fix(uptimerobot): address review — heartbeat URL, file/JSON edge cases

- Block: URL is not required for HEARTBEAT monitors (no URL)
- buildMonitorBody: throw on malformed assignedAlertContacts/customHttpHeaders
  JSON instead of silently dropping the field
- PSP route: error (400) when a supplied logo/icon cannot be resolved to a
  stored file instead of silently omitting the image
- PSP route: guard success-path JSON parsing; return a controlled 502 on a
  non-JSON provider response instead of an uncaught 500

Author: waleedlatif1

apps/sim/app/api/tools/uptimerobot/server-utils.ts

@@ -22,7 +22,8 @@ interface PspFormFields {
  * Appends a single optional image file (logo or icon) to the form after
  * downloading it from storage and verifying the caller may access it.
  *
- * @returns an error `NextResponse` if access is denied, otherwise `null`.
+ * @returns an error `NextResponse` if the file is invalid or access is denied,
+ * otherwise `null`.
  */
 async function appendPspImage(
   form: FormData,
@@ -33,7 +34,14 @@ async function appendPspImage(
   logger: Logger
 ): Promise<NextResponse | null> {
   const userFiles = processFilesToUserFiles([file as RawFileInput], requestId, logger)
-  if (userFiles.length === 0) return null
+  if (userFiles.length === 0) {
+    // A file was supplied but could not be resolved to a stored UserFile (e.g. a
+    // bare string reference). Surface it rather than silently dropping the image.
+    return NextResponse.json(
+      { success: false, error: `Invalid ${field} file: expected an uploaded file reference` },
+      { status: 400 }
+    )
+  }
 
   const userFile = userFiles[0]
   const denied = await assertToolFileAccess(userFile.key, userId, requestId, logger)
@@ -110,6 +118,18 @@ export async function forwardPspRequest(options: {
     )
   }
 
-  const data = text ? JSON.parse(text) : {}
+  let data: Record<string, unknown> = {}
+  if (text) {
+    try {
+      const parsed = JSON.parse(text)
+      if (parsed && typeof parsed === 'object') data = parsed as Record<string, unknown>
+    } catch {
+      logger.error(`[${requestId}] UptimeRobot returned a non-JSON PSP response`, { body: text })
+      return NextResponse.json(
+        { success: false, error: 'UptimeRobot returned an unexpected response' },
+        { status: 502 }
+      )
+    }
+  }
   return NextResponse.json({ success: true, output: { psp: mapPsp(data) } })
 }

apps/sim/blocks/blocks/uptimerobot.ts

@@ -123,7 +123,12 @@ export const UptimeRobotBlock: BlockConfig<UptimeRobotMonitorResponse> = {
       type: 'short-input',
       placeholder: 'e.g. https://example.com',
       condition: { field: 'operation', value: [...MONITOR_EDIT_OPS, 'list_monitors'] },
-      required: { field: 'operation', value: 'create_monitor' },
+      // Required to create a monitor, except Heartbeat monitors which have no URL.
+      required: {
+        field: 'operation',
+        value: 'create_monitor',
+        and: { field: 'type', value: 'HEARTBEAT', not: true },
+      },
     },
 
     // Monitor: interval (seconds) — aliased to `interval`

apps/sim/tools/uptimerobot/types.ts

@@ -1,3 +1,4 @@
+import { getErrorMessage } from '@sim/utils/errors'
 import type { OutputProperty, ToolResponse } from '@/tools/types'
 
 /** Base URL for the UptimeRobot v3 REST API. */
@@ -225,14 +226,18 @@ function parseNumberCsv(value: unknown): number[] | undefined {
   return numbers.length > 0 ? numbers : undefined
 }
 
-/** Parses a JSON string (or passes through an already-parsed value). */
-function parseJson(value: unknown): unknown {
+/**
+ * Parses a JSON string (or passes through an already-parsed value). Throws a
+ * descriptive error on malformed JSON so a user-supplied value is never silently
+ * dropped from the request body.
+ */
+function parseJson(value: unknown, field: string): unknown {
   if (value == null || value === '') return undefined
   if (typeof value !== 'string') return value
   try {
     return JSON.parse(value)
-  } catch {
-    return undefined
+  } catch (error) {
+    throw new Error(`Invalid JSON in "${field}": ${getErrorMessage(error, 'could not parse')}`)
   }
 }
 
@@ -272,8 +277,12 @@ export function buildMonitorBody(
   assignDefined(body, 'groupId', params.groupId)
   assignDefined(body, 'successHttpResponseCodes', parseCsv(params.successHttpResponseCodes))
   assignDefined(body, 'tagNames', parseCsv(params.tagNames))
-  assignDefined(body, 'assignedAlertContacts', parseJson(params.assignedAlertContacts))
-  assignDefined(body, 'customHttpHeaders', parseJson(params.customHttpHeaders))
+  assignDefined(
+    body,
+    'assignedAlertContacts',
+    parseJson(params.assignedAlertContacts, 'assignedAlertContacts')
+  )
+  assignDefined(body, 'customHttpHeaders', parseJson(params.customHttpHeaders, 'customHttpHeaders'))
   return body
 }