fix(tools) Directly query db for custom tool id

[TheodoreSpeaks]

Summary

Adjusted querying custom tool by id from a endpoint call to an internal db call.

Previously, these custom tool calls would each hit our gateway, causing 502s when a large amount were requested and causing 5xx on workflow execution. We can avoid this by directly querying the db instead

Type of Change

• Bug fix
• New feature
• Breaking change
• Documentation
• Other: ___________

Testing

• Validated custom tools can still be used by agents after change.

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

Screenshots/Videos

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
docs	Skipped		Apr 3, 2026 2:06am

[TheodoreSpeaks]

@BugBot review

[TheodoreSpeaks]

@greptile review

[cursor]

PR Summary

Medium Risk
Moderate risk because it changes how custom tools are looked up (API -> DB) and now hard-requires userId/workspaceId in some paths, which could cause missing-context failures or permission-scope regressions.

Overview
Custom tool lookups now bypass the gateway. Agent execution (AgentBlockHandler) and server-side tool resolution (getToolAsync) stop calling /api/tools/custom and instead query the database via getCustomToolById / new getCustomToolByIdOrTitle.

This adds getCustomToolByIdOrTitle to support resolving tools by either id or title with workspace-first fallback, and updates unit tests to mock DB operations (including failure fallbacks to inline schema when DB lookup fails).

^{Written by Cursor Bugbot for commit 91755a7. This will update automatically on new commits. Configure here.}

[greptile-apps]

Greptile Summary

This PR replaces HTTP gateway calls (which were causing 502s under load) with direct database queries for custom tool lookups. It introduces a new getCustomToolByIdOrTitle helper in operations.ts, updates utils.server.ts to use it, and migrates agent-handler.ts to use the existing getCustomToolById directly — eliminating network round-trips that were a single-point-of-failure for workflows with many custom tools.

Key changes:

• New getCustomToolByIdOrTitle in operations.ts performs workspace-first, legacy-fallback lookups matching the old API's semantics, but using targeted SQL rather than fetching all tools
• utils.server.ts drops its internal token generation and HTTP fetch in favour of a direct DB call; workflowId is still correctly forwarded to createCustomToolRequestBody (not the DB query)
• agent-handler.ts now uses a static import of getCustomToolById instead of a dynamic import inside the method body, fixing the dynamic-import pattern flagged in previous review passes
• Tests are updated to mock @/lib/workflows/custom-tools/operations directly instead of intercepting fetch calls, and a mockContext.userId is now set in beforeEach to satisfy the new early-exit guard
• The as unknown as CustomToolDefinition cast in utils.server.ts (line 129) noted in prior reviews remains unresolved

Confidence Score: 5/5

Safe to merge — the core logic is correct, the gateway-bypass fixes the reported 502s, and all test paths are covered. The only remaining finding is a P2 style nit.

All previously raised P1 concerns (dynamic imports, double-query title fallback) are resolved in this iteration. The sole new finding is a cosmetic array-spread style issue that has no runtime impact. No P0 or P1 issues remain on the changed paths.

No files require special attention beyond the minor style nit in operations.ts.

Important Files Changed

Filename	Overview
apps/sim/lib/workflows/custom-tools/operations.ts	Adds getCustomToolByIdOrTitle with workspace-first, legacy-fallback semantics and a combined id/title OR predicate; two DB round-trips when workspaceId is supplied but the tool lives in the legacy store; no new P0/P1 issues beyond minor style nit.
apps/sim/tools/utils.server.ts	Replaces internal HTTP fetch with a direct DB call; removes token-generation overhead; as unknown as CustomToolDefinition double cast remains (flagged in prior thread); workflowId is correctly used downstream in createCustomToolRequestBody but not passed to the DB query.
apps/sim/executor/handlers/agent/agent-handler.ts	Switches from a dynamic import inside fetchCustomToolById to a static top-level import of getCustomToolById; adds a userId guard before the try block; implementation is clean and correct.
apps/sim/executor/handlers/agent/agent-handler.test.ts	Test mocks updated from intercepting fetch to mocking getCustomToolById directly; mockContext.userId correctly set in beforeEach; test coverage for success/failure paths preserved.
apps/sim/tools/index.test.ts	Adds hoisted mocks for all three new operations exports and updates the custom-tool resolver test to mock getCustomToolByIdOrTitle directly; cleaner than the previous fetch-mock approach.

_{Reviews (2): Last reviewed commit: "Fix lint" | Re-trigger Greptile}

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

[TheodoreSpeaks]

@BugBot review

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}