Skip to content

fix(rbac): add app preview API key role#2698

Merged
riderx merged 26 commits into
mainfrom
codex/app-preview-lifecycle-role
Jul 16, 2026
Merged

fix(rbac): add app preview API key role#2698
riderx merged 26 commits into
mainfrom
codex/app-preview-lifecycle-role

Conversation

@riderx

@riderx riderx commented Jul 15, 2026

Copy link
Copy Markdown
Member

Summary

  • keep every selected-app API-key binding attached to its validated owning organization (org_id); app-only keys do not receive an organization-wide role
  • split App Preview into an org-and-app-scoped parent role plus a non-assignable, channel-scoped channel_preview child role
  • automatically create that child binding only when the preview key creates a channel; it is tied to the exact parent binding, organization, app, and channel
  • mark uploaded bundles with the creating preview key and prevent that key from mutating a bundle once a channel it does not manage references it
  • make channel delete --delete-bundle atomically remove only the preview key's own channel and bundle while retaining the existing generic admin cleanup behavior
  • correct the API-key UI wording: organizations are part of the app binding, not a filter-only pseudo-scope
  • synchronize generated users types with the social-username columns already introduced by the merged main migration

Security boundary

An App Preview key can upload a bundle and create a channel in its selected app. Creating that channel gives the same key channel.read, channel.promote_bundle, and channel.delete only for that created channel.

It cannot promote, delete, or otherwise manage the default/main channel, a pre-existing channel, or a channel created by another preview key. It also cannot mutate its own bundle after that bundle is referenced by a channel it does not manage.

The selected organization remains part of the binding. It does not grant organization-wide permissions. App-level read permissions remain available to resolve the selected app and can expose channel metadata; the boundary delivered here is mutation and lifecycle isolation, not strict read isolation.

Procedure after release

  1. Create an API key with Limit this key to selected apps, select the owning organization and preview app, then choose App Preview.
  2. Use the current CLI to create the preview channel. The channel-only grant is created automatically.
  3. Upload and set the preview bundle on that channel.
  4. Use the current CLI's channel delete --delete-bundle for the atomic preview cleanup path.

Migration

Exactly one forward-only migration is included: 20260715213729_app_preview_api_key_role.sql.

Validation

  • fresh-schema RBAC regression: tests/rbac-permissions.test.ts — 26 passed
  • bun lint
  • bun typecheck
  • bun test:unit — 1,047 passed
  • the local Edge Functions server could not complete its Deno dependency download in this host after the interrupted stack restart, so the endpoint lifecycle re-run is left to the new CI cycle

Visual

Create API key dialog showing organization-bound selected-app scope

Summary by CodeRabbit

  • New Features
    • Added apps-only API key scope with an “App Preview” role and per-app role selection.
    • App-preview keys are limited to creating and managing their own channels and bundles.
    • Updated UI messaging/validation for selecting apps in app-only mode.
  • Bug Fixes
    • Tightened RBAC enforcement and removed compatibility behavior that could broaden preview key access.
    • Improved create/update validation and preview deletion/bundle handling (including bundle-deletion flows).
  • Tests
    • Added/expanded Playwright, unit, and end-to-end coverage for app-only key behavior, permission scoping, and preview resource lifecycle.

Note

High Risk
Changes authentication/authorization across migrations, triggers, API key binding rules, and channel/bundle lifecycle endpoints—security-critical paths with transactional locking and new preview isolation semantics.

Overview
Introduces App Preview as a narrow CI/CD path: API keys can be limited to selected apps only (no org-wide role), with a new app_preview app role and UI copy that treats org selection as binding validation, not org-wide access.

Database and RBAC: A large migration adds app_preview / channel_preview roles, parent_binding_id on role bindings, and created_by_apikey_rbac_id on bundles. Creating a channel under an app-preview key auto-grants a child channel_preview binding tied to that parent; permission checks and triggers enforce that preview keys only promote/delete their own bundles and only on channels they created. The automatic apikey_org_reader compatibility binding on app-only keys is removed.

Edge functions & CLI: New-channel + bundle promotion runs in a transaction via channel POST; preview cleanup uses channel DELETE with delete_bundle. Upload preflight no longer requires channel.promote_bundle to create a channel; creating a new channel on upload goes through the channel function instead of direct DB updates.

API key service/UI: Create/update flows support app-only bindings; member AI keys require at least one app binding. Tests and visual-diff tooling cover the new API Keys dialog and preview lifecycle.

Reviewed by Cursor Bugbot for commit 8c79a02. Bugbot is set up for automated code reviews on this repo. Configure here.

@coderabbitai

coderabbitai Bot commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

The change introduces app-only preview API keys with dedicated RBAC roles, app-scoped binding enforcement, preview channel and bundle ownership controls, updated API key management UI, CLI lifecycle handling, database types, translations, and broad automated coverage.

