Add support for api key connectors + initial migration of greenhouse …

[Rodri77]

…as greenhouse2

---

Important

Add support for API key connectors and migrate Greenhouse to Greenhouse 2, including schema updates and UI stories.

• API Key Connector Support:
  • Added createApiKeyConnectorDef in createApiKeyConnectorDef.ts for defining API key connectors.
  • Added createAPIKeyConnectorServer in createApiKeyConnectorServer.ts for server-side handling of API key connectors.
  • Introduced apiKeySchemas in schemas.ts for API key schema definitions.
• Greenhouse 2 Migration:
  • Added greenhouse2 connector definition in connectors.meta.ts and greenhouse2.ts.
  • Updated openapi.json and openapi.types.d.ts to include greenhouse2.
• UI Stories:
  • Added stories for acme-apikey and greenhouse2 in ConnectionSettingsForm.stories.tsx, ConnectorConfigForm.stories.tsx, and ConnectorDisplay.stories.tsx.
• Miscellaneous:
  • Updated connectors.def.ts and connectors.server.ts to handle API key connectors.
  • Modified getConnectorModel in connector.models.ts to support new connector types.

^{This description was created by for 6699417. You can customize this summary. It will automatically update as commits are pushed.}

[linear]

OINT-1324

[prophet-code-review-bot]

Bug Report

Name	Severity	Example test case	Description
Insecure API Key Transmission	High	Configure Greenhouse 2 connector and observe network traffic.	API key is transmitted using basic authentication, which is insecure if HTTPS is not enforced.
Unused api_key_location	Medium	Configure Greenhouse 2 connector. Attempt to change the API key location.	The api_key_location field in the Greenhouse 2 JSON definition is not being used. This limits the connector's flexibility.
Hardcoded Logo URL	Low	Inspect the Greenhouse 2 connector configuration.	The logo URL is hardcoded in createApiKeyConnectorDef.ts.
Incorrect comment in schema	Low	Inspect the Greenhouse 2 connector config schema.	The comment in connectors/cnext/auth-apikey/schemas.ts is showing 'Output of the postConnect hook for oauth2 connectors' instead of referencing API Keys.

_{Comments? Email us.}

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
v1	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 6, 2025 3:13pm

[recurseml]

⚠️ Only 5 files will be analyzed due to processing limits.

[recurseml]

⚠️ Only 5 files will be analyzed due to processing limits.

[recurseml]

✨ No issues found! Your code is sparkling clean! ✨

🗒️ View all ignored comments in this repo

• This export statement is redundant as it appears both in the diff and original source code. Adding it again will cause a duplicate export error. The line should be removed since it already exists in the source code.
• Passing a Promise directly to a React component prop is incorrect. The Promise should be resolved before rendering. Either await the result before passing to the component, or use a proper data fetching pattern like React Query or SWR
• Similar to the first bug, this prop is also passing a Promise directly without awaiting it. The API call api.listConnectors() should be awaited before passing the data. Should use 'await' before the API call.

[github-actions]

Stably Runner - Test Suite - 'Pre Merge CI Checks'

Test Suite Run Result: 🟢 Success (2/2 tests passed) [dashboard]

---

This comment was generated from stably-runner-action

[prophet-code-review-bot]

Bug Report

Name: API Key Header Injection Vulnerability
Severity: High
Example test case: Manipulate the 'apiKey' setting to include a newline character followed by a malicious header.
Description: The API key handling in 'createApiKeyConnectorServer.ts' is vulnerable to header injection. If the 'apiKey' contains newline characters, it can be exploited to inject arbitrary headers due to insecure Basic Auth header creation.

_{Comments? Email us.}

[prophet-code-review-bot]

Bug Report

Name	Severity	Example test case	Description
API Key Exposure in Logs	Medium	Examine server-side logs or network traffic	The API key, although potentially base64 encoded, could be exposed if the fetch call or the server it connects to logs headers. The settings containing the api key are exposed in the status message on error.
Inadequate Error Handling	Low	Induce a connection error	The catch block in checkConnection doesn't handle specific error types, potentially making debugging difficult.

_{Comments? Email us.}

[openint-bot]

Looks ok. Do you have videos of this working? Added non-blocking comments Would be good to add a test that this works in a similar way to OAuth. Using something like an Acme API Key similar to Acme (Oauth2) by adding a simple hard-coded api key server in our route.

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed everything up to 22e5d51 in 1 minute and 38 seconds. Click for details.

• Reviewed 1249 lines of code in 19 files
• Skipped 3 files when reviewing.
• Skipped posting 6 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. packages/api-v1/trpc/routers/connector.models.ts:80

• Draft comment:
  Good use of optional chaining for auth properties. Ensure non-OAUTH2 connectors (eg API_KEY) intentionally yield undefined scopes.
• Reason this comment was not posted:
  Confidence changes required: 0% <= threshold 50% None

2. packages/ui-v1/__stories__/ConnectionSettingsForm.stories.tsx:12

• Draft comment:
  Story wrapper correctly checks existence of 'connection_settings'. Confirm that new connectors like 'acme-apikey' and 'greenhouse2' provide this schema.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

3. packages/ui-v1/__stories__/ConnectorConfigForm.stories.tsx:12

• Draft comment:
  ConnectorConfig form story uses a check for 'connector_config' in schemas. Verify that added connectors include this schema section as expected.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

4. packages/ui-v1/__stories__/ConnectorDisplay.stories.tsx:11

• Draft comment:
  ConnectorDisplay story is consistent with other stories. No issues detected.
• Reason this comment was not posted:
  Confidence changes required: 0% <= threshold 50% None

5. packages/api-v1/__generated__/openapi.types.d.ts:8543

• Draft comment:
  It appears that the connector name ‘greenhouse2’ is used in this list, whereas later in the file we have ‘connector.greenhouse’. Please verify if ‘greenhouse2’ is intentional or a typographical error.
• Reason this comment was not posted:
  Comment looked like it was already resolved.

