feat(platform): add file storage and attachment support for integration sandbox

[larryro]

Summary

• Add a files API to the integration sandbox VM, allowing connectors to download and store files via an injected StorageProvider backed by Convex file storage
• Refactor sandbox execution logic into dedicated modules (execute_integration_impl, run_with_passes, validate_host, create_files_api, create_convex_storage_provider, execute_file_operation) for better maintainability
• Enable end-to-end file attachment support for email conversations: inbound emails surface attachment metadata in the conversation UI with on-demand download, and outbound messages read attachments from Convex storage, base64-encode them, and pass them to the connector
• Add binary HTTP body support and comprehensive tests for the new file storage and HTTP functionality

Test plan

• Unit tests for binary HTTP requests (binary_http_requests.test.ts)
• Unit tests for files API (files_api.test.ts)
• Unit tests for HTTP methods (http_methods.test.ts)
• Verify inbound email attachments display in the conversation UI
• Verify outbound message attachments are sent correctly through the connector
• Verify file download works on-demand from conversation panel

🤖 Generated with Claude Code

Summary by CodeRabbit

Release Notes

• New Features

  • Added attachment download functionality for conversation messages
  • Conversation UI now displays message attachments with download options
  • Outlook integration enhanced: download attachments from emails and include attachments when sending messages via Outlook
  • Added attachment upload and status tracking for message composition

• Documentation

  • Added translation strings for attachment interface labels and states

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request adds comprehensive attachments support across the platform's email integration and conversation management layers. Changes include: updating the Outlook integration configuration and connector to support attachment operations (get_attachments, expand parameters, send with attachments); implementing attachment download and upload flows in the UI conversation panel and message components; extending conversation mutation handlers to accept and propagate attachments metadata; introducing a new multi-pass integration sandbox execution model (executeIntegrationImpl) with HTTP and file operation APIs to support asynchronous file handling in integration connectors; adding helper functions for file storage, host validation, and binary request handling; and updating conversation schemas and validators to include email attachment metadata.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~75 minutes

Possibly related PRs

• feat(platform): integration package upload with OAuth2 and connection testing #432: Modifies the same Outlook integration configuration/connector and introduces the integration sandbox multi-pass execution infrastructure (executeIntegrationImpl, files/http helpers).
• refactor(convex): remove unnecessary type assertions and add proper type definitions #96: Updates services/platform/convex/agent_tools/integrations/integration_tool.ts to propagate fileReferences from integration results.
• feat(integrations): SQL database integration with approval workflow #35: Related changes to IntegrationExecutionResult structure for carrying file reference metadata through integration execution flows.

🚥 Pre-merge checks | ✅ 2 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 20.59% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Merge Conflict Detection	⚠️ Warning	❌ Merge conflicts detected (33 files): ⚔️ examples/integrations/outlook/config.json (content) ⚔️ examples/integrations/outlook/connector.js (content) ⚔️ examples/workflows/outlook-email-sync/config.json (content) ⚔️ package-lock.json (content) ⚔️ services/platform/app/features/conversations/components/conversation-panel.tsx (content) ⚔️ services/platform/app/features/conversations/components/message.tsx (content) ⚔️ services/platform/app/features/conversations/hooks/mutations.ts (content) ⚔️ services/platform/convex/_generated/api.d.ts (content) ⚔️ services/platform/convex/agent_tools/integrations/integration_tool.ts (content) ⚔️ services/platform/convex/agent_tools/integrations/types.ts (content) ⚔️ services/platform/convex/approvals/helpers.ts (content) ⚔️ services/platform/convex/conversations/add_message_to_conversation.ts (content) ⚔️ services/platform/convex/conversations/create_conversation_with_message.ts (content) ⚔️ services/platform/convex/conversations/internal_actions.ts (content) ⚔️ services/platform/convex/conversations/internal_mutations.ts (content) ⚔️ services/platform/convex/conversations/internal_queries.ts (content) ⚔️ services/platform/convex/conversations/mutations.ts (content) ⚔️ services/platform/convex/conversations/send_message_via_integration.ts (content) ⚔️ services/platform/convex/conversations/transform_conversation.ts (content) ⚔️ services/platform/convex/conversations/validators.ts (content) ⚔️ services/platform/convex/node_only/integration_sandbox/__tests__/test_connection_sandbox.test.ts (content) ⚔️ services/platform/convex/node_only/integration_sandbox/helpers/create_http_api.ts (content) ⚔️ services/platform/convex/node_only/integration_sandbox/helpers/execute_http_request.ts (content) ⚔️ services/platform/convex/node_only/integration_sandbox/helpers/index.ts (content) ⚔️ services/platform/convex/node_only/integration_sandbox/internal_actions.ts (content) ⚔️ services/platform/convex/node_only/integration_sandbox/types.ts (content) ⚔️ services/platform/convex/workflow_engine/action_defs/conversation/helpers/add_message_to_conversation.ts (content) ⚔️ services/platform/convex/workflow_engine/action_defs/conversation/helpers/build_initial_message.ts (content) ⚔️ services/platform/convex/workflow_engine/action_defs/conversation/helpers/types.ts (content) ⚔️ services/platform/convex/workflow_engine/action_defs/integration/integration_action.ts (content) ⚔️ services/platform/lib/shared/schemas/conversations.ts (content) ⚔️ services/platform/messages/en.json (content) ⚔️ services/platform/package.json (content) These conflicts must be resolved before merging into main.	Resolve conflicts locally and push changes to this branch.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and concisely describes the main change: adding file storage and attachment support for the integration sandbox. It is clear, specific, and directly reflects the core objective of the PR.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/integration-sandbox-file-storage

