Merge test to main

[sweetmantech]

Merge test branch into main

Summary by CodeRabbit

• New Features
  • Added API endpoint for initiating sandbox setup with authentication support via API key or Bearer token
  • Sandbox setup operations now execute asynchronously as background tasks with status and run ID tracking
  • Supports both organization and personal sandbox configurations with optional account overrides

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
recoup-api	Ready	Preview	Feb 12, 2026 2:37am

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request adds a new /api/sandboxes/setup POST endpoint that validates sandbox setup requests, authenticates users via API keys or Bearer tokens, and triggers background setup tasks through Trigger.dev. The implementation spans route handlers, request validation, authentication integration, and task orchestration.

Changes

Cohort / File(s)	Summary
API Route Handler app/api/sandboxes/setup/route.ts	Implements OPTIONS and POST handlers for CORS preflight and sandbox setup requests, delegating to setupSandboxHandler and forwarding responses.
Request Validation & Business Logic lib/sandbox/validateSetupSandboxBody.ts, lib/sandbox/setupSandboxHandler.ts	Validates request body (UUID schema for optional account_id), authenticates context, and orchestrates setup workflow with error handling and CORS headers.
Background Task Integration lib/trigger/triggerSetupSandbox.ts	Wraps Trigger.dev SDK to invoke "setup-sandbox" task with accountId parameter.

Sequence Diagram

sequenceDiagram
    participant Client
    participant Route as POST Handler
    participant Validate as validateSetupSandboxBody
    participant Auth as validateAuthContext
    participant Handler as setupSandboxHandler
    participant Trigger as triggerSetupSandbox
    participant TaskQueue as Trigger.dev

    Client->>Route: POST /api/sandboxes/setup
    Route->>Validate: validateSetupSandboxBody(request)
    Validate->>Validate: Parse & validate body schema
    Validate->>Auth: validateAuthContext(request, {accountId})
    Auth-->>Validate: Auth context or error response
    alt Auth Error
        Validate-->>Route: NextResponse (error)
        Route-->>Client: 401/403 Error
    else Auth Success
        Validate-->>Route: {accountId}
        Route->>Handler: setupSandboxHandler(request)
        Handler->>Validate: validateSetupSandboxBody(request)
        Validate-->>Handler: {accountId}
        Handler->>Trigger: triggerSetupSandbox(accountId)
        Trigger->>TaskQueue: tasks.trigger("setup-sandbox", {accountId})
        TaskQueue-->>Trigger: Task handle {runId}
        Trigger-->>Handler: Task handle
        Handler-->>Route: {status: "success", runId} + 200
        Route-->>Client: 200 OK with runId
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~30 minutes

Possibly related PRs

• feat: auto-create GitHub repo on first sandbox creation #210: Adds alternative call site for triggerSetupSandbox with expanded payload to initiate sandbox setup tasks post-creation.

Poem

🚀 A sandbox setup dance begins,
Validation guards the gates within,
Auth checks pass, tasks take flight,
Trigger.dev brings workflows bright! ✨

🚥 Pre-merge checks | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Solid & Clean Code	⚠️ Warning	The pull request contains code duplication that violates the DRY principle, with identical validation error handling patterns repeated across multiple functions and hardcoded task names reducing maintainability.	Extract Zod validation error handling into a reusable utility function and define task names as centralized constants to eliminate duplication and improve code maintainability.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch test

---

No actionable comments were generated in the recent review. 🎉

🧹 Recent nitpick comments

lib/sandbox/validateSetupSandboxBody.ts (1)

8-14: Export an inferred type from the Zod schema for the input shape.

The SetupSandboxBody type is manually defined rather than inferred from setupSandboxBodySchema. Since the output shape (accountId) differs from the schema's input shape (account_id), consider at minimum exporting the inferred input type alongside your output type. This keeps the schema and types in sync and avoids silent drift.

♻️ Suggested approach

 export const setupSandboxBodySchema = z.object({
   account_id: z.string().uuid("account_id must be a valid UUID").optional(),
 });

+export type SetupSandboxBodyInput = z.infer<typeof setupSandboxBodySchema>;
+
 export type SetupSandboxBody = {
   accountId: string;
 };

As per coding guidelines, lib/**/validate*.ts: "Export inferred types for validated data".

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}