6. packages/api-v1/__generated__/openapi.types.d.ts:9335

• Draft comment:
  Typographical note: The connector name 'connector.greenhouse2.discriminated_connection_settings' stands out compared to the other naming conventions. Please confirm if 'greenhouse2' is intentional or if it should be 'greenhouse'.
• Reason this comment was not posted:
  Comment looked like it was already resolved.

Workflow ID: wflow_7n2kb8xOA9CqyHSQ

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}

[greptile-apps]

PR Summary

Implemented comprehensive API key authentication support with both Acme API Key test connector and a new Greenhouse2 connector migration.

• Added connectors/cnext/auth-apikey/createApiKeyConnectorServer.spec.ts with test coverage for Basic Auth header verification
• Added connectors/cnext/auth-apikey/createAPIKeyConnectorServer.ts with a factory function supporting both Basic Auth and custom header methods
• Marked new greenhouse2 connector as 'alpha' in connectors/cnext/json-defs/greenhouse2.ts until fully validated
• Added test connector acme-apikey for API key verification using /acme-apikey/authorize endpoint
• Integrated @opensdks/sdk-greenhouse@^0.0.8 in cnext/package.json for the new Greenhouse implementation

_{18 file(s) reviewed, 9 comment(s)
Edit PR Review Bot Settings | Greptile}

[greptile-apps]

style: Consider suffixing the displayName with '(API Key)' to better differentiate from the original Greenhouse connector, following the pattern used for other auth variants like 'Zoho (OAuth)'

[greptile-apps]

style: Consider whether 'social-media' is the appropriate vertical for an API key test connector. 'developer-tools' might be more suitable

[greptile-apps]

logic: Setting stage to 'ga' for a test connector could be misleading. Consider using 'alpha' to match the experimental nature

Suggested change

	stage: 'ga',
	stage: 'alpha',

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed 47e5ecf in 1 minute and 19 seconds. Click for details.

• Reviewed 54 lines of code in 3 files
• Skipped 0 files when reviewing.
• Skipped posting 3 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. connectors/cnext/auth-apikey/def.ts:18

• Draft comment:
  Removed the .default({}) for connector_config. Confirm this change is intentional since it alters the default value behavior.
• Reason this comment was not posted:
  Comment looked like it was already resolved.

2. connectors/cnext/json-defs/acme-apikey.ts:10

• Draft comment:
  Redundant connector_config and connection_settings have been removed. Verify that consumers don’t depend on explicit defaults here.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% The comment is asking the PR author to verify that consumers don't depend on explicit defaults, which violates the rule against asking the author to confirm or verify things. It doesn't provide a specific suggestion or point out a specific issue.

3. connectors/cnext/json-defs/greenhouse2.ts:10

• Draft comment:
  Removed redundant connector_config and connection_settings entries. Ensure that this change aligns with the intended behavior of the auth schema.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 30% <= threshold 50% The comment is asking the PR author to ensure that the change aligns with the intended behavior, which violates the rule against asking for confirmation of intention. However, it does point out a specific change (removal of entries) which could be useful if it were rephrased to focus on the change itself rather than asking for confirmation.

Workflow ID: wflow_NpfMSkWNudezaB7L

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed ecc4e5d in 1 minute and 15 seconds. Click for details.

• Reviewed 60 lines of code in 4 files
• Skipped 0 files when reviewing.
• Skipped posting 4 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. connectors/cnext/auth-apikey/createApiKeyConnectorDef.ts:18

• Draft comment:
  Return merged base schema instead of constructing a new object with just def shapes. Ensure this meets the intended behavior when no extra config is provided.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 50% <= threshold 50% The comment suggests a change in the code logic by returning a merged base schema instead of constructing a new object. However, it also asks the author to ensure that this meets the intended behavior, which violates the rule against asking for confirmation of intended behavior. The suggestion part is valid, but the request for confirmation is not.

2. connectors/cnext/auth-apikey/schemas.ts:28

• Draft comment:
  Updated description text to correctly refer to 'API Key-based providers'.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

3. connectors/cnext/connectors.def.ts:17

• Draft comment:
  Improved error message to include the unsupported auth type for clearer debugging.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

4. connectors/cnext/connectors.server.ts:29

• Draft comment:
  Enhanced error message by JSON-stringifying the auth object for more detailed debugging output.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

Workflow ID: wflow_PazpmjOEHA0m36dK

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed 6699417 in 1 minute and 1 seconds. Click for details.

• Reviewed 57 lines of code in 3 files
• Skipped 0 files when reviewing.
• Skipped posting 1 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. packages/api-v1/__generated__/openapi.types.d.ts:318

• Draft comment:
  Auto-generated file: ensure changes originate from the API spec and avoid manual modifications.
• Reason this comment was not posted:
  Confidence changes required: 0% <= threshold 50% None

Workflow ID: wflow_KPNQT2hYrbBk0FPd

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}