feat(snowflake): snowflake integration #1993

aadamgough · 2025-11-14T20:31:09Z

Summary

Snowflake integration. Still testing some auth stuff for creating and deleting tables.

Fixes #(issue)

Type of Change

New feature

Testing

Tested manually

Checklist

Code follows project style guidelines
Self-reviewed my changes
Tests added/updated and passing
No new warnings introduced
I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

vercel · 2025-11-14T20:31:15Z

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Preview	Comments	Updated (UTC)
docs	Skipped			Dec 6, 2025 11:35pm

greptile-apps · 2025-11-14T20:34:17Z

Greptile Overview

Greptile Summary

This PR adds comprehensive Snowflake integration with 12 operations including query execution, data manipulation (insert/update/delete), and metadata listing (databases, schemas, tables, views, warehouses, file formats, stages). The implementation uses Personal Access Token (PAT) authentication via Snowflake's SQL API v2.

Key Changes

New Snowflake block (apps/sim/blocks/blocks/snowflake.ts): Multi-operation block with dropdown selector for different Snowflake operations
12 Snowflake tools: Execute query, insert/update/delete rows, and various list/describe operations
Security improvements: Added sanitizeIdentifier() and validateWhereClause() functions to prevent SQL injection
Icon addition: Snowflake SVG icon component

Critical Issues Found

Authentication Configuration Mismatch: The accessToken parameter has inconsistent visibility settings across the codebase. The block configuration uses password: true without explicit visibility, while all tools use visibility: 'hidden'. According to project standards, user-provided credentials like Personal Access Tokens should use visibility: 'user-only', not hidden. Only framework-injected OAuth tokens should use hidden visibility. This affects 5 files:

apps/sim/blocks/blocks/snowflake.ts (line 48)
apps/sim/tools/snowflake/execute_query.ts (line 28)
apps/sim/tools/snowflake/insert_rows.ts (line 62)
apps/sim/tools/snowflake/update_rows.ts (line 70)
apps/sim/tools/snowflake/delete_rows.ts (line 48)

Positive Aspects

SQL injection protection implemented through identifier sanitization and WHERE clause validation
Comprehensive operation coverage for Snowflake data warehouse management
Consistent error handling and logging across all tools
Type-safe implementation with well-defined TypeScript interfaces
Proper integration with existing block and tool registries

Confidence Score: 3/5

Safe to merge with required fixes to authentication visibility configuration
The core functionality is well-implemented with SQL injection protections in place. However, the authentication configuration violates project standards for credential visibility. The accessToken parameter uses hidden visibility in all tools when it should use user-only for user-provided PATs. This is a systemic issue affecting 5 files that must be corrected before merge to ensure proper credential handling throughout the application
All Snowflake tool files (delete_rows.ts, insert_rows.ts, update_rows.ts, execute_query.ts) and the block configuration (snowflake.ts) require updates to accessToken visibility settings

Important Files Changed

File Analysis

Filename	Score	Overview
apps/sim/blocks/blocks/snowflake.ts	3/5	New Snowflake block configuration with comprehensive operations. Critical issue: `accessToken` uses `password: true` without proper `user-only` visibility setting
apps/sim/tools/snowflake/utils.ts	4/5	Utility functions with SQL injection protection via identifier sanitization and WHERE clause validation. Minor edge case with dot-containing identifiers
apps/sim/tools/snowflake/delete_rows.ts	3/5	DELETE operation tool with proper sanitization. Issue: `accessToken` uses `hidden` visibility instead of `user-only`
apps/sim/tools/snowflake/insert_rows.ts	3/5	INSERT operation tool with identifier sanitization and value escaping. Issue: `accessToken` uses `hidden` visibility instead of `user-only`
apps/sim/tools/snowflake/update_rows.ts	3/5	UPDATE operation tool with sanitization and WHERE validation. Issue: `accessToken` uses `hidden` visibility instead of `user-only`
apps/sim/tools/snowflake/execute_query.ts	3/5	Query execution tool with response parsing. Issue: `accessToken` uses `hidden` visibility instead of `user-only`

Sequence Diagram

sequenceDiagram
    participant User
    participant SnowflakeBlock as Snowflake Block
    participant ToolRegistry as Tool Registry
    participant SnowflakeTool as Snowflake Tool
    participant Utils as Utils (sanitization)
    participant SnowflakeAPI as Snowflake API

    User->>SnowflakeBlock: Configure operation (e.g., insert_rows)
    User->>SnowflakeBlock: Provide accountUrl & accessToken (PAT)
    User->>SnowflakeBlock: Provide operation params (database, schema, table, etc.)
    
    SnowflakeBlock->>SnowflakeBlock: Select tool based on operation
    SnowflakeBlock->>SnowflakeBlock: Build tool params from block config
    
    SnowflakeBlock->>ToolRegistry: Call selected tool (e.g., snowflake_insert_rows)
    ToolRegistry->>SnowflakeTool: Execute tool with params
    
    SnowflakeTool->>Utils: Sanitize identifiers (database, schema, table, columns)
    Utils-->>SnowflakeTool: Return quoted identifiers
    
    alt Operation has WHERE clause
        SnowflakeTool->>Utils: Validate WHERE clause
        Utils-->>SnowflakeTool: Return validation result
    end
    
    SnowflakeTool->>SnowflakeTool: Build SQL statement
    SnowflakeTool->>SnowflakeTool: Create request body with statement
    
    SnowflakeTool->>SnowflakeAPI: POST /api/v2/statements
    Note right of SnowflakeAPI: Headers: Bearer token + PAT type
    
    SnowflakeAPI-->>SnowflakeTool: Response (statementHandle, data, etc.)
    
    SnowflakeTool->>SnowflakeTool: Transform response
    SnowflakeTool-->>ToolRegistry: Return formatted result
    ToolRegistry-->>SnowflakeBlock: Return result
    SnowflakeBlock-->>User: Display operation result

greptile-apps

_{27 files reviewed, 3 comments}

_{Edit Code Review Agent Settings | Greptile}

greptile-apps · 2025-11-14T20:34:15Z

apps/sim/tools/snowflake/delete_rows.ts

+function buildDeleteSQL(
+  database: string,
+  schema: string,
+  table: string,
+  whereClause?: string
+): string {
+  const fullTableName = `${database}.${schema}.${table}`
+
+  let sql = `DELETE FROM ${fullTableName}`
+
+  // Add WHERE clause if provided
+  if (whereClause && whereClause.trim()) {
+    sql += ` WHERE ${whereClause}`
+  }
+
+  return sql


logic: SQL injection vulnerability: database, schema, table, and whereClause are concatenated directly into SQL without any validation or identifier quoting. Malicious input like table = "users; DROP TABLE users--" could execute arbitrary SQL.

Suggested change

function buildDeleteSQL(

database: string,

schema: string,

table: string,

whereClause?: string

): string {

const fullTableName = `${database}.${schema}.${table}`

let sql = `DELETE FROM ${fullTableName}`

// Add WHERE clause if provided

if (whereClause && whereClause.trim()) {

sql += ` WHERE ${whereClause}`

}

return sql

function buildDeleteSQL(

database: string,

schema: string,

table: string,

whereClause?: string

): string {

// Snowflake identifier quoting requires double quotes for SQL identifiers

const quotedDatabase = `"${database.replace(/"/g, '""')}"`

const quotedSchema = `"${schema.replace(/"/g, '""')}"`

const quotedTable = `"${table.replace(/"/g, '""')}"`

const fullTableName = `${quotedDatabase}.${quotedSchema}.${quotedTable}`

let sql = `DELETE FROM ${fullTableName}`

// Add WHERE clause if provided

// Note: whereClause still needs proper parameterization - consider using Snowflake bind variables

if (whereClause && whereClause.trim()) {

sql += ` WHERE ${whereClause}`

}

return sql

}

Prompt To Fix With AI

This is a comment left during a code review. Path: apps/sim/tools/snowflake/delete_rows.ts Line: 14:29 Comment: **logic:** SQL injection vulnerability: `database`, `schema`, `table`, and `whereClause` are concatenated directly into SQL without any validation or identifier quoting. Malicious input like `table = "users; DROP TABLE users--"` could execute arbitrary SQL. ```suggestion function buildDeleteSQL( database: string, schema: string, table: string, whereClause?: string ): string { // Snowflake identifier quoting requires double quotes for SQL identifiers const quotedDatabase = `"${database.replace(/"/g, '""')}"` const quotedSchema = `"${schema.replace(/"/g, '""')}"` const quotedTable = `"${table.replace(/"/g, '""')}"` const fullTableName = `${quotedDatabase}.${quotedSchema}.${quotedTable}` let sql = `DELETE FROM ${fullTableName}` // Add WHERE clause if provided // Note: whereClause still needs proper parameterization - consider using Snowflake bind variables if (whereClause && whereClause.trim()) { sql += ` WHERE ${whereClause}` } return sql } ``` How can I resolve this? If you propose a fix, please make it concise.

greptile-apps · 2025-11-14T20:34:16Z

apps/sim/tools/snowflake/insert_rows.ts

+function buildInsertSQL(
+  database: string,
+  schema: string,
+  table: string,
+  columns: string[],
+  values: any[][]
+): string {
+  const fullTableName = `${database}.${schema}.${table}`
+  const columnList = columns.join(', ')
+
+  // Build values clause for multiple rows
+  const valuesClause = values
+    .map((rowValues) => {
+      const formattedValues = rowValues.map((val) => {
+        if (val === null || val === undefined) {
+          return 'NULL'
+        }
+        if (typeof val === 'string') {
+          // Escape single quotes by doubling them
+          return `'${val.replace(/'/g, "''")}'`
+        }
+        if (typeof val === 'boolean') {
+          return val ? 'TRUE' : 'FALSE'
+        }
+        return String(val)
+      })
+      return `(${formattedValues.join(', ')})`
+    })
+    .join(', ')
+
+  return `INSERT INTO ${fullTableName} (${columnList}) VALUES ${valuesClause}`
+}


logic: SQL injection vulnerability: database, schema, table, and columns array are concatenated directly into SQL without identifier quoting. Malicious input in column names like "col1, (SELECT password FROM users)--" could expose data.

Suggested change

function buildInsertSQL(

database: string,

schema: string,

table: string,

columns: string[],

values: any[][]

): string {

const fullTableName = `${database}.${schema}.${table}`

const columnList = columns.join(', ')

// Build values clause for multiple rows

const valuesClause = values

.map((rowValues) => {

const formattedValues = rowValues.map((val) => {

if (val === null || val === undefined) {

return 'NULL'

}

if (typeof val === 'string') {

// Escape single quotes by doubling them

return `'${val.replace(/'/g, "''")}'`

}

if (typeof val === 'boolean') {

return val ? 'TRUE' : 'FALSE'

}

return String(val)

})

return `(${formattedValues.join(', ')})`

})

.join(', ')

return `INSERT INTO ${fullTableName} (${columnList}) VALUES ${valuesClause}`

}

function buildInsertSQL(

database: string,

schema: string,

table: string,

columns: string[],

values: any[][]

): string {

// Quote SQL identifiers to prevent injection

const quotedDatabase = `"${database.replace(/"/g, '""')}"`

const quotedSchema = `"${schema.replace(/"/g, '""')}"`

const quotedTable = `"${table.replace(/"/g, '""')}"`

const fullTableName = `${quotedDatabase}.${quotedSchema}.${quotedTable}`

// Quote column names as SQL identifiers

const columnList = columns.map(col => `"${col.replace(/"/g, '""')}"`).join(', ')

// Build values clause for multiple rows

const valuesClause = values

.map((rowValues) => {

const formattedValues = rowValues.map((val) => {

if (val === null || val === undefined) {

return 'NULL'

}

if (typeof val === 'string') {

// Escape single quotes by doubling them

return `'${val.replace(/'/g, "''")}'`

}

if (typeof val === 'boolean') {

return val ? 'TRUE' : 'FALSE'

}

return String(val)

})

return `(${formattedValues.join(', ')})`

})

.join(', ')

return `INSERT INTO ${fullTableName} (${columnList}) VALUES ${valuesClause}`

}

Prompt To Fix With AI

This is a comment left during a code review. Path: apps/sim/tools/snowflake/insert_rows.ts Line: 14:45 Comment: **logic:** SQL injection vulnerability: `database`, `schema`, `table`, and `columns` array are concatenated directly into SQL without identifier quoting. Malicious input in column names like `"col1, (SELECT password FROM users)--"` could expose data. ```suggestion function buildInsertSQL( database: string, schema: string, table: string, columns: string[], values: any[][] ): string { // Quote SQL identifiers to prevent injection const quotedDatabase = `"${database.replace(/"/g, '""')}"` const quotedSchema = `"${schema.replace(/"/g, '""')}"` const quotedTable = `"${table.replace(/"/g, '""')}"` const fullTableName = `${quotedDatabase}.${quotedSchema}.${quotedTable}` // Quote column names as SQL identifiers const columnList = columns.map(col => `"${col.replace(/"/g, '""')}"`).join(', ') // Build values clause for multiple rows const valuesClause = values .map((rowValues) => { const formattedValues = rowValues.map((val) => { if (val === null || val === undefined) { return 'NULL' } if (typeof val === 'string') { // Escape single quotes by doubling them return `'${val.replace(/'/g, "''")}'` } if (typeof val === 'boolean') { return val ? 'TRUE' : 'FALSE' } return String(val) }) return `(${formattedValues.join(', ')})` }) .join(', ') return `INSERT INTO ${fullTableName} (${columnList}) VALUES ${valuesClause}` } ``` How can I resolve this? If you propose a fix, please make it concise.

greptile-apps · 2025-11-14T20:34:17Z

apps/sim/tools/snowflake/update_rows.ts

+function buildUpdateSQL(
+  database: string,
+  schema: string,
+  table: string,
+  updates: Record<string, any>,
+  whereClause?: string
+): string {
+  const fullTableName = `${database}.${schema}.${table}`
+
+  // Build SET clause
+  const setClause = Object.entries(updates)
+    .map(([column, value]) => {
+      let formattedValue: string
+
+      if (value === null || value === undefined) {
+        formattedValue = 'NULL'
+      } else if (typeof value === 'string') {
+        // Escape single quotes by doubling them
+        formattedValue = `'${value.replace(/'/g, "''")}'`
+      } else if (typeof value === 'boolean') {
+        formattedValue = value ? 'TRUE' : 'FALSE'
+      } else {
+        formattedValue = String(value)
+      }
+
+      return `${column} = ${formattedValue}`
+    })
+    .join(', ')
+
+  let sql = `UPDATE ${fullTableName} SET ${setClause}`
+
+  // Add WHERE clause if provided
+  if (whereClause && whereClause.trim()) {
+    sql += ` WHERE ${whereClause}`
+  }
+
+  return sql
+}


logic: SQL injection vulnerability: database, schema, table, and column names in updates object are concatenated directly into SQL without identifier quoting. Malicious column names could inject arbitrary SQL.

Suggested change

function buildUpdateSQL(

database: string,

schema: string,

table: string,

updates: Record<string, any>,

whereClause?: string

): string {

const fullTableName = `${database}.${schema}.${table}`

// Build SET clause

const setClause = Object.entries(updates)

.map(([column, value]) => {

let formattedValue: string

if (value === null || value === undefined) {

formattedValue = 'NULL'

} else if (typeof value === 'string') {

// Escape single quotes by doubling them

formattedValue = `'${value.replace(/'/g, "''")}'`

} else if (typeof value === 'boolean') {

formattedValue = value ? 'TRUE' : 'FALSE'

} else {

formattedValue = String(value)

}

return `${column} = ${formattedValue}`

})

.join(', ')

let sql = `UPDATE ${fullTableName} SET ${setClause}`

// Add WHERE clause if provided

if (whereClause && whereClause.trim()) {

sql += ` WHERE ${whereClause}`

}

return sql

}

function buildUpdateSQL(

database: string,

schema: string,

table: string,

updates: Record<string, any>,

whereClause?: string

): string {

// Quote SQL identifiers to prevent injection

const quotedDatabase = `"${database.replace(/"/g, '""')}"`

const quotedSchema = `"${schema.replace(/"/g, '""')}"`

const quotedTable = `"${table.replace(/"/g, '""')}"`

const fullTableName = `${quotedDatabase}.${quotedSchema}.${quotedTable}`

// Build SET clause with quoted column identifiers

const setClause = Object.entries(updates)

.map(([column, value]) => {

// Quote column name as SQL identifier

const quotedColumn = `"${column.replace(/"/g, '""')}"`

let formattedValue: string

if (value === null || value === undefined) {

formattedValue = 'NULL'

} else if (typeof value === 'string') {

// Escape single quotes by doubling them

formattedValue = `'${value.replace(/'/g, "''")}'`

} else if (typeof value === 'boolean') {

formattedValue = value ? 'TRUE' : 'FALSE'

} else {

formattedValue = String(value)

}

return `${quotedColumn} = ${formattedValue}`

})

.join(', ')

let sql = `UPDATE ${fullTableName} SET ${setClause}`

// Add WHERE clause if provided

// Note: whereClause still needs proper parameterization

if (whereClause && whereClause.trim()) {

sql += ` WHERE ${whereClause}`

}

return sql

}

Prompt To Fix With AI

This is a comment left during a code review. Path: apps/sim/tools/snowflake/update_rows.ts Line: 14:51 Comment: **logic:** SQL injection vulnerability: `database`, `schema`, `table`, and column names in `updates` object are concatenated directly into SQL without identifier quoting. Malicious column names could inject arbitrary SQL. ```suggestion function buildUpdateSQL( database: string, schema: string, table: string, updates: Record<string, any>, whereClause?: string ): string { // Quote SQL identifiers to prevent injection const quotedDatabase = `"${database.replace(/"/g, '""')}"` const quotedSchema = `"${schema.replace(/"/g, '""')}"` const quotedTable = `"${table.replace(/"/g, '""')}"` const fullTableName = `${quotedDatabase}.${quotedSchema}.${quotedTable}` // Build SET clause with quoted column identifiers const setClause = Object.entries(updates) .map(([column, value]) => { // Quote column name as SQL identifier const quotedColumn = `"${column.replace(/"/g, '""')}"` let formattedValue: string if (value === null || value === undefined) { formattedValue = 'NULL' } else if (typeof value === 'string') { // Escape single quotes by doubling them formattedValue = `'${value.replace(/'/g, "''")}'` } else if (typeof value === 'boolean') { formattedValue = value ? 'TRUE' : 'FALSE' } else { formattedValue = String(value) } return `${quotedColumn} = ${formattedValue}` }) .join(', ') let sql = `UPDATE ${fullTableName} SET ${setClause}` // Add WHERE clause if provided // Note: whereClause still needs proper parameterization if (whereClause && whereClause.trim()) { sql += ` WHERE ${whereClause}` } return sql } ``` How can I resolve this? If you propose a fix, please make it concise.

AVtheking · 2025-11-19T13:20:01Z

apps/sim/app/api/auth/snowflake/authorize/route.ts

+      )
+    }
+
+    const clientId = env.SNOWFLAKE_CLIENT_ID


isn't snowflake require clientId and client secret of the user account ?

…nd secret

greptile-apps

_{21 files reviewed, 7 comments}

_{Edit Code Review Agent Settings | Greptile}

greptile-apps · 2025-12-14T04:06:04Z

apps/sim/tools/snowflake/utils.ts

+function sanitizeSingleIdentifier(identifier: string): string {
+  const cleaned = identifier.replace(/"/g, '')
+
+  if (!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(cleaned)) {
+    throw new Error(
+      `Invalid identifier: ${identifier}. Identifiers must start with a letter or underscore and contain only letters, numbers, and underscores.`
+    )
+  }
+
+  return `"${cleaned}"`
+}


style: Identifier validation rejects valid Snowflake identifiers containing dots

sanitizeSingleIdentifier rejects identifiers that don't match /^[a-zA-Z_][a-zA-Z0-9_]*$/, but this is called after splitting on dots in line 147. However, valid fully-qualified Snowflake identifiers like "my.table" (a single quoted identifier containing a dot) will be rejected. While uncommon, Snowflake supports such identifiers when quoted.

Prompt To Fix With AI

This is a comment left during a code review. Path: apps/sim/tools/snowflake/utils.ts Line: 174:184 Comment: **style:** Identifier validation rejects valid Snowflake identifiers containing dots `sanitizeSingleIdentifier` rejects identifiers that don't match `/^[a-zA-Z_][a-zA-Z0-9_]*$/`, but this is called after splitting on dots in line 147. However, valid fully-qualified Snowflake identifiers like `"my.table"` (a single quoted identifier containing a dot) will be rejected. While uncommon, Snowflake supports such identifiers when quoted. How can I resolve this? If you propose a fix, please make it concise.

greptile-apps · 2025-12-14T04:06:04Z

apps/sim/tools/snowflake/insert_rows.ts

+      const formattedValues = rowValues.map((val) => {
+        if (val === null || val === undefined) {
+          return 'NULL'
+        }
+        if (typeof val === 'string') {
+          return `'${val.replace(/'/g, "''")}'`
+        }
+        if (typeof val === 'boolean') {
+          return val ? 'TRUE' : 'FALSE'
+        }
+        return String(val)
+      })
+      return `(${formattedValues.join(', ')})`


style: String escaping only handles single quotes, missing backslash escaping

Line 35 escapes single quotes by doubling them (' → ''), which is correct for SQL. However, if string values contain backslashes followed by single quotes (\'), this could still lead to issues depending on Snowflake's string literal handling. Consider documenting that parameterized queries would be more robust.

