Skip to content

Cache Admin API scopes returned by preview store creation#7948

Merged
amcaplan merged 1 commit into
mainfrom
preview-store-cache-scopes
Jun 29, 2026
Merged

Cache Admin API scopes returned by preview store creation#7948
amcaplan merged 1 commit into
mainfrom
preview-store-cache-scopes

Conversation

@amcaplan

@amcaplan amcaplan commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

WHY are these changes introduced?

Preview stores aren't a logged-in experience, so the Admin API scopes granted to their token are fixed at creation time — there's no OAuth flow to grant more later. Following shop/world#869091, the preview store creation API now returns an admin_api_scopes field alongside the admin_api_token. The CLI needs to capture and persist those scopes (just like store auth stashes granted scopes) so later commands can surface what the token is actually allowed to do.

This is the first PR in a stack:

  1. Cache Admin API scopes returned by preview store creation #7948 (this PR) — Cache the Admin API scopes returned by preview store creation.
  2. Surface preview store auth scopes in store info --json #7949 — Surface those scopes in store info --json.
  3. Exit store auth early for preview stores #7950 — Exit store auth early for preview stores, listing the preapproved scopes.

WHAT is this pull request doing?

  • client.ts: parse the new admin_api_scopes field from the preview store create response into adminApiScopes: string[] on PreviewStoreCreateResponse. The field is treated as required (assuming an updated backend) — a response missing it throws "Preview store creation response is missing required fields.", consistent with the other required fields. Non-string entries are filtered out defensively, and an empty array is accepted.
  • index.ts: persist response.adminApiScopes into the local StoredStoreAppSession cache (scopes:) instead of the previously hardcoded empty array, mirroring how store auth caches granted scopes.

No changeset — preview stores aren't released yet, and this only changes cached data (no user-visible behavior).

How to test your changes?

  1. Create a preview store from the CLI against a backend that returns admin_api_scopes.
  2. Confirm the cached store-auth session for that store now carries the returned scopes.

Unit tests cover: parsing the scopes, rejecting a response that omits the field, dropping non-string entries, and persisting the scopes into the session cache.

Checklist

  • I've considered possible cross-platform impacts (Mac, Linux, Windows)
  • I've considered possible documentation changes
  • I've considered analytics changes to measure impact
  • The change is user-facing — I've identified the correct bump type and added a changeset. (N/A — preview stores aren't released; no user-visible behavior.)

Copy link
Copy Markdown
Contributor Author

@github-actions github-actions Bot added the no-changelog This PR doesn't include a changeset entry. Is an internal only change not relevant to end users. label Jun 28, 2026
The preview store creation endpoint now returns admin_api_scopes (e.g.
read_themes, write_themes) alongside the admin API token. Parse this list
and persist it in the local store-auth session cache instead of an empty
array, mirroring how store auth stores granted scopes.

Backends that predate the field omit it, so we default to an empty list.

Assisted-By: devx/f38d0794-3b14-4a2a-a849-b95ae665f83d
@amcaplan amcaplan force-pushed the preview-store-cache-scopes branch from 7554acb to 7e206fe Compare June 28, 2026 17:09
@amcaplan amcaplan marked this pull request as ready for review June 29, 2026 16:07
@amcaplan amcaplan requested a review from a team as a code owner June 29, 2026 16:07
Copilot AI review requested due to automatic review settings June 29, 2026 16:07

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Captures the Admin API scopes returned by the preview store creation API and persists them into the local store-auth session cache, so downstream commands can accurately reflect what a preview store token is permitted to do.

Changes:

  • Parse admin_api_scopes from the preview store create response into adminApiScopes: string[] and treat it as a required response field.
  • Persist the returned scopes into the stored preview-session (scopes) instead of hardcoding [].
  • Add/adjust unit tests to cover required-field enforcement, filtering non-string entries, and persistence behavior.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File Description
packages/store/src/cli/services/store/create/preview/index.ts Stores response.adminApiScopes into the preview session cache (scopes) when persisting the created store session.
packages/store/src/cli/services/store/create/preview/index.test.ts Updates preview-create service tests to include and assert persisted scopes (including empty-scope cases).
packages/store/src/cli/services/store/create/preview/client.ts Adds admin_api_scopes parsing/validation (required) and returns it as adminApiScopes.
packages/store/src/cli/services/store/create/preview/client.test.ts Adds tests for omitted scopes (reject) and non-string scope filtering; updates existing tests for the new field.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@amcaplan amcaplan added this pull request to the merge queue Jun 29, 2026
Merged via the queue into main with commit 5b41b40 Jun 29, 2026
27 of 29 checks passed
@amcaplan amcaplan deleted the preview-store-cache-scopes branch June 29, 2026 16:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

no-changelog This PR doesn't include a changeset entry. Is an internal only change not relevant to end users.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants