feat(credentials): token-paste service accounts for 12 providers#5682
feat(credentials): token-paste service accounts for 12 providers#5682waleedlatif1 wants to merge 10 commits into
Conversation
…Spot, Airtable, Notion, Asana, Attio, Linear, monday, Shopify, Webflow, Trello, Cal.com, Wealthbox)
…ied validator hardening - Migrate Google/Atlassian/Slack service-account branches to the same registry pattern as token-paste providers (builder + resolver maps, unified required-fields contract validation) - Fix Shopify service-account store domain never reaching tool URL builders - Linear: rate-limit 400s no longer mislabeled as invalid credentials; validation header matches runtime header rule - Trello: server API key rejection no longer blamed on customer token - Fleet-wide: network errors and non-JSON provider bodies map to provider_unavailable via shared fetchProvider/parseProviderJson - HubSpot: drop regional-host displayName upgrade; Wealthbox: explicit 402; monday: provider-side GraphQL errors mapped correctly; Attio: null-body guard
… for token service accounts - 12 setup-guide docs pages (docs.sim.ai/integrations/<provider>-service-account) incl. the Trello authorize-link flow the integration depends on - Attio: HTTP 400 on /v2/self maps to invalid_credentials (live-verified) - monday: scan all GraphQL errors for provider-side codes; no empty audit ids - Compile-time descriptor/validator lockstep (typed registry) and prototype-safe provider-id guard (Object.hasOwn) - Shared errors.test.ts pinning fetchProvider/parseProviderJson/ throwForProviderResponse guarantees for all validators - Stale TSDoc updated after the registry migration; biome organizeImports pass
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
PR SummaryMedium Risk Overview The implementation is registry-driven instead of one-off branches. Client descriptors define modal fields, connect labels, and required API fields; a generic Integration UX uses vendor-accurate connect nouns (e.g. “Add private app token”). Credential create validation pulls required fields from Docs: twelve new Reviewed by Cursor Bugbot for commit 2452f96. Configure here. |
…guides 34 corrections from a 12-agent audit against live official vendor docs: current HubSpot Development-area nav, Notion connections rename, monday Developer Center paths, Shopify legacy-vs-Dev-Dashboard token flows, and hedged wording for claims vendors do not document (expiry, limits)
… surfaces 'Add service account' only where the vendor actually has service accounts (Google, Atlassian); token-paste providers now use their own vocabulary via a connectNoun descriptor field — 'Add private app token' (HubSpot), 'Add API key' (Attio/Linear/Cal.com), 'Add personal access token' (Airtable), etc. Docs page titles updated to match; slugs and internal provider ids unchanged
…lid credentials Shopify can reject invalid or revoked shpat_ tokens with HTTP 200 and a GraphQL error body instead of a 401; those now map to invalid_credentials instead of a provider-outage message
|
@greptile-apps review |
|
@cursor review |
Greptile SummaryThis PR adds token-paste service-account credentials across the integration system. The main changes are:
Confidence Score: 5/5This looks safe to merge.
Important Files Changed
Reviews (3): Last reviewed commit: "fix(credentials): cold-review hardening ..." | Re-trigger Greptile |
Live probing showed the documented access-token-info route returns a bare 404 for unrecognized tokens (ambiguous with a missing route), so 404/400 now falls back to the Account Information API, which answers with a JSON 401 for rejected tokens and 200/403 for live ones — verified against the real endpoints
- Shopify tools prefer the credential-validated store domain over the
block's auto-detected shopDomain (a store-bound token must hit its own store)
- Unknown non-empty service-account providerIds are rejected instead of
silently persisting as google-service-account (empty stays the legacy
Google fallback)
- Shopify/modal domain normalization strips URL paths ('https://x.myshopify.com/admin')
- monday: warning-class GraphQL errors no longer reject a token whose me
data proves it authenticated
|
@greptile-apps review |
|
@cursor review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit dd00d09. Configure here.
- Object.hasOwn guards on all provider-id registry lookups (crafted '__proto__'/'constructor' providerIds now 400 instead of 500) + regression test - fetchProvider gets a 10s AbortSignal.timeout so a hung provider can't pin the create/reconnect request - HubSpot: unexpected 403 on the token-info route defers to the account-info fallback instead of blaming the token - Linear selector routes use the SDK apiKey option for lin_api_ keys (bare header parity with the tools sweep) - Docs: UI steps aligned to the vendor-noun connect labels; HubSpot scope-propagation claims softened; Trello in-product-link promise corrected
|
@greptile-apps review |
|
@cursor review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 2452f96. Configure here.
Summary
Type of Change
Testing
91 new unit tests for validators + shared error plumbing; full credential/oauth suites green (213 tests); typecheck + check:api-validation pass. Every provider spec was verified against current official API docs by independent review passes.
Checklist