fix(knowledge): validate tag-filter values against the field type

Greptile P1: value/valueTo were z.unknown(), so a number filter accepted 'abc',
a date filter 'not-a-date', etc. — unusable values the query builder then
silently dropped. Add a shared isValidFilterValue (single source of truth in
filters/types) and reject unusable value/valueTo at the boundary, including the
between upper bound.

Author: waleedlatif1

apps/sim/lib/api/contracts/knowledge/documents.test.ts

@@ -79,4 +79,59 @@ describe('parseDocumentTagFiltersParam', () => {
       )
     ).toThrow()
   })
+
+  it('rejects values that are unusable for the field type', () => {
+    // non-numeric value on a number field
+    expect(() =>
+      parseDocumentTagFiltersParam(
+        JSON.stringify([{ tagSlot: 'number1', fieldType: 'number', operator: 'eq', value: 'abc' }])
+      )
+    ).toThrow()
+    // non-date value on a date field
+    expect(() =>
+      parseDocumentTagFiltersParam(
+        JSON.stringify([{ tagSlot: 'date1', fieldType: 'date', operator: 'eq', value: 'nope' }])
+      )
+    ).toThrow()
+    // non-boolean value on a boolean field
+    expect(() =>
+      parseDocumentTagFiltersParam(
+        JSON.stringify([
+          { tagSlot: 'boolean1', fieldType: 'boolean', operator: 'eq', value: 'maybe' },
+        ])
+      )
+    ).toThrow()
+  })
+
+  it('rejects a between filter missing a usable upper bound', () => {
+    expect(() =>
+      parseDocumentTagFiltersParam(
+        JSON.stringify([
+          {
+            tagSlot: 'number1',
+            fieldType: 'number',
+            operator: 'between',
+            value: '1',
+            valueTo: 'x',
+          },
+        ])
+      )
+    ).toThrow()
+  })
+
+  it('accepts a valid number, date, boolean, and between filter', () => {
+    const filters = [
+      { tagSlot: 'number1', fieldType: 'number', operator: 'gte', value: '42' },
+      { tagSlot: 'date1', fieldType: 'date', operator: 'eq', value: '2026-04-21' },
+      { tagSlot: 'boolean1', fieldType: 'boolean', operator: 'eq', value: 'true' },
+      {
+        tagSlot: 'number2',
+        fieldType: 'number',
+        operator: 'between',
+        value: '1',
+        valueTo: '10',
+      },
+    ]
+    expect(parseDocumentTagFiltersParam(JSON.stringify(filters))).toEqual(filters)
+  })
 })

apps/sim/lib/api/contracts/knowledge/documents.ts

@@ -14,7 +14,7 @@ import {
 } from '@/lib/api/contracts/knowledge/shared'
 import { defineRouteContract } from '@/lib/api/contracts/types'
 import { getFieldTypeForSlot } from '@/lib/knowledge/constants'
-import { getOperatorsForFieldType } from '@/lib/knowledge/filters/types'
+import { getOperatorsForFieldType, isValidFilterValue } from '@/lib/knowledge/filters/types'
 
 export const documentTagFilterSchema = z
   .object({
@@ -54,6 +54,23 @@ export const documentTagFilterSchema = z
         path: ['operator'],
         message: `Unsupported operator "${filter.operator}" for a ${filter.fieldType} tag filter`,
       })
+      return
+    }
+    if (!isValidFilterValue(filter.fieldType, filter.value)) {
+      ctx.addIssue({
+        code: 'custom',
+        path: ['value'],
+        message: `Invalid value for a ${filter.fieldType} tag filter`,
+      })
+    }
+    // `between` is only valid for number/date (enforced by the operator check
+    // above), and needs a usable upper bound.
+    if (filter.operator === 'between' && !isValidFilterValue(filter.fieldType, filter.valueTo)) {
+      ctx.addIssue({
+        code: 'custom',
+        path: ['valueTo'],
+        message: `Invalid second value for a ${filter.fieldType} "between" tag filter`,
+      })
     }
   })
 export type DocumentTagFilter = z.output<typeof documentTagFilterSchema>

apps/sim/lib/knowledge/filters/types.ts

@@ -189,3 +189,32 @@ export function getOperatorsForFieldType(fieldType: FilterFieldType): OperatorIn
       return []
   }
 }
+
+/** Wire format for a date filter value (`YYYY-MM-DD`). */
+const DATE_ONLY_VALUE = /^\d{4}-\d{2}-\d{2}$/
+
+/**
+ * Whether a raw filter value is usable for the given field type. Shared source
+ * of truth so the API boundary can reject unusable values (e.g. `"abc"` for a
+ * number, `"not-a-date"` for a date) instead of letting them be silently
+ * dropped further down. Values arrive as strings from the filter UI.
+ */
+export function isValidFilterValue(fieldType: FilterFieldType, value: unknown): boolean {
+  if (value === undefined || value === null) return false
+  switch (fieldType) {
+    case 'text':
+      return typeof value === 'string' && value.length > 0
+    case 'number':
+      if (typeof value === 'number') return Number.isFinite(value)
+      return typeof value === 'string' && value.trim() !== '' && Number.isFinite(Number(value))
+    case 'date':
+      return typeof value === 'string' && DATE_ONLY_VALUE.test(value)
+    case 'boolean':
+      return (
+        typeof value === 'boolean' ||
+        (typeof value === 'string' && ['true', 'false'].includes(value.trim().toLowerCase()))
+      )
+    default:
+      return false
+  }
+}