fix(build): keep agiloft/grafana tool configs client-safe

Tool config files are statically reachable from the client bundle (via
tools/registry.ts → tools/{service}/index.ts). Importing
`@/lib/core/security/input-validation.server` from these files pulled
`node:dns/promises` into the Turbopack client bundle and broke the build.

Split agiloft utils into client-safe (`utils.ts`, plain fetch + sync
`validateExternalUrl`) and server-only (`utils.server.ts`, DNS-pinned
variants). Routes that need TOCTOU protection import the pinned helpers;
the executor-side tool path falls back to sync URL validation (matches
the supabase precedent and pre-PR baseline).

Grafana update tools likewise switch from `secureFetchWithValidation`
(server-only) to inline sync `validateExternalUrl` + plain fetch.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Author: waleedlatif1

apps/sim/app/api/tools/agiloft/attach/route.ts

@@ -11,12 +11,12 @@ import type { RawFileInput } from '@/lib/uploads/utils/file-schemas'
 import { processFilesToUserFiles } from '@/lib/uploads/utils/file-utils'
 import { downloadFileFromStorage } from '@/lib/uploads/utils/file-utils.server'
 import { assertToolFileAccess } from '@/app/api/files/authorization'
+import { buildAttachFileUrl } from '@/tools/agiloft/utils'
 import {
-  agiloftLogin,
-  agiloftLogout,
-  buildAttachFileUrl,
+  agiloftLoginPinned,
+  agiloftLogoutPinned,
   resolveAgiloftInstance,
-} from '@/tools/agiloft/utils'
+} from '@/tools/agiloft/utils.server'
 
 export const dynamic = 'force-dynamic'
 
@@ -87,7 +87,7 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
       return NextResponse.json({ success: false, error: toError(error).message }, { status: 400 })
     }
 
-    const token = await agiloftLogin(data, resolvedIP)
+    const token = await agiloftLoginPinned(data, resolvedIP)
     const base = data.instanceUrl.replace(/\/$/, '')
 
     try {
@@ -139,7 +139,7 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
         },
       })
     } finally {
-      await agiloftLogout(data.instanceUrl, data.knowledgeBase, token, resolvedIP)
+      await agiloftLogoutPinned(data.instanceUrl, data.knowledgeBase, token, resolvedIP)
     }
   } catch (error) {
     logger.error(`[${requestId}] Error attaching file to Agiloft:`, error)

apps/sim/app/api/tools/agiloft/retrieve/route.ts

@@ -7,12 +7,12 @@ import { checkInternalAuth } from '@/lib/auth/hybrid'
 import { secureFetchWithPinnedIP } from '@/lib/core/security/input-validation.server'
 import { generateRequestId } from '@/lib/core/utils/request'
 import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
+import { buildRetrieveAttachmentUrl } from '@/tools/agiloft/utils'
 import {
-  agiloftLogin,
-  agiloftLogout,
-  buildRetrieveAttachmentUrl,
+  agiloftLoginPinned,
+  agiloftLogoutPinned,
   resolveAgiloftInstance,
-} from '@/tools/agiloft/utils'
+} from '@/tools/agiloft/utils.server'
 
 export const dynamic = 'force-dynamic'
 
@@ -63,7 +63,7 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
       return NextResponse.json({ success: false, error: toError(error).message }, { status: 400 })
     }
 
-    const token = await agiloftLogin(data, resolvedIP)
+    const token = await agiloftLoginPinned(data, resolvedIP)
     const base = data.instanceUrl.replace(/\/$/, '')
 
     try {
@@ -127,7 +127,7 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
         },
       })
     } finally {
-      await agiloftLogout(data.instanceUrl, data.knowledgeBase, token, resolvedIP)
+      await agiloftLogoutPinned(data.instanceUrl, data.knowledgeBase, token, resolvedIP)
     }
   } catch (error) {
     logger.error(`[${requestId}] Error retrieving Agiloft attachment:`, error)

