Skip to content

deploy to prod#897

Open
JoaquinBN wants to merge 14 commits into
mainfrom
dev
Open

deploy to prod#897
JoaquinBN wants to merge 14 commits into
mainfrom
dev

Conversation

@JoaquinBN

Copy link
Copy Markdown
Collaborator

No description provided.

JoaquinBN added 14 commits July 5, 2026 13:08
The external AI review agent now authenticates with individually issued,
revocable bearer tokens instead of a single shared header key. A new
service_accounts app provides machine identities and hashed tokens with
scopes, optional expiry, revocation, and last-use tracking; the AI review
endpoints require the ai_review:read scope for reads and ai_review:propose
for proposals, so a read-only token cannot create proposals. Tokens are
issued once via a management command and revoked in Django admin, making
rotation a data operation instead of a deploy. Proposals remain attributed
to the hidden AI steward user, now provisioned through a shared
get-or-create helper, with the authenticating account name recorded in
each proposal note for audit. The legacy X-AI-Review-Key path and its
settings are removed entirely.

## Claude Implementation Notes
- backend/service_accounts/: new app. ServiceAccount (DRF principal, not a User) and ServiceAccountToken (unique SHA-256 digest of the plaintext, looked up directly by digest, scopes list, expires_at/revoked_at/last_used_at with once-per-minute write throttling); ServiceAccountAuthentication (Bearer sa_<secret>, generic 401s, pass-through for non-sa credentials); HasServiceAccountScope reading a per-action required_scopes map on the view; admin with a revoke action and add disabled; issue_service_account_token management command printing the plaintext once; testing.service_account_auth_headers helper; self-contained tests exercising the machinery against an in-module view.
- backend/contributions/ai_review/views.py: AIReviewViewSet uses ServiceAccountAuthentication + HasServiceAccountScope with required_scopes ('propose' needs ai_review:propose, everything else ai_review:read); propose attributes via get_ai_steward() and stores the account name in the proposal note data; removed the unused single-value historical-note filter helper and the hand-rolled ordering helper, so proposed/reviewed reuse filter_queryset with each action's default ordering carried on its queryset.
- backend/contributions/ai_review/permissions.py: deleted (legacy shared-key permission).
- backend/contributions/ai_attribution.py: new shared home for the AI steward identity (AI_STEWARD_EMAIL, get_ai_steward get-or-create), used by the propose action and the Tier-1 command.
- backend/contributions/management/commands/review_submissions.py: _ensure_ai_steward delegates to get_ai_steward; duplicate constants removed.
- backend/contributions/views.py: steward filterset imports AI_STEWARD_EMAIL from ai_attribution instead of defining its own copy.
- backend/tally/settings.py: service_accounts added to INSTALLED_APPS; AI_REVIEW_API_KEY removed.
- backend/deploy-apprunner.sh, backend/deploy-apprunner-dev.sh: dropped the AI_REVIEW_API_KEY SSM entries.
- backend/contributions/tests/test_ai_review_auth.py: new integration tests for endpoint scopes, attribution, and the human-proposal update guard.
- backend/contributions/tests/test_calibration_data.py, backend/contributions/tests/test_project_milestone_rubric.py: authenticate via service account tokens instead of the removed header.
- backend/CLAUDE.md, backend/submissions_review.md, .claude/skills/ai-review.md: documentation moved to bearer-token auth (setup, curl examples, error table, env vars).
…error-special-requests

[codex] Fix reCAPTCHA token sync on contribution submit
…tokens

Replace the AI review API key with scoped service account tokens
…eviewer-proposals

Add questioned proposal workflow
…ice-account-token-issuance

Add admin service account token issuance
@coderabbitai

coderabbitai Bot commented Jul 5, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 0dcd7abf-7696-4846-a2c2-d3006c118859

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dev

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@JoaquinBN JoaquinBN deployed to cron-job July 6, 2026 01:50 — with GitHub Actions Active
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants