Skip to content

feat(envvars): use cache for envvar dropdown key names, prevent autofill & suggestions in the settings#1769

Merged
waleedlatif1 merged 2 commits into
stagingfrom
sim-317
Oct 30, 2025
Merged

feat(envvars): use cache for envvar dropdown key names, prevent autofill & suggestions in the settings#1769
waleedlatif1 merged 2 commits into
stagingfrom
sim-317

Conversation

@waleedlatif1
Copy link
Copy Markdown
Collaborator

@waleedlatif1 waleedlatif1 commented Oct 30, 2025

Summary

  • use cache for envvar dropdown key names to prevent it from pulling it every single time the dropdown opens, and added a max height to the dropdown
    • invalidate cache when a new key is set/a key is removed
  • prevent autofill & suggestions in the settings for envvars to prevent save password and suggested passwords

Type of Change

  • New feature

Testing

Tested manually.

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

@vercel
Copy link
Copy Markdown

vercel Bot commented Oct 30, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Preview Comments Updated (UTC)
docs Skipped Skipped Oct 30, 2025 7:20am

greptile-apps[bot]
greptile-apps Bot reviewed Oct 30, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Greptile Overview

Greptile Summary

Implemented in-memory caching for workspace environment variables to reduce redundant API calls when users open the env var dropdown. The cache is stored in a Map keyed by workspaceId and is properly invalidated when variables are updated or deleted. Additionally, implemented browser autofill prevention for the environment variable settings form by switching from type="password" to type="text" with WebkitTextSecurity: 'disc' styling and adding honeypot inputs to prevent password managers from interfering.

Key changes:

  • Cache preloads when workflow becomes ready, providing instant dropdown results
  • Cache invalidation correctly triggers on upsertWorkspaceEnvironment, removeWorkspaceEnvironmentKeys, and personal variable changes
  • Autofill prevention uses modern web techniques (honeypot inputs + text security styling)
  • Added maxHeight to dropdown for better UX with long variable lists

Confidence Score: 5/5

  • This PR is safe to merge with minimal risk
  • The implementation is straightforward and well-structured. The cache invalidation logic is correctly placed in all mutation methods, the preload strategy won't cause race conditions, and the autofill prevention technique is a standard browser workaround. No logical errors or security issues were found.
  • No files require special attention

Important Files Changed

File Analysis

Filename Score Overview
apps/sim/stores/settings/environment/store.ts 5/5 Added workspace env cache with Map, proper invalidation on mutations, and reset method
apps/sim/app/workspace/[workspaceId]/w/[workflowId]/workflow.tsx 5/5 Added preload logic for workspace env vars when workflow is ready, with cache clearing on workspace change
apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/environment/environment.tsx 5/5 Replaced password input type with text + WebkitTextSecurity styling, added honeypot inputs to prevent autofill
apps/sim/components/ui/env-var-dropdown.tsx 4/5 Simplified group creation logic and label display, removed conditional group pushing, added maxHeight styling

Sequence Diagram

sequenceDiagram
    participant User
    participant Workflow
    participant EnvStore
    participant Cache
    participant API
    participant Dropdown

    User->>Workflow: Opens workflow
    Workflow->>EnvStore: loadWorkspaceEnvironment(workspaceId)
    EnvStore->>Cache: Check cache for workspaceId
    alt Cache Hit
        Cache-->>EnvStore: Return cached data
        EnvStore-->>Workflow: Return env data
    else Cache Miss
        EnvStore->>API: GET /workspace/:id/environment
        API-->>EnvStore: Return workspace & personal env vars
        EnvStore->>Cache: Store data with timestamp
        EnvStore-->>Workflow: Return env data
    end

    User->>Dropdown: Types {{ to trigger dropdown
    Dropdown->>EnvStore: loadWorkspaceEnvironment(workspaceId)
    EnvStore->>Cache: Check cache
    Cache-->>EnvStore: Return cached data (fast)
    EnvStore-->>Dropdown: Display env vars

    User->>EnvStore: Updates/Deletes env var
    EnvStore->>API: PUT/DELETE request
    API-->>EnvStore: Success
    EnvStore->>Cache: clearWorkspaceEnvCache(workspaceId)
    Cache-->>EnvStore: Cache invalidated
Loading

7 files reviewed, no comments

Edit Code Review Agent Settings | Greptile

@waleedlatif1 waleedlatif1 merged commit 61725c2 into staging Oct 30, 2025
9 checks passed
@waleedlatif1 waleedlatif1 deleted the sim-317 branch November 8, 2025 22:40
waleedlatif1 added a commit that referenced this pull request Nov 12, 2025
@waleedlatif1
feat(envvars): use cache for envvar dropdown key names, prevent autof…
f46658b 
…ill & suggestions in the settings (#1769)

* feat(envvars): use cache for envvar dropdown key names, prevent autofill & suggestions in the settings

* add the same prevention for autocomplete and suggestions to sso and webhook
@waleedlatif1 waleedlatif1 mentioned this pull request Nov 12, 2025
Merged
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@waleedlatif1