Skip to content

refactor: remove org key dead code and update stale comments#320

Closed
sweetmantech wants to merge 1 commit intotestfrom
refactor/remove-org-key-dead-code
Closed

refactor: remove org key dead code and update stale comments#320
sweetmantech wants to merge 1 commit intotestfrom
refactor/remove-org-key-dead-code

Conversation

@sweetmantech
Copy link
Copy Markdown
Contributor

@sweetmantech sweetmantech commented Mar 20, 2026
edited by coderabbitai bot
Loading

Summary

  • Deleted lib/keys/org/ (createOrgApiKeysHandler, getOrgApiKeysHandler, onlyOrgAccounts)
  • Updated stale "org key" / "organization API key" comments across handlers and tests
  • Simplified key handlers that previously branched on org vs personal

Test plan

  • All tests pass
  • No functional auth changes — only dead code removal and comment updates

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Documentation

    • Enhanced API route and function documentation with detailed parameter annotations throughout the codebase.
    • Updated authorization descriptions across endpoints to clarify access requirements for account overrides.

  • Bug Fixes

    • Removed support for organization-scoped API key creation and management.
    • Restricted API key deletion to owner accounts only.

@claude @sweetmantech
api: remove org key dead code and update stale comments
a125119 
- Delete lib/keys/org/ directory (createOrgApiKeysHandler, getOrgApiKeysHandler, onlyOrgAccounts)
- Simplify createApiKeyHandler and getApiKeysHandler to remove org delegation branches
- Simplify deleteApiKeyHandler to only allow deleting own keys (removed org membership check)
- Remove organizationId field from validateCreateApiKeyBody schema
- Update ~60 stale "org key" / "personal key" comments across handlers, validators, and test descriptions to reflect that all keys are now personal

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@vercel
Copy link
Copy Markdown
Contributor

vercel bot commented Mar 20, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
recoup-api Ready Ready Preview Mar 20, 2026 1:53am

Request Review

@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Mar 20, 2026
edited
Loading

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 2a7a8182-ee91-450e-8fc6-a829de16bc9c

📥 Commits

Reviewing files that changed from the base of the PR and between 59da4c2 and a125119.

⛔ Files ignored due to path filters (44)
  • AGENTS.md is excluded by none and included by none
  • lib/admins/emails/__tests__/validateGetAdminEmailsQuery.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/artists/__tests__/buildGetArtistsParams.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/artists/__tests__/createArtistPostHandler.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/artists/__tests__/validateCreateArtistBody.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/artists/__tests__/validateGetArtistsRequest.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/auth/__tests__/validateAuthContext.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/chat/__tests__/handleChatGenerate.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/chat/__tests__/handleChatStream.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/chat/__tests__/integration/chatEndToEnd.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/chat/__tests__/validateChatRequest.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/chats/__tests__/buildGetChatsParams.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/chats/__tests__/getChatsHandler.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/chats/__tests__/validateGetChatsRequest.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/chats/__tests__/validateUpdateChatBody.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/coding-agent/__tests__/handleGitHubWebhook.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/coding-agent/__tests__/onMergeTestToMainAction.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/content/__tests__/validateCreateContentBody.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/evals/callChatFunctions.ts is excluded by !**/evals/** and included by lib/**
  • lib/evals/callChatFunctionsWithResult.ts is excluded by !**/evals/** and included by lib/**
  • lib/evals/createToolsCalledScorer.ts is excluded by !**/evals/** and included by lib/**
  • lib/evals/extractTextFromResult.ts is excluded by !**/evals/** and included by lib/**
  • lib/evals/extractTextResultFromSteps.ts is excluded by !**/evals/** and included by lib/**
  • lib/evals/getCatalogSongsCountExpected.ts is excluded by !**/evals/** and included by lib/**
  • lib/evals/getSpotifyFollowersExpected.ts is excluded by !**/evals/** and included by lib/**
  • lib/evals/scorers/CatalogAvailability.ts is excluded by !**/evals/** and included by lib/**
  • lib/evals/scorers/QuestionAnswered.ts is excluded by !**/evals/** and included by lib/**
  • lib/evals/scorers/ToolsCalled.ts is excluded by !**/evals/** and included by lib/**
  • lib/flamingo/__tests__/getFlamingoPresetsHandler.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/mcp/__tests__/verifyApiKey.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/mcp/tools/chats/__tests__/registerGetChatsTool.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/notifications/__tests__/createNotificationHandler.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/notifications/__tests__/validateCreateNotificationBody.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/organizations/__tests__/buildGetOrganizationsParams.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/pulse/__tests__/buildGetPulsesParams.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/pulse/__tests__/getPulsesHandler.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/pulse/__tests__/validateGetPulsesRequest.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/sandbox/__tests__/buildGetSandboxesParams.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/sandbox/__tests__/getSandboxesHandler.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/sandbox/__tests__/validateGetSandboxesRequest.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/sandbox/__tests__/validateSetupSandboxBody.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/supabase/pulse_accounts/__tests__/selectPulseAccounts.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/tasks/__tests__/getTaskRunHandler.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
  • lib/tasks/__tests__/validateGetTaskRunQuery.test.ts is excluded by !**/*.test.*, !**/__tests__/** and included by lib/**
📒 Files selected for processing (98)
  • app/api/accounts/[id]/route.ts
  • app/api/admins/privy/route.ts
  • app/api/artists/route.ts
  • app/api/chat/generate/route.ts
  • app/api/chat/route.ts
  • app/api/coding-agent/[platform]/route.ts
  • app/api/notifications/route.ts
  • app/api/organizations/route.ts
  • app/api/pulses/route.ts
  • app/api/sandboxes/route.ts
  • app/api/sandboxes/setup/route.ts
  • app/api/songs/analyze/presets/route.ts
  • app/api/transcribe/route.ts
  • app/api/workspaces/route.ts
  • lib/accounts/validateOverrideAccountId.ts
  • lib/admins/privy/countNewAccounts.ts
  • lib/admins/privy/fetchPrivyLogins.ts
  • lib/admins/privy/getCutoffMs.ts
  • lib/admins/privy/getLatestVerifiedAt.ts
  • lib/admins/privy/toMs.ts
  • lib/ai/getModel.ts
  • lib/ai/isEmbedModel.ts
  • lib/artists/buildGetArtistsParams.ts
  • lib/artists/createArtistPostHandler.ts
  • lib/artists/getArtistsHandler.ts
  • lib/artists/validateGetArtistsRequest.ts
  • lib/auth/validateAccountIdOverride.ts
  • lib/auth/validateAuthContext.ts
  • lib/catalog/formatCatalogSongsAsCSV.ts
  • lib/catalog/getCatalogDataAsCSV.ts
  • lib/catalog/getCatalogSongs.ts
  • lib/catalog/getCatalogs.ts
  • lib/chat/toolChains/getPrepareStepResult.ts
  • lib/chats/createChatHandler.ts
  • lib/chats/getChatsHandler.ts
  • lib/chats/processCompactChatRequest.ts
  • lib/chats/validateGetChatsRequest.ts
  • lib/coding-agent/encodeGitHubThreadId.ts
  • lib/coding-agent/handleMergeSuccess.ts
  • lib/coding-agent/parseMergeActionId.ts
  • lib/coding-agent/parseMergeTestToMainActionId.ts
  • lib/composio/getCallbackUrl.ts
  • lib/content/contentTemplates.ts
  • lib/content/createContentHandler.ts
  • lib/content/getArtistContentReadiness.ts
  • lib/content/getArtistFileTree.ts
  • lib/content/getArtistRootPrefix.ts
  • lib/content/getContentValidateHandler.ts
  • lib/content/isCompletedRun.ts
  • lib/content/persistCreateContentRunVideo.ts
  • lib/content/validateCreateContentBody.ts
  • lib/content/validateGetContentEstimateQuery.ts
  • lib/content/validateGetContentValidateQuery.ts
  • lib/credits/getCreditUsage.ts
  • lib/credits/handleChatCredits.ts
  • lib/emails/processAndSendEmail.ts
  • lib/flamingo/getFlamingoPresetsHandler.ts
  • lib/github/expandSubmoduleEntries.ts
  • lib/github/getRepoGitModules.ts
  • lib/github/resolveSubmodulePath.ts
  • lib/keys/createApiKeyHandler.ts
  • lib/keys/createKey.ts
  • lib/keys/deleteApiKeyHandler.ts
  • lib/keys/getApiKeysHandler.ts
  • lib/keys/org/createOrgApiKeysHandler.ts
  • lib/keys/org/getOrgApiKeysHandler.ts
  • lib/keys/org/onlyOrgAccounts.ts
  • lib/keys/validateCreateApiKeyBody.ts
  • lib/mcp/resolveAccountId.ts
  • lib/mcp/tools/artists/registerCreateNewArtistTool.ts
  • lib/mcp/tools/chats/registerGetChatsTool.ts
  • lib/mcp/tools/pulse/registerGetPulsesTool.ts
  • lib/mcp/tools/sandbox/registerPromptSandboxTool.ts
  • lib/mcp/tools/transcribe/registerTranscribeAudioTool.ts
  • lib/notifications/createNotificationHandler.ts
  • lib/organizations/getOrganizationsHandler.ts
  • lib/organizations/validateGetOrganizationsRequest.ts
  • lib/prompts/getSystemPrompt.ts
  • lib/pulse/getPulsesHandler.ts
  • lib/pulse/validateGetPulsesRequest.ts
  • lib/sandbox/getSandboxesHandler.ts
  • lib/sandbox/validateDeleteSandboxBody.ts
  • lib/sandbox/validateSandboxBody.ts
  • lib/sandbox/validateSetupSandboxBody.ts
  • lib/sandbox/validateSnapshotPatchBody.ts
  • lib/spotify/getSpotifyFollowers.ts
  • lib/supabase/account_artist_ids/getAccountArtistIds.ts
  • lib/supabase/account_workspace_ids/getAccountWorkspaceIds.ts
  • lib/supabase/files/createFileRecord.ts
  • lib/supabase/song_artists/insertSongArtists.ts
  • lib/supabase/storage/uploadFileByKey.ts
  • lib/tasks/validateGetTaskRunQuery.ts
  • lib/transcribe/processAudioTranscription.ts
  • lib/transcribe/saveAudioToFiles.ts
  • lib/transcribe/saveTranscriptToFiles.ts
  • lib/transcribe/types.ts
  • lib/trigger/triggerCreateContent.ts
  • lib/workspaces/createWorkspacePostHandler.ts
📝 Walkthrough

Walkthrough

This pull request transitions the API's authorization model from organization API keys to an access-control system based on shared organization membership. Changes include removing organization-scoped API key handlers, updating authorization documentation throughout the codebase, and adding JSDoc parameter annotations across numerous functions.

Changes

Cohort / File(s) Summary
Organization API Key Handler Removal
lib/keys/org/createOrgApiKeysHandler.ts, lib/keys/org/getOrgApiKeysHandler.ts, lib/keys/org/onlyOrgAccounts.ts		 Removed three exported helpers that previously enabled organization-scoped API key creation, retrieval, and membership validation. Eliminates org key delegation patterns and related error responses.
API Key Management Changes
lib/keys/createApiKeyHandler.ts, lib/keys/getApiKeysHandler.ts, lib/keys/deleteApiKeyHandler.ts, lib/keys/validateCreateApiKeyBody.ts, lib/keys/createKey.ts		 Removed organizationId parameter handling from request body/query validation and route handlers. Deleted org membership authorization branch from deleteApiKeyHandler. Narrowed createKey documentation scope from "account or organization" to "account."
Authorization Model Documentation Updates – API Routes
app/api/accounts/[id]/route.ts, app/api/admins/privy/route.ts, app/api/artists/route.ts, app/api/chat/generate/route.ts, app/api/chat/route.ts, app/api/coding-agent/[platform]/route.ts, app/api/notifications/route.ts, app/api/organizations/route.ts, app/api/pulses/route.ts, app/api/sandboxes/route.ts, app/api/sandboxes/setup/route.ts, app/api/songs/analyze/presets/route.ts, app/api/transcribe/route.ts, app/api/workspaces/route.ts		 Updated endpoint JSDoc comments to document authorization as "shared org membership or admin access" instead of "org API keys." Also added missing @param tags for route handlers.
Authorization Model Documentation Updates – Libraries
lib/accounts/validateOverrideAccountId.ts, lib/auth/validateAccountIdOverride.ts, lib/auth/validateAuthContext.ts, lib/artists/*, lib/chats/*, lib/organizations/*, lib/pulse/*, lib/sandbox/*, lib/mcp/*, lib/notifications/createNotificationHandler.ts, lib/tasks/validateGetTaskRunQuery.ts, lib/workspaces/createWorkspacePostHandler.ts		 Updated function and handler documentation to reflect authorization based on shared organization membership rather than org API key presence. Revised parameter descriptions for account_id overrides and access conditions.
JSDoc Parameter Documentation
lib/admins/privy/*, lib/ai/*, lib/catalog/*, lib/chat/toolChains/getPrepareStepResult.ts, lib/coding-agent/*, lib/composio/getCallbackUrl.ts, lib/content/*, lib/credits/*, lib/emails/processAndSendEmail.ts, lib/flamingo/getFlamingoPresetsHandler.ts, lib/github/*, lib/mcp/resolveAccountId.ts, lib/prompts/getSystemPrompt.ts, lib/spotify/getSpotifyFollowers.ts, lib/supabase/*, lib/transcribe/*, lib/trigger/triggerCreateContent.ts		 Added comprehensive @param and @returns JSDoc annotations to existing functions, documenting parameters that were previously undocumented. No functional code changes.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

Poem

🔐 From org keys to shared trust so bright,
Authorization flows with membership's light,
Docs now declare what code shall do—
Clean parameters, access rules true! ✨
Old handlers fade, new patterns show,
Clean architecture's gentle flow. 📚

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch refactor/remove-org-key-dead-code
📝 Coding Plan
  • Generate coding plan for human review comments

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sweetmantech