fix(copilot): always allow, credential masking (#2947)

* Fix always allow, credential validation * Credential masking * Autoload
2026-04-06 03:00:16 -04:00 · 2026-01-22 13:07:16 -08:00
parent ab09a5ad23
commit 91da7e183a
7 changed files with 300 additions and 35 deletions
--- a/apps/sim/lib/copilot/tools/server/workflow/edit-workflow.ts
+++ b/apps/sim/lib/copilot/tools/server/workflow/edit-workflow.ts
@@ -2468,16 +2468,17 @@ async function validateWorkflowSelectorIds(
    const result = await validateSelectorIds(selector.selectorType, selector.value, context)

    if (result.invalid.length > 0) {
+      // Include warning info (like available credentials) in the error message for better LLM feedback
+      const warningInfo = result.warning ? `. ${result.warning}` : ''
      errors.push({
        blockId: selector.blockId,
        blockType: selector.blockType,
        field: selector.fieldName,
        value: selector.value,
-        error: `Invalid ${selector.selectorType} ID(s): ${result.invalid.join(', ')} - ID(s) do not exist`,
+        error: `Invalid ${selector.selectorType} ID(s): ${result.invalid.join(', ')} - ID(s) do not exist or user doesn't have access${warningInfo}`,
      })
-    }
-
-    if (result.warning) {
+    } else if (result.warning) {
+      // Log warnings that don't have errors (shouldn't happen for credentials but may for other selectors)
      logger.warn(result.warning, {
        blockId: selector.blockId,
        fieldName: selector.fieldName,
--- a/apps/sim/lib/copilot/validation/selector-validator.ts
+++ b/apps/sim/lib/copilot/validation/selector-validator.ts
@@ -39,6 +39,31 @@ export async function validateSelectorIds(
          .from(account)
          .where(and(inArray(account.id, idsArray), eq(account.userId, context.userId)))
        existingIds = results.map((r) => r.id)
+
+        // If any IDs are invalid, fetch user's available credentials to include in error message
+        const existingSet = new Set(existingIds)
+        const invalidIds = idsArray.filter((id) => !existingSet.has(id))
+        if (invalidIds.length > 0) {
+          // Fetch all of the user's credentials to provide helpful feedback
+          const allUserCredentials = await db
+            .select({ id: account.id, providerId: account.providerId })
+            .from(account)
+            .where(eq(account.userId, context.userId))
+
+          const availableCredentials = allUserCredentials
+            .map((c) => `${c.id} (${c.providerId})`)
+            .join(', ')
+          const noCredentialsMessage = 'User has no credentials configured.'
+
+          return {
+            valid: existingIds,
+            invalid: invalidIds,
+            warning:
+              allUserCredentials.length > 0
+                ? `Available credentials for this user: ${availableCredentials}`
+                : noCredentialsMessage,
+          }
+        }
        break
      }