Changes

App Preview API Key

Layer / File(s) Summary
Preview role and database contract
supabase/migrations/..., supabase/seed.sql, src/types/..., messages/en.json, src/components/...
Adds app_preview and channel_preview roles, parent binding and bundle provenance fields, preview-specific database triggers and permissions, UI role labels, translations, and generated type updates.
App-only API key management
src/pages/ApiKeys.vue, supabase/functions/_backend/public/apikey/*, supabase/functions/_backend/private/role_bindings.ts, src/services/apikeys.ts
Adds app-only creation and editing, app-based validation and filtering, direct binding processing, removal of legacy org-reader enrichment, and stricter role assignment checks.
Preview channel and bundle lifecycle
supabase/functions/_backend/public/channel/*, cli/src/..., supabase/functions/_backend/utils/supabase.ts, tests/cli-sdk-utils.ts
Defers new-channel promotion until scoped bindings exist, adds transactional preview bundle deletion, and updates CLI permission and channel mutation flows.
Preview flow validation and visual coverage
tests/*, playwright/*, scripts/visual-diff.ts, .github/pr-screenshots/*, .github/workflows/*, package.json
Adds API key, RBAC, lifecycle, frontend regression, unit, Playwright, visual-diff, screenshot, and tooling coverage for the new behavior.

Estimated code review effort: 5 (Critical) | ~120 minutes

Suggested labels: codex

Suggested reviewers: dalanir, wcaleniewolny

Sequence Diagram(s)

sequenceDiagram
  participant AdminUI
  participant ApiKeyAPI
  participant RBACDatabase
  participant ChannelAPI
  participant PreviewCLI
  AdminUI->>ApiKeyAPI: create app-only preview key
  ApiKeyAPI->>RBACDatabase: store app_preview binding
  PreviewCLI->>ChannelAPI: create and promote preview channel
  ChannelAPI->>RBACDatabase: create channel_preview child binding
  PreviewCLI->>ChannelAPI: delete preview channel and bundle
  ChannelAPI->>RBACDatabase: validate ownership and delete resources
Loading
🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 3.57% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Title check ✅ Passed The title clearly names the main change: introducing the app preview API key role.
Description check ✅ Passed The description is mostly complete with summary, validation, screenshots, and migration details, though the template checklist is not filled out.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch

Comment @coderabbitai help to get the list of available commands.

@codspeed-hq

codspeed-hq Bot commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

Merging this PR will not alter performance

✅ 43 untouched benchmarks
⏩ 2 skipped benchmarks1


Comparing codex/app-preview-lifecycle-role (8c79a02) with main (423b05b)

Open in CodSpeed

Footnotes

  1. 2 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports.

@riderx
riderx force-pushed the codex/app-preview-lifecycle-role branch from f513784 to 7d29c2d Compare July 15, 2026 16:50
@github-actions

github-actions Bot commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

Visual diff failed

Visual diff did not produce a report. Check the workflow logs and artifacts.

Commit: 8c79a02798bb4298be0badb7e7653342d2963b56
Download the HTML report from workflow artifacts (artifact: visual-diff-report-8c79a02798bb4298be0badb7e7653342d2963b56).

Open index.html from the artifact for side-by-side before/after/diff screenshots.

@riderx
riderx force-pushed the codex/app-preview-lifecycle-role branch from ad195b4 to 7064018 Compare July 15, 2026 17:50
@riderx
riderx marked this pull request as ready for review July 15, 2026 18:15
@cursor

cursor Bot commented Jul 15, 2026

Copy link
Copy Markdown

Bugbot couldn't run - usage limit reached

Bugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit.

A user or team admin can review and increase usage limits in the Cursor dashboard.

(requestId: serverGenReqId_5e8cdbb9-13e3-4f4d-9369-9ab2fa6c5118)

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: high. Not approving: Cursor Bugbot did not complete (check skipped; usage limit reached), and this RBAC/API-key binding change exceeds the low-risk approval threshold. Assigned Dalanir and WcaleNieWolny for human review.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver External

@cursor
cursor Bot requested review from Dalanir and WcaleNieWolny July 15, 2026 18:16

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: medium. Cursor Bugbot did not complete (usage limit reached), so I am not approving. Requested human review for the RBAC/API key migration changes.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

@coderabbitai coderabbitai Bot added the codex label Jul 15, 2026

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
supabase/functions/_backend/public/apikey/put.ts (1)

102-103: 🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Move the app_preview gate ahead of the org role precheck. replaceApiKeyBindings() already requires org.update_user_roles for every affected org before calling assertApiKeyManagerCanAssignBindings(), so the new deny list in that helper never runs on this PUT path.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@supabase/functions/_backend/public/apikey/put.ts` around lines 102 - 103,
Move the app_preview deny-list gate before the org role precheck in the PUT
flow, specifically before assertApiKeyManagerCanAssignBindings and its call to
replaceApiKeyBindings. Ensure app_preview requests are rejected before
org.update_user_roles validation can short-circuit the new gate.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/pages/ApiKeys.vue`:
- Around line 992-1017: Update validateApiKeyScope so the appOnlyScope branch
uses a dedicated “select at least one app” translation key when selectedAppIds
is empty, and add the corresponding select-at-least-one-app entry to
messages/en.json. Keep the existing role and organization validation messages
unchanged.

