * fix(chat): remove resource panel tab when context mention is deleted from input * fix(chat): use resource ID for context removal identity check * fix(chat): add folder/task cases to resource resolver, task key to existingResourceKeys, and use workflowBorderColor in drag ghost * revert(chat): remove folder/task from resolveResourceFromContext — no panel UI for these types * fix(chat): add chatId to stored context types and workflow.color to drag callback deps * fix(chat): guard chatId before adding task key to existingResourceKeys
* feat(athena): add AWS Athena integration * fix(athena): address PR review comments - Fix variable shadowing: rename inner `data` to `rowData` in row mapper - Fix first-page maxResults off-by-one: request maxResults+1 to compensate for header row - Add missing runtime guard for queryString in create_named_query - Move athena registry entries to correct alphabetical position * fix(athena): alphabetize registry keys and add type re-exports - Reorder athena_* registry keys to strict alphabetical order - Add type re-exports from index.ts barrel * fix(athena): cap maxResults at 999 to prevent overflow with header row adjustment The +1 adjustment for the header row on first-page requests could produce MaxResults=1001 when user requests 1000, exceeding the AWS API hard cap of 1000.
* fix(admin): delete workspaces on ban * Fix lint * Wait until workspace deletion to return ban success --------- Co-authored-by: Theodore Li <[email protected]>
* Add copy button for code blocks in mothership * Move to shared copy code button * Handle react node case for copy * fix(copy-button): address PR review feedback - Await clipboard write and clear timeout on unmount in CopyCodeButton - Fix hover bg color matching container bg (surface-4 -> surface-5) - Extract extractTextContent to shared util at lib/core/utils/react-node-text.ts Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> * Fix lint --------- Co-authored-by: Theodore Li <[email protected]> Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>
… pattern (#4035) * refactor(polling): consolidate polling services into provider handler pattern Eliminate self-POST anti-pattern and extract shared boilerplate from 4 polling services into a clean handler registry mirroring lib/webhooks/providers/. - Add processPolledWebhookEvent() to processor.ts for direct in-process webhook execution, removing HTTP round-trips that caused Lambda 403/timeout errors - Extract shared utilities (markWebhookFailed/Success, fetchActiveWebhooks, runWithConcurrency, resolveOAuthCredential, updateWebhookProviderConfig) - Create PollingProviderHandler interface with per-provider implementations - Consolidate 4 identical route files into single dynamic [provider] route - Standardize concurrency to 10 across all providers - No infra changes needed — Helm cron paths resolve via dynamic route Co-Authored-By: Claude Opus 4.6 <[email protected]> * polish(polling): extract lock TTL constant and remove unnecessary type casts - Widen processPolledWebhookEvent body param to accept object, eliminating `as unknown as Record<string, unknown>` double casts in all 4 handlers - Extract LOCK_TTL_SECONDS constant in route, tying maxDuration and lock TTL to a single value Co-Authored-By: Claude Opus 4.6 <[email protected]> * fix(polling): address PR review feedback - Add archivedAt filters to fetchActiveWebhooks query, matching findWebhookAndWorkflow in processor.ts to prevent polling archived webhooks/workflows - Move provider validation after auth check to prevent provider enumeration by unauthenticated callers - Fix inconsistent pollingIdempotency import path in outlook.ts to match other handlers Co-Authored-By: Claude Opus 4.6 <[email protected]> * fix(polling): use literal for maxDuration segment config Next.js requires segment config exports to be statically analyzable literals. Using a variable reference caused build failure. Co-Authored-By: Claude Opus 4.6 <[email protected]> --------- Co-authored-by: Claude Opus 4.6 <[email protected]>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
PR SummaryMedium Risk Overview Improves chat/workspace UX by adding Operational/auth tweaks and refactors include consolidating webhook polling endpoints into a single provider route ( Reviewed by Cursor Bugbot for commit a591d7c. Configure here. |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit a591d7c. Configure here.
