lint

Author: waleedlatif1

apps/sim/ee/index.ts

@@ -2,8 +2,8 @@
  * Sim Enterprise Edition
  *
  * This barrel export provides access to enterprise features.
- * Features are designed to be optionally loaded - the core application
- * will function without this module present.
+ * Enterprise features are imported directly throughout the codebase, so `ee/`
+ * must be present at build time.
  */
 
 export * from './access-control'

apps/sim/executor/execution/block-executor.ts

@@ -4,8 +4,8 @@ import {
   containsUserFileWithMetadata,
   hydrateUserFilesWithBase64,
 } from '@/lib/uploads/utils/user-file-base64.server'
-import { validateBlockType } from '@/ee/access-control/utils/permission-check'
 import { sanitizeInputFormat, sanitizeTools } from '@/lib/workflows/comparison/normalize'
+import { validateBlockType } from '@/ee/access-control/utils/permission-check'
 import {
   BlockType,
   buildResumeApiUrl,

apps/sim/lib/credential-sets/credential-access.ts

@@ -21,8 +21,9 @@ export interface CredentialAccessResult {
  * - Authorization rules:
  *   - session/api_key: allow if requester owns the credential; otherwise require workflowId and
  *     verify BOTH requester and owner have access to the workflow's workspace
- *   - internal_jwt: require workflowId (by default) and verify credential owner has access to the
- *     workflow's workspace (requester identity is the system/workflow)
+ *   - internal_jwt: ALWAYS requires workflowId and verifies credential owner has access to the
+ *     workflow's workspace. Internal JWT represents automated workflow execution, not direct user
+ *     access, so owner short-circuit is intentionally skipped.
  */
 export async function authorizeCredentialUse(
   request: NextRequest,