Skip to content

fix(learn): include namespace in token audit event#47

Merged
fvadicamo merged 1 commit into
developfrom
fix/pr44-audit-namespace
Mar 22, 2026
Merged

fix(learn): include namespace in token audit event#47
fvadicamo merged 1 commit into
developfrom
fix/pr44-audit-namespace

Conversation

@fvadicamo

Copy link
Copy Markdown
Contributor

What

Add effective namespace to dashboard_token_generated audit log event.

Why

When req.namespace overrides course_id, the audit event was missing the actual token scope, weakening traceability. Review comment on PR #44.

Add effective namespace (req.namespace or course_id fallback) to the
dashboard_token_generated audit log for scoped access traceability.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@fvadicamo fvadicamo added this to the v0.3.0 milestone Mar 22, 2026
@coderabbitai

coderabbitai Bot commented Mar 22, 2026

Copy link
Copy Markdown

Warning

Rate limit exceeded

@fvadicamo has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 9 minutes and 48 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: b07112f7-d0bc-4d3f-af5c-6206e4cb83ed

📥 Commits

Reviewing files that changed from the base of the PR and between a36b191 and 95c45b5.

📒 Files selected for processing (1)
  • vektra-learn/src/vektra_learn/service.py
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/pr44-audit-namespace

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@gemini-code-assist

Copy link
Copy Markdown

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses an issue where the dashboard_token_generated audit log event was missing the actual token scope when req.namespace overrode course_id. The change ensures that the effective namespace is included in the audit event, improving traceability.

Highlights

  • Audit Log Enhancement: The primary goal is to enhance the traceability of dashboard token generation events by including the effective namespace in the audit logs.
  • Namespace Inclusion: The change ensures that when req.namespace overrides course_id, the audit event captures the actual token scope, addressing a previous oversight.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds the effective namespace to the dashboard_token_generated audit log event. While the log message implementation is correct, the review identifies that this traceability improvement is incomplete as the namespace information is not persisted to the DashboardTokenOrm database audit record. A comment has been added recommending storing the effective namespace in the dashboard_tokens table to ensure a complete audit trail, emphasizing the creation of a new database migration for schema changes as per repository guidelines.

Comment thread vektra-learn/src/vektra_learn/service.py
@fvadicamo fvadicamo merged commit fad9f39 into develop Mar 22, 2026
19 checks passed
@fvadicamo fvadicamo deleted the fix/pr44-audit-namespace branch March 22, 2026 12:23
fvadicamo added a commit that referenced this pull request Mar 22, 2026
- Optional enrollment mode for LMS integrations (FEAT-003)
- Widget UX: collapsible sources, a11y, i18n, snippet fix
- Phase 2 stabilization: BUG-010, BUG-011, DEBT-002/003/008
- Sync main history, 3 critical bug fixes from v0.2.0 review
- Version 0.3.0, CHANGELOG, docs update (18 new config vars, ERR-LEARN codes)
- Commit signing guide, quality gate, branching rules in CONTRIBUTING

Reviews: PRs #42-#47, 30+ comments addressed (CodeRabbit, Gemini)
Tests: 576 passed, integration + NFR gates green
Refs: FEAT-003, BUG-010, BUG-011, DEBT-002, DEBT-003, DEBT-008
@fvadicamo fvadicamo self-assigned this Apr 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant