feat: implement CheckCurrentUserPATTitle RPC

[AmanGIT07]

Description:

Summary

• Add CheckCurrentUserPATTitle RPC to check if a PAT title is available for the current user in a given org
• Case-insensitive comparison using LOWER() in Postgres
• Designed for UI use alongside CreateCurrentUserPAT to show title availability before submission

Changes

• Proto: CheckCurrentUserPATTitle RPC, request (org_id, title), response (available: bool)
• Repository: IsTitleAvailable — NOT EXISTS query matching the partial unique index (user_id, org_id, title WHERE deleted_at IS NULL)
• Service: IsTitleAvailable — disabled check + delegates to repo
• Handler: principal auth, validation, error mapping
• Authorization: added to skip endpoints (current user only)
• Mocks: added core/userpat to .mockery.yaml
• Tests: 4 service test cases, 6 handler test cases

Manual test verification

• RPC returns true if the requested title is available for the requested orgID
• The title is checked in case-insensitive manner
• Deleted PAT title is not considered for the check

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
frontier	Ready	Preview, Comment	Mar 23, 2026 7:28am

[coderabbitai]

Warning

Rate limit exceeded

@AmanGIT07 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 19 minutes and 35 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 577f7c09-40fa-412e-b783-9630d51e02ac

📥 Commits

Reviewing files that changed from the base of the PR and between 16f493c and 5ddfc9b.

📒 Files selected for processing (1)

• pkg/server/connect_interceptors/authorization.go

📝 Walkthrough

Walkthrough

Adds a CheckCurrentUserPATTitle API and related IsTitleAvailable plumbing across service, repository, mocks, handler, proto/connect, validation, tests, and authorization skip-list; also updates a Makefile commit hash.

Changes

Cohort / File(s)	Summary
Build Configuration Makefile	Updated PROTON_COMMIT hash used by the proto target.
Core PAT Layer core/userpat/userpat.go, core/userpat/service.go, core/userpat/service_test.go, core/userpat/mocks/repository.go	Added IsTitleAvailable to Repository interface, implemented Service.IsTitleAvailable with enabled-flag guard, added unit tests, and extended mocks with expectation helpers.
Internal API / Connect internal/api/v1beta1connect/interfaces.go, internal/api/v1beta1connect/mocks/user_pat_service.go, internal/api/v1beta1connect/user_pat.go, internal/api/v1beta1connect/user_pat_test.go	Added CheckCurrentUserPATTitle handler, connect interface and mock method; handler validates principal/request, calls service, logs and maps errors to Connect codes, and has tests for auth/validation/service error paths.
Database Layer internal/store/postgres/userpat_repository.go	Implemented IsTitleAvailable using a NOT EXISTS subquery with case-insensitive title match and deleted-row filtering; wraps SQL generation and exec errors.
Authorization Configuration pkg/server/connect_interceptors/authorization.go	Added PAT procedures (GetCurrentUserPAT, DeleteCurrentUserPAT, CheckCurrentUserPATTitle, ListRolesForPAT) to the skip-authorization map.
Protobuf Validation & Connect Stubs proto/v1beta1/frontier.pb.validate.go, proto/v1beta1/frontierv1beta1connect/frontier.connect.go	Generated validators for new/updated PAT request/response messages (Validate/ValidateAll, ValidationError/MultiError types) and added three FrontierService RPCs: UpdateCurrentUserPAT, RegenerateCurrentUserPAT, CheckCurrentUserPATTitle with client/handler wiring and unimplemented stubs.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• feat: CreateCurrentUserPAT RPC implementation #1401: Adds and modifies PAT domain code and API surface; overlaps with repository, service, handlers, and proto changes in this PR.
• feat: implement DeleteCurrentUserPAT RPC #1460: Related PAT subsystem changes (additional PAT endpoints and repository/service updates) that complement this PR's title-availability feature.

Suggested reviewers

• whoAbhishekSah
• rohilsurana

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

internal/api/v1beta1connect/user_pat_test.go (1)

924-1060: Add a test for request validation failure (CodeInvalidArgument).

Current cases cover auth/service outcomes well, but not the request.Msg.Validate() failure path. A dedicated case would lock in that mapping and ensure IsTitleAvailable is not called on invalid input.

Suggested test case addition

+{
+	name: "should return invalid argument when request validation fails",
+	setup: func(ps *mocks.UserPATService, as *mocks.AuthnService) {
+		as.EXPECT().GetPrincipal(mock.Anything).Return(authenticate.Principal{
+			ID:   testUserID,
+			Type: schema.UserPrincipal,
+			User: &user.User{ID: testUserID},
+		}, nil)
+	},
+	request: connect.NewRequest(&frontierv1beta1.CheckCurrentUserPATTitleRequest{
+		OrgId: "",
+		Title: "",
+	}),
+	wantErr: connect.NewError(connect.CodeInvalidArgument, ErrBadRequest),
+},

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 1413893b-8722-42aa-975f-f7c091b01a6b

📥 Commits

Reviewing files that changed from the base of the PR and between 62e1a07 and c1d0565.

⛔ Files ignored due to path filters (1)

• proto/v1beta1/frontier.pb.go is excluded by !**/*.pb.go

📒 Files selected for processing (13)

• Makefile
• core/userpat/mocks/repository.go
• core/userpat/service.go
• core/userpat/service_test.go
• core/userpat/userpat.go
• internal/api/v1beta1connect/interfaces.go
• internal/api/v1beta1connect/mocks/user_pat_service.go
• internal/api/v1beta1connect/user_pat.go
• internal/api/v1beta1connect/user_pat_test.go
• internal/store/postgres/userpat_repository.go
• pkg/server/connect_interceptors/authorization.go
• proto/v1beta1/frontier.pb.validate.go
• proto/v1beta1/frontierv1beta1connect/frontier.connect.go

[coveralls]

Pull Request Test Coverage Report for Build 23426153594

Details

• 30 of 51 (58.82%) changed or added relevant lines in 3 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage increased (+0.03%) to 41.058%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
internal/api/v1beta1connect/user_pat.go	25	27	92.59%
internal/store/postgres/userpat_repository.go	0	19	0.0%

Totals
Change from base Build 23425749415:	0.03%
Covered Lines:	14580
Relevant Lines:	35511

---

💛 - Coveralls

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

internal/store/postgres/userpat_repository.go (1)

229-250: Add repository tests for this SQL path.

This changed DB path currently has no changed-line coverage in the report. Please add repository-level tests for: case-insensitive match, soft-deleted rows ignored, and strict user/org scoping.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: cadaf91a-63b4-4b91-b270-a79c512408f6

📥 Commits

Reviewing files that changed from the base of the PR and between c1d0565 and 16f493c.

📒 Files selected for processing (10)

• core/userpat/mocks/repository.go
• core/userpat/service.go
• core/userpat/service_test.go
• core/userpat/userpat.go
• internal/api/v1beta1connect/interfaces.go
• internal/api/v1beta1connect/mocks/user_pat_service.go
• internal/api/v1beta1connect/user_pat.go
• internal/api/v1beta1connect/user_pat_test.go
• internal/store/postgres/userpat_repository.go
• pkg/server/connect_interceptors/authorization.go

✅ Files skipped from review due to trivial changes (2)

• core/userpat/userpat.go
• internal/api/v1beta1connect/mocks/user_pat_service.go

🚧 Files skipped from review as they are similar to previous changes (4)

• internal/api/v1beta1connect/interfaces.go
• internal/api/v1beta1connect/user_pat.go
• internal/api/v1beta1connect/user_pat_test.go
• pkg/server/connect_interceptors/authorization.go