Prompt To Fix With AI

This is a comment left during a code review. Path: apps/sim/tools/snowflake/insert_rows.ts Line: 30:42 Comment: **style:** String escaping only handles single quotes, missing backslash escaping Line 35 escapes single quotes by doubling them (`'` → `''`), which is correct for SQL. However, if string values contain backslashes followed by single quotes (`\'`), this could still lead to issues depending on Snowflake's string literal handling. Consider documenting that parameterized queries would be more robust. How can I resolve this? If you propose a fix, please make it concise.

greptile-apps · 2025-12-14T04:06:05Z

apps/sim/blocks/blocks/snowflake.ts

+      title: 'Personal Access Token',
+      type: 'short-input',
+      placeholder: 'Enter your Snowflake PAT',
+      description: 'Generate a PAT in Snowflake Snowsight',
+      password: true,
+      required: true,


logic: accessToken configured with password: true but missing user-only visibility

User-provided credentials like Personal Access Tokens should use user-only visibility, not rely on just password: true. The password: true property only controls UI display (masking input), while visibility controls parameter visibility in tool configs. This will cause a mismatch when the PAT is passed to tools that expect visibility: 'hidden'.

Context Used: Rule from dashboard - API keys and other user-provided credentials should use 'user-only' visibility, not 'hidden'. Only f... (source)

Prompt To Fix With AI

This is a comment left during a code review. Path: apps/sim/blocks/blocks/snowflake.ts Line: 48:53 Comment: **logic:** `accessToken` configured with `password: true` but missing `user-only` visibility User-provided credentials like Personal Access Tokens should use `user-only` visibility, not rely on just `password: true`. The `password: true` property only controls UI display (masking input), while `visibility` controls parameter visibility in tool configs. This will cause a mismatch when the PAT is passed to tools that expect `visibility: 'hidden'`. **Context Used:** Rule from `dashboard` - API keys and other user-provided credentials should use 'user-only' visibility, not 'hidden'. Only f... ([source](https://app.greptile.com/review/custom-context?memory=2851870a-bd1b-44d3-bc5b-1c7e716acec8)) How can I resolve this? If you propose a fix, please make it concise.

greptile-apps · 2025-12-14T04:06:06Z

apps/sim/tools/snowflake/delete_rows.ts

+    accessToken: {
+      type: 'string',
+      required: true,
+      visibility: 'hidden',


logic: accessToken visibility should be user-only, not hidden

User-provided credentials like Personal Access Tokens should use user-only visibility. Only framework-injected OAuth tokens should use hidden visibility.

Context Used: Rule from dashboard - API keys and other user-provided credentials should use 'user-only' visibility, not 'hidden'. Only f... (source)

Prompt To Fix With AI

This is a comment left during a code review. Path: apps/sim/tools/snowflake/delete_rows.ts Line: 48:48 Comment: **logic:** `accessToken` visibility should be `user-only`, not `hidden` User-provided credentials like Personal Access Tokens should use `user-only` visibility. Only framework-injected OAuth tokens should use `hidden` visibility. **Context Used:** Rule from `dashboard` - API keys and other user-provided credentials should use 'user-only' visibility, not 'hidden'. Only f... ([source](https://app.greptile.com/review/custom-context?memory=2851870a-bd1b-44d3-bc5b-1c7e716acec8)) How can I resolve this? If you propose a fix, please make it concise.

greptile-apps · 2025-12-14T04:06:06Z

apps/sim/tools/snowflake/insert_rows.ts

+    accessToken: {
+      type: 'string',
+      required: true,
+      visibility: 'hidden',


logic: accessToken visibility should be user-only, not hidden

User-provided credentials like Personal Access Tokens should use user-only visibility. Only framework-injected OAuth tokens should use hidden visibility.

Context Used: Rule from dashboard - API keys and other user-provided credentials should use 'user-only' visibility, not 'hidden'. Only f... (source)

Prompt To Fix With AI

This is a comment left during a code review. Path: apps/sim/tools/snowflake/insert_rows.ts Line: 62:62 Comment: **logic:** `accessToken` visibility should be `user-only`, not `hidden` User-provided credentials like Personal Access Tokens should use `user-only` visibility. Only framework-injected OAuth tokens should use `hidden` visibility. **Context Used:** Rule from `dashboard` - API keys and other user-provided credentials should use 'user-only' visibility, not 'hidden'. Only f... ([source](https://app.greptile.com/review/custom-context?memory=2851870a-bd1b-44d3-bc5b-1c7e716acec8)) How can I resolve this? If you propose a fix, please make it concise.

greptile-apps · 2025-12-14T04:06:07Z

apps/sim/tools/snowflake/update_rows.ts

+    accessToken: {
+      type: 'string',
+      required: true,
+      visibility: 'hidden',


logic: accessToken visibility should be user-only, not hidden

User-provided credentials like Personal Access Tokens should use user-only visibility. Only framework-injected OAuth tokens should use hidden visibility.

Context Used: Rule from dashboard - API keys and other user-provided credentials should use 'user-only' visibility, not 'hidden'. Only f... (source)

Prompt To Fix With AI

This is a comment left during a code review. Path: apps/sim/tools/snowflake/update_rows.ts Line: 70:70 Comment: **logic:** `accessToken` visibility should be `user-only`, not `hidden` User-provided credentials like Personal Access Tokens should use `user-only` visibility. Only framework-injected OAuth tokens should use `hidden` visibility. **Context Used:** Rule from `dashboard` - API keys and other user-provided credentials should use 'user-only' visibility, not 'hidden'. Only f... ([source](https://app.greptile.com/review/custom-context?memory=2851870a-bd1b-44d3-bc5b-1c7e716acec8)) How can I resolve this? If you propose a fix, please make it concise.

greptile-apps · 2025-12-14T04:06:07Z

apps/sim/tools/snowflake/execute_query.ts

+    accessToken: {
+      type: 'string',
+      required: true,
+      visibility: 'hidden',


logic: accessToken visibility should be user-only, not hidden

User-provided credentials like Personal Access Tokens should use user-only visibility. Only framework-injected OAuth tokens should use hidden visibility.

Context Used: Rule from dashboard - API keys and other user-provided credentials should use 'user-only' visibility, not 'hidden'. Only f... (source)

Prompt To Fix With AI

This is a comment left during a code review. Path: apps/sim/tools/snowflake/execute_query.ts Line: 28:28 Comment: **logic:** `accessToken` visibility should be `user-only`, not `hidden` User-provided credentials like Personal Access Tokens should use `user-only` visibility. Only framework-injected OAuth tokens should use `hidden` visibility. **Context Used:** Rule from `dashboard` - API keys and other user-provided credentials should use 'user-only' visibility, not 'hidden'. Only f... ([source](https://app.greptile.com/review/custom-context?memory=2851870a-bd1b-44d3-bc5b-1c7e716acec8)) How can I resolve this? If you propose a fix, please make it concise.

domiverse · 2025-12-21T06:53:19Z

apps/sim/tools/registry.ts

+  snowflake_update_rows: snowflakeUpdateRowsTool,
+  snowflake_delete_rows: snowflakeDeleteRowsTool,
+  snowflake_list_databases: snowflakeListDatabasesTool,
+  snowflake_list_schemas: snowflakeListSchemasTool,


Dòng này thêm (đăng ký) một entry vào object registry của các tool — nó ánh xạ tên string "snowflake_execute_query" tới hàm/đối tượng triển khai snowflakeExecuteQueryTool.

Kết quả: nơi khác trong ứng dụng có thể tra tên "snowflake_execute_query" trong registry này để gọi chức năng thực thi truy vấn Snowflake.

