refactor: move SearchOrganizationTokens to FrontierService

[paanSinghCoder]

Summary

• Move SearchOrganizationTokens from AdminService to FrontierService so org admins and Users both can list their own org's token transactions (previously restricted to platform super-users is IsSuperUser check).
• Bump PROTON_COMMIT and regenerate proto/v1beta1.
• Authorization: IsSuperUser → IsAuthorized(org, UpdatePermission). Super-users continue to pass via the interceptor bypass.
• Admin Tokens page + AddTokensDialog now use FrontierServiceQueries.searchOrganizationTokens. Request/response shape is unchanged.

Dependency

Depends on raystack/proton#482. After that merges and @raystack/proton is published, bump the pin in web/sdk/package.json and web/apps/admin/package.json.

Test plan

• go build ./... locally
• CI green after proton#482 + npm publish + sdk version bump
• Smoke test: hit FrontierService/SearchOrganizationTokens as an org admin, a super-user, and an unrelated user — expect success, success, PermissionDenied.

🤖 Generated with Claude Code

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
frontier	Ready	Preview, Comment	Apr 22, 2026 9:17am

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 80f01d09-776d-46a4-a0e8-216e118d68b3

📥 Commits

Reviewing files that changed from the base of the PR and between 16c3f49 and fb0ace5.

⛔ Files ignored due to path filters (1)

• web/pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (3)

• Makefile
• web/apps/admin/package.json
• web/sdk/package.json

✅ Files skipped from review due to trivial changes (2)

• web/apps/admin/package.json
• Makefile

---

📝 Walkthrough

Summary by CodeRabbit

• Chores

  • Updated internal tooling and bumped an internal client dependency to a newer revision.

• Improvements

  • Organization token search now enforces organization-level role permissions.
  • UI token lists and token delegation flows now use the updated backend token search service for consistency.

Walkthrough

Updated Proton commit and bumped @raystack/proton package versions; migrated SearchOrganizationTokens RPC usage from AdminService to FrontierService, adjusted server authorization validation to organization-level checks, and updated frontend queries/cache keys to use FrontierServiceQueries.

Changes

Cohort / File(s)	Summary
Build / Dependency Makefile, web/apps/admin/package.json, web/sdk/package.json	Updated PROTON_COMMIT hash in Makefile and bumped @raystack/proton dependency versions to the new commit hash.
Authorization Validation pkg/server/connect_interceptors/authorization.go	Replaced AdminService authorization entry for SearchOrganizationTokens with FrontierService entry that calls handler.IsAuthorized(..., schema.OrganizationNamespace, ..., schema.UpdatePermission).
Frontend Queries web/sdk/admin/views/organizations/details/layout/add-tokens-dialog.tsx, web/sdk/admin/views/organizations/details/tokens/index.tsx	Switched query keys and data fetching from AdminServiceQueries.searchOrganizationTokens to FrontierServiceQueries.searchOrganizationTokens for token list invalidation and loading.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• refactor(proto): regenerate protos after gateway annotations removed #1436: Updates the same PROTON_COMMIT Makefile variable for proto generation.
• refactor: move SearchOrganizationInvoices to FrontierService #1549: Same service migration pattern—moving an org-scoped search RPC from AdminService to FrontierService and updating auth/frontend call sites.
• chore: update proton #1515: Bumps Proton dependency and adapts SDK/frontend usage to updated Proton-generated types/queries.

Suggested reviewers

• rsbh
• AmanGIT07
• rohilsurana

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coveralls]

Coverage Report for CI Build 24770393682

Coverage decreased (-0.001%) to 42.227%

Details

• Coverage decreased (-0.001%) from the base build.
• Patch coverage: 4 uncovered changes across 1 file (0 of 4 lines covered, 0.0%).
• No coverage regressions found.

Uncovered Changes

File	Changed	Covered	%
pkg/server/connect_interceptors/authorization.go	4	0	0.0%

Coverage Regressions

No coverage regressions found.

---

Coverage Stats

Relevant Lines:	36896
Covered Lines:	15580
Line Coverage:	42.23%
Coverage Strength:	11.92 hits per line

---

💛 - Coveralls

[paanSinghCoder]

Lint will be fixed after Proton PR is merged raystack/proton#482

[paanSinghCoder]

Tests:

Scenario	Result	Notes
Default list (sort created_at desc)	✅ 200	5 rows returned
Sort amount asc	✅ 200	137 → 174 → 211
Filter type=credit	✅ 200	Only credit rows
groupBy: ["type"]	⚠ no group field	Backend intentionally unimplemented; server accepts the param silently
Sort on user_id (non-allowed field)	⚠ HTTP 500	Backend returns "unsupported sort field" as a plain error; bubbles as Internal instead of InvalidArgument
Unauthenticated (wrong cookie format)	✅ 401	Gate works