Conversation
|
Warning Rate limit exceeded
⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (59)
📝 WalkthroughWalkthroughThis pull request revokes anonymous access to three API-key introspection functions across two database migration files, restricting execute privileges on Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Possibly related PRs
Suggested labels
Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2b59eab3dd
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| GRANT ALL ON FUNCTION "public"."get_org_perm_for_apikey" ("apikey" "text", "app_id" "text") TO "anon"; | ||
|
|
||
| GRANT ALL ON FUNCTION "public"."get_org_perm_for_apikey" ("apikey" "text", "app_id" "text") TO "authenticated"; |
There was a problem hiding this comment.
This commit modifies 20250530233128_base.sql, but /workspace/capgo/AGENTS.md explicitly requires you to “never edit previously committed migrations.” Rewriting an already-applied migration makes schema history non-immutable and can create drift/confusion between environments that already ran the original file and fresh environments that replay the edited file; this hardening should live only in a new migration.
Useful? React with 👍 / 👎.
fix: webapp url
This reverts commit ff20d1a.
Builder availability errors (not configured, call failed, error response, missing upload URL) are transient server-side failures, not client errors. Returning 503 allows the CLI retry logic to automatically retry these requests instead of treating them as terminal 400 errors.
fix: return 503 for service_unavailable build errors
fix: correct vue/html-indent in DemoOnboardingModal
… map to camelCase for builder
Extract buildBuilderPayload() from the inline fetch body so the snake_case → camelCase mapping and exact key set can be tested. 6 vitest cases verify: camelCase output, no legacy credentials field, correct metadata keys, and pass-through of contents.
Add unit tests for builder payload shape
Old CLI clients sending the flat `credentials` field would have it silently dropped, causing confusing builder failures. Now the proxy explicitly rejects non-empty `credentials` with a migration message pointing to `build_credentials`.
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
fix(security): RBAC security audit fixes
…/capgo into riderx/fix-apikey-oracles
* fix(auth): block account deletion for unverified users * fix(auth): refresh session fields for email verification gate * fix(auth): make delete_user insert idempotent * fix(auth): explain blocked delete/settings when email unverified * fix(auth): block delete action when email is unverified * fix(auth): localize resend email block and make delete_user idempotent
* fix(db): restrict invite_user_to_org public rpc * fix(db): use caller identity in invite 2FA check
* fix(db): secure record_build_time rpc writes * fix(db): preserve service-role record_build_time path
…/capgo into riderx/fix-apikey-oracles
…/capgo into riderx/fix-apikey-oracles
|
4 participants
Summary (AI generated)
public.get_org_perm_for_apikeyandpublic.get_user_idin the base migration.EXECUTEforanonon the same API-key introspection RPC signatures.Motivation (AI generated)
anonaccess enabled key-existence and permission/app-enumeration oracles, which increased the impact of leaked API keys.Business Impact (AI generated)
Test Plan (AI generated)
bun lintafter the migration updates.git diffandgit diff origin/main...to verify only the intended grant and revoke changes.Screenshots
Not applicable (backend SQL migrations only).
Summary by CodeRabbit