feat(reddit): add 5 new tools, fix bugs, and audit all endpoints against API docs

[waleedlatif1]

Summary

• Add 5 new Reddit tools: get_me, get_user, send_message, get_messages, get_subreddit_info
• Fix body serialization bug in delete tool
• Fix permalink bug in submit_post tool
• Add null safety, pagination cursors, and missing fields across all listing tools
• Add missing API params (flair_id, flair_text, return_rtjson, geo filter, etc.)
• Remove invalid params from get_comments (showtitle, after, before, count)
• Update block definition with all 17 operations and wandConfig on text inputs
• Audit all tools against official Reddit API docs

Type of Change

• New feature
• Bug fix

Testing

Tested manually

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[cursor]

PR Summary

Medium Risk
Adds new Reddit API capabilities (messages, identity, user/subreddit lookups) and changes several existing tool request/response shapes (pagination cursors, new fields, removed params), which could break existing workflows if they relied on prior inputs/outputs.

Overview
Expands the Reddit integration with 5 new tools: reddit_get_me, reddit_get_user, reddit_send_message, reddit_get_messages, and reddit_get_subreddit_info, and wires them into the tool registry, docs, and the RedditBlock operation dropdown.

Updates existing listing tools to better match Reddit’s API: adds name (thing fullname) across post/comment outputs, adds after/before pagination cursors to list responses, extends reddit_get_posts with controversial sort + geo filter (g), and extends reddit_search with type and sr_detail.

Fixes/adjusts write operations and validation: corrects reddit_delete form body serialization, fixes reddit_submit_post permalink construction and adds flair/collection params, adds return_rtjson plus HTTP error handling to reddit_reply, removes unsupported reddit_get_comments params and adds comment focus + path-segment validation for subreddit, postId, and username.

^{Written by Cursor Bugbot for commit 0f6b08d. Configure here.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
docs	Skipped		Mar 6, 2026 3:47am

[greptile-apps]

Greptile Summary

This PR expands the Reddit integration from 12 to 17 operations by adding 5 new tools (get_me, get_user, send_message, get_messages, get_subreddit_info), while fixing bugs in delete.ts, submit_post.ts, and get_comments.ts.

Well-implemented additions:

• The 5 new tools and modified reply.ts all correctly implement !response.ok guards in transformResponse, properly handling HTTP errors (401/403/404/429) by returning success: false with empty output fields.
• Security is well-handled: path-segment validation on usernames/post IDs, enum whitelisting for URL segments, and subreddit name normalization prevent injection attacks.
• The block definition refactor is clean, with operation-to-tool lookup map, wandConfig on text inputs, and proper UI fields for pagination cursors.

Critical issue:
The same error handling pattern that was correctly applied to the new tools and reply.ts is still missing from 6 modified tools. When Reddit responds with HTTP errors (401/403/429), these tools silently return success: true with empty data:

• submit_post.ts — only checks data.json?.errors, no HTTP status guard
• get_posts.ts, get_controversial.ts, search.ts, hot_posts.ts, get_comments.ts — all lack !response.ok checks in transformResponse

This inconsistency means auth failures, rate limits, and permissions errors are silently swallowed in listing/write operations while correctly surfaced in the new tools, creating a fragile and confusing user experience.

Confidence Score: 2/5

• This PR has a critical inconsistency: 6 modified tools silently swallow HTTP errors while the 5 new tools correctly handle them, creating unpredictable failure modes in production workflows.
• The 5 new tools and reply.ts are well-implemented with proper error handling and security controls. However, 6 other tools (submit_post.ts, get_posts.ts, get_controversial.ts, search.ts, hot_posts.ts, get_comments.ts) lack HTTP error guards and will return success: true with empty/partial data when Reddit responds with 401/403/429 errors. This is a behavioral inconsistency within the same PR where the correct pattern was established but not applied uniformly. For production workflows, this means rate limits and auth failures can be silently masked in some operations while correctly surfaced in others, leading to confusing debugging and potential data corruption downstream.
• apps/sim/tools/reddit/submit_post.ts, apps/sim/tools/reddit/get_posts.ts, apps/sim/tools/reddit/get_controversial.ts, apps/sim/tools/reddit/search.ts, apps/sim/tools/reddit/hot_posts.ts, apps/sim/tools/reddit/get_comments.ts — all missing !response.ok guards in transformResponse

