Skip to content

fix(copilot): always allow, credential masking #2947

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Sg312 merged 3 commits into from
Jan 22, 2026
Merged

fix(copilot): always allow, credential masking #2947

Sg312 merged 3 commits into from
Jan 22, 2026

Conversation

@Sg312
Copy link
Contributor

@Sg312 Sg312 commented Jan 22, 2026
edited
Loading

Summary

Fixes always allow, and masks credentials

Type of Change

  • Bug fix

Testing

Manual

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

@vercel
Copy link

vercel bot commented Jan 22, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Review Updated (UTC)
docs Skipped Skipped Jan 22, 2026 9:01pm

Request Review

@greptile-apps
Copy link
Contributor

greptile-apps bot commented Jan 22, 2026

Greptile Summary

This PR implements two key security and UX improvements for the copilot system:

Credential Masking: Prevents credential IDs from being exposed in the UI and database by:

  • Loading user's credential IDs at chat start and storing them in a Set
  • Masking credential IDs with •••••••• in all displayed content (messages, thinking blocks, tool call summaries)
  • Recursively masking credential IDs before persisting messages to the database
  • Enhanced validation error messages to include available credentials for better LLM feedback

Always Allow for All Tools: Extended the "Always Allow" functionality to work with integration tools (not just client tools):

  • Removed restriction that hid "Always Allow" button for integration tools
  • Modified SSE handlers to auto-execute tools that are in the autoAllowedTools list, even if they have interrupts
  • When a tool is added to auto-allowed list, all pending tools of the same type are automatically executed
  • Added proper execution guards to prevent duplicate execution races

Confidence Score: 4/5

  • This PR is safe to merge with thorough testing of the auto-execution flow
  • The changes are well-structured with proper guards against race conditions. The credential masking is defensive (masks in both UI and DB). The "always allow" extension is logical but increases complexity in the auto-execution flow across multiple code paths (registry tools, class tools, integration tools, and subagent tools). The guard at line 3784-3795 prevents double execution, and similar guards exist in SSE handlers (lines 1375-1379, 1493-1496). No critical issues found, but the auto-execution logic spans many locations which could benefit from integration testing.
  • The main store file (store.ts) contains complex auto-execution logic across multiple handler paths that should be thoroughly tested

Important Files Changed

Filename Overview
apps/sim/stores/panel/copilot/store.ts Added credential masking and "always allow" for all tool types including integration tools. Auto-executes pending tools when adding to auto-allowed list.
apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/copilot/components/tool-call/tool-call.tsx Enabled "always allow" for all interrupt tools (removed integration tool restriction), added credential masking to subagent content and workflow edit summaries.
apps/sim/lib/copilot/validation/selector-validator.ts Enhanced credential validation errors to include available credentials list for better LLM feedback when invalid credential IDs are used.

Sequence Diagram

sequenceDiagram
    participant User
    participant UI as Copilot UI
    participant Store as Copilot Store
    participant API as Backend API
    participant DB as Database

    Note over Store: On chat start
    Store->>API: POST /api/copilot/execute-copilot-server-tool<br/>(get_credentials)
    API->>DB: Query user's credentials
    DB-->>API: Return credentials list
    API-->>Store: Return credentials with IDs
    Store->>Store: Store credential IDs in sensitiveCredentialIds Set

    Note over Store: Tool execution flow
    Store->>Store: SSE handler receives tool_call
    Store->>Store: Check autoAllowedTools list
    alt Tool is auto-allowed
        Store->>Store: Auto-execute tool (skip user confirmation)
    else Tool requires confirmation
        Store->>UI: Show Allow/Always Allow/Skip buttons
        User->>UI: Clicks "Always Allow"
        UI->>Store: addAutoAllowedTool(toolName)
        Store->>API: POST /api/copilot/auto-allowed-tools
        API->>DB: Add tool to auto-allowed list
        DB-->>API: Success
        API-->>Store: Return updated autoAllowedTools
        Store->>Store: Find all pending tools of same type
        loop For each pending tool
            alt Integration tool
                Store->>Store: executeIntegrationTool(toolCallId)
            else Client tool with interrupt
                Store->>Store: Call tool.handleAccept(params)
            end
        end
    end

    Note over UI: Credential masking
    Store->>Store: serializeMessagesForDB(messages)
    Store->>Store: maskCredentialIdsInValue(message, credentialIds)
    Store->>Store: Replace credential IDs with "••••••••"
    Store->>API: Save masked messages to DB
    UI->>Store: Request message content
    Store->>Store: maskCredentialValue(content)
    Store-->>UI: Return masked content
    UI->>UI: Render content with masked credentials
Loading

@Sg312 Sg312 merged commit 91da7e1 into staging Jan 22, 2026
10 checks passed
@waleedlatif1 waleedlatif1 mentioned this pull request Jan 22, 2026
Merged
waleedlatif1 added a commit that referenced this pull request Jan 22, 2026
@waleedlatif1 @icecrasher321 @Sg312
v0.5.68: router block reasoning, executor improvements, variable reso…
e9c4251 
…lution consolidation, helm updates (#2946)

* improvement(workflow-item): stabilize avatar layout and fix name truncation (#2939)

* improvement(workflow-item): stabilize avatar layout and fix name truncation

* fix(avatars): revert overflow bg to hardcoded color for contrast

* fix(executor): stop parallel execution when block errors (#2940)

* improvement(helm): add per-deployment extraVolumes support (#2942)

* fix(gmail): expose messageId field in read email block (#2943)

* fix(resolver): consolidate reference resolution  (#2941)

* fix(resolver): consolidate code to resolve references

* fix edge cases

* use already formatted error

* fix multi index

* fix backwards compat reachability

* handle backwards compatibility accurately

* use shared constant correctly

* feat(router): expose reasoning output in router v2 block (#2945)

* fix(copilot): always allow, credential masking (#2947)

* Fix always allow, credential validation

* Credential masking

* Autoload

* fix(executor): handle condition dead-end branches in loops (#2944)

---------

Co-authored-by: Vikhyath Mondreti <[email protected]>
Co-authored-by: Siddharth Ganesan <[email protected]>
@waleedlatif1 waleedlatif1 deleted the fix/copilot branch January 25, 2026 05:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Sg312