sim icon indicating copy to clipboard operation
sim copied to clipboard
Published 1 month ago verified publisher icon simstudioai

feat(api): add version endpoint for instance identification

Open majiayu000 opened this issue 1 month ago • 2 comments

Summary

  • Add GET /api/version endpoint that returns version information
  • Returns app version, name, build time, git commit, and environment
  • Helps identify the version of a running Sim Studio instance

Test plan

  • [ ] Manual testing with curl /api/version

Fixes #2014

majiayu000 avatar Dec 22 '25 11:12 majiayu000

@majiayu000 is attempting to deploy a commit to the Sim Team on Vercel.

A member of the Team first needs to authorize it.

vercel[bot] avatar Dec 22 '25 11:12 vercel[bot]

Greptile Summary

Adds a new version endpoint that returns instance identification information including app version, build time, and git commit hash.

Key Changes:

  • New GET /api/version endpoint returns version metadata without authentication
  • Network policy updated to support custom egress rules for realtime service
  • Endpoint uses force-dynamic to prevent caching

Security Consideration:

  • Exposing NODE_ENV in the response reveals environment details that could aid reconnaissance attacks

Confidence Score: 4/5

  • This PR is safe to merge with one security consideration to address
  • The implementation is straightforward and adds useful functionality. The endpoint correctly uses force-dynamic to prevent caching. However, exposing NODE_ENV presents a minor security concern by revealing the environment type, which could aid attackers in reconnaissance. The network policy change is safe and follows established patterns.
  • Review apps/sim/app/api/version/route.ts to consider removing nodeEnv from the response

Important Files Changed

Filename Overview
apps/sim/app/api/version/route.ts New version endpoint that exposes app version, build time, git commit, and environment - potential information disclosure concern with nodeEnv
helm/sim/templates/networkpolicy.yaml Added custom egress rule support to realtime service network policy - clean infrastructure improvement

Sequence Diagram

sequenceDiagram
    participant Client
    participant API as /api/version
    participant Env as Environment Variables

    Client->>API: GET /api/version
    API->>Env: Read npm_package_version or APP_VERSION
    API->>Env: Read BUILD_TIME
    API->>Env: Read VERCEL_GIT_COMMIT_SHA or GIT_COMMIT
    API->>Env: Read NODE_ENV
    Env-->>API: Return environment values
    API->>API: Format gitCommit to 7 chars
    API-->>Client: Return JSON with version info

greptile-apps[bot] avatar Dec 22 '25 11:12 greptile-apps[bot]