fix(cli): track auth connection ownership via platform labels#1309
Open
toiroakr wants to merge 2 commits into
Open
fix(cli): track auth connection ownership via platform labels#1309toiroakr wants to merge 2 commits into
toiroakr wants to merge 2 commits into
Conversation
🦋 Changeset detectedLatest commit: 0aed96a The changes in this PR will be included in the next version bump. This PR includes changesets to release 2 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
⚡ pkg.pr.new@tailor-platform/sdk@tailor-platform/create-sdk
|
This comment has been minimized.
This comment has been minimized.
Send the platform's auth_connection TRN so SetMetadata/GetMetadata work for auth connections, restoring label-based ownership tracking. When the platform does not support connection metadata, fall back to the local secrets-state so connections created outside the SDK (e.g. Terraform/console) are never deleted. Surface auth connection deletions in the important-deletion confirmation prompt.
toiroakr
force-pushed
the
feat/auth-connection-labels
branch
from
f9e49fe to
9e4c726
Compare
This comment has been minimized.
This comment has been minimized.
Drop inline comments that merely restated the code and JSDoc on internal helpers, keeping only the exported functions' JSDoc.
commit: |
Code Metrics Report (packages/sdk)
Details | | main (7e4200f) | #1309 (92202d8) | +/- |
|--------------------|----------------|-----------------|-------|
+ | Coverage | 66.0% | 66.1% | +0.1% |
| Files | 394 | 394 | 0 |
| Lines | 13519 | 13522 | +3 |
+ | Covered | 8928 | 8944 | +16 |
+ | Code to Test Ratio | 1:0.4 | 1:0.4 | +0.0 |
| Code | 90419 | 90584 | +165 |
+ | Test | 39066 | 39224 | +158 |Code coverage of files in pull request scope (66.2% → 70.4%)
SDK Configure Bundle Size
Runtime Performance
Type Performance (instantiations)
Reported by octocov |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the deploy CLI’s auth-connection handling to align with the ownership/metadata approach used for other auth resources: connections are labeled via platform metadata (using the auth_connection TRN segment) and deletions are gated by those labels, with a safe fallback to local secrets-state when metadata isn’t supported.
Changes:
- Switch auth connection TRNs from
auth-connectiontoauth_connectionfor platform metadata operations. - Change deletion eligibility: when metadata is unsupported, only delete connections previously tracked in
secrets-state(preventing deletion of externally-managed connections). - Surface auth connection deletions in the “important deletions” confirmation prompt and add unit tests covering the new ownership/deletion behavior.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| packages/sdk/src/cli/commands/deploy/deploy.ts | Includes auth connection deletions in the important-deletion confirmation list. |
| packages/sdk/src/cli/commands/deploy/auth-connection.ts | Uses auth_connection TRNs and label-based ownership; adds secrets-state fallback to constrain deletions when metadata is unsupported. |
| packages/sdk/src/cli/commands/deploy/auth-connection.test.ts | Adds tests for TRN segment usage and deletion behavior across metadata-supported vs unsupported platforms. |
| .changeset/auth-connection-labels.md | Documents the CLI behavior change as a patch release note. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
deploynow tags auth connections with SDK ownership labels (via theauth_connectionTRN) and uses those labels to decide which connections to manage, consistent with every other auth resource.