Updated automation read response shape

cmraible · cmraible · commit 9ae240bdea2d · 2026-05-05T18:10:23.000-07:00
The automation read endpoint is still static in this PR, but it should match the upcoming editable automation graph contract so clients can build against the intended actions and edges payload.

The secret scan query-string rule now ignores template interpolation placeholders, keeping the existing token URL tests readable without weakening literal credential detection.
diff --git a/.secretlintrc.json b/.secretlintrc.json
@@ -16,7 +16,7 @@
           {
             "name": "credential in URL query string",
             "patterns": [
-              "/[?&](?:token|api[_-]?key|access[_-]?token|auth[_-]?token|client[_-]?secret|secret|password)=(?<CREDENTIAL>(?!p\\.)[^&\\s\"'<>]{16,})/i"
+              "/[?&](?:token|api[_-]?key|access[_-]?token|auth[_-]?token|client[_-]?secret|secret|password)=(?<CREDENTIAL>(?!p\\.|\\$\\{)[^&\\s\"'<>]{16,})/i"
             ]
           },
           {
diff --git a/ghost/core/core/server/api/endpoints/automations.js b/ghost/core/core/server/api/endpoints/automations.js
@@ -35,8 +35,33 @@ const controller = {
         query(frame) {
             return {
                 id: frame.data.id,
+                slug: 'member-welcome-email-free',
                 name: 'Welcome email',
-                status: 'active'
+                status: 'active',
+                created_at: '2026-05-05T00:00:00.000Z',
+                updated_at: '2026-05-05T00:00:00.000Z',
+                actions: [{
+                    id: '67f3f3f3f3f3f3f3f3f3f3f4',
+                    type: 'wait',
+                    data: {
+                        wait_hours: 24
+                    }
+                }, {
+                    id: '67f3f3f3f3f3f3f3f3f3f3f5',
+                    type: 'send email',
+                    data: {
+                        email_subject: 'Welcome!',
+                        email_lexical: '{"root":{"children":[]}}',
+                        email_sender_name: null,
+                        email_sender_email: null,
+                        email_sender_reply_to: null,
+                        email_design_setting_id: '680000000000000000000001'
+                    }
+                }],
+                edges: [{
+                    source_action_id: '67f3f3f3f3f3f3f3f3f3f3f4',
+                    target_action_id: '67f3f3f3f3f3f3f3f3f3f3f5'
+                }]
             };
         }
     },
diff --git a/ghost/core/test/e2e-api/admin/__snapshots__/automations.test.js.snap b/ghost/core/test/e2e-api/admin/__snapshots__/automations.test.js.snap
@@ -72,3 +72,58 @@ Object {
   "x-powered-by": "Express",
 }
 `;
+
+exports[`Automations API read returns a placeholder automation for the requested id 1: [body] 1`] = `
+Object {
+  "automations": Array [
+    Object {
+      "actions": Array [
+        Object {
+          "data": Object {
+            "wait_hours": 24,
+          },
+          "id": "67f3f3f3f3f3f3f3f3f3f3f4",
+          "type": "wait",
+        },
+        Object {
+          "data": Object {
+            "email_design_setting_id": "680000000000000000000001",
+            "email_lexical": "{\\"root\\":{\\"children\\":[]}}",
+            "email_sender_email": null,
+            "email_sender_name": null,
+            "email_sender_reply_to": null,
+            "email_subject": "Welcome!",
+          },
+          "id": "67f3f3f3f3f3f3f3f3f3f3f5",
+          "type": "send email",
+        },
+      ],
+      "created_at": "2026-05-05T00:00:00.000Z",
+      "edges": Array [
+        Object {
+          "source_action_id": "67f3f3f3f3f3f3f3f3f3f3f4",
+          "target_action_id": "67f3f3f3f3f3f3f3f3f3f3f5",
+        },
+      ],
+      "id": "67f3f3f3f3f3f3f3f3f3f3f3",
+      "name": "Welcome email",
+      "slug": "member-welcome-email-free",
+      "status": "active",
+      "updated_at": "2026-05-05T00:00:00.000Z",
+    },
+  ],
+}
+`;
+
+exports[`Automations API read returns a placeholder automation for the requested id 2: [headers] 1`] = `
+Object {
+  "access-control-allow-origin": "http://127.0.0.1:2369",
+  "cache-control": "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0",
+  "content-length": "666",
+  "content-type": "application/json; charset=utf-8",
+  "content-version": StringMatching /v\\\\d\\+\\\\\\.\\\\d\\+/,
+  "etag": StringMatching /\\(\\?:W\\\\/\\)\\?"\\(\\?:\\[ !#-\\\\x7E\\\\x80-\\\\xFF\\]\\*\\|\\\\r\\\\n\\[\\\\t \\]\\|\\\\\\\\\\.\\)\\*"/,
+  "vary": "Accept-Version, Origin, Accept-Encoding",
+  "x-powered-by": "Express",
+}
+`;
diff --git a/ghost/core/test/e2e-api/admin/automations.test.js b/ghost/core/test/e2e-api/admin/automations.test.js
@@ -77,16 +77,15 @@ describe('Automations API', function () {
         it('returns a placeholder automation for the requested id', async function () {
             const automationId = '67f3f3f3f3f3f3f3f3f3f3f3';
 
