v0.5.110: webhook execution speedups, SSRF patches

[waleedlatif1]

• fix(parallel): align integration with Parallel AI API docs (fix(parallel): align integration with Parallel AI API docs #3501)
• fix(security): add SSRF protection to database tools and webhook delivery (fix(security): add SSRF protection to database tools and webhook delivery #3500)
• fix(webhooks): eliminate redundant DB queries from webhook execution path (fix(webhooks): eliminate redundant DB queries from webhook execution path #3523)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
docs	Skipped		Mar 11, 2026 9:51pm

[cursor]

PR Summary

Medium Risk
Touches security-sensitive request validation (SSRF protections and constant-time comparisons) and refactors webhook execution/preprocessing; mistakes could block legitimate traffic or change billing/actor attribution. Also updates external Parallel AI API integration/outputs, which may affect downstream consumers.

Overview
Security hardening: Introduces validateDatabaseHost and expands URL validation to support allowHttp, then applies these checks to DB connection tools (Postgres/MySQL/Mongo/Neo4j/Redis), A2A agent URL creation, and webhook delivery/test via secureFetchWithValidation to reduce SSRF/DNS-rebinding risk. Replaces several direct secret/API-key string comparisons with constant-time safeCompare, and broadly sanitizes client-facing errors (MCP routes, A2A routes, workspace notification test/delivery) to avoid leaking internal details.

Webhooks & execution: Refactors webhook preprocessing to return { error, actorUserId } and threads actorUserId into queueWebhookExecution; the background webhook-execution job now uses preprocessExecution to derive workflow/workspace/timeout and parallelizes DB lookups to cut redundant queries. Generic webhook triggers now default to requiring auth and auto-generate a token.

Parallel AI alignment: Updates Parallel AI docs, block config, and tool implementations to match newer API behavior (search mode, include/exclude domains, new search_id/extract_id, optional extract objective, deep research processor tiers and longer runtime), and switches outputs from JSON-stringified to structured json.

^{Written by Cursor Bugbot for commit 19ef526. Configure here.}

[greptile-apps]

Greptile Summary

This PR bundles three independent improvements: (1) aligns the Parallel AI integration with the current API docs (new mode field replacing processor for search, updated processor tiers for deep research, optional extract params, domain filtering); (2) adds SSRF protection to database tools (PostgreSQL, MySQL, MongoDB, Neo4j, Redis) via a new validateDatabaseHost DNS-resolution check, and replaces raw fetch calls in webhook delivery with secureFetchWithValidation; (3) eliminates several redundant DB queries from the webhook hot path by reusing the workflowRecord already fetched during preprocessing and propagating actorUserId from checkWebhookPreprocessing through to the background job payload rather than re-resolving it.

Key highlights and concerns:

• validateDatabaseHost validates DNS but does not pin the resolved IP to the actual database driver connection. Between the DNS check and the driver's own connect(), a DNS rebinding attack could redirect to an internal address. The HTTP equivalent (secureFetchWithPinnedIP) does not have this gap. This affects PostgreSQL, MySQL, MongoDB, Neo4j, and Redis.
• Credential resolution (credentialAccountUserId) has been moved from a synchronous failure in queueWebhookExecution to a best-effort resolution inside the background job. If resolution fails, only a warning is logged and execution continues with credentialAccountUserId = undefined. For providers that depend on this value (e.g., Microsoft Teams token refresh), this is a silent downgrade.
• safeCompare now uses HMAC-SHA256 digests before timingSafeEqual, correctly eliminating the length-based timing leak that existed in the prior implementation.
• New webhook triggers now default requireAuth: true with an auto-generated UUID token — a good security default.
• All MCP and A2A error responses now return sanitized generic messages; originals are logged server-side only.

Confidence Score: 3/5

• Safe to merge with awareness of two issues: a DNS rebinding gap in the new database SSRF checks and a silent credential failure path in the background webhook job.
• The security improvements are meaningful and correctly implemented at the protocol level (safeCompare, secureFetchWithValidation, sanitized error messages, auth-by-default webhooks). The Parallel AI API alignment is well-tested and backward-compatible. However, the database SSRF protection (validateDatabaseHost) does not pin the resolved IP, leaving a DNS rebinding window that is weaker than the HTTP approach used for webhook delivery. Additionally, the credential resolution failure path in webhook-execution.ts now silently continues rather than aborting, which could cause broken integrations for credential-dependent providers in production.
• apps/sim/lib/core/security/input-validation.server.ts (DNS rebinding gap for DB hosts) and apps/sim/background/webhook-execution.ts (silent credential resolution failure).

