feat(ironclad): add Ironclad integration with OAuth

[waleedlatif1]

Summary

• Add full Ironclad integration with 12 tools (workflows + records CRUD, approvals, comments)
• OAuth 2.0 auth with 10 scopes, centralized via getScopesForService/getCanonicalScopesForProvider
• Block with operation dropdown, conditional fields, advanced mode pagination, wandConfig on complex inputs
• Docs page with manual description section

Type of Change

• New feature

Testing

Tested manually

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
docs	Skipped		Mar 26, 2026 11:18pm

[cursor]

PR Summary

Medium Risk
Adds a new OAuth provider and a suite of outbound API tools against Ironclad, increasing surface area for auth/config and external API error/contract handling. Changes are mostly additive but touch authentication and tool registries used broadly.

Overview
Adds a new Ironclad integration end-to-end: new IroncladIcon, integration metadata for the landing page, and docs (tools/ironclad.mdx + meta.json) so it appears in docs and UI icon mappings.

Introduces an Ironclad block (blocks/blocks/ironclad.ts) with an operation dropdown and conditional inputs, mapping UI params (e.g., workflowId → ironcladWorkflowId, pagination coercion) to 12 new Ironclad tools.

Extends the platform’s OAuth support to include Ironclad: new env vars (IRONCLAD_CLIENT_ID/SECRET), provider wiring in lib/auth/auth.ts, service/scopes registration in lib/oauth/oauth.ts + types.ts + utils.ts, and registers all new tool implementations in tools/registry.ts.

^{Written by Cursor Bugbot for commit 5d7bad0. Configure here.}

[greptile-apps]

Greptile Summary

This PR adds a full Ironclad contract lifecycle management integration with 12 tools (workflow and record CRUD, approvals, and comments), OAuth 2.0 authentication, a block UI with conditional fields and wand configs, and documentation. The integration follows the established Sim integration patterns well.

Previous review cycles resolved the key defects (unhandled JSON.parse crashes, defensive response parsing for comments/approvals, and the pageSize/perPage response field ambiguity). The remaining concerns are:

• Hardcoded na1 Ironclad region: Every tool URL and the OAuth authorization/token/userinfo endpoints are pinned to https://na1.ironcladapp.com. Ironclad is a multi-region SaaS (NA1, EU1, etc.); EU-region customers will be unable to authenticate or make any API calls.
• wandConfig.generationType mismatch: The actions subblock prompt explicitly generates a JSON array, but generationType is set to 'json-object', which is semantically inconsistent.

Confidence Score: 5/5

Safe to merge — all P0/P1 issues from prior review rounds are resolved; remaining findings are P2 style/scope concerns.

The three substantive defects from prior review cycles (unhandled JSON.parse crashes, ambiguous response field names, and defensive array parsing) were all fixed. The two remaining comments are P2: a hardcoded region that is a deliberate first-version scope decision, and a generationType annotation mismatch in a wand config. Neither blocks correctness for NA-region users.

apps/sim/tools/ironclad/create_workflow.ts and apps/sim/lib/auth/auth.ts for the hardcoded na1 region; apps/sim/blocks/blocks/ironclad.ts for the generationType mismatch.

Important Files Changed

Filename	Overview
apps/sim/tools/ironclad/create_workflow.ts	Creates workflow via POST; JSON.parse error handling added; URL hardcoded to na1 region.
apps/sim/tools/ironclad/list_workflows.ts	List workflows with pagination; defensive data.pageSize ?? data.perPage ?? 20 fallback added; looks correct.
apps/sim/tools/ironclad/list_workflow_approvals.ts	Lists approval groups; defensive fallback data.approvalGroups ?? data ?? [] added per prior review.
apps/sim/tools/ironclad/list_workflow_comments.ts	Lists comments; defensive fallback data.list ?? data.comments ?? data ?? [] added per prior review.
apps/sim/blocks/blocks/ironclad.ts	Block config with 12 operations, conditional fields, wand configs; workflowId rename to avoid framework collision done; generationType mismatch on array fields.
apps/sim/lib/auth/auth.ts	Adds Ironclad genericOAuth provider; all endpoints hardcoded to na1 region; getUserInfo handles missing email gracefully.
apps/sim/lib/oauth/oauth.ts	Registers Ironclad in OAUTH_PROVIDERS with 10 scopes; token refresh endpoint hardcoded to na1; supportsRefreshTokenRotation correctly set to true.
apps/sim/tools/ironclad/types.ts	Comprehensive TypeScript interfaces for all 12 tool param/response pairs; well-typed with appropriate nullability.

Sequence Diagram

sequenceDiagram
    participant User
    participant SimBlock as Ironclad Block
    participant Framework as Sim Framework
    participant IroncladAuth as Ironclad OAuth (na1)
    participant IroncladAPI as Ironclad API (na1)

    User->>SimBlock: Select operation + enter params
    SimBlock->>Framework: Resolve oauthCredential → accessToken
    Framework->>IroncladAuth: POST /oauth/token (refresh)
    IroncladAuth-->>Framework: access_token

    alt Create / Update / Cancel Workflow
        Framework->>IroncladAPI: POST/PATCH/POST /public/api/v1/workflows/...
        IroncladAPI-->>Framework: workflow JSON
    else List / Get Workflow
        Framework->>IroncladAPI: GET /public/api/v1/workflows[/{id}]
        IroncladAPI-->>Framework: workflow list / detail JSON
    else Record Operations
        Framework->>IroncladAPI: POST/GET/PATCH /public/api/v1/records[/{id}]
        IroncladAPI-->>Framework: record JSON
    else Comments / Approvals
        Framework->>IroncladAPI: GET/POST /public/api/v1/workflows/{id}/comments|approvals
        IroncladAPI-->>Framework: comments / approvals JSON
    end

    Framework-->>SimBlock: Transformed output
    SimBlock-->>User: Result

Loading

_{Reviews (6): Last reviewed commit: "lint" | Re-trigger Greptile}

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR