Draft
Conversation
Add SQL migration for access reviews, campaigns, sources, and entries. Implement coredata types for access entries, reviews, campaigns, source fetches, and supporting enums (decision, flag, MFA status, auth method, connector provider/protocol). Signed-off-by: Bryan Frimin <bryan@getprobo.com>
Introduce an API key-based connector protocol alongside the existing OAuth flow. This allows access source drivers to authenticate with third-party services using static API keys. Signed-off-by: Bryan Frimin <bryan@getprobo.com>
Implement core domain logic for access reviews: entry service for CRUD and decisions, source service for managing access sources, review service for campaign orchestration, and a review engine that flags anomalies (inactive accounts, missing MFA, admin privileges, unknown entries). Signed-off-by: Bryan Frimin <bryan@getprobo.com>
Define the Driver interface that all access source integrations must implement: Name, Snapshot, and IsAdmin methods. Signed-off-by: Bryan Frimin <bryan@getprobo.com>
Signed-off-by: Bryan Frimin <bryan@getprobo.com>
Signed-off-by: Bryan Frimin <bryan@getprobo.com>
Signed-off-by: Bryan Frimin <bryan@getprobo.com>
Signed-off-by: Bryan Frimin <bryan@getprobo.com>
Signed-off-by: Bryan Frimin <bryan@getprobo.com>
Signed-off-by: Bryan Frimin <bryan@getprobo.com>
Signed-off-by: Bryan Frimin <bryan@getprobo.com>
Signed-off-by: Bryan Frimin <bryan@getprobo.com>
Signed-off-by: Bryan Frimin <bryan@getprobo.com>
Signed-off-by: Bryan Frimin <bryan@getprobo.com>
Signed-off-by: Bryan Frimin <bryan@getprobo.com>
Signed-off-by: Bryan Frimin <bryan@getprobo.com>
Signed-off-by: Bryan Frimin <bryan@getprobo.com>
Signed-off-by: Bryan Frimin <bryan@getprobo.com>
Signed-off-by: Bryan Frimin <bryan@getprobo.com>
Implement campaign lifecycle management (create, initialize, cancel, complete) with optimistic locking for state transitions. Add a poll-based worker that fetches access snapshots from configured sources with bounded concurrency, then finalizes campaigns when all fetches complete. Wire the access review service into probod. Signed-off-by: Bryan Frimin <bryan@getprobo.com>
Add GraphQL types, queries, mutations, and resolvers for access reviews, campaigns, sources, and entries. Includes connection-based pagination for sources and entries, campaign lifecycle mutations (initialize, cancel, record decision), and access source CRUD. Signed-off-by: Bryan Frimin <bryan@getprobo.com>
Add pages for viewing the access review, managing access sources, creating sources (OAuth and CSV), and a sidebar navigation link. Includes Relay fragments, mutations, and pagination for the access source list. Signed-off-by: Bryan Frimin <bryan@getprobo.com>
Expose access review operations through the MCP interface: list/get access sources, list/get campaigns, list/get entries, record entry decisions, and initialize/cancel campaigns. Signed-off-by: Bryan Frimin <bryan@getprobo.com>
Test the full access review lifecycle through the GraphQL API: source CRUD, campaign initialization, entry listing with pagination, decision recording, and campaign completion. Signed-off-by: Bryan Frimin <bryan@getprobo.com>
Remove identity_source_id from campaigns (no longer needed), collapse migrations into a single file, remove dead code functions, and add a campaign detail page with collapsible source entries. Signed-off-by: Bryan Frimin <bryan@getprobo.com>
Replace ref.Ref() with new() pointer syntax, update access source driver interface to use typed source names, and clean up GraphQL schema and MCP specification for access review campaigns. Signed-off-by: Bryan Frimin <bryan@getprobo.com>
Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Every return from WithTx/WithConn now wraps the error with context. Also removes the redundant lockCampaignForUpdate method, fixes duplicate source loading in Start, and drops useless doc comments. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Convert ProviderDisplayName to map, remove dead resolvers (Figma, Notion, 1Password) that always returned empty, and drop unused HubSpot CompanyName field with wrong json tag. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Add ConnectorProvider constants and settings structs for Sentry, Supabase, GitHub, Intercom, and Resend. Register driver constructors in the review engine switch and add name resolvers for the source name worker. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Set FieldsPerRecord = -1 so that rows with fewer columns than the header are not rejected. The existing idx < len(row) guards already handle missing columns gracefully. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Return an error instead of silently defaulting to 0 when strconv.Atoi fails on TotalSetSize or EndPosition. This prevents silent truncation of user enumeration. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
All paginated drivers now return ErrPaginationLimitReached instead of silently returning partial data when the 500-page safety cap is exhausted. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Move NameSyncedAt out of the initial claim transaction so that transient resolution failures leave the row eligible for retry. The field is now only set after name resolution succeeds or is permanently skipped. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Wrap layout in Suspense boundary and replace alert() with toast notification in source row delete handler. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Use extracted status/badge helpers, add load-more pagination to campaigns list, and use dateFormat for consistent date display. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Replace useMutationWithToasts with useMutation and explicit onCompleted/onError handlers. Show creation date in connector dropdown to distinguish same-provider connectors. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Replace useMutationWithToasts with useMutation and explicit onCompleted/onError handlers. Use navigate() instead of window.location.href for client-side routing. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Move hooks before early return to fix rules-of-hooks lint error. Clear processedConnectorIdRef on mutation error so OAuth callback can be retried. Replace useMutationWithToasts with explicit error handling. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
