Fix sanitizationg

Sg312 · Sg312 · commit 96eb075a31fe · 2025-11-17T19:23:38.000-08:00
diff --git a/apps/sim/app/api/templates/approved/sanitized/route.ts b/apps/sim/app/api/templates/approved/sanitized/route.ts
@@ -77,6 +77,33 @@ export async function GET(request: NextRequest) {
         // The template.state is already credential-sanitized, now sanitize for copilot
         const copilotSanitized = sanitizeForCopilot(template.state as any)
 
+        // Defensively remove any outputs fields that might have leaked through
+        // This ensures runtime execution data is never sent to copilot
+        if (copilotSanitized?.blocks) {
+          Object.values(copilotSanitized.blocks).forEach((block: any) => {
+            if (block && typeof block === 'object') {
+              delete block.outputs
+              delete block.position
+              delete block.height
+              delete block.layout
+              delete block.horizontalHandles
+              
+              // Also clean nested nodes recursively
+              if (block.nestedNodes) {
+                Object.values(block.nestedNodes).forEach((nestedBlock: any) => {
+                  if (nestedBlock && typeof nestedBlock === 'object') {
+                    delete nestedBlock.outputs
+                    delete nestedBlock.position
+                    delete nestedBlock.height
+                    delete nestedBlock.layout
+                    delete nestedBlock.horizontalHandles
+                  }
+                })
+              }
+            }
+          })
+        }
+
         // Extract description from details
         const details = template.details as { tagline?: string; about?: string } | null
         const description = details?.tagline || details?.about || ''
diff --git a/apps/sim/lib/workflows/json-sanitizer.ts b/apps/sim/lib/workflows/json-sanitizer.ts
@@ -349,6 +349,7 @@ export function sanitizeForCopilot(state: WorkflowState): CopilotWorkflowState {
       })
     }
 
+    // Create clean result without runtime data (outputs, positions, layout, etc.)
     const result: CopilotBlockState = {
       type: block.type,
       name: block.name,
@@ -361,6 +362,9 @@ export function sanitizeForCopilot(state: WorkflowState): CopilotWorkflowState {
     if (block.advancedMode !== undefined) result.advancedMode = block.advancedMode
     if (block.triggerMode !== undefined) result.triggerMode = block.triggerMode
 
+    // Note: outputs, position, height, layout, horizontalHandles are intentionally excluded
+    // These are runtime/UI-specific fields not needed for copilot understanding
+
     return result
   }
 

Original file line number	Diff line number	Diff line change
`@@ -349,6 +349,7 @@ export function sanitizeForCopilot(state: WorkflowState): CopilotWorkflowState {`
`349`	`349`	`})`
`350`	`350`	`}`
`351`	`351`
	`352`	`+ // Create clean result without runtime data (outputs, positions, layout, etc.)`
`352`	`353`	`const result: CopilotBlockState = {`
`353`	`354`	`type: block.type,`
`354`	`355`	`name: block.name,`
`@@ -361,6 +362,9 @@ export function sanitizeForCopilot(state: WorkflowState): CopilotWorkflowState {`
`361`	`362`	`if (block.advancedMode !== undefined) result.advancedMode = block.advancedMode`
`362`	`363`	`if (block.triggerMode !== undefined) result.triggerMode = block.triggerMode`
`363`	`364`
	`365`	`+ // Note: outputs, position, height, layout, horizontalHandles are intentionally excluded`
	`366`	`+ // These are runtime/UI-specific fields not needed for copilot understanding`
	`367`	`+`
`364`	`368`	`return result`
`365`	`369`	`}`
`366`	`370`