Skip to content

fix: update identity by identity key instead of externalId and fix wrong body for permission and role #3713

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Aug 4, 2025
Merged

fix: update identity by identity key instead of externalId and fix wrong body for permission and role #3713

merged 9 commits into from
Aug 4, 2025

Conversation

Flo4604
Copy link
Contributor

@Flo4604 Flo4604 commented Aug 1, 2025
edited by coderabbitai bot
Loading

What does this PR do?

  1. Adjust some docs
  2. Update identity struct to always include our internal ID
  3. Remove externalId from keyResponse data as we already have it in identity.externalId
  4. update the get role response to just return the role data without a wrapper
  5. updae he get permission response to just return the role data without a wrapper

If there is not an issue for this, please create one first. This is used to tracking purposes and also helps use understand why this PR exists

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • Chore (refactoring code, technical debt, workflow improvements)
  • Enhancement (small improvements)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How should this be tested?

  • Test A
  • Test B

Checklist

Required

  • Filled out the "How to test" section in this PR
  • Read Contributing Guide
  • Self-reviewed my own code
  • Commented on my code in hard-to-understand areas
  • Ran pnpm build
  • Ran pnpm fmt
  • Checked for warnings, there are none
  • Removed all console.logs
  • Merged the latest changes from main onto my branch with git pull origin main
  • My changes don't cause any responsiveness issues

Appreciated

  • If a UI change was made: Added a screen recording or screenshots to this PR
  • Updated the Unkey Docs if changes were necessary

Summary by CodeRabbit

  • New Features

    • API responses for identities and keys now include an explicit internal identity ID field.
    • Updated API documentation and examples to reflect the new identity ID field and revised request/response structures.

  • Bug Fixes

    • Corrected and clarified API documentation for key management and rate limiting endpoints, including example payloads and parameter names.

  • Refactor

    • Simplified and unified API response structures by removing unnecessary nesting for identities, permissions, and roles.
    • Standardized naming conventions in API requests (e.g., renaming externalId to identity).
    • Added cache invalidation logic for key updates to ensure data consistency.

  • Chores

    • Improved formatting and consistency in API documentation, OpenAPI specs, and example values.
    • Updated development scripts for documentation to use the latest tooling.
    • Enhanced test coverage by updating tests to align with renamed fields and new response structures.

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Aug 1, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: f30c857

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@vercel Vercel
Copy link

vercel bot commented Aug 1, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

2 Skipped Deployments
Name Status Preview Comments Updated (UTC)
dashboard ⬜️ Ignored (Inspect) Visit Preview Aug 4, 2025 6:53am
engineering ⬜️ Ignored (Inspect) Visit Preview Aug 4, 2025 6:53am

@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Aug 1, 2025
edited
Loading

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

📝 Walkthrough

Walkthrough

This change updates the identity and key management APIs by adding an explicit id field to the Identity object in both OpenAPI specifications and handler implementations. It removes redundant response wrappers, renames request fields (notably externalId to identity), and updates documentation and tests to reflect these schema and structural changes.

Changes

Cohort / File(s) Change Summary
OpenAPI Identity Schema and Key Response Updates
go/apps/api/openapi/spec/common/Identity.yaml, go/apps/api/openapi/spec/common/KeyResponseData.yaml, go/apps/api/openapi/spec/paths/v2/identities/updateIdentity/V2IdentitiesUpdateIdentityRequestBody.yaml, go/apps/api/openapi/spec/paths/v2/identities/getIdentity/V2IdentitiesGetIdentityResponseBody.yaml, go/apps/api/openapi/spec/paths/v2/permissions/getPermission/V2PermissionsGetPermissionResponseBody.yaml, go/apps/api/openapi/spec/paths/v2/permissions/getRole/V2PermissionsGetRoleResponseBody.yaml, go/apps/api/openapi/spec/paths/v2/permissions/getPermission/V2PermissionsGetPermissionResponseData.yaml, go/apps/api/openapi/spec/paths/v2/permissions/getRole/V2PermissionsGetRoleResponseData.yaml		 Added required id field to Identity schema, removed externalId from KeyResponseData, renamed externalId to identity in update requests, and simplified response data by removing nested wrappers for permission and role endpoints.
OpenAPI Spec and Endpoint Documentation
go/apps/api/openapi/openapi-generated.yaml, go/apps/api/openapi/spec/paths/v2/apis/listKeys/V2ApisListKeysRequestBody.yaml, go/apps/api/openapi/spec/common/Permission.yaml, go/apps/api/openapi/spec/common/RatelimitRequest.yaml, go/apps/api/openapi/spec/paths/v2/apis/createApi/index.yaml, go/apps/api/openapi/spec/paths/v2/apis/deleteApi/V2ApisDeleteApiResponseBody.yaml, go/apps/api/openapi/spec/paths/v2/apis/deleteApi/index.yaml, go/apps/api/openapi/spec/paths/v2/apis/getApi/index.yaml, go/apps/api/openapi/spec/paths/v2/identities/createIdentity/index.yaml, go/apps/api/openapi/spec/paths/v2/identities/updateIdentity/index.yaml		 Updated OpenAPI spec and endpoint documentation to reflect schema changes, improve formatting, clarify descriptions, and update example values.
Go API Implementation: Identity, Key, Permission, and Role Handlers
go/apps/api/openapi/gen.go, go/apps/api/routes/v2_identities_get_identity/handler.go, go/apps/api/routes/v2_identities_update_identity/handler.go, go/apps/api/routes/v2_identities_list_identities/handler.go, go/apps/api/routes/v2_keys_get_key/handler.go, go/apps/api/routes/v2_keys_verify_key/handler.go, go/apps/api/routes/v2_keys_whoami/handler.go, go/apps/api/routes/v2_apis_list_keys/handler.go, go/apps/api/routes/v2_permissions_get_permission/handler.go, go/apps/api/routes/v2_permissions_get_role/handler.go		 Refactored handlers to populate the new Id field in Identity, removed unnecessary nested response structs, and updated logic to use the renamed identity field.
Go API Implementation: Key Update and Permission Add Handlers
go/apps/api/routes/v2_keys_update_key/handler.go, go/apps/api/routes/register.go, go/apps/api/routes/v2_keys_add_permissions/handler.go, go/apps/api/routes/v2_keys_create_key/handler.go		 Introduced KeyCache dependency for key update handler, ensured cache invalidation post-update, and set new fields in permission/key creation.
Tests: Identity Update, Key Update, Permission, and Role
go/apps/api/routes/v2_identities_update_identity/200_test.go, go/apps/api/routes/v2_identities_update_identity/400_test.go, go/apps/api/routes/v2_identities_update_identity/401_test.go, go/apps/api/routes/v2_identities_update_identity/403_test.go, go/apps/api/routes/v2_identities_update_identity/404_test.go, go/apps/api/routes/v2_keys_update_key/200_test.go, go/apps/api/routes/v2_keys_update_key/400_test.go, go/apps/api/routes/v2_keys_update_key/401_test.go, go/apps/api/routes/v2_keys_update_key/403_test.go, go/apps/api/routes/v2_keys_update_key/404_test.go, go/apps/api/routes/v2_keys_update_key/three_state_test.go, go/apps/api/routes/v2_keys_verify_key/200_test.go, go/apps/api/routes/v2_permissions_get_permission/200_test.go, go/apps/api/routes/v2_permissions_get_role/200_test.go		 Updated all affected tests to use the new identity field, expect the id field in responses, and match the simplified response structures.
Documentation: API Reference and Migration Guides
apps/docs/api-reference/v1/migration/keys.mdx, apps/docs/api-reference/v1/migration/ratelimiting.mdx		 Updated documentation to reflect schema changes, added id field to identity examples, renamed parameters, and clarified migration steps.
Docs Build Script
apps/docs/package.json		 Changed dev script to use npx mintlify@latest dev for documentation development.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant API
    participant DB

    Client->>API: Update Identity (identity: "id_123" or externalId)
    API->>DB: Lookup identity by id or externalId
    DB-->>API: Identity record (with internal ID)
    API-->>Client: Response { identity: { id, externalId, ... } }
Loading 
sequenceDiagram
    participant Client
    participant API
    participant DB
    participant Cache

    Client->>API: Update Key (with key hash)
    API->>DB: Update key in database
    DB-->>API: Update success
    API->>Cache: Invalidate key hash entry
    API-->>Client: Response with updated key (identity includes id)
Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

  • refactor: update identity param for v2 #3661: Refactors identity queries and parameters to use a unified identity field, directly related to this PR's changes in identity lookups and field renaming.
  • fix: api list keys zod errors #3702: Modifies the Identity struct and response wrappers, closely matching this PR's schema and API response simplification.
  • feat: v2/keys.getKey #3421: Implements the v2/keys.getKey endpoint and related identity/response structure changes, overlapping with this PR's updates to identity and key response schemas.

Suggested labels

Documentation, Core Team

Suggested reviewers

  • perkinsjr
  • imeyer
  • mcstepp
  • MichaelUnkey
  • ogzhanolguncu
  • chronark

Note

⚡️ Unit Test Generation is now available in beta!

Learn more here, or try it out under "Finishing Touches" below.

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 348bd8c and f30c857.

📒 Files selected for processing (1)
  • go/apps/api/routes/v2_keys_verify_key/handler.go (1 hunks)
🧰 Additional context used
🧠 Learnings (5)
📓 Common learnings 
Learnt from: ogzhanolguncu
PR: unkeyed/unkey#2825
File: apps/dashboard/app/(app)/logs-v2/hooks/use-bookmarked-filters.ts:0-0
Timestamp: 2025-01-30T20:51:44.359Z
Learning: The user (ogzhanolguncu) prefers to handle refactoring suggestions in separate PRs to maintain focus in the current PR.

Learnt from: ogzhanolguncu
PR: unkeyed/unkey#3661
File: go/apps/api/routes/v2_identities_update_identity/handler.go:115-119
Timestamp: 2025-07-28T11:47:43.144Z
Learning: The v2 update identity endpoint (go/apps/api/routes/v2_identities_update_identity/handler.go) intentionally uses `ExternalId` field instead of the unified `Identity` field used in other v2 identity endpoints. This is because the update endpoint needs to both find by externalId and potentially update the externalId value, making the specific field name more appropriate than the generic `Identity` field.

Learnt from: Flo4604
PR: unkeyed/unkey#3151
File: go/apps/api/openapi/gen.go:221-233
Timestamp: 2025-04-18T20:01:33.812Z
Learning: For identity deletion operations in the Unkey API, identityId takes precedence over externalId when both are provided in the request body.

Learnt from: chronark
PR: unkeyed/unkey#2693
File: apps/api/src/routes/v1_keys_updateKey.ts:350-368
Timestamp: 2024-11-29T15:15:47.308Z
Learning: In `apps/api/src/routes/v1_keys_updateKey.ts`, the code intentionally handles `externalId` and `ownerId` separately for clarity. The `ownerId` field will be removed in the future, simplifying the code.

Learnt from: Flo4604
PR: unkeyed/unkey#2955
File: go/apps/api/routes/v2_identities_create_identity/handler.go:162-202
Timestamp: 2025-03-19T09:25:59.751Z
Learning: In the Unkey codebase, input validation for API endpoints is primarily handled through OpenAPI schema validation, which occurs before requests reach the handler code. For example, in the identities.createIdentity endpoint, minimum values for ratelimit duration and limit are defined in the OpenAPI schema rather than duplicating these checks in the handler.

Learnt from: ogzhanolguncu
PR: unkeyed/unkey#3315
File: apps/dashboard/app/(app)/apis/[apiId]/_components/create-key/components/general-setup.tsx:40-50
Timestamp: 2025-06-19T13:01:55.338Z
Learning: In the create-key form's GeneralSetup component, the Controller is intentionally bound to "identityId" as the primary field while "externalId" is set explicitly via setValue. The ExternalIdField component has been designed to handle this pattern where it receives identityId as its value prop but manages both identityId and externalId through its onChange callback.

Learnt from: ogzhanolguncu
PR: unkeyed/unkey#3324
File: apps/dashboard/app/(app)/authorization/roles/components/table/components/actions/keys-table-action.popover.constants.tsx:17-18
Timestamp: 2025-06-19T11:48:05.070Z
Learning: In the authorization roles refactor, the RoleBasic type uses `roleId` as the property name for the role identifier, not `id`. This is consistent throughout the codebase in apps/dashboard/lib/trpc/routers/authorization/roles/query.ts.
📚 Learning: the v2 update identity endpoint (go/apps/api/routes/v2_identities_update_identity/handler.go) intent... 
Learnt from: ogzhanolguncu
PR: unkeyed/unkey#3661
File: go/apps/api/routes/v2_identities_update_identity/handler.go:115-119
Timestamp: 2025-07-28T11:47:43.144Z
Learning: The v2 update identity endpoint (go/apps/api/routes/v2_identities_update_identity/handler.go) intentionally uses `ExternalId` field instead of the unified `Identity` field used in other v2 identity endpoints. This is because the update endpoint needs to both find by externalId and potentially update the externalId value, making the specific field name more appropriate than the generic `Identity` field.

Applied to files:

  • go/apps/api/routes/v2_keys_verify_key/handler.go
📚 Learning: in `apps/api/src/routes/v1_keys_updatekey.ts`, the code intentionally handles `externalid` and `owne... 
Learnt from: chronark
PR: unkeyed/unkey#2693
File: apps/api/src/routes/v1_keys_updateKey.ts:350-368
Timestamp: 2024-11-29T15:15:47.308Z
Learning: In `apps/api/src/routes/v1_keys_updateKey.ts`, the code intentionally handles `externalId` and `ownerId` separately for clarity. The `ownerId` field will be removed in the future, simplifying the code.

Applied to files:

  • go/apps/api/routes/v2_keys_verify_key/handler.go
📚 Learning: in the unkey codebase, input validation for api endpoints is primarily handled through openapi schem... 
Learnt from: Flo4604
PR: unkeyed/unkey#2955
File: go/apps/api/routes/v2_identities_create_identity/handler.go:162-202
Timestamp: 2025-03-19T09:25:59.751Z
Learning: In the Unkey codebase, input validation for API endpoints is primarily handled through OpenAPI schema validation, which occurs before requests reach the handler code. For example, in the identities.createIdentity endpoint, minimum values for ratelimit duration and limit are defined in the OpenAPI schema rather than duplicating these checks in the handler.

Applied to files:

  • go/apps/api/routes/v2_keys_verify_key/handler.go
📚 Learning: for identity deletion operations in the unkey api, identityid takes precedence over externalid when ... 
Learnt from: Flo4604
PR: unkeyed/unkey#3151
File: go/apps/api/openapi/gen.go:221-233
Timestamp: 2025-04-18T20:01:33.812Z
Learning: For identity deletion operations in the Unkey API, identityId takes precedence over externalId when both are provided in the request body.

Applied to files:

  • go/apps/api/routes/v2_keys_verify_key/handler.go
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)
  • GitHub Check: Test Go API Local / Test
  • GitHub Check: Build / Build
  • GitHub Check: Test Agent Local / test_agent_local
  • GitHub Check: Test API / API Test Local
  • GitHub Check: Test Packages / Test
  • GitHub Check: autofix
  • GitHub Check: Analyze (javascript-typescript)
🔇 Additional comments (1)
go/apps/api/routes/v2_keys_verify_key/handler.go (1)

203-209: LGTM! This change aligns with the API standardization effort.

The addition of the Id field to the openapi.Identity struct correctly exposes the internal identity ID alongside the existing ExternalId. This change is consistent with the broader codebase updates to unify identity representation across all v2 endpoints.

The implementation is proper:

  • The field is only set when key.Key.IdentityID.Valid is true
  • It correctly converts the ID to string format using key.Key.IdentityID.String
  • It maintains backward compatibility by keeping the existing ExternalId field
✨ Finishing Touches
  • 📝 Generate Docstrings
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch fix/docs+cleanup

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai generate unit tests to generate unit tests for this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@Flo4604 Flo4604 changed the title docs and remove externalId from keyResponse fix: more changes Aug 1, 2025
@Flo4604 Flo4604 changed the title fix: more changes fix: more things Aug 1, 2025
@Flo4604 Flo4604 marked this pull request as ready for review August 1, 2025 16:02
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Aug 1, 2025
edited
Loading

Thank you for following the naming conventions for pull request titles! 🙏

coderabbitai[bot]
coderabbitai bot reviewed Aug 1, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 9

🔭 Outside diff range comments (2)
go/apps/api/routes/v2_apis_list_keys/handler.go (1)

387-394: Double-check ExternalId validity when populating the new Identity.Id.

Great to see the new Id field being returned.
However, we still unconditionally read key.ExternalID.String without checking key.ExternalID.Valid. If ExternalID.Valid is false, the string value is undefined and could leak a stale value.

-            Id:         key.IdentityID.String,
-            ExternalId: key.ExternalID.String,
+            Id:         key.IdentityID.String,
+            ExternalId: func() string {
+                if key.ExternalID.Valid {
+                    return key.ExternalID.String
+                }
+                return ""
+            }(),

Guarding the access eliminates accidental garbage data in the JSON response.

go/apps/api/routes/v2_keys_add_permissions/handler.go (1)

188-196: Good addition of UpdatedAtM, but prefer using the previously captured now.

You already captured now := time.Now().UnixMilli() at Line 177 – use that instead of creating a second timestamp to guarantee consistency between CreatedAtM and UpdatedAtM.

-            CreatedAtM:  now,
+            CreatedAtM:  now,
             UpdatedAtM:  sql.NullInt64{Int64: now, Valid: true},

Otherwise the two fields could differ by a few µs in highly-concurrent scenarios, which complicates deterministic tests.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 28444de and ff6a151.

📒 Files selected for processing (49)
  • apps/docs/api-reference/v1/migration/keys.mdx (6 hunks)
  • apps/docs/api-reference/v1/migration/ratelimiting.mdx (3 hunks)
  • apps/docs/package.json (1 hunks)
  • go/apps/api/openapi/gen.go (7 hunks)
  • go/apps/api/openapi/openapi-generated.yaml (16 hunks)
  • go/apps/api/openapi/spec/common/Identity.yaml (2 hunks)
  • go/apps/api/openapi/spec/common/KeyResponseData.yaml (0 hunks)
  • go/apps/api/openapi/spec/common/Permission.yaml (1 hunks)
  • go/apps/api/openapi/spec/common/RatelimitRequest.yaml (1 hunks)
  • go/apps/api/openapi/spec/paths/v2/apis/createApi/index.yaml (0 hunks)
  • go/apps/api/openapi/spec/paths/v2/apis/deleteApi/V2ApisDeleteApiResponseBody.yaml (1 hunks)
  • go/apps/api/openapi/spec/paths/v2/apis/deleteApi/index.yaml (2 hunks)
  • go/apps/api/openapi/spec/paths/v2/apis/getApi/index.yaml (2 hunks)
  • go/apps/api/openapi/spec/paths/v2/apis/listKeys/V2ApisListKeysRequestBody.yaml (1 hunks)
  • go/apps/api/openapi/spec/paths/v2/identities/createIdentity/index.yaml (1 hunks)
  • go/apps/api/openapi/spec/paths/v2/identities/getIdentity/V2IdentitiesGetIdentityResponseBody.yaml (1 hunks)
  • go/apps/api/openapi/spec/paths/v2/identities/updateIdentity/V2IdentitiesUpdateIdentityRequestBody.yaml (2 hunks)
  • go/apps/api/openapi/spec/paths/v2/identities/updateIdentity/index.yaml (2 hunks)
  • go/apps/api/openapi/spec/paths/v2/permissions/getPermission/V2PermissionsGetPermissionResponseBody.yaml (2 hunks)
  • go/apps/api/openapi/spec/paths/v2/permissions/getPermission/V2PermissionsGetPermissionResponseData.yaml (0 hunks)
  • go/apps/api/openapi/spec/paths/v2/permissions/getRole/V2PermissionsGetRoleResponseBody.yaml (1 hunks)
  • go/apps/api/openapi/spec/paths/v2/permissions/getRole/V2PermissionsGetRoleResponseData.yaml (0 hunks)
  • go/apps/api/routes/register.go (1 hunks)
  • go/apps/api/routes/v2_apis_list_keys/handler.go (1 hunks)
  • go/apps/api/routes/v2_identities_get_identity/handler.go (1 hunks)
  • go/apps/api/routes/v2_identities_list_identities/handler.go (1 hunks)
  • go/apps/api/routes/v2_identities_update_identity/200_test.go (5 hunks)
  • go/apps/api/routes/v2_identities_update_identity/400_test.go (3 hunks)
  • go/apps/api/routes/v2_identities_update_identity/401_test.go (5 hunks)
  • go/apps/api/routes/v2_identities_update_identity/403_test.go (3 hunks)
  • go/apps/api/routes/v2_identities_update_identity/404_test.go (1 hunks)
  • go/apps/api/routes/v2_identities_update_identity/handler.go (2 hunks)
  • go/apps/api/routes/v2_keys_add_permissions/handler.go (1 hunks)
  • go/apps/api/routes/v2_keys_create_key/handler.go (1 hunks)
  • go/apps/api/routes/v2_keys_get_key/handler.go (1 hunks)
  • go/apps/api/routes/v2_keys_update_key/200_test.go (2 hunks)
  • go/apps/api/routes/v2_keys_update_key/400_test.go (1 hunks)
  • go/apps/api/routes/v2_keys_update_key/401_test.go (1 hunks)
  • go/apps/api/routes/v2_keys_update_key/403_test.go (3 hunks)
  • go/apps/api/routes/v2_keys_update_key/404_test.go (1 hunks)
  • go/apps/api/routes/v2_keys_update_key/handler.go (4 hunks)
  • go/apps/api/routes/v2_keys_update_key/three_state_test.go (1 hunks)
  • go/apps/api/routes/v2_keys_verify_key/200_test.go (1 hunks)
  • go/apps/api/routes/v2_keys_verify_key/handler.go (1 hunks)
  • go/apps/api/routes/v2_keys_whoami/handler.go (1 hunks)
  • go/apps/api/routes/v2_permissions_get_permission/200_test.go (3 hunks)
  • go/apps/api/routes/v2_permissions_get_permission/handler.go (1 hunks)
  • go/apps/api/routes/v2_permissions_get_role/200_test.go (2 hunks)
  • go/apps/api/routes/v2_permissions_get_role/handler.go (1 hunks)
💤 Files with no reviewable changes (4)
  • go/apps/api/openapi/spec/paths/v2/apis/createApi/index.yaml
  • go/apps/api/openapi/spec/paths/v2/permissions/getRole/V2PermissionsGetRoleResponseData.yaml
  • go/apps/api/openapi/spec/paths/v2/permissions/getPermission/V2PermissionsGetPermissionResponseData.yaml
  • go/apps/api/openapi/spec/common/KeyResponseData.yaml
🧰 Additional context used
🧠 Learnings (25)
📓 Common learnings 
Learnt from: ogzhanolguncu
PR: unkeyed/unkey#2825
File: apps/dashboard/app/(app)/logs-v2/hooks/use-bookmarked-filters.ts:0-0
Timestamp: 2025-01-30T20:51:44.359Z
Learning: The user (ogzhanolguncu) prefers to handle refactoring suggestions in separate PRs to maintain focus in the current PR.

Learnt from: ogzhanolguncu
PR: unkeyed/unkey#3661
File: go/apps/api/routes/v2_identities_update_identity/handler.go:115-119
Timestamp: 2025-07-28T11:47:43.144Z
Learning: The v2 update identity endpoint (go/apps/api/routes/v2_identities_update_identity/handler.go) intentionally uses `ExternalId` field instead of the unified `Identity` field used in other v2 identity endpoints. This is because the update endpoint needs to both find by externalId and potentially update the externalId value, making the specific field name more appropriate than the generic `Identity` field.

Learnt from: Flo4604
PR: unkeyed/unkey#3151
File: go/apps/api/openapi/gen.go:221-233
Timestamp: 2025-04-18T20:01:33.812Z
Learning: For identity deletion operations in the Unkey API, identityId takes precedence over externalId when both are provided in the request body.

Learnt from: chronark
PR: unkeyed/unkey#2693
File: apps/api/src/routes/v1_keys_updateKey.ts:350-368
Timestamp: 2024-11-29T15:15:47.308Z
Learning: In `apps/api/src/routes/v1_keys_updateKey.ts`, the code intentionally handles `externalId` and `ownerId` separately for clarity. The `ownerId` field will be removed in the future, simplifying the code.

Learnt from: Flo4604
PR: unkeyed/unkey#2955
File: go/apps/api/routes/v2_identities_create_identity/handler.go:162-202
Timestamp: 2025-03-19T09:25:59.751Z
Learning: In the Unkey codebase, input validation for API endpoints is primarily handled through OpenAPI schema validation, which occurs before requests reach the handler code. For example, in the identities.createIdentity endpoint, minimum values for ratelimit duration and limit are defined in the OpenAPI schema rather than duplicating these checks in the handler.

Learnt from: ogzhanolguncu
PR: unkeyed/unkey#3315
File: apps/dashboard/app/(app)/apis/[apiId]/_components/create-key/components/general-setup.tsx:40-50
Timestamp: 2025-06-19T13:01:55.338Z
Learning: In the create-key form's GeneralSetup component, the Controller is intentionally bound to "identityId" as the primary field while "externalId" is set explicitly via setValue. The ExternalIdField component has been designed to handle this pattern where it receives identityId as its value prop but manages both identityId and externalId through its onChange callback.

Learnt from: ogzhanolguncu
PR: unkeyed/unkey#3324
File: apps/dashboard/app/(app)/authorization/roles/components/table/components/actions/keys-table-action.popover.constants.tsx:17-18
Timestamp: 2025-06-19T11:48:05.070Z
Learning: In the authorization roles refactor, the RoleBasic type uses `roleId` as the property name for the role identifier, not `id`. This is consistent throughout the codebase in apps/dashboard/lib/trpc/routers/authorization/roles/query.ts.
📚 Learning: in the `v1/keys.updatekey` endpoint, the server validates the refill configuration before checking i... 
Learnt from: MichaelUnkey
PR: unkeyed/unkey#2114
File: apps/api/src/routes/v1_keys_updateKey.error.test.ts:0-0
Timestamp: 2024-09-27T15:20:05.475Z
Learning: In the `v1/keys.updateKey` endpoint, the server validates the refill configuration before checking if the key exists. Therefore, tests can assert validation errors without needing to create the key first.

Applied to files:

  • go/apps/api/routes/v2_keys_update_key/404_test.go
  • go/apps/api/routes/v2_keys_update_key/401_test.go
  • go/apps/api/routes/register.go
  • go/apps/api/routes/v2_keys_update_key/400_test.go
  • go/apps/api/routes/v2_keys_verify_key/200_test.go
  • go/apps/api/routes/v2_keys_update_key/three_state_test.go
  • go/apps/api/routes/v2_keys_update_key/403_test.go
  • go/apps/api/routes/v2_keys_update_key/handler.go
  • go/apps/api/routes/v2_keys_update_key/200_test.go
📚 Learning: the v2 update identity endpoint (go/apps/api/routes/v2_identities_update_identity/handler.go) intent... 
Learnt from: ogzhanolguncu
PR: unkeyed/unkey#3661
File: go/apps/api/routes/v2_identities_update_identity/handler.go:115-119
Timestamp: 2025-07-28T11:47:43.144Z
Learning: The v2 update identity endpoint (go/apps/api/routes/v2_identities_update_identity/handler.go) intentionally uses `ExternalId` field instead of the unified `Identity` field used in other v2 identity endpoints. This is because the update endpoint needs to both find by externalId and potentially update the externalId value, making the specific field name more appropriate than the generic `Identity` field.

Applied to files:

  • go/apps/api/routes/v2_keys_get_key/handler.go
  • go/apps/api/openapi/spec/paths/v2/identities/createIdentity/index.yaml
  • go/apps/api/openapi/spec/common/Identity.yaml
  • go/apps/api/routes/v2_keys_whoami/handler.go
  • go/apps/api/routes/v2_identities_update_identity/403_test.go
  • go/apps/api/openapi/spec/paths/v2/identities/updateIdentity/index.yaml
  • go/apps/api/routes/v2_keys_verify_key/handler.go
  • go/apps/api/routes/register.go
  • go/apps/api/routes/v2_identities_update_identity/401_test.go
  • go/apps/api/routes/v2_keys_create_key/handler.go
  • go/apps/api/routes/v2_identities_update_identity/404_test.go
  • go/apps/api/routes/v2_identities_update_identity/handler.go
  • go/apps/api/routes/v2_keys_verify_key/200_test.go
  • go/apps/api/routes/v2_identities_get_identity/handler.go
  • go/apps/api/openapi/spec/paths/v2/identities/getIdentity/V2IdentitiesGetIdentityResponseBody.yaml
  • go/apps/api/routes/v2_identities_list_identities/handler.go
  • go/apps/api/routes/v2_identities_update_identity/400_test.go
  • go/apps/api/routes/v2_keys_update_key/403_test.go
  • go/apps/api/openapi/spec/paths/v2/identities/updateIdentity/V2IdentitiesUpdateIdentityRequestBody.yaml
  • go/apps/api/routes/v2_keys_update_key/handler.go
  • apps/docs/api-reference/v1/migration/keys.mdx
  • go/apps/api/routes/v2_keys_update_key/200_test.go
  • go/apps/api/routes/v2_apis_list_keys/handler.go
  • go/apps/api/routes/v2_identities_update_identity/200_test.go
  • go/apps/api/openapi/gen.go
  • go/apps/api/openapi/openapi-generated.yaml
📚 Learning: in `apps/api/src/routes/v1_keys_updatekey.ts`, the code intentionally handles `externalid` and `owne... 
Learnt from: chronark
PR: unkeyed/unkey#2693
File: apps/api/src/routes/v1_keys_updateKey.ts:350-368
Timestamp: 2024-11-29T15:15:47.308Z
Learning: In `apps/api/src/routes/v1_keys_updateKey.ts`, the code intentionally handles `externalId` and `ownerId` separately for clarity. The `ownerId` field will be removed in the future, simplifying the code.

Applied to files:

  • go/apps/api/routes/v2_keys_get_key/handler.go
  • go/apps/api/routes/v2_keys_whoami/handler.go
  • go/apps/api/routes/v2_identities_update_identity/403_test.go
  • go/apps/api/openapi/spec/paths/v2/identities/updateIdentity/index.yaml
  • go/apps/api/routes/v2_keys_verify_key/handler.go
  • go/apps/api/routes/v2_identities_update_identity/401_test.go
  • go/apps/api/routes/v2_keys_create_key/handler.go
  • go/apps/api/routes/v2_identities_update_identity/404_test.go
  • go/apps/api/routes/v2_identities_update_identity/handler.go
  • go/apps/api/routes/v2_keys_verify_key/200_test.go
  • go/apps/api/routes/v2_identities_list_identities/handler.go
  • go/apps/api/routes/v2_identities_update_identity/400_test.go
  • go/apps/api/openapi/spec/paths/v2/identities/updateIdentity/V2IdentitiesUpdateIdentityRequestBody.yaml
  • go/apps/api/routes/v2_keys_update_key/handler.go
  • apps/docs/api-reference/v1/migration/keys.mdx
  • go/apps/api/routes/v2_apis_list_keys/handler.go
  • go/apps/api/routes/v2_identities_update_identity/200_test.go
  • go/apps/api/openapi/gen.go
  • go/apps/api/openapi/openapi-generated.yaml
📚 Learning: for identity deletion operations in the unkey api, identityid takes precedence over externalid when ... 
Learnt from: Flo4604
PR: unkeyed/unkey#3151
File: go/apps/api/openapi/gen.go:221-233
Timestamp: 2025-04-18T20:01:33.812Z
Learning: For identity deletion operations in the Unkey API, identityId takes precedence over externalId when both are provided in the request body.

Applied to files:

  • go/apps/api/routes/v2_keys_get_key/handler.go
  • go/apps/api/openapi/spec/paths/v2/identities/createIdentity/index.yaml
  • go/apps/api/openapi/spec/common/Identity.yaml
  • go/apps/api/routes/v2_keys_whoami/handler.go
  • go/apps/api/routes/v2_identities_update_identity/403_test.go
  • go/apps/api/openapi/spec/paths/v2/identities/updateIdentity/index.yaml
  • go/apps/api/routes/v2_keys_verify_key/handler.go
  • go/apps/api/routes/v2_identities_update_identity/401_test.go
  • go/apps/api/routes/v2_identities_update_identity/404_test.go
  • go/apps/api/routes/v2_identities_update_identity/handler.go
  • go/apps/api/routes/v2_keys_verify_key/200_test.go
  • go/apps/api/routes/v2_identities_update_identity/400_test.go
  • go/apps/api/openapi/spec/paths/v2/identities/updateIdentity/V2IdentitiesUpdateIdentityRequestBody.yaml
  • apps/docs/api-reference/v1/migration/keys.mdx
  • go/apps/api/routes/v2_apis_list_keys/handler.go
  • go/apps/api/routes/v2_identities_update_identity/200_test.go
  • go/apps/api/openapi/gen.go
  • go/apps/api/openapi/openapi-generated.yaml
📚 Learning: in the unkey codebase, input validation for api endpoints is primarily handled through openapi schem... 
Learnt from: Flo4604
PR: unkeyed/unkey#2955
File: go/apps/api/routes/v2_identities_create_identity/handler.go:162-202
Timestamp: 2025-03-19T09:25:59.751Z
Learning: In the Unkey codebase, input validation for API endpoints is primarily handled through OpenAPI schema validation, which occurs before requests reach the handler code. For example, in the identities.createIdentity endpoint, minimum values for ratelimit duration and limit are defined in the OpenAPI schema rather than duplicating these checks in the handler.

Applied to files:

  • go/apps/api/routes/v2_keys_get_key/handler.go
  • go/apps/api/openapi/spec/common/Identity.yaml
  • go/apps/api/routes/v2_keys_verify_key/handler.go
  • go/apps/api/routes/v2_keys_verify_key/200_test.go
  • go/apps/api/openapi/spec/paths/v2/identities/updateIdentity/V2IdentitiesUpdateIdentityRequestBody.yaml
  • go/apps/api/routes/v2_apis_list_keys/handler.go
  • go/apps/api/openapi/openapi-generated.yaml
📚 Learning: in the unkey api openapi schema, the permissions query regex for the verifykey endpoint intentionall... 
Learnt from: chronark
PR: unkeyed/unkey#3617
File: go/apps/api/openapi/openapi.yaml:3309-3312
Timestamp: 2025-07-16T17:51:57.297Z
Learning: In the Unkey API OpenAPI schema, the permissions query regex for the verifyKey endpoint intentionally allows all whitespace characters (including tabs and newlines) via `\s`. Do not flag this as an error in future reviews.

Applied to files:

  • go/apps/api/openapi/spec/paths/v2/identities/createIdentity/index.yaml
  • go/apps/api/openapi/spec/paths/v2/identities/updateIdentity/index.yaml
  • go/apps/api/openapi/spec/paths/v2/apis/getApi/index.yaml
  • go/apps/api/openapi/spec/paths/v2/apis/deleteApi/index.yaml
📚 Learning: in the create-key form's generalsetup component, the controller is intentionally bound to "identityi... 
Learnt from: ogzhanolguncu
PR: unkeyed/unkey#3315
File: apps/dashboard/app/(app)/apis/[apiId]/_components/create-key/components/general-setup.tsx:40-50
Timestamp: 2025-06-19T13:01:55.338Z
Learning: In the create-key form's GeneralSetup component, the Controller is intentionally bound to "identityId" as the primary field while "externalId" is set explicitly via setValue. The ExternalIdField component has been designed to handle this pattern where it receives identityId as its value prop but manages both identityId and externalId through its onChange callback.

Applied to files:

  • go/apps/api/openapi/spec/common/Identity.yaml
  • go/apps/api/openapi/spec/paths/v2/identities/updateIdentity/V2IdentitiesUpdateIdentityRequestBody.yaml
  • go/apps/api/routes/v2_apis_list_keys/handler.go
  • go/apps/api/openapi/openapi-generated.yaml
📚 Learning: the `cloudflareratelimiter` type definition in `apps/api/src/pkg/env.ts` should not have its interfa... 
Learnt from: chronark
PR: unkeyed/unkey#2544
File: apps/api/src/pkg/env.ts:4-6
Timestamp: 2024-10-23T12:05:31.121Z
Learning: The `cloudflareRatelimiter` type definition in `apps/api/src/pkg/env.ts` should not have its interface changed; it should keep the `limit` method returning `Promise<{ success: boolean }>` without additional error properties.

Applied to files:

  • go/apps/api/openapi/spec/common/RatelimitRequest.yaml
  • apps/docs/api-reference/v1/migration/ratelimiting.mdx
📚 Learning: in go/pkg/db/bulk_keyring_insert.sql.go and similar bulk insert generated files, hardcoded zero valu... 
Learnt from: Flo4604
PR: unkeyed/unkey#3631
File: go/pkg/db/bulk_keyring_insert.sql.go:23-25
Timestamp: 2025-07-17T14:24:20.403Z
Learning: In go/pkg/db/bulk_keyring_insert.sql.go and similar bulk insert generated files, hardcoded zero values for fields like size_approx and size_last_updated_at are intentional and reflect the original SQL query structure, not missing parameters.

Applied to files:

  • go/apps/api/routes/v2_keys_add_permissions/handler.go
  • go/apps/api/routes/v2_keys_create_key/handler.go
  • go/apps/api/routes/v2_keys_update_key/handler.go
📚 Learning: applies to go/deploy/**/*.{go,js,ts,tsx,py,sh,md,txt,json,yaml,yml,ini,env,conf,html,css,scss,xml,c,... 
Learnt from: CR
PR: unkeyed/unkey#0
File: go/deploy/CLAUDE.md:0-0
Timestamp: 2025-07-21T18:05:58.236Z
Learning: Applies to go/deploy/**/*.{go,js,ts,tsx,py,sh,md,txt,json,yaml,yml,ini,env,conf,html,css,scss,xml,c,h,cpp,java,rb,rs,php,pl,sql} : Update relevant anchors when modifying associated code.

Applied to files:

  • apps/docs/package.json
📚 Learning: in the unkey codebase, input validation for api endpoints is handled at the openapi schema layer, wh... 
Learnt from: chronark
PR: unkeyed/unkey#3560
File: go/apps/api/routes/v2_keys_create_key/handler.go:353-466
Timestamp: 2025-07-15T14:25:05.608Z
Learning: In the Unkey codebase, input validation for API endpoints is handled at the OpenAPI schema layer, which validates request fields like permission slugs (pattern: "^[a-zA-Z0-9_]+$", length: 1-100 characters) before requests reach the handler code. This validation occurs during the zen.BindBody call in handlers.

Applied to files:

  • go/apps/api/openapi/spec/common/Permission.yaml
📚 Learning: ensure that audit log descriptions accurately reflect the action being performed, such as updating t... 
Learnt from: chronark
PR: unkeyed/unkey#2146
File: apps/dashboard/lib/trpc/routers/api/setDefaultPrefix.ts:80-80
Timestamp: 2024-10-04T17:27:08.666Z
Learning: Ensure that audit log descriptions accurately reflect the action being performed, such as updating the `defaultPrefix`, and avoid incorrect references like 'name' when not applicable.

Applied to files:

  • go/apps/api/openapi/spec/common/Permission.yaml
📚 Learning: in the unkey dashboard, when making database queries involving workspaces, use `ctx.workspace.id` di... 
Learnt from: ogzhanolguncu
PR: unkeyed/unkey#2872
File: apps/dashboard/lib/trpc/routers/ratelimit/createNamespace.ts:36-39
Timestamp: 2025-04-08T09:34:24.576Z
Learning: In the Unkey dashboard, when making database queries involving workspaces, use `ctx.workspace.id` directly instead of fetching the workspace separately for better performance and security.

Applied to files:

  • go/apps/api/routes/v2_identities_update_identity/handler.go
📚 Learning: in the unkey codebase, role and permission names are validated at the openapi schema layer with stri... 
Learnt from: chronark
PR: unkeyed/unkey#3560
File: go/apps/api/routes/v2_keys_create_key/handler.go:468-581
Timestamp: 2025-07-15T14:47:20.490Z
Learning: In the Unkey codebase, role and permission names are validated at the OpenAPI schema layer with strict regex patterns: role names must match "^[a-zA-Z][a-zA-Z0-9_-]*$" (start with letter, followed by letters/numbers/underscores/hyphens) and permission names must match "^[a-zA-Z0-9_]+$" (letters, numbers, underscores only). This validation occurs during zen.BindBody call before handlers run, preventing malicious or improperly formatted names from reaching auto-creation logic.

Applied to files:

  • go/apps/api/routes/v2_keys_verify_key/200_test.go
📚 Learning: in the unkey dashboard ui for delete protection, the button/link to initiate the process is labeled ... 
Learnt from: MichaelUnkey
PR: unkeyed/unkey#3173
File: apps/docs/security/delete-protection.mdx:32-36
Timestamp: 2025-04-22T17:33:28.162Z
Learning: In the Unkey dashboard UI for delete protection, the button/link to initiate the process is labeled "Disable Delete Protection" while the confirmation button is labeled "Disable API Delete Protection". The documentation should maintain these different labels to match the actual UI.

Applied to files:

  • go/apps/api/openapi/spec/paths/v2/apis/deleteApi/index.yaml
📚 Learning: in the unkey dashboard ui for enabling delete protection, the button/link to initiate the process is... 
Learnt from: MichaelUnkey
PR: unkeyed/unkey#3173
File: apps/docs/security/delete-protection.mdx:21-24
Timestamp: 2025-04-22T17:34:04.438Z
Learning: In the Unkey dashboard UI for enabling delete protection, the button/link to initiate the process is labeled "Enable Delete Protection" while the confirmation button is labeled "Enable API Delete Protection". The documentation should maintain these different labels to match the actual UI.

Applied to files:

  • go/apps/api/openapi/spec/paths/v2/apis/deleteApi/index.yaml
📚 Learning: in the unkey codebase, openapi 3.1 is used, which allows sibling keys (such as `description`) alongs... 
Learnt from: Flo4604
PR: unkeyed/unkey#3421
File: go/apps/api/openapi/openapi.yaml:196-200
Timestamp: 2025-07-03T05:58:10.699Z
Learning: In the Unkey codebase, OpenAPI 3.1 is used, which allows sibling keys (such as `description`) alongside `$ref` in schema objects. Do not flag this as an error in future reviews.

Applied to files:

  • go/apps/api/openapi/spec/paths/v2/apis/deleteApi/index.yaml
  • go/apps/api/openapi/spec/paths/v2/apis/listKeys/V2ApisListKeysRequestBody.yaml
  • apps/docs/api-reference/v1/migration/keys.mdx
  • go/apps/api/openapi/openapi-generated.yaml
📚 Learning: in the authorization roles refactor, the rolebasic type uses `roleid` as the property name for the r... 
Learnt from: ogzhanolguncu
PR: unkeyed/unkey#3324
File: apps/dashboard/app/(app)/authorization/roles/components/table/components/actions/keys-table-action.popover.constants.tsx:17-18
Timestamp: 2025-06-19T11:48:05.070Z
Learning: In the authorization roles refactor, the RoleBasic type uses `roleId` as the property name for the role identifier, not `id`. This is consistent throughout the codebase in apps/dashboard/lib/trpc/routers/authorization/roles/query.ts.

Applied to files:

  • go/apps/api/openapi/spec/paths/v2/permissions/getRole/V2PermissionsGetRoleResponseBody.yaml
  • go/apps/api/routes/v2_permissions_get_role/200_test.go
📚 Learning: in the unkey codebase, cursor pagination uses a "limit + 1" approach where queries fetch one extra r... 
Learnt from: Flo4604
PR: unkeyed/unkey#3677
File: go/pkg/db/queries/ratelimit_override_list_by_namespace_id.sql:7-8
Timestamp: 2025-07-30T10:46:56.453Z
Learning: In the Unkey codebase, cursor pagination uses a "limit + 1" approach where queries fetch one extra record beyond the requested limit. The cursor is set to the ID of this extra record (which is not returned to the client), so using `>=` in the WHERE clause is correct because the next page should start from that cursor ID.

Applied to files:

  • go/apps/api/openapi/spec/paths/v2/apis/listKeys/V2ApisListKeysRequestBody.yaml
  • go/apps/api/openapi/openapi-generated.yaml
📚 Learning: go/deploy/metald cannot currently import helpers from go/pkg/db because it is not yet part of the ma... 
Learnt from: chronark
PR: unkeyed/unkey#3560
File: go/deploy/metald/internal/database/repository.go:0-0
Timestamp: 2025-07-15T14:59:30.212Z
Learning: go/deploy/metald cannot currently import helpers from go/pkg/db because it is not yet part of the main Go module; avoid suggesting such imports until the modules are unified.

Applied to files:

  • go/apps/api/routes/v2_keys_update_key/handler.go
📚 Learning: when implementing endpoints that require a key, avoid sending the key as part of the url. use post m... 
Learnt from: chronark
PR: unkeyed/unkey#2159
File: apps/api/src/routes/v1_keys_getWhoAmI.ts:12-13
Timestamp: 2024-10-03T09:51:43.832Z
Learning: When implementing endpoints that require a key, avoid sending the key as part of the URL. Use POST methods with the key in the request body instead, as URLs get logged and could leak sensitive information.

Applied to files:

  • apps/docs/api-reference/v1/migration/keys.mdx
📚 Learning: in `apps/api/src/pkg/keys/service.ts`, `ratelimitasync` is a table relation, not a column selection.... 
Learnt from: chronark
PR: unkeyed/unkey#2294
File: apps/api/src/pkg/keys/service.ts:268-271
Timestamp: 2024-10-20T07:05:55.471Z
Learning: In `apps/api/src/pkg/keys/service.ts`, `ratelimitAsync` is a table relation, not a column selection. When querying, ensure that table relations are included appropriately, not as columns.

Applied to files:

  • apps/docs/api-reference/v1/migration/ratelimiting.mdx
📚 Learning: in `authorization/roles/[roleid]/update-role.tsx`, the tag `role-${role.id}` is revalidated after up... 
Learnt from: AkshayBandi027
PR: unkeyed/unkey#2215
File: apps/dashboard/app/(app)/@breadcrumb/authorization/roles/[roleId]/page.tsx:28-29
Timestamp: 2024-10-08T15:33:04.290Z
Learning: In `authorization/roles/[roleId]/update-role.tsx`, the tag `role-${role.id}` is revalidated after updating a role to ensure that the caching mechanism is properly handled for roles.

Applied to files:

  • go/apps/api/routes/v2_permissions_get_role/200_test.go
📚 Learning: in the ratelimits logs context, "requestid" is used for single request ids, while "requestids" is us... 
Learnt from: ogzhanolguncu
PR: unkeyed/unkey#2866
File: apps/dashboard/app/(app)/ratelimits/[namespaceId]/logs/components/control-cloud/index.tsx:13-30
Timestamp: 2025-02-05T11:49:04.098Z
Learning: In the ratelimits logs context, "requestId" is used for single request IDs, while "requestIds" is used when dealing with multiple request IDs.

Applied to files:

  • go/apps/api/openapi/openapi-generated.yaml
🧬 Code Graph Analysis (12)
go/apps/api/routes/v2_keys_update_key/404_test.go (1)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
go/apps/api/routes/v2_identities_update_identity/403_test.go (1)
go/apps/api/openapi/gen.go (2)
  • Identity (141-153)
  • Meta (259-262)
go/apps/api/routes/v2_keys_update_key/401_test.go (1)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
go/apps/api/routes/register.go (1)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
go/apps/api/routes/v2_identities_update_identity/401_test.go (1)
go/apps/api/openapi/gen.go (2)
  • Identity (141-153)
  • Meta (259-262)
go/apps/api/routes/v2_identities_update_identity/404_test.go (1)
go/apps/api/openapi/gen.go (2)
  • Identity (141-153)
  • Meta (259-262)
go/apps/api/routes/v2_keys_update_key/400_test.go (1)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
go/apps/api/routes/v2_keys_update_key/three_state_test.go (1)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
go/apps/api/routes/v2_identities_update_identity/400_test.go (2)
go/apps/api/openapi/gen.go (2)
  • Identity (141-153)
  • Meta (259-262)
go/pkg/db/models_generated.go (1)
  • Identity (657-666)
go/apps/api/routes/v2_keys_update_key/403_test.go (1)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
go/apps/api/routes/v2_keys_update_key/200_test.go (1)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
go/apps/api/openapi/gen.go (3)
apps/dashboard/lib/trpc/routers/api/keys/query-api-keys/schema.ts (1)
  • Ratelimits (32-32)
go/pkg/db/models_generated.go (3)
  • Identity (657-666)
  • Permission (746-754)
  • Role (813-820)
go/pkg/codes/unkey_data.go (1)
  • Data (93-136)
🪛 LanguageTool
apps/docs/api-reference/v1/migration/keys.mdx

[grammar] ~480-~480: Use correct spacing
Context: ...pe: application/json" \ -d '{"keyId": "key_123"}' </Tab> <Tab title="Response Changes">json title="Get Key Response Diff" icon="database" expandable // v1 Response (direct response) { "id": "key_123", // [!code --] "start": "sk_5j1", // [!code --] "workspaceId": "ws_1234", // [!code --] "apiId": "api_abc", // [!code --] "name": "Production API Key", // [!code --] "ownerId": "user_456", // [!code --] "meta": { // [!code --] "roles": ["admin", "user"], // [!code --] "stripeCustomerId": "cus_1234" // [!code --] }, // [!code --] "createdAt": 1705306200000, // [!code --] "updatedAt": 1705306200000, // [!code --] "expires": null, // [!code --] "remaining": 995, // [!code --] "refill": { // [!code --] "interval": "monthly", // [!code --] "amount": 1000, // [!code --] "refillDay": 1, // [!code --] "lastRefillAt": 1705306200000 // [!code --] }, // [!code --] "ratelimit": { // [!code --] "async": true, // [!code --] "type": "fast", // [!code --] "limit": 100, // [!code --] "duration": 60000 // [!code --] }, // [!code --] "roles": ["admin", "finance"], // [!code --] "permissions": ["documents.read", "documents.write"], // [!code --] "enabled": true, // [!code --] "identity": { // [!code --] "id": "identity_123", // [!code --] "externalId": "customer_789", // [!code --] "meta": {} // [!code --] } // [!code --] } // v2 Response { "meta": { // [!code ++] "requestId": "req_xyz789" // [!code ++] }, // [!code ++] "data": { // [!code ++] "id": "key_123", // [!code ++] "apiId": "api_abc", // [!code ++] "name": "Production API Key", // [!code ++] "prefix": "prod", // [!code ++] "start": "prod_1234", // [!code ++] "meta": { // [!code ++] "plan": "enterprise" // [!code ++] }, // [!code ++] "createdAt": "2024-01-15T10:30:00Z", // [!code ++] "expires": null, // [!code ++] "credits": { // [!code ++] "remaining": 995, // [!code ++] "refill": { // [!code ++] "interval": "monthly", // [!code ++] "amount": 1000, // [!code ++] "refillDay": 1 // [!code ++] } // [!code ++] }, // [!code ++] "ratelimits": [ // [!code ++] { // [!code ++] "name": "api_requests", // [!code ++] "limit": 100, // [!code ++] "duration": 60000, // [!code ++] "autoApply": true // [!code ++] } // [!code ++] ], // [!code ++] "identity": { // [!code ++] "id": "id_123", // [!code ++] "externalId": "customer_789", // [!code ++] "meta": {}, // [!code ++] "ratelimits": [] // [!code ++] }, // [!code ++] "enabled": true, // [!code ++] "permissions": ["documents.read"], // [!code ++] "roles": ["editor"] // [!code ++] } // [!code ++] } </Tab> <Tab title="Complete Examples">bash title="v1 cURL" icon="terminal" curl -X GET "https://api.unkey.dev/v1/keys.getKey?keyId=key_123" \ -H "Authorization: Bearer " bash title="v2 cURL" icon="terminal" highlight={1,3} curl -X POST https://api.unkey.com/v2/keys.getKey \ -H "Authorization: Bearer " \ -H "Content-Type: application/json" \ -d '{ "keyId": "key_123" }' ``` --- ## POST /v1/keys.deleteKey → POST /v2/keys....

(QB_NEW_EN_OTHER_ERROR_IDS_5)

[grammar] ~760-~760: Use correct spacing
Context: ...": "set", // [!code ++] "value": 1000 } </Tab> <Tab title="Response Changes" icon="database">json title="Update Credits Response Diff" icon="check-circle" expandable // v1 Response (direct response) { "remaining": 1000 // [!code --] } // v2 Response { "meta": { // [!code ++] "requestId": "req_updatecredits123" // [!code ++] }, // [!code ++] "data": { // [!code ++] "keyId": "key_123", // [!code ++] "credits": { // [!code ++] "remaining": 1000 // [!code ++] } // [!code ++] } // [!code ++] } </Tab> <Tab title="cURL Examples" icon="terminal">bash title="v1 cURL" icon="terminal" curl -X POST https://api.unkey.dev/v1/keys.updateRemaining \ -H "Authorization: Bearer " \ -H "Content-Type: application/json" \ -d '{ "keyId": "key_123", "value": 1000 }' bash title="v2 cURL" icon="terminal" highlight={1,6} curl -X POST https://api.unkey.com/v2/keys.updateCredits \ -H "Authorization: Bearer " \ -H "Content-Type: application/json" \ -d '{ "keyId": "key_123", "operation": "set", "value": 1000 }' ``` --- ## POST /v1/keys.whoami → POST /v2/keys.who...

(QB_NEW_EN_OTHER_ERROR_IDS_5)

apps/docs/api-reference/v1/migration/ratelimiting.mdx

[grammar] ~15-~15: There might be a mistake here.
Context: ...tructure**: Single ratelimit object → ratelimits array with named limits - **Override m...

(QB_NEW_EN_OTHER)

[grammar] ~19-~19: Use correct spacing
Context: ...array. - **Metadata**: Removedmeta` object. ### Migration Impact: - Existing in v1:...

(QB_NEW_EN_OTHER_ERROR_IDS_5)

[grammar] ~21-~21: Use correct spacing
Context: ...: Removed meta object. ### Migration Impact: - Existing in v1: Full rate limiting and...

(QB_NEW_EN_OTHER_ERROR_IDS_5)

[grammar] ~37-~37: Use correct spacing
Context: ...h additional metadata - Better override handling json title="Rate Limit Request" icon="bolt" { "namespace": "email_sending", "identifier": "user_123", "limit": 100, "duration": 3600000, "cost": 1, "async": false, // [!code --] "meta": {}, // [!code --] "resources": [ // [!code --] { // [!code --] "type": "project", // [!code --] "id": "p_123", // [!code --] "name": "unkey" // [!code --] } // [!code --] ] // [!code --] } ```json title="Rate Limit Response Diff" icon="database" expandable // v1 Response (direct response) { "success": true, // [!code --] "limit": 100, // [!code --] "remaining": 99, // [!code --] "reset": 1672531200000 // [!code --] } // v2 Response { "meta": { // [!code +...

(QB_NEW_EN_OTHER_ERROR_IDS_5)

[grammar] ~742-~742: There might be a mistake here.
Context: ...mit configurations - [ ] Remove async parameter - [ ] Update Key creation to use autoApply...

(QB_NEW_EN_OTHER)

[grammar] ~743-~743: There might be a mistake here.
Context: ...Update Key creation to use autoApply if necessary - [ ] Plan for multiple rate limits per ke...

(QB_NEW_EN_OTHER)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)
  • GitHub Check: Test Go API Local / Test
  • GitHub Check: Test API / API Test Local
  • GitHub Check: Test Agent Local / test_agent_local
  • GitHub Check: Build / Build
  • GitHub Check: Test Packages / Test
  • GitHub Check: Analyze (javascript-typescript)
🔇 Additional comments (52)
go/apps/api/routes/v2_keys_verify_key/handler.go (1)

204-210: Internal ID now correctly surfaced in response – LGTM

Populating Identity.Id with the DB primary key closes the gap created by the earlier schema change. No further action required.

go/apps/api/routes/v2_keys_whoami/handler.go (1)

183-189: Identity struct update looks correct

Id is now returned alongside ExternalId; the additional field is conditionally populated only when the identity exists, mirroring surrounding logic.

go/apps/api/routes/v2_identities_list_identities/handler.go (1)

126-132: Consistent inclusion of Id in list response

The loop populates Id for every item, matching the new OpenAPI contract. Implementation is straightforward and safe.

go/apps/api/routes/v2_keys_get_key/handler.go (1)

255-260: Id field added – implementation aligned with other handlers

The newly-added assignment keeps the get-key response in sync with verify & whoami endpoints. Logic is sound.

go/apps/api/routes/v2_keys_update_key/401_test.go (1)

25-26: Key cache injection looks correct. Nothing further to flag for this test setup.

go/apps/api/routes/v2_keys_update_key/400_test.go (1)

27-28: Key cache injection looks correct.
No additional concerns for this test file.

go/apps/api/routes/v2_keys_update_key/404_test.go (1)

26-27: Key cache injection looks correct.
No further issues spotted here.

go/apps/api/routes/v2_keys_create_key/handler.go (1)

420-420: LGTM!

The addition of the UpdatedAt field with null initial value is consistent with database schema requirements and follows the established pattern used in permission creation above (line 398).

go/apps/api/routes/v2_keys_update_key/three_state_test.go (1)

34-34: LGTM!

The addition of KeyCache field correctly aligns the test setup with the updated handler dependencies, ensuring cache invalidation logic can be properly tested.

go/apps/api/openapi/spec/paths/v2/identities/updateIdentity/index.yaml (2)

10-11: LGTM!

Good formatting cleanup by removing trailing spaces in the documentation.

26-26: LGTM!

The example update from externalId to identity correctly reflects the API schema changes and provides more flexibility for identity references.

go/apps/api/routes/v2_identities_update_identity/200_test.go (1)

110-110: LGTM!

The field name change from ExternalId to Identity aligns with the broader API refactoring effort to unify identity references. The changes are consistent across all test cases and reflect the updated API contract.

Also applies to: 151-151, 198-198, 217-217, 248-248

go/apps/api/routes/v2_keys_update_key/200_test.go (1)

30-30: LGTM!

The addition of KeyCache fields in both test functions correctly aligns the test setup with the updated handler dependencies, ensuring consistency across all key update route tests.

Also applies to: 80-80

go/apps/api/openapi/spec/common/RatelimitRequest.yaml (1)

52-54: Change is purely cosmetic – looks good.

The single-line description retains the original meaning and keeps the spec concise. No further action required.

go/apps/api/openapi/spec/paths/v2/apis/getApi/index.yaml (1)

11-15: YAML ordering tweak is harmless but double-check generator output.

Moving description above content is valid OpenAPI, yet some code‐gen tools are sensitive to ordering inside the response object. Make sure the SDK / server stubs still compile after regeneration.

Also applies to: 27-31

go/apps/api/openapi/spec/paths/v2/apis/listKeys/V2ApisListKeysRequestBody.yaml (1)

25-26: Example shortened – OK.

Using a shorter cursor string improves readability and has no schema impact.

go/apps/api/routes/register.go (1)

389-397: 👍 Added KeyCache injection keeps handler parity.

v2KeysUpdateKey now receives the same cache dependency as other key-mutation handlers, preventing stale verification key data after an update. Good catch.

One follow-up: ensure KeyCache.Invalidate is actually called inside v2_keys_update_key/handler.go; otherwise the injection has no effect.

go/apps/api/routes/v2_identities_update_identity/401_test.go (1)

31-34: Tests Align with Updated OpenAPI Spec and Handler Alias

The handler.Request type is just an alias for openapi.V2IdentitiesUpdateIdentityRequestBody, which now defines an Identity string "json:\"identity\"" field (not ExternalId). The tests sending Identity match both the generated spec (gen.go) and the handler’s use of req.Identity. No further changes are needed here.

go/apps/api/openapi/spec/paths/v2/apis/deleteApi/V2ApisDeleteApiResponseBody.yaml (1)

18-18: LGTM! Good clarification of the empty response structure.

Making the empty data object explicit in the example improves clarity and aligns with the broader effort to streamline response schemas.

go/apps/api/routes/v2_identities_get_identity/handler.go (1)

148-153: LGTM! Excellent simplification of the response structure.

The changes successfully:

  • Remove the redundant wrapper type V2IdentitiesGetIdentityResponseData
  • Add the explicit internal Id field to the identity response
  • Maintain backward compatibility for existing fields

This aligns perfectly with the PR objectives of unifying identity representation across the API.

go/apps/api/routes/v2_keys_verify_key/200_test.go (1)

567-567: LGTM! Test correctly updated to match the new identity response structure.

The test assertion properly includes the new Id field in the expected openapi.Identity struct, ensuring test coverage remains accurate after the API changes.

go/apps/api/routes/v2_permissions_get_permission/200_test.go (1)

78-78: LGTM! Tests correctly updated to match the flattened permission response structure.

The test changes properly reflect the removal of the nested Permission field wrapper, now directly accessing res.Body.Data as the permission object. All test cases have been consistently updated, maintaining good test coverage for the simplified API response structure.

Also applies to: 99-99, 139-139

go/apps/api/routes/v2_identities_update_identity/handler.go (2)

396-397: LGTM! Correct mapping from database identity to response.

The response construction correctly maps the database identity fields to the response structure, setting both the internal Id and ExternalId from the actual stored identity data rather than the request data.

118-118: Approve Identity field usage across v2 identity endpoints

Verified that the Identity field is now used consistently in all v2 identity routes and in the database query parameters, and matches the OpenAPI spec (where identity can be either the externalId or the internal identityId). No further changes are needed here.

go/apps/api/routes/v2_keys_update_key/403_test.go (1)

42-42: LGTM! Consistent KeyCache initialization across test functions.

The addition of KeyCache: h.Caches.VerificationKeyByHash is correctly applied to all three Handler struct initializations, maintaining consistency with the main handler implementation changes.

Also applies to: 94-94, 139-139

go/apps/api/routes/v2_permissions_get_role/200_test.go (1)

100-100: LGTM! Correctly updated for simplified response structure.

The test assertions have been properly updated to reflect the removal of the intermediate wrapper in the response. The role data is now accessed directly from res.Body.Data instead of the nested res.Body.Data.Role, which aligns with the API response simplification.

Also applies to: 154-154

go/apps/api/routes/v2_identities_update_identity/404_test.go (1)

38-39: LGTM! Test updated to match new API contract.

The field name change from ExternalId to Identity correctly aligns with the updated API contract and handler implementation. The test logic and assertions remain unchanged, maintaining the same test coverage.

go/apps/api/routes/v2_permissions_get_permission/handler.go (1)

97-97: LGTM! Response structure correctly simplified.

The removal of the intermediate wrapper and direct embedding of permissionResponse in the Data field improves API consistency and reduces unnecessary nesting, aligning with the broader response simplification efforts across the codebase.

go/apps/api/openapi/spec/paths/v2/apis/deleteApi/index.yaml (2)

8-12: LGTM! Documentation formatting improvements.

The multi-line formatting of the description enhances readability while preserving the original content and meaning. The split helps separate the use cases from the technical details about key invalidation and the important warning about permanence.

31-31: LGTM! Improved response description clarity.

The enhanced description provides clearer information about the immediate effect on associated keys, which is important for API consumers to understand the impact of the deletion operation.

go/apps/api/routes/v2_identities_update_identity/400_test.go (1)

56-57: Identity field rename is fully consistent across handler, schema, and generated code

All references to ExternalId have been replaced with Identity in:

  • Handler logic (req.Identity in go/apps/api/routes/v2_identities_update_identity/handler.go)
  • OpenAPI request schema (identity: property in V2IdentitiesUpdateIdentityRequestBody.yaml)
  • Generated Go structs (Identity string json:"identity"inopenapi/gen.go`)

No further action required.

go/apps/api/openapi/spec/common/Identity.yaml (2)

14-14: LGTM! Fixed formatting for ratelimits description.

Moving the description inside the property definition improves the OpenAPI specification structure.

3-5: ID field requirement implemented across all handlers
Verified that every handler returning an openapi.Identity now populates the new Id property and corresponding tests have been updated to assert on Id. No further changes required.

go/apps/api/routes/v2_identities_update_identity/403_test.go (1)

42-43: Consistent field rename across test cases.

The systematic change from ExternalId to Identity maintains consistency with the API refactor while preserving all test logic and coverage. The Meta field formatting improvements enhance readability.

Also applies to: 64-65, 108-109

go/apps/api/openapi/spec/paths/v2/identities/getIdentity/V2IdentitiesGetIdentityResponseBody.yaml (1)

9-9: LGTM! Schema simplification improves API consistency.

The change from local response data schema to the common Identity.yaml schema removes unnecessary wrapper objects and promotes schema reusability across endpoints.

go/apps/api/openapi/spec/paths/v2/permissions/getRole/V2PermissionsGetRoleResponseBody.yaml (1)

9-9: LGTM! Consistent with the API response simplification pattern.

This change aligns with the broader effort to remove wrapper objects and directly embed core entity schemas in response bodies.

go/apps/api/routes/v2_keys_update_key/handler.go (3)

16-16: LGTM! Proper cache dependency injection.

The addition of the cache import and KeyCache field to the Handler struct follows the established dependency injection pattern.

Also applies to: 37-37

121-135: LGTM! Explicit zero value initialization improves code clarity.

The explicit initialization of sql.Null* fields with both Valid: false and zero values makes the intent clearer and follows defensive programming practices.

590-591: LGTM! Proper cache invalidation after successful transaction.

The cache invalidation is correctly placed after the transaction completes successfully, ensuring data consistency. Using key.Hash as the cache key aligns with the expected cache structure.

go/apps/api/openapi/spec/paths/v2/permissions/getPermission/V2PermissionsGetPermissionResponseBody.yaml (2)

9-9: LGTM! Consistent schema simplification pattern.

The change from local response data schema to common Permission.yaml aligns with the broader API response simplification effort.

19-23: LGTM! Example correctly reflects the flattened response structure.

The updated example properly demonstrates the simplified response format with permission fields directly under data instead of nested within a wrapper object.

apps/docs/api-reference/v1/migration/ratelimiting.mdx (1)

17-19: "async" removal statement contradicts later examples

The bullet says the async parameter is removed, yet the setOverride request/response examples (Lines 130-158) still include "async": false.
Confirm whether async is really deprecated for all rate-limit-related endpoints or only for /ratelimits.limit. Update either the bullet or the examples for consistency.

apps/docs/api-reference/v1/migration/keys.mdx (1)

247-251: Good call-out: explicit id in identity

Adding the id field aligns the docs with the updated Identity schema. No issues spotted here.

go/apps/api/openapi/gen.go (7)

145-153: LGTM: Identity struct enhanced with internal ID field.

The addition of the Id field to the Identity struct aligns with the PR objective to always include an internal identity ID. The formatting improvements to Meta and Ratelimits fields enhance readability while maintaining the same functionality.

207-208: LGTM: Simplified KeyResponseData structure.

Removing the redundant ExternalId field from KeyResponseData is a good improvement since this information is now available through identity.externalId, eliminating data duplication and providing a cleaner API structure.

310-310: LGTM: Improved documentation for Permission slug field.

The updated comment provides clearer information about the slug field's purpose and when it's set.

655-655: LGTM: Simplified identity response structure.

Directly embedding the Identity type in the response body eliminates unnecessary nesting and provides a cleaner API structure for consumers.

1531-1531: LGTM: Simplified permission response structure.

Directly embedding the Permission type in the response body removes redundant wrapper layers and improves API usability.

1549-1549: LGTM: Simplified role response structure.

Directly embedding the Role type in the response body eliminates unnecessary response wrapper complexity.

687-688: LGTM: Unified identity field naming and improved flexibility.

Renaming the field from ExternalId to Identity and updating the documentation to clarify that it accepts either external or internal identity IDs provides better API flexibility and more consistent naming across endpoints.

go/apps/api/openapi/openapi-generated.yaml (2)

2173-2175: Requiring both externalId and id is a breaking change – verify intent

The Identity object is now:

required:
  - externalId
  - id

Historically many identities are created without an externalId (e.g. dashboard-created keys). Making externalId mandatory in responses will break backward compatibility for existing records and SDK deserialisation.

If the goal is “id must always be present, externalId is optional”, change the list to:

-required:
-  - externalId
-  - id
+required:
+  - id

423-427: Directly returning Identity object – looks good

Replacing the wrapped response with a direct $ref to Identity simplifies the contract and aligns handlers with the spec. 👍

@chronark @coderabbitai
Update go/apps/api/openapi/spec/common/Permission.yaml
8a3d211 
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
@chronark
Copy link
Collaborator

chronark commented Aug 1, 2025

rabbit caught one description issue, the rest looks fine

@Flo4604
Copy link
Contributor Author

Flo4604 commented Aug 1, 2025

fixed. should we release this once its merged and get the new sdk out?

@Flo4604 Flo4604 enabled auto-merge August 1, 2025 18:11
@Flo4604
Copy link
Contributor Author

Flo4604 commented Aug 1, 2025

nvm that was the wrong file to edit :D

coderabbitai[bot]
coderabbitai bot reviewed Aug 1, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

♻️ Duplicate comments (1)
go/apps/api/openapi/spec/paths/v2/identities/updateIdentity/V2IdentitiesUpdateIdentityRequestBody.yaml (1)

3-7: Breaking change: externalId alias removed – restore for backward-compatibility

The previous review already highlighted that many existing clients still POST "externalId" in the payload.
With this spec they will now receive a 400, because "identity" is the only recognised property and is required.

Please keep the old field as a deprecated alias (or use oneOf/anyOf) so that requests using either key remain valid. Example patch:

 properties:
   identity:
     type: string
     minLength: 3
     description: The ID of the identity to update. Accepts either the externalId (your system-generated identifier) or the identityId (internal identifier returned by the identity service).
     example: user_123
+  externalId:
+    type: string
+    minLength: 3
+    deprecated: true
+    description: |
+      Deprecated-alias for `identity`. Maintained temporarily to avoid breaking
+      existing clients still sending `externalId`.
+    example: user_123
 ...
 required:
   - identity

Corresponding handler code should populate req.Identity from either field, and tests should cover both spellings.
Failing to do so will create an unnecessary breaking change for every current SDK and integration.

Also applies to: 38-38

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8a3d211 and 348bd8c.

📒 Files selected for processing (4)
  • go/apps/api/openapi/gen.go (7 hunks)
  • go/apps/api/openapi/openapi-generated.yaml (16 hunks)
  • go/apps/api/openapi/spec/paths/v2/identities/updateIdentity/V2IdentitiesUpdateIdentityRequestBody.yaml (2 hunks)
  • go/apps/api/routes/register.go (1 hunks)
🧰 Additional context used
🧠 Learnings (20)
📓 Common learnings 
Learnt from: ogzhanolguncu
PR: unkeyed/unkey#2825
File: apps/dashboard/app/(app)/logs-v2/hooks/use-bookmarked-filters.ts:0-0
Timestamp: 2025-01-30T20:51:44.359Z
Learning: The user (ogzhanolguncu) prefers to handle refactoring suggestions in separate PRs to maintain focus in the current PR.

Learnt from: ogzhanolguncu
PR: unkeyed/unkey#3661
File: go/apps/api/routes/v2_identities_update_identity/handler.go:115-119
Timestamp: 2025-07-28T11:47:43.144Z
Learning: The v2 update identity endpoint (go/apps/api/routes/v2_identities_update_identity/handler.go) intentionally uses `ExternalId` field instead of the unified `Identity` field used in other v2 identity endpoints. This is because the update endpoint needs to both find by externalId and potentially update the externalId value, making the specific field name more appropriate than the generic `Identity` field.

Learnt from: Flo4604
PR: unkeyed/unkey#3151
File: go/apps/api/openapi/gen.go:221-233
Timestamp: 2025-04-18T20:01:33.812Z
Learning: For identity deletion operations in the Unkey API, identityId takes precedence over externalId when both are provided in the request body.

Learnt from: chronark
PR: unkeyed/unkey#2693
File: apps/api/src/routes/v1_keys_updateKey.ts:350-368
Timestamp: 2024-11-29T15:15:47.308Z
Learning: In `apps/api/src/routes/v1_keys_updateKey.ts`, the code intentionally handles `externalId` and `ownerId` separately for clarity. The `ownerId` field will be removed in the future, simplifying the code.

Learnt from: Flo4604
PR: unkeyed/unkey#2955
File: go/apps/api/routes/v2_identities_create_identity/handler.go:162-202
Timestamp: 2025-03-19T09:25:59.751Z
Learning: In the Unkey codebase, input validation for API endpoints is primarily handled through OpenAPI schema validation, which occurs before requests reach the handler code. For example, in the identities.createIdentity endpoint, minimum values for ratelimit duration and limit are defined in the OpenAPI schema rather than duplicating these checks in the handler.

Learnt from: ogzhanolguncu
PR: unkeyed/unkey#3315
File: apps/dashboard/app/(app)/apis/[apiId]/_components/create-key/components/general-setup.tsx:40-50
Timestamp: 2025-06-19T13:01:55.338Z
Learning: In the create-key form's GeneralSetup component, the Controller is intentionally bound to "identityId" as the primary field while "externalId" is set explicitly via setValue. The ExternalIdField component has been designed to handle this pattern where it receives identityId as its value prop but manages both identityId and externalId through its onChange callback.

Learnt from: ogzhanolguncu
PR: unkeyed/unkey#3324
File: apps/dashboard/app/(app)/authorization/roles/components/table/components/actions/keys-table-action.popover.constants.tsx:17-18
Timestamp: 2025-06-19T11:48:05.070Z
Learning: In the authorization roles refactor, the RoleBasic type uses `roleId` as the property name for the role identifier, not `id`. This is consistent throughout the codebase in apps/dashboard/lib/trpc/routers/authorization/roles/query.ts.
📚 Learning: the v2 update identity endpoint (go/apps/api/routes/v2_identities_update_identity/handler.go) intent... 
Learnt from: ogzhanolguncu
PR: unkeyed/unkey#3661
File: go/apps/api/routes/v2_identities_update_identity/handler.go:115-119
Timestamp: 2025-07-28T11:47:43.144Z
Learning: The v2 update identity endpoint (go/apps/api/routes/v2_identities_update_identity/handler.go) intentionally uses `ExternalId` field instead of the unified `Identity` field used in other v2 identity endpoints. This is because the update endpoint needs to both find by externalId and potentially update the externalId value, making the specific field name more appropriate than the generic `Identity` field.

Applied to files:

  • go/apps/api/routes/register.go
  • go/apps/api/openapi/spec/paths/v2/identities/updateIdentity/V2IdentitiesUpdateIdentityRequestBody.yaml
  • go/apps/api/openapi/gen.go
  • go/apps/api/openapi/openapi-generated.yaml
📚 Learning: in the `v1/keys.updatekey` endpoint, the server validates the refill configuration before checking i... 
Learnt from: MichaelUnkey
PR: unkeyed/unkey#2114
File: apps/api/src/routes/v1_keys_updateKey.error.test.ts:0-0
Timestamp: 2024-09-27T15:20:05.475Z
Learning: In the `v1/keys.updateKey` endpoint, the server validates the refill configuration before checking if the key exists. Therefore, tests can assert validation errors without needing to create the key first.

Applied to files:

  • go/apps/api/routes/register.go
📚 Learning: for identity deletion operations in the unkey api, identityid takes precedence over externalid when ... 
Learnt from: Flo4604
PR: unkeyed/unkey#3151
File: go/apps/api/openapi/gen.go:221-233
Timestamp: 2025-04-18T20:01:33.812Z
Learning: For identity deletion operations in the Unkey API, identityId takes precedence over externalId when both are provided in the request body.

Applied to files:

  • go/apps/api/openapi/spec/paths/v2/identities/updateIdentity/V2IdentitiesUpdateIdentityRequestBody.yaml
  • go/apps/api/openapi/gen.go
  • go/apps/api/openapi/openapi-generated.yaml
📚 Learning: in `apps/api/src/routes/v1_keys_updatekey.ts`, the code intentionally handles `externalid` and `owne... 
Learnt from: chronark
PR: unkeyed/unkey#2693
File: apps/api/src/routes/v1_keys_updateKey.ts:350-368
Timestamp: 2024-11-29T15:15:47.308Z
Learning: In `apps/api/src/routes/v1_keys_updateKey.ts`, the code intentionally handles `externalId` and `ownerId` separately for clarity. The `ownerId` field will be removed in the future, simplifying the code.

Applied to files:

  • go/apps/api/openapi/spec/paths/v2/identities/updateIdentity/V2IdentitiesUpdateIdentityRequestBody.yaml
  • go/apps/api/openapi/gen.go
  • go/apps/api/openapi/openapi-generated.yaml
📚 Learning: in the create-key form's generalsetup component, the controller is intentionally bound to "identityi... 
Learnt from: ogzhanolguncu
PR: unkeyed/unkey#3315
File: apps/dashboard/app/(app)/apis/[apiId]/_components/create-key/components/general-setup.tsx:40-50
Timestamp: 2025-06-19T13:01:55.338Z
Learning: In the create-key form's GeneralSetup component, the Controller is intentionally bound to "identityId" as the primary field while "externalId" is set explicitly via setValue. The ExternalIdField component has been designed to handle this pattern where it receives identityId as its value prop but manages both identityId and externalId through its onChange callback.

Applied to files:

  • go/apps/api/openapi/spec/paths/v2/identities/updateIdentity/V2IdentitiesUpdateIdentityRequestBody.yaml
  • go/apps/api/openapi/openapi-generated.yaml
📚 Learning: in the unkey codebase, input validation for api endpoints is primarily handled through openapi schem... 
Learnt from: Flo4604
PR: unkeyed/unkey#2955
File: go/apps/api/routes/v2_identities_create_identity/handler.go:162-202
Timestamp: 2025-03-19T09:25:59.751Z
Learning: In the Unkey codebase, input validation for API endpoints is primarily handled through OpenAPI schema validation, which occurs before requests reach the handler code. For example, in the identities.createIdentity endpoint, minimum values for ratelimit duration and limit are defined in the OpenAPI schema rather than duplicating these checks in the handler.

Applied to files:

  • go/apps/api/openapi/spec/paths/v2/identities/updateIdentity/V2IdentitiesUpdateIdentityRequestBody.yaml
  • go/apps/api/openapi/openapi-generated.yaml
📚 Learning: in the unkey codebase, openapi 3.1 is used, which allows sibling keys (such as `description`) alongs... 
Learnt from: Flo4604
PR: unkeyed/unkey#3421
File: go/apps/api/openapi/openapi.yaml:196-200
Timestamp: 2025-07-03T05:58:10.699Z
Learning: In the Unkey codebase, OpenAPI 3.1 is used, which allows sibling keys (such as `description`) alongside `$ref` in schema objects. Do not flag this as an error in future reviews.

Applied to files:

  • go/apps/api/openapi/openapi-generated.yaml
📚 Learning: in the unkey dashboard ui for delete protection, the button/link to initiate the process is labeled ... 
Learnt from: MichaelUnkey
PR: unkeyed/unkey#3173
File: apps/docs/security/delete-protection.mdx:32-36
Timestamp: 2025-04-22T17:33:28.162Z
Learning: In the Unkey dashboard UI for delete protection, the button/link to initiate the process is labeled "Disable Delete Protection" while the confirmation button is labeled "Disable API Delete Protection". The documentation should maintain these different labels to match the actual UI.

Applied to files:

  • go/apps/api/openapi/openapi-generated.yaml
📚 Learning: in the unkey dashboard ui for enabling delete protection, the button/link to initiate the process is... 
Learnt from: MichaelUnkey
PR: unkeyed/unkey#3173
File: apps/docs/security/delete-protection.mdx:21-24
Timestamp: 2025-04-22T17:34:04.438Z
Learning: In the Unkey dashboard UI for enabling delete protection, the button/link to initiate the process is labeled "Enable Delete Protection" while the confirmation button is labeled "Enable API Delete Protection". The documentation should maintain these different labels to match the actual UI.

Applied to files:

  • go/apps/api/openapi/openapi-generated.yaml
📚 Learning: ensure that audit log descriptions accurately reflect the action being performed, such as updating t... 
Learnt from: chronark
PR: unkeyed/unkey#2146
File: apps/dashboard/lib/trpc/routers/api/setDefaultPrefix.ts:80-80
Timestamp: 2024-10-04T17:27:08.666Z
Learning: Ensure that audit log descriptions accurately reflect the action being performed, such as updating the `defaultPrefix`, and avoid incorrect references like 'name' when not applicable.

Applied to files:

  • go/apps/api/openapi/openapi-generated.yaml
📚 Learning: in the authorization roles refactor, the rolebasic type uses `roleid` as the property name for the r... 
Learnt from: ogzhanolguncu
PR: unkeyed/unkey#3324
File: apps/dashboard/app/(app)/authorization/roles/components/table/components/actions/keys-table-action.popover.constants.tsx:17-18
Timestamp: 2025-06-19T11:48:05.070Z
Learning: In the authorization roles refactor, the RoleBasic type uses `roleId` as the property name for the role identifier, not `id`. This is consistent throughout the codebase in apps/dashboard/lib/trpc/routers/authorization/roles/query.ts.

Applied to files:

  • go/apps/api/openapi/openapi-generated.yaml
📚 Learning: applies to go/deploy/**/*.{go,js,ts,tsx,py,sh,md,txt,json,yaml,yml,ini,env,conf,html,css,scss,xml,c,... 
Learnt from: CR
PR: unkeyed/unkey#0
File: go/deploy/CLAUDE.md:0-0
Timestamp: 2025-07-21T18:05:58.236Z
Learning: Applies to go/deploy/**/*.{go,js,ts,tsx,py,sh,md,txt,json,yaml,yml,ini,env,conf,html,css,scss,xml,c,h,cpp,java,rb,rs,php,pl,sql} : Use `AIDEV-NOTE:`, `AIDEV-TODO:`, `AIDEV-BUSINESS_RULE:`, or `AIDEV-QUESTION:` (all-caps prefix) as anchor comments aimed at AI and developers.

Applied to files:

  • go/apps/api/openapi/openapi-generated.yaml
📚 Learning: applies to go/deploy/**/*.{go,js,ts,tsx,py,sh,md,txt,json,yaml,yml,ini,env,conf,html,css,scss,xml,c,... 
Learnt from: CR
PR: unkeyed/unkey#0
File: go/deploy/CLAUDE.md:0-0
Timestamp: 2025-07-21T18:05:58.236Z
Learning: Applies to go/deploy/**/*.{go,js,ts,tsx,py,sh,md,txt,json,yaml,yml,ini,env,conf,html,css,scss,xml,c,h,cpp,java,rb,rs,php,pl,sql} : Make sure to add relevant anchor comments whenever a file or piece of code is too complex, very important, confusing, or could have a bug.

Applied to files:

  • go/apps/api/openapi/openapi-generated.yaml
📚 Learning: in the unkey codebase, using non-standard http status code 529 for internal-only endpoints is accept... 
Learnt from: Flo4604
PR: unkeyed/unkey#3647
File: go/apps/api/openapi/openapi-generated.yaml:3569-3575
Timestamp: 2025-07-22T18:09:41.800Z
Learning: In the Unkey codebase, using non-standard HTTP status code 529 for internal-only endpoints is acceptable and should not be flagged as an issue in future reviews.

Applied to files:

  • go/apps/api/openapi/openapi-generated.yaml
📚 Learning: in the unkey codebase, avoid hardcoding ids or indices that depend on array positions, as the arrays... 
Learnt from: ogzhanolguncu
PR: unkeyed/unkey#2876
File: apps/dashboard/components/logs/datetime/constants.ts:96-96
Timestamp: 2025-02-06T17:41:47.228Z
Learning: In the Unkey codebase, avoid hardcoding IDs or indices that depend on array positions, as the arrays may be modified in the future. Instead, use methods like `find` with unique identifiers or properties to locate specific items.

Applied to files:

  • go/apps/api/openapi/openapi-generated.yaml
📚 Learning: applies to go/deploy/**/*.{go,js,ts,tsx,py,sh,md,txt,json,yaml,yml,ini,env,conf,html,css,scss,xml,c,... 
Learnt from: CR
PR: unkeyed/unkey#0
File: go/deploy/CLAUDE.md:0-0
Timestamp: 2025-07-21T18:05:58.236Z
Learning: Applies to go/deploy/**/*.{go,js,ts,tsx,py,sh,md,txt,json,yaml,yml,ini,env,conf,html,css,scss,xml,c,h,cpp,java,rb,rs,php,pl,sql} : Do not remove `AIDEV-*`s without explicit human instruction.