Sequence Diagram

sequenceDiagram
    participant WF as Workflow Node
    participant Block as Reddit Block
    participant Tool as Reddit Tool
    participant API as Reddit OAuth API

    WF->>Block: execute(operation, params)
    Block->>Block: toolMap[operation] → tool id
    Block->>Block: params() → typed params

    alt GET tools (get_me, get_user, get_subreddit_info, get_messages)
        Block->>Tool: invoke(params)
        Tool->>Tool: validate input (validatePathSegment / validateEnum)
        Tool->>API: GET /api/v1/me OR /user/{username}/about OR /r/{sub}/about OR /message/{where}
        API-->>Tool: Response
        alt response.ok
            Tool->>Tool: transformResponse → success: true, output
        else !response.ok (401/403/404/429)
            Tool->>Tool: transformResponse → success: false, empty output
        end
        Tool-->>WF: ToolResponse

    else POST tools (send_message, reply)
        Block->>Tool: invoke(params)
        Tool->>API: POST /api/compose OR /api/comment
        API-->>Tool: Response
        alt !response.ok
            Tool->>Tool: HTTP error → success: false
        else data.json.errors present
            Tool->>Tool: API error → success: false
        else success
            Tool->>Tool: success: true, message
        end
        Tool-->>WF: ToolResponse

    else Listing tools (get_posts, get_controversial, search, hot_posts, get_comments)
        Block->>Tool: invoke(params)
        Tool->>API: GET /r/{sub}/{sort} OR /r/{sub}/search OR /r/{sub}/comments/{id}
        API-->>Tool: Response
        Note over Tool: ⚠️ No response.ok check!
        Tool->>Tool: data.data?.children?.map() || []
        Tool-->>WF: success: true (even on 401/403/429)
    end

Loading

Comments Outside Diff (2)

1. apps/sim/tools/reddit/submit_post.ts, line 136-168 (link)

   Missing response.ok guard — HTTP errors silently return success: true

   transformResponse only checks data.json?.errors, but when Reddit returns an HTTP-level error (e.g., 403 for posting to a restricted subreddit, 401 for an expired token, 429 for rate limiting), the response body is {"message":"Forbidden","error":403} — there is no json wrapper, so data.json?.errors is undefined and the error branch is skipped entirely. The function falls through to return success: true with "Post submitted successfully" and postData being undefined.

   This is the same pattern that was correctly fixed in reply.ts and send_message.ts in this PR, but was not applied here. Add the guard:

   transformResponse: async (response: Response) => {
     const data = await response.json()
   
     if (!response.ok) {
       const errorMsg = data?.message || `HTTP error ${response.status}`
       return {
         success: false,
         output: { success: false, message: `Failed to submit post: ${errorMsg}` },
       }
     }
   
     if (data.json?.errors && data.json.errors.length > 0) {
       ...
     }
     ...
   }

2. apps/sim/tools/reddit/get_posts.ts, line 144-181 (link)

   Missing response.ok guard across all listing tools — errors silently return success: true

   transformResponse has no check on response.ok. If the Reddit API returns a non-2xx response (e.g., 401 for an expired token, 403 for a private subreddit, 429 for rate limiting), data.data?.children will be undefined, the || [] fallback produces an empty posts array, and the tool still returns success: true. The caller has no indication the request failed.

   The same missing guard exists in every other modified listing tool in this PR:

   • apps/sim/tools/reddit/get_controversial.ts (line 113)
   • apps/sim/tools/reddit/search.ts (line 146)
   • apps/sim/tools/reddit/hot_posts.ts (line 64)
   • apps/sim/tools/reddit/get_comments.ts (line 142)

   All five new tools added in this PR (get_me.ts, get_user.ts, send_message.ts, get_messages.ts, get_subreddit_info.ts) correctly include !response.ok guards — the same pattern should be applied to these listing tools. For example:

   transformResponse: async (response: Response, requestParams?: RedditPostsParams) => {
     const data = await response.json()
   
     if (!response.ok) {
       return {
         success: false,
         output: {
           subreddit: requestParams?.subreddit ?? 'unknown',
           posts: [],
           after: null,
           before: null,
         },
       }
     }
     // ... rest of existing logic
   }

_{Last reviewed commit: 0f6b08d}

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

[waleedlatif1]

@greptile