fix(execution): scope X-Sim-Via header to internal routes and add child workflow depth validation

- Move call chain header injection from HTTP tool layer (request.ts/utils.ts)
  to tool execution layer (tools/index.ts) gated on isInternalRoute, preventing
  internal workflow IDs from leaking to external third-party APIs
- Remove cycle detection from validateCallChain — depth limit alone prevents
  infinite loops while allowing legitimate self-recursion (pagination, tree
  processing, batch splitting)
- Add validateCallChain check in workflow-handler.ts before spawning child
  executor, closing the gap where in-process child workflows skipped validation
- Remove unsafe `(params as any)._context` type bypass in request.ts

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: waleedlatif1

apps/sim/app/api/workflows/[id]/execute/route.ts

@@ -245,7 +245,7 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
   const { id: workflowId } = await params
 
   const incomingCallChain = parseCallChain(req.headers.get(SIM_VIA_HEADER))
-  const callChainError = validateCallChain(incomingCallChain, workflowId)
+  const callChainError = validateCallChain(incomingCallChain)
   if (callChainError) {
     logger.warn(`[${requestId}] Call chain rejected for workflow ${workflowId}: ${callChainError}`)
     return NextResponse.json({ error: callChainError }, { status: 409 })

apps/sim/executor/handlers/workflow/workflow-handler.ts

@@ -1,5 +1,5 @@
 import { createLogger } from '@sim/logger'
-import { buildNextCallChain } from '@/lib/execution/call-chain'
+import { buildNextCallChain, validateCallChain } from '@/lib/execution/call-chain'
 import { snapshotService } from '@/lib/logs/execution/snapshot/service'
 import { buildTraceSpans } from '@/lib/logs/execution/trace-spans/trace-spans'
 import type { TraceSpan } from '@/lib/logs/types'
@@ -168,6 +168,15 @@ export class WorkflowBlockHandler implements BlockHandler {
         ctx.onChildWorkflowInstanceReady?.(effectiveBlockId, instanceId, iterationContext)
       }
 
+      const childCallChain = buildNextCallChain(ctx.callChain || [], workflowId)
+      const depthError = validateCallChain(ctx.callChain || [])
+      if (depthError) {
+        throw new ChildWorkflowError({
+          message: depthError,
+          childWorkflowName,
+        })
+      }
+
       const subExecutor = new Executor({
         workflow: childWorkflow.serializedState,
         workflowInput: childWorkflowInput,
@@ -181,7 +190,7 @@ export class WorkflowBlockHandler implements BlockHandler {
           userId: ctx.userId,
           executionId: ctx.executionId,
           abortSignal: ctx.abortSignal,
-          callChain: buildNextCallChain(ctx.callChain || [], workflowId),
+          callChain: childCallChain,
           ...(shouldPropagateCallbacks && {
             onBlockStart: ctx.onBlockStart,
             onBlockComplete: ctx.onBlockComplete,

apps/sim/lib/execution/__tests__/call-chain.test.ts

@@ -74,48 +74,28 @@ describe('call-chain', () => {
 
   describe('validateCallChain', () => {
     it('returns null for an empty chain', () => {
-      expect(validateCallChain([], 'wf-a')).toBeNull()
+      expect(validateCallChain([])).toBeNull()
     })
 
-    it('returns null when workflow is not in chain', () => {
-      expect(validateCallChain(['wf-a', 'wf-b'], 'wf-c')).toBeNull()
+    it('returns null when chain is under max depth', () => {
+      expect(validateCallChain(['wf-a', 'wf-b'])).toBeNull()
     })
 
-    it('detects direct self-call (A → A)', () => {
-      const error = validateCallChain(['wf-a'], 'wf-a')
-      expect(error).toContain('Workflow cycle detected')
-      expect(error).toContain('wf-a → wf-a')
-    })
-
-    it('detects indirect cycle (A → B → A)', () => {
-      const error = validateCallChain(['wf-a', 'wf-b'], 'wf-a')
-      expect(error).toContain('Workflow cycle detected')
-      expect(error).toContain('wf-a → wf-b → wf-a')
-    })
-
-    it('detects cycle mid-chain (A → B → C → B)', () => {
-      const error = validateCallChain(['wf-a', 'wf-b', 'wf-c'], 'wf-b')
-      expect(error).toContain('Workflow cycle detected')
-      expect(error).toContain('wf-a → wf-b → wf-c → wf-b')
+    it('allows legitimate self-recursion', () => {
+      expect(validateCallChain(['wf-a', 'wf-a', 'wf-a'])).toBeNull()
     })
 
     it('returns depth error when chain is at max depth', () => {
       const chain = Array.from({ length: MAX_CALL_CHAIN_DEPTH }, (_, i) => `wf-${i}`)
-      const error = validateCallChain(chain, 'wf-new')
+      const error = validateCallChain(chain)
       expect(error).toContain(
         `Maximum workflow call chain depth (${MAX_CALL_CHAIN_DEPTH}) exceeded`
       )
     })
 
