feat: implement CheckCurrentUserPATTitle RPC

[AmanGIT07]

Description:

Summary

• Add CheckCurrentUserPATTitle RPC to check if a PAT title is available for the current user in a given org
• Case-insensitive comparison using LOWER() in Postgres
• Designed for UI use alongside CreateCurrentUserPAT to show title availability before submission

Changes

• Proto: CheckCurrentUserPATTitle RPC, request (org_id, title), response (available: bool)
• Repository: IsTitleAvailable — NOT EXISTS query matching the partial unique index (user_id, org_id, title WHERE deleted_at IS NULL)
• Service: IsTitleAvailable — disabled check + delegates to repo
• Handler: principal auth, validation, error mapping
• Authorization: added to skip endpoints (current user only)
• Mocks: added core/userpat to .mockery.yaml
• Tests: 4 service test cases, 6 handler test cases

Manual test verification

• RPC returns true if the requested title is available for the requested orgID
• The title is checked in case-insensitive manner
• Deleted PAT title is not considered for the check

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
frontier	Ready	Preview, Comment	Mar 20, 2026 11:42am

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• New Features

  • Added ability to check if a Personal Access Token title is available before creation.
  • Added support for updating and regenerating existing Personal Access Tokens.
  • Enhanced input validation for Personal Access Token API operations.

• Chores

  • Updated dependency version.

Walkthrough

This PR introduces a new CheckCurrentUserPATTitle endpoint to verify if a PAT title is available within a user/organization scope. Changes span the core userpat package (repository interface, service implementation, tests, mocks), internal API handlers with error mapping, database query implementation, protobuf validation definitions, and authorization configuration updates.

Changes

Cohort / File(s)	Summary
Build Configuration Makefile	Updated PROTON_COMMIT variable to a new commit hash for proto generation.
Core PAT Layer core/userpat/userpat.go, core/userpat/service.go, core/userpat/service_test.go, core/userpat/mocks/repository.go	Added IsTitleAvailable method to repository interface, service implementation with PAT-enabled guard, comprehensive test coverage for enabled/disabled states and title availability checks, and corresponding mock setup helpers.
Internal API Layer internal/api/v1beta1connect/interfaces.go, internal/api/v1beta1connect/user_pat_service.go, internal/api/v1beta1connect/user_pat.go, internal/api/v1beta1connect/user_pat_test.go	Added CheckCurrentUserPATTitle handler that validates principal, delegates to service, maps service errors to Connect error codes (FailedPrecondition for ErrDisabled, Internal for others), and returns availability status with extensive test coverage for auth/validation/service error scenarios.
Database Layer internal/store/postgres/userpat_repository.go	Implemented IsTitleAvailable query using NOT EXISTS SQL against TABLE_USER_PATS to check for case-insensitive title match within user/org scope.
Authorization Configuration pkg/server/connect_interceptors/authorization.go	Added CheckCurrentUserPATTitle to skip-authorization endpoint list alongside existing PAT endpoints.
Protobuf Validation & Connect proto/v1beta1/frontier.pb.validate.go, proto/v1beta1/frontierv1beta1connect/frontier.connect.go	Added validation methods for CheckCurrentUserPATTitle request/response messages and three new FrontierService RPC endpoint definitions (UpdateCurrentUserPAT, RegenerateCurrentUserPAT, CheckCurrentUserPATTitle) with client/handler stubs.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~35 minutes

Possibly related PRs

• feat: enforce PAT scope on permission checks #1446: Extends userpat subsystem with additional PAT-related repository and service methods (GetByID, scope checks) complementing this PR's title-availability feature.
• feat: PAT authentication chain, token validation, and error handling #1442: Introduces PAT authentication/validator and foundational repository methods (GetBySecretHash, UpdateLastUsedAt) that establish patterns leveraged in this PR's implementation.
• feat: CreateCurrentUserPAT RPC implementation #1401: Parallel PAT feature extension adding CreateCurrentUserPAT endpoint alongside this PR's CheckCurrentUserPATTitle, both expanding the PAT API surface.

Suggested reviewers

• rohilsurana
• whoAbhishekSah

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

internal/api/v1beta1connect/user_pat_test.go (1)

924-1060: Add a test for request validation failure (CodeInvalidArgument).

Current cases cover auth/service outcomes well, but not the request.Msg.Validate() failure path. A dedicated case would lock in that mapping and ensure IsTitleAvailable is not called on invalid input.

Suggested test case addition

+{
+	name: "should return invalid argument when request validation fails",
+	setup: func(ps *mocks.UserPATService, as *mocks.AuthnService) {
+		as.EXPECT().GetPrincipal(mock.Anything).Return(authenticate.Principal{
+			ID:   testUserID,
+			Type: schema.UserPrincipal,
+			User: &user.User{ID: testUserID},
+		}, nil)
+	},
+	request: connect.NewRequest(&frontierv1beta1.CheckCurrentUserPATTitleRequest{
+		OrgId: "",
+		Title: "",
+	}),
+	wantErr: connect.NewError(connect.CodeInvalidArgument, ErrBadRequest),
+},

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 1413893b-8722-42aa-975f-f7c091b01a6b

📥 Commits

Reviewing files that changed from the base of the PR and between 62e1a07 and c1d0565.

⛔ Files ignored due to path filters (1)

• proto/v1beta1/frontier.pb.go is excluded by !**/*.pb.go

📒 Files selected for processing (13)

• Makefile
• core/userpat/mocks/repository.go
• core/userpat/service.go
• core/userpat/service_test.go
• core/userpat/userpat.go
• internal/api/v1beta1connect/interfaces.go
• internal/api/v1beta1connect/mocks/user_pat_service.go
• internal/api/v1beta1connect/user_pat.go
• internal/api/v1beta1connect/user_pat_test.go
• internal/store/postgres/userpat_repository.go
• pkg/server/connect_interceptors/authorization.go
• proto/v1beta1/frontier.pb.validate.go
• proto/v1beta1/frontierv1beta1connect/frontier.connect.go

[coveralls]

Pull Request Test Coverage Report for Build 23341279702

Details

• 30 of 51 (58.82%) changed or added relevant lines in 3 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage increased (+0.03%) to 40.871%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
internal/api/v1beta1connect/user_pat.go	25	27	92.59%
internal/store/postgres/userpat_repository.go	0	19	0.0%

Totals
Change from base Build 23336835495:	0.03%
Covered Lines:	14411
Relevant Lines:	35260

---

💛 - Coveralls