Contributor
Greptile SummaryThis is a large, multi-feature release (v0.6.30) bundling several independent improvements: Slack trigger signature verification and Key changes:
Confidence Score: 5/5Safe to merge — all findings are P2 style/improvement suggestions with no blocking logic errors. The two issues found are both P2: missing try/catch in CopyCodeButton (UX-only impact) and Zod validation errors returning HTTP 500 instead of 400 in the Athena routes (no data loss or security consequence). The security-critical Slack signature verification is correctly implemented with constant-time comparison and replay protection. The polling refactor is architecturally clean and functionally equivalent to the old per-provider routes. No regressions in existing behaviour are introduced. apps/sim/components/ui/copy-code-button.tsx (clipboard error handling), apps/sim/app/api/tools/athena/*/route.ts (Zod error status codes)
|
| Filename | Overview |
|---|---|
| apps/sim/lib/webhooks/providers/slack.ts | Signature verification (HMAC-SHA256 + constant-time compare + timestamp skew), subtype field, and file download are all correctly implemented. |
| apps/sim/lib/webhooks/polling/orchestrator.ts | Clean delegation to provider-handler pattern; runWithConcurrency bounded parallelism is correctly implemented. |
| apps/sim/app/api/webhooks/poll/[provider]/route.ts | Dynamic provider route with cron auth, Redis lock, and correct TTL matching maxDuration. |
| apps/sim/components/ui/copy-code-button.tsx | Missing try/catch around navigator.clipboard.writeText() — clipboard failures are silently swallowed, leaving the user without feedback. |
| apps/sim/blocks/blocks/athena.ts | All 8 operations, conditions, required fields, and type coercions look correct. AWS credentials use password: true. |
| apps/sim/app/api/tools/athena/start-query/route.ts | Auth check, Zod validation, and AWS SDK usage are all correct; Zod errors return HTTP 500 instead of 400 (same in all 8 Athena routes). |
| apps/sim/app/api/tools/athena/get-query-results/route.ts | Header-row offset logic (+1 on first page, slice(1)) is correct; pagination token handling is proper. |
| apps/sim/triggers/slack/webhook.ts | Trigger config with new signingSecret, botToken, includeFiles fields and updated subtype output definition looks complete and correct. |
| apps/sim/lib/webhooks/polling/utils.ts | Shared utilities (OAuth resolution, failure tracking, config update, concurrency runner) are well-factored and correctly implemented. |
| apps/sim/hooks/queries/environment.ts | Query key factory, signal forwarding, staleTime, and onSettled invalidation all follow project patterns correctly. |
Sequence Diagram
sequenceDiagram
participant Cron as Cron Job
participant Route as /api/webhooks/poll/[provider]
participant Redis as Redis Lock
participant Orch as pollProvider()
participant Registry as PollingRegistry
participant Handler as ProviderHandler (gmail/outlook/imap/rss)
participant DB as Database
participant Proc as processPolledWebhookEvent
Cron->>Route: GET /api/webhooks/poll/gmail
Route->>Route: verifyCronAuth()
Route->>Route: VALID_POLLING_PROVIDERS.has(provider)
Route->>Redis: acquireLock(provider-polling-lock, TTL=180s)
Redis-->>Route: locked=true
Route->>Orch: pollProvider("gmail")
Orch->>Registry: getPollingHandler("gmail")
Registry-->>Orch: gmailPollingHandler
Orch->>DB: fetchActiveWebhooks("gmail")
DB-->>Orch: [webhook1, webhook2, ...]
loop runWithConcurrency (max 10)
Orch->>Handler: pollWebhook({ webhookData, workflowData, requestId, logger })
Handler->>DB: resolveOAuthCredential()
DB-->>Handler: accessToken
Handler->>Handler: fetch new emails/items
Handler->>Proc: processPolledWebhookEvent() [idempotency wrapped]
Proc-->>Handler: result
Handler->>DB: updateWebhookProviderConfig() / markWebhookSuccess()
Handler-->>Orch: 'success' | 'failure'
end
Orch-->>Route: PollSummary { total, successful, failed }
Route->>Redis: releaseLock()
Route-->>Cron: 200 OK + summary
Reviews (1): Last reviewed commit: "fix(manual): mock payloads nested recurs..." | Re-trigger Greptile
…4040) * feat(secrets): allow admins to view and edit workspace secret values * fix(secrets): cross-browser masking and grid layout for non-admin users
* fix: address PR review comments on staging release - Add try/catch around clipboard.writeText() in CopyCodeButton - Add missing folder and past_chat cases in resolveResourceFromContext - Return 400 for ZodError instead of 500 in all 8 Athena API routes Co-Authored-By: Claude Opus 4.6 <[email protected]> * fix(api): return 400 for Zod validation errors across 27 API routes Routes using z.parse() were returning 500 for ZodError (client input validation failures). Added instanceof z.ZodError check to return 400 before the generic 500 handler, matching the established pattern used by 115+ other routes. Affected services: CloudWatch (7), CloudFormation (7), DynamoDB (6), Slack (3), Outlook (2), OneDrive (1), Google Drive (1). Co-Authored-By: Claude Opus 4.6 <[email protected]> * fix(api): add success:false to ZodError responses for consistency 7 routes used { success: false, error: ... } in their generic error handler but our ZodError handler only returned { error: ... }. Aligned the ZodError response shape to match. Co-Authored-By: Claude Opus 4.6 <[email protected]> --------- Co-authored-by: Claude Opus 4.6 <[email protected]>
…for connectors (#4044) * improvement(kb): deferred content fetching and metadata-based hashes for connectors * fix(kb): remove message count from outlook contentHash to prevent list/get divergence * fix(kb): increase outlook getDocument message limit from 50 to 250 * fix(kb): skip outlook messages without conversationId to prevent broken stubs * fix(kb): scope outlook getDocument to same folder as listDocuments to prevent hash divergence * fix(kb): add missing connector sync cron job to Helm values The connector sync endpoint existed but had no cron job configured to trigger it, meaning scheduled syncs would never fire. Co-Authored-By: Claude Opus 4.6 <[email protected]> --------- Co-authored-by: Claude Opus 4.6 <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.