aureliensibiril
force-pushed
the
aureliensibiril/eng-136-access-review
branch
from
489fede to
c621d0e
Compare
Remove the UNION fallback that returned all organization sources when no explicit scope rows existed. After removing the last scope source from a campaign, the query now correctly returns an empty list instead of falling back to all org sources. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Extend the connector package to support three token exchange styles (post-form, basic-form, basic-json) and the OAuth2 client credentials grant type. DocuSign and Notion require HTTP Basic auth for token exchange while 1Password uses client_credentials grant for machine-to-machine auth. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Add environment variable blocks for HubSpot, DocuSign, Notion, GitHub, Sentry, and Intercom following the Slack bootstrap pattern. Each provider is opt-in via its CLIENT_ID env var with validation for required secrets. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Remove unused Figma provider, add ConnectorProviders() slice for iteration, and add OnePasswordUsersAPISettings for the new Users API driver. Remove Figma from display name map. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Expand ConnectorProvider enum to 16 providers, add the connectorProviderInfos query on Organization for dynamic frontend rendering, and add createClientCredentialsConnector mutation for 1Password OAuth2 client credentials flow. Inject ConnectorRegistry into the GraphQL resolver. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Inject ConnectorRegistry into the service layer so the review engine can use RefreshableClient for OAuth2 connections with short-lived tokens. Add provider-specific settings fields to CreateConnectorRequest and branch on grant type for 1Password driver selection. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Allow Sentry driver to auto-discover the organization slug from the OAuth token when not explicitly configured. Add a new OnePasswordUsersAPIDriver that fetches users from the 1Password Users API v1beta1 with paginated requests. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Use connectorProviderInfos from GraphQL to dynamically render provider cards with OAuth, API key, and client credentials options. Add client credentials mutation support for 1Password and dynamic extra settings fields. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Add unit tests for the three token exchange styles and client credentials token caching. Add E2E tests covering API key connector creation, client credentials connector creation, deletion, provider info query, and RBAC. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Single component that renders a vendor SVG by name with an optional tint mode that renders monochrome logos adapting to the current theme via grayscale filter and dark:invert. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Add a search input to filter providers by name, render tinted vendor logos next to provider names using VendorLogo, and replace the plain text Region field with a select dropdown for 1Password client credentials. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Use grayscale and brightness-0 Tailwind utilities instead of inline style filter so that dark:invert can properly compose and render white logos on dark backgrounds. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
aureliensibiril
force-pushed
the
aureliensibiril/eng-136-access-review
branch
from
13a33a5 to
62b2960
Compare
Add connector entries for Linear, HubSpot, DocuSign, Notion, GitHub, Sentry, and Intercom with placeholder credentials and correct auth/token URLs from each provider's docs. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Add Brex OAuth bootstrap with Authorization Code Grant using accounts-api.brex.com endpoints. Add Linear and Brex entries to dev config with placeholder credentials. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Move the provider list into a modal dialog triggered from the sources tab, matching the established pattern used by Documents and Assets. Handle OAuth callback connector_id directly in the sources tab instead of a dedicated page. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
Delete the dedicated access source page and its route now that the dialog handles provider selection and the sources tab handles OAuth callbacks. Give the CSV page its own query and fix its back link to point to the sources tab. Signed-off-by: Aurélien Sibiril <81782+aureliensibiril@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add access review campaigns with full lifecycle management (create, start, close, cancel) and a source fetch worker that pulls account data from connected providers.
Access source drivers (18 providers)
API surface (GraphQL + MCP + CLI)
Console UI
Bug fixes included
Test plan
make testpassesmake lintpasses (0 errors)make test-e2e— access review e2e tests pass