fix(pii): evaluate pii-redaction flag globally with no org/user context

TheodoreSpeaks · TheodoreSpeaks · commit ebdd7739dc7f · 2026-06-19T19:12:18.000-07:00
diff --git a/apps/sim/app/api/organizations/[id]/data-retention/route.ts b/apps/sim/app/api/organizations/[id]/data-retention/route.ts
@@ -77,10 +77,7 @@ export const GET = withRouteHandler(
     }
 
     const isEnterprise = !isBillingEnabled || (await isOrganizationOnEnterprisePlan(organizationId))
-    const piiRedactionEnabled = await isFeatureEnabled('pii-redaction', {
-      userId: session.user.id,
-      orgId: organizationId,
-    })
+    const piiRedactionEnabled = await isFeatureEnabled('pii-redaction')
     const configured = normalizeConfigured(org.dataRetentionSettings)
     const defaults = enterpriseDefaults()
 
@@ -160,10 +157,7 @@ export const PUT = withRouteHandler(
       return NextResponse.json({ error: 'Organization not found' }, { status: 404 })
     }
 
-    const piiRedactionEnabled = await isFeatureEnabled('pii-redaction', {
-      userId: session.user.id,
-      orgId: organizationId,
-    })
+    const piiRedactionEnabled = await isFeatureEnabled('pii-redaction')
 
     const current = normalizeConfigured(currentOrg.dataRetentionSettings)
     const merged: DataRetentionSettings = { ...current }
diff --git a/apps/sim/lib/core/config/feature-flags.ts b/apps/sim/lib/core/config/feature-flags.ts
@@ -85,8 +85,9 @@ const FEATURE_FLAGS = {
   'pii-redaction': {
     description:
       'Redact PII from workflow logs via configurable Data Retention rules (Presidio at the ' +
-      'logger persist choke point) and expose the Data Retention config surfaces. Gate by org ' +
-      'for staged rollout.',
+      'logger persist choke point) and expose the Data Retention config surfaces. Global on/off ' +
+      'only — evaluated without user/org context so the persist path and config routes always ' +
+      'agree.',
     fallback: 'PII_REDACTION',
   },
 } satisfies Record<string, FeatureFlagDefinition>
diff --git a/apps/sim/lib/logs/execution/logger.ts b/apps/sim/lib/logs/execution/logger.ts
@@ -602,16 +602,16 @@ export class ExecutionLogger implements IExecutionLoggerService {
   ): Promise<RedactablePayload> {
     if (!workspaceId) return payload
 
+    if (!(await isFeatureEnabled('pii-redaction'))) return payload
+
     const [row] = await db
-      .select({ orgId: organization.id, orgSettings: organization.dataRetentionSettings })
+      .select({ orgSettings: organization.dataRetentionSettings })
       .from(workspace)
       .leftJoin(organization, eq(organization.id, workspace.organizationId))
       .where(eq(workspace.id, workspaceId))
       .limit(1)
     if (!row) return payload
 
-    if (!(await isFeatureEnabled('pii-redaction', { orgId: row.orgId }))) return payload
-
     // Rules are only writable by enterprise orgs (route-gated), so an enabled
     // rule already implies entitlement. We deliberately do NOT re-check
     // `isWorkspaceOnEnterprisePlan` here: it returns false on transient lookup
