feat: Integrations catalog

[openint-bot]

CodeAnt-AI Description

• Added a new listConnectorIntegrations endpoint to the integrationRouter, enabling clients to retrieve a list of integrations for a specified connector, with OpenAPI documentation and robust input/output validation.
• Implemented logic to handle connectors both with and without a listIntegrations method, ensuring consistent API responses.
• Created comprehensive tests for the new endpoint, verifying correct behavior and response structure for the 'google-drive' connector.

This PR introduces a new API endpoint for listing connector integrations, complete with OpenAPI metadata and validation. It also adds thorough tests to ensure the endpoint works as intended, improving the API's extensibility and reliability.

---

Changes walkthrough

	Relevant files
Enhancement	integration.ts Add listConnectorIntegrations endpoint to integrationRouter with OpenAPI metadata packages/api-v1/trpc/routers/integration.ts Introduced a new integrationRouter with a listConnectorIntegrations endpoint. Added OpenAPI metadata for the new endpoint, including method, path, description, and summary. Implemented logic to list integrations for a given connector, handling both connectors with and without a listIntegrations method. Defined input and output schemas using Zod for type safety and validation. +61/-0
Tests	integration.test.ts Add tests for listConnectorIntegrations endpoint in integrationRouter packages/api-v1/trpc/routers/integration.test.ts Added a test suite for the new listConnectorIntegrations endpoint. Tested the endpoint for the 'google-drive' connector, verifying response structure and content. Utilized database test utilities and mocked viewer context for endpoint calls. +30/-0

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

[linear]

OINT-1291

[prophet-code-review-bot]

Bug Report

Name	Severity	Example test case	Description
Unhandled exception in listConnectorIntegrations endpoint	Medium	Create a connector server implementation where the listIntegrations method throws an error. Call the listConnectorIntegrations endpoint for that connector. Observe that the tRPC query fails and the error is propagated to the client.	The listConnectorIntegrations endpoint does not handle exceptions that might occur during the connector.listIntegrations({}) call. This can lead to unhandled exceptions, exposing internal implementation details to the client and potentially crashing the client application. It should be wrapped in a try/catch block to handle errors gracefully and return a more informative error message to the client.

_{Comments? Email us.}

[cubic-dev-ai]

Your mrge subscription is currently inactive. Please reactivate your subscription to receive AI reviews and use mrge.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
v1	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	May 9, 2025 0:34am

[recurseml]

Unsafe object access in the listIntegrations response handling. The code assumes res.items exists and is an array without validation. If the response is malformed or res.items is undefined, this will cause a runtime error. Should add proper type validation and error handling for the response.

---

React with 👍 to tell me that this comment was useful, or 👎 if not (and I'll stop posting more comments like this in the future)

[recurseml]

😱 Found 1 issue. Time to roll up your sleeves! 😱

🗒️ View all ignored comments in this repo

• This export statement is redundant as it appears both in the diff and original source code. Adding it again will cause a duplicate export error. The line should be removed since it already exists in the source code.
• Passing a Promise directly to a React component prop is incorrect. The Promise should be resolved before rendering. Either await the result before passing to the component, or use a proper data fetching pattern like React Query or SWR
• Similar to the first bug, this prop is also passing a Promise directly without awaiting it. The API call api.listConnectors() should be awaited before passing the data. Should use 'await' before the API call.

[codeant-ai]

Pull Request Feedback 🔍

🔒 No security issues identified

⚡ Recommended areas for review Test Timeout A 15-minute timeout is set on line 10. Consider reducing it or adding a comment to clarify why such a long timeout is necessary, as long timeouts can mask performance issues. Fallback Behavior When a connector does not implement listIntegrations, a default integration is returned (lines 39–49). Please confirm that this fallback behavior is intentional and well-documented, so consumers aren’t unintentionally misled. Type Casting The forced cast of the connector using as unknown as ConnectorServer (lines 35–37) may hide underlying type issues. Consider enhancing the type handling or adding runtime validations to ensure robustness. Test Coverage The test currently exercises the default branch. It would be beneficial to add tests covering scenarios when a connector implements listIntegrations, including multiple integrations and potential error states.

[codeant-ai]

Looks good to me!

[prophet-code-review-bot]

Bug Report

Name	Severity	Example test case	Description
Plaid Integration Pagination Bug	High	Call the listConnectorIntegrations endpoint for Plaid. If there are more than 50 institutions, only the first 50 will be returned.	The listIntegrations function in connectors/connector-plaid/server.ts does not implement pagination for the /institutions/get endpoint. It only retrieves the first 50 institutions.
Plaid Integration Missing Error Handling	Medium	Call the listConnectorIntegrations endpoint for Plaid with invalid credentials or when the Plaid API is unavailable.	The listIntegrations function in connectors/connector-plaid/server.ts does not have explicit error handling. If the Plaid API call fails, the code will throw an error, which might not be handled gracefully by the API endpoint.

_{Comments? Email us.}

[prophet-code-review-bot]

Bug Report

Name	Severity	Example test case	Description
Hardcoded Plaid Environment	High	Run the application in a development environment.	The Plaid connector's environment is hardcoded to 'production', which prevents testing with the sandbox environment and could lead to unintended use of production credentials.

_{Comments? Email us.}

[prophet-code-review-bot]

Bug Report

Plaid Connector: Limited Country Code Support|Medium|When listing plaid integrations only US institutions are listed.|The listIntegrations function in connectors/connector-plaid/server.ts only fetches institutions from the US due to commented-out country codes in the /institutions/get endpoint call. This limits the functionality of the integration for users in other countries. To fix this, uncomment the other country codes.

_{Comments? Email us.}

[prophet-code-review-bot]

Bug Report

Name	Severity	Example test case	Description
Plaid integration uses production credentials in all environments	Critical	Run the integration page in a development environment.	The listIntegrations method in connectors/connector-plaid/server.ts always sets the env variable to 'production', causing it to use production credentials regardless of the actual environment.

_{Comments? Email us.}

[prophet-code-review-bot]

Bug Report

Name	Severity	Example test case	Description
Missing Environment Variable Handling in Plaid Connector	Medium	Deploy the application without setting the int_plaid__CLIENT_ID and int_plaid__CLIENT_SECRET_PRODUCTION environment variables, and access the /connector/plaid/integrations endpoint.	The getPlatformConfig function in connectors/connector-plaid/PlaidClient.ts does not handle the case where the required environment variables (int_plaid__CLIENT_ID, int_plaid__CLIENT_SECRET_SANDBOX, int_plaid__CLIENT_SECRET_DEVELOPMENT, int_plaid__CLIENT_SECRET_PRODUCTION) are not set. This will cause createEnv to throw an error, crashing the application or causing unexpected behavior when listing Plaid integrations. To fix this, the getPlatformConfig function should check if the environment variables are set and return an error or a default value if they are not.

_{Comments? Email us.}

[prophet-code-review-bot]

Bug Report

Name	Severity	Example test case	Description
Plaid API Injection Vulnerability in listConnectorIntegrations endpoint	High	Send a crafted search_text query to the listConnectorIntegrations endpoint for the Plaid connector. For example, a string like " OR 1=1" or similar SQL-like injection payloads.	The search_text parameter in the listConnectorIntegrations endpoint is not properly sanitized before being passed to the Plaid /institutions/search API. This could allow an attacker to perform a Plaid API Injection attack, potentially accessing sensitive institution data or causing denial-of-service.

_{Comments? Email us.}