fix(file-block): fix get op

[Sg312]

Summary

Add another guard for user

Type of Change

• Bug fix

Testing

Manual

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
docs	Skipped		May 14, 2026 1:39am

[greptile-apps]

Greptile Summary

This PR introduces a new file_get tool and corresponding get operation on the file-manage API route, allowing the file block to retrieve a workspace file object by ID or selected file input. It also hoists assertActiveWorkspaceAccess to run before any switch branch, so write and append operations now receive the same workspace-membership guard as the new get operation.

• New file_get tool (tools/file/get.ts, registry.ts, blocks/blocks/file.ts): adds a "Get" mode to the file block with basic (file-upload) and advanced (file ID text input) sub-blocks; params mapping handles both string ID and normalized file object inputs.
• Route handler (route.ts): adds the case 'get' branch with layered fileId resolution (direct ID → fileInput.id → fileInput.fileId) and an assertActiveWorkspaceAccess guard now covering all operations.
• Zod contract (contracts/tools/file.ts): adds fileManageGetBodySchema with a cross-field refine and changes the union type from discriminatedUnion to union (required because .refine() produces ZodEffects, incompatible with discriminatedUnion).

Confidence Score: 4/5

Safe to merge; the new get operation is correctly gated behind workspace-access verification, and the file retrieval query filters by both workspaceId and fileId.

The core logic — workspace guard, fileId resolution, DB lookup — is correct. The two findings are in the Zod contract: the refine predicate admits null fileInput (handled by a secondary check in the route), and the switch to z.union produces less descriptive errors on invalid operations. Neither is a runtime defect, but the contract layer is slightly weaker than it could be.

apps/sim/lib/api/contracts/tools/file.ts — the refine check and the discriminatedUnion→union change both sit here.

Important Files Changed

Filename	Overview
apps/sim/app/api/tools/file/manage/route.ts	Adds the 'get' operation case and moves assertActiveWorkspaceAccess before the switch so it now guards all operations; fileId resolution logic is defensive and correct.
apps/sim/lib/api/contracts/tools/file.ts	Schema changed from discriminatedUnion to union (necessary for .refine()); refine allows null fileInput through Zod validation while route handler provides a secondary guard.
apps/sim/tools/file/get.ts	New tool correctly delegates to /api/tools/file/manage with operation: 'get', resolves workspaceId from both params and _context, and maps the response to the expected output shape.
apps/sim/blocks/blocks/file.ts	Adds 'Get' dropdown option, two sub-blocks (file-upload in basic mode, short-input in advanced mode), and correct tool params mapping for string vs object file inputs.
apps/sim/tools/file/index.ts	Exports the new fileGetTool correctly.
apps/sim/tools/registry.ts	Registers file_get in the tools map alongside existing file tools.

_{Reviews (1): Last reviewed commit: "Fix auth" | Re-trigger Greptile}

[greptile-apps]

The .refine() predicate uses strict !== undefined, so { operation: 'get', fileInput: null } passes Zod validation (since null !== undefined). The route handler catches this downstream with its own empty-ID check, but the schema's intent is to block such payloads early. Using != null (loose inequality) or an explicit truthiness check would keep the two layers consistent.

Suggested change

	.refine((data) => data.fileId !== undefined || data.fileInput !== undefined, {
	message: 'Either fileId or fileInput is required for get operation',
	})
	.refine((data) => data.fileId != null || data.fileInput != null, {
	message: 'Either fileId or fileInput is required for get operation',
	})

[greptile-apps]

discriminatedUnion → union downgrades error quality

The schema was changed from z.discriminatedUnion('operation', [...]) to z.union([...]) because fileManageGetBodySchema uses .refine(), which produces a ZodEffects type incompatible with discriminatedUnion. The trade-off is that with z.union, an invalid operation (e.g. { operation: 'delete' }) causes Zod to try every branch sequentially and return a multi-branch error message rather than a clear discriminant mismatch. Not a runtime bug since invalid operations are still rejected, but consider moving the cross-field validation into the route handler to restore discriminatedUnion and its targeted error messages.