simstudioai
diff --git a/‎apps/sim/app/api/admin/mothership/route.ts‎
Lines changed: 12 additions & 8 deletions b/‎apps/sim/app/api/admin/mothership/route.ts‎
Lines changed: 12 additions & 8 deletions
diff --git a/‎apps/sim/lib/copilot/server/agent-url.test.ts‎
Lines changed: 118 additions & 0 deletions b/‎apps/sim/lib/copilot/server/agent-url.test.ts‎
Lines changed: 118 additions & 0 deletions
diff --git a/‎apps/sim/lib/copilot/server/agent-url.ts‎
Lines changed: 2 additions & 6 deletions b/‎apps/sim/lib/copilot/server/agent-url.ts‎
Lines changed: 2 additions & 6 deletions
diff --git a/‎…db/migrations/0205_funny_sleepwalker.sql‎ ‎…kages/db/migrations/0205_mute_landau.sql‎packages/db/migrations/0205_funny_sleepwalker.sql renamed to packages/db/migrations/0205_mute_landau.sql
Lines changed: 1 addition & 1 deletion b/‎…db/migrations/0205_funny_sleepwalker.sql‎ ‎…kages/db/migrations/0205_mute_landau.sql‎packages/db/migrations/0205_funny_sleepwalker.sql renamed to packages/db/migrations/0205_mute_landau.sql
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/db/migrations/0206_amazing_maximus.sql‎
Lines changed: 0 additions & 1 deletion b/‎packages/db/migrations/0206_amazing_maximus.sql‎
Lines changed: 0 additions & 1 deletion
@@ -16,11 +16,12 @@ const ENV_URLS: Record<string, string | undefined> = {
   prod: env.MOTHERSHIP_PROD_URL,
 }
 
-async function getMothershipUrl(environment: string): Promise<string | null> {
+async function getMothershipUrl(environment: string, userId: string): Promise<string | null> {
   const parsedEnvironment = mothershipEnvironmentSchema.safeParse(environment)
   if (!parsedEnvironment.success) return ENV_URLS[environment] ?? null
 
   return getMothershipBaseURL({
+    userId,
     environment: parsedEnvironment.data,
     fallbackUrl: ENV_URLS[environment],
   })
@@ -34,9 +35,9 @@ function isValidEndpoint(endpoint: string): boolean {
   return ENDPOINT_PATTERN.test(endpoint)
 }
 
-async function isAdminRequestAuthorized() {
+async function getAuthorizedAdminUserId() {
   const session = await getSession()
-  if (!session?.user?.id) return false
+  if (!session?.user?.id) return null
 
   const [currentUser] = await db
     .select({
@@ -48,7 +49,8 @@ async function isAdminRequestAuthorized() {
     .where(eq(user.id, session.user.id))
     .limit(1)
 
-  return currentUser?.role === 'admin' && (currentUser.superUserModeEnabled ?? false)
+  const authorized = currentUser?.role === 'admin' && (currentUser.superUserModeEnabled ?? false)
+  return authorized ? session.user.id : null
 }
 
 /**
@@ -62,7 +64,8 @@ async function isAdminRequestAuthorized() {
  * (e.g. requestId for GET /traces) are forwarded.
  */
 export const POST = withRouteHandler(async (req: NextRequest) => {
-  if (!(await isAdminRequestAuthorized())) {
+  const userId = await getAuthorizedAdminUserId()
+  if (!userId) {
     return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
   }
 
@@ -80,7 +83,7 @@ export const POST = withRouteHandler(async (req: NextRequest) => {
     return NextResponse.json({ error: 'invalid endpoint' }, { status: 400 })
   }
 
-  const baseUrl = await getMothershipUrl(environment)
+  const baseUrl = await getMothershipUrl(environment, userId)
   if (!baseUrl) {
     return NextResponse.json(
       { error: `No URL configured for environment: ${environment}` },
@@ -114,7 +117,8 @@ export const POST = withRouteHandler(async (req: NextRequest) => {
 })
 
 export const GET = withRouteHandler(async (req: NextRequest) => {
-  if (!(await isAdminRequestAuthorized())) {
+  const userId = await getAuthorizedAdminUserId()
+  if (!userId) {
     return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
   }
 
@@ -132,7 +136,7 @@ export const GET = withRouteHandler(async (req: NextRequest) => {
     return NextResponse.json({ error: 'invalid endpoint' }, { status: 400 })
   }
 
-  const baseUrl = await getMothershipUrl(environment)
+  const baseUrl = await getMothershipUrl(environment, userId)
   if (!baseUrl) {
     return NextResponse.json(
       { error: `No URL configured for environment: ${environment}` },
 
@@ -0,0 +1,118 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { getMothershipBaseURL } from './agent-url'
+
+const { dbMock, mockRows } = vi.hoisted(() => {
+  const mockRows: any[] = []
+  const dbMock = {
+    select: vi.fn(() => ({
+      from: vi.fn(() => ({
+        leftJoin: vi.fn(() => ({
+          where: vi.fn(() => ({
+            limit: vi.fn(async () => mockRows),
+          })),
+        })),
+      })),
+    })),
+  }
+  return { dbMock, mockRows }
+})
+
+vi.mock('@sim/db', () => ({ db: dbMock }))
+vi.mock('@sim/db/schema', () => ({
+  settings: {
+    userId: 'settings.userId',
+    superUserModeEnabled: 'settings.superUserModeEnabled',
+    mothershipEnvironment: 'settings.mothershipEnvironment',
+  },
+  user: {
+    id: 'user.id',
+    role: 'user.role',
+  },
+}))
+vi.mock('drizzle-orm', () => ({
+  eq: vi.fn(() => ({})),
+}))
+vi.mock('@/lib/api/contracts', () => ({
+  mothershipEnvironmentSchema: {
+    safeParse: (value: unknown) =>
+      ['default', 'dev', 'staging', 'prod'].includes(String(value))
+        ? { success: true, data: value }
+        : { success: false },
+  },
+}))
+vi.mock('@/lib/copilot/constants', () => ({
+  SIM_AGENT_API_URL: 'https://default.mothership.test',
+  SIM_AGENT_API_URL_DEFAULT: 'https://fallback.mothership.test',
+}))
+vi.mock('@/lib/core/config/env', () => ({
+  env: {
+    COPILOT_DEV_URL: 'https://dev.mothership.test',
+    COPILOT_STAGING_URL: 'https://staging.mothership.test',
+    COPILOT_PROD_URL: 'https://prod.mothership.test',
+  },
+}))
+
+describe('getMothershipBaseURL', () => {
+  beforeEach(() => {
+    mockRows.length = 0
+    dbMock.select.mockClear()
+  })
+
+  it('uses the default URL when there is no user context', async () => {
+    await expect(getMothershipBaseURL()).resolves.toBe('https://default.mothership.test')
+    await expect(getMothershipBaseURL({ environment: 'dev' })).resolves.toBe(
+      'https://default.mothership.test'
+    )
+  })
+
+  it('ignores stored and explicit environments for non-admin users', async () => {
+    mockRows.push({
+      role: 'user',
+      superUserModeEnabled: true,
+      mothershipEnvironment: 'dev',
+    })
+
+    await expect(getMothershipBaseURL({ userId: 'user-1', environment: 'staging' })).resolves.toBe(
+      'https://default.mothership.test'
+    )
+  })
+
+  it('ignores stored and explicit environments when super user mode is off', async () => {
+    mockRows.push({
+      role: 'admin',
+      superUserModeEnabled: false,
+      mothershipEnvironment: 'dev',
+    })
+
+    await expect(getMothershipBaseURL({ userId: 'admin-1', environment: 'prod' })).resolves.toBe(
+      'https://default.mothership.test'
+    )
+  })
+
+  it('uses default for super admins until they select a concrete environment', async () => {
+    mockRows.push({
+      role: 'admin',
+      superUserModeEnabled: true,
+      mothershipEnvironment: 'default',
+    })
+
+    await expect(getMothershipBaseURL({ userId: 'admin-1' })).resolves.toBe(
+      'https://default.mothership.test'
+    )
+  })
+
+  it('allows effective super admins to use a selected environment', async () => {
+    mockRows.push({
+      role: 'admin',
+      superUserModeEnabled: true,
+      mothershipEnvironment: 'dev',
+    })
+
+    await expect(getMothershipBaseURL({ userId: 'admin-1' })).resolves.toBe(
+      'https://dev.mothership.test'
+    )
+    await expect(getMothershipBaseURL({ userId: 'admin-1', environment: 'staging' })).resolves.toBe(
+      'https://staging.mothership.test'
+    )
+  })
+})
@@ -14,7 +14,6 @@ export interface GetMothershipBaseURLOptions {
 type ConcreteMothershipEnvironment = Exclude<MothershipEnvironment, 'default'>
 
 const ENVIRONMENT_URLS: Record<ConcreteMothershipEnvironment, string | undefined> = {
-  // env vars
   dev: env.COPILOT_DEV_URL,
   staging: env.COPILOT_STAGING_URL,
   prod: env.COPILOT_PROD_URL,
@@ -40,10 +39,6 @@ export async function getMothershipBaseURL(
 ): Promise<string> {
   const defaultUrl = getDefaultMothershipBaseURL(options.fallbackUrl)
 
-  if (options.environment) {
-    return getConfiguredEnvironmentUrl(options.environment) ?? defaultUrl
-  }
-
   const { userId } = options
   if (!userId) return defaultUrl
 
@@ -61,7 +56,8 @@ export async function getMothershipBaseURL(
   const effectiveSuperUser = row?.role === 'admin' && (row.superUserModeEnabled ?? false)
   if (!effectiveSuperUser) return defaultUrl
 
-  const parsedEnvironment = mothershipEnvironmentSchema.safeParse(row.mothershipEnvironment)
+  const selectedEnvironment = options.environment ?? row.mothershipEnvironment
+  const parsedEnvironment = mothershipEnvironmentSchema.safeParse(selectedEnvironment)
   const environment = parsedEnvironment.success ? parsedEnvironment.data : 'default'
 
   return getConfiguredEnvironmentUrl(environment) ?? defaultUrl
 
@@ -1 +1 @@
-ALTER TABLE "settings" ADD COLUMN "mothership_environment" text DEFAULT 'prod' NOT NULL;
+ALTER TABLE "settings" ADD COLUMN "mothership_environment" text DEFAULT 'default' NOT NULL;
Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-ALTER TABLE "settings" ADD COLUMN "mothership_environment" text DEFAULT 'prod' NOT NULL;`
	`1`	`+ALTER TABLE "settings" ADD COLUMN "mothership_environment" text DEFAULT 'default' NOT NULL;`