Applied to files:

  • go/apps/api/openapi/openapi-generated.yaml
📚 Learning: in the unkey codebase, ogzhanolguncu prefers to keep commented code for planned future features (lik... 
Learnt from: ogzhanolguncu
PR: unkeyed/unkey#3499
File: apps/dashboard/app/new/hooks/use-workspace-step.tsx:19-26
Timestamp: 2025-07-11T13:00:05.416Z
Learning: In the Unkey codebase, ogzhanolguncu prefers to keep commented code for planned future features (like slug-based workspaces) rather than removing it, as it serves as a reference for upcoming implementation.

Applied to files:

  • go/apps/api/openapi/openapi-generated.yaml
📚 Learning: in the unkey codebase, cursor pagination uses a "limit + 1" approach where queries fetch one extra r... 
Learnt from: Flo4604
PR: unkeyed/unkey#3677
File: go/pkg/db/queries/ratelimit_override_list_by_namespace_id.sql:7-8
Timestamp: 2025-07-30T10:46:56.453Z
Learning: In the Unkey codebase, cursor pagination uses a "limit + 1" approach where queries fetch one extra record beyond the requested limit. The cursor is set to the ID of this extra record (which is not returned to the client), so using `>=` in the WHERE clause is correct because the next page should start from that cursor ID.

Applied to files:

  • go/apps/api/openapi/openapi-generated.yaml
📚 Learning: in the ratelimits logs context, "requestid" is used for single request ids, while "requestids" is us... 
Learnt from: ogzhanolguncu
PR: unkeyed/unkey#2866
File: apps/dashboard/app/(app)/ratelimits/[namespaceId]/logs/components/control-cloud/index.tsx:13-30
Timestamp: 2025-02-05T11:49:04.098Z
Learning: In the ratelimits logs context, "requestId" is used for single request IDs, while "requestIds" is used when dealing with multiple request IDs.

Applied to files:

  • go/apps/api/openapi/openapi-generated.yaml
🧬 Code Graph Analysis (2)
go/apps/api/routes/register.go (1)
go/internal/services/caches/caches.go (1)
  • Caches (15-27)
go/apps/api/openapi/gen.go (3)
apps/dashboard/lib/trpc/routers/api/keys/query-api-keys/schema.ts (1)
  • Ratelimits (32-32)
go/pkg/db/models_generated.go (3)
  • Identity (714-723)
  • Permission (803-811)
  • Role (870-877)
go/pkg/codes/unkey_data.go (1)
  • Data (93-136)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)
  • GitHub Check: Test Go API Local / Test
  • GitHub Check: Test Agent Local / test_agent_local
  • GitHub Check: Test API / API Test Local
  • GitHub Check: Build / Build
  • GitHub Check: Test Packages / Test
🔇 Additional comments (11)
go/apps/api/routes/register.go (1)

400-410: Cache dependency injection added for v2KeysUpdateKey – looks good

KeyCache: svc.Caches.VerificationKeyByHash brings the updateKey handler in line with the other key-mutation handlers, enabling proper cache eviction after updates. No issues spotted.

go/apps/api/openapi/gen.go (8)

145-146: LGTM: Added explicit internal ID field to Identity struct.

The addition of the Id field provides explicit access to the internal identity identifier, which aligns with the database model and supports the API's goal of exposing both internal and external identity references.

149-153: LGTM: Formatting changes from code generator.

The field definitions remain functionally identical, just reformatted by the OpenAPI code generator.

207-208: LGTM: Consolidated identity data structure.

The removal of the redundant ExternalId field from KeyResponseData is appropriate since this information is now accessible through identity.externalId, eliminating data duplication.

310-310: LGTM: Improved field documentation clarity.

The updated comment more specifically describes what the slug field identifies, improving API documentation clarity.

655-655: LGTM: Simplified response structure.

Removing the intermediate wrapper and directly embedding the Identity struct simplifies the API response structure and improves usability for API consumers.

687-688: LGTM: Unified identity reference pattern.

The field rename from ExternalId to Identity with the updated comment clearly establishes that this field can accept either external or internal identity IDs, improving API consistency and flexibility.

1531-1531: LGTM: Consistent response structure simplification.

Following the same pattern as identity responses, directly embedding the Permission struct removes unnecessary wrapper complexity and maintains consistency across the API.

1549-1549: LGTM: Completes consistent response structure pattern.

Directly embedding the Role struct completes the consistent simplification pattern across identity, permission, and role responses, providing a uniform and cleaner API structure.

go/apps/api/openapi/openapi-generated.yaml (2)

456-463: Updated wording looks good

The “delete” → “update” copy-paste fix is applied correctly and the example matches the new identity field.

2159-2176: Re-confirm that id can be marked required

Identity now requires both externalId and id. For pre-existing identities created before this migration, the internal ID has always existed in the DB but was not exposed via the API. If any older response serializers (e.g. cached structs) omit id, they will violate the new contract and break code-gen clients. Please double-check all response paths—or gate the requirement with readOnly: true instead of required.

@Flo4604 Flo4604 changed the title fix: more things fix: update identity by identity key instead of externalId and fix wrong body for permission and role Aug 4, 2025
@Flo4604 Flo4604 added this pull request to the merge queue Aug 4, 2025
@graphite-app Graphite App
Copy link

graphite-app bot commented Aug 4, 2025

Cartoon gif. Batman from Batman: The Animated Series stands in the corner of a cave and stares down at us. He gives us a thumbs up, never changing expressions during it. (Added via Giphy)

@graphite-app Graphite App
Copy link

graphite-app bot commented Aug 4, 2025

Graphite Automations

"Post a GIF when PR approved" took an action on this PR • (08/04/25)

1 gif was posted to this PR based on Andreas Thomas's automation.

Merged via the queue into main with commit c4e23b6 Aug 4, 2025
18 of 19 checks passed
@Flo4604 Flo4604 deleted the fix/docs+cleanup branch August 4, 2025 08:23
chronark added a commit that referenced this pull request Aug 7, 2025
@MichaelUnkey @autofix-ci
@chronark @Flo4604 @ogzhanolguncu @perkinsjr @imeyer @ubinatus @mcstepp @coderabbitai
feat: a user selects edit root key and an edit root key modal (#3731)
21002b3 
* Dialog created

* small changes

* half functional

* small spacing changes and chevron

* Rabbit Changes

* remove useffect

* almost

* re ordered badge list collapse

* undo rabbit

* [autofix.ci] apply automated fixes

* fix scroll

* changes before merge

* chore: deprecate v1 endpoints (#3680)

* fix: openapi

* chore: deprecate v1 endpoints

* fix: vault credentials and chproxy config (#3681)

* fix: openapi

* fix: vault credentials and chproxy config

* fix: rename flag accessor too

* fix: linter issues

* fix: some more v2 api changes (#3677)

* remove namespaceID

* actually use limit and cursor

* filter out delted overrides

* fix error messages list endpoints

* fix more error messages

* ensure identity create handles like permission/role create

* fix regex for roles

* fix regex for roles

* fix list keys cursor

* fix: uppercase common files (#3683)

* name files uppercase

* name files uppercase

* [autofix.ci] apply automated fixes

* name files uppercase

* name files uppercase

---------

Co-authored-by: Andreas Thomas <[email protected]>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* fix: conflicting casing (#3689)

* fix the openapi spec again (#3692)

* dont trace chproxy endpoints (#3691)

* fix: log verifications to the owning workspace (#3693)

* functioning again

* style change

* more tweaks

* fix: validate s3 config (#3694)

* Fix all the fucking things

* remove close button

* fmt

* fix: speakeasy ignore directive is ignored if it's a string (#3699)

* fix: upsert permissions with slug or name colission (#3696)

* fix: upsert permissions with slug or name colission

* chore: also remove index

* fix permission test and remove unnnecessary test

---------

Co-authored-by: Flo <[email protected]>

* docs: migration (#3678)

* fix: openapi

* docs: migration from v1 to v2

* fix: remove binaries

* [autofix.ci] apply automated fixes

* docs: add james' feedback

---------

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* fix: api list keys zod errors (#3702)

* fix api zod errors

* [autofix.ci] apply automated fixes

* make array handling uniform

* make array handling uniform

* fix rabbi comment

* fix: permission array for roles

---------

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* ci: don't build for windows and freebsd (#3700)

* docs: errors (#3703)

* chore: move sdks to unkeyed/sdks (#3701)

* fix: omitting array vs null (#3704)

* fix omitting array vs null

* [autofix.ci] apply automated fixes

* fix flakey test

* fix flakey test

---------

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* fix: panics not being catched (#3706)

* fix panics not being catched

* feat: add counter to track panics

Signed-off-by: Ian Meyer <[email protected]>

---------

Signed-off-by: Ian Meyer <[email protected]>
Co-authored-by: Ian Meyer <[email protected]>

* docs: use `CodeGroup` in hono/nextjs TS libraries (#3708)

* Update hono.mdx

* Update nextjs.mdx

* ci: remove outdated steps and flows (#3709)

* docs: update sdks (#3712)

* docs: update sdks

* Update nextjs.mdx

* [autofix.ci] apply automated fixes

* fix: rabbit feedback

* Update nextjs.mdx

* fix: root key is required

---------

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* dialog and confirm added

* feat(deployment beta): projects UI for Unkey Deploy (#3662)

* projects and branches

* wip

* wip

* spec differ wip

* fix some docker, add some trpc, integrate diff viewer

* change version to deployments, add feature flag, update go schema

* update versions page

* fix null condition

* delete old router, fix null assertion

* fmt

* fmt

* fmt again

* apply auth and feature flagging access to projects, remove versions

* yolo

* stable yolo

* stable yolo

* style: fmt

* fix: hardcode time, so it doesn't fail on the first of a month

* [autofix.ci] apply automated fixes

---------

Co-authored-by: chronark <[email protected]>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* chore: add missingd delete endpoint for v2 (#3711)

* only log key at the end (#3716)

* fix: allow wildcard and colon in permissions query (#3717)

* remove regex for permissions

* allow for asterix and colon in permissions

* fix: update identity by identity key instead of externalId and fix wrong body for permission and role (#3713)

* docs and remove externalId from keyResponse

* fix updateIdentity to take in an identity parameter instead of an externalId

* fix get role/permission

* Update go/apps/api/openapi/spec/common/Permission.yaml

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* Update openapi-generated.yaml

* fix comment

---------

Co-authored-by: Andreas Thomas <[email protected]>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* chore: openapi references (#3723)

* feat: add paginated tRPC endpoint for projects (#3697)

* feat: add new endpoint for deploy projects

* chore: replace file path

* [autofix.ci] apply automated fixes

* feat: add missing endpoint

* fix: trpc path

* fix: add feature flag

* chore: remove optin

---------

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* fix: region not showing and wrong rl id (#3722)

* fix: region not showing and wrong rl id

* pass region down

* perf: bad get key performance (#3724)

* perf: make getKey 2 seperate queries so mysql chooses correct idx

* fix query

* fix query name

* docs: verify identities endpoints (#3727)

* chore: docs (#3728)

* chore: fixup migration guide

* adjust more

* adjust more

* adjust more

* rabbit comments

* Update index.mdx

* working updates

* re factor for clarity

* only update if diff than existing

* [autofix.ci] apply automated fixes

* re name create-root-key to root-key folder

---------

Signed-off-by: Ian Meyer <[email protected]>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Andreas Thomas <[email protected]>
Co-authored-by: Flo <[email protected]>
Co-authored-by: Oğuzhan Olguncu <[email protected]>
Co-authored-by: James Perkins <[email protected]>
Co-authored-by: Ian Meyer <[email protected]>
Co-authored-by: JA Castro <[email protected]>
Co-authored-by: Meg Stepp <[email protected]>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
This was referenced Aug 18, 2025
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@graphite-app graphite-app[bot] graphite-app[bot] left review comments

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@chronark chronark chronark approved these changes

@perkinsjr perkinsjr Awaiting requested review from perkinsjr perkinsjr is a code owner

@imeyer imeyer Awaiting requested review from imeyer imeyer is a code owner

@mcstepp mcstepp Awaiting requested review from mcstepp mcstepp is a code owner

@MichaelUnkey MichaelUnkey Awaiting requested review from MichaelUnkey MichaelUnkey is a code owner

@ogzhanolguncu ogzhanolguncu Awaiting requested review from ogzhanolguncu ogzhanolguncu is a code owner

Assignees

@chronark chronark

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Flo4604 @chronark