fix(connectors): address audit findings across 7 connectors

- github: branch with slashes encoded per-segment in sourceUrl; treat 403
  Contents API responses (>100MB or restricted) as null instead of
  throwing; fetchBlobContent throws on unexpected encoding rather than
  returning empty content
- jira: ADF extractor handles hardBreak, mention, and emoji nodes
- google-docs: paragraph join uses newline so heading/body boundaries
  are preserved
- servicenow: drop legacy 'wiki' field from kb_knowledge requests; only
  the 'text' field is reliably present on modern instances
- salesforce: KnowledgeArticleVersion query adds IsLatestVersion=true to
  avoid duplicate historical versions; encode externalId in sObject GET
- slack: subtype filter switches to a denylist (SLACK_NOISE_SUBTYPES) so
  thread_broadcast / me_message / reminder_add are kept; reply_count
  folded into contentHash to detect threaded reply deletes
- confluence: drop bare-string cursor fallback; unparseable cursors now
  restart the listing instead of silently re-listing blogposts from 0

Author: waleedlatif1

apps/sim/connectors/confluence/confluence.ts

@@ -489,7 +489,11 @@ async function listAllContentTypes(
       pagesDone = parsed.pagesDone === true
       blogsDone = parsed.blogsDone === true
     } catch {
-      pageCursor = cursor
+      /**
+       * Older bare-string cursors are no longer emitted; fall through and
+       * restart instead of silently re-listing blogposts from page 0.
+       */
+      logger.warn('Ignoring unparseable Confluence cursor; restarting listing')
     }
   }
 

apps/sim/connectors/github/github.ts

@@ -138,10 +138,12 @@ async function fetchBlobContent(
     if (isBinaryBuffer(buf)) return null
     return buf.toString('utf8')
   }
-  if (encoding === 'utf-8') {
-    return content
-  }
-  return ''
+  /**
+   * Per https://docs.github.com/en/rest/git/blobs the Blobs API only ever
+   * returns base64. Refuse to silently persist empty content for an
+   * unexpected encoding so a sync surfaces the error instead.
+   */
+  throw new Error(`Unexpected git blob encoding for ${sha}: ${encoding ?? 'undefined'}`)
 }
 
 /**
@@ -162,7 +164,7 @@ function treeItemToStub(
     content: '',
     contentDeferred: true,
     mimeType: 'text/plain',
-    sourceUrl: `https://github.com/${owner}/${repo}/blob/${encodeURIComponent(branch)}/${item.path.split('/').map(encodeURIComponent).join('/')}`,
+    sourceUrl: `https://github.com/${owner}/${repo}/blob/${branch.split('/').map(encodeURIComponent).join('/')}/${item.path.split('/').map(encodeURIComponent).join('/')}`,
     contentHash: `${GIT_SHA_PREFIX}${item.sha}`,
     metadata: {
       path: item.path,
@@ -307,6 +309,13 @@ export const githubConnector: ConnectorConfig = {
 
       if (!response.ok) {
         if (response.status === 404) return null
+        if (response.status === 403) {
+          logger.info('Skipping GitHub file rejected by Contents API', {
+            path,
+            status: response.status,
+          })
+          return null
+        }
         throw new Error(`Failed to fetch file ${path}: ${response.status}`)
       }
 
@@ -350,7 +359,7 @@ export const githubConnector: ConnectorConfig = {
         content,
         contentDeferred: false,
         mimeType: 'text/plain',
-        sourceUrl: `https://github.com/${owner}/${repo}/blob/${encodeURIComponent(branch)}/${path.split('/').map(encodeURIComponent).join('/')}`,
+        sourceUrl: `https://github.com/${owner}/${repo}/blob/${branch.split('/').map(encodeURIComponent).join('/')}/${path.split('/').map(encodeURIComponent).join('/')}`,
         contentHash: `${GIT_SHA_PREFIX}${data.sha as string}`,
         metadata: {
           path,

apps/sim/connectors/google-docs/google-docs.ts

@@ -91,7 +91,7 @@ function extractTextFromDocsBody(doc: DocsDocument): string {
     }
   }
 
-  return parts.join('').trim()
+  return parts.join('\n').trim()
 }
 
 /**

apps/sim/connectors/salesforce/salesforce.ts

@@ -42,7 +42,8 @@ const OBJECT_FIELDS: Record<string, string[]> = {
 
 /** SOQL WHERE clause additions per object type. */
 const OBJECT_WHERE: Record<string, string> = {
-  KnowledgeArticleVersion: " WHERE PublishStatus='Online' AND Language='en_US'",
+  KnowledgeArticleVersion:
+    " WHERE PublishStatus='Online' AND IsLatestVersion=true AND Language='en_US'",
 } as const
 
 /**
@@ -389,7 +390,7 @@ export const salesforceConnector: ConnectorConfig = {
       instanceUrl = await resolveInstanceUrl(accessToken, syncContext)
     }
 
-    const url = `${instanceUrl}sobjects/${objectType}/${externalId}?fields=${fields.join(',')}`
+    const url = `${instanceUrl}sobjects/${objectType}/${encodeURIComponent(externalId)}?fields=${fields.join(',')}`
 
     const response = await fetchWithRetry(url, {
       method: 'GET',

apps/sim/connectors/servicenow/servicenow.ts

@@ -36,7 +36,6 @@ interface ServiceNowRecord {
 interface KBArticle extends ServiceNowRecord {
   short_description?: string
   text?: string
-  wiki?: string
   workflow_state?: string
   kb_category?: string | { display_value?: string }
   kb_knowledge_base?: string | { display_value?: string }
@@ -264,7 +263,7 @@ function priorityLabel(priority: string | undefined): string {
  */
 function kbArticleToDocument(article: KBArticle, instanceUrl: string): ExternalDocument {
   const title = rawValue(article.short_description) || rawValue(article.number) || article.sys_id
-  const articleText = rawValue(article.text) || rawValue(article.wiki) || ''
+  const articleText = rawValue(article.text) || ''
   const content = htmlToPlainText(articleText)
   const sysId = rawValue(article.sys_id) || article.sys_id
   const updatedOn = rawValue(article.sys_updated_on) || ''
@@ -549,7 +548,7 @@ export const servicenowConnector: ConnectorConfig = {
     const query = isKB ? buildKBQuery(sourceConfig) : buildIncidentQuery(sourceConfig)
 
     const fields = isKB
-      ? 'sys_id,short_description,text,wiki,workflow_state,kb_category,kb_knowledge_base,number,author,sys_created_by,sys_updated_by,sys_updated_on,sys_created_on'
+      ? 'sys_id,short_description,text,workflow_state,kb_category,kb_knowledge_base,number,author,sys_created_by,sys_updated_by,sys_updated_on,sys_created_on'
       : 'sys_id,number,short_description,description,state,priority,category,assigned_to,opened_by,close_notes,resolution_notes,sys_created_by,sys_updated_by,sys_updated_on,sys_created_on'
 
     const params: Record<string, string> = {
@@ -625,7 +624,7 @@ export const servicenowConnector: ConnectorConfig = {
     }
 
     const fields = isKB
-      ? 'sys_id,short_description,text,wiki,workflow_state,kb_category,kb_knowledge_base,number,author,sys_created_by,sys_updated_by,sys_updated_on,sys_created_on'
+      ? 'sys_id,short_description,text,workflow_state,kb_category,kb_knowledge_base,number,author,sys_created_by,sys_updated_by,sys_updated_on,sys_created_on'
       : 'sys_id,number,short_description,description,state,priority,category,assigned_to,opened_by,close_notes,resolution_notes,sys_created_by,sys_updated_by,sys_updated_on,sys_created_on'
 
     const instanceUrl = resolveServiceNowInstanceUrl(sourceConfig.instanceUrl as string)

apps/sim/connectors/slack/slack.ts

@@ -11,6 +11,33 @@ const SLACK_API_BASE = 'https://slack.com/api'
 const DEFAULT_MAX_MESSAGES = 1000
 const MESSAGES_PER_PAGE = 200
 
