feat(providers): support large agent-block attachments via Files APIs and remote URLs

Agent-block file uploads were inlined as base64 with a hard 10MB cap. Files
above the threshold now use each provider's native large-file path:

- OpenAI / Gemini: upload to the provider Files API, reference by file_id/uri
- Anthropic: GA url content-block source (no Files API beta, no upload)
- OpenRouter/Groq/Together/Baseten/xAI/vLLM: remote signed URL in image_url/file
- Limits live per-provider in models.ts; the agent block + /models page reflect them

Files <=10MB keep the identical base64 path (zero regression). Server-only file
handles are stripped from untrusted input to prevent SSRF.

Author: waleedlatif1

apps/sim/app/(landing)/models/(shell)/[provider]/page.tsx

@@ -13,6 +13,7 @@ import {
 import { ModelTimelineChart } from '@/app/(landing)/models/components/model-timeline-chart'
 import {
   buildProviderFaqs,
+  formatFileSize,
   formatPrice,
   formatTokenCount,
   getProviderBySlug,
@@ -204,9 +205,16 @@ export default async function ProviderModelsPage({
                 {provider.name} models
               </h1>
             </div>
-            <span className='shrink-0 font-martian-mono text-[var(--landing-text-subtle)] text-xs uppercase tracking-[0.1em]'>
-              {provider.modelCount} models
-            </span>
+            <div className='flex shrink-0 flex-col items-end gap-1'>
+              <span className='font-martian-mono text-[var(--landing-text-subtle)] text-xs uppercase tracking-[0.1em]'>
+                {provider.modelCount} models
+              </span>
+              {provider.maxFileAttachmentBytes ? (
+                <span className='font-martian-mono text-[var(--landing-text-subtle)] text-xs uppercase tracking-[0.1em]'>
+                  {formatFileSize(provider.maxFileAttachmentBytes)} file uploads
+                </span>
+              ) : null}
+            </div>
           </div>
         </div>
 

apps/sim/app/(landing)/models/utils.ts

@@ -127,6 +127,8 @@ export interface CatalogProvider {
   color?: string
   isReseller: boolean
   contextInformationAvailable: boolean
+  /** Max agent-block file attachment size in bytes when the provider exceeds the default. */
+  maxFileAttachmentBytes: number | null
   providerCapabilityTags: string[]
   modelCount: number
   models: CatalogModel[]
@@ -150,6 +152,18 @@ export function formatTokenCount(value?: number | null): string {
   return value.toLocaleString('en-US')
 }
 
+export function formatFileSize(bytes?: number | null): string {
+  if (bytes == null) {
+    return 'Unknown'
+  }
+
+  const gb = bytes / (1024 * 1024 * 1024)
+  if (gb >= 1) {
+    return `${trimTrailingZeros(gb.toFixed(1))}GB`
+  }
+  return `${Math.round(bytes / (1024 * 1024))}MB`
+}
+
 export function formatPrice(price?: number | null): string {
   if (price === undefined || price === null) {
     return 'N/A'
@@ -507,6 +521,7 @@ const rawProviders = Object.values(PROVIDER_DEFINITIONS).map((provider) => {
     color: provider.color,
     isReseller: provider.isReseller ?? false,
     contextInformationAvailable: provider.contextInformationAvailable !== false,
+    maxFileAttachmentBytes: provider.fileAttachment?.maxBytes ?? null,
     providerCapabilityTags,
     modelCount: models.length,
     models,

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/file-upload/file-upload.tsx

@@ -24,6 +24,8 @@ import {
   useWorkspaceFiles,
   workspaceFilesKeys,
 } from '@/hooks/queries/workspace-files'
+import { getProviderAttachmentMaxBytes } from '@/providers/attachments'
+import { getProviderFromModel } from '@/providers/models'
 import { useWorkflowRegistry } from '@/stores/workflows/registry/store'
 import { useWorkflowStore } from '@/stores/workflows/workflow/store'
 
