From 689fb2675f8c8a26aa742c7ce58d9d919c9834da Mon Sep 17 00:00:00 2001
From: yau-wd <yau.ong@workday.com>
Date: Thu, 25 Jun 2026 20:54:04 +0800
Subject: [PATCH 1/4] fix: add type validation for session id

---
 packages/server/src/utils/index.ts | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/packages/server/src/utils/index.ts b/packages/server/src/utils/index.ts
index 2eeeb5b0eb6..554b37a0f50 100644
--- a/packages/server/src/utils/index.ts
+++ b/packages/server/src/utils/index.ts
@@ -1829,16 +1829,25 @@ export const getMemorySessionId = (
     if (!isInternal) {
         // Provided in API body - incomingInput.overrideConfig: { sessionId: 'abc' }
         if (incomingInput.overrideConfig?.sessionId) {
-            return incomingInput.overrideConfig?.sessionId
+            if (typeof incomingInput.overrideConfig.sessionId !== 'string') {
+                throw new Error('Invalid sessionId: must be a string')
+            }
+            return incomingInput.overrideConfig.sessionId
         }
         // Provided in API body - incomingInput.chatId
         if (incomingInput.chatId) {
+            if (typeof incomingInput.chatId !== 'string') {
+                throw new Error('Invalid chatId: must be a string')
+            }
             return incomingInput.chatId
         }
     }
 
     // Hard-coded sessionId in UI
     if (memoryNode && memoryNode.data.inputs?.sessionId) {
+        if (typeof memoryNode.data.inputs.sessionId !== 'string') {
+            throw new Error('Invalid sessionId: must be a string')
+        }
         return memoryNode.data.inputs.sessionId
     }
 

From 0d452136e1242ebd68b42a9f0c4846e41292d700 Mon Sep 17 00:00:00 2001
From: yau-wd <yau.ong@workday.com>
Date: Thu, 25 Jun 2026 20:59:39 +0800
Subject: [PATCH 2/4] Update packages/server/src/utils/index.ts

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
---
 packages/server/src/utils/index.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/server/src/utils/index.ts b/packages/server/src/utils/index.ts
index 554b37a0f50..f495968169c 100644
--- a/packages/server/src/utils/index.ts
+++ b/packages/server/src/utils/index.ts
@@ -1830,7 +1830,7 @@ export const getMemorySessionId = (
         // Provided in API body - incomingInput.overrideConfig: { sessionId: 'abc' }
         if (incomingInput.overrideConfig?.sessionId) {
             if (typeof incomingInput.overrideConfig.sessionId !== 'string') {
-                throw new Error('Invalid sessionId: must be a string')
+                throw new InternalFlowiseError(StatusCodes.BAD_REQUEST, 'Invalid sessionId: must be a string')
             }
             return incomingInput.overrideConfig.sessionId
         }

From e6d3a12dc7d1efed1eaeb9f01105618ea04b01d8 Mon Sep 17 00:00:00 2001
From: yau-wd <yau.ong@workday.com>
Date: Thu, 25 Jun 2026 20:59:49 +0800
Subject: [PATCH 3/4] Update packages/server/src/utils/index.ts

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
---
 packages/server/src/utils/index.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/server/src/utils/index.ts b/packages/server/src/utils/index.ts
index f495968169c..d9d3d191134 100644
--- a/packages/server/src/utils/index.ts
+++ b/packages/server/src/utils/index.ts
@@ -1837,7 +1837,7 @@ export const getMemorySessionId = (
         // Provided in API body - incomingInput.chatId
         if (incomingInput.chatId) {
             if (typeof incomingInput.chatId !== 'string') {
-                throw new Error('Invalid chatId: must be a string')
+                throw new InternalFlowiseError(StatusCodes.BAD_REQUEST, 'Invalid chatId: must be a string')
             }
             return incomingInput.chatId
         }

From 07661acff9055fef8267149d94fd78411b823240 Mon Sep 17 00:00:00 2001
From: yau-wd <yau.ong@workday.com>
Date: Thu, 25 Jun 2026 20:59:58 +0800
Subject: [PATCH 4/4] Update packages/server/src/utils/index.ts

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
---
 packages/server/src/utils/index.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/server/src/utils/index.ts b/packages/server/src/utils/index.ts
index d9d3d191134..7a558407c7f 100644
--- a/packages/server/src/utils/index.ts
+++ b/packages/server/src/utils/index.ts
@@ -1846,7 +1846,7 @@ export const getMemorySessionId = (
     // Hard-coded sessionId in UI
     if (memoryNode && memoryNode.data.inputs?.sessionId) {
         if (typeof memoryNode.data.inputs.sessionId !== 'string') {
-            throw new Error('Invalid sessionId: must be a string')
+            throw new InternalFlowiseError(StatusCodes.BAD_REQUEST, 'Invalid sessionId: must be a string')
         }
         return memoryNode.data.inputs.sessionId
     }