feat(integrations): add Brex integration with expenses, receipts, transactions, team, budgets, and payments tools

Author: waleedlatif1

apps/docs/components/icons.tsx

@@ -2261,6 +2261,17 @@ export function BrandfetchIcon(props: SVGProps<SVGSVGElement>) {
   )
 }
 
+export function BrexIcon(props: SVGProps<SVGSVGElement>) {
+  return (
+    <svg {...props} viewBox='0 0 223 179.3' fill='none' xmlns='http://www.w3.org/2000/svg'>
+      <path
+        fill='#FFFFFF'
+        d='M144.9,14.3c-8.7,11.6-10.8,15.5-19.2,15.5H0v149.4h49.3c11.1,0,21.9-5.4,28.9-14.3c9-12,10.2-15.5,18.9-15.5 H223V0h-49.6C162.3,0,151.5,5.4,144.9,14.3L144.9,14.3z M183.9,110.9h-52.6c-11.4,0-21.9,4.8-28.9,14c-9,12-10.8,15.5-19.2,15.5 H38.8V68.7h52.6c11.4,0,21.9-5.4,28.9-14.3c9-11.6,11.4-15.2,19.5-15.2h44.2V110.9z'
+      />
+    </svg>
+  )
+}
+
 export function BrightDataIcon(props: SVGProps<SVGSVGElement>) {
   return (
     <svg

apps/docs/components/ui/icon-mapping.ts

@@ -24,6 +24,7 @@ import {
   BoxCompanyIcon,
   BrainIcon,
   BrandfetchIcon,
+  BrexIcon,
   BrightDataIcon,
   BrowserUseIcon,
   CalComIcon,
@@ -243,6 +244,7 @@ export const blockTypeToIconMap: Record<string, IconComponent> = {
   azure_devops: AzureIcon,
   box: BoxCompanyIcon,
   brandfetch: BrandfetchIcon,
+  brex: BrexIcon,
   brightdata: BrightDataIcon,
   browser_use: BrowserUseIcon,
   calcom: CalComIcon,

apps/docs/content/docs/en/integrations/brex.mdx

@@ -21,6 +21,7 @@
     "azure_devops",
     "box",
     "brandfetch",
+    "brex",
     "brightdata",
     "browser_use",
     "calcom",

apps/docs/content/docs/en/integrations/meta.json

@@ -0,0 +1,181 @@
+/**
+ * @vitest-environment node
+ */
+import { createMockRequest, hybridAuthMockFns } from '@sim/testing'
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const { mockProcessFilesToUserFiles, mockDownloadFileFromStorage, mockAssertToolFileAccess } =
+  vi.hoisted(() => ({
+    mockProcessFilesToUserFiles: vi.fn(),
+    mockDownloadFileFromStorage: vi.fn(),
+    mockAssertToolFileAccess: vi.fn(),
+  }))
+
+vi.mock('@/lib/uploads/utils/file-utils', () => ({
+  processFilesToUserFiles: mockProcessFilesToUserFiles,
+}))
+vi.mock('@/lib/uploads/utils/file-utils.server', () => ({
+  downloadFileFromStorage: mockDownloadFileFromStorage,
+}))
+vi.mock('@/app/api/files/authorization', () => ({
+  assertToolFileAccess: mockAssertToolFileAccess,
+}))
+
+import { POST } from '@/app/api/tools/brex/upload-receipt/route'
+
+const mockFetch = vi.fn()
+
+const baseBody = {
+  apiKey: 'bxt_test_token',
+  expenseId: 'expense_123',
+  file: { key: 'uploads/receipt.pdf', name: 'receipt.pdf', size: 5, type: 'application/pdf' },
+}
+
+function jsonResponse(body: unknown, status = 200) {
+  return {
+    ok: status >= 200 && status < 300,
+    status,
+    text: async () => JSON.stringify(body),
+    json: async () => body,
+  }
+}
+
+beforeEach(() => {
+  vi.clearAllMocks()
+  vi.stubGlobal('fetch', mockFetch)
+  hybridAuthMockFns.mockCheckInternalAuth.mockResolvedValue({
+    success: true,
+    userId: 'user-1',
+    authType: 'internal_jwt',
+  })
+  mockProcessFilesToUserFiles.mockReturnValue([
+    { key: 'uploads/receipt.pdf', name: 'receipt.pdf', size: 5, type: 'application/pdf' },
+  ])
+  mockAssertToolFileAccess.mockResolvedValue(null)
+  mockDownloadFileFromStorage.mockResolvedValue(Buffer.from('receipt-bytes'))
+})
+
+describe('POST /api/tools/brex/upload-receipt', () => {
+  it('rejects unauthenticated requests', async () => {
+    hybridAuthMockFns.mockCheckInternalAuth.mockResolvedValueOnce({
+      success: false,
+      error: 'unauthorized',
+    })
+
+    const response = await POST(createMockRequest('POST', baseBody))
+    expect(response.status).toBe(401)
+    expect(mockFetch).not.toHaveBeenCalled()
+  })
+
+  it('creates a receipt upload for an expense and PUTs the file to the pre-signed URL', async () => {
+    mockFetch
+      .mockResolvedValueOnce(
+        jsonResponse({ id: 'receipt_1', uri: 'https://s3.example.com/presigned' })
+      )
+      .mockResolvedValueOnce(jsonResponse({}))
+
+    const response = await POST(createMockRequest('POST', baseBody))
+    expect(response.status).toBe(200)
+    const data = await response.json()
+    expect(data).toEqual({
+      success: true,
+      output: { receiptId: 'receipt_1', receiptName: 'receipt.pdf', expenseId: 'expense_123' },
+    })
+
+    expect(mockFetch).toHaveBeenCalledTimes(2)
+    const [createUrl, createInit] = mockFetch.mock.calls[0]
+    expect(createUrl).toBe('https://api.brex.com/v1/expenses/card/expense_123/receipt_upload')
+    expect(createInit.method).toBe('POST')
+    expect(createInit.headers.Authorization).toBe('Bearer bxt_test_token')
+    expect(JSON.parse(createInit.body)).toEqual({ receipt_name: 'receipt.pdf' })
+
+    const [uploadUrl, uploadInit] = mockFetch.mock.calls[1]
+    expect(uploadUrl).toBe('https://s3.example.com/presigned')
+    expect(uploadInit.method).toBe('PUT')
+  })
+
+  it('uses receipt match when no expense ID is provided', async () => {
+    mockFetch
+      .mockResolvedValueOnce(
+        jsonResponse({ id: 'receipt_2', uri: 'https://s3.example.com/presigned' })
+      )
+      .mockResolvedValueOnce(jsonResponse({}))
+
+    const response = await POST(
+      createMockRequest('POST', { apiKey: 'bxt_test_token', file: baseBody.file })
+    )
+    expect(response.status).toBe(200)
+    const data = await response.json()
+    expect(data.output).toEqual({
+      receiptId: 'receipt_2',
+      receiptName: 'receipt.pdf',
+      expenseId: null,
+    })
+
+    const [createUrl] = mockFetch.mock.calls[0]
+    expect(createUrl).toBe('https://api.brex.com/v1/expenses/card/receipt_match')
+  })
+
+  it('honors a receipt name override', async () => {
+    mockFetch
+      .mockResolvedValueOnce(
+        jsonResponse({ id: 'receipt_3', uri: 'https://s3.example.com/presigned' })
+      )
+      .mockResolvedValueOnce(jsonResponse({}))
+
+    const response = await POST(
+      createMockRequest('POST', { ...baseBody, receiptName: 'march-dinner.pdf' })
+    )
+    expect(response.status).toBe(200)
+    const [, createInit] = mockFetch.mock.calls[0]
+    expect(JSON.parse(createInit.body)).toEqual({ receipt_name: 'march-dinner.pdf' })
+  })
+
+  it('propagates Brex API errors', async () => {
+    mockFetch.mockResolvedValueOnce(jsonResponse({ message: 'Expense not found' }, 404))
+
+    const response = await POST(createMockRequest('POST', baseBody))
+    expect(response.status).toBe(404)
+    const data = await response.json()
+    expect(data.success).toBe(false)
+    expect(data.error).toContain('Expense not found')
+    expect(mockFetch).toHaveBeenCalledTimes(1)
+  })
+
+  it('rejects files over the 50 MB limit', async () => {
+    mockDownloadFileFromStorage.mockResolvedValueOnce(Buffer.alloc(50 * 1024 * 1024 + 1))
+
+    const response = await POST(createMockRequest('POST', baseBody))
+    expect(response.status).toBe(400)
+    const data = await response.json()
+    expect(data.error).toContain('50 MB')
+    expect(mockFetch).not.toHaveBeenCalled()
+  })
+
+  it('fails when the pre-signed upload fails', async () => {
+    mockFetch
+      .mockResolvedValueOnce(
+        jsonResponse({ id: 'receipt_4', uri: 'https://s3.example.com/presigned' })
+      )
+      .mockResolvedValueOnce(jsonResponse({}, 403))
+
+    const response = await POST(createMockRequest('POST', baseBody))
+    expect(response.status).toBe(502)
+    const data = await response.json()
+    expect(data.success).toBe(false)
+  })
+
+  it('denies access to files the caller cannot read', async () => {
+    const deniedResponse = new Response(
+      JSON.stringify({ success: false, error: 'File not found' }),
+      {
+        status: 404,
+      }
+    )
+    mockAssertToolFileAccess.mockResolvedValueOnce(deniedResponse)
+
+    const response = await POST(createMockRequest('POST', baseBody))
+    expect(response.status).toBe(404)
+    expect(mockFetch).not.toHaveBeenCalled()
+  })
+})

