improvement(copilot): replace crypto.randomUUID() with generateId() per project rule#4268
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub. |
PR SummaryLow Risk Overview This affects IDs generated for persisted assistant messages, chat request execution/run/user message IDs, table row IDs (preserving the Reviewed by Cursor Bugbot for commit 639faf0. Configure here. |
Greptile SummaryThis PR replaces all Confidence Score: 5/5Safe to merge — mechanical rule-compliance fix with no behavior change on the current server-side runtime. All 8 substitutions are correct drop-in replacements. No remaining No files require special attention. Important Files Changed
Flowchart%%{init: {'theme': 'neutral'}}%%
flowchart TD
A["generateId() call"] --> B{crypto.randomUUID available?}
B -- Yes --> C["crypto.randomUUID() → UUID v4"]
B -- No --> D["crypto.getRandomValues() → UUID v4"]
C --> E["Return UUID string"]
D --> E
subgraph "Replaced call sites"
F["persisted-message.ts ×2"]
G["post.ts ×3"]
H["tables.ts ×2 + .replace(/-/g,''')"]
I["oauth.ts ×1"]
end
F & G & H & I --> A
Reviews (1): Last reviewed commit: "fix(copilot): replace crypto.randomUUID(..." | Re-trigger Greptile |
️✅ There are no secrets present in this pull request anymore.If these secrets were true positive and are still valid, we highly recommend you to revoke them. 🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request. |
|
@voidborne-d please rebase with origin staging, then we can merge |
…ct rule AGENTS.md / CLAUDE.md forbid crypto.randomUUID() (non-secure contexts throw TypeError in browsers). Four copilot server-side files still violated this rule, left over after PR simstudioai#3397 polyfilled the client. Routes through request lifecycle, OAuth draft insertion, persisted message normalization, and table-row generation now use generateId from @sim/utils/id, which is a drop-in UUID v4 producer that falls back to crypto.getRandomValues when randomUUID is unavailable. Refs simstudioai#3393.
voidborne-d
force-pushed
the
fix/copilot-crypto-randomuuid
branch
from
63523fe to
639faf0
Compare
|
Rebased against |
|
bugbot run |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 639faf0. Configure here.
icecrasher321
changed the title
3 participants
Problem
AGENTS.md/CLAUDE.mdforbidcrypto.randomUUID():generateIdexists for a reason:crypto.randomUUID()is unavailable on non-secure (plain HTTP) browser contexts — the root cause of #3393, where self-hosted Sim served overhttp://192.168.x.x:3000white-screens withTypeError: crypto.randomUUID is not a function. PR #3397 polyfilled the client, but four copilot server-side files still callcrypto.randomUUID()directly, in violation of the project rule.Fix
Replace every
crypto.randomUUID()call inapps/sim/lib/copilot/**withgenerateId()imported from@sim/utils/id.generateIdis a drop-in: it returns a lowercase RFC 4122 UUID v4 string, usingcrypto.randomUUIDwhen available and falling back tocrypto.getRandomValuesotherwise. Intables.tsthe.replace(/-/g, '')suffix is preserved so row-ID shape (row_<32-hex>) is unchanged.Server-side Node 22 always has
randomUUID, so behavior is identical today — this is about obeying the project's own hard rule and not leaving the copilot subtree as a footgun if any of these call paths ever reach a non-secure-context runtime (e.g. future edge-runtime migration, Workers, Deno, or an imported shared module).Why small
PRs #3485 and #3574 tried to sweep the whole repo (100 / 42 files, new parallel
generateIdutilities); both stalled. This PR is four files, uses the canonical@sim/utils/idthat already ships, and touches only the copilot subtree that was missed in the earlier cleanup. No new utilities, no behavior change.Verification
Run from repo root:
bun run lint:check— ✅ clean (6594 sim files checked)bun run format:check— ✅ cleanbun run turbo run type-check --filter=sim— ✅ cleancd apps/sim && bunx vitest run lib/copilot— ✅ 40 files / 218 tests passRefs #3393.