Skip to content

fix(mailer): permissions entitlements for enabling/disabling#5312

Merged
icecrasher321 merged 108 commits into
stagingfrom
make-badge-workspace-scoped
Jul 1, 2026
Merged

fix(mailer): permissions entitlements for enabling/disabling#5312
icecrasher321 merged 108 commits into
stagingfrom
make-badge-workspace-scoped

Conversation

@icecrasher321

Copy link
Copy Markdown
Collaborator

Summary

Workspace admins should be able to enable/disable inboxes. AgentMail infra teardown on subscription deletion.

Type of Change

  • Bug fix

Testing

Tested manually

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

waleedlatif1 and others added 30 commits April 3, 2026 23:30
…ership workflow edits via sockets, ui improvements
…ration, signup method feature flags, SSO improvements
* feat(posthog): Add tracking on mothership abort (#4023)

Co-authored-by: Theodore Li <theo@sim.ai>

* fix(login): fix captcha headers for manual login  (#4025)

* fix(signup): fix turnstile key loading

* fix(login): fix captcha header passing

* Catch user already exists, remove login form captcha
…nts, secrets performance, polling refactors, drag resources in mothership
…endar triggers, docs updates, integrations/models pages improvements
…mat, logs performance improvements

fix(csp): add missing analytics domains, remove unsafe-eval, fix workspace CSP gap (#4179)
fix(landing): return 404 for invalid dynamic route slugs (#4182)
improvement(seo): optimize sitemaps, robots.txt, and core web vitals across sim and docs (#4170)
fix(gemini): support structured output with tools on Gemini 3 models (#4184)
feat(brightdata): add Bright Data integration with 8 tools (#4183)
fix(mothership): fix superagent credentials (#4185)
fix(logs): close sidebar when selected log disappears from filtered list; cleanup (#4186)
v0.6.46: mothership streaming fixes, brightdata integration
waleedlatif1 and others added 19 commits June 10, 2026 13:20
…ration, smooth streaming, security hardening, db fixes
…x, db migrations from ci, docs updates, read replicas

v0.7.3: jira oauth scope fix, read-replica client, table wire data fix, db migrations from ci, docs updates, read replicas
…uting, trigger.dev, temporal, latex, quartr, brex, convex integrations
…richment providers, deepseek models, db performance
…nce, file sharing, scheduled tasks granularity
…t harness, sakana fugu provider

v0.7.13: pii redaction, react query frontend refactor, pi coding agent harness, sakana fugu provider
…ix, settings overhaul, thrive learning integration
…extension, workspace forking, slack trigger extension, new README
@vercel

vercel Bot commented Jul 1, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
docs Ready Ready Preview, Comment Jul 1, 2026 3:54am

Request Review

@cursor

cursor Bot commented Jul 1, 2026

Copy link
Copy Markdown

PR Summary

Medium Risk
Touches billing gates, inbound webhooks, and destructive inbox teardown via cron; grace logic limits accidental teardown on past_due, but wrong entitlement checks could block paying workspaces or leave infra provisioned too long.

Overview
Sim Mailer (inbox) entitlement is now evaluated per workspace billing entity instead of the signed-in user, so org-backed workspaces and external admins can manage inboxes when the workspace’s org or billed account is on Max/Enterprise.

API & billing: hasInboxAccess(userId) is replaced by hasWorkspaceInboxAccess(workspaceId) (usable subscription) and hasWorkspaceInboxGraceAccess(workspaceId) (active or past_due, fails open for teardown). Inbox GET returns an entitled flag; PATCH allows disable without a plan but gates enable/address updates on workspace entitlement. AgentMail webhooks reject mail with not_entitled when the workspace no longer qualifies.

Ops: A new cron /api/cron/reconcile-inbox-entitlement (daily in Helm) disables AgentMail for workspaces still marked enabled after a terminal plan lapse.

UI: Settings use server entitled instead of client subscription checks; admins with a stale enabled inbox can still turn it off; sidebar “Max” lock for inbox follows workspace entitlement; rejected tasks show “Plan no longer includes Sim Mailer”.

Reviewed by Cursor Bugbot for commit 6c1175f. Configure here.

@greptile-apps

greptile-apps Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR moves Sim Mailer entitlement checks to workspace billing. The main changes are:

  • Workspace-based entitlement helpers for inbox access and teardown grace.
  • API and webhook checks that reject non-entitled inbox use.
  • UI updates that read the new entitled inbox config field.
  • A daily cron job to reclaim AgentMail resources after entitlement loss.

Confidence Score: 4/5

The personal-workspace entitlement path needs a fix before merging.

  • Personal workspaces can gain inbox access through unrelated organization memberships.
  • The cleanup cron can keep personal inbox infrastructure for the same reason.
  • The API, UI, webhook, and cron wiring otherwise follows the intended workspace-based flow.

apps/sim/lib/billing/core/subscription.ts

Security Review

Personal workspaces can inherit Sim Mailer entitlement from unrelated organization memberships because the new personal-workspace path uses the broad highest-priority subscription lookup.

Important Files Changed

Filename Overview
apps/sim/lib/billing/core/subscription.ts Adds workspace-scoped inbox entitlement helpers, but the personal-workspace branch can use unrelated organization subscriptions.
apps/sim/app/api/workspaces/[id]/inbox/route.ts Returns entitlement in the inbox config and allows admins to disable an inbox after entitlement loss.
apps/sim/app/api/webhooks/agentmail/route.ts Rejects inbound AgentMail messages when the workspace entitlement helper returns false.
apps/sim/app/api/cron/reconcile-inbox-entitlement/route.ts Adds an authenticated cron route that disables enabled inboxes after grace entitlement is lost.
apps/sim/app/workspace/[workspaceId]/settings/components/inbox/inbox.tsx Updates inbox settings rendering to use the config-level entitlement flag.
apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-sidebar/settings-sidebar.tsx Locks the Inbox sidebar item based on inbox config entitlement instead of generic Max access.

Reviews (1): Last reviewed commit: "fix lifecycle for agentmail infra" | Re-trigger Greptile

Comment thread apps/sim/lib/billing/core/subscription.ts
Comment thread apps/sim/lib/billing/core/subscription.ts

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 2 potential issues.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 6c1175f. Configure here.

Comment thread apps/sim/app/api/workspaces/[id]/inbox/route.ts
Comment thread apps/sim/app/api/webhooks/agentmail/route.ts
Resolve conflict in scripts/check-api-validation-contracts.ts: staging
deleted the contact route (removed from allowlists) while this branch added
the reconcile-inbox-entitlement cron. Net route count is unchanged at 881,
so the baseline is set to 881 (both allowlist edits kept).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@icecrasher321 icecrasher321 merged commit ca34301 into staging Jul 1, 2026
15 checks passed
@icecrasher321 icecrasher321 deleted the make-badge-workspace-scoped branch July 1, 2026 04:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants