fix(ashby): gate offerApplicationId mapping by operation

waleedlatif1 · claude · waleedlatif1 · commit 89f6f0e9990f · 2026-04-29T17:22:24.000-07:00
Same shared-target hazard as the prior fix: offerApplicationId maps to
result.applicationId without an operation guard, so a stale value from
list_offers could overwrite the active applicationId on get_application,
change_application_stage, or list_interviews.

Co-Authored-By: Claude Opus 4.7 &lt;noreply@anthropic.com&gt;
diff --git a/apps/sim/app/api/tools/confluence/comment/route.ts b/apps/sim/app/api/tools/confluence/comment/route.ts
@@ -177,24 +177,53 @@ export const DELETE = withRouteHandler(async (request: NextRequest) => {
 
     const apiBase = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2`
 
-    let response = await fetch(`${apiBase}/footer-comments/${commentId}`, {
-      method: 'DELETE',
+    // Detect comment type with a non-destructive GET so a 404 from a prior
+    // deletion isn't masked by a second DELETE attempt against the wrong endpoint.
+    let commentEndpoint = 'footer-comments'
+    let detectResponse = await fetch(`${apiBase}/footer-comments/${commentId}`, {
       headers: {
         Accept: 'application/json',
         Authorization: `Bearer ${accessToken}`,
       },
     })
 
-    if (response.status === 404) {
-      response = await fetch(`${apiBase}/inline-comments/${commentId}`, {
-        method: 'DELETE',
+    if (detectResponse.status === 404) {
+      commentEndpoint = 'inline-comments'
+      detectResponse = await fetch(`${apiBase}/inline-comments/${commentId}`, {
         headers: {
           Accept: 'application/json',
           Authorization: `Bearer ${accessToken}`,
         },
       })
     }
 
+    if (!detectResponse.ok) {
+      const errorText = await detectResponse.text()
+      logger.error('Confluence API error response:', {
+        status: detectResponse.status,
+        statusText: detectResponse.statusText,
+        error: errorText,
+      })
+      return NextResponse.json(
+        {
+          error: parseAtlassianErrorMessage(
+            detectResponse.status,
+            detectResponse.statusText,
+            errorText
+          ),
+        },
+        { status: detectResponse.status }
+      )
+    }
+
+    const response = await fetch(`${apiBase}/${commentEndpoint}/${commentId}`, {
+      method: 'DELETE',
+      headers: {
+        Accept: 'application/json',
+        Authorization: `Bearer ${accessToken}`,
+      },
+    })
+
     if (!response.ok) {
       const errorText = await response.text()
       logger.error('Confluence API error response:', {
diff --git a/apps/sim/blocks/blocks/ashby.ts b/apps/sim/blocks/blocks/ashby.ts
@@ -767,7 +767,9 @@ Output only the ISO 8601 timestamp string, nothing else.`,
         ) {
           result.includeLocationHierarchy = true
         }
-        if (params.offerApplicationId) result.applicationId = params.offerApplicationId
+        if (params.operation === 'list_offers' && params.offerApplicationId) {
+          result.applicationId = params.offerApplicationId
+        }
         if (params.alternateEmailAddresses) {
           result.alternateEmailAddresses = params.alternateEmailAddresses
         }

Original file line number	Diff line number	Diff line change
@@ -767,7 +767,9 @@ Output only the ISO 8601 timestamp string, nothing else.`,
`767`	`767`	`) {`
`768`	`768`	`result.includeLocationHierarchy = true`
`769`	`769`	`}`
`770`		`- if (params.offerApplicationId) result.applicationId = params.offerApplicationId`
	`770`	`+ if (params.operation === 'list_offers' && params.offerApplicationId) {`
	`771`	`+ result.applicationId = params.offerApplicationId`
	`772`	`+ }`
`771`	`773`	`if (params.alternateEmailAddresses) {`
`772`	`774`	`result.alternateEmailAddresses = params.alternateEmailAddresses`
`773`	`775`	`}`