feat: add account_id param to PATCH /api/sandboxes for Org API keys

[sweetmantech]

Summary

• Added optional account_id parameter to PATCH /api/sandboxes endpoint
• Organization API keys can now update snapshots for any account within their organization
• Personal API keys cannot use this parameter (returns 403 if attempted)

Changes

• Updated validateSnapshotPatchBody.ts:
  • Added account_id (UUID) to request body schema
  • Pass account_id to validateAuthContext for authorization

Reference

• Docs PR: feat: add account_id param to PATCH /api/sandboxes for Org API keys docs#26 (merged)
• Pattern matches other endpoints that accept account_id for Org API keys:
  • PATCH /api/pulses
  • POST /api/artists
  • POST /api/workspaces

Test plan

• Org API key can update snapshot for member account using account_id
• Personal API key updating own account (no account_id) works
• Personal API key using account_id returns 403
• Org API key using account_id for non-member account returns 403

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features

  • Snapshot patch requests now support an optional account ID parameter in the request body, enabling flexible account targeting for patch operations.

• Improvements

  • Enhanced validation and error handling for snapshot operations, including refined error messaging and improved validation processing order for better user feedback.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
recoup-api	Ready	Preview	Feb 4, 2026 2:09pm

[github-actions]

Braintrust eval report

Catalog Opportunity Analysis Evaluation (HEAD-1770214139)

Score	Average	Improvements	Regressions
Catalog_availability	0% (+0pp)	-	-
Llm_calls	0 (+0)	-	-
Tool_calls	0 (+0)	-	-
Errors	0 (+0)	-	-
Llm_errors	0 (+0)	-	-
Tool_errors	0 (+0)	-	-
Prompt_tokens	0tok (+0tok)	-	-
Prompt_cached_tokens	0tok (+0tok)	-	-
Prompt_cache_creation_tokens	0tok (+0tok)	-	-
Completion_tokens	0tok (+0tok)	-	-
Completion_reasoning_tokens	0tok (+0tok)	-	-
Total_tokens	0tok (+0tok)	-	-
Duration	45.73s (+44.43s)	-	5 🔴

Catalog Songs Count Evaluation (HEAD-1770214139)

Score	Average	Improvements	Regressions
Llm_calls	4 (+0)	-	-
Tool_calls	0 (+0)	-	-
Errors	3 (+3)	-	3 🔴
Llm_errors	1 (+1)	-	3 🔴
Tool_errors	0 (+0)	-	-
Prompt_tokens	0tok (+0tok)	-	-
Prompt_cached_tokens	0tok (+0tok)	-	-
Prompt_cache_creation_tokens	0tok (+0tok)	-	-
Completion_tokens	0tok (+0tok)	-	-
Completion_reasoning_tokens	0tok (+0tok)	-	-
Total_tokens	0tok (+0tok)	-	-
Duration	18.08s (+16.86s)	-	3 🔴

First Week Album Sales Evaluation (HEAD-1770214139)

Score	Average	Improvements	Regressions
Llm_calls	1 (+0)	-	-
Tool_calls	0 (+0)	-	-
Errors	1 (+1)	-	4 🔴
Llm_errors	0 (+0)	-	-
Tool_errors	0 (+0)	-	-
Prompt_tokens	0tok (+0tok)	-	-
Prompt_cached_tokens	0tok (+0tok)	-	-
Prompt_cache_creation_tokens	0tok (+0tok)	-	-
Completion_tokens	0tok (+0tok)	-	-
Completion_reasoning_tokens	0tok (+0tok)	-	-
Total_tokens	0tok (+0tok)	-	-
Duration	17.08s (+15.85s)	-	4 🔴

Memory & Storage Tools Evaluation (HEAD-1770214139)

Score	Average	Improvements	Regressions
Tools_called	0% (+0pp)	-	-
Llm_calls	0 (+0)	-	-
Tool_calls	0 (+0)	-	-
Errors	0 (+0)	-	-
Llm_errors	0 (+0)	-	-
Tool_errors	0 (+0)	-	-
Prompt_tokens	0tok (+0tok)	-	-
Prompt_cached_tokens	0tok (+0tok)	-	-
Prompt_cache_creation_tokens	0tok (+0tok)	-	-
Completion_tokens	0tok (+0tok)	-	-
Completion_reasoning_tokens	0tok (+0tok)	-	-
Total_tokens	0tok (+0tok)	-	-
Duration	16s (+14.91s)	-	1 🔴

Monthly Listeners Tracking Evaluation (HEAD-1770214139)

Score	Average	Improvements	Regressions
Llm_calls	2	-	-
Tool_calls	0	-	-
Errors	2	-	-
Llm_errors	1	-	-
Tool_errors	0	-	-
Prompt_tokens	0tok	-	-
Prompt_cached_tokens	0tok	-	-
Prompt_cache_creation_tokens	0tok	-	-
Completion_tokens	0tok	-	-
Completion_reasoning_tokens	0tok	-	-
Total_tokens	0tok	-	-
Duration	14.67s	-	-

Search Web Tool Evaluation (HEAD-1770214139)

Score	Average	Improvements	Regressions
Llm_calls	3 (+0)	-	-
Tool_calls	0 (+0)	-	-
Errors	2 (+2)	-	11 🔴
Llm_errors	1 (+1)	-	11 🔴
Tool_errors	0 (+0)	-	-
Prompt_tokens	0tok (+0tok)	-	-
Prompt_cached_tokens	0tok (+0tok)	-	-
Prompt_cache_creation_tokens	0tok (+0tok)	-	-
Completion_tokens	0tok (+0tok)	-	-
Completion_reasoning_tokens	0tok (+0tok)	-	-
Total_tokens	0tok (+0tok)	-	-
Duration	25.12s (+23.88s)	-	11 🔴

Social Scraping Evaluation (HEAD-1770214139)

Score	Average	Improvements	Regressions
Tools_called	0% (+0pp)	-	-
Llm_calls	0 (+0)	-	-
Tool_calls	0 (+0)	-	-
Errors	0 (+0)	-	-
Llm_errors	0 (+0)	-	-
Tool_errors	0 (+0)	-	-
Prompt_tokens	0tok (+0tok)	-	-
Prompt_cached_tokens	0tok (+0tok)	-	-
Prompt_cache_creation_tokens	0tok (+0tok)	-	-
Completion_tokens	0tok (+0tok)	-	-
Completion_reasoning_tokens	0tok (+0tok)	-	-
Total_tokens	0tok (+0tok)	-	-
Duration	29.51s (+28.37s)	-	6 🔴

Spotify Followers Evaluation (HEAD-1770214139)

Score	Average	Improvements	Regressions
Llm_calls	3 (+0)	-	-
Tool_calls	0 (+0)	-	-
Errors	3 (+1)	-	5 🔴
Llm_errors	2 (+1)	-	5 🔴
Tool_errors	0 (+0)	-	-
Prompt_tokens	0tok (+0tok)	-	-
Prompt_cached_tokens	0tok (+0tok)	-	-
Prompt_cache_creation_tokens	0tok (+0tok)	-	-
Completion_tokens	0tok (+0tok)	-	-
Completion_reasoning_tokens	0tok (+0tok)	-	-
Total_tokens	0tok (+0tok)	-	-
Duration	15.88s (+14.87s)	-	5 🔴

Spotify Tools Evaluation (HEAD-1770214139)

Score	Average	Improvements	Regressions
Tools_called	0% (+0pp)	-	-
Llm_calls	0 (+0)	-	-
Tool_calls	0 (+0)	-	-
Errors	0 (+0)	-	-
Llm_errors	0 (+0)	-	-
Tool_errors	0 (+0)	-	-
Prompt_tokens	0tok (+0tok)	-	-
Prompt_cached_tokens	0tok (+0tok)	-	-
Prompt_cache_creation_tokens	0tok (+0tok)	-	-
Completion_tokens	0tok (+0tok)	-	-
Completion_reasoning_tokens	0tok (+0tok)	-	-
Total_tokens	0tok (+0tok)	-	-
Duration	35.05s (+33.76s)	-	2 🔴

TikTok Analytics Questions Evaluation (HEAD-1770214139)

Score	Average	Improvements	Regressions
Question_answered	5% (+5pp)	1 🟢	-
Llm_calls	0 (+0)	-	-
Tool_calls	0 (+0)	-	-
Errors	0 (+0)	-	-
Llm_errors	0 (+0)	-	-
Tool_errors	0 (+0)	-	-
Prompt_tokens	0tok (+0tok)	-	-
Prompt_cached_tokens	0tok (+0tok)	-	-
Prompt_cache_creation_tokens	0tok (+0tok)	-	-
Completion_tokens	0tok (+0tok)	-	-
Completion_reasoning_tokens	0tok (+0tok)	-	-
Total_tokens	0tok (+0tok)	-	-
Duration	14.33s (+13s)	-	2 🔴

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR refactors the snapshot patch validation logic by introducing an optional account_id field to the request body schema, restructuring the SnapshotPatchBody type to exclude authentication context, and deferring authentication validation until after body validation completes.

Changes

Cohort / File(s)	Summary
Snapshot Patch Validation lib/sandbox/validateSnapshotPatchBody.ts	Added optional account_id UUID field to schema; changed SnapshotPatchBody type from intersection with AuthContext to standalone object with accountId and snapshotId; reordered validation flow to process body before auth; removed AuthContext import and updated response composition logic.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Recoupable-com/Recoup-API#198 — Modifies the same validateSnapshotPatchBody function, directly conflicting with or superseding prior implementation of the same validation logic.

Poem

🔄 Validation dances a new rhythm,

Body first, then auth follows suit,

Account IDs flow both ways—

Where context and override meet, clean and bright! ✨

🚥 Pre-merge checks | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Solid & Clean Code	⚠️ Warning	The PR implements a well-structured validator but perpetuates DRY and OCP violations by duplicating the validation pattern across multiple validators instead of extracting shared logic.	Extract the common validation pattern into a reusable factory function that accepts a schema and returns a configured validator, eliminating code duplication and enabling composition.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch sweetmantech/myc-4132-api-filetree-patch-apisandboxessnapshot-accept-account_id

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}