Skip to content

v0.6.90: resource breadcrumb flash fix, dedupe external URL fetches, fal-ai hosted key #4734

Merged
icecrasher321 merged 3 commits into
mainfrom
staging
May 23, 2026
Merged

v0.6.90: resource breadcrumb flash fix, dedupe external URL fetches, fal-ai hosted key #4734
icecrasher321 merged 3 commits into
mainfrom
staging

Conversation

@waleedlatif1
Copy link
Copy Markdown
Collaborator

@waleedlatif1 waleedlatif1 commented May 23, 2026
edited by icecrasher321
Loading

@waleedlatif1
fix(resource): prevent permission-gated breadcrumb items from flashin…
1286519 
…g on load (#4732)

* improvement(kb-connectors): align connector UI surfaces and strip redundant description suffix

- Fix icon colors to use --text-icon token across connector cards and modal
- Switch Reconnect/Update access buttons from active to primary variant
- Lift search box surface from --surface-2 to --surface-3 so it's visible against modal bg
- Replace raw <button> elements with emcn Button in base.tsx
- Shrink Connected Sources modal from lg to md
- Strip " to/into/from your knowledge base" from all 27 connector descriptions to prevent overflow

* fix(resource): replace raw pagination button with emcn Button

* fix(resource): prevent permission-gated breadcrumb items from flashing on load

* fix(resource): self-remove keydown listener on Escape and include session loading in isLoading guard
@waleedlatif1
fix(files): never dedup external URL fetches by path filename (#4733)
6b1210b 
* fix(files): never dedup external URL fetches by path filename

External URL fetches in the file parse route were keyed on the path
filename, so two distinct URLs whose paths ended in `image.png` (e.g.
every Slack clipboard paste) collided in the workspace cache and
returned stale bytes from a prior fetch.

Extracts the fetch + save flow into `fetchExternalUrlToWorkspace` so
the broken dedup pattern can't be reintroduced. The helper always
downloads; `uploadWorkspaceFile` handles name collisions on save by
suffixing (`image.png` -> `image (1).png` -> ...).

* fix(files): distinguish non-member from read-only in workspace-save skip log

Splits the workspace-save skip branch so non-members (permission === null)
log 'user is not a workspace member' instead of the misleading 'lacks
write permission'. Adds a test covering the null case so the relaxed
behavior (vs. the prior route's hard 'File not found') is explicit.
@vercel
Copy link
Copy Markdown

vercel Bot commented May 23, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
docs Ready Ready Preview, Comment May 23, 2026 7:57pm

Request Review

@cursor
Copy link
Copy Markdown

cursor Bot commented May 23, 2026
edited
Loading

PR Summary

Medium Risk
Changes external URL download + workspace-save flow in the file parsing API (SSRF validation/error handling and persistence), which can affect security and file ingestion behavior; UI tweaks are low risk but touch common resource list interactions.

Overview
Fixes a bug where external URLs were effectively deduped by path filename (e.g. many distinct Slack URLs ending in image.png), by introducing fetchExternalUrlToWorkspace and updating the parse route to always fetch each URL independently and optionally save to workspace without relying on filename lookup.

Adds explicit handling for ExternalUrlValidationError (blocked SSRF/DNS validation) and new unit tests covering non-dedup behavior, permission-gated workspace saves, and header forwarding.

Prevents permission-gated breadcrumb/actions from flashing during initial load by treating userPermissions.isLoading as a disabled-but-visible state, and improves resource table UX by highlighting the right-clicked row and standardizing some controls to use Button variants; also trims connector descriptions for consistency.

Reviewed by Cursor Bugbot for commit 6b1210b. Configure here.

@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps Bot commented May 23, 2026

Greptile Summary

This PR ships two targeted fixes: it prevents permission-gated breadcrumb items from visually flashing on initial load by factoring session-loading state into the useUserPermissions hook, and it removes the filename-based dedup of external URL fetches (which incorrectly reused stale workspace bytes when two distinct URLs shared the same path tail, e.g., every Slack clipboard paste resolving to image.png).

  • Breadcrumb flash fix (use-user-permissions.ts, files.tsx, base.tsx): useSession's isPending flag is now folded into the isLoading computation; downstream breadcrumb arrays show (disabled) items while loading so no items flash in after the fact.
  • External URL dedup removal (fetch-external-url.ts, route.ts): Download and workspace-save logic is extracted into a new fetchExternalUrlToWorkspace helper that always fetches fresh; the old fileExistsInWorkspace/listWorkspaceFiles cache-by-filename path is eliminated and covered by new unit tests.
  • Connector descriptions: "into your knowledge base" suffix removed from 27 connector description strings (cosmetic, no behavior change).

Confidence Score: 5/5

Safe to merge — both fixes are narrow and well-tested, no regressions in auth or data paths.

The external-URL dedup removal is backed by targeted unit tests in both the new helper and the existing route test suite. The session-loading breadcrumb fix is a small, isolated change to the permissions hook that only adds isPending to the loading guard. All connector description changes are cosmetic. The resource.tsx context-menu state tracking uses correct closure references in cleanup and the DataRow highlight logic is non-breaking.

No files require special attention.

Important Files Changed

Filename Overview
apps/sim/hooks/use-user-permissions.ts Adds isPending (sessionLoading) from useSession to the loading guard and isLoading return value, fixing the root cause of breadcrumb flash for permission-gated items.
apps/sim/lib/uploads/contexts/workspace/fetch-external-url.ts New helper encapsulating SSRF validation, download, and optional workspace save; deliberately never deduplicates by filename. resolvedIP null-check is stricter than the old non-null assertion, improving safety.
apps/sim/app/api/files/parse/route.ts Removes inline dedup/permission logic from handleExternalUrl and delegates to fetchExternalUrlToWorkspace; extension variable is still correctly used for file-type routing after the refactor.
apps/sim/app/workspace/[workspaceId]/files/files.tsx Shows breadcrumb dropdown items (disabled) during permission loading to prevent flash; adds userPermissions.isLoading to the memoized dependency array correctly.
apps/sim/app/workspace/[workspaceId]/knowledge/[id]/base.tsx Applies same loading-state breadcrumb fix as files.tsx for the knowledge base; also swaps native button elements for Button component and resizes Connected Sources modal to md.
apps/sim/app/workspace/[workspaceId]/components/resource/resource.tsx Adds contextMenuRowId state to highlight the right-clicked row while context menu is open; event listener cleanup via useEffect is correct with proper closure-based references.
apps/sim/lib/uploads/contexts/workspace/fetch-external-url.test.ts New unit tests thoroughly cover the no-dedup contract, SSRF rejection, permission gating, save-error swallowing, and custom header forwarding.

Reviews (1): Last reviewed commit: "fix(files): never dedup external URL fet..." | Re-trigger Greptile

@icecrasher321
improvement(media-gen): retire vision block, add hosted key for fal a…
4fab03c 
…i for image/video gen, search visibility in cmd-k (#4684)

* improvement(media-gen): retire vision block, add hosted key for fal ai for image/video gen

* address comments
@icecrasher321 icecrasher321 changed the title v0.6.90: resource breadcrumb flash fix, dedupe external URL fetches v0.6.90: resource breadcrumb flash fix, dedupe external URL fetches, fal-ai hosted key May 23, 2026
@icecrasher321 icecrasher321 merged commit f6c9998 into main May 23, 2026
30 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@waleedlatif1 @icecrasher321