apps/sim/app/api/tools/brex/upload-receipt/route.test.ts

@@ -0,0 +1,129 @@
+import { createLogger } from '@sim/logger'
+import { getErrorMessage } from '@sim/utils/errors'
+import { type NextRequest, NextResponse } from 'next/server'
+import { brexUploadReceiptContract } from '@/lib/api/contracts/tools/brex'
+import { parseRequest } from '@/lib/api/server'
+import { checkInternalAuth } from '@/lib/auth/hybrid'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
+import { processFilesToUserFiles, type RawFileInput } from '@/lib/uploads/utils/file-utils'
+import { downloadFileFromStorage } from '@/lib/uploads/utils/file-utils.server'
+import { assertToolFileAccess } from '@/app/api/files/authorization'
+import { BREX_API_BASE, buildBrexHeaders } from '@/tools/brex/utils'
+
+export const dynamic = 'force-dynamic'
+
+const logger = createLogger('BrexUploadReceiptAPI')
+
+const MAX_RECEIPT_SIZE_BYTES = 50 * 1024 * 1024
+
+export const POST = withRouteHandler(async (request: NextRequest) => {
+  const requestId = generateRequestId()
+
+  try {
+    const authResult = await checkInternalAuth(request, { requireWorkflowId: false })
+
+    if (!authResult.success || !authResult.userId) {
+      logger.warn(`[${requestId}] Unauthorized Brex receipt upload attempt: ${authResult.error}`)
+      return NextResponse.json(
+        { success: false, error: authResult.error || 'Authentication required' },
+        { status: 401 }
+      )
+    }
+
+    const parsed = await parseRequest(brexUploadReceiptContract, request, {})
+    if (!parsed.success) return parsed.response
+    const { apiKey, expenseId, file, receiptName } = parsed.data.body
+
+    const userFiles = processFilesToUserFiles([file as RawFileInput], requestId, logger)
+    if (userFiles.length === 0) {
+      return NextResponse.json({ success: false, error: 'Invalid file input' }, { status: 400 })
+    }
+
+    const userFile = userFiles[0]
+    const denied = await assertToolFileAccess(userFile.key, authResult.userId, requestId, logger)
+    if (denied) return denied
+
+    const fileBuffer = await downloadFileFromStorage(userFile, requestId, logger)
+    if (fileBuffer.length > MAX_RECEIPT_SIZE_BYTES) {
+      return NextResponse.json(
+        { success: false, error: 'Receipt file exceeds the 50 MB limit' },
+        { status: 400 }
+      )
+    }
+
+    const effectiveReceiptName = receiptName?.trim() || userFile.name
+    const trimmedExpenseId = expenseId?.trim() || undefined
+    const endpoint = trimmedExpenseId
+      ? `${BREX_API_BASE}/v1/expenses/card/${encodeURIComponent(trimmedExpenseId)}/receipt_upload`
+      : `${BREX_API_BASE}/v1/expenses/card/receipt_match`
+
+    logger.info(
+      `[${requestId}] Creating Brex ${trimmedExpenseId ? 'receipt upload' : 'receipt match'}: ${effectiveReceiptName} (${fileBuffer.length} bytes)`
+    )
+
+    const createResponse = await fetch(endpoint, {
+      method: 'POST',
+      headers: buildBrexHeaders(apiKey),
+      body: JSON.stringify({ receipt_name: effectiveReceiptName }),
+    })
+
+    if (!createResponse.ok) {
+      const errorText = await createResponse.text()
+      logger.error(`[${requestId}] Brex API error:`, {
+        status: createResponse.status,
+        error: errorText,
+      })
+      let message = errorText
+      try {
+        message = JSON.parse(errorText).message ?? errorText
+      } catch {
+        message = errorText
+      }
+      return NextResponse.json(
+        { success: false, error: `Brex API error (${createResponse.status}): ${message}` },
+        { status: createResponse.status }
+      )
+    }
+
+    const createData = await createResponse.json()
+    if (!createData.uri || !createData.id) {
+      return NextResponse.json(
+        { success: false, error: 'Brex did not return an upload URL' },
+        { status: 502 }
+      )
+    }
+
+    const uploadResponse = await fetch(createData.uri, {
+      method: 'PUT',
+      body: new Uint8Array(fileBuffer),
+    })
+
+    if (!uploadResponse.ok) {
+      logger.error(`[${requestId}] Receipt upload to pre-signed URL failed:`, {
+        status: uploadResponse.status,
+      })
+      return NextResponse.json(
+        { success: false, error: `Failed to upload receipt file (${uploadResponse.status})` },
+        { status: 502 }
+      )
+    }
+
+    logger.info(`[${requestId}] Receipt uploaded successfully (ID: ${createData.id})`)
+
+    return NextResponse.json({
+      success: true,
+      output: {
+        receiptId: createData.id,
+        receiptName: effectiveReceiptName,
+        expenseId: trimmedExpenseId ?? null,
+      },
+    })
+  } catch (error) {
+    logger.error(`[${requestId}] Unexpected error:`, error)
+    return NextResponse.json(
+      { success: false, error: getErrorMessage(error, 'Unknown error') },
+      { status: 500 }
+    )
+  }
+})