@@ -167,6 +169,7 @@ export function FileUpload({
 }: FileUploadProps) {
   const activeSearchTarget = useActiveSearchTarget()
   const [storeValue, setStoreValue] = useSubBlockValue(blockId, subBlockId)
+  const [modelValue] = useSubBlockValue(blockId, 'model')
   const [uploadingFiles, setUploadingFiles] = useState<UploadingFile[]>([])
   const [uploadProgress, setUploadProgress] = useState(0)
   const [uploadError, setUploadError] = useState<string | null>(null)
@@ -191,6 +194,17 @@ export function FileUpload({
 
   const value = isPreview ? previewValue : storeValue
 
+  const maxSizeInBytes = useMemo(() => {
+    const fallback = maxSize * 1024 * 1024
+    if (typeof modelValue !== 'string' || !modelValue) return fallback
+    try {
+      return Math.max(fallback, getProviderAttachmentMaxBytes(getProviderFromModel(modelValue)))
+    } catch {
+      return fallback
+    }
+  }, [modelValue, maxSize])
+  const maxSizeLabel = `${Math.round(maxSizeInBytes / (1024 * 1024))}MB`
+
   /**
    * Checks if a file's MIME type matches the accepted types
    * Supports exact matches, wildcard patterns (e.g., 'image/*'), and '*' for all types
@@ -281,15 +295,14 @@ export function FileUpload({
     const existingFiles = Array.isArray(value) ? value : value ? [value] : []
     const existingTotalSize = existingFiles.reduce((sum, file) => sum + file.size, 0)
 
-    const maxSizeInBytes = maxSize * 1024 * 1024
     const validFiles: File[] = []
     let totalNewSize = 0
     let sizeExceededFile: string | null = null
 
     for (let i = 0; i < files.length; i++) {
       const file = files[i]
       if (existingTotalSize + totalNewSize + file.size > maxSizeInBytes) {
-        const errorMessage = `Adding ${file.name} would exceed the maximum size limit of ${maxSize}MB`
+        const errorMessage = `Adding ${file.name} would exceed the maximum size limit of ${maxSizeLabel}`
         logger.error(errorMessage, activeWorkflowId)
         if (!sizeExceededFile) {
           sizeExceededFile = errorMessage

apps/sim/executor/handlers/agent/agent-handler.ts

@@ -39,7 +39,8 @@ import { buildAPIUrl, buildAuthHeaders } from '@/executor/utils/http'
 import { stringifyJSON } from '@/executor/utils/json'
 import { resolveVertexCredential } from '@/executor/utils/vertex-credential'
 import { executeProviderRequest } from '@/providers'
-import { getProviderAttachmentMaxBytes, supportsFileAttachments } from '@/providers/attachments'
+import { INLINE_ATTACHMENT_THRESHOLD_BYTES, supportsFileAttachments } from '@/providers/attachments'
+import { attachLargeFileRemoteUrls } from '@/providers/file-attachments.server'
 import { getProviderFromModel, transformBlockTool } from '@/providers/utils'
 import type { SerializedBlock } from '@/serializer/types'
 import { filterSchemaForLLM, type ToolSchema } from '@/tools/params'
@@ -760,10 +761,12 @@ export class AgentBlockHandler implements BlockHandler {
         allowLargeValueWorkflowScope: ctx.allowLargeValueWorkflowScope,
         userId: ctx.userId,
         logger,
-        maxBytes: getProviderAttachmentMaxBytes(providerId),
+        maxBytes: INLINE_ATTACHMENT_THRESHOLD_BYTES,
       })
 
-      const missingFile = hydratedFiles.find((file) => !file.base64)
+      await attachLargeFileRemoteUrls(hydratedFiles, providerId, { requestId, userId: ctx.userId })
+
+      const missingFile = hydratedFiles.find((file) => !file.base64 && !file.remoteUrl)
       if (missingFile) {
         throw new Error(
           `File "${missingFile.name}" could not be read for provider "${providerId}". The file may exceed the attachment size limit or may no longer be accessible.`

apps/sim/executor/types.ts

@@ -20,6 +20,12 @@ export interface UserFile {
   key: string
   context?: string
   base64?: string
+  /** Provider Files API handle (OpenAI/Anthropic `file_...` id) set when a large file is uploaded instead of inlined as base64. */
+  providerFileId?: string
+  /** Provider File API uri (Gemini `fileUri`) set when a large file is uploaded instead of inlined as base64. */
+  providerFileUri?: string
+  /** Short-lived signed HTTPS URL passed to providers that fetch attachments by remote URL instead of inlining base64. */
+  remoteUrl?: string
 }
 
