feat(tools): added typeform form submission trigger, added 4 new tools to complete CRUD typeform tools #1818
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…s to complete CRUD typeform tools
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 22154369 | Triggered | Generic High Entropy Secret | c142653 | apps/sim/triggers/typeform/webhook.ts | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secret safely. Learn here the best practices.
- Revoke and rotate this secret.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
|
The latest updates on your projects. Learn more about Vercel for GitHub. |
Contributor
There was a problem hiding this comment.
Greptile Overview
Greptile Summary
Completes the Typeform integration by adding a form submission webhook trigger and 5 CRUD tools (list, get, create, update, delete forms).
Key Changes:
- Webhook Trigger: Automatic webhook registration with Typeform API, HMAC-SHA256 signature verification, and comprehensive payload formatting
- CRUD Tools: Full form lifecycle management following Typeform API patterns (JSON Patch for updates, proper HTTP methods)
- Security: Implements constant-time comparison for signature validation and allows users to disable verification if needed
- Integration: Properly integrated into webhook lifecycle (creation in route.ts, verification in processor.ts, cleanup in webhook-helpers.ts)
- Documentation: Complete MDX documentation with all parameters and examples
Implementation Quality:
- Follows established patterns from other integrations (Airtable, Teams, Telegram)
- Proper error handling with user-friendly messages
- Type-safe implementation with comprehensive TypeScript interfaces
- Consistent logging throughout the webhook lifecycle
Confidence Score: 5/5
- This PR is safe to merge with minimal risk
- The implementation follows established patterns from other integrations, includes proper security measures (HMAC signature verification with constant-time comparison), has comprehensive error handling, and all new tools are properly typed and registered. The code is well-structured and maintains consistency with the existing codebase.
- No files require special attention
Important Files Changed
File Analysis
| Filename | Score | Overview |
|---|---|---|
| apps/sim/triggers/typeform/webhook.ts | 5/5 | New Typeform webhook trigger with comprehensive configuration and sample payload |
| apps/sim/tools/typeform/create_form.ts | 5/5 | New tool for creating Typeform forms with proper workspace and theme handling |
| apps/sim/lib/webhooks/webhook-helpers.ts | 5/5 | Webhook creation/deletion helpers with proper error handling and logging |
| apps/sim/lib/webhooks/utils.server.ts | 5/5 | Webhook payload formatting and HMAC-SHA256 signature validation implementation |
| apps/sim/lib/webhooks/processor.ts | 5/5 | Added Typeform signature verification in webhook processor with proper auth flow |
| apps/sim/blocks/blocks/typeform.ts | 5/5 | Extended block config with new CRUD operations and trigger support |
Sequence Diagram
sequenceDiagram
participant User
participant SimUI as Sim UI
participant WebhookAPI as Webhook API Route
participant TypeformAPI as Typeform API
participant WebhookProcessor as Webhook Processor
participant Workflow
Note over User,Workflow: Setup Phase
User->>SimUI: Configure Typeform Trigger
SimUI->>WebhookAPI: POST /api/webhooks (formId, apiKey, secret)
WebhookAPI->>TypeformAPI: PUT /forms/{formId}/webhooks/{tag}
TypeformAPI-->>WebhookAPI: Webhook Created
WebhookAPI->>WebhookAPI: Save to Database (with webhookTag)
WebhookAPI-->>SimUI: Success
Note over User,Workflow: Runtime Phase - Form Submission
User->>TypeformAPI: Submit Form
TypeformAPI->>WebhookProcessor: POST /webhooks/{path} + Typeform-Signature header
WebhookProcessor->>WebhookProcessor: Verify HMAC-SHA256 Signature
WebhookProcessor->>WebhookProcessor: Format Payload (event_id, answers, etc.)
WebhookProcessor->>Workflow: Trigger Workflow with Form Response
Workflow-->>User: Process Submission
Note over User,Workflow: CRUD Operations
User->>SimUI: Use Typeform Tools (list/get/create/update/delete)
SimUI->>TypeformAPI: API Request with Bearer Token
TypeformAPI-->>SimUI: Response
SimUI-->>User: Display Result
17 files reviewed, no comments
Collaborator
Author
Contributor
There was a problem hiding this comment.
Greptile Overview
Greptile Summary
This PR adds comprehensive Typeform integration including a webhook trigger for form submissions and 5 new CRUD tools (list, get, create, update, delete forms). The implementation includes proper webhook signature verification using HMAC SHA-256 and introduces a new environment variable resolution system for webhook configurations.
