Retire legacy mock-server endpoints + /v1/mint-aws-creds + /v1/auth/exchange (closes #77, #72, #78)#96
Merged
Merged
Conversation
… /v1/auth/exchange (closes #77 #72 #78) Issue #77 — delete /identity/link, /identity/resolve, /audit/query, /v1/auth/exchange: - mock-server: drop routes and HTTP handler functions; keep resolve_identity_typed as internal helper for session/auth_request paths - broker: drop /v1/auth/exchange route, handlers/auth/exchange.rs, auth.rs::validate_bearer_token + ValidatedSession; keep extract_bearer_token (still used by mint-oidc handler) - broker: drop BROKER_BACKEND_URL + BROKER_BACKEND_TIMEOUT_SECONDS, Tier-2 backend reachability probe + readyz check, Tier2State::backend_reachable, BrokerConfig::backend_url/backend_request_timeout_seconds - core: drop CredentialBackend::query_audit and CredentialBackend::resolve_identity trait methods and all impls (mock_client, s3_backend, test stubs) - cli: drop Commands::Usage/Link/Recover + cmd_usage/cmd_link/cmd_recover; resolve_agent now requires raw 0x wallet (alias/email lookup retired); resolve_agent_to_wallet same - daemon: resolve_parent_if_set now requires raw 0x wallet, no HTTP call - mcp: list_credentials uses CredentialBackend::list_credentials directly instead of round-tripping query_audit - tests: remove tests targeting deleted endpoints; convert /identity/link setup steps to direct-DB inserts via new link_identity_direct helper Issue #72 — delete /v1/mint-aws-creds: - broker: drop /v1/mint-aws-creds route + handlers/mint.rs (mint_v2 + helpers) - tests: delete mint_v2_flow.rs + invariant_load_bearing.rs (exclusively exercised the deleted endpoint). Audit happens at /v1/mint-oidc-jwt; AWS submission is daemon-side via OIDC JWT → AssumeRoleWithWebIdentity. Issue #78 — folded into #77 per its own resolution comment. scripts/broker.env + scripts/setup-broker-host.sh: drop BROKER_BACKEND_URL since the broker no longer reads it. Workspace tests: 73 (core) + 41 (cli) + 38 (daemon) + 7 (mcp) + 31 (provisioner) + 48 (mock-server) + multiple (broker) all pass.
…wup) After this PR deleted GET /audit/query, the 8 INSERT INTO audit_log writes in mock-server credential/session handlers became write-only dead code — nothing reads them now and nothing ever will. Production audit lives at broker plugin_mint_log (today) → agentkeys-worker-audit + Heima CredentialAudit contract (post-#97). Mock-server never was on that path. Removed: - credential.rs: store/read/list audit INSERTs (6 sites covering ok, DENIED, DENIED_SCOPE, NOT_FOUND outcomes) - session.rs: scope_update/scope_read audit INSERTs on cross-agent probes (2 sites) - db.rs: CREATE TABLE audit_log schema Tests still green: 48 mock-server, 176 broker, 41 cli, full workspace (30 test-result groups, 0 failed). Resolves codex adversarial-review finding [high] from PR #96 review.
21 tasks
hanwencheng
pushed a commit
that referenced
this pull request
May 21, 2026
PR #96 retired legacy CLI commands (cmd_link, cmd_recover, cmd_usage) and the bulk broker endpoints. This PR (#95) independently added two new signer subcommands (cmd_signer_sign_typed_data, cmd_signer_preview_7730). The conflict in main.rs was the import list — kept the new additions, dropped the retired ones. Workspace build clean; full cargo test suite passes; no behaviour change from the merge resolution beyond combining the two PRs' independent additions/removals.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Cleans up three dead/legacy surfaces that were flagged for retirement:
/identity/link,/identity/resolve,/audit/query(mock-server) and/v1/auth/exchange(broker) — dead HTTP endpoints + their CLI consumers + the legacy bearer-validation infrastructure./v1/mint-aws-creds(broker) — already replaced by daemon-sideOIDC JWT → AssumeRoleWithWebIdentity; no in-tree caller remains.38 files changed, +146 / -2941 lines.
What landed
Issue #77 — legacy endpoints
/identity/link,/identity/resolve,/audit/queryroutes + their HTTP handler functions. Keepresolve_identity_typedas an internal helper still used bysession.rsandauth_request.rs./v1/auth/exchangeroute,handlers/auth/exchange.rs,auth.rs::validate_bearer_token+ValidatedSession. Keepextract_bearer_token(still used by/v1/mint-oidc-jwt).BROKER_BACKEND_URL+BROKER_BACKEND_TIMEOUT_SECONDSenv vars; removeBrokerConfig::backend_url,backend_request_timeout_seconds; remove Tier-2 backend reachability probe +Tier2State::backend_reachablefield + thetier2/backend/readyzcheck.CredentialBackend::query_audit+CredentialBackend::resolve_identitytrait methods and all 5 impls (mock_client,s3_backend,test_client, MCP / orchestrator / CLI test stubs).Commands::Usage/Link/Recover+ theircmd_*handlers.resolve_agentandresolve_agent_to_walletnow require a raw0x…wallet — alias/email lookup against the deleted endpoints is gone.resolve_parent_if_setrewritten as sync; requires a raw0x…wallet (no HTTP call to the removed/identity/resolve).list_credentialsswitched fromquery_auditto the trait'slist_credentialsmethod./identity/linksetup steps indaemon/tests/pair_tests.rsandmock-server/tests/integration.rsto direct-DB inserts via a newlink_identity_directhelper. Updatedcli_tests.rsto drop dead-command tests. Updated 8 broker test files to removebackend_urlandbackend_request_timeout_secondsfromBrokerConfigconstruction.scripts/broker.envandscripts/setup-broker-host.shdropBROKER_BACKEND_URL(no longer read).Issue #72 — /v1/mint-aws-creds
handlers/mint.rsentirely (mint_v2 + helpers, ~700 LOC).mint_v2_flow.rs+invariant_load_bearing.rs(both exclusively exercised the deleted endpoint)./v1/mint-oidc-jwt(state.audit.record_mint), and AWS CloudTrail captures everyAssumeRoleWithWebIdentitycall. No re-home needed.try_consumedropped with the endpoint; AWS PrincipalTag + bucket policy continue to enforce isolation perarchitecture.md§17.2.Issue #78
Folded into #77 — completing this PR closes #78.
What did NOT land
All plan steps shipped. None deferred.
Test plan
cargo buildclean (workspace)cargo test -p agentkeys-mock-server— 48 passedcargo test -p agentkeys-broker-server— all suites pass (oidc 6, wallet 7, grant 4, email 0/0, oauth2 0/0, auth_wallet, ses_email ignored)cargo test -p agentkeys-cli— 41 + 9 + 6 = 56 passedcargo test -p agentkeys-core— 73 + 3 passedcargo test -p agentkeys-daemon— 8 + 15 + 15 = 38 passedcargo test -p agentkeys-mcp— 7 passedcargo test -p agentkeys-provisioner— 23 + 7 passedcargo test -p agentkeys-types— 8 passedscripts/setup-broker-host.sh --upgradeconfirms/v1/auth/exchangeand/v1/mint-aws-credsreturn 404 and/v1/mint-oidc-jwt+agentkeys init --email|--oauth2-googlestill work end-to-end (manual verification step).🤖 Generated with Claude Code