 export interface ParallelPauseScope {

apps/sim/lib/uploads/utils/file-utils.test.ts

@@ -1,8 +1,16 @@
 /**
  * @vitest-environment node
  */
+import { createLogger } from '@sim/logger'
 import { describe, expect, it } from 'vitest'
-import { isAbortError, isInternalFileUrl, isNetworkError } from '@/lib/uploads/utils/file-utils'
+import {
+  isAbortError,
+  isInternalFileUrl,
+  isNetworkError,
+  processSingleFileToUserFile,
+} from '@/lib/uploads/utils/file-utils'
+
+const logger = createLogger('FileUtilsTest')
 
 describe('isInternalFileUrl', () => {
   it('classifies relative serve paths as internal', () => {
@@ -72,3 +80,28 @@ describe('isNetworkError', () => {
     expect(isNetworkError(null)).toBe(false)
   })
 })
+
+describe('processSingleFileToUserFile', () => {
+  it('strips server-only provider file handles from untrusted input', () => {
+    const result = processSingleFileToUserFile(
+      {
+        id: 'file-1',
+        name: 'doc.pdf',
+        url: '/api/files/serve/workspace%2Fws-1%2Fdoc.pdf?context=workspace',
+        size: 1024,
+        type: 'application/pdf',
+        key: 'workspace/ws-1/doc.pdf',
+        providerFileId: 'file-injected',
+        providerFileUri: 'https://injected/uri',
+        remoteUrl: 'http://169.254.169.254/latest/meta-data',
+      } as never,
+      'req-1',
+      logger
+    )
+
+    expect(result.providerFileId).toBeUndefined()
+    expect(result.providerFileUri).toBeUndefined()
+    expect(result.remoteUrl).toBeUndefined()
+    expect(result.key).toBe('workspace/ws-1/doc.pdf')
+  })
+})

apps/sim/lib/uploads/utils/file-utils.ts

@@ -1,4 +1,5 @@
 import type { Logger } from '@sim/logger'
+import { omit } from '@sim/utils/object'
 import type { StorageContext } from '@/lib/uploads'
 import { ACCEPTED_FILE_TYPES, SUPPORTED_DOCUMENT_EXTENSIONS } from '@/lib/uploads/utils/validation'
 import { isUuid } from '@/executor/constants'
@@ -696,13 +697,19 @@ function resolveInternalFileUrl(file: RawFileInput): string {
   return ''
 }
 
+/**
+ * Provider large-file handles are populated by the server pipeline and must never be
+ * accepted from untrusted file input (they drive server-side fetch/upload).
+ */
+const PROVIDER_FILE_HANDLE_FIELDS = ['providerFileId', 'providerFileUri', 'remoteUrl'] as const
+
 /**
  * Core conversion logic from RawFileInput to UserFile
  */
 function convertToUserFile(file: RawFileInput, requestId: string, logger: Logger): UserFile | null {
   if (isCompleteUserFile(file)) {
     return {
-      ...file,
+      ...omit(file, PROVIDER_FILE_HANDLE_FIELDS),
       url: resolveInternalFileUrl(file) || file.url,
     }
   }

apps/sim/providers/attachments.test.ts

@@ -7,11 +7,16 @@ import {
   buildAnthropicMessageContent,
   buildBedrockMessageContent,
   buildGeminiMessageParts,
+  buildOpenAICompatibleChatContent,
   buildOpenAIMessageContent,
   buildOpenRouterMessageContent,
   formatMessagesForProvider,
+  getProviderAttachmentMaxBytes,
+  getProviderFileStrategy,
+  INLINE_ATTACHMENT_THRESHOLD_BYTES,
   inferAttachmentMimeType,
   prepareProviderAttachments,
+  shouldUseLargeFilePath,
 } from '@/providers/attachments'
 
