feat(internal): added internal api base url for internal calls

Author: waleedlatif1

apps/sim/.env.example

@@ -13,6 +13,7 @@ BETTER_AUTH_URL=http://localhost:3000
 
 # NextJS (Required)
 NEXT_PUBLIC_APP_URL=http://localhost:3000
+# INTERNAL_API_BASE_URL=http://sim-app.default.svc.cluster.local:3000  # Optional: internal URL for server-side /api self-calls; defaults to NEXT_PUBLIC_APP_URL
 
 # Security (Required)
 ENCRYPTION_KEY=your_encryption_key  # Use `openssl rand -hex 32` to generate, used to encrypt environment variables

apps/sim/app/api/a2a/serve/[agentId]/utils.ts

@@ -1,7 +1,7 @@
 import type { Artifact, Message, PushNotificationConfig, Task, TaskState } from '@a2a-js/sdk'
 import { v4 as uuidv4 } from 'uuid'
 import { generateInternalToken } from '@/lib/auth/internal'
-import { getBaseUrl } from '@/lib/core/utils/urls'
+import { getInternalApiBaseUrl } from '@/lib/core/utils/urls'
 
 /** A2A v0.3 JSON-RPC method names */
 export const A2A_METHODS = {
@@ -118,7 +118,7 @@ export interface ExecuteRequestResult {
 export async function buildExecuteRequest(
   config: ExecuteRequestConfig
 ): Promise<ExecuteRequestResult> {
-  const url = `${getBaseUrl()}/api/workflows/${config.workflowId}/execute`
+  const url = `${getInternalApiBaseUrl()}/api/workflows/${config.workflowId}/execute`
   const headers: Record<string, string> = { 'Content-Type': 'application/json' }
   let useInternalAuth = false
 

apps/sim/app/api/copilot/checkpoints/revert/route.ts

@@ -11,7 +11,7 @@ import {
   createRequestTracker,
   createUnauthorizedResponse,
 } from '@/lib/copilot/request-helpers'
-import { getBaseUrl } from '@/lib/core/utils/urls'
+import { getInternalApiBaseUrl } from '@/lib/core/utils/urls'
 import { authorizeWorkflowByWorkspacePermission } from '@/lib/workflows/utils'
 import { isUuidV4 } from '@/executor/constants'
 
@@ -99,7 +99,7 @@ export async function POST(request: NextRequest) {
     }
 
     const stateResponse = await fetch(
-      `${getBaseUrl()}/api/workflows/${checkpoint.workflowId}/state`,
+      `${getInternalApiBaseUrl()}/api/workflows/${checkpoint.workflowId}/state`,
       {
         method: 'PUT',
         headers: {

apps/sim/app/api/mcp/serve/[serverId]/route.ts

@@ -22,7 +22,7 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { type AuthResult, checkHybridAuth } from '@/lib/auth/hybrid'
 import { generateInternalToken } from '@/lib/auth/internal'
 import { getMaxExecutionTimeout } from '@/lib/core/execution-limits'
-import { getBaseUrl } from '@/lib/core/utils/urls'
+import { getInternalApiBaseUrl } from '@/lib/core/utils/urls'
 import { getUserEntityPermissions } from '@/lib/workspaces/permissions/utils'
 
 const logger = createLogger('WorkflowMcpServeAPI')
@@ -285,7 +285,7 @@ async function handleToolsCall(
       )
     }
 
-    const executeUrl = `${getBaseUrl()}/api/workflows/${tool.workflowId}/execute`
+    const executeUrl = `${getInternalApiBaseUrl()}/api/workflows/${tool.workflowId}/execute`
     const headers: Record<string, string> = { 'Content-Type': 'application/json' }
 
     if (publicServerOwnerId) {

apps/sim/app/api/templates/[id]/use/route.ts

@@ -6,7 +6,7 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { v4 as uuidv4 } from 'uuid'
 import { getSession } from '@/lib/auth'
 import { generateRequestId } from '@/lib/core/utils/request'
-import { getBaseUrl } from '@/lib/core/utils/urls'
+import { getInternalApiBaseUrl } from '@/lib/core/utils/urls'
 import {
   type RegenerateStateInput,
   regenerateWorkflowStateIds,
@@ -115,15 +115,18 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
     // Step 3: Save the workflow state using the existing state endpoint (like imports do)
     // Ensure variables in state are remapped for the new workflow as well
     const workflowStateWithVariables = { ...workflowState, variables: remappedVariables }
-    const stateResponse = await fetch(`${getBaseUrl()}/api/workflows/${newWorkflowId}/state`, {
-      method: 'PUT',
-      headers: {
-        'Content-Type': 'application/json',
-        // Forward the session cookie for authentication
-        cookie: request.headers.get('cookie') || '',
-      },
-      body: JSON.stringify(workflowStateWithVariables),
-    })
+    const stateResponse = await fetch(
+      `${getInternalApiBaseUrl()}/api/workflows/${newWorkflowId}/state`,
+      {
+        method: 'PUT',
+        headers: {
+          'Content-Type': 'application/json',
+          // Forward the session cookie for authentication
+          cookie: request.headers.get('cookie') || '',
+        },
+        body: JSON.stringify(workflowStateWithVariables),
+      }
+    )
 
     if (!stateResponse.ok) {
       logger.error(`[${requestId}] Failed to save workflow state for template use`)

apps/sim/executor/handlers/router/router-handler.ts

@@ -2,7 +2,7 @@ import { db } from '@sim/db'
 import { account } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
 import { eq } from 'drizzle-orm'
-import { getBaseUrl } from '@/lib/core/utils/urls'
+import { getInternalApiBaseUrl } from '@/lib/core/utils/urls'
 import { refreshTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import { generateRouterPrompt, generateRouterV2Prompt } from '@/blocks/blocks/router'
 import type { BlockOutput } from '@/blocks/types'
@@ -79,7 +79,7 @@ export class RouterBlockHandler implements BlockHandler {
     const providerId = getProviderFromModel(routerConfig.model)
 
     try {
-      const url = new URL('/api/providers', getBaseUrl())
+      const url = new URL('/api/providers', getInternalApiBaseUrl())
       if (ctx.userId) url.searchParams.set('userId', ctx.userId)
 
       const messages = [{ role: 'user', content: routerConfig.prompt }]
@@ -209,7 +209,7 @@ export class RouterBlockHandler implements BlockHandler {
     const providerId = getProviderFromModel(routerConfig.model)
 
     try {
-      const url = new URL('/api/providers', getBaseUrl())
+      const url = new URL('/api/providers', getInternalApiBaseUrl())
       if (ctx.userId) url.searchParams.set('userId', ctx.userId)
 
       const messages = [{ role: 'user', content: routerConfig.context }]

apps/sim/executor/utils/http.ts

@@ -1,5 +1,5 @@
 import { generateInternalToken } from '@/lib/auth/internal'
-import { getBaseUrl } from '@/lib/core/utils/urls'
+import { getBaseUrl, getInternalApiBaseUrl } from '@/lib/core/utils/urls'
 import { HTTP } from '@/executor/constants'
 
 export async function buildAuthHeaders(): Promise<Record<string, string>> {
@@ -16,7 +16,8 @@ export async function buildAuthHeaders(): Promise<Record<string, string>> {
 }
 
 export function buildAPIUrl(path: string, params?: Record<string, string>): URL {
-  const url = new URL(path, getBaseUrl())
+  const baseUrl = path.startsWith('/api/') ? getInternalApiBaseUrl() : getBaseUrl()
+  const url = new URL(path, baseUrl)
 
   if (params) {
     for (const [key, value] of Object.entries(params)) {

apps/sim/lib/core/config/env.ts

@@ -220,6 +220,7 @@ export const env = createEnv({
     SOCKET_SERVER_URL:                     z.string().url().optional(),            // WebSocket server URL for real-time features
     SOCKET_PORT:                           z.number().optional(),                  // Port for WebSocket server
     PORT:                                  z.number().optional(),                  // Main application port
+    INTERNAL_API_BASE_URL:                 z.string().optional(),                  // Optional internal base URL for server-side self-calls (e.g., cluster DNS)
     ALLOWED_ORIGINS:                       z.string().optional(),                  // CORS allowed origins
 
     // OAuth Integration Credentials - All optional, enables third-party integrations

apps/sim/lib/core/utils/urls.ts

@@ -1,6 +1,15 @@
 import { getEnv } from '@/lib/core/config/env'
 import { isProd } from '@/lib/core/config/feature-flags'
 
+function normalizeBaseUrl(url: string): string {
+  if (url.startsWith('http://') || url.startsWith('https://')) {
+    return url
+  }
+
+  const protocol = isProd ? 'https://' : 'http://'
+  return `${protocol}${url}`
+}
+
 /**
  * Returns the base URL of the application from NEXT_PUBLIC_APP_URL
  * This ensures webhooks, callbacks, and other integrations always use the correct public URL
@@ -16,12 +25,20 @@ export function getBaseUrl(): string {
     )
   }
 
-  if (baseUrl.startsWith('http://') || baseUrl.startsWith('https://')) {
-    return baseUrl
+  return normalizeBaseUrl(baseUrl)
+}
+
+/**
+ * Returns the base URL used by server-side internal API calls.
+ * Falls back to NEXT_PUBLIC_APP_URL when INTERNAL_API_BASE_URL is not set.
+ */
+export function getInternalApiBaseUrl(): string {
+  const internalBaseUrl = getEnv('INTERNAL_API_BASE_URL')?.trim()
+  if (!internalBaseUrl) {
+    return getBaseUrl()
   }
 
-  const protocol = isProd ? 'https://' : 'http://'
-  return `${protocol}${baseUrl}`
+  return normalizeBaseUrl(internalBaseUrl)
 }
 
 /**

apps/sim/lib/guardrails/validate_hallucination.ts

@@ -2,7 +2,7 @@ import { db } from '@sim/db'
 import { account } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
 import { eq } from 'drizzle-orm'
-import { getBaseUrl } from '@/lib/core/utils/urls'
+import { getInternalApiBaseUrl } from '@/lib/core/utils/urls'
 import { refreshTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import { executeProviderRequest } from '@/providers'
 import { getProviderFromModel } from '@/providers/utils'
@@ -61,7 +61,7 @@ async function queryKnowledgeBase(
     })
 
     // Call the knowledge base search API directly
-    const searchUrl = `${getBaseUrl()}/api/knowledge/search`
+    const searchUrl = `${getInternalApiBaseUrl()}/api/knowledge/search`
 
     const response = await fetch(searchUrl, {
       method: 'POST',