Skip to content

fix(security): add API key roles RBAC (E2-2) (#1432)#1548

Merged
OneStepAt4time merged 1 commit intodevelopfrom
fix/E2-2-api-key-roles
Apr 9, 2026
Merged

fix(security): add API key roles RBAC (E2-2) (#1432)#1548
OneStepAt4time merged 1 commit intodevelopfrom
fix/E2-2-api-key-roles

Conversation

@OneStepAt4time
Copy link
Copy Markdown
Owner

@OneStepAt4time OneStepAt4time commented Apr 9, 2026

Summary

Implements role-based access control for API keys (Issue #1432).

Changes

  • ApiKeyRole type:
  • role field added to interface with default
  • getRole() method on — returns role for any key ID, master token = admin
  • requireRole() helper in for endpoint gating

Gated Endpoints

Endpoint Required Role
admin
admin
admin or operator

Testing

  • 7 new tests for role creation and behavior
  • All auth tests pass

Checklist

  • Tests added/updated
  • Build passes
  • Scope contained to RBAC implementation only

@OneStepAt4time
fix(security): add API key roles RBAC (E2-2) (#1432)
52d9b2e 
- Add ApiKeyRole type: admin, operator, viewer
- Add role field to ApiKey interface with default 'viewer'
- Add getRole() method to AuthManager
- Gate POST /v1/auth/keys to admin role only
- Gate DELETE /v1/auth/keys/:id to admin role only
- Gate DELETE /v1/sessions/:id to admin or operator role only
- Add authKeySchema and authStoreSchema updates for role field
- Add 7 tests for role creation and getRole() behavior
aegis-gh-agent[bot]
aegis-gh-agent bot approved these changes Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@aegis-gh-agent aegis-gh-agent bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Approved. API key roles RBAC (E2-2, Issue #1432). Clean 4-file implementation: admin/operator/viewer roles, requireRole() guard on key creation/deletion/session kill, backward compatible (default=viewer). 7 tests, CI green.

@OneStepAt4time OneStepAt4time merged commit 1ec792c into develop Apr 9, 2026
9 checks passed
@OneStepAt4time OneStepAt4time deleted the fix/E2-2-api-key-roles branch April 9, 2026 14:45
@OneStepAt4time OneStepAt4time mentioned this pull request Apr 9, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aegis-gh-agent aegis-gh-agent[bot] aegis-gh-agent[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@OneStepAt4time