subroutinecom · Gricha · Dec 10, 2025 · Dec 10, 2025
diff --git a/admin-panel/app/routes/_authRequired+/integrations.$integrationId.edit.tsx b/admin-panel/app/routes/_authRequired+/integrations.$integrationId.edit.tsx
@@ -518,7 +518,13 @@ export default function EditIntegrationPage() {
             <input
               id="name"
               type="text"
-              {...register("name", { required: "Name is required" })}
+              {...register("name", {
+                required: "Name is required",
+                pattern: {
+                  value: /^[a-z0-9_-]+$/,
+                  message: "Name can only contain lowercase letters, numbers, hyphens, and underscores",
+                },
+              })}
               className="input input-bordered w-full text-base"
             />
             {errors.name && <p className="text-sm text-error">{errors.name.message}</p>}

diff --git a/admin-panel/app/routes/_authRequired+/integrations.new.tsx b/admin-panel/app/routes/_authRequired+/integrations.new.tsx
@@ -633,8 +633,14 @@ export default function NewIntegrationPage() {
                   <input
                     id="name"
                     type="text"
-                    {...register("name", { required: "Name is required" })}
-                    placeholder="e.g., Production API"
+                    {...register("name", {
+                      required: "Name is required",
+                      pattern: {
+                        value: /^[a-z0-9_-]+$/,
+                        message: "Name can only contain lowercase letters, numbers, hyphens, and underscores",
+                      },
+                    })}
+                    placeholder="e.g., production-api"
                     className={inputClasses}
                   />
                   {errors.name && <p className="text-sm text-error">{errors.name.message}</p>}

diff --git a/api/db/migrations-index.ts b/api/db/migrations-index.ts
@@ -13,4 +13,5 @@ export const migrations = {
   "20251127_pat_link": import("../migrations/20251127_pat_link.ts"),
   "20251127_visibility": import("../migrations/20251127_visibility.ts"),
   "20251205_0633_mcp_plugin_oauth": import("../migrations/20251205_0633_mcp_plugin_oauth.ts"),
+  "20251210_integration_name_unique": import("../migrations/20251210_integration_name_unique.ts"),
 };
diff --git a/api/migrations/20251210_integration_name_unique.ts b/api/migrations/20251210_integration_name_unique.ts
@@ -0,0 +1,34 @@
+import { Kysely } from "kysely";
+
+export const up = async (db: Kysely<unknown>): Promise<void> => {
+  // Drop old constraint (org + provider + name)
+  await db.schema
+    .alterTable("integration")
+    .dropConstraint("integration_org_provider_name_unique")
+    .execute();
+
+  // Add new constraint (org + name only) - names must be unique per organization
+  await db.schema
+    .alterTable("integration")
+    .addUniqueConstraint("integration_org_name_unique", [
+      "organizationId",
+      "name",
+    ])
+    .execute();
+};
+
+export const down = async (db: Kysely<unknown>): Promise<void> => {
+  await db.schema
+    .alterTable("integration")
+    .dropConstraint("integration_org_name_unique")
+    .execute();
+
+  await db.schema
+    .alterTable("integration")
+    .addUniqueConstraint("integration_org_provider_name_unique", [
+      "organizationId",
+      "provider",
+      "name",
+    ])
+    .execute();
+};
diff --git a/api/models/integration.ts b/api/models/integration.ts
@@ -1,6 +1,8 @@
 import { nanoid } from "nanoid";
+import { sql } from "kysely";
 import { db } from "../db/index.ts";
 import type { IntegrationTable } from "../db/schema.ts";
+import { validateIntegrationName } from "../validation/integration-name";
 import type {
   AuthStrategy,
   IntegrationProvider,
@@ -388,6 +390,11 @@ export const createIntegration = async (
     throw new Error(`Invalid provider: ${params.provider}`);
   }
 
+  const nameValidation = validateIntegrationName(params.name);
+  if (!nameValidation.valid) {
+    throw new Error(nameValidation.error);
+  }
+
   validateIntegrationConfig(params.authConfig);
   const id = nanoid();
   const now = new Date().toISOString();
@@ -493,6 +500,10 @@ export const updateIntegration = async (
   };
 
   if (params.name !== undefined) {
+    const nameValidation = validateIntegrationName(params.name);
+    if (!nameValidation.valid) {
+      throw new Error(nameValidation.error);
+    }
     updateValues.name = params.name;
   }
 
@@ -542,6 +553,11 @@ export type CreateDynamicIntegrationRequest = {
 export const createDynamicIntegration = async (
   params: CreateDynamicIntegrationRequest
 ): Promise<IntegrationWithConfig> => {
+  const nameValidation = validateIntegrationName(params.name);
+  if (!nameValidation.valid) {
+    throw new Error(nameValidation.error);
+  }
+
   validateMcpConfig(params.authConfig);
 
   const id = nanoid();
@@ -634,7 +650,7 @@ export const getIntegrationByName = async (
   const row = await db
     .selectFrom("integration")
     .selectAll()
-    .where("name", "=", name)
+    .where(sql`LOWER(name)`, "=", name.toLowerCase())
     .where("organizationId", "=", organizationId)
     .where("enabled", "=", true)
     .executeTakeFirst();

diff --git a/api/validation/integration-name.test.ts b/api/validation/integration-name.test.ts
@@ -0,0 +1,96 @@
+import { expect } from "@std/expect";
+import { describe, it } from "@std/testing/bdd";
+import { validateIntegrationName, INTEGRATION_NAME_PATTERN } from "./integration-name";
+
+describe("Integration Name Validation", () => {
+  describe("INTEGRATION_NAME_PATTERN", () => {
+    it("matches valid lowercase names", () => {
+      expect(INTEGRATION_NAME_PATTERN.test("github")).toBe(true);
+      expect(INTEGRATION_NAME_PATTERN.test("myapi")).toBe(true);
+    });
+
+    it("matches names with hyphens", () => {
+      expect(INTEGRATION_NAME_PATTERN.test("my-api")).toBe(true);
+      expect(INTEGRATION_NAME_PATTERN.test("my-github-api")).toBe(true);
+    });
+
+    it("matches names with underscores", () => {
+      expect(INTEGRATION_NAME_PATTERN.test("my_api")).toBe(true);
+      expect(INTEGRATION_NAME_PATTERN.test("my_github_api")).toBe(true);
+    });
+
+    it("matches names with numbers", () => {
+      expect(INTEGRATION_NAME_PATTERN.test("api123")).toBe(true);
+      expect(INTEGRATION_NAME_PATTERN.test("api-v2")).toBe(true);
+      expect(INTEGRATION_NAME_PATTERN.test("test123api")).toBe(true);
+    });
+
+    it("matches combined valid characters", () => {
+      expect(INTEGRATION_NAME_PATTERN.test("my_github-api_v2")).toBe(true);
+      expect(INTEGRATION_NAME_PATTERN.test("test-api_123")).toBe(true);
+    });
+
+    it("rejects uppercase letters", () => {
+      expect(INTEGRATION_NAME_PATTERN.test("GitHub")).toBe(false);
+      expect(INTEGRATION_NAME_PATTERN.test("MyAPI")).toBe(false);
+      expect(INTEGRATION_NAME_PATTERN.test("myAPI")).toBe(false);
+    });
+
+    it("rejects spaces", () => {
+      expect(INTEGRATION_NAME_PATTERN.test("my api")).toBe(false);
+      expect(INTEGRATION_NAME_PATTERN.test("my github api")).toBe(false);
+    });
+
+    it("rejects special characters", () => {
+      expect(INTEGRATION_NAME_PATTERN.test("my@api")).toBe(false);
+      expect(INTEGRATION_NAME_PATTERN.test("my.api")).toBe(false);
+      expect(INTEGRATION_NAME_PATTERN.test("my!api")).toBe(false);
+      expect(INTEGRATION_NAME_PATTERN.test("my#api")).toBe(false);
+    });
+  });
+
+  describe("validateIntegrationName", () => {
+    it("accepts valid lowercase names", () => {
+      expect(validateIntegrationName("github").valid).toBe(true);
+      expect(validateIntegrationName("my-api").valid).toBe(true);
+      expect(validateIntegrationName("api_v2").valid).toBe(true);
+      expect(validateIntegrationName("test-api-123").valid).toBe(true);
+    });
+
+    it("rejects empty names", () => {
+      const result = validateIntegrationName("");
+      expect(result.valid).toBe(false);
+      expect(result.error).toContain("required");
+    });
+
+    it("rejects whitespace-only names", () => {
+      const result = validateIntegrationName("   ");
+      expect(result.valid).toBe(false);
+      expect(result.error).toContain("required");
+    });
+
+    it("rejects names with uppercase letters", () => {
+      const result = validateIntegrationName("GitHub");
+      expect(result.valid).toBe(false);
+      expect(result.error).toContain("lowercase");
+    });
+
+    it("rejects names with spaces", () => {
+      const result = validateIntegrationName("my api");
+      expect(result.valid).toBe(false);
+      expect(result.error).toContain("lowercase");
+    });
+
+    it("rejects names with special characters", () => {
+      const result = validateIntegrationName("my@api");
+      expect(result.valid).toBe(false);
+      expect(result.error).toContain("lowercase");
+    });
+
+    it("returns undefined error when valid", () => {
+      const result = validateIntegrationName("valid-name");
+      expect(result.valid).toBe(true);
+      expect(result.error).toBeUndefined();
+    });
+  });
+});
diff --git a/api/validation/integration-name.ts b/api/validation/integration-name.ts
@@ -0,0 +1,22 @@
+// Pattern: lowercase letters, numbers, hyphens, underscores only
+export const INTEGRATION_NAME_PATTERN = /^[a-z0-9_-]+$/;
+
+export interface IntegrationNameValidationResult {
+  valid: boolean;
+  error?: string;
+}
+
+export const validateIntegrationName = (name: string): IntegrationNameValidationResult => {
+  if (!name || !name.trim()) {
+    return { valid: false, error: "Integration name is required" };
+  }
+
+  if (!INTEGRATION_NAME_PATTERN.test(name)) {
+    return {
+      valid: false,
+      error: "Integration name can only contain lowercase letters (a-z), numbers (0-9), hyphens (-), and underscores (_)",
+    };
+  }
+
+  return { valid: true };
+};