Skip to content

feat(namespace): add device auto-accept setting#6264

Open
danielgatis wants to merge 3 commits intoshellhub-io:masterfrom
danielgatis:upstream/feature/device-auto-accept
Open

feat(namespace): add device auto-accept setting#6264
danielgatis wants to merge 3 commits intoshellhub-io:masterfrom
danielgatis:upstream/feature/device-auto-accept

Conversation

@danielgatis
Copy link
Copy Markdown

@danielgatis danielgatis commented Apr 29, 2026
edited
Loading

Motivation

In controlled environments, operators may want every device that attempts
to connect to be automatically accepted without manual intervention.
This removes the need to periodically visit the pending devices list,
making the workflow less bureaucratic and improving the day-to-day
experience for operators who trust their network.

Summary

  • Add device_auto_accept boolean to namespace settings
  • New devices are automatically accepted when the setting is enabled
  • Dedicated PUT /api/namespaces/device-auto-accept/:tenant route with
    NamespaceDeviceAutoAccept permission (owner + administrator)
  • Postgres migration adds device_auto_accept column to namespaces
  • Auto-accept logic runs inside AuthDevice on first device registration
  • Toggle UI in Settings page with permission gating
  • Setting visible/editable in admin namespace drawer and details view

Closes #4091

Screenshot 2026-04-29 at 5 28 23 PM

Test plan

  • Enable setting in Settings → Devices → Auto-Accept: On
  • Connect a new agent — device appears as accepted, not pending
  • Disable setting — next new device goes to pending
  • Observer/Operator roles cannot toggle the setting (403)
  • go test ./api/services/... ./api/routes/... ./pkg/api/authorizer/...

@danielgatis
feat(namespace): add device auto-accept setting
43979df 
New devices connecting to a namespace are automatically accepted
when the setting is enabled, instead of going to pending queue.
@danielgatis danielgatis requested review from a team as code owners April 29, 2026 20:42
@otavio
Copy link
Copy Markdown
Member

otavio commented Apr 29, 2026

/review

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 29, 2026
edited
Loading

Claude finished @otavio's task in 4m 37s —— View job

Code Review Complete

Reviewed 22 files across code quality, security, testing, Go/TypeScript patterns, and architecture. 2 inline issues posted (2 high).

Additional notes

Cross-repo impact — cloud admin NamespaceUpdate will reset DeviceAutoAccept to false:
The cloud admin endpoint at cloud/internal/admin/services/namespace.go:68-71 explicitly copies Name, SessionRecord, ConnectionAnnouncement, and MaxDevices from the incoming request to the stored namespace — but does not copy DeviceAutoAccept. Since the Go zero value for bool is false, every admin namespace edit (e.g., changing the name or max devices) will silently reset DeviceAutoAccept to false. The EditNamespaceDrawer.tsx sends device_auto_accept in the body, but it's ignored because the cloud service doesn't read it. This is a data-loss bug that needs a one-line fix in the cloud repo:

// cloud/internal/admin/services/namespace.go, after line 70:
ns.Settings.DeviceAutoAccept = namespace.Settings.DeviceAutoAccept

If you've addressed the feedback and want a new review, tag @shellhub-io/admin and a team member can trigger it.

github-actions[bot]
github-actions Bot reviewed Apr 29, 2026
View reviewed changes
Comment thread api/services/auth.go
github-actions[bot]
github-actions Bot reviewed Apr 29, 2026
View reviewed changes
Comment thread ui-react/apps/console/src/pages/Settings.tsx Outdated
@danielgatis
fix(namespace): fix CI failures and code review issues
a15d6cb 
- Fix TS build: add device_auto_accept to BannerEdit settings body
- Fix TS build: use Namespace type instead of NamespaceRoot in drawer
- Fix TS build: add device_auto_accept to test mock settings object
- Fix ESLint: correct import type resolves unsafe-member-access errors
- Fix auth: sync in-memory device status after auto-accept on
  re-registered devices to avoid DeviceUpdate clobbering the DB
- Fix UI: use neutral style for Off toggle button (not primary blue)
@danielgatis
Copy link
Copy Markdown
Author

danielgatis commented Apr 30, 2026

@otavio could i get another /review round? 👋

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 30, 2026

@danielgatis You are not authorized to request an explicit review. If you believe this PR needs a new automated review round, please tag the @shellhub-io/admin team and a team member can trigger it.

@otavio
Copy link
Copy Markdown
Member

otavio commented Apr 30, 2026

/review

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 30, 2026
edited
Loading

Claude finished @otavio's task in 51s —— View job

Code Review Complete

Reviewed 24 files across code quality, security, testing, Go/TypeScript patterns, and architecture. 1 inline issue posted (1 high).

Additional notes

Previous review issues addressed: Both issues from the first review round (the DeviceUpdate clobbering auto-accept status on re-registration, and the "Off" button styling) have been fixed in this revision.

Cross-repo impact (unchanged from previous review): The cloud admin NamespaceUpdate at cloud/internal/admin/services/namespace.go:68-71 still does not copy DeviceAutoAccept from the incoming request. The EditNamespaceDrawer.tsx added a checkbox for this field, but the cloud backend ignores it — toggling auto-accept from the admin panel will silently do nothing. A one-line fix is needed in the cloud repo:

ns.Settings.DeviceAutoAccept = namespace.Settings.DeviceAutoAccept

If you've addressed the feedback and want a new review, tag @shellhub-io/admin and a team member can trigger it.

github-actions[bot]
github-actions Bot reviewed Apr 30, 2026
View reviewed changes
Comment thread pkg/models/namespace.go Outdated
@danielgatis
fix(namespace): remove omitempty from DeviceAutoAccept bson tag
ca8e034 
omitempty on bool causes BSON to omit the field when false, making it
impossible to disable auto-accept on MongoDB deployments.
@otavio
Copy link
Copy Markdown
Member

otavio commented Apr 30, 2026

/review

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 30, 2026
edited
Loading

Claude finished @otavio's task in 7s —— View job

Code Review Complete

Reviewed 24 files across code quality, security, testing, Go/TypeScript patterns, and architecture — no issues found.

Previous review issues addressed: All three issues from prior rounds have been fixed in this revision:

  1. DeviceUpdate clobbering auto-accepted status on re-registration (auth.go) — fixed with in-memory status sync
  2. "Off" button styling mismatch (Settings.tsx) — fixed with correct neutral style
  3. omitempty on DeviceAutoAccept BSON tag (namespace.go) — removed so false persists correctly

Cross-repo impact (unchanged from previous reviews): The cloud admin NamespaceUpdate at cloud/internal/admin/services/namespace.go:68-71 still does not copy DeviceAutoAccept from the incoming request. The EditNamespaceDrawer.tsx added a checkbox for this field, but the cloud backend ignores it — toggling auto-accept from the admin panel will silently do nothing. A one-line fix is needed in the cloud repo:

ns.Settings.DeviceAutoAccept = namespace.Settings.DeviceAutoAccept

If you've addressed the feedback and want a new review, tag @shellhub-io/admin and a team member can trigger it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@danielgatis @otavio