You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
KB document processing sporadically failed with Unsupported fileUrl scheme: only data: URIs and http(s):// URLs are allowed on knowledge-process-document runs.
Root cause: some ingestion paths store an app-relative internal URL (/api/files/serve/...?context=workspace). The download layer (downloadFileFromUrl) already resolves these directly against storage, but parseWithFileParser and downloadFileForBase64 applied a stricter scheme guard that threw before the URL ever reached the downloader.
Fix at the consumer: both guards now accept internal URLs via isInternalFileUrl(...) and route them through the existing downloader, matching how the OCR path already behaves. Still fails fast on genuinely unsupported schemes.
Consumer-side fix covers every producer and lets already-failed documents recover on retry with no data migration. Security is unchanged — the downloader still authorizes the resolved storage key against the billed actor and derives context from the trusted key prefix.
Type of Change
Bug fix
Testing
Tested manually. Ran bun run lint (no changes) and bun run check:api-validation:strict (passed). Typecheck clean.
Low Risk
Narrow guard change reusing existing internal URL handling and authorization in the downloader; no new schemes or security model changes.
Overview
Fixes sporadic knowledge document processing failures when ingestion stores an app-relative internal path (/api/files/serve/...) instead of a full http(s) URL.
downloadFileForBase64 and parseWithFileParser now treat internal serve paths like HTTP URLs by checking isInternalFileUrl and delegating to the existing downloader/parser path. Unsupported schemes still fail fast; error text now mentions internal paths. Behavior matches the OCR flow and downloadFileFromUrl—no new authorization surface.
Reviewed by Cursor Bugbot for commit cb44c01. Bugbot is set up for automated code reviews on this repo. Configure here.
This PR fixes a sporadic failure in the knowledge-base document processor where relative internal file URLs (/api/files/serve/...) triggered an "Unsupported fileUrl scheme" error in parseWithFileParser and downloadFileForBase64. Both guards now check isInternalFileUrl(fileUrl) alongside the existing http(s):// regex, routing the URL through the existing downloadFileFromUrl downloader that already handles access authorization.
The two affected scheme guards in downloadFileForBase64 and parseWithFileParser are updated to accept internal relative paths, matching how the OCR path (handleFileForOCR) already behaved.
Authorization semantics are unchanged: downloadFileFromUrl still requires a userId for internal URLs (fails closed without one), infers context from the trusted storage-key prefix rather than the ?context= query parameter, and calls verifyFileAccess before reading any bytes.
Confidence Score: 5/5
Safe to merge — the change is a minimal, targeted fix that adds a well-tested predicate to two scheme guards, with no changes to authorization logic.
The two modified code paths now delegate internal URLs to the same downloadFileFromUrl function that was already proven correct in the OCR path. That function enforces access authorization (requires userId, derives context from the trusted storage-key prefix, calls verifyFileAccess) before reading any bytes, and fails closed when userId is absent. No new trust surface is introduced.
Two scheme guards updated to accept internal /api/files/serve/ relative paths alongside http(s):// URLs; routing delegates to the existing downloadFileWithTimeout→downloadFileFromUrl chain that already handles authorization correctly.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Unsupported fileUrl scheme: only data: URIs and http(s):// URLs are allowedonknowledge-process-documentruns./api/files/serve/...?context=workspace). The download layer (downloadFileFromUrl) already resolves these directly against storage, butparseWithFileParseranddownloadFileForBase64applied a stricter scheme guard that threw before the URL ever reached the downloader.isInternalFileUrl(...)and route them through the existing downloader, matching how the OCR path already behaves. Still fails fast on genuinely unsupported schemes.Type of Change
Testing
Tested manually. Ran
bun run lint(no changes) andbun run check:api-validation:strict(passed). Typecheck clean.Checklist