fix(execution): scope X-Sim-Via header to internal routes and enforce depth limit#3313
fix(execution): scope X-Sim-Via header to internal routes and enforce depth limit#3313waleedlatif1 merged 3 commits intostagingfrom
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub. |
Greptile SummaryThis PR fixes a security issue where the
Confidence Score: 4/5
Important Files Changed
Flowchart%%{init: {'theme': 'neutral'}}%%
flowchart TD
A["Incoming Request\n(API or MCP)"] --> B["Parse X-Sim-Via Header\n(parseCallChain)"]
B --> C{"Validate Depth\n>= 10?"}
C -->|Yes| D["Return 409\nDepth Exceeded"]
C -->|No| E["Build Next Chain\n(append workflowId)"]
E --> F["Execute Workflow"]
F --> G{"Child Workflow\n(inline)?"}
G -->|Yes| H["Build Child Chain\n(append childWorkflowId)"]
H --> I{"Validate Child\nDepth >= 10?"}
I -->|Yes| J["Throw ChildWorkflowError"]
I -->|No| K["Execute Child\n(with childCallChain)"]
G -->|No| L{"Outgoing HTTP\nRequest?"}
L -->|Internal Route| M["Set X-Sim-Via Header\n(tools/index.ts)"]
L -->|External Route| N["No X-Sim-Via Header\n(prevents ID leakage)"]
M --> A
Last reviewed commit: 27e9560 |
…ld workflow depth validation - Move call chain header injection from HTTP tool layer (request.ts/utils.ts) to tool execution layer (tools/index.ts) gated on isInternalRoute, preventing internal workflow IDs from leaking to external third-party APIs - Remove cycle detection from validateCallChain — depth limit alone prevents infinite loops while allowing legitimate self-recursion (pagination, tree processing, batch splitting) - Add validateCallChain check in workflow-handler.ts before spawning child executor, closing the gap where in-process child workflows skipped validation - Remove unsafe `(params as any)._context` type bypass in request.ts Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
@cursor review |
|
@greptile |
Validate childCallChain (after appending current workflow ID) rather than ctx.callChain (parent). Prevents an off-by-one where a chain at depth 10 could still spawn an 11th workflow. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
@greptile |
|
@cursor review |
Summary
X-Sim-Viaheader to internal routes only — previously it was attached to all outgoing HTTP requests, leaking internal workflow IDs to external third-party APIsvalidateCallChain— depth limit of 10 alone prevents infinite loops while allowing legitimate self-recursion (pagination, tree traversal, batch splitting)workflow-handler.tsbefore spawning child executors — previously in-process child workflows skipped validation entirely(params as any)._contexttype bypass inrequest.tsby moving header injection totools/index.tswhere_contextis already accessedType of Change
Testing
Checklist