improvement(tables): allow any printable characters in column display names#5580
improvement(tables): allow any printable characters in column display names#5580TheodoreSpeaks wants to merge 1 commit into
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
PR SummaryMedium Risk Overview Validation is centralized on Imports and naming: CSV/JSON use API/UI: OpenAPI drops the column-name regex; column routes map id conflict errors to 400; CSV import dialog skip/create sentinels use NUL-prefixed values; column rename inputs get Reviewed by Cursor Bugbot for commit ee12cc3. Bugbot is set up for automated code reviews on this repo. Configure here. |
|
@greptile review |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes using default effort and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit ee12cc3. Configure here.
| assertNewOutputColumns( | ||
| (data.newOutputColumns ?? []).map((c) => c.name), | ||
| schema | ||
| ) |
There was a problem hiding this comment.
Group update blocks freed names
Medium Severity
assertNewOutputColumns runs against the full pre-update column list before the output diff removes columns. Saving a workflow group that drops an output and adds a new one whose derived display name matches the removed column fails with an “already exists” style error even though that name would be free after the same update.
Reviewed by Cursor Bugbot for commit ee12cc3. Configure here.
Greptile SummaryThis PR broadens table column display names while keeping storage keys strict. The main changes are:
Confidence Score: 4/5The changed table-name flow looks mergeable after fixing two contained edge cases.
apps/sim/lib/table/column-keys.ts and apps/sim/lib/table/workflow-groups/service.ts Important Files Changed
Reviews (1): Last reviewed commit: "improvement(tables): allow any printable..." | Re-trigger Greptile |
| name: string, | ||
| excludeIndex = -1 | ||
| ): boolean { | ||
| return columns.some((c, i) => i !== excludeIndex && getColumnId(c) === name) |
There was a problem hiding this comment.
A display name like COL_ABC passes this check when another column's storage id is col_abc, but later name-based resolvers compare display names case-insensitively. If an API caller uses COL_ABC as a filter, sort, or upsert conflict target, it can resolve to the column whose name lowercases to col_abc instead of the intended new column.
| return columns.some((c, i) => i !== excludeIndex && getColumnId(c) === name) | |
| const lower = name.toLowerCase() | |
| return columns.some((c, i) => i !== excludeIndex && getColumnId(c).toLowerCase() === lower) |
Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!
| assertNewOutputColumns( | ||
| (data.newOutputColumns ?? []).map((c) => c.name), | ||
| schema |
There was a problem hiding this comment.
Removed Output Name Stays Taken
This validates new output column names against the pre-update schema, so replacing an output while keeping the same display name is rejected before the old output is removed. A workflow edit that removes output score and adds a new output named score throws Column "score" already exists, even though the final schema would contain only the new column.
Greptile SummaryThis PR relaxes table column display names while keeping storage ids strict. The main changes are:
Confidence Score: 4/5The workflow-group update path needs a fix before merging.
apps/sim/lib/table/workflow-groups/service.ts Important Files Changed
Reviews (2): Last reviewed commit: "improvement(tables): allow any printable..." | Re-trigger Greptile |
| assertNewOutputColumns( | ||
| (data.newOutputColumns ?? []).map((c) => c.name), | ||
| schema | ||
| ) |
There was a problem hiding this comment.
When a group update removes an existing output column and adds a new output with the same display name in the same request, this validation still checks against the pre-update schema. The request is rejected as a duplicate even though the later removal would leave a valid final schema with only one column by that name.


Summary
^[a-z_][a-z0-9_]*$) dated from when names were the JSONB storage keys; since the stable-column-id refactor names are metadata-only, so only ids/table names keep the strict pattern (still the SQL injection guard)COLUMN_NAME_PATTERNrejects control/invisible characters (\p{C}), leading/trailing whitespace, and leading$(filter-grammar collision); one shared write-time validator (assertValidNewColumnName) covers pattern/length/ci-uniqueness/id-shadowing across every column-creating path, includingupdateWorkflowGroup.newOutputColumnswhich previously validated nothingsanitizeColumnName+ claim-styleuniqueColumnNamereplace three divergent dedupe loops; async create-mode import now validates the inferred schema (previously persisted invalid schemas unchecked)Type of Change
Testing
1236 tests pass across table/import/contract/copilot suites (new coverage for the pattern, sanitizers, ci translation, and id-shadow guard);
bun run lint,check:api-validation:strictpass; tsc cleanKnown limitation (pre-existing resolver behavior, now more visible): workflow tag references can't address column names containing spaces/dots — referencing the parent object in a function block works.
Checklist