fix(security): harden file access controls, webhook auth, and input bounds

[waleedlatif1]

Summary

• Added file access authorization checks across all tool routes that download user-uploaded files, ensuring files can only be accessed by members of the workspace that owns them
• Tightened auth guards on all affected routes to require a resolved user identity in addition to a successful auth result; TypeScript now enforces this at the call site via a narrowed const userId
• Switched multi-attachment routes (Gmail, Outlook, Discord, SendGrid, SMTP) from sequential to parallel access-check + parallel download — all checks complete before any download begins
• Cleaned up webhook provider failure logs (Attio, GitHub, Intercom) to remove diagnostic metadata that had no place in production logs; verified timing-safe comparison is used throughout
• Fixed parameterized JSONB binding in the human-in-the-loop manager to use the correct drizzle pattern instead of raw string interpolation
• Fixed Microsoft Teams mention replacement to use replaceAll so all occurrences in a message body are substituted, not just the first
• Capped SSH/SFTP transfer maxSize with explicit min/max bounds on the Zod schema
• Improved logs page time filter: upgraded to a proper date picker component with clearer UX for custom range selection

Type of Change

• Bug fix

Testing

Tested manually

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
docs	Skipped		May 14, 2026 8:18pm

[cursor]

PR Summary

Medium Risk
Touches many API tool routes and shared helpers to enforce file authorization before downloads; mistakes could block legitimate workflows or create inconsistent 404/401 behavior. Also changes date-range filtering to include time semantics, which can subtly affect log queries.

Overview
Security hardening for tool file downloads. Adds assertToolFileAccess/FileAccessDeniedError and wires explicit per-user file authorization into many tool routes (and Slack/Teams server utils) before any storage download occurs, including parallelized access-check + download flows for multi-attachment senders (Gmail/Outlook/Discord/SendGrid/SMTP). Auth guards are tightened to require a resolved userId at the call site.

Behavior and robustness tweaks. Webhook providers remove overly-detailed signature-failure debug metadata and WhatsApp token verification now uses safeCompare. Human-in-the-loop pause-point updates switch to safe JSONB parameter binding, Teams mention replacement uses replaceAll, and SSH read maxSize is bounded.

Logs UI/filters improvements. Date range picking gains optional time selection (DatePicker.showTime), time-range dropdown sizing/scroll limits are adjusted, and custom-range tags now display formatted short dates with time when present; backend range parsing respects timestamps when supplied.

^{Reviewed by Cursor Bugbot for commit af63a74. Configure here.}

[greptile-apps]

Greptile Summary

This PR is a broad security hardening pass across the Sim application, adding file-access authorization checks to ~30 tool routes, tightening webhook signature validation, fixing a parameterized JSONB binding, replacing String.replace with replaceAll for Teams mentions, capping SSH maxSize via Zod bounds, and upgrading the logs time-filter to a proper date-range picker with optional time inputs.

• File-access authorization: All tool routes that download user-uploaded files now check that the requesting user belongs to the workspace that owns the file, using a new FileAccessDeniedError class and consistent 404 responses. Multi-attachment email routes (Gmail, Outlook, SendGrid, SMTP, Discord) first run all access checks in parallel, then download in parallel, ensuring no byte is transferred before authorization is confirmed.
• Webhook / security fixes: WhatsApp verification now uses safeCompare (timing-safe); Attio, GitHub, and Intercom failure logs no longer emit signature/secret length metadata; the HITL manager's jsonb_set call replaces sql.raw(now.toISOString()) with a proper Drizzle parameterized binding.
• Logs date picker: showTime support added to the DatePicker component; filters.ts updated to preserve the user-selected time instead of overriding hours when a datetime string is supplied.

Confidence Score: 5/5

Safe to merge; the authorization changes are consistent and correct across all affected routes.

All the core security changes — file access guards, parallel access checks before downloads, timing-safe webhook comparisons, and the JSONB parameterized binding — are implemented correctly. The Teams and Slack sequential loops expose a minor resource-leak edge case (earlier uploads orphaned if a later file is denied), but this does not grant any unauthorised access and every route still returns the correct 404. No data corruption or auth bypass paths were found.

apps/sim/tools/microsoft_teams/server-utils.ts and apps/sim/app/api/tools/slack/utils.ts — the sequential per-file loop means files already uploaded to OneDrive or Slack can be left orphaned if a later file fails the access check.

Important Files Changed

Filename	Overview
apps/sim/app/api/files/authorization.ts	Adds FileAccessDeniedError class; tightens assertToolFileAccess signature to userId: string, removing the now-redundant runtime !userId guard since callers are responsible for the check.
apps/sim/lib/workflows/executor/human-in-the-loop-manager.ts	Replaces sql.raw(now.toISOString()) with a parameterized Drizzle binding; semantically equivalent and avoids raw SQL string injection.
apps/sim/lib/webhooks/providers/whatsapp.ts	Switches WhatsApp hub-mode verification from === to safeCompare; the !verificationToken guard ensures the as string cast is safe.
apps/sim/tools/microsoft_teams/server-utils.ts	Access check added before each download inside the sequential per-file loop; if a later file is denied after earlier files have already been uploaded to OneDrive, those uploads are orphaned.
apps/sim/app/api/tools/slack/utils.ts	Access check added before each download in the sequential per-file loop; same partial-upload exposure as Teams when a later file is denied after earlier files have been uploaded to Slack.
apps/sim/components/emcn/components/date-picker/date-picker.tsx	Adds optional showTime prop for range mode; emits YYYY-MM-DDTHH:mm:59 end strings and swaps start/end times on the same date when start > end.
apps/sim/lib/logs/filters.ts	Start-date path skips setHours(0,0,0,0) when a T component is present; end-date path calls setMilliseconds(999) to round to the last millisecond of the selected second.
apps/sim/lib/api/contracts/storage-transfer.ts	Adds .min(0.01).max(50) to SSH maxSize; prevents zero or unbounded transfer sizes.
apps/sim/tools/microsoft_teams/utils.ts	Switches replace to replaceAll for mention tag substitution in both chat and channel resolvers.
apps/sim/app/api/tools/gmail/send/route.ts	Representative multi-attachment route: all access checks run in parallel first, then downloads run in parallel; userId guard and const narrowing applied correctly.

_{Reviews (4): Last reviewed commit: "remove tooltip from resource tabs" | Re-trigger Greptile}

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit a0b1073. Configure here.}

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit af63a74. Configure here.}