Important Files Changed

Filename	Overview
apps/sim/lib/core/security/input-validation.server.ts	Adds validateDatabaseHost for database SSRF protection and threads allowHttp option through validateUrlWithDNS/secureFetchWithValidation; DNS-without-IP-pinning gap exists for database connections.
apps/sim/background/webhook-execution.ts	Significant refactor eliminating multiple redundant DB queries by using preprocessExecution; credential resolution moved to background with silent failure path that could break MS Teams reply flows.
apps/sim/lib/webhooks/processor.ts	Refactors checkWebhookPreprocessing to return { error, actorUserId } struct, moves credential/workspace resolution out of hot path; actorUserId now required from caller.
apps/sim/lib/core/security/encryption.ts	Updates safeCompare to use HMAC-SHA256 digests before timingSafeEqual, eliminating the early-exit length leak; fixed HMAC key is acceptable for pure equality checking.
apps/sim/tools/parallel/search.ts	Aligns with current Parallel AI API: replaces processor with mode, adds domain filtering via source_policy, restructures max_chars_per_result into excerpts object, and adds search_id to output.
apps/sim/tools/parallel/extract.ts	Makes objective, excerpts, full_content optional per updated API; adds extract_id to output; adds explicit HTTP error handling and data.results null guard.
apps/sim/tools/parallel/deep_research.ts	Updates processor options to pro/ultra/pro-fast/ultra-fast, extends timeout description to 45 min, adds HTTP error handling, and normalizes result extraction with null-coalescing.
apps/sim/lib/api-key/auth.ts	Replaces all === string equality checks with safeCompare to prevent timing-based side-channel attacks on API key comparison.
apps/sim/app/api/tools/postgresql/utils.ts	Makes createPostgresConnection async and adds validateDatabaseHost SSRF check; DNS-without-IP-pinning gap applies here.
apps/sim/triggers/generic/webhook.ts	Tightens security by defaulting requireAuth to true and auto-generating a random UUID token on new webhook creation.

Sequence Diagram

sequenceDiagram
    participant Client as Webhook Caller
    participant Route as /api/webhooks/trigger/[path]
    participant Processor as lib/webhooks/processor.ts
    participant Preprocess as lib/execution/preprocessing.ts
    participant Queue as Job Queue
    participant BgJob as background/webhook-execution.ts
    participant DB as Database

    Client->>Route: POST /api/webhooks/trigger/:path
    Route->>Processor: findAllWebhooksForPath()
    Processor->>DB: Query webhooks + workflows
    DB-->>Processor: foundWebhook, foundWorkflow
    Processor-->>Route: webhooksForPath[]

    Route->>Processor: verifyProviderAuth() [safeCompare for tokens]
    Processor-->>Route: authError | null

    Route->>Processor: checkWebhookPreprocessing(foundWorkflow, foundWebhook)
    Processor->>Preprocess: preprocessExecution({workflowId, checkRateLimit:true, workflowRecord:foundWorkflow})
    Preprocess->>DB: getWorkspaceBilledAccountUserId (billing)
    DB-->>Preprocess: actorUserId + subscription
    Preprocess-->>Processor: { success, actorUserId, workflowRecord, executionTimeout }
    Processor-->>Route: WebhookPreprocessingResult { error:null, actorUserId }

    Route->>Processor: queueWebhookExecution(webhook, workflow, body, req, { actorUserId })
    Processor->>Queue: enqueue('webhook-execution', payload+workspaceId)
    Queue-->>Processor: jobId
    Processor-->>Route: 200 OK
    Route-->>Client: 200 OK

    Queue->>BgJob: executeWebhookJob(payload)
    BgJob->>Preprocess: preprocessExecution({workflowId, checkRateLimit:false, skipUsageLimits:true})
    Preprocess-->>BgJob: { workflowRecord, executionTimeout }

    par Parallel DB fetches
        BgJob->>DB: loadDeployedWorkflowState(workflowId, workspaceId)
        BgJob->>DB: SELECT webhook WHERE id=webhookId
        BgJob->>DB: resolveCredentialAccountUserId(credentialId) [if set]
    end
    DB-->>BgJob: workflowData, webhookRows, credentialAccountUserId

    BgJob->>BgJob: formatWebhookInput + executeWorkflowCore()
    BgJob->>DB: LoggingSession.complete()

Loading

Comments Outside Diff (1)

1. apps/sim/background/webhook-execution.ts, line 770-779 (link)

   Silent credential failure may break provider integrations

   The old queueWebhookExecution code returned an HTTP 500 synchronously if the OAuth credential could not be resolved (before the job was even enqueued). The new code moves resolution to the background job and only logs a warning, continuing execution with credentialAccountUserId = undefined.

   For providers that depend on credentialAccountUserId to refresh access tokens at execution time (notably Microsoft Teams — which uses it to fetch a fresh bearer token to post the reply), this change silently degrades behavior: the job runs, but the Teams reply fails because there is no account user ID to resolve an OAuth token for.

   Consider escalating this to an error and failing the job early rather than proceeding with an undefined value:

   if (payload.credentialId && !credentialAccountUserId) {
     throw new Error(
       `Cannot resolve OAuth account for credential ${payload.credentialId} — aborting webhook execution`
     )
   }

_{Last reviewed commit: 19ef526}