feat(enterprise): add api key management#67
Closed
Gracker wants to merge 1 commit intofeature/enterprise-multi-tenant-oidc-onboardingfrom
Closed
feat(enterprise): add api key management#67Gracker wants to merge 1 commit intofeature/enterprise-multi-tenant-oidc-onboardingfrom
Gracker wants to merge 1 commit intofeature/enterprise-multi-tenant-oidc-onboardingfrom
Conversation
mr-torto
pushed a commit
to mr-torto/SmartPerfetto
that referenced
this pull request
May 8, 2026
…racker#63, Gracker#67, Gracker#76, Gracker#87, Gracker#99) DomainSkillEvalContract is the gate for every domain Skill change. Five facets bound together: - SkillEvalCase[] mapping caseId -> trace path + skill under test - assertions: Record<caseId, SkillEvalAssertion[]> using JSONPath-style paths into the Skill output (Spark Gracker#99) - SubAgentSpec[] for domain expert sub-agent expansion (Spark Gracker#87) - SkillEvalRunResult[] capturing pass/fail/flaky/skipped status with per-assertion failure traces - importers[] with required flag for atrace, simpleperf, bpftrace, macrobenchmark hooks (Spark Gracker#61, Gracker#63, Gracker#67, Gracker#76) The harness runner (npm run test:scene-trace-regression) will become contract-driven in a follow-up so the canonical six traces and their assertions live in a single source of truth. Plan: docs/superpowers/spark/plans/18-domain-skill-eval-harness.md Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
mr-torto
pushed a commit
to mr-torto/SmartPerfetto
that referenced
this pull request
May 8, 2026
Land Plan 50 (Spark Gracker#34, Gracker#67, Gracker#105, #150, #176, #177, #178) — durable App/Device/Build/CUJ baseline store with diff and CI regression gate. Reuse boundary: `TraceSummaryBaselineRef` (Plan 02) and `TraceSummaryMetric.metricId` namespace already exist. Plan 50 does not re-define those — `BaselineRecord extends TraceSummaryBaselineRef` so consumers see one shape, and metric ids stay in the same namespace. Plan 50's contribution is durable persistence + cross-baseline diff + CI gate semantics on top of Plan 02. Types added to `backend/src/types/sparkContracts.ts`: - `BaselineMetric` — per-metric aggregate (median/p95/p99/max + sampleCount). Carries `unsupportedReason` so devices that cannot collect a metric (e.g. GPU render stages on certain SoCs) don't silently zero-fill. - `BaselineRecord` — extends SparkProvenance + TraceSummaryBaselineRef. Adds `key` (PerfBaselineKey), `status` (CurationStatus), and `redactionState` ('raw'|'partial'|'redacted'). Service layer enforces sampleCount >= 3 for status='published'; the schema does not so older snapshots remain readable. - `BaselineDiffDelta` — per-metric delta with optional numeric fields + `severity: ... | 'unsupported'`. `unsupportedReason` is required when severity is 'unsupported' (missing on baseline, sample below 3, divide-by-zero, etc.). - `BaselineDiffArtifact` — diff between two baselines or trace-vs-baseline. - `RegressionGateResult` — CI gate output. `diff` is **optional** when status is 'skipped'; the gate must instead record `skipReason` so triagers can audit why the gate did not run. - `BaselineStoreContract` — service surface with `baselines[]` and optional `matrix[]` for SoC/OEM cross-baseline comparison. Seven new test cases in `__tests__/sparkContracts.test.ts` cover the reuse boundary (BaselineRecord populates inherited fields), the unsupported-data paths (metric and delta both), and the skipped-gate contract. Test count: 50 (was 43). Test tier: contract / type-only. `npx tsc --noEmit` clean, sparkContracts.test.ts passes 50/50. Trace regression intentionally not run per the tiered policy in commit d8529e1. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Owner
Author
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
api_keysenterprise schema migration with scoped lookup/expiry indexes/api/auth/api-keyscreate/list/revoke endpointsx-api-key, enforcing revocation, expiry, and stored scopesScope note
workspaceId: null.Verification
cd backend && npx jest src/services/__tests__/enterpriseSchema.test.ts src/routes/__tests__/enterpriseApiKeyRoutes.test.ts src/services/__tests__/enterpriseOidcClient.test.ts src/routes/__tests__/enterpriseAuthRoutes.test.ts src/middleware/__tests__/auth.test.ts src/routes/__tests__/requestContextRouteCoverage.test.ts src/routes/__tests__/ownerGuardRoutes.test.ts src/services/__tests__/sessionPersistenceService.test.ts --runInBandcd backend && npm run typecheckcd backend && npm run test:scene-trace-regressionnpm run verify:pr