Skip to content

feat(model): add CredentialFormatBasicAuth for HTTP Basic auth headers#157

Open
kanbru wants to merge 2 commits intomainfrom
feat/basic-auth-credential-format
Open

feat(model): add CredentialFormatBasicAuth for HTTP Basic auth headers#157
kanbru wants to merge 2 commits intomainfrom
feat/basic-auth-credential-format

Conversation

@kanbru
Copy link

@kanbru kanbru commented Jan 30, 2026

Summary

  • Add CredentialFormatBasicAuth constant to support HTTP Basic Authentication via Authorization headers
  • Enables Burp DAST scanning with credentials as headers instead of form-fill application logins
  • Part of a multi-repo change (companion PR in chariot backend)

Test plan

  • Verify schema generation works with new constant
  • Verify Python client generation includes new format

Add new credential format constant to support HTTP Basic Authentication
via Authorization headers in Burp DAST scanning, as an alternative to
form-fill application logins.
@chatgpt-codex-connector
Copy link

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.

@github-actions
Copy link
Contributor

github-actions bot commented Jan 30, 2026

Claude finished @kanbru's task —— View job


Code Review Analysis

Todo List:

  • Read the changed credential.go file
  • Check for automated test files
  • Analyze significance of changes
  • Provide review findings in specified format

Has Go, TypeScript, or Python Changes: Yes
Has Significant Changes: No
Has Automated Tests: No

Findings

  • New constant addition: Adds CredentialFormatBasicAuth = "basic-auth" for HTTP Basic Authentication support
  • Code formatting: Improves alignment of existing credential format constants for better readability
  • Missing credential-specific tests: No test file exists for pkg/model/model/credential.go in the repository
  • Registry integration: Change will be automatically picked up by the model registry system due to existing init() function

Recommendations

  • Add unit tests: Create pkg/model/model/credential_test.go to test credential model functionality including the new constant
  • Verify schema generation: Run go run ./cmd/schemagen -output client/api.yaml to confirm new constant appears in generated schema
  • Test Python client generation: Run go run ./cmd/codegen -input client/api.yaml -gen py:client/python/tabularium to verify new format is included
  • Consider integration test: Add test case in companion chariot backend PR to verify end-to-end Basic Auth header functionality

Job Run

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jan 30, 2026

Walkthrough

A new credential format constant was added: CredentialFormatBasicAuth with value "basic-auth" to represent HTTP Basic authentication. Existing CredentialFormat constant definitions received minor alignment/style adjustments; no functional logic or control flow was changed.

✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch feat/basic-auth-credential-format

Important

Action Needed: IP Allowlist Update

If your organization protects your Git platform with IP whitelisting, please add the new CodeRabbit IP address to your allowlist:

  • 136.113.208.247/32 (new)
  • 34.170.211.100/32
  • 35.222.179.152/32

Reviews will stop working after February 8, 2026 if the new IP is not added to your allowlist.


Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions
Copy link
Contributor

github-actions bot commented Feb 4, 2026

Claude finished @kanbru's task —— View job


PR Review Analysis

Todo List:

  • Read the changed credential.go file
  • Check for automated test files
  • Analyze significance of changes
  • Provide review findings in specified format

Has Go, TypeScript, or Python Changes: Yes
Has Significant Changes: No
Has Automated Tests: No

Findings

  • New constant addition: Adds CredentialFormatBasicAuth = "basic-auth" for HTTP Basic Authentication support
  • Code formatting: Improves alignment of existing credential format constants for better readability
  • Missing credential-specific tests: No test file exists for pkg/model/model/credential.go in the repository
  • Registry integration: Change will be automatically picked up by the model registry system due to existing init() function

Recommendations

  • Add unit tests: Create pkg/model/model/credential_test.go to test credential model functionality including the new constant
  • Verify schema generation: Run go run ./cmd/schemagen -output client/api.yaml to confirm new constant appears in generated schema
  • Test Python client generation: Run go run ./cmd/codegen -input client/api.yaml -gen py:client/python/tabularium to verify new format is included
  • Consider integration test: Add test case in companion chariot backend PR to verify end-to-end Basic Auth header functionality

Job Run

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Fix all issues with AI agents
In `@pkg/model/model/credential.go`:
- Around line 68-73: Duplicate CredentialFormat constants
(FormatEnv/FormatFile/FormatToken) in credential_format.go mirror the
authoritative constants (CredentialFormatEnv, CredentialFormatFile,
CredentialFormatToken) in credential.go; remove the dead duplicates or replace
them with aliases to the canonical constants in credential.go, update any
references to use
CredentialFormatEnv/CredentialFormatFile/CredentialFormatToken, and run a build
to ensure no remaining references to the old symbols; keep the new
CredentialFormatAPIAuth and CredentialFormatBasicAuth definitions only in
credential.go so there is a single source of truth.

Comment on lines 68 to +73
// Credential Formats for capabilities to use (and advertise)
CredentialFormatEnv CredentialFormat = "env" // things like tokens can be release into env vars for caps to use
CredentialFormatFile CredentialFormat = "file" // credentials requested as files to be stored at a specific location
CredentialFormatToken CredentialFormat = "token" // returned in a struct for direct use by caps
CredentialFormatAPIAuth CredentialFormat = "api-auth" // API authentication credentials
CredentialFormatEnv CredentialFormat = "env" // things like tokens can be release into env vars for caps to use
CredentialFormatFile CredentialFormat = "file" // credentials requested as files to be stored at a specific location
CredentialFormatToken CredentialFormat = "token" // returned in a struct for direct use by caps
CredentialFormatAPIAuth CredentialFormat = "api-auth" // API authentication credentials
CredentialFormatBasicAuth CredentialFormat = "basic-auth" // HTTP Basic auth Authorization header
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Find CredentialFormat usage patterns
rg -n --type=go "CredentialFormat" -A 2 -B 2

Repository: praetorian-inc/tabularium

Length of output: 3708


🏁 Script executed:

#!/bin/bash
# Look for switch statements or validation on CredentialFormat
rg -n --type=go "switch.*[Cc]redential|case.*[Cc]redential|[Cc]redential.*case"

Repository: praetorian-inc/tabularium

Length of output: 51


🏁 Script executed:

#!/bin/bash
# Check for validation functions or lists that might enumerate format values
rg -n --type=go "Valid|valid|format.*string|credential.*format" | head -50

Repository: praetorian-inc/tabularium

Length of output: 4474


🏁 Script executed:

#!/bin/bash
# Check credential_format.go file completely
cat -n pkg/model/model/credential_format.go

Repository: praetorian-inc/tabularium

Length of output: 433


🏁 Script executed:

#!/bin/bash
# Find CredentialFormatter implementations
rg -n --type=go "type.*CredentialFormatter|func.*Apply.*CredentialFormat"

Repository: praetorian-inc/tabularium

Length of output: 145


🏁 Script executed:

#!/bin/bash
# Search for any code that enumerates or validates credential formats
rg -n --type=go "FormatEnv|FormatFile|FormatToken|CredentialFormatEnv|CredentialFormatFile|CredentialFormatToken|CredentialFormatAPIAuth|CredentialFormatBasicAuth" | head -30

Repository: praetorian-inc/tabularium

Length of output: 1219


🏁 Script executed:

#!/bin/bash
# Search for usages of Format* constants from credential_format.go
rg -n --type=go "FormatEnv|FormatFile|FormatToken" --no-filename | grep -v "credential_format.go"

Repository: praetorian-inc/tabularium

Length of output: 730


🏁 Script executed:

#!/bin/bash
# Search for which credential format constants are actually used in code
rg -n --type=go "CredentialFormat(Env|File|Token|APIAuth|BasicAuth)" | grep -v "credential.go:" | head -20

Repository: praetorian-inc/tabularium

Length of output: 267


🏁 Script executed:

#!/bin/bash
# Check if there are any validation checks on credential format values
rg -n --type=go "switch.*Format|case.*env|case.*file|case.*token|case.*api-auth|case.*basic-auth" -i

Repository: praetorian-inc/tabularium

Length of output: 51


🏁 Script executed:

#!/bin/bash
# Check if the old Format* constants are used anywhere
rg -n --type=go "FormatEnv|FormatFile|FormatToken" --no-heading

Repository: praetorian-inc/tabularium

Length of output: 961


🏁 Script executed:

#!/bin/bash
# Check for any implementations that might handle credential formats
rg -n --type=go "Apply.*Credential|Cleanup()" -A 5 | head -40

Repository: praetorian-inc/tabularium

Length of output: 413


🏁 Script executed:

#!/bin/bash
# Look for where credential formats might be validated or processed
rg -n --type=go "credential.*format|format.*credential" -i -A 3 | head -50

Repository: praetorian-inc/tabularium

Length of output: 4007


Consider consolidating duplicate CredentialFormat constants.

credential_format.go defines unused FormatEnv, FormatFile, and FormatToken constants that mirror those in credential.go lines 69-73. The active constants (with extended formats) live in credential.go; the old ones in credential_format.go are dead code. Either remove the duplicates from credential_format.go or consolidate the definitions to maintain a single source of truth.

Regarding the new "basic-auth" and "api-auth" formats: no downstream validation code rejects them—the formats are used only in struct fields without explicit validation logic.

🤖 Prompt for AI Agents
In `@pkg/model/model/credential.go` around lines 68 - 73, Duplicate
CredentialFormat constants (FormatEnv/FormatFile/FormatToken) in
credential_format.go mirror the authoritative constants (CredentialFormatEnv,
CredentialFormatFile, CredentialFormatToken) in credential.go; remove the dead
duplicates or replace them with aliases to the canonical constants in
credential.go, update any references to use
CredentialFormatEnv/CredentialFormatFile/CredentialFormatToken, and run a build
to ensure no remaining references to the old symbols; keep the new
CredentialFormatAPIAuth and CredentialFormatBasicAuth definitions only in
credential.go so there is a single source of truth.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants