Skip to content

fix(google-vault): validate against live API docs, add matter/hold/saved-query CRUD coverage#5482

Merged
waleedlatif1 merged 9 commits into
stagingfrom
worktree-google-vault-audit
Jul 7, 2026
Merged

fix(google-vault): validate against live API docs, add matter/hold/saved-query CRUD coverage#5482
waleedlatif1 merged 9 commits into
stagingfrom
worktree-google-vault-audit

Conversation

@waleedlatif1

Copy link
Copy Markdown
Collaborator

Summary

  • Fixed a critical bug: create_matters_export sent the deprecated Query.searchMethod field (deprecated 2019, support ended June 2020) instead of method — account/org-unit scoped exports were silently falling back to unscoped/broken behavior against the live API
  • Fixed a duplicate matterId subBlock id that collided across operations
  • Added full matter lifecycle: update, close, reopen, delete, undelete
  • Added matter collaborator management: add/remove permissions
  • Added export delete
  • Added hold update, delete, add/remove held accounts
  • Added saved query create/list/delete
  • Bumped tool versions to 1.0.0 (repo convention) and fixed docsLink to point at docs.sim.ai instead of the vendor site
  • All new endpoints are covered by the existing ediscovery + devstorage.read_only OAuth scopes — no new scopes requested

Type of Change

  • Bug fix
  • New feature (additional tool coverage)

Testing

Tested manually: verified operation dropdown / tool.access / switch-case alignment (22/22/22), no duplicate subBlock ids, bun run lint clean, bun run type-check clean (only pre-existing unrelated @aws-sdk/client-textract errors present).

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

@vercel

vercel Bot commented Jul 7, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
docs Ready Ready Preview, Comment Jul 7, 2026 7:35pm

Request Review

@cursor

cursor Bot commented Jul 7, 2026

Copy link
Copy Markdown

PR Summary

Low Risk
Documentation and static icon assets only; no runtime, auth, or data-path changes in the diff provided.

Overview
This PR expands English integration documentation across many services and adds new SVG brand icons in the docs app.

Docs (apps/docs/content/docs/en/integrations/) — New or updated action/trigger reference pages for AWS (Athena batch query status, named-query delete, database/table metadata; CloudFormation stack/change-set lifecycle; CloudWatch log filtering, retention, alarm history; CodePipeline structure, action executions, stage transitions), Attio (attribute CRUD, richer note/task/comment fields), Bright Data (scrape dataFormat, discover limits/modes), Discord (bulk delete, pins, list channels/roles), Dropbox (shared links, revisions, restore), Dub (tenant/folder/conversion fields, domains/tags/folders APIs), GitHub (PR reviews, README, tags, latest release), GitLab (branch delete/compare, releases), and BigQuery (datasets/tables CRUD, query results pagination, table data preview). Usage blurbs were updated where capabilities grew (e.g. CloudFormation create/update/delete).

Icons (apps/docs/components/icons.tsx) — Exports added for LangChain, CrewAI, Dust, OpenClaw, Microsoft Copilot, and competitor/automation logos (n8n, Zapier, Make, Gumloop, Workato, Pipedream, Tines, StackAI, Vellum, Retool, Langflow, Flowise), mostly as embedded raster data or gradient SVGs with useId() for unique gradient IDs.

Note: The PR title/description mention Google Vault tool fixes; those changes are not present in the diff shown here.

Reviewed by Cursor Bugbot for commit 0a96355. Configure here.

@greptile-apps

greptile-apps Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR substantially expands the Google Vault integration from 6 to 22 operations, covering the full matter lifecycle (update, close, reopen, delete, undelete), hold management (update, delete, add/remove held accounts), matter collaborator management, export deletion, and saved query CRUD. It also fixes a critical pre-existing bug where create_matters_export was sending the deprecated Query.searchMethod field (removed in 2020) instead of method, causing account/org-unit scoped exports to silently fall back to broken behavior.

  • Bug fix: create_matters_export now sends method instead of searchMethod, adds ENTIRE_ORG support for MAIL corpus, and validates that non-MAIL corpus exports supply a scope.
  • New operations (15): full matter lifecycle, hold update/delete, held account management, collaborator management, export delete, saved query create/list/delete — all using the existing OAuth scopes.
  • Block refactor: separates stale-value-prone fields into operation-scoped variants (listMatterId, listExportId, listHoldId, listSavedQueryId, updateHoldAccountEmails, etc.) and fixes spread ordering so updateHold* values take precedence over savedQuery* values.

Confidence Score: 4/5

Safe to merge after addressing the stale-ID issue in the block params mapper; all new tool files and the export bug fix are correct.