Trong phần đầu của diff cũng có import của snowflakeExecuteQueryTool cùng một loạt tool Snowflake khác — tức là toàn bộ nhóm tool Snowflake được thêm vào registry để sử dụng.

greptile-apps bot reviewed Nov 14, 2025

View reviewed changes

aadamgough force-pushed the feat/snowflake branch from a128838 to c0d357d Compare November 14, 2025 23:59

vercel bot temporarily deployed to Preview November 14, 2025 23:59 Inactive

AVtheking reviewed Nov 19, 2025

View reviewed changes

vercel bot temporarily deployed to Preview November 19, 2025 21:04 Inactive

aadamgough force-pushed the feat/snowflake branch from 1f8c88f to ee04fdc Compare November 19, 2025 21:12

vercel bot temporarily deployed to Preview November 19, 2025 21:12 Inactive

vercel bot temporarily deployed to Preview November 19, 2025 21:14 Inactive

aadamgough force-pushed the feat/snowflake branch from e0b326a to 77dc563 Compare November 29, 2025 21:36

vercel bot temporarily deployed to Preview November 29, 2025 21:36 Inactive

vercel bot temporarily deployed to Preview November 29, 2025 22:28 Inactive

vercel bot temporarily deployed to Preview November 29, 2025 22:58 Inactive

vercel bot temporarily deployed to Preview November 29, 2025 23:06 Inactive

vercel bot temporarily deployed to Preview December 4, 2025 07:47 Inactive

vercel bot temporarily deployed to Preview December 5, 2025 20:51 Inactive

aadamgough added 10 commits December 6, 2025 14:38

first push

273d4cd

working, but certain create, delete update queries are not

e3dca66

client id and secret for individual projects, no more single client a…

17a1645

…nd secret

component fix

f093f97

fixed vulnerability and lint

883c701

added new test routes to fix build

b3f6bff

fixed build

342c4a2

reformatted to PAT from oauth

89ba330

removed unnecessary file and reverted oauth.ts

248ebac

added env to env.ts

addd05b

aadamgough force-pushed the feat/snowflake branch from 2737bb8 to addd05b Compare December 6, 2025 22:47

vercel bot temporarily deployed to Preview December 6, 2025 22:47 Inactive

fix

7671ec3

vercel bot temporarily deployed to Preview December 6, 2025 23:27 Inactive

removed comments and utils

e7936f7

vercel bot temporarily deployed to Preview December 6, 2025 23:35 Inactive

waleedlatif1 deleted the branch staging December 14, 2025 03:57

waleedlatif1 closed this Dec 14, 2025

waleedlatif1 reopened this Dec 14, 2025

greptile-apps bot reviewed Dec 14, 2025

View reviewed changes

domiverse reviewed Dec 21, 2025

View reviewed changes

feat(snowflake): snowflake integration #1993

Are you sure you want to change the base?

feat(snowflake): snowflake integration #1993

Uh oh!

Conversation

aadamgough commented Nov 14, 2025

Summary

Type of Change

Testing

Checklist

Uh oh!

vercel bot commented Nov 14, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

greptile-apps bot commented Nov 14, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Greptile Overview

Greptile Summary

Key Changes

Critical Issues Found

Positive Aspects

Confidence Score: 3/5

Important Files Changed

Sequence Diagram

Uh oh!

greptile-apps bot left a comment

Choose a reason for hiding this comment

Uh oh!

greptile-apps bot Nov 14, 2025

Choose a reason for hiding this comment

Uh oh!

greptile-apps bot Nov 14, 2025

Choose a reason for hiding this comment

Uh oh!

greptile-apps bot Nov 14, 2025

Choose a reason for hiding this comment

Uh oh!

AVtheking Nov 19, 2025

Choose a reason for hiding this comment

Uh oh!

greptile-apps bot left a comment

Choose a reason for hiding this comment

Uh oh!

greptile-apps bot Dec 14, 2025

Choose a reason for hiding this comment

Uh oh!

greptile-apps bot Dec 14, 2025

Choose a reason for hiding this comment

Uh oh!

greptile-apps bot Dec 14, 2025

Choose a reason for hiding this comment

Uh oh!

greptile-apps bot Dec 14, 2025

Choose a reason for hiding this comment

Uh oh!

greptile-apps bot Dec 14, 2025

Choose a reason for hiding this comment

Uh oh!

greptile-apps bot Dec 14, 2025

Choose a reason for hiding this comment

Uh oh!

greptile-apps bot Dec 14, 2025

Choose a reason for hiding this comment

Uh oh!

domiverse Dec 21, 2025

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

vercel bot commented Nov 14, 2025 •

edited

Loading

greptile-apps bot commented Nov 14, 2025 •

edited

Loading