Skip to content

feat: service accounts & REST API#39

Merged
TerrifiedBug merged 12 commits intomainfrom
feat/service-accounts-api
Mar 7, 2026
Merged

feat: service accounts & REST API#39
TerrifiedBug merged 12 commits intomainfrom
feat/service-accounts-api

Conversation

@TerrifiedBug
Copy link
Copy Markdown
Owner

@TerrifiedBug TerrifiedBug commented Mar 7, 2026

Summary

  • Add ServiceAccount model with hashed API key storage, environment scoping, granular permissions, and optional expiration
  • Implement tRPC router for service account CRUD (list, create, revoke, delete) with ADMIN access and audit logging
  • Add API key authentication middleware for Bearer token validation with SHA-256 hash lookup
  • Create 12 REST API endpoints under /api/v1/ for pipelines, nodes, secrets, alerts, and audit log
  • Build frontend settings page with create dialog, one-time key display, permission toggles, and revoke/delete flows
  • Write full documentation: service accounts operations guide and REST API reference with curl examples

Test plan

  • Create a service account via the Settings UI and verify the API key is displayed once
  • Use the generated API key to call GET /api/v1/pipelines and verify authentication works
  • Verify a revoked service account returns 401
  • Verify expired service accounts are rejected
  • Test permission enforcement (e.g., pipelines.read key cannot call deploy endpoint)
  • Test all 12 REST API endpoints with valid service account keys
  • Verify audit log entries are created for service account operations
  • Run Prisma migration on a fresh database

@github-actions github-actions bot added documentation Improvements or additions to documentation feature labels Mar 7, 2026
@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps bot commented Mar 7, 2026
edited
Loading

Greptile Summary

All previous security and correctness issues have been properly addressed:

  • Authorization & Data Isolation: Service account scope enforcement works correctly; teamId is derived server-side from environment context
  • Audit Logging: All REST mutation endpoints (secrets, pipelines, nodes, alerts) properly log to audit trail via writeAuditLog
  • Input Validation: Secrets routes correctly validate that either id or name is provided, returning 400 instead of misleading 404
  • Sensitive Field Redaction: VectorNode REST responses use explicit select blocks that omit nodeTokenHash and pendingAction
  • Error Handling: Cursor-based pagination validates cursors before queries; generic error messages prevent Prisma schema leakage; TRPCErrors map to correct HTTP status codes (404, 400, etc.)
  • API Authentication: Bearer token validation and permission checks are enforced on all routes via the apiRoute wrapper

One documented trade-off remains by design: service account IDs are passed to PipelineVersion.createdById (no FK constraint), causing version history author attribution to be non-user-resolvable for REST-triggered deployments. This is a semantic issue with no crash risk and was discussed in prior review rounds.

The implementation is production-ready for the REST API and service account features described in the PR.

Confidence Score: 5/5

  • All critical findings from prior reviews have been addressed. The implementation correctly enforces environment-scoped access, logs all mutations, validates input, redacts sensitive fields, and maps errors to proper HTTP status codes.
  • All seven security/correctness issues identified in previous review rounds are verified as fixed: server-side teamId derivation, comprehensive audit logging, explicit select blocks omitting sensitive fields, input validation returning proper error codes, cursor pre-validation, generic error messages, and TRPCError HTTP mapping. The one remaining trade-off (service account ID in PipelineVersion.createdById) is a documented semantic issue without crash risk and was intentionally retained.
  • No files require special attention. All reviewed endpoints show correct implementation of security controls.

Last reviewed commit: bd94f87

greptile-apps[bot]
greptile-apps bot reviewed Mar 7, 2026
View reviewed changes
greptile-apps[bot]
greptile-apps bot reviewed Mar 7, 2026
View reviewed changes
greptile-apps[bot]
greptile-apps bot reviewed Mar 7, 2026
View reviewed changes
greptile-apps[bot]
greptile-apps bot reviewed Mar 7, 2026
View reviewed changes
@TerrifiedBug TerrifiedBug force-pushed the feat/service-accounts-api branch from 58b91a9 to 39ad0b9 Compare March 7, 2026 15:10
@TerrifiedBug
feat: add ServiceAccount model to Prisma schema
eb104f4 
Add database migration for service accounts with hashed API key storage,
environment scoping, JSON permissions, and expiration support.
@TerrifiedBug
feat: add service account management tRPC router
59991bd 
Implements list, create, revoke, and delete procedures for service
accounts with ADMIN-only access, audit logging, and SHA-256 key hashing.
Registers the router in the app router and updates audit/team-access
middleware to resolve ServiceAccount entities.
@TerrifiedBug
feat: add REST API with service account authentication
b398c5a 
Implements API key authentication middleware and 12 REST endpoints:
- Pipelines: list, get, deploy, undeploy, versions, rollback
- Nodes: list (with label filtering), get, toggle maintenance
- Secrets: CRUD operations
- Alert rules: list and create
- Audit: cursor-based polling with action filtering

All endpoints authenticate via Bearer token (service account API keys)
and enforce per-permission authorization.
@TerrifiedBug
feat: add service accounts settings page with create/revoke/delete
91f2571 
Frontend page for managing service accounts with:
- Table listing with status, permissions badges, and last-used time
- Create dialog with permission toggles grouped by category
- One-time API key display modal with copy-to-clipboard
- Revoke and delete confirmation dialogs
- Link from main settings page
@TerrifiedBug
docs: add service accounts guide and REST API reference
deafc4f 
- New operations/service-accounts.md with creation, management, permissions,
  rotation, and security best practices
- Updated reference/api.md with complete REST API documentation including
  curl examples for all 12 endpoints
- Updated SUMMARY.md with service accounts page under Operations
@TerrifiedBug
fix: remove unused decrypt import from secrets route
9c93858
@TerrifiedBug
fix: address service accounts security and review findings
a5da6be 
- Add audit logging to all mutating REST API endpoints (secrets CRUD,
  node maintenance toggle, alert rule creation) using writeAuditLog
  with fire-and-forget pattern
- Fix teamId bypass in POST /api/v1/alerts/rules: derive teamId
  server-side from the authenticated environment instead of accepting
  it from the request body
@TerrifiedBug
fix: suppress internal error details in API responses
fff50e8
@TerrifiedBug
fix: nodeTokenHash exposure, audit logging, input validation
5ec4fda 
- Replace `include` with explicit `select` on node endpoints to omit
  nodeTokenHash and pendingAction from REST responses
- Add writeAuditLog calls to deploy, undeploy, and rollback endpoints
- Add cursor validation in audit log pagination
- Add identifier validation (id or name required) for secrets PUT/DELETE
@TerrifiedBug
fix: service account author attribution and TRPCError status code map…
3e8daa4 
…ping
@TerrifiedBug
fix: restrict pipeline detail API response fields, fix CI errors
0304b17
@TerrifiedBug
fix: audit cursor pagination direction, prevent duplicate service acc…
bd94f87 
…ount names
@TerrifiedBug TerrifiedBug force-pushed the feat/service-accounts-api branch from f01a1de to bd94f87 Compare March 7, 2026 15:41
@TerrifiedBug TerrifiedBug merged commit 0cd3bee into main Mar 7, 2026
12 checks passed
@TerrifiedBug TerrifiedBug deleted the feat/service-accounts-api branch March 7, 2026 15:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation feature

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@TerrifiedBug