apps/sim/tools/agiloft/utils.server.ts

@@ -0,0 +1,79 @@
+import { createLogger } from '@sim/logger'
+import {
+  type SecureFetchResponse,
+  secureFetchWithPinnedIP,
+  validateUrlWithDNS,
+} from '@/lib/core/security/input-validation.server'
+import type { AgiloftBaseParams } from '@/tools/agiloft/types'
+
+const logger = createLogger('AgiloftAuthServer')
+
+/**
+ * Validates the Agiloft instance URL and resolves its DNS once, returning the
+ * resolved IP so subsequent requests can pin to it. This prevents DNS-rebinding
+ * (TOCTOU) SSRF where the hostname could resolve to a private IP on a later
+ * lookup. Server-only — uses node:dns/promises.
+ */
+export async function resolveAgiloftInstance(instanceUrl: string): Promise<string> {
+  const validation = await validateUrlWithDNS(instanceUrl, 'instanceUrl')
+  if (!validation.isValid || !validation.resolvedIP) {
+    throw new Error(validation.error || 'Invalid Agiloft instance URL')
+  }
+  return validation.resolvedIP
+}
+
+/**
+ * DNS-pinned variant of agiloftLogin. Requires a pre-resolved IP so the
+ * connection cannot be steered to a different host between validation and
+ * the actual TCP connection.
+ */
+export async function agiloftLoginPinned(
+  params: AgiloftBaseParams,
+  resolvedIP: string
+): Promise<string> {
+  const base = params.instanceUrl.replace(/\/$/, '')
+  const kb = encodeURIComponent(params.knowledgeBase)
+  const login = encodeURIComponent(params.login)
+  const password = encodeURIComponent(params.password)
+
+  const url = `${base}/ewws/EWLogin?$KB=${kb}&$login=${login}&$password=${password}`
+  const response = await secureFetchWithPinnedIP(url, resolvedIP, { method: 'POST' })
+
+  if (!response.ok) {
+    const errorText = await response.text()
+    throw new Error(`Agiloft login failed: ${response.status} - ${errorText}`)
+  }
+
+  const data = (await response.json()) as { access_token?: string }
+  const token = data.access_token
+
+  if (!token) {
+    throw new Error('Agiloft login did not return an access token')
+  }
+
+  return token
+}
+
+/**
+ * DNS-pinned variant of agiloftLogout. Best-effort — failures are logged but
+ * not thrown.
+ */
+export async function agiloftLogoutPinned(
+  instanceUrl: string,
+  knowledgeBase: string,
+  token: string,
+  resolvedIP: string
+): Promise<void> {
+  try {
+    const base = instanceUrl.replace(/\/$/, '')
+    const kb = encodeURIComponent(knowledgeBase)
+    await secureFetchWithPinnedIP(`${base}/ewws/EWLogout?$KB=${kb}`, resolvedIP, {
+      method: 'POST',
+      headers: { Authorization: `Bearer ${token}` },
+    })
+  } catch (error) {
+    logger.warn('Agiloft logout failed (best-effort)', { error })
+  }
+}
+
+export type { SecureFetchResponse }

apps/sim/tools/agiloft/utils.test.ts

@@ -1,12 +1,8 @@
 /**
  * @vitest-environment node
  */
-import { inputValidationMock, inputValidationMockFns } from '@sim/testing'
-import { beforeEach, describe, expect, it, vi } from 'vitest'
-
-vi.mock('@/lib/core/security/input-validation.server', () => inputValidationMock)
-
-import { executeAgiloftRequest, resolveAgiloftInstance } from '@/tools/agiloft/utils'
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+import { executeAgiloftRequest } from '@/tools/agiloft/utils'
 
 const baseParams = {
   instanceUrl: 'https://example.agiloft.com',
@@ -16,77 +12,34 @@ const baseParams = {
   table: 'contracts',
 }
 
-const PINNED_IP = '93.184.216.34'
-
-function mockSecureFetchResponse(body: {
-  ok?: boolean
-  status?: number
-  json?: unknown
-  text?: string
-  arrayBuffer?: ArrayBuffer
-}) {
+function mockFetchResponse(body: { ok?: boolean; status?: number; json?: unknown; text?: string }) {
   return {
     ok: body.ok ?? true,
     status: body.status ?? 200,
     statusText: '',
     headers: new Headers(),
-    body: null,
     text: async () => body.text ?? '',
     json: async () => body.json ?? {},
-    arrayBuffer: async () => body.arrayBuffer ?? new ArrayBuffer(0),
-  }
+  } as unknown as Response
 }
 
+const fetchSpy = vi.fn<typeof fetch>()
+
 beforeEach(() => {
-  vi.clearAllMocks()
-  inputValidationMockFns.mockValidateUrlWithDNS.mockResolvedValue({
-    isValid: true,
-    resolvedIP: PINNED_IP,
-    originalHostname: 'example.agiloft.com',
-  })
+  fetchSpy.mockReset()
+  vi.stubGlobal('fetch', fetchSpy)
 })
 
-describe('resolveAgiloftInstance', () => {
-  it('returns the resolved IP for a valid URL', async () => {
-    const ip = await resolveAgiloftInstance('https://example.agiloft.com')
-    expect(ip).toBe(PINNED_IP)
-    expect(inputValidationMockFns.mockValidateUrlWithDNS).toHaveBeenCalledWith(
-      'https://example.agiloft.com',
-      'instanceUrl'
-    )
-  })
-
-  it('throws when the URL resolves to a blocked IP', async () => {
-    inputValidationMockFns.mockValidateUrlWithDNS.mockResolvedValueOnce({
-      isValid: false,
-      error: 'instanceUrl resolves to a blocked IP address',
-    })
-
-    await expect(resolveAgiloftInstance('https://attacker.example.com')).rejects.toThrow(
-      'instanceUrl resolves to a blocked IP address'
-    )
-  })
-
-  it('throws when validation succeeds but no IP is returned', async () => {
-    inputValidationMockFns.mockValidateUrlWithDNS.mockResolvedValueOnce({
-      isValid: true,
-    })
-
-    await expect(resolveAgiloftInstance('https://example.agiloft.com')).rejects.toThrow(
-      'Invalid Agiloft instance URL'
-    )
-  })
+afterEach(() => {
+  vi.unstubAllGlobals()
 })
 
 describe('executeAgiloftRequest', () => {
-  it('pins the resolved IP across login, operation, and logout', async () => {
-    inputValidationMockFns.mockSecureFetchWithPinnedIP
-      // EWLogin
-      .mockResolvedValueOnce(mockSecureFetchResponse({ json: { access_token: 'tok-1' } }))
-      // operation
-      .mockResolvedValueOnce(mockSecureFetchResponse({ json: { id: 42, fields: { name: 'foo' } } }))
-      // EWLogout
-      .mockResolvedValueOnce(mockSecureFetchResponse({}))
+  it('logs in, runs the operation with the bearer token, then logs out', async () => {
+    fetchSpy
+      .mockResolvedValueOnce(mockFetchResponse({ json: { access_token: 'tok-1' } }))
+      .mockResolvedValueOnce(mockFetchResponse({ json: { id: 42, fields: { name: 'foo' } } }))
+      .mockResolvedValueOnce(mockFetchResponse({}))
 
     const result = await executeAgiloftRequest(
       baseParams,
@@ -106,43 +59,24 @@ describe('executeAgiloftRequest', () => {
 
     expect(result).toEqual({ success: true, output: { id: '42', fields: { name: 'foo' } } })
 
-    const calls = inputValidationMockFns.mockSecureFetchWithPinnedIP.mock.calls
+    const calls = fetchSpy.mock.calls
     expect(calls).toHaveLength(3)
-
-    // Every call MUST use the pre-resolved IP — this is the SSRF fix.
-    for (const call of calls) {
-      expect(call[1]).toBe(PINNED_IP)
-    }
-
-    // Login URL preserves the original hostname (TLS SNI requirement).
     expect(calls[0][0]).toBe(
       'https://example.agiloft.com/ewws/EWLogin?$KB=demo&$login=admin&$password=secret'
     )
-    expect(calls[0][2]).toEqual({ method: 'POST' })
-
-    // Operation request includes the bearer token issued by login.
     expect(calls[1][0]).toBe('https://example.agiloft.com/ewws/REST/demo/contracts/42')
-    expect(calls[1][2]).toMatchObject({
+    expect(calls[1][1]).toMatchObject({
       method: 'GET',
       headers: { Accept: 'application/json', Authorization: 'Bearer tok-1' },
     })
-
-    // Logout uses the bearer token and the original hostname.
     expect(calls[2][0]).toBe('https://example.agiloft.com/ewws/EWLogout?$KB=demo')
-    expect(calls[2][2]).toMatchObject({
-      method: 'POST',
-      headers: { Authorization: 'Bearer tok-1' },
-    })
-
-    // DNS lookup happens exactly once, before any HTTP request.
-    expect(inputValidationMockFns.mockValidateUrlWithDNS).toHaveBeenCalledTimes(1)
   })
 
   it('still calls logout when the operation throws', async () => {
-    inputValidationMockFns.mockSecureFetchWithPinnedIP
-      .mockResolvedValueOnce(mockSecureFetchResponse({ json: { access_token: 'tok-2' } }))
-      .mockResolvedValueOnce(mockSecureFetchResponse({ ok: false, status: 500 }))
-      .mockResolvedValueOnce(mockSecureFetchResponse({}))
+    fetchSpy
+      .mockResolvedValueOnce(mockFetchResponse({ json: { access_token: 'tok-2' } }))
+      .mockResolvedValueOnce(mockFetchResponse({ ok: false, status: 500 }))
+      .mockResolvedValueOnce(mockFetchResponse({}))
 
     await expect(
       executeAgiloftRequest(
@@ -155,16 +89,14 @@ describe('executeAgiloftRequest', () => {
       )
     ).rejects.toThrow('operation failed')
 
-    expect(inputValidationMockFns.mockSecureFetchWithPinnedIP).toHaveBeenCalledTimes(3)
-    expect(inputValidationMockFns.mockSecureFetchWithPinnedIP.mock.calls[2][0]).toContain(
-      '/ewws/EWLogout'
-    )
+    expect(fetchSpy).toHaveBeenCalledTimes(3)
+    expect(fetchSpy.mock.calls[2][0]).toContain('/ewws/EWLogout')
   })
 
   it('swallows logout failures (best-effort)', async () => {
-    inputValidationMockFns.mockSecureFetchWithPinnedIP
-      .mockResolvedValueOnce(mockSecureFetchResponse({ json: { access_token: 'tok-3' } }))
-      .mockResolvedValueOnce(mockSecureFetchResponse({ json: { ok: true } }))
+    fetchSpy
+      .mockResolvedValueOnce(mockFetchResponse({ json: { access_token: 'tok-3' } }))
+      .mockResolvedValueOnce(mockFetchResponse({ json: { ok: true } }))
       .mockRejectedValueOnce(new Error('logout network error'))
 
     const result = await executeAgiloftRequest(
@@ -177,10 +109,7 @@ describe('executeAgiloftRequest', () => {
   })
 
   it('throws when login does not return an access token', async () => {
-    inputValidationMockFns.mockSecureFetchWithPinnedIP.mockResolvedValueOnce(
-      mockSecureFetchResponse({ json: {} })
-    )
-    // Login failure should still trigger no logout, since no token was issued.
+    fetchSpy.mockResolvedValueOnce(mockFetchResponse({ json: {} }))
 
     await expect(
       executeAgiloftRequest(
@@ -190,23 +119,18 @@ describe('executeAgiloftRequest', () => {
       )
     ).rejects.toThrow('Agiloft login did not return an access token')
 
-    expect(inputValidationMockFns.mockSecureFetchWithPinnedIP).toHaveBeenCalledTimes(1)
+    expect(fetchSpy).toHaveBeenCalledTimes(1)
   })
 
-  it('refuses to call any external endpoint when validation rejects the URL', async () => {
-    inputValidationMockFns.mockValidateUrlWithDNS.mockResolvedValueOnce({
-      isValid: false,
-      error: 'instanceUrl resolves to a blocked IP address',
-    })
-
+  it('rejects an instance URL that fails synchronous URL validation', async () => {
     await expect(
       executeAgiloftRequest(
-        { ...baseParams, instanceUrl: 'https://attacker.example.com' },
+        { ...baseParams, instanceUrl: 'not-a-valid-url' },
         (base) => ({ url: `${base}/ewws/REST/demo/contracts/42`, method: 'GET' }),
         async () => ({ success: true, output: {} })
       )
-    ).rejects.toThrow('instanceUrl resolves to a blocked IP address')
+    ).rejects.toThrow(/Invalid Agiloft instance URL/)
 
-    expect(inputValidationMockFns.mockSecureFetchWithPinnedIP).not.toHaveBeenCalled()
+    expect(fetchSpy).not.toHaveBeenCalled()
   })
 })