feat: auth codegen added

[shivammittal274]

No description provided.

[greptile-apps]

Greptile Summary

This PR adds authentication support for the codegen service via HMAC-SHA256 signatures. It introduces a new auth utility that signs requests with a shared secret, and integrates optional authentication into both the GraphService (for code generation and graph creation) and ExtractService (for structured data extraction). The feature is backward-compatible with optional credentials - when not configured, services function without authentication.

Key Changes:

• Added codegen-auth.ts utility for computing HMAC-SHA256 signatures and creating auth headers
• Extended GraphService to proxy requests to codegen with conditional auth headers
• Updated ExtractService to apply auth headers when credentials are available
• Added configuration support for CODEGEN_SERVICE_URL and CODEGEN_HMAC_SECRET via environment variables
• Updated HTTP server and SDK routes to pass auth credentials through dependency injection
• All SDK and Graph routes properly handle SSE streaming with event forwarding

Issues Found:

• Critical: Variable browserosId referenced but not defined in sdk.ts:195 (verify route handler)

Confidence Score: 2/5

• This PR has a critical runtime error that will cause the verify endpoint to fail immediately when called
• The PR introduces a critical syntax error in apps/server/src/api/routes/sdk.ts:195 where browserosId is referenced but not defined in the function scope. This will cause a ReferenceError at runtime when the /sdk/verify endpoint is called. The rest of the implementation is solid and well-integrated, but this blocking issue must be fixed before merge. Score of 2 reflects the critical nature of this bug that makes the verify route non-functional.
• apps/server/src/api/routes/sdk.ts - critical syntax error in verify route handler

Important Files Changed

Filename	Overview
apps/server/src/api/utils/codegen-auth.ts	New auth utility for HMAC-SHA256 signing of codegen service requests. Implementation is clean, well-commented, and correctly handles signature computation using node:crypto.
apps/server/src/api/routes/sdk.ts	SDK routes configured with auth credentials for extract service. Critical issue: Variable 'browserosId' is referenced but not defined in this scope (line 195).
apps/server/src/api/services/graph-service.ts	GraphService correctly implements conditional auth header addition and properly streams UIMessageStreamEvent events. Code is well-structured with clear separation of concerns.
apps/server/src/api/services/sdk/extract.ts	ExtractService correctly applies HMAC auth headers when both credentials are present. Optional auth pattern is consistent with graph-service approach.
apps/server/src/api/server.ts	HTTP server properly passes codegen config to graph and sdk routes. Clean integration with existing route composition pattern.

Sequence Diagram

sequenceDiagram
    participant Client
    participant HttpServer
    participant GraphRoute as Graph Route
    participant GraphService
    participant CodegenService
    participant ExtractService

    Client->>HttpServer: POST /graph (create)
    HttpServer->>GraphRoute: routes request
    GraphRoute->>GraphService: createGraph(query)
    GraphService->>CodegenService: POST /api/code with auth headers
    CodegenService-->>GraphService: UIMessageStreamEvent (SSE)
    GraphService->>GraphService: parseUIMessageStream()
    GraphService->>GraphService: extractSessionData()
    GraphService-->>GraphRoute: forwards events
    GraphRoute-->>Client: SSE stream response

    Client->>HttpServer: POST /sdk/extract
    HttpServer->>ExtractService: extract(instruction, schema, content)
    ExtractService->>CodegenService: POST /api/extract with auth headers
    CodegenService-->>ExtractService: extracted data
    ExtractService-->>HttpServer: result
    HttpServer-->>Client: JSON response

Loading

[claude]

Code review

No issues found. Checked for bugs and CLAUDE.md compliance.

[Nikhil (shadowfax92)]

Closing stale PR.