fix(perms): copilot checks undefined issue

[icecrasher321]

Summary

Copilot checks undefined vs null for perm config.

Type of Change

• Bug fix

Testing

Tested manually

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Review	Updated (UTC)
docs	Skipped		Jan 10, 2026 7:23pm

[greptile-apps]

Greptile Overview

Greptile Summary

This PR fixes a critical bug in the copilot permission checking logic. The issue occurs when users are not part of a permission group - in such cases, getUserPermissionConfig() returns null, causing allowedIntegrations to be undefined rather than null.

The Bug:
The original code used strict equality (!== null) which only checks for null, not undefined. When allowedIntegrations was undefined, the condition allowedIntegrations !== null evaluated to true, then !undefined?.includes(blockId) evaluated to !undefined = true, incorrectly blocking access to all integrations for users without permission groups.

The Fix:
The PR systematically replaces !== null with != null (loose equality) across all copilot server tools. This correctly handles both null (explicit "no restrictions") and undefined (no permission config) cases, allowing unrestricted access in both scenarios. The optional chaining operator (?.) is also removed since the != null check ensures allowedIntegrations is an array when accessed.

Files Changed:

• All 6 copilot-related server tool files are consistently updated
• Changes are minimal, focused, and follow the same pattern throughout
• The fix aligns with how validateBlockType() works in the permission-check utility

Impact:
This fix ensures users without permission groups can access all integrations via copilot, matching the intended behavior where null means "no restrictions".

Confidence Score: 5/5

• This PR is safe to merge - it fixes a critical bug with minimal, focused changes
• The changes are straightforward, consistent across all files, and fix a well-understood JavaScript equality issue. The logic has been verified to correctly handle all three scenarios: undefined (no permission group), null (no restrictions), and string array (restricted list). Only one minor style inconsistency was found in a non-critical area.
• No files require special attention - all changes are safe and correct

Important Files Changed

File Analysis

Filename	Score	Overview
apps/sim/lib/copilot/process-contents.ts	5/5	Fixed undefined check for allowedIntegrations in processBlockMetadata function - correctly handles both null and undefined permission configs
apps/sim/lib/copilot/tools/server/blocks/get-block-config.ts	5/5	Fixed undefined check for allowedIntegrations - prevents incorrect blocking when permission config is undefined
apps/sim/lib/copilot/tools/server/blocks/get-block-options.ts	5/5	Fixed undefined check for allowedIntegrations - correctly allows all blocks when no permission group is configured
apps/sim/lib/copilot/tools/server/blocks/get-blocks-and-tools.ts	5/5	Fixed undefined check in filter logic - ensures blocks are properly filtered based on permission config
apps/sim/lib/copilot/tools/server/blocks/get-blocks-metadata-tool.ts	5/5	Fixed undefined check for allowedIntegrations - prevents skipping blocks when permission config is undefined
apps/sim/lib/copilot/tools/server/blocks/get-trigger-blocks.ts	5/5	Fixed undefined check for allowedIntegrations in trigger blocks filtering - correctly handles undefined permission configs

Sequence Diagram

sequenceDiagram
    participant Client as Copilot Client
    participant Tool as Server Tool (e.g., get-block-config)
    participant PermCheck as getUserPermissionConfig()
    participant DB as Database
    
    Client->>Tool: Execute tool with userId & blockType
    Tool->>PermCheck: getUserPermissionConfig(userId)
    
    alt User not in organization
        PermCheck->>DB: Query member table
        DB-->>PermCheck: No membership found
        PermCheck-->>Tool: return null
        Note over Tool: permissionConfig = null<br/>allowedIntegrations = undefined
    else User in org, not enterprise
        PermCheck->>DB: Query organization plan
        DB-->>PermCheck: Not enterprise plan
        PermCheck-->>Tool: return null
        Note over Tool: permissionConfig = null<br/>allowedIntegrations = undefined
    else User in org, enterprise, no permission group
        PermCheck->>DB: Query permission group membership
        DB-->>PermCheck: No group membership
        PermCheck-->>Tool: return null
        Note over Tool: permissionConfig = null<br/>allowedIntegrations = undefined
    else User in permission group
        PermCheck->>DB: Query permission group config
        DB-->>PermCheck: config object
        PermCheck-->>Tool: return PermissionGroupConfig
        Note over Tool: permissionConfig = {...}<br/>allowedIntegrations = null or string[]
    end
    
    alt allowedIntegrations != null (NEW FIX)
        Tool->>Tool: Check if blockType in allowedIntegrations
        alt blockType not in list
            Tool-->>Client: throw Error (not allowed)
        else blockType in list
            Tool->>Tool: Continue execution
            Tool-->>Client: Return result
        end
    else allowedIntegrations is null or undefined
        Note over Tool: Skip permission check<br/>(allow all integrations)
        Tool->>Tool: Continue execution
        Tool-->>Client: Return result
    end

Loading

[greptile-apps]

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Additional Comments (1)

app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/integrations/integrations.tsx
For consistency with the permission check pattern used throughout the codebase (especially in copilot files), consider using loose equality (!=) instead of strict equality (!==). While this specific case is safe because usePermissionConfig always returns a config object, using != null would align with the pattern established in this PR and make the codebase more consistent.

        permissionConfig.allowedIntegrations != null &&
        !permissionConfig.allowedIntegrations.includes(service.id)

_{Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!}

Prompt To Fix With AI

This is a comment left during a code review.
Path: app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/integrations/integrations.tsx
Line: 231:232

Comment:
For consistency with the permission check pattern used throughout the codebase (especially in copilot files), consider using loose equality (`!=`) instead of strict equality (`!==`). While this specific case is safe because `usePermissionConfig` always returns a config object, using `!= null` would align with the pattern established in this PR and make the codebase more consistent.

```suggestion
        permissionConfig.allowedIntegrations != null &&
        !permissionConfig.allowedIntegrations.includes(service.id)
```

<sub>Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!</sub>

How can I resolve this? If you propose a fix, please make it concise.