⚔️ Resolve merge conflicts (beta)

• Auto-commit resolved conflicts to branch feat/integration-sandbox-file-storage
• Create stacked PR with resolved conflicts
• Post resolved changes as copyable diffs in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 12

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

services/platform/convex/approvals/helpers.ts (1)

200-223: ⚠️ Potential issue | 🟠 Major

Avoid early return; it can drop newer approvals from later statuses.

When the limit is reached while iterating the first status, the function returns before scanning remaining statuses. Since you sort by _creationTime across statuses, this can exclude newer approvals in later statuses and return a stale set. Consider collecting across statuses, then sorting and slicing to limit, or implement a merge/heap strategy.

🔧 Suggested fix (collect → sort → slice)

     for await (const approval of query) {
       if (
         needsResourceTypeFilter &&
         !resourceTypeSet.has(approval.resourceType)
       ) {
         continue;
       }

       if (searchLower && !matchesSearch(approval, searchLower)) {
         continue;
       }

       result.push(approval);
-      if (result.length >= limit) {
-        result.sort((a, b) => b._creationTime - a._creationTime);
-        return result;
-      }
     }
   }

   result.sort((a, b) => b._creationTime - a._creationTime);
-  return result;
+  return result.slice(0, limit);

🤖 Fix all issues with AI agents

In `@examples/integrations/outlook/connector.js`:
- Around line 789-840: The attachment download URL is incorrectly built using
params.messageId which will 404 when the original input was an
internetMessageId; update the downloadUrl construction inside the attachments
loop to use the resolved graphId variable instead of params.messageId (the code
paths around graphId, the attachments loop, and the downloadUrl string need to
reference graphId so the $value endpoint matches the message ID used to fetch
attachments).
- Around line 818-852: The getAttachments() function redeclares the variable
file in both the if and else branches causing scope confusion; rename the
variables to distinct names (e.g., storedFile for the files.store branch and
downloadedFile for the files.download branch) and update the attachments.push
references to use storedFile.fileId/storedFile.url and
downloadedFile.fileId/downloadedFile.url respectively so each branch uses its
own clearly named variable (keep all other fields like id, name, contentType,
size unchanged).

In
`@services/platform/app/features/conversations/components/conversation-panel.tsx`:
- Around line 366-376: The download error is only logged to console; update the
catch in the Message onDownloadAttachments handler to also show a user-facing
toast/notification (the same mechanism used for upload failure) so users see the
failure; modify the callback that calls downloadAttachments (and its .catch for
errors) to call the existing toast/notification utility (used in the upload
failure handling) with a clear message like "Failed to download attachments"
plus the error.message to provide context, referencing the Message component,
downloadAttachments call, and the toId<'conversationMessages'> conversion so you
update the correct handler.

In `@services/platform/app/features/conversations/components/message.tsx`:
- Around line 117-126: Replace the forbidden non-null assertion in the onClick
handler: inside the branch that checks hasUrl, stop using attachment.url! and
instead use the truthy value directly (e.g., read const url = attachment.url or
pass attachment.url to a.href) because hasUrl guarantees it exists; leave the
else branch calling onDownload?.() unchanged and ensure you reference hasUrl,
attachment.url, and onDownload in the updated handler.
- Around line 30-41: formatFileSize computes an index i that can exceed the
units array for very large bytes; in function formatFileSize guard against
out-of-bounds by capping i to units.length - 1 (or using Math.min(i,
units.length - 1)) before using units[i], so extremely large sizes fall back to
the largest unit instead of returning undefined; update the function (reference:
formatFileSize, variables bytes, k, i, units) to clamp i and then compute the
formatted value.