Key changes:
- Added Typeform webhook trigger with automatic registration via Typeform API
- Implemented 5 new Typeform tools to complete CRUD operations on forms
- Created new
env-resolver.tsutility to resolve{{VAR_NAME}}references in webhook configs - Added signature verification for Typeform webhooks using timing-safe comparison
- Updated webhook API routes to resolve environment variables on creation and updates
- Fixed workflow UI to properly handle trigger mode blocks
Issues found:
- Critical bug in webhook tag storage - tag is saved to
finalProviderConfiginstead ofresolvedProviderConfig, causing the tag to not persist to database - Unrelated ElevenLabs documentation change included in PR
Confidence Score: 3/5
- Not safe to merge without fixing the webhook tag storage bug
- The PR contains a critical logic bug where the Typeform webhook tag is stored in the wrong configuration object, which will prevent webhook deletion from working correctly. The rest of the implementation is solid with proper security measures, but this bug will cause runtime issues when users try to update or delete Typeform webhooks.
- apps/sim/app/api/webhooks/route.ts requires immediate attention to fix webhook tag storage bug on line 367-370
Important Files Changed
File Analysis
| Filename | Score | Overview |
|---|---|---|
| apps/sim/app/api/webhooks/route.ts | 3/5 | Added Typeform webhook creation logic and env var resolution - contains critical bug where webhookTag stored in wrong config object |
| apps/sim/blocks/blocks/typeform.ts | 5/5 | Added 5 new CRUD operations and webhook trigger support with proper field configs and JSON parsing |
| apps/sim/lib/webhooks/env-resolver.ts | 5/5 | New utility to recursively resolve env var references in webhook configs - clean implementation |
| apps/sim/lib/webhooks/webhook-helpers.ts | 5/5 | Added Typeform webhook creation/deletion functions with proper error handling and user-friendly messages |
| apps/sim/triggers/typeform/webhook.ts | 5/5 | New Typeform webhook trigger with comprehensive config, outputs, and sample payload |
Sequence Diagram
sequenceDiagram
participant User
participant UI as Workflow UI
participant API as POST /api/webhooks
participant EnvResolver as env-resolver.ts
participant TypeformHelper as webhook-helpers.ts
participant TypeformAPI as Typeform API
participant DB as Database
User->>UI: Configure Typeform trigger
User->>UI: Enter formId, apiKey, secret
UI->>API: POST webhook config
Note over API: Resolve env vars in config
API->>EnvResolver: resolveEnvVarsInObject(config)
EnvResolver->>EnvResolver: Recursively resolve {{VAR_NAME}}
EnvResolver-->>API: resolvedProviderConfig
Note over API: Create external webhook
API->>TypeformHelper: createTypeformWebhook(webhook)
TypeformHelper->>TypeformAPI: PUT /forms/{formId}/webhooks/{tag}
Note over TypeformAPI: Register webhook with<br/>notificationUrl and secret
TypeformAPI-->>TypeformHelper: Webhook created
TypeformHelper-->>API: Return webhookTag
Note over API: BUG: Tag stored in wrong config
API->>API: finalProviderConfig.webhookTag = tag
Note over API: Should use resolvedProviderConfig
API->>DB: Save webhook with resolvedProviderConfig
DB-->>API: Webhook saved
API-->>UI: Success
Note over TypeformAPI,DB: Later: Form submission occurs
TypeformAPI->>API: POST /api/webhooks/trigger/{path}
Note over TypeformAPI: Includes Typeform-Signature header
API->>API: verifyProviderAuth()
API->>API: validateTypeformSignature(secret, signature)
Note over API: Timing-safe HMAC comparison
alt Signature valid
API->>API: formatWebhookInput()
API->>API: Trigger workflow execution
API-->>TypeformAPI: 200 OK
else Signature invalid
API-->>TypeformAPI: 401 Unauthorized
end
11 files reviewed, 2 comments
Collaborator
Author
Contributor
There was a problem hiding this comment.
Greptile Overview
Greptile Summary
This PR adds comprehensive Typeform integration including a webhook trigger and 4 CRUD tools (create_form, get_form, update_form, delete_form, list_forms). The implementation follows established patterns from existing webhook providers (Airtable, Webflow, Teams, Telegram).
Key Changes:
- Environment Variable Resolution: Added
env-resolver.tsutility to resolve{{VAR_NAME}}references in webhook configurations before saving to database, allowing secure credential management - Typeform Webhook Lifecycle: Implements complete webhook registration/deletion flow using Typeform's API with tag-based webhook identification
- Security: HMAC SHA-256 signature verification with timing-safe comparison to prevent webhook spoofing
- Error Handling: User-friendly error messages for common failures (invalid token, missing PRO account, form not found)
- Consistent Pattern: Webhook creation happens before database save to prevent orphaned records, with proper cleanup on failure
Previous Comment Resolution:
The previous comment about storing webhookTag in finalProviderConfig was already addressed - the code correctly stores it in resolvedProviderConfig at line 368.
Documentation:
Updated Typeform docs with comprehensive tool examples and added detailed setup instructions in the trigger UI.
Confidence Score: 5/5
- This PR is safe to merge - implements a complete, well-tested feature following established patterns
- The implementation follows existing webhook provider patterns exactly (Airtable, Webflow, Teams, Telegram). Environment variable resolution is correctly applied in both POST and PATCH endpoints. Security is properly handled with HMAC signature verification using timing-safe comparison. Error handling provides clear user feedback. The code was manually tested and addresses previous review comments.
- No files require special attention
Important Files Changed
File Analysis
| Filename | Score | Overview |
|---|---|---|
| apps/sim/app/api/webhooks/route.ts | 5/5 | Added Typeform webhook creation flow with env var resolution and proper error handling - follows existing patterns for Airtable/Webflow |
| apps/sim/lib/webhooks/env-resolver.ts | 5/5 | New utility for resolving environment variable references in webhook configs - clean implementation with proper error handling |
| apps/sim/lib/webhooks/webhook-helpers.ts | 5/5 | Added Typeform webhook CRUD operations with proper error messages and cleanup logic |
| apps/sim/lib/webhooks/processor.ts | 5/5 | Added Typeform signature verification using HMAC SHA-256 for webhook security |
| apps/sim/lib/webhooks/utils.server.ts | 5/5 | Added Typeform webhook payload formatting and signature validation with timing-safe comparison |
Sequence Diagram
sequenceDiagram
participant User
participant Frontend
participant POST /api/webhooks
participant EnvResolver
participant TypeformAPI
participant Database
participant Typeform
User->>Frontend: Configure Typeform trigger
Frontend->>POST /api/webhooks: POST {workflowId, provider: 'typeform', providerConfig}
POST /api/webhooks->>Database: Verify workflow permissions
Database-->>POST /api/webhooks: Workflow data
POST /api/webhooks->>EnvResolver: resolveEnvVarsInObject(providerConfig, userId, workspaceId)
EnvResolver->>Database: Fetch environment variables
Database-->>EnvResolver: User/workspace env vars
EnvResolver-->>POST /api/webhooks: resolvedProviderConfig
POST /api/webhooks->>TypeformAPI: createTypeformWebhook(request, webhookData, requestId)
TypeformAPI->>Typeform: PUT /forms/{formId}/webhooks/{tag}
alt Webhook creation successful
Typeform-->>TypeformAPI: 200 OK {id, tag}
TypeformAPI-->>POST /api/webhooks: webhookTag
POST /api/webhooks->>POST /api/webhooks: Store tag in resolvedProviderConfig
POST /api/webhooks->>Database: INSERT/UPDATE webhook with resolvedProviderConfig
Database-->>POST /api/webhooks: Saved webhook
POST /api/webhooks-->>Frontend: 201 Created {webhook}
Frontend-->>User: Success message
else Webhook creation failed
Typeform-->>TypeformAPI: 4xx/5xx Error
TypeformAPI-->>POST /api/webhooks: Error with user-friendly message
POST /api/webhooks-->>Frontend: 500 Error
Frontend-->>User: Error message
end
Note over Typeform,POST /api/webhooks: Later: Form submission
Typeform->>POST /api/webhooks: POST /api/webhooks/trigger/{path}<br/>(Typeform-Signature header)
POST /api/webhooks->>POST /api/webhooks: verifyProviderAuth() - validate signature
POST /api/webhooks->>POST /api/webhooks: formatWebhookInput() - parse payload
POST /api/webhooks->>Database: Trigger workflow execution
1 file reviewed, no comments
10 tasks
waleedlatif1
added a commit
that referenced
this pull request
Nov 7, 2025
…s to complete CRUD typeform tools (#1818) * feat(tools): added typeform form submission trigger, added 4 new tools to complete CRUD typeform tools * resolve envvars in trigger configuration upon save, tested typeform * updated docs * ack PR comments
waleedlatif1
added a commit
that referenced
this pull request
Nov 12, 2025
…s to complete CRUD typeform tools (#1818) * feat(tools): added typeform form submission trigger, added 4 new tools to complete CRUD typeform tools * resolve envvars in trigger configuration upon save, tested typeform * updated docs * ack PR comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Type of Change
Testing
Tested manually
Checklist