feat: add DB queries for ai_gateway_coderd_keys#25564
Merged
Merged
Conversation
Contributor
Author
pawbana
changed the title
pawbana
force-pushed
the
pb/gateway-multi-replica-key-auth-db-queries
branch
from
884d73a to
07965bc
Compare
pawbana
force-pushed
the
pb/gateway-multi-replica-key-auth-db-queries
branch
from
07965bc to
4809647
Compare
pawbana
force-pushed
the
pb/gateway-multi-replica-key-auth-db
branch
from
f842713 to
3248cc3
Compare
pawbana
force-pushed
the
pb/gateway-multi-replica-key-auth-db-queries
branch
from
4809647 to
68caa22
Compare
pawbana
force-pushed
the
pb/gateway-multi-replica-key-auth-db
branch
2 times, most recently
from
056ea4d to
ea066e6
Compare
pawbana
force-pushed
the
pb/gateway-multi-replica-key-auth-db-queries
branch
2 times, most recently
from
09af228 to
9851434
Compare
pawbana
force-pushed
the
pb/gateway-multi-replica-key-auth-db
branch
2 times, most recently
from
3c2624b to
ca08383
Compare
pawbana
force-pushed
the
pb/gateway-multi-replica-key-auth-db-queries
branch
4 times, most recently
from
56911cf to
4a8ae2b
Compare
Contributor
Author
|
/coder-agents-review |
![coder-agents-review[bot]](https://avatars.githubusercontent.com/in/3454270?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Solid query-layer PR. The three queries are well-structured: explicit column subsets that exclude hashed_secret from return types (structural security boundary enforced at the SQL level, not caller discipline), correct RBAC resource/action pairing, and thorough constraint tests covering all six DB constraints. Pariston tried to build a case against the design and couldn't. Kite praised the secret-exclusion pattern specifically. Mafuuu traced the full contract chain and confirmed correctness.
3 P3, 2 Nit. No blockers.
Process note: the PR title says aibridge_coderd_keys but the actual table is ai_gateway_coderd_keys. When this squash-merges, git log --grep ai_gateway_coderd_keys won't find it. Worth fixing the title before merge.
"I tried to build a case against this change and couldn't. The problem is correctly understood, the solution is proportional, and the fix is at the right level of the stack." (Pariston)
🤖 This review was automatically generated with Coder Agents.
pawbana
changed the title
pawbana
force-pushed
the
pb/gateway-multi-replica-key-auth-db-queries
branch
from
4c654bf to
f397e3c
Compare
pawbana
force-pushed
the
pb/gateway-multi-replica-key-auth-db
branch
from
2a07176 to
d2a7b79
Compare
pawbana
force-pushed
the
pb/gateway-multi-replica-key-auth-db-queries
branch
from
f397e3c to
b932b20
Compare
pawbana
force-pushed
the
pb/gateway-multi-replica-key-auth-db
branch
from
1adb398 to
f9c6e92
Compare
pawbana
force-pushed
the
pb/gateway-multi-replica-key-auth-db-queries
branch
from
b932b20 to
535c9cd
Compare
pawbana
force-pushed
the
pb/gateway-multi-replica-key-auth-db-queries
branch
from
3fedbd0 to
267827f
Compare
pawbana
force-pushed
the
pb/gateway-multi-replica-key-auth-db
branch
from
8239275 to
ab58a2f
Compare
pawbana
force-pushed
the
pb/gateway-multi-replica-key-auth-db-queries
branch
2 times, most recently
from
6405f23 to
dad326f
Compare
pawbana
force-pushed
the
pb/gateway-multi-replica-key-auth-db
branch
2 times, most recently
from
335b73d to
13dd6ae
Compare
pawbana
force-pushed
the
pb/gateway-multi-replica-key-auth-db-queries
branch
2 times, most recently
from
74ac18e to
6ce1b97
Compare
pawbana
force-pushed
the
pb/gateway-multi-replica-key-auth-db
branch
2 times, most recently
from
1bfe3cc to
37daa9f
Compare
pawbana
force-pushed
the
pb/gateway-multi-replica-key-auth-db-queries
branch
2 times, most recently
from
328502b to
d5c8d95
Compare
pawbana
force-pushed
the
pb/gateway-multi-replica-key-auth-db
branch
2 times, most recently
from
318ebc9 to
06ad9f0
Compare
pawbana
force-pushed
the
pb/gateway-multi-replica-key-auth-db-queries
branch
from
d5c8d95 to
1873fdc
Compare
pawbana
force-pushed
the
pb/gateway-multi-replica-key-auth-db-queries
branch
2 times, most recently
from
0fa846e to
889b7a6
Compare
Adds Insert / List / Delete queries on aibridge_coderd_keys plus the
ResourceAIGatewayCoderdKey RBAC object (Create / Read / Delete actions).
The hashed_secret column is intentionally excluded from every query's
RETURNING / SELECT list, so generated row types never carry it.
Also extends the migration with token_prefix (varchar(11)), the
'aibridge_coderd_key' resource_type enum value for audit support, and
ai_gateway_coderd_key:{*,create,delete,read} api_key_scope values.
pawbana
force-pushed
the
pb/gateway-multi-replica-key-auth-db-queries
branch
from
889b7a6 to
324ac9d
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds Insert, List and Delete queries for
ai_gateway_coderd_keystable.