     it('allows chain just under max depth', () => {
       const chain = Array.from({ length: MAX_CALL_CHAIN_DEPTH - 1 }, (_, i) => `wf-${i}`)
-      expect(validateCallChain(chain, 'wf-new')).toBeNull()
-    })
-
-    it('prioritizes cycle detection over depth check', () => {
-      const chain = Array.from({ length: MAX_CALL_CHAIN_DEPTH }, (_, i) => `wf-${i}`)
-      const error = validateCallChain(chain, 'wf-0')
-      expect(error).toContain('Workflow cycle detected')
+      expect(validateCallChain(chain)).toBeNull()
     })
   })
 

apps/sim/lib/execution/call-chain.ts

@@ -1,9 +1,9 @@
 /**
  * Workflow call chain detection using the Via-style pattern.
  *
- * Prevents infinite execution loops when workflows call themselves (directly or
- * indirectly) via API or MCP endpoints. Each hop appends the current workflow ID
- * to the `X-Sim-Via` header; on ingress the chain is checked for cycles and depth.
+ * Prevents infinite execution loops when workflows call each other via API or
+ * MCP endpoints. Each hop appends the current workflow ID to the `X-Sim-Via`
+ * header; on ingress the chain is checked for depth.
  */
 
 export const SIM_VIA_HEADER = 'X-Sim-Via'
@@ -31,16 +31,11 @@ export function serializeCallChain(chain: string[]): string {
 }
 
 /**
- * Validates that appending `workflowId` to `chain` would not create a cycle
- * or exceed the maximum depth. Returns an error message string if invalid,
- * or `null` if the chain is safe to extend.
+ * Validates that the call chain has not exceeded the maximum depth.
+ * Returns an error message string if invalid, or `null` if the chain is
+ * safe to extend.
  */
-export function validateCallChain(chain: string[], workflowId: string): string | null {
-  if (chain.includes(workflowId)) {
-    const cycleVisualization = [...chain, workflowId].join(' → ')
-    return `Workflow cycle detected: ${cycleVisualization}. A workflow cannot call itself directly or indirectly.`
-  }
-
+export function validateCallChain(chain: string[]): string | null {
   if (chain.length >= MAX_CALL_CHAIN_DEPTH) {
     return `Maximum workflow call chain depth (${MAX_CALL_CHAIN_DEPTH}) exceeded.`
   }

apps/sim/tools/http/request.ts

@@ -69,8 +69,7 @@ export const requestTool: ToolConfig<RequestParams, RequestResponse> = {
     headers: (params: RequestParams) => {
       const headers = transformTable(params.headers || null)
       const processedUrl = processUrl(params.url, params.pathParams, params.params)
-      const callChain = (params as any)._context?.callChain as string[] | undefined
-      const allHeaders = getDefaultHeaders(headers, processedUrl, callChain)
+      const allHeaders = getDefaultHeaders(headers, processedUrl)
 
       // Set appropriate Content-Type only if not already specified by user
       if (params.formData) {

apps/sim/tools/http/utils.ts

@@ -1,19 +1,16 @@
 import { getBaseUrl } from '@/lib/core/utils/urls'
-import { SIM_VIA_HEADER, serializeCallChain } from '@/lib/execution/call-chain'
 import { transformTable } from '@/tools/shared/table'
 import type { TableRow } from '@/tools/types'
 
 /**
  * Creates a set of default headers used in HTTP requests
  * @param customHeaders Additional user-provided headers to include
  * @param url Target URL for the request (used for setting Host header)
- * @param callChain Optional workflow call chain for cycle detection
  * @returns Record of HTTP headers
  */
 export const getDefaultHeaders = (
   customHeaders: Record<string, string> = {},
-  url?: string,
-  callChain?: string[]
+  url?: string
 ): Record<string, string> => {
   const headers: Record<string, string> = {
     'User-Agent':
@@ -40,10 +37,6 @@ export const getDefaultHeaders = (
     }
   }
 
-  if (callChain && callChain.length > 0) {
-    headers[SIM_VIA_HEADER] = serializeCallChain(callChain)
-  }
-
   return headers
 }
 

apps/sim/tools/index.ts

@@ -7,6 +7,7 @@ import {
 } from '@/lib/core/security/input-validation.server'
 import { generateRequestId } from '@/lib/core/utils/request'
 import { getBaseUrl, getInternalApiBaseUrl } from '@/lib/core/utils/urls'
+import { SIM_VIA_HEADER, serializeCallChain } from '@/lib/execution/call-chain'
 import { parseMcpToolId } from '@/lib/mcp/utils'
 import { isCustomTool, isMcpTool } from '@/executor/constants'
 import { resolveSkillContent } from '@/executor/handlers/agent/skills-resolver'
@@ -674,6 +675,13 @@ async function executeToolRequest(
     const headers = new Headers(requestParams.headers)
     await addInternalAuthIfNeeded(headers, isInternalRoute, requestId, toolId)
 
+    if (isInternalRoute) {
+      const callChain = params._context?.callChain as string[] | undefined
+      if (callChain && callChain.length > 0) {
+        headers.set(SIM_VIA_HEADER, serializeCallChain(callChain))
+      }
+    }
+
     // Check request body size before sending to detect potential size limit issues
     validateRequestBodySize(requestParams.body, requestId, toolId)