+/**
+ * Message subtypes that carry no user-authored text (channel events, bot
+ * lifecycle, etc.). Per https://api.slack.com/events/message every other
+ * subtype — `bot_message`, `file_share`, `me_message`, `thread_broadcast`,
+ * `reminder_add`, `file_comment`, etc. — can carry meaningful content.
+ */
+const SLACK_NOISE_SUBTYPES = new Set([
+  'channel_join',
+  'channel_leave',
+  'channel_topic',
+  'channel_purpose',
+  'channel_name',
+  'channel_archive',
+  'channel_unarchive',
+  'group_join',
+  'group_leave',
+  'group_topic',
+  'group_purpose',
+  'group_name',
+  'group_archive',
+  'group_unarchive',
+  'pinned_item',
+  'unpinned_item',
+  'bot_add',
+  'bot_remove',
+])
+
 interface SlackMessage {
   type: string
   user?: string
@@ -187,7 +214,13 @@ async function formatMessages(
   for (const msg of chronological) {
     // Skip non-user messages (join/leave, bot messages without text, etc.)
     if (!msg.text) continue
-    if (msg.subtype && msg.subtype !== 'bot_message' && msg.subtype !== 'file_share') continue
+    /**
+     * Drop only known noise subtypes (channel join/leave/topic events,
+     * bot add/remove, etc.). Per https://api.slack.com/events/message any
+     * subtype with user-authored text — `thread_broadcast`, `me_message`,
+     * `bot_message`, `file_share`, `reminder_add`, etc. — should be kept.
+     */
+    if (msg.subtype && SLACK_NOISE_SUBTYPES.has(msg.subtype)) continue
 
     const timestamp = formatSlackTimestamp(msg.ts)
     const userName = msg.user
@@ -314,12 +347,19 @@ async function buildSlackChannelDocument(
    */
   let maxEditTs = ''
   let maxReplyTs = ''
+  let totalReplies = 0
   for (const m of messages) {
     if (m.edited?.ts && m.edited.ts > maxEditTs) maxEditTs = m.edited.ts
     if (m.latest_reply && m.latest_reply > maxReplyTs) maxReplyTs = m.latest_reply
+    if (typeof m.reply_count === 'number') totalReplies += m.reply_count
   }
 
-  const contentHash = `slack:${channel.id}:${oldestTs ?? 'empty'}:${lastActivityTs ?? 'empty'}:${messageCount}:${maxEditTs || 'noedit'}:${maxReplyTs || 'noreply'}`
+  /**
+   * `latest_reply` alone misses reply edits and deletes. Folding `reply_count`
+   * in catches deletes (count drops) but still cannot detect reply edits
+   * without fetching `conversations.replies` for each parent.
+   */
+  const contentHash = `slack:${channel.id}:${oldestTs ?? 'empty'}:${lastActivityTs ?? 'empty'}:${messageCount}:${maxEditTs || 'noedit'}:${maxReplyTs || 'noreply'}:${totalReplies}`
 
   return { content, contentHash, messageCount, lastActivityTs }
 }

apps/sim/tools/jira/utils.ts

@@ -62,6 +62,9 @@ export function extractAdfText(content: any): string | null {
     return content.map(extractAdfText).filter(Boolean).join(' ')
   }
   if (content.type === 'text') return content.text || ''
+  if (content.type === 'hardBreak') return '\n'
+  if (content.type === 'mention') return content.attrs?.text || ''
+  if (content.type === 'emoji') return content.attrs?.shortName || content.attrs?.text || ''
   if (content.content) return extractAdfText(content.content)
   return ''
 }