Fix/execution

[Vamsi-o]

Summary by CodeRabbit

• Updates
  • Updated Google OAuth authentication endpoint path for improved routing configuration.
  • Corrected the redirect destination following successful Google OAuth authentication to ensure users are directed to the proper location.

[coderabbitai]

📝 Walkthrough

Walkthrough

Route path updated from /auth/google to /oauth/google. Google OAuth callback redirect changed from /workflow to /workflows when no workflowId provided. Credential handling in user routes refactored to use full Config object instead of destructured credentialId. TypeScript build metadata updated across multiple packages.

Changes

Cohort / File(s)	Summary
OAuth Authentication Routes apps/http-backend/src/index.ts, apps/http-backend/src/routes/google_callback.ts	Google OAuth route path renamed from /auth/google to /oauth/google; OAuth callback redirect target changed from /workflow to /workflows when no workflowId is present.
User Routes Credential Handling apps/http-backend/src/routes/userRoutes/userRoutes.ts	Refactored node creation and update flows to use full Config object directly instead of destructuring credentialId; CredentialsID now derived from Config?.credentialId with null fallback.
TypeScript Build Metadata apps/http-backend/tsconfig.tsbuildinfo, apps/worker/tsconfig.tsbuildinfo, packages/common/tsconfig.tsbuildinfo, packages/nodes/tsconfig.tsbuildinfo	Updated root source file tracking in build graphs; includes route file reorganization, narrowed build graph in worker, and addition of interpolation and execution-related files.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• fix: refactor credential handling in user routes and update credentia… #63: Modifies credential/Config handling in the same userRoutes.ts file with related destructuring logic changes.
• feat: enhance Google OAuth integration and improve environment variab… #57: Updates Google OAuth route naming and callback redirect behavior alongside workflow-aware redirect handling.
• fix: improve error handling and response messages in webhook and user… #62: Modifies the same userRoutes.ts file for node execution and credential workflow logic.

Suggested reviewers

• TejaBudumuru3

Poem

🐰 A hop through auth, a config twist,
Routes renamed—a path dismissed,
Credentials flow in Config's keep,
While build graphs update, clean and deep! ✨

🚥 Pre-merge checks | ✅ 3 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The pull request title 'Fix/execution' is too vague and generic; it does not clearly convey what specific issue or feature is being addressed.	Revise the title to be more specific and descriptive, such as 'Update OAuth route paths and redirect targets' or 'Refactor config handling in user routes', to clearly communicate the main changes.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into main

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/Execution

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

apps/http-backend/src/routes/google_callback.ts (3)

133-149: ⚠️ Potential issue | 🟠 Major

Inconsistent redirect path in error handler.

The success redirect (line 135) was updated to /workflows, but the error redirect (line 148) still points to /workflow. This looks like an oversight — the error case should redirect to the same base path.

Proposed fix

       const errorUrl = workflowId
         ? `http://localhost:3000/workflows/${workflowId}?google=error&msg=${encodeURIComponent(err?.message ?? "Token exchange failed")}`
-        : `http://localhost:3000/workflow?google=error&msg=${encodeURIComponent(err?.message ?? "Token exchange failed")}`;
+        : `http://localhost:3000/workflows?google=error&msg=${encodeURIComponent(err?.message ?? "Token exchange failed")}`;

---

153-199: ⚠️ Potential issue | 🟠 Major

Debug endpoints expose sensitive configuration and credentials in production.

The /debug/config and /debug/credentials endpoints have no authentication (userMiddleware is not applied) and expose OAuth client IDs, token metadata, and credential details. These should be removed or gated behind a development-only check before shipping.

---

72-75: ⚠️ Potential issue | 🔴 Critical

Remove userMiddleware from /callback endpoint—it blocks Google's OAuth redirect.

The /callback route receives an unauthenticated redirect from Google's servers. Since userMiddleware requires a valid JWT token and returns a 400 error when none is present (see userMiddleware.ts lines 27-30), the OAuth callback will never reach the handler, breaking the entire OAuth flow.

The /initiate endpoint correctly uses userMiddleware because the user is already authenticated when initiating OAuth, but /callback must remain unprotected to accept Google's redirect.

🤖 Fix all issues with AI agents

In `@apps/http-backend/src/routes/userRoutes/userRoutes.ts`:
- Around line 577-583: The update path is inconsistent with the create handler:
it persists dataSafe.data.Config (including credentialId) into the JSON config
and also sets CredentialsID, causing duplication; modify the
prismaClient.node.update call to strip credentialId from dataSafe.data.Config
before saving (same approach as the create handler) so config does not contain
credentialId and only CredentialsID holds it — locate the update logic around
prismaClient.node.update, reference dataSafe.data.Config and CredentialsID,
remove/exclude credentialId from the config object prior to passing it into the
data: { config: ..., CredentialsID: ... } payload.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Inconsistency between create and update: credentialId handling in config.

The create handler (line 527) destructures credentialId out of Config so it's stored only in CredentialsID, not in the config JSON column. The update handler now stores the full Config (including credentialId) in the config column and extracts it into CredentialsID. This means:

1. After create: config has no credentialId, CredentialsID is set.
2. After update: config contains credentialId, CredentialsID is also set.

This divergence can cause bugs if downstream code reads credentialId from config (it'll be missing on freshly created nodes) or leads to stale data if only one location is updated.

Consider either stripping credentialId from Config in both handlers, or keeping it in both — but be consistent.

Option: Strip credentialId in the update handler too (consistent with create)

-      // const { credentialId, ...restConfig } = dataSafe.data.Config;
+      const { credentialId, ...restConfig } = dataSafe.data.Config ?? {};
       const updateNode = await prismaClient.node.update({
         where: { id: dataSafe.data.NodeId },
         data: {
           position: dataSafe.data.position,
-          config: dataSafe.data.Config ,
-          CredentialsID: dataSafe.data.Config?.credentialId || null
+          config: restConfig || {},
+          CredentialsID: credentialId || null
         },
       });

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// const { credentialId, ...restConfig } = dataSafe.data.Config;
	const updateNode = await prismaClient.node.update({
	where: { id: dataSafe.data.NodeId },
	data: {
	position: dataSafe.data.position,
	config: restConfig,
	CredentialsID: credentialId
	config: dataSafe.data.Config ,
	CredentialsID: dataSafe.data.Config?.credentialId || null
	const { credentialId, ...restConfig } = dataSafe.data.Config ?? {};
	const updateNode = await prismaClient.node.update({
	where: { id: dataSafe.data.NodeId },
	data: {
	position: dataSafe.data.position,
	config: restConfig || {},
	CredentialsID: credentialId || null

🤖 Prompt for AI Agents

In `@apps/http-backend/src/routes/userRoutes/userRoutes.ts` around lines 577 -
583, The update path is inconsistent with the create handler: it persists
dataSafe.data.Config (including credentialId) into the JSON config and also sets
CredentialsID, causing duplication; modify the prismaClient.node.update call to
strip credentialId from dataSafe.data.Config before saving (same approach as the
create handler) so config does not contain credentialId and only CredentialsID
holds it — locate the update logic around prismaClient.node.update, reference
dataSafe.data.Config and CredentialsID, remove/exclude credentialId from the
config object prior to passing it into the data: { config: ..., CredentialsID:
... } payload.

[Copilot]

Pull request overview

This PR addresses execution-related fixes in the workflow automation system. The changes primarily focus on fixing OAuth redirect URLs and adjusting how node configuration data (specifically credentialId) is handled during updates.

Changes:

• Fixed OAuth redirect URL path from /workflow to /workflows for consistency with the application routing
• Changed OAuth route path from /auth/google to /oauth/google
• Modified node update logic to keep credentialId in Config object instead of extracting it
• Added @repo/common workspace dependency to enable interpolation utilities in the worker

Reviewed changes

Copilot reviewed 7 out of 8 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
pnpm-lock.yaml	Adds @repo/common as devDependency to worker for interpolation utilities
packages/nodes/tsconfig.tsbuildinfo	TypeScript build artifact reflecting new execution registry files
packages/common/tsconfig.tsbuildinfo	TypeScript build artifact reflecting interpolation module addition
apps/worker/tsconfig.tsbuildinfo	TypeScript build artifact with reduced file list (test files removed)
apps/http-backend/tsconfig.tsbuildinfo	TypeScript build artifact reflecting route file changes
apps/http-backend/src/routes/userRoutes/userRoutes.ts	Modified node update to keep credentialId in Config instead of extracting it
apps/http-backend/src/routes/google_callback.ts	Fixed successful OAuth redirect URL from /workflow to /workflows
apps/http-backend/src/index.ts	Changed OAuth route mount point from /auth/google to /oauth/google

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

[Copilot]

The error redirect URL on line 148 still uses the old path /workflow instead of /workflows. This inconsistency means that if the OAuth token exchange fails, users will be redirected to the wrong URL. Update this line to use /workflows to match the successful redirect path on line 135.

[Copilot]

There is an inconsistency between the node creation and update logic. The create endpoint (line 527) destructures credentialId from Config and stores it separately, while this update now keeps credentialId in Config. This means newly created nodes will have Config without credentialId, but updated nodes will have Config with credentialId. For consistency, either both should remove credentialId from Config, or both should keep it. Based on line 37 in executionRoutes.ts which uses config.credentialId as a fallback, keeping it in Config seems intentional. Consider also updating the create endpoint (line 527) to match this behavior.