 const imageFile: UserFile = {
@@ -270,3 +275,99 @@ describe('provider attachments', () => {
     ).toThrow('not supported')
   })
 })
+
+describe('provider large-file capability', () => {
+  it('reports per-provider strategy and ceiling, defaulting others to inline', () => {
+    expect(getProviderFileStrategy('openai')).toBe('files-api')
+    expect(getProviderFileStrategy('google')).toBe('files-api')
+    expect(getProviderFileStrategy('anthropic')).toBe('remote-url')
+    expect(getProviderFileStrategy('groq')).toBe('remote-url')
+    expect(getProviderFileStrategy('bedrock')).toBe('inline')
+    expect(getProviderFileStrategy('azure-openai')).toBe('inline')
+    expect(getProviderFileStrategy('vertex')).toBe('inline')
+
+    expect(getProviderAttachmentMaxBytes('openai')).toBeGreaterThan(
+      INLINE_ATTACHMENT_THRESHOLD_BYTES
+    )
+    expect(getProviderAttachmentMaxBytes('bedrock')).toBe(INLINE_ATTACHMENT_THRESHOLD_BYTES)
+    expect(getProviderAttachmentMaxBytes('azure-openai')).toBe(INLINE_ATTACHMENT_THRESHOLD_BYTES)
+  })
+
+  it('routes only oversized files on capable providers to the large-file path', () => {
+    const small = { ...imageFile, size: 1024 }
+    const large = { ...imageFile, size: INLINE_ATTACHMENT_THRESHOLD_BYTES + 1 }
+    expect(shouldUseLargeFilePath(small, 'openai')).toBe(false)
+    expect(shouldUseLargeFilePath(large, 'openai')).toBe(true)
+    expect(shouldUseLargeFilePath(large, 'bedrock')).toBe(false)
+  })
+
+  it('references uploaded OpenAI files by file_id instead of inlining base64', () => {
+    const content = buildOpenAIMessageContent(
+      'Analyze',
+      [
+        { ...imageFile, base64: undefined, providerFileId: 'file-img' },
+        { ...pdfFile, base64: undefined, providerFileId: 'file-doc' },
+      ],
+      'openai'
+    )
+    expect(content).toEqual([
+      { type: 'input_text', text: 'Analyze' },
+      { type: 'input_image', file_id: 'file-img', detail: 'auto' },
+      { type: 'input_file', file_id: 'file-doc' },
+    ])
+  })
+
+  it('references large Anthropic files via url content-block sources', () => {
+    const content = buildAnthropicMessageContent(
+      'Analyze',
+      [
+        { ...imageFile, base64: undefined, remoteUrl: 'https://signed/img.png' },
+        { ...pdfFile, base64: undefined, remoteUrl: 'https://signed/doc.pdf' },
+      ],
+      'anthropic'
+    )
+    expect(content).toEqual([
+      { type: 'text', text: 'Analyze' },
+      { type: 'image', source: { type: 'url', url: 'https://signed/img.png' } },
+      {
+        type: 'document',
+        source: { type: 'url', url: 'https://signed/doc.pdf' },
+        title: 'example.pdf',
+      },
+    ])
+  })
+
+  it('references uploaded Gemini files via fileData uri', () => {
+    const parts = buildGeminiMessageParts(
+      'Analyze',
+      [{ ...imageFile, base64: undefined, providerFileUri: 'https://files/abc' }],
+      'google'
+    )
+    expect(parts).toEqual([
+      { text: 'Analyze' },
+      { fileData: { fileUri: 'https://files/abc', mimeType: 'image/png' } },
+    ])
+  })
+
+  it('passes a remote url to OpenAI-compatible providers instead of a data url', () => {
+    const content = buildOpenAICompatibleChatContent(
+      'Analyze',
+      [{ ...imageFile, base64: undefined, remoteUrl: 'https://signed/img.png' }],
+      'groq'
+    )
+    expect(content).toEqual([
+      { type: 'text', text: 'Analyze' },
+      { type: 'image_url', image_url: { url: 'https://signed/img.png' } },
+    ])
+  })
+
+  it('rejects files above the provider ceiling', () => {
+    const huge = {
+      ...imageFile,
+      size: getProviderAttachmentMaxBytes('openai') + 1,
+      base64: undefined,
+      providerFileId: 'file-img',
+    }
+    expect(() => buildOpenAIMessageContent('Analyze', [huge], 'openai')).toThrow('exceeds the')
+  })
+})