feat: ListCurrentUserPAT RPC with RQL support

[AmanGIT07]

Description:

Summary

• Implement ListCurrentUserPATs RPC to list PATs for the authenticated user within an org
• Add RQL support with filters, search, sort, and pagination
• Derive and enrich each PAT response with role_ids and project_ids.
• Add authorization check (GetPermission on the org) for the RPC

Manual tests:

• grpcurl ListCurrentUserPATs with no query returns all PATs with default pagination
• Filters work: eq, like on title
• Search works case-insensitively across id and title
• Sort works on created_at, expires_at, last_used_at
• Pagination returns correct offset, limit, total_count
• role_ids and project_ids are correctly populated
• Empty result returns [] not error
• Unauthorized user gets permission denied

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
frontier	Ready	Preview, Comment	Mar 13, 2026 0:11am

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

Release Notes

New Features

• Added capability to list personal access tokens with advanced filtering, sorting, and pagination support
• Personal access tokens now display associated role and project information for enhanced scope visibility

Walkthrough

This PR introduces a complete listing capability for Personal Access Tokens (PATs) with RQL-based filtering and pagination. Changes encompass service layer enhancements with scope enrichment (RoleIDs/ProjectIDs), repository-level RQL support, new API handlers, authorization validation, protobuf definitions, and supporting mock infrastructure across the stack.

Changes

Cohort / File(s)	Summary
Core PAT Models core/userpat/models/pat.go	Added RoleIDs and ProjectIDs fields to PAT struct; introduced new PATList struct containing PATs slice and pagination metadata.
Service Layer Interfaces & Implementations core/userpat/service.go, core/userpat/userpat.go, internal/api/v1beta1connect/interfaces.go	Added List method to PolicyService interface; implemented List on Service with scope enrichment via enrichWithScope; added List to Repository and UserPATService interfaces.
Service Mock Infrastructure core/userpat/mocks/policy_service.go, core/userpat/mocks/repository.go, internal/api/v1beta1connect/mocks/user_pat_service.go	Generated mock implementations for List methods with Run, Return, and RunAndReturn helper methods across PolicyService, Repository, and UserPATService mocks.
Repository Implementation internal/store/postgres/userpat_repository.go	Implemented List method with RQL filtering, searching, and pagination support; added helpers buildPATFilteredQuery, countPATs, and applySort for composing dynamic queries.
API Handler internal/api/v1beta1connect/user_pat.go	Implemented ListCurrentUserPATs HTTP handler with validation and error handling; extended transformPATToPB to populate RoleIds and ProjectIds fields.
Authorization & Interceptors pkg/server/connect_interceptors/authorization.go	Added authorization validation entry for ListCurrentUserPATsProcedure, checking GetPermission on OrganizationNamespace.
Protobuf RPC Definitions proto/v1beta1/frontierv1beta1connect/frontier.connect.go	Added ListCurrentUserPATs and GetCurrentUserPAT RPCs with client and server wiring, procedure constants, and unimplemented handlers.
Protobuf Validation proto/v1beta1/frontier.pb.validate.go	Generated Validate and ValidateAll methods for message types with validation error types and multi-error handling for runtime constraint validation.
Build Configuration Makefile	Updated PROTON_COMMIT constant to latest version.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~50 minutes

Possibly related PRs

• feat: PAT authentication chain, token validation, and error handling #1442: Overlapping changes in core/userpat domain types and repository mock infrastructure
• feat: CreateCurrentUserPAT RPC implementation #1401: Related modifications to userpat service behavior and policy grant semantics

Suggested reviewers

• rohilsurana
• whoAbhishekSah

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coveralls]

Pull Request Test Coverage Report for Build 23050230356

Details

• 2 of 171 (1.17%) changed or added relevant lines in 4 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage decreased (-0.2%) to 40.56%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
pkg/server/connect_interceptors/authorization.go	0	4	0.0%
core/userpat/service.go	0	37	0.0%
internal/api/v1beta1connect/user_pat.go	2	44	4.55%
internal/store/postgres/userpat_repository.go	0	86	0.0%

Totals
Change from base Build 23039825042:	-0.2%
Covered Lines:	14204
Relevant Lines:	35020

---

💛 - Coveralls

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

internal/store/postgres/userpat_repository.go (1)

213-227: Consider validating sort column names against an allowlist.

The applySort function passes sortItem.Name directly to goqu.C() without validating it against a list of allowed sortable columns. While RQL validation occurs at the API layer against the model struct, adding validation here would provide defense-in-depth, especially since the PR mentions last_used_at is sortable but it's not in patRQLFilterSupportedColumns.

♻️ Suggested improvement

+var patRQLSortSupportedColumns = []string{"id", "title", "expires_at", "created_at", "last_used_at"}
+
 func (r UserPATRepository) applySort(query *goqu.SelectDataset, rqlQuery *rql.Query) *goqu.SelectDataset {
 	if len(rqlQuery.Sort) > 0 {
 		for _, sortItem := range rqlQuery.Sort {
+			if !slices.Contains(patRQLSortSupportedColumns, sortItem.Name) {
+				continue // skip invalid sort columns
+			}
 			switch sortItem.Order {
 			case "desc":
 				query = query.OrderAppend(goqu.C(sortItem.Name).Desc())
 			default:
 				query = query.OrderAppend(goqu.C(sortItem.Name).Asc())
 			}
 		}
 	} else {
 		query = query.Order(goqu.C("created_at").Desc())
 	}
 	return query
 }

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: dd38e0c5-5827-4f42-97a6-bff0181705fe

📥 Commits

Reviewing files that changed from the base of the PR and between 79323c0 and 99615b7.

⛔ Files ignored due to path filters (2)

• proto/v1beta1/frontier.pb.go is excluded by !**/*.pb.go
• proto/v1beta1/models.pb.go is excluded by !**/*.pb.go

📒 Files selected for processing (13)

• Makefile
• core/userpat/mocks/policy_service.go
• core/userpat/mocks/repository.go
• core/userpat/models/pat.go
• core/userpat/service.go
• core/userpat/userpat.go
• internal/api/v1beta1connect/interfaces.go
• internal/api/v1beta1connect/mocks/user_pat_service.go
• internal/api/v1beta1connect/user_pat.go
• internal/store/postgres/userpat_repository.go
• pkg/server/connect_interceptors/authorization.go
• proto/v1beta1/frontier.pb.validate.go
• proto/v1beta1/frontierv1beta1connect/frontier.connect.go