fix(document-store): sync top-level credential on confluence loader update

[SyncWithRaj]

Description

Closes #6550

Problem Statement:
When a user updates the credentials for a document loader (e.g., Confluence) via the Flowise UI, the system maintains two separate credential references inside the document_store database table's loaders JSON column: loaderConfig.credential and the top-level credential. The UI correctly updated loaderConfig.credential, but the top-level credential retained the old, stale UUID. Because downstream operations like /refresh and /process read the top-level credential, users received 403/404 authorization errors after changing credentials.

Root Cause:
In packages/server/src/services/documentstore/index.ts (saveProcessingLoader):

1. The code unconditionally overwrote data.credential with the old DB value (found.credential).
2. The top-level loader.credential was never explicitly synced from loaderConfig.credential or loaderConfig.FLOWISE_CREDENTIAL_ID.

The Fix:

• Changed the fallback logic to only use the existing DB credential if no new credential was provided either directly or inside loaderConfig.
• Explicitly synced loader.credential from loaderConfig on both the loader update and loader creation paths.

How to Test

1. Create two different Confluence API credentials (Cred A and Cred B).
2. Create a new Confluence Document Store and attach Cred A. Save it.
3. Check the database loaders column: verify all credential fields sync to Cred A.
4. Edit the document store in the UI, swap the credential to Cred B, and save again.
5. Check the database loaders column: verify the top-level credential is now correctly synced to Cred B instead of remaining stuck on Cred A.
6. Trigger a sync/refresh of the document store. Verify it utilizes Cred B and no longer throws a 403/404 mismatch error.

[gemini-code-assist]

Code Review

This pull request updates the saveProcessingLoader function in the document store service to properly handle and synchronize credentials. Specifically, it ensures that the system only falls back to an existing credential if no new credential is provided directly or within loaderConfig (checking both credential and FLOWISE_CREDENTIAL_ID). Additionally, it syncs the top-level credential from loaderConfig when updating or creating loaders. There are no review comments to address, so I have no additional feedback to provide.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.