-            const {body} = await agent
+            await agent
                 .get(`automations/${automationId}`)
                 .expectStatus(200)
-                .expect(cacheInvalidateHeaderNotSet());
-
-            assert.deepEqual(body.automations, [{
-                id: automationId,
-                name: 'Welcome email',
-                status: 'active'
-            }]);
+                .expect(cacheInvalidateHeaderNotSet())
+                .matchBodySnapshot()
+                .matchHeaderSnapshot({
+                    'content-version': anyContentVersion,
+                    etag: anyEtag
+                });
         });
     });
 
diff --git a/ghost/core/test/unit/api/endpoints/automations.test.js b/ghost/core/test/unit/api/endpoints/automations.test.js
@@ -72,8 +72,33 @@ describe('Automations controller', function () {
 
             assert.deepEqual(result, {
                 id: '67f3f3f3f3f3f3f3f3f3f3f3',
+                slug: 'member-welcome-email-free',
                 name: 'Welcome email',
-                status: 'active'
+                status: 'active',
+                created_at: '2026-05-05T00:00:00.000Z',
+                updated_at: '2026-05-05T00:00:00.000Z',
+                actions: [{
+                    id: '67f3f3f3f3f3f3f3f3f3f3f4',
+                    type: 'wait',
+                    data: {
+                        wait_hours: 24
+                    }
+                }, {
+                    id: '67f3f3f3f3f3f3f3f3f3f3f5',
+                    type: 'send email',
+                    data: {
+                        email_subject: 'Welcome!',
+                        email_lexical: '{"root":{"children":[]}}',
+                        email_sender_name: null,
+                        email_sender_email: null,
+                        email_sender_reply_to: null,
+                        email_design_setting_id: '680000000000000000000001'
+                    }
+                }],
+                edges: [{
+                    source_action_id: '67f3f3f3f3f3f3f3f3f3f3f4',
+                    target_action_id: '67f3f3f3f3f3f3f3f3f3f3f5'
+                }]
             });
         });
     });

Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,7 @@`
`16`	`16`	`{`
`17`	`17`	`"name": "credential in URL query string",`
`18`	`18`	`"patterns": [`
`19`		`- "/[?&](?:token\|api[_-]?key\|access[_-]?token\|auth[_-]?token\|client[_-]?secret\|secret\|password)=(?<CREDENTIAL>(?!p\\.)[^&\\s\"'<>]{16,})/i"`
	`19`	`+ "/[?&](?:token\|api[_-]?key\|access[_-]?token\|auth[_-]?token\|client[_-]?secret\|secret\|password)=(?<CREDENTIAL>(?!p\\.\|\\$\\{)[^&\\s\"'<>]{16,})/i"`
`20`	`20`	`]`
`21`	`21`	`},`
`22`	`22`	`{`