In `@services/platform/convex/conversations/internal_actions.ts`:
- Around line 393-408: The filename-only matching in the updatedAttachments
mapping can incorrectly reuse a single fileRef for multiple attachments with the
same a.filename; update the logic in the updatedAttachments/existingAttachments
mapping to avoid reusing the same fileRef: either match on an additional unique
property provided by the connector (e.g., attachment ID, size, or hash) if
available, or, if no extra property exists, ensure fileRefs is treated as a pool
(consume/remove the matched ref from fileRefs after matching) so each ref is
applied only once; refer to the variables updatedAttachments,
existingAttachments, fileRefs, and a.filename when making the change.
- Around line 38-47: The attachments schema uses storageId: v.string(), which
loses Convex ID validation; change it to storageId: v.id('_storage') so IDs are
validated and typed consistently when later used (e.g., passed to
ctx.storage.get()); update the attachments v.object in internal_actions.ts (the
storageId property) to v.id('_storage') to follow repository Convex ID
conventions for file-related APIs.

In `@services/platform/convex/conversations/internal_queries.ts`:
- Around line 111-118: getMessageById currently reads by messageId only; add an
organizationId arg to the internalQuery args (alongside messageId), fetch the
record via ctx.db.get(args.messageId), then validate the record’s organizationId
matches args.organizationId before returning; if no record or org IDs don’t
match return null (or same behavior as other queries). Update the handler to
perform this guard and keep the returns type using
internalMessageRecordValidator | null.

In `@services/platform/convex/conversations/mutations.ts`:
- Around line 60-67: The attachments schema uses v.object({... storageId:
v.string() ...}) but storageId must be an Id<'_storage'> for
ctx.storage.getUrl(); update the validator inside the attachments array object
to use storageId: v.id('_storage') instead of v.string() (keep other fields
unchanged) so the validator enforces the correct storage ID type for any handler
using attachments.

In
`@services/platform/convex/node_only/integration_sandbox/execute_integration_impl.ts`:
- Around line 79-151: The connector method calls (connectorObj.testConnection /
connectorObj.execute) run via runWithPasses after vm.runInContext and are not
covered by params.timeoutMs, so long-running connector code can bypass the
timeout; wrap the runWithPasses invocation in a timeout guard (or add a timeout
parameter into runWithPasses) that uses params.timeoutMs (fallback 30000) to
abort execution if exceeded (e.g., Promise.race with a timer or using an
AbortController passed into runWithPasses), and ensure the wrapper converts the
timeout to a clear error result and cleans up any resources; update callers for
both the __test_connection__ branch and the execute branch, and adjust
runWithPasses to accept and honor an optional timeout/abort signal if you choose
that approach (referencing vm.runInContext, runWithPasses,
connectorObj.testConnection, connectorObj.execute, params.timeoutMs, and
MAX_PASSES).

In
`@services/platform/convex/node_only/integration_sandbox/helpers/create_convex_storage_provider.ts`:
- Around line 19-38: The download function currently validates only the initial
URL via validateHost but uses globalThis.fetch which follows redirects and can
fetch disallowed hosts; change download to disable automatic redirects (pass
redirect: 'manual' to globalThis.fetch) and then handle 3xx responses by reading
the Location header, resolving it against the original URL, running validateHost
on each redirect target, and either follow validated redirects manually or
reject when Location is missing or the host is not allowed; ensure the
subsequent fetches before calling ctx.storage.store and ctx.storage.getUrl also
run validateHost on their URLs so no redirected fetch can bypass the allowlist.

In
`@services/platform/convex/node_only/integration_sandbox/helpers/run_with_passes.ts`:
- Around line 107-110: The loop in runWithPasses (involving MAX_PASSES,
httpRequests and fileRequests) can exit due to reaching MAX_PASSES without
clearing pending ops; update runWithPasses to signal that condition by detecting
when the loop ends with httpRequests.length>0 or fileRequests.length>0 and
MAX_PASSES reached, then either emit a warning (e.g., processLogger.warn or
console.warn) with counts of remaining ops or augment the return value with
metadata (e.g., a truncated:boolean and remainingCounts) so callers can detect
incomplete execution; modify callers accordingly to handle the new metadata or
rely on the warning.