The block params mapper uses conditional spread to map list-specific optional fields to their tool param names. Because the spread is skipped when the list field is empty, a stale exportId/holdId/savedQueryId previously set by one of the new required-ID operations flows through rest and causes the list tool to silently execute a single-resource GET instead of listing everything.

apps/sim/blocks/blocks/google_vault.ts — the params mapper list-field overrides need to unconditionally clear stale IDs from rest for all four list operations

Important Files Changed

Filename Overview
apps/sim/blocks/blocks/google_vault.ts Adds 15 new operation entries to the block, introduces operation-scoped fields to avoid stale-value collisions, and fixes spread ordering — but the listExportId/listHoldId/listSavedQueryId mapper entries don't prevent stale required IDs from the new delete/update operations bleeding into list calls
apps/sim/tools/google_vault/create_matters_export.ts Fixes deprecated searchMethod → method, adds ENTIRE_ORG support for MAIL corpus, and adds early validation for non-MAIL unscoped exports; logic is correct
apps/sim/tools/google_vault/update_matters_holds.ts New full-resource PUT for hold updates; correctly mirrors create_matters_holds body structure, enforces scope presence, and appropriately documents the full-replacement semantics
apps/sim/tools/google_vault/create_saved_query.ts New saved query creation; mirrors export query structure, correctly gates ENTIRE_ORG to MAIL corpus, and handles array/string accountEmails defensively
apps/sim/tools/google_vault/list_saved_queries.ts New list/get tool; correctly branches on savedQueryId, validates pageSize, and now uses user-or-llm visibility for pageToken (per earlier fix)
apps/sim/tools/registry.ts Registers all 15 new tools; imports and keys are consistent
apps/sim/tools/google_vault/types.ts Adds typed interfaces for all new operations; extends GoogleVaultCommonParams correctly

Reviews (10): Last reviewed commit: "docs: regenerate integration docs" | Re-trigger Greptile

Comment thread apps/sim/tools/google_vault/list_saved_queries.ts
@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@greptile review

@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@cursor review

Comment thread apps/sim/tools/google_vault/update_matters_holds.ts
@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

Ran an independent 4-way parallel audit against the live Vault API docs (matter lifecycle, exports/file-handling, holds, saved-queries + block wiring + backwards-compat). One additional real finding surfaced and fixed in f0f8986: create_matters_export/create_saved_query could silently send method: undefined for a non-MAIL corpus with no account/org-unit scope (a required Query field), causing an unclear API rejection — now throws a clear error before the request goes out. Everything else came back clean: all 22 operations verified against live docs, no deprecated fields beyond the already-fixed searchMethod, backwards compatibility holds (only intentional fixes, no unintended renames/removals).

@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@greptile review

@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@cursor review

Comment thread apps/sim/tools/google_vault/update_matters_holds.ts
@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@greptile review

@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@cursor review

Comment thread apps/sim/tools/google_vault/update_matters_holds.ts
Comment thread apps/sim/blocks/blocks/google_vault.ts
@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@greptile review

@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@cursor review

Comment thread apps/sim/blocks/blocks/google_vault.ts
Comment thread apps/sim/blocks/blocks/google_vault.ts Outdated
@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@greptile review

@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@cursor review

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit 0665688. Configure here.

Comment thread apps/sim/blocks/blocks/google_vault.ts
@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@greptile review

@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@cursor review

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit 1d0b646. Configure here.

…tter/hold/saved-query CRUD coverage

- Fix critical bug: create_matters_export sent the deprecated Query.searchMethod field (deprecated 2019, support ended 2020) instead of method, silently breaking account/org-unit scoped exports
- Fix duplicate matterId subBlock id (two definitions collided across operations)
- Add matter lifecycle: update, close, reopen, delete, undelete
- Add matter collaborator management: add/remove permissions
- Add export delete
- Add hold update, delete, add/remove held accounts
- Add saved query create/list/delete
- Bump tool versions to 1.0.0 to match repo convention
- Fix docsLink to point at docs.sim.ai instead of the vendor site
- All new endpoints are covered by the existing ediscovery + devstorage.read_only OAuth scopes (no new scopes requested)
…dden

Greptile review: hidden is reserved for framework-injected tokens; pageToken
in list_saved_queries.ts should be user-or-llm so an agent/user can pass it,
matching the pattern used elsewhere for tool-supplied pagination cursors.
…e on update

