Implement client for new API key endpoints: create, list, and delete by ID

[kworathur]

Summary of Changes

• Implemented three new methods in src/lib/auth.ts: createKey, deleteApiKeyById, getAllApiKeys

[greptile-apps]

Greptile Summary

This PR adds three new public methods to AuthAPI — createKey, getAllApiKeys, and deleteApiKeyById — along with the corresponding internal API wiring, models (ApiKey, GetAllApiKeysResponse, IssueApiKeyResponse, PaginationParams), and a validatePaginationParam validator. Several issues raised in prior review rounds remain unresolved in the current HEAD (error swallowing in deleteApiKeyById, malformed Authorization value for email/password credentials, missing keyId validation), which block merge.

Checklist areas needing improvement:

• Input validation: keyId is never validated before being passed to the API; validatePaginationParam passes NaN/Infinity silently.
• Error handling: deleteApiKeyById swallows all errors and always returns { success: false }, making it impossible for callers to distinguish failure types.
• Unused imports / dead code: GetAllApiKeysResponseToJSON is imported but unused; the try/catch in createKey only rethrows.

Score: 48 / 100

Confidence Score: 4/5

Not safe to merge — multiple P1 issues from prior rounds (error swallowing, wrong auth header, missing input validation) remain unresolved.

Several P1 findings flagged in previous review cycles are still present in the current HEAD: deleteApiKeyById silently swallows all errors returning only { success: false }, the Authorization header for email/password credentials is set to just the email address instead of a valid scheme, keyId is never validated before being sent to the API, and validatePaginationParam passes NaN/Infinity through. These require fixes before the new methods can be considered correct.

src/lib/auth.ts (deleteApiKeyById error handling and authorization logic, missing keyId validation) and src/lib/validators.ts (NaN/Infinity gap in validatePaginationParam)

Important Files Changed

Filename	Overview
src/lib/auth.ts	Three new methods added (createKey, getAllApiKeys, deleteApiKeyById); several P1 issues remain from prior review: error swallowing in deleteApiKeyById, malformed Authorization header for email/password creds, missing keyId validation, and a no-op try/catch in createKey.
src/internal/apis/AuthApi.ts	New endpoints wired up; AuthControllerGetAllApiKeysRequest interface is missing xUserJwt, causing the JWT credential spread in auth.ts to be silently ignored at the interface level (auth still works via initOverrides); unused GetAllApiKeysResponseToJSON import remains.
src/internal/models/ApiKey.ts	New auto-generated model for ApiKey; minor typo in JSDoc comment, no functional issues.
src/internal/models/GetAllApiKeysResponse.ts	New auto-generated response model wrapping ApiKey array and PaginationParams; looks correct.
src/lib/validators.ts	New validatePaginationParam function added; errorMessage parameter is implicitly typed any, and validation only checks for negative numbers but not NaN or non-finite values.
src/internal/models/IssueApiKeyResponse.ts	New auto-generated response model; clean and correct.
src/internal/models/index.ts	New model exports added to barrel file; correct.
src/internal/models/PaginationParams.ts	New auto-generated model for pagination links; straightforward, no issues.

Sequence Diagram

sequenceDiagram
    participant Caller
    participant AuthAPI as AuthAPI (auth.ts)
    participant InternalApi as AuthApi (internal)
    participant Backend

    Note over AuthAPI: createKey
    Caller->>AuthAPI: createKey({ project, environment, description, credentials })
    AuthAPI->>AuthAPI: validateUserCredentials, validateProjectIdentifier, validateString
    AuthAPI->>InternalApi: authControllerCreateApiKey({ issueApiKeyRequest, ...creds }, initOverrides)
    InternalApi->>Backend: POST /auth/key (Authorization / X-User-Email + X-User-Password)
    Backend-->>InternalApi: IssueApiKeyResponse
    InternalApi-->>AuthAPI: IssueApiKeyResponse
    AuthAPI-->>Caller: IssueApiKeyResponse

    Note over AuthAPI: getAllApiKeys
    Caller->>AuthAPI: getAllApiKeys({ offset, limit, credentials })
    AuthAPI->>AuthAPI: validateUserCredentials, validatePaginationParam (x2)
    AuthAPI->>InternalApi: authControllerGetAllApiKeys({ offset, limit, ...creds }, initOverrides)
    InternalApi->>Backend: GET /auth/key/all?offset=&limit= (auth headers)
    Backend-->>InternalApi: GetAllApiKeysResponse
    InternalApi-->>AuthAPI: GetAllApiKeysResponse
    AuthAPI-->>Caller: GetAllApiKeysResponse

    Note over AuthAPI: deleteApiKeyById
    Caller->>AuthAPI: deleteApiKeyById({ keyId, credentials })
    AuthAPI->>AuthAPI: validateUserCredentials
    AuthAPI->>InternalApi: authControllerDeleteApiKeyById({ id, authorization } as any, initOverrides)
    InternalApi->>Backend: DELETE /auth/key/{id} (auth headers)
    alt success
        Backend-->>InternalApi: 200 void
        InternalApi-->>AuthAPI: void
        AuthAPI-->>Caller: { success: true }
    else error (swallowed)
        Backend-->>InternalApi: 4xx/5xx
        InternalApi-->>AuthAPI: throws Error
        AuthAPI-->>Caller: { success: false }
    end

Loading

_{Reviews (3): Last reviewed commit: "fix: add GetAllApiKeysResponse with corr..." | Re-trigger Greptile}

[aakashg00]

looks good