Audit an existing Sim integration against the service API docs and repository conventions, then report and fix issues across tools, blocks, outputs, OAuth scopes, triggers, and registry entries. Use when validating or repairing a service integration under `apps/sim/tools`, `apps/sim/blocks`, or `apps/sim/triggers`.
Audit an existing Sim integration against the service API docs and repository conventions, then report and fix issues across tools, blocks, outputs, OAuth scopes, triggers, and registry entries. Use when validating or repairing a service integration under `apps/sim/tools`, `apps/sim/blocks`, or `apps/sim/triggers`.
Validate Integration Skill
You are an expert auditor for Sim integrations. Your job is to thoroughly validate that an existing integration is correct, complete, and follows all conventions.
Your Task
When the user asks you to validate an integration:
Read the service's API documentation (via WebFetch or Context7)
Read every tool, the block, and registry entries
Cross-reference everything against the API docs and Sim conventions
Report all issues found, grouped by severity (critical, warning, suggestion)
Fix all issues after reporting them
Step 1: Gather All Files
Read every file for the integration — do not skip any:
apps/sim/tools/{service}/ # All tool files, types.ts, index.ts
apps/sim/blocks/blocks/{service}.ts # Block definition
apps/sim/tools/registry.ts # Tool registry entries for this service
apps/sim/blocks/registry.ts # Block registry entry for this service
apps/sim/components/icons.tsx # Icon definition
apps/sim/lib/auth/auth.ts # OAuth config — should use getCanonicalScopesForProvider()
apps/sim/lib/oauth/oauth.ts # OAuth provider config — single source of truth for scopes
apps/sim/lib/oauth/utils.ts # Scope utilities, SCOPE_DESCRIPTIONS for modal UI
Step 2: Pull API Documentation
Fetch the official API docs for the service. This is the source of truth for:
Endpoint URLs, HTTP methods, and auth headers
Required vs optional parameters
Parameter types and allowed values
Response shapes and field names
Pagination patterns (which param name, which response field)
Rate limits and error formats
Hard Rule: No Guessed Response Schemas
If the official docs do not clearly show the response JSON shape for an endpoint, you MUST tell the user instead of guessing.
Do NOT assume field names from nearby endpoints
Do NOT infer nested JSON paths without evidence
Do NOT treat "likely" fields as confirmed outputs
Do NOT accept implementation guesses as valid just because they are defensive
If a response schema is unknown, the validation must explicitly call that out and require:
sample responses from the user,
live test credentials for verification, or
trimming the tool/block down to only documented fields.
Step 3: Validate Tools
For every tool file, check:
Tool ID and Naming
Tool ID uses snake_case: {service}_{action} (e.g., x_create_tweet, slack_send_message)
Tool name is human-readable (e.g., 'X Create Tweet')
Tool description is a concise one-liner describing what it does
Tool version is set ('1.0.0' or '2.0.0' for V2)
Params
All required API params are marked required: true
All optional API params are marked required: false
Every param has explicit required: true or required: false — never omitted
Param types match the API ('string', 'number', 'boolean', 'json')
Visibility is correct:
'hidden' — ONLY for OAuth access tokens and system-injected params
'user-only' — for API keys, credentials, and account-specific IDs the user must provide
'user-or-llm' — for everything else (search queries, content, filters, IDs that could come from other blocks)
Every param has a description that explains what it does
Request
URL matches the API endpoint exactly (correct base URL, path segments, path params)
HTTP method matches the API spec (GET, POST, PUT, PATCH, DELETE)
Dropdown value: () => 'default' is set for dropdowns with a sensible default
Advanced Mode
Optional, rarely-used fields are set to mode: 'advanced':
Pagination tokens / next tokens
Time range filters (start/end time)
Sort order / direction options
Max results / per page limits
Reply settings / threading options
Rarely used IDs (reply-to, quote-tweet, etc.)
Exclude filters
Required fields are NEVER set to mode: 'advanced'
Fields that users fill in most of the time are NOT set to mode: 'advanced'
WandConfig
Timestamp fields have wandConfig with generationType: 'timestamp'
Comma-separated list fields have wandConfig with a descriptive prompt
Complex filter/query fields have wandConfig with format examples in the prompt
All wandConfig prompts end with "Return ONLY the [format] - no explanations, no extra text."
wandConfig.placeholder describes what to type in natural language
Tools Config
tools.access lists every tool ID the block can use — none missing
tools.config.tool returns the correct tool ID for each operation
Type coercions are in tools.config.params (runs at execution time), NOT in tools.config.tool (runs at serialization time before variable resolution)
tools.config.params handles:
Number() conversion for numeric params that come as strings from inputs
Boolean / string-to-boolean conversion for toggle params
Empty string → undefined conversion for optional dropdown values
Any subBlock ID → tool param name remapping
No Number(), JSON.parse(), or other coercions in tools.config.tool — these would destroy dynamic references like <Block.output>
Block Outputs
Outputs cover the key fields returned by ALL tools (not just one operation)
Output types are correct ('string', 'number', 'boolean', 'json')
type: 'json' outputs describe inner fields in the description string: 'User profile (id, name, username, bio)' or '[{address, status, type}]' for arrays
Do NOT add a properties: {...} field on block outputs. Block-level OutputFieldDefinition (from @sim/workflow-types/blocks) only accepts { type, description?, condition?, hiddenFromDisplay? }. Nested properties is a tool-level construct (OutputProperty) — adding it to a block output will fail TypeScript at build time
No opaque type: 'json' with vague descriptions like 'Response data'
Outputs that only appear for certain operations use condition if supported, or document which operations return them
Block Metadata
type is snake_case (e.g., 'x', 'cloudflare')
name is human-readable (e.g., 'X', 'Cloudflare')
description is a concise one-liner
longDescription provides detail for docs
docsLink points to 'https://docs.sim.ai/integrations/{service}'
category is 'tools'
bgColor uses the service's brand color hex
icon references the correct icon component from @/components/icons
authMode is set correctly (AuthMode.OAuth or AuthMode.ApiKey)
Block is registered in blocks/registry.ts alphabetically
BlockMeta Skills (catalog)
{Service}BlockMeta.skills is present (3–5 for mainstream services, 2–3 for niche/low-level)
Every skill is grounded — its steps only use operations the block exposes in tools.access; flag any skill that implies an unsupported action (e.g. "receive messages" when the block only sends)
Every skill is real, not hallucinated — web-search the service and confirm each skill maps to a popular use case attested online (vendor use-case/solutions pages, official docs describing the workflow, reputable "top automations for X" articles). Rewrite or remove any skill you cannot source as something people genuinely do with the service.
Each skill has a kebab-case name (≤64 chars, unique), a one-line description, and markdown content with # Title + ## Steps + an output/guidance section
Block Inputs
inputs section lists all subBlock params that the block accepts
Input types match the subBlock types
When using canonicalParamId, inputs list the canonical ID (not the raw subBlock IDs)
Step 5: Validate OAuth Scopes (if OAuth service)
Scopes are centralized — the single source of truth is OAUTH_PROVIDERS in lib/oauth/oauth.ts.
Scopes defined in lib/oauth/oauth.ts under OAUTH_PROVIDERS[provider].services[service].scopes
auth.ts uses getCanonicalScopesForProvider(providerId) — NOT a hardcoded array
Block requiredScopes uses getScopesForService(serviceId) — NOT a hardcoded array
No hardcoded scope arrays in auth.ts or block files (should all use utility functions)
Each scope has a human-readable description in SCOPE_DESCRIPTIONS within lib/oauth/utils.ts
No excess scopes that aren't needed by any tool
Step 6: Validate Pagination Consistency
If any tools support pagination:
Pagination param names match the API docs (e.g., pagination_token vs next_token vs cursor)
Different API endpoints that use different pagination param names have separate subBlocks in the block
Pagination response fields (nextToken, cursor, etc.) are included in tool outputs
Pagination subBlocks are set to mode: 'advanced'
Step 7: Validate Memory Load Safety
If any tool lists, searches, exports, imports, downloads, uploads, paginates, batches, transforms arrays, or reads file/HTTP bodies, read .agents/skills/memory-load-check/SKILL.md and apply it to the integration.
List/search tools expose API limits and do not auto-fetch every page into memory
Transform logic does not build unbounded arrays, maps, sets, or Promise.all fan-outs
File and HTTP body reads use explicit byte caps or existing stream-limit helpers
Large result payloads are summarized, paginated, referenced, or capped rather than raw-dumped
Pagination and download tests cover caps, early stop behavior, or partial-result preservation when relevant
Step 8: Validate Error Handling
transformResponse checks for error conditions before accessing data
Error responses include meaningful messages (not just generic "failed")
HTTP error status codes are handled (check response.ok or status codes)
Step 9: Report and Fix
Report Format
Group findings by severity:
Critical (will cause runtime errors or incorrect behavior):
Wrong endpoint URL or HTTP method
Missing required params or wrong required flag
Incorrect response field mapping (accessing wrong path in response)
Missing error handling that would cause crashes
Tool ID mismatch between tool file, registry, and block tools.access
OAuth scopes missing in auth.ts that tools need
tools.config.tool returning wrong tool ID for an operation
Type coercions in tools.config.tool instead of tools.config.params
Warning (follows conventions incorrectly or has usability issues):
Optional field not set to mode: 'advanced'
Missing wandConfig on timestamp/complex fields
Wrong visibility on params (e.g., 'hidden' instead of 'user-or-llm')
Missing optional: true on nullable outputs
Opaque type: 'json' without property descriptions
Missing .trim() on ID fields in request URLs
Missing ?? null on nullable response fields
Block condition array missing an operation that uses that field
Hardcoded scope arrays instead of using getScopesForService() / getCanonicalScopesForProvider()
Missing scope description in SCOPE_DESCRIPTIONS within lib/oauth/utils.ts
Suggestion (minor improvements):
Better description text
Inconsistent naming across tools
Missing longDescription or docsLink
Pagination fields that could benefit from wandConfig
Fix All Issues
After reporting, fix every critical and warning issue. Apply suggestions where they don't add unnecessary complexity.
Validation Output
After fixing, confirm:
bun run lint passes with no fixes needed
TypeScript compiles clean (no type errors)
Re-read all modified files to verify fixes are correct
Any remaining unknown response schemas were explicitly reported to the user instead of guessed
Checklist Summary
Read ALL tool files, block, types, index, and registries
Pulled and read official API documentation
Validated every tool's ID, params, request, response, outputs, and types against API docs
Validated block ↔ tool alignment (every tool param has a subBlock, every condition is correct)
Validated advanced mode on optional/rarely-used fields
Validated wandConfig on timestamps and complex inputs
Validated tools.config mapping, tool selector, and type coercions
Validated block outputs match what tools return, with typed JSON where possible
Validated OAuth scopes use centralized utilities (getScopesForService, getCanonicalScopesForProvider) — no hardcoded arrays
Validated scope descriptions exist in SCOPE_DESCRIPTIONS within lib/oauth/utils.ts for all scopes
Validated pagination consistency across tools and block
Validated memory load safety using .agents/skills/memory-load-check/SKILL.md when tools list/search/download/import/export/batch data