// Audit an existing Sim integration against the service API docs and repository conventions, then report and fix issues across tools, blocks, outputs, OAuth scopes, triggers, and registry entries. Use when validating or repairing a service integration under `apps/sim/tools`, `apps/sim/blocks`, or `apps/sim/triggers`.
Audit an existing Sim integration against the service API docs and repository conventions, then report and fix issues across tools, blocks, outputs, OAuth scopes, triggers, and registry entries. Use when validating or repairing a service integration under `apps/sim/tools`, `apps/sim/blocks`, or `apps/sim/triggers`.
Validate Integration Skill
You are an expert auditor for Sim integrations. Your job is to thoroughly validate that an existing integration is correct, complete, and follows all conventions.
Your Task
When the user asks you to validate an integration:
Read the service's API documentation (via WebFetch or Context7)
Read every tool, the block, and registry entries
Cross-reference everything against the API docs and Sim conventions
Report all issues found, grouped by severity (critical, warning, suggestion)
Fix all issues after reporting them
Step 1: Gather All Files
Read every file for the integration — do not skip any:
apps/sim/tools/{service}/ # All tool files, types.ts, index.ts
apps/sim/blocks/blocks/{service}.ts # Block definition
apps/sim/tools/registry.ts # Tool registry entries for this service
apps/sim/blocks/registry.ts # Block registry entry for this service
apps/sim/components/icons.tsx # Icon definition
apps/sim/lib/auth/auth.ts # OAuth config — should use getCanonicalScopesForProvider()
apps/sim/lib/oauth/oauth.ts # OAuth provider config — single source of truth for scopes
apps/sim/lib/oauth/utils.ts # Scope utilities, SCOPE_DESCRIPTIONS for modal UI
Step 2: Pull API Documentation
Fetch the official API docs for the service. This is the source of truth for:
Endpoint URLs, HTTP methods, and auth headers
Required vs optional parameters
Parameter types and allowed values
Response shapes and field names
Pagination patterns (which param name, which response field)
Rate limits and error formats
Hard Rule: No Guessed Response Schemas
If the official docs do not clearly show the response JSON shape for an endpoint, you MUST tell the user instead of guessing.
Do NOT assume field names from nearby endpoints
Do NOT infer nested JSON paths without evidence
Do NOT treat "likely" fields as confirmed outputs
Do NOT accept implementation guesses as valid just because they are defensive
If a response schema is unknown, the validation must explicitly call that out and require:
sample responses from the user,
live test credentials for verification, or
trimming the tool/block down to only documented fields.
Step 3: Validate Tools
For every tool file, check:
Tool ID and Naming
Tool ID uses snake_case: {service}_{action} (e.g., x_create_tweet, slack_send_message)
Tool name is human-readable (e.g., 'X Create Tweet')
Tool description is a concise one-liner describing what it does
Tool version is set ('1.0.0' or '2.0.0' for V2)
Params
All required API params are marked required: true
All optional API params are marked required: false
Every param has explicit required: true or required: false — never omitted
Param types match the API ('string', 'number', 'boolean', 'json')
Visibility is correct:
'hidden' — ONLY for OAuth access tokens and system-injected params
'user-only' — for API keys, credentials, and account-specific IDs the user must provide
'user-or-llm' — for everything else (search queries, content, filters, IDs that could come from other blocks)
Every param has a description that explains what it does
Request
URL matches the API endpoint exactly (correct base URL, path segments, path params)
HTTP method matches the API spec (GET, POST, PUT, PATCH, DELETE)
No opaque type: 'json' with vague descriptions like 'Response data'
Outputs that only appear for certain operations use condition if supported, or document which operations return them
Block Metadata
type is snake_case (e.g., 'x', 'cloudflare')
name is human-readable (e.g., 'X', 'Cloudflare')
description is a concise one-liner
longDescription provides detail for docs
docsLink points to 'https://docs.sim.ai/tools/{service}'
category is 'tools'
bgColor uses the service's brand color hex
icon references the correct icon component from @/components/icons
authMode is set correctly (AuthMode.OAuth or AuthMode.ApiKey)
Block is registered in blocks/registry.ts alphabetically
Block Inputs
inputs section lists all subBlock params that the block accepts
Input types match the subBlock types
When using canonicalParamId, inputs list the canonical ID (not the raw subBlock IDs)
Step 5: Validate OAuth Scopes (if OAuth service)
Scopes are centralized — the single source of truth is OAUTH_PROVIDERS in lib/oauth/oauth.ts.
Scopes defined in lib/oauth/oauth.ts under OAUTH_PROVIDERS[provider].services[service].scopes
auth.ts uses getCanonicalScopesForProvider(providerId) — NOT a hardcoded array
Block requiredScopes uses getScopesForService(serviceId) — NOT a hardcoded array
No hardcoded scope arrays in auth.ts or block files (should all use utility functions)
Each scope has a human-readable description in SCOPE_DESCRIPTIONS within lib/oauth/utils.ts
No excess scopes that aren't needed by any tool
Step 6: Validate Pagination Consistency
If any tools support pagination:
Pagination param names match the API docs (e.g., pagination_token vs next_token vs cursor)
Different API endpoints that use different pagination param names have separate subBlocks in the block
Pagination response fields (nextToken, cursor, etc.) are included in tool outputs
Pagination subBlocks are set to mode: 'advanced'
Step 7: Validate Memory Load Safety
If any tool lists, searches, exports, imports, downloads, uploads, paginates, batches, transforms arrays, or reads file/HTTP bodies, read .agents/skills/memory-load-check/SKILL.md and apply it to the integration.
List/search tools expose API limits and do not auto-fetch every page into memory
Transform logic does not build unbounded arrays, maps, sets, or Promise.all fan-outs
File and HTTP body reads use explicit byte caps or existing stream-limit helpers
Large result payloads are summarized, paginated, referenced, or capped rather than raw-dumped
Pagination and download tests cover caps, early stop behavior, or partial-result preservation when relevant
Step 8: Validate Error Handling
transformResponse checks for error conditions before accessing data
Error responses include meaningful messages (not just generic "failed")
HTTP error status codes are handled (check response.ok or status codes)
Step 9: Report and Fix
Report Format
Group findings by severity:
Critical (will cause runtime errors or incorrect behavior):
Wrong endpoint URL or HTTP method
Missing required params or wrong required flag
Incorrect response field mapping (accessing wrong path in response)
Missing error handling that would cause crashes
Tool ID mismatch between tool file, registry, and block tools.access
OAuth scopes missing in auth.ts that tools need
tools.config.tool returning wrong tool ID for an operation
Type coercions in tools.config.tool instead of tools.config.params
Warning (follows conventions incorrectly or has usability issues):
Optional field not set to mode: 'advanced'
Missing wandConfig on timestamp/complex fields
Wrong visibility on params (e.g., 'hidden' instead of 'user-or-llm')
Missing optional: true on nullable outputs
Opaque type: 'json' without property descriptions
Missing .trim() on ID fields in request URLs
Missing ?? null on nullable response fields
Block condition array missing an operation that uses that field
Hardcoded scope arrays instead of using getScopesForService() / getCanonicalScopesForProvider()
Missing scope description in SCOPE_DESCRIPTIONS within lib/oauth/utils.ts
Suggestion (minor improvements):
Better description text
Inconsistent naming across tools
Missing longDescription or docsLink
Pagination fields that could benefit from wandConfig
Fix All Issues
After reporting, fix every critical and warning issue. Apply suggestions where they don't add unnecessary complexity.
Validation Output
After fixing, confirm:
bun run lint passes with no fixes needed
TypeScript compiles clean (no type errors)
Re-read all modified files to verify fixes are correct
Any remaining unknown response schemas were explicitly reported to the user instead of guessed
Checklist Summary
Read ALL tool files, block, types, index, and registries
Pulled and read official API documentation
Validated every tool's ID, params, request, response, outputs, and types against API docs
Validated block ↔ tool alignment (every tool param has a subBlock, every condition is correct)
Validated advanced mode on optional/rarely-used fields
Validated wandConfig on timestamps and complex inputs
Validated tools.config mapping, tool selector, and type coercions
Validated block outputs match what tools return, with typed JSON where possible
Validated OAuth scopes use centralized utilities (getScopesForService, getCanonicalScopesForProvider) — no hardcoded arrays
Validated scope descriptions exist in SCOPE_DESCRIPTIONS within lib/oauth/utils.ts for all scopes
Validated pagination consistency across tools and block
Validated memory load safety using .agents/skills/memory-load-check/SKILL.md when tools list/search/download/import/export/batch data
