Skip to content

feat: mega bot identity#2004

Merged
benjamin-747 merged 6 commits into
gitmono-dev:mainfrom
ztygod:feature/mega-bot-identity
Mar 9, 2026
Merged

feat: mega bot identity#2004
benjamin-747 merged 6 commits into
gitmono-dev:mainfrom
ztygod:feature/mega-bot-identity

Conversation

@ztygod

@ztygod ztygod commented Mar 8, 2026

Copy link
Copy Markdown
Contributor

本 PR 引入了系统 Bot 管理的核心数据库设计和服务逻辑,实现了 Bot 注册、密钥管理、安装跟踪以及审计功能。(issue: #1951)

数据库表设计:

  1. bots

    • 存储 Bot 的核心记录。

    • 字段:

      • id:主键
      • name:Bot 名称
      • organization_id:可选,Bot 所属组织
      • creator_user_id:Bot 创建者
      • permission_scope:Bot 权限范围(Read / Write / Admin)
      • status:当前状态(Enabled / Disabled)
      • created_atupdated_at:时间戳
    • 索引:name + organization_id 唯一约束,避免重复创建同名 Bot。

  2. bot_keys

    • 存储每个 Bot 的 RSA 密钥对。

    • 字段:

      • bot_id:关联 bots.id
      • private_keypublic_key:PEM 编码的密钥
      • created_at:创建时间
    • 作用:用于安全通信或签名操作。密钥在 Bot 注册时生成,并安全存储,仅返回一次 private key。

  3. bot_installations

    • 跟踪 Bot 的安装位置(组织或仓库)。
    • 字段:bot_idtarget_typetarget_idstatusinstalled_byinstalled_at
    • 唯一约束:bot_id + target_type + target_id,保证同一个目标只能安装一个 Bot。
  4. bot_tokens

    • 存储发给 Bot 的 API Token,用于程序化访问。
    • 字段:bot_idtoken_nametoken_hashexpires_atrevokedcreated_at
    • 支持多个 Token,可设置过期和撤销。
  5. audit_logs

    • 通用表,用于记录 Bot 操作和系统事件。
    • 字段:actor_type(Human/Bot)、actor_idactiontarget_typetarget_idmetadatacreated_at
    • 用于可追溯性和审计。

register_bot 函数:

  • 负责完整的 Bot 注册流程:

    1. 插入一条新的 Bot 记录到 bots
    2. 使用 rsa crate 生成 2048 位 RSA 密钥对
    3. 将 PEM 编码的公私钥存入 bot_keys
    4. 可选:未来可扩展初始化 Token、权限、审计日志等功能
  • 返回 Bot 记录和 private key(私钥仅返回一次,用于安全性考虑)

扩展能力预留

  • 支持安装机制(未来扩展到仓库 / 组织)
  • 支持 Token 绑定与权限管理

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f13282a306

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread jupiter/src/storage/bots_storage.rs Outdated
Comment on lines +38 to +42
let bot = self
.new_bot_model(
name,
organization_id,
creator_user_id,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Make bot and key creation atomic

The bot row is inserted first and committed before key generation/persistence, so if RSA generation or the bot_keys insert fails, register_bot returns an error but leaves behind a bot without keys. This creates inconsistent state (and can block retries via the new unique name/org index), so both writes should be wrapped in a single transaction or explicitly rolled back on failure.

Useful? React with 👍 / 👎.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8daa5fdfdc

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment on lines +324 to +326
.col(BotInstallations::BotId)
.col(BotInstallations::TargetType)
.col(BotInstallations::TargetId)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Enforce uniqueness by target in bot installations

The unique index uq_bot_installations_target currently includes bot_id, so it only blocks duplicate installs of the same bot on the same target, but still allows multiple different bots to be installed on one target (for example, (bot=1, repository=42) and (bot=2, repository=42) both pass). If the intended invariant is one installation per target (as the index name suggests), bot_id should not be part of this unique key.

Useful? React with 👍 / 👎.

@benjamin-747 benjamin-747 added this pull request to the merge queue Mar 9, 2026
Merged via the queue into gitmono-dev:main with commit 448b9d2 Mar 9, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants