fix(kb): added internal auth for mistral OCR tool via KB

[waleedlatif1]

Summary

• added internal auth for mistral OCR tool via KB

Type of Change

• Bug fix

Testing

Tested manually

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Preview	Comments	Updated (UTC)
docs	Skipped			Oct 21, 2025 11:47pm

[greptile-apps]

Greptile Overview

Summary

Added internal JWT authentication when the knowledge base document processor calls the internal Mistral OCR API endpoint (/api/tools/mistral/parse). This ensures server-to-server calls are properly authenticated.

Key Changes

• Modified parseWithMistralOCR function to detect internal API calls by checking if the URL includes /api/tools/mistral/parse
• When detected, generates an internal JWT using generateInternalToken() and adds it to the request headers
• Follows the existing pattern used in downloadFileWithTimeout for internal file serving authentication
• The internal API endpoint already supports hybrid authentication (session, API key, or internal JWT) via checkHybridAuth

Analysis

The implementation correctly addresses the authentication gap for internal server-to-server communication. The pattern is consistent with existing internal authentication in the codebase, and the endpoint already has proper validation through the hybrid auth system.

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• The change adds proper authentication for internal API calls using an established pattern already present in the codebase. The implementation is straightforward, follows existing conventions (similar to the authentication in downloadFileWithTimeout at line 216), and the receiving endpoint already supports internal JWT validation through checkHybridAuth. No breaking changes or side effects expected.
• No files require special attention

Important Files Changed

File Analysis

Filename	Score	Overview
apps/sim/lib/knowledge/documents/document-processor.ts	5/5	Added internal JWT authentication for Mistral OCR API calls to /api/tools/mistral/parse endpoint

Sequence Diagram

sequenceDiagram
    participant KB as Knowledge Base Processor
    participant Auth as Internal Auth Module
    participant API as Mistral Parse API
    participant Hybrid as Hybrid Auth Module
    participant Mistral as Mistral OCR Service
    
    Note over KB: Processing PDF document
    KB->>KB: Prepare request parameters
    KB->>KB: Build tool headers
    KB->>KB: Check if URL is internal endpoint
    
    alt Internal API Call
        KB->>Auth: Request internal authentication
        Auth-->>KB: Return authentication credentials
        KB->>KB: Update authorization header
    end
    
    KB->>API: Send POST request
    API->>Hybrid: Validate authentication
    Hybrid->>Hybrid: Verify credentials
    Hybrid-->>API: Authentication confirmed
    
    API->>Mistral: Forward OCR request
    Mistral-->>API: Return OCR result
    API-->>KB: Send parsed content response

Loading

_{1 file reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}