fix(file): harden set_sharing — explicit isActive, agent-controllable params, policy gate + perm-check ordering

Addresses review findings:
- Make isActive explicit/required so a bare call no longer silently enables a public link
- Expose isActive/authType/allowedEmails as user-or-llm so agents can disable/configure shares (password stays user-only)
- Resolve authType from the existing share before the EE policy gate to close a re-enable bypass
- Run the write/admin permission check before the file lookup to remove a file-existence side channel

Author: TheodoreSpeaks

apps/sim/app/api/tools/file/manage/route.ts

@@ -15,7 +15,11 @@ import { generateRequestId } from '@/lib/core/utils/request'
 import { ensureAbsoluteUrl } from '@/lib/core/utils/urls'
 import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
 import { isSupportedFileType, parseBuffer } from '@/lib/file-parsers'
-import { ShareValidationError, upsertFileShare } from '@/lib/public-shares/share-manager'
+import {
+  getShareForResource,
+  ShareValidationError,
+  upsertFileShare,
+} from '@/lib/public-shares/share-manager'
 import { ensureWorkspaceFileFolderPath } from '@/lib/uploads/contexts/workspace/workspace-file-folder-manager'
 import {
   fetchWorkspaceFileBuffer,
@@ -575,16 +579,10 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
       case 'set_sharing': {
         const { fileId, isActive, authType, password, allowedEmails } = body
 
-        const file = await getWorkspaceFile(workspaceId, fileId)
-        if (!file) {
-          return NextResponse.json(
-            { success: false, error: `File not found: "${fileId}"` },
-            { status: 404 }
-          )
-        }
-
-        // Publishing a file is more sensitive than the other mutating ops, so it
-        // requires write/admin (not just workspace access) to match the share route.
+        // Check permission before probing file existence so a read-only caller
+        // can't distinguish 404 from 403 as a file-existence side channel.
+        // Publishing is more sensitive than the other mutating ops, so it
+        // requires write/admin (not just workspace access) like the share route.
         const permission = await getUserEntityPermissions(userId, 'workspace', workspaceId)
         if (permission !== 'admin' && permission !== 'write') {
           return NextResponse.json(
@@ -593,11 +591,24 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
           )
         }
 
+        const file = await getWorkspaceFile(workspaceId, fileId)
+        if (!file) {
+          return NextResponse.json(
+            { success: false, error: `File not found: "${fileId}"` },
+            { status: 404 }
+          )
+        }
+
         // Enabling a share is gated by the org's access-control policy; disabling
         // is always allowed so users can un-share after the policy is turned on.
         if (isActive) {
+          // Resolve the auth type the same way upsertFileShare will (falling back
+          // to the existing share's type) so the policy gate can't be bypassed by
+          // re-enabling a pre-existing restricted share without an explicit authType.
+          const existingShare = await getShareForResource('file', fileId)
+          const resolvedAuthType = authType ?? existingShare?.authType ?? 'public'
           try {
-            await validatePublicFileSharing(userId, workspaceId, authType ?? 'public')
+            await validatePublicFileSharing(userId, workspaceId, resolvedAuthType)
           } catch (error) {
             if (error instanceof PublicFileSharingNotAllowedError) {
               return NextResponse.json({ success: false, error: error.message }, { status: 403 })

apps/sim/lib/api/contracts/tools/file.ts

@@ -47,7 +47,7 @@ export const fileManageSetSharingBodySchema = z.object({
   operation: z.literal('set_sharing'),
   workspaceId: z.string().min(1).optional(),
   fileId: z.string().min(1, 'fileId is required for set_sharing operation'),
-  isActive: z.boolean().optional().default(true),
+  isActive: z.boolean({ error: 'isActive is required for set_sharing operation' }),
   authType: shareAuthTypeSchema.optional(),
   password: z.string().min(1).max(1024).optional(),
   allowedEmails: z.array(z.string().min(1)).max(200).optional(),

apps/sim/tools/file/set-sharing.ts

@@ -27,14 +27,14 @@ export const fileSetSharingTool: ToolConfig<FileSetSharingParams, ToolResponse>
     },
     isActive: {
       type: 'boolean',
-      required: false,
-      visibility: 'user-only',
+      required: true,
+      visibility: 'user-or-llm',
       description: 'Whether the public link is enabled. Set to false to make the file private.',
     },
     authType: {
       type: 'string',
       required: false,
-      visibility: 'user-only',
+      visibility: 'user-or-llm',
       description:
         'Access mode for the link: "public", "password", "email", or "sso". Defaults to "public".',
     },
@@ -47,7 +47,7 @@ export const fileSetSharingTool: ToolConfig<FileSetSharingParams, ToolResponse>
     allowedEmails: {
       type: 'array',
       required: false,
-      visibility: 'user-only',
+      visibility: 'user-or-llm',
       description:
         'Allowed emails or "@domain" patterns. Required when authType is "email" or "sso".',
     },