Conversation
The external AI review agent now authenticates with individually issued,
revocable bearer tokens instead of a single shared header key. A new
service_accounts app provides machine identities and hashed tokens with
scopes, optional expiry, revocation, and last-use tracking; the AI review
endpoints require the ai_review:read scope for reads and ai_review:propose
for proposals, so a read-only token cannot create proposals. Tokens are
issued once via a management command and revoked in Django admin, making
rotation a data operation instead of a deploy. Proposals remain attributed
to the hidden AI steward user, now provisioned through a shared
get-or-create helper, with the authenticating account name recorded in
each proposal note for audit. The legacy X-AI-Review-Key path and its
settings are removed entirely.
## Claude Implementation Notes
- backend/service_accounts/: new app. ServiceAccount (DRF principal, not a User) and ServiceAccountToken (unique SHA-256 digest of the plaintext, looked up directly by digest, scopes list, expires_at/revoked_at/last_used_at with once-per-minute write throttling); ServiceAccountAuthentication (Bearer sa_<secret>, generic 401s, pass-through for non-sa credentials); HasServiceAccountScope reading a per-action required_scopes map on the view; admin with a revoke action and add disabled; issue_service_account_token management command printing the plaintext once; testing.service_account_auth_headers helper; self-contained tests exercising the machinery against an in-module view.
- backend/contributions/ai_review/views.py: AIReviewViewSet uses ServiceAccountAuthentication + HasServiceAccountScope with required_scopes ('propose' needs ai_review:propose, everything else ai_review:read); propose attributes via get_ai_steward() and stores the account name in the proposal note data; removed the unused single-value historical-note filter helper and the hand-rolled ordering helper, so proposed/reviewed reuse filter_queryset with each action's default ordering carried on its queryset.
- backend/contributions/ai_review/permissions.py: deleted (legacy shared-key permission).
- backend/contributions/ai_attribution.py: new shared home for the AI steward identity (AI_STEWARD_EMAIL, get_ai_steward get-or-create), used by the propose action and the Tier-1 command.
- backend/contributions/management/commands/review_submissions.py: _ensure_ai_steward delegates to get_ai_steward; duplicate constants removed.
- backend/contributions/views.py: steward filterset imports AI_STEWARD_EMAIL from ai_attribution instead of defining its own copy.
- backend/tally/settings.py: service_accounts added to INSTALLED_APPS; AI_REVIEW_API_KEY removed.
- backend/deploy-apprunner.sh, backend/deploy-apprunner-dev.sh: dropped the AI_REVIEW_API_KEY SSM entries.
- backend/contributions/tests/test_ai_review_auth.py: new integration tests for endpoint scopes, attribution, and the human-proposal update guard.
- backend/contributions/tests/test_calibration_data.py, backend/contributions/tests/test_project_milestone_rubric.py: authenticate via service account tokens instead of the removed header.
- backend/CLAUDE.md, backend/submissions_review.md, .claude/skills/ai-review.md: documentation moved to bearer-token auth (setup, curl examples, error table, env vars).
…error-special-requests [codex] Fix reCAPTCHA token sync on contribution submit
…tokens Replace the AI review API key with scoped service account tokens
…eviewer-proposals Add questioned proposal workflow
…ice-account-token-issuance Add admin service account token issuance
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.