fix(copilot): hosted api key validation + credential validation

[Sg312]

Summary

Brief description of what this PR does and why.

Fixes #(issue)

Type of Change

• Bug fix
• New feature
• Breaking change
• Documentation
• Other: ___________

Testing

How has this been tested? What should reviewers focus on?

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

Screenshots/Videos

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Review	Updated (UTC)
docs	Skipped		Jan 27, 2026 0:17am

[greptile-apps]

Greptile Overview

Greptile Summary

This PR adds credential and API key validation to the workflow editing tool. The changes introduce a new preValidateCredentialInputs function that validates OAuth credentials before applying operations, and filters out API keys for hosted models. Additionally, the post-validation step now skips oauth-input fields since they are pre-validated.

Key changes:

• Added preValidateCredentialInputs function that validates credential IDs belong to the user before operations are applied
• Filters out apiKey inputs for hosted models when isHosted is true
• Modified validateWorkflowSelectorIds to skip oauth-input validation (line 2513) since credentials are now pre-validated
• Uses structuredClone to deep copy operations before filtering
• Credential validation errors are added to the validation errors array and returned to the client

How it works:
The validation now happens in two phases - pre-validation removes invalid credentials and hosted model API keys before applying operations, while post-validation checks other selector types. This prevents invalid credentials from being applied to the workflow state while allowing existing collaborator credentials to remain untouched.

Confidence Score: 4/5

• This PR is safe to merge with minor attention to error handling
• The implementation adds important validation logic and follows good patterns - validates credentials early, uses deep cloning, and properly propagates errors. The logic is sound and well-structured. Score is 4 instead of 5 because the PR lacks tests and the structuredClone usage should be verified to work in all target environments (though it's used elsewhere in the codebase).
• No files require special attention - the server-side changes are the most significant but appear well-implemented

Important Files Changed

Filename	Overview
apps/sim/lib/copilot/tools/client/workflow/edit-workflow.ts	Minor comment update - removed "just" from comment for clarity
apps/sim/lib/copilot/tools/server/workflow/edit-workflow.ts	Added credential and apiKey validation with pre-validation function to filter invalid credentials and hosted model apiKeys before applying operations

Sequence Diagram

sequenceDiagram
    participant Client as EditWorkflowClientTool
    participant API as /api/copilot/execute-copilot-server-tool
    participant Server as EditWorkflowServerTool
    participant PreValidate as preValidateCredentialInputs
    participant Validator as validateSelectorIds
    participant Apply as applyOperationsToWorkflowState
    participant PostValidate as validateWorkflowSelectorIds
    
    Client->>API: POST operations, workflowId
    API->>Server: execute(params, context)
    
    Note over Server: Parse currentUserWorkflow or fetch from DB
    
    Server->>PreValidate: validate credentials & apiKeys
    PreValidate->>PreValidate: Collect oauth-input & apiKey fields from operations
    PreValidate->>PreValidate: Filter apiKeys for hosted models
    PreValidate->>Validator: validateSelectorIds('oauth-input', credentialIds)
    Validator->>Validator: Check credentials belong to user
    Validator-->>PreValidate: {valid, invalid, warning}
    PreValidate->>PreValidate: Remove invalid credentials from operations
    PreValidate-->>Server: {filteredOperations, errors}
    
    Server->>Apply: applyOperationsToWorkflowState(workflowState, filteredOperations)
    Apply-->>Server: {modifiedWorkflowState, validationErrors, skippedItems}
    
    Note over Server: Add credential errors to validationErrors
    
    Server->>PostValidate: validateWorkflowSelectorIds(modifiedWorkflowState)
    Note over PostValidate: Skips oauth-input (already validated)
    PostValidate->>Validator: validateSelectorIds(other selector types)
    Validator-->>PostValidate: validation results
    PostValidate-->>Server: selector validation errors
    
    Server-->>API: {workflowState, validationErrors, skippedItems}
    API-->>Client: {workflowState, inputValidationErrors, skippedItems}
    
    Note over Client: Apply diff & mark complete with errors

Loading

[greptile-apps]

_{No files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}

[cursor]

Cursor Bugbot has reviewed your changes and found 3 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

[cursor]

Nested node credentials bypass ownership validation

High Severity

Credentials in nestedNodes (blocks inside loop/parallel containers) bypass ownership validation entirely. The new preValidateCredentialInputs function only processes op.params.inputs and doesn't iterate over op.params.nestedNodes. Meanwhile, validateWorkflowSelectorIds now skips oauth-input validation because the comment assumes credentials are pre-validated. This creates a gap where nested node credentials are never validated for ownership.

Additional Locations (1)

• apps/sim/lib/copilot/tools/server/workflow/edit-workflow.ts#L2613-L2650

 

[cursor]

Nested nodes apiKey filtering bypass for hosted models

Medium Severity

The preValidateCredentialInputs function filters apiKey inputs for hosted models but only processes op.params.inputs, not op.params.nestedNodes. When adding blocks inside a loop/parallel with nested nodes that specify both a hosted model and an apiKey, the apiKey won't be filtered. This defeats the stated purpose of the hosted API key validation feature.

 

[cursor]

Edit operations skip apiKey check for existing block models

Low Severity

The apiKey validation only checks op.params.inputs.model to determine if the model is hosted. For edit operations on existing blocks where the model is already set (not provided in the operation), an apiKey input won't be filtered even if the block's existing model is a hosted model. The workflow state is available before this function is called but isn't passed in to check existing blocks.