Cursor Bugbot: PUT holds/{id} replaces the full resource — a name/query-only
update with no accountEmails/orgUnitId would silently drop the hold's
custodian coverage. Now throws a clear error directing callers to resend the
scope or use add_held_accounts/remove_held_accounts for incremental changes.
… corpus

Independent audit (parallel doc-verification pass): create_matters_export
and create_saved_query resolved Query.method to undefined when corpus
wasn't MAIL and no accountEmails/orgUnitId was given, silently sending an
invalid request (method is a required Query field) instead of a clear
error. Now throws with an actionable message before the request is sent.
…ry filters

Cursor Bugbot: update_matters_holds only sets query.mailQuery/groupsQuery/
driveQuery when terms/date/shared-drive fields are provided, but the PUT
replaces the whole hold — omitting a previously-set filter clears it, not
leaves it unchanged. Filters are legitimately optional (a hold may have
none), so this can't be hard-required like scope; instead the tool and
field descriptions now explicitly state the full-replace behavior and
direct callers to resupply current values via Vault List Holds first.
Cursor Bugbot: consolidating shared subblocks across operations left two
cross-contamination risks since a stale value from one operation stays in
block state until overwritten:

- accountEmails/orgUnitId are checked emails-first with silent either/or
  priority; sharing them across update_matters_holds and create_saved_query
  meant a leftover value from a different operation could silently override
  the intended scope. Gave both operations dedicated fields
  (updateHoldAccountEmails/updateHoldOrgUnitId, savedQueryAccountEmails/
  savedQueryOrgUnitId), remapped in tools.config.params.
- matterId presence alone switches google_vault_list_matters between
  list-all and single-get. Sharing it with every other operation meant a
  leftover matterId could silently turn "List Matters" into a single-matter
  fetch. Gave list_matters its own optional listMatterId field.

create_matters_holds/create_matters_export keep sharing accountEmails/
orgUnitId as before this PR (pre-existing behavior, not introduced here).
…where counterparts

Cursor Bugbot: exportId/holdId/savedQueryId were shared between their
respective list operation (optional filter) and update/delete/held-account
operations (required). A stale ID left over from a delete/update on the
same block instance would silently narrow the corresponding list operation
to a single-resource get instead of listing the collection. Gave each list
operation its own dedicated optional field (listExportId, listHoldId,
listSavedQueryId), remapped in tools.config.params — same pattern already
used for listMatterId.
Greptile: savedQueryAccountEmails/savedQueryOrgUnitId spread after their
updateHold* counterparts, so if both were ever truthy at once the wrong
one would silently win. In practice they're mutually exclusive (each only
populated while its own single 'operation' value is selected, so at most
one pair is ever truthy), but reordering costs nothing and removes any
doubt about precedence.
@waleedlatif1 waleedlatif1 force-pushed the worktree-google-vault-audit branch from 1d0b646 to afbd071 Compare July 7, 2026 19:29
Comment thread apps/sim/tools/google_vault/create_matters_export.ts
Reruns scripts/generate-docs.ts against the current block/tool/trigger
registry. Picks up google_vault's new operations plus everything else that
had landed on staging without a docs regen (bigquery, google_calendar,
google_maps, onedrive, microsoft_teams, gitlab, github, discord, dropbox,
and others), plus icon and integrations.json updates.
@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@greptile review

@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@cursor review

Comment thread apps/docs/components/icons.tsx
@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

Re: the ENTIRE_ORG/DRIVE concern flagged in the latest review summary (now also mentioned for create_saved_query.ts, mirroring the same finding already addressed on create_matters_export.ts): I verified this against the live Google Vault API docs (https://developers.google.com/workspace/vault/reference/rest/v1/Query). The ENTIRE_ORG SearchMethod's documented description is explicit: "Search the data of all accounts in the organization. Supported only for Gmail. When specified, you don't need to specify AccountInfo or OrgUnitInfo." DRIVE is not supported for ENTIRE_ORG per the live docs — extending it to DRIVE (as suggested) would introduce a real bug: unscoped DRIVE saved-query/export requests would be sent to an API that rejects them for that method, trading a clear client-side validation error for a confusing server-side one. create_saved_query.ts intentionally mirrors create_matters_export.ts's MAIL-only restriction because that's what the API actually supports — this is correct, not a bug. Keeping both as-is.

@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@greptile review

@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@cursor review

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit 0a96355. Configure here.

@waleedlatif1 waleedlatif1 merged commit ed1492b into staging Jul 7, 2026
18 checks passed
@waleedlatif1 waleedlatif1 deleted the worktree-google-vault-audit branch July 7, 2026 19:53
@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@greptile review

@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@cursor review

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit 0a96355. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant