fix(llm): update router and llm_chat tool to call providers routes

[waleedlatif1]

Summary

• update router and llm_chat tool to call providers routes

Type of Change

• Bug fix

Testing

Tested manually

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Review	Updated (UTC)
docs	Skipped		Jan 25, 2026 2:48am

[greptile-apps]

Greptile Overview

Greptile Summary

This PR adds internal JWT authentication to server-side LLM provider API calls from the evaluator and router handlers. The /api/providers route requires internal authentication (via checkInternalAuth), and previously these handlers were only sending Content-Type headers without the required Authorization bearer token.

Changes made:

• Replaced manual header construction with buildAuthHeaders() utility function
• buildAuthHeaders() automatically includes both Content-Type: application/json and Authorization: Bearer <internal-jwt> when running server-side
• Updated evaluator-handler.ts (1 location) and router-handler.ts (2 locations for legacy and v2 routers)
• Removed unused HTTP import from evaluator-handler.ts constants

Why this matters:
The /api/providers route expects internal JWT tokens for authentication, which ensures only server-to-server communication from the executor can call it. Without this fix, these handlers would fail with 401 Unauthorized errors when making provider requests.

Confidence Score: 5/5

• This PR is safe to merge with no risk
• The changes are straightforward and necessary - replacing manual header construction with a utility function that properly includes internal authentication. The buildAuthHeaders() function is already used extensively across the codebase in similar contexts. The changes fix a bug where these handlers would fail authentication when calling /api/providers.
• No files require special attention

Important Files Changed

Filename	Overview
apps/sim/executor/handlers/evaluator/evaluator-handler.ts	Replaced hardcoded Content-Type header with buildAuthHeaders() to add internal JWT authentication for /api/providers calls
apps/sim/executor/handlers/router/router-handler.ts	Replaced hardcoded Content-Type header with buildAuthHeaders() in two places (legacy router and router v2) to add internal JWT authentication

Sequence Diagram

sequenceDiagram
    participant Handler as Router/Evaluator Handler
    participant BuildAuth as buildAuthHeaders()
    participant API as /api/providers
    participant Auth as checkInternalAuth()
    participant Provider as executeProviderRequest()

    Handler->>BuildAuth: Request headers
    BuildAuth-->>Handler: Headers object
    
    Handler->>API: POST request
    API->>Auth: Check authentication
    Auth-->>API: userId
    
    API->>Provider: Execute request
    Provider-->>API: LLM response
    API-->>Handler: JSON response

Loading

[greptile-apps]

_{No files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}