The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
docs	Skipped		Apr 18, 2026 3:11am

PR Summary

Medium Risk
Changes how function-block code templates resolve block output references and how those values are passed into the execution VM, which could affect runtime behavior if variable precedence or serialization differs from the prior inline-literal approach.

Overview
Function block code no longer inlines referenced block outputs as large literals; those references are replaced with stable __blockRef_N identifiers and the actual values are accumulated into a contextVariables map during input resolution.

The executor now carries these pre-resolved context vars through block execution (hidden from logs) and the function execution tool/API route accept and merge them (including for shell), injecting them as VM globals/envs at runtime to avoid oversized serialized inputs while preserving execution semantics.

^{Reviewed by Cursor Bugbot for commit 2783606. Bugbot is set up for automated code reviews on this repo. Configure here.}

Greptile Summary

This PR fixes a display bug where embedding large block outputs as JavaScript literals in function block code caused the inputs panel to appear truncated or replaced with { __simTruncated: true }. Block output references (<BlockA.result>) are now resolved to named context variables (__blockRef_N) that are passed to the isolated VM as globals, keeping the serialized code string small while leaving execution results unchanged.

Confidence Score: 5/5

Safe to merge — the fix is logically sound, execution results are unchanged, and the only finding is a duplicate dead-code interface declaration.

All findings are P2 (style/cleanup). The core logic — replacing block output references with named context variables, passing them through the tool/route pipeline, and injecting them as VM globals — is correct and non-overlapping with the route's own variable naming schemes.

apps/sim/tools/function/types.ts — accidental duplicate CodeExecutionOutput interface should be removed before merging to keep the type file clean.

Important Files Changed

Sequence Diagram

sequenceDiagram
    participant Executor as BlockExecutor
    participant Resolver as VariableResolver
    participant Handler as FunctionBlockHandler
    participant Tool as functionExecuteTool
    participant Route as /api/function/execute
    participant VM as IsolatedVM

    Executor->>Resolver: resolveInputsForFunctionBlock(params)
    Resolver->>Resolver: resolveCodeWithContextVars(code)
    Note over Resolver: replaces BlockA.result ref with __blockRef_0 and stores value
    Resolver-->>Executor: resolvedInputs plus contextVariables
    Executor->>Handler: execute(inputs)
    Handler->>Handler: extract inputs[_runtimeContextVars]
    Handler->>Tool: executeTool with code and contextVariables
    Tool->>Route: POST with code, contextVariables, blockData
    Route->>Route: resolveCodeVariables(code)
    Route->>Route: merge codeResolution.contextVariables with preResolvedContextVariables
    Route->>VM: executeInIsolatedVM(code, contextVariables)
    VM->>VM: global.__blockRef_0 = value
    VM-->>Route: result

_{Reviews (1): Last reviewed commit: "fix: use context variables for block out..." | Re-trigger Greptile}

⚠️ GitGuardian has uncovered 1 secret following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

Since your pull request originates from a forked repository, GitGuardian is not able to associate the secrets uncovered with secret incidents on your GitGuardian dashboard.
Skipping this check run and merging your pull request will create secret incidents on your GitGuardian dashboard.

^{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}

@octo-patch please address the automated PR comments and then I can review this. If they are not relevant, please leave a comment there and mark them as resolved.

Someone is attempting to deploy a commit to the Sim Team on Vercel.

A member of the Team first needs to authorize it.

@icecrasher321 Thanks for the review. I have pushed a follow-up commit addressing the bot comments:

• Cursor (medium): Shell language loses pre-resolved context variables. Fixed. The Shell branch in apps/sim/app/api/function/execute/route.ts now seeds contextVariables from preResolvedContextVariables so the executor-supplied __blockRef_N values are exposed as shell env vars and referenced block outputs are not undefined at runtime.

• Cursor (low) + Greptile (P2): Duplicate CodeExecutionOutput interface in apps/sim/tools/function/types.ts. Fixed. Removed the duplicate declaration.

• Greptile (P2): Repeated context variable allocation for duplicate block references. Addressed. resolveCodeWithContextVars now deduplicates by the matched reference string so identical <BlockA.result> occurrences share a single __blockRef_N slot and the payload value is not duplicated across the wire.

• GitGuardian: Generic high-entropy secret in apps/sim/providers/utils.test.ts. Not relevant to this PR. The flagged commit a54dcbe is not part of this PR; the diff for this branch does not touch apps/sim/providers/utils.test.ts. The match looks like a pre-existing test fixture.

Existing tests still pass: app/api/function/execute/route.test.ts (30/30) and executor/variables/ suite (196/196).