In `@supabase/migrations/20260708000000_prod_baseline.sql`:
- Around line 10111-10115: Remove the process_all_cron_tasks scheduler
registration from the prod baseline migration and add it to a new forward
migration using the same cron.schedule configuration. Ensure the new migration
creates the job for environments that have already applied the baseline.

In `@supabase/migrations/20260715175642_repair_rbac_function_grants.sql`:
- Line 10: Wrap the long REVOKE/GRANT statements in the migration, including the
function signatures and role lists, to comply with SQLFluff LT05 line-length
limits. Update the statements at the referenced ranges while preserving their
existing functions, privileges, and roles.

---

Outside diff comments:
In `@supabase/functions/_backend/public/apikey/put.ts`:
- Around line 102-103: Move the app_preview deny-list gate before the org role
precheck in the PUT flow, specifically before
assertApiKeyManagerCanAssignBindings and its call to replaceApiKeyBindings.
Ensure app_preview requests are rejected before org.update_user_roles validation
can short-circuit the new gate.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 098ef471-c4bc-4257-9873-2a1909e6bfc7

📥 Commits

Reviewing files that changed from the base of the PR and between d750a45 and 22a84f8.

📒 Files selected for processing (26)
  • .github/pr-screenshots/app-preview-api-key.webp
  • messages/en.json
  • playwright/e2e/apikeys.spec.ts
  • playwright/visual-diff.config.ts
  • read_replicate/schema_replicate.catalog.json
  • read_replicate/schema_replicate.sql
  • scripts/visual-diff.ts
  • src/components/connect/ConnectAppPicker.vue
  • src/components/permissions/ChannelPermissionOverridesPanel.vue
  • src/pages/ApiKeys.vue
  • src/services/apikeys.ts
  • src/stores/organization.ts
  • supabase/functions/_backend/private/role_bindings.ts
  • supabase/functions/_backend/public/apikey/post.ts
  • supabase/functions/_backend/public/apikey/put.ts
  • supabase/functions/_backend/public/apikey/scope.ts
  • supabase/migrations/20260708000000_prod_baseline.sql
  • supabase/migrations/20260715164834_add_app_preview_role.sql
  • supabase/migrations/20260715175642_repair_rbac_function_grants.sql
  • supabase/seed.sql
  • tests/apikey-scope.unit.test.ts
  • tests/apikeys-service.unit.test.ts
  • tests/apikeys.test.ts
  • tests/cli-preview-lifecycle.test.ts
  • tests/frontend-channel-rbac-scope.test.ts
  • tests/rbac-permissions.test.ts
🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

  • Cap-go/capacitor-updater (manual)
💤 Files with no reviewable changes (1)
  • read_replicate/schema_replicate.sql

Comment thread src/pages/ApiKeys.vue
Comment thread supabase/migrations/20260708000000_prod_baseline.sql Outdated
Comment thread supabase/migrations/20260715175642_repair_rbac_function_grants.sql Outdated
@cursor

cursor Bot commented Jul 15, 2026

Copy link
Copy Markdown

Bugbot couldn't run - usage limit reached

Bugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit.

A user or team admin can review and increase usage limits in the Cursor dashboard.

(requestId: serverGenReqId_bb9abcb9-1840-423f-a939-e0c333f6c4fa)

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: high. Not approving: Cursor Bugbot did not complete (check skipped; usage limit reached), and this RBAC/API-key change exceeds the low-risk approval threshold. Dalanir and WcaleNieWolny are already assigned for human review.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver External

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: medium. Not approving: Cursor Bugbot did not complete (check skipped; usage limit reached), so the automated review signal is incomplete for this RBAC/API-key change. Dalanir and WcaleNieWolny are already assigned for human review.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

@cursor

cursor Bot commented Jul 15, 2026

Copy link
Copy Markdown

Bugbot couldn't run - usage limit reached

Bugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit.

A user or team admin can review and increase usage limits in the Cursor dashboard.

(requestId: serverGenReqId_c4374092-4f55-4f87-b519-7de8fef29259)

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: high. Not approving: Cursor Bugbot did not complete (check skipped; usage limit reached), and this RBAC/API-key change exceeds the low-risk approval threshold. Dalanir and WcaleNieWolny are already assigned for human review.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver External

@cursor

cursor Bot commented Jul 16, 2026

Copy link
Copy Markdown

Bugbot couldn't run - usage limit reached

Bugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit.

A user or team admin can review and increase usage limits in the Cursor dashboard.

(requestId: serverGenReqId_f6bc7119-9223-432e-bfe4-2d7cafaa35c1)

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: high. Not approving: Cursor Bugbot did not complete (check skipped; usage limit reached), and this RBAC/API-key migration exceeds the low-risk approval threshold. Dalanir and WcaleNieWolny are already assigned for human review.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver External

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: medium. Not approving: Cursor Bugbot did not complete (check skipped; usage limit reached), so the automated review signal is incomplete for this RBAC/API-key change. Dalanir and WcaleNieWolny are already assigned for human review.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

@cursor

cursor Bot commented Jul 16, 2026

Copy link
Copy Markdown

Bugbot couldn't run - usage limit reached

Bugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit.

A user or team admin can review and increase usage limits in the Cursor dashboard.

(requestId: serverGenReqId_e3435d4c-f4ab-48c5-ab04-292876260ea5)

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: high. Not approving: Cursor Bugbot did not complete (check skipped; usage limit reached), and this RBAC/API-key migration exceeds the low-risk approval threshold. Dalanir and WcaleNieWolny are already assigned for human review.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver External

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: medium. Not approving: Cursor Bugbot did not complete (check skipped; usage limit reached), so the automated review signal is incomplete for this RBAC/API-key change. Dalanir and WcaleNieWolny are already assigned for human review.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

@cursor

cursor Bot commented Jul 16, 2026

Copy link
Copy Markdown

Bugbot couldn't run - usage limit reached

Bugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit.

A user or team admin can review and increase usage limits in the Cursor dashboard.

(requestId: serverGenReqId_03608654-4ef6-4c1b-a982-f1249a2c5ce2)

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: high. Not approving: Cursor Bugbot did not complete (check skipped; usage limit reached), and this RBAC/API-key migration exceeds the low-risk approval threshold. Dalanir and WcaleNieWolny are already assigned for human review.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver External

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: medium. Not approving: Cursor Bugbot did not complete (check skipped; usage limit reached), so the automated review signal is incomplete for this RBAC/API-key change. Dalanir and WcaleNieWolny are already assigned for human review.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All reported issues were addressed across 6 files (changes from recent commits).

Tip: Review your code locally with the cubic CLI to iterate faster.

Fix all with cubic | Re-trigger cubic

Comment thread cli/src/bundle/upload.ts Outdated
@cursor

cursor Bot commented Jul 16, 2026

Copy link
Copy Markdown

Bugbot couldn't run - usage limit reached

Bugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit.

A user or team admin can review and increase usage limits in the Cursor dashboard.

(requestId: serverGenReqId_090e2636-721d-4560-8356-e46a06075a70)

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: high. Not approving: Cursor Bugbot did not complete (check skipped; usage limit reached), and this RBAC/API-key migration exceeds the low-risk approval threshold. Human reviewers are already assigned (Dalanir, WcaleNieWolny).

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver External

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: medium. Not approving: Cursor Bugbot did not complete (check skipped; usage limit reached), so the automated review signal is incomplete for this RBAC/API-key change. Dalanir and WcaleNieWolny are already assigned for human review.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All reported issues were addressed across 2 files (changes from recent commits).

Tip: Review your code locally with the cubic CLI to iterate faster.

Fix all with cubic | Re-trigger cubic

Comment thread cli/src/bundle/upload.ts
@cursor

cursor Bot commented Jul 16, 2026

Copy link
Copy Markdown

Bugbot couldn't run - usage limit reached

Bugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit.

A user or team admin can review and increase usage limits in the Cursor dashboard.

(requestId: serverGenReqId_6ebed600-26b5-49b9-a19f-c23a394af332)

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Risk: high. Not approving: Cursor Bugbot did not complete (check skipped; usage limit reached), and this RBAC/API-key migration exceeds the low-risk approval threshold. Dalanir and WcaleNieWolny are already assigned for human review.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver External

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Risk: medium. Not approving: Cursor Bugbot did not complete (check skipped; usage limit reached), so the automated review signal is incomplete for this RBAC/API-key change. Dalanir and WcaleNieWolny are already assigned for human review.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

@sonarqubecloud

Copy link
Copy Markdown

@riderx
riderx merged commit 528418d into main Jul 16, 2026
43 of 63 checks passed
@riderx
riderx deleted the codex/app-preview-lifecycle-role branch July 16, 2026 17:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant