feat(model): add CredentialFormatBasicAuth for HTTP Basic auth headers

[kanbru]

Summary

• Add CredentialFormatBasicAuth constant to support HTTP Basic Authentication via Authorization headers
• Enables Burp DAST scanning with credentials as headers instead of form-fill application logins
• Part of a multi-repo change (companion PR in chariot backend)

Test plan

• Verify schema generation works with new constant
• Verify Python client generation includes new format

[chatgpt-codex-connector]

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.

[github-actions]

Claude finished @kanbru's task —— View job

---

Code Review Analysis

Todo List:

• Read the changed credential.go file
• Check for automated test files
• Analyze significance of changes
• Provide review findings in specified format

Has Go, TypeScript, or Python Changes: Yes
Has Significant Changes: No
Has Automated Tests: No

Findings

• New constant addition: Adds CredentialFormatBasicAuth = "basic-auth" for HTTP Basic Authentication support
• Code formatting: Improves alignment of existing credential format constants for better readability
• Missing credential-specific tests: No test file exists for pkg/model/model/credential.go in the repository
• Registry integration: Change will be automatically picked up by the model registry system due to existing init() function

Recommendations

• Add unit tests: Create pkg/model/model/credential_test.go to test credential model functionality including the new constant
• Verify schema generation: Run go run ./cmd/schemagen -output client/api.yaml to confirm new constant appears in generated schema
• Test Python client generation: Run go run ./cmd/codegen -input client/api.yaml -gen py:client/python/tabularium to verify new format is included
• Consider integration test: Add test case in companion chariot backend PR to verify end-to-end Basic Auth header functionality

---

Job Run

[coderabbitai]

Walkthrough

A new credential format constant was added: CredentialFormatBasicAuth with value "basic-auth" to represent HTTP Basic authentication. Existing CredentialFormat constant definitions received minor alignment/style adjustments; no functional logic or control flow was changed.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/basic-auth-credential-format

Important

Action Needed: IP Allowlist Update

If your organization protects your Git platform with IP whitelisting, please add the new CodeRabbit IP address to your allowlist:

• ✨ 136.113.208.247/32 (new)
• 34.170.211.100/32
• 35.222.179.152/32

Reviews will stop working after February 8, 2026 if the new IP is not added to your allowlist.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Claude finished @kanbru's task —— View job

---

PR Review Analysis

Todo List:

• Read the changed credential.go file
• Check for automated test files
• Analyze significance of changes
• Provide review findings in specified format

Has Go, TypeScript, or Python Changes: Yes
Has Significant Changes: No
Has Automated Tests: No

Findings

• New constant addition: Adds CredentialFormatBasicAuth = "basic-auth" for HTTP Basic Authentication support
• Code formatting: Improves alignment of existing credential format constants for better readability
• Missing credential-specific tests: No test file exists for pkg/model/model/credential.go in the repository
• Registry integration: Change will be automatically picked up by the model registry system due to existing init() function

Recommendations

• Add unit tests: Create pkg/model/model/credential_test.go to test credential model functionality including the new constant
• Verify schema generation: Run go run ./cmd/schemagen -output client/api.yaml to confirm new constant appears in generated schema
• Test Python client generation: Run go run ./cmd/codegen -input client/api.yaml -gen py:client/python/tabularium to verify new format is included
• Consider integration test: Add test case in companion chariot backend PR to verify end-to-end Basic Auth header functionality

---

Job Run

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@pkg/model/model/credential.go`:
- Around line 68-73: Duplicate CredentialFormat constants
(FormatEnv/FormatFile/FormatToken) in credential_format.go mirror the
authoritative constants (CredentialFormatEnv, CredentialFormatFile,
CredentialFormatToken) in credential.go; remove the dead duplicates or replace
them with aliases to the canonical constants in credential.go, update any
references to use
CredentialFormatEnv/CredentialFormatFile/CredentialFormatToken, and run a build
to ensure no remaining references to the old symbols; keep the new
CredentialFormatAPIAuth and CredentialFormatBasicAuth definitions only in
credential.go so there is a single source of truth.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Find CredentialFormat usage patterns
rg -n --type=go "CredentialFormat" -A 2 -B 2

Repository: praetorian-inc/tabularium

Length of output: 3708

---

🏁 Script executed:

#!/bin/bash
# Look for switch statements or validation on CredentialFormat
rg -n --type=go "switch.*[Cc]redential|case.*[Cc]redential|[Cc]redential.*case"

Repository: praetorian-inc/tabularium

Length of output: 51

---

🏁 Script executed:

#!/bin/bash
# Check for validation functions or lists that might enumerate format values
rg -n --type=go "Valid|valid|format.*string|credential.*format" | head -50

Repository: praetorian-inc/tabularium

Length of output: 4474

---

🏁 Script executed:

#!/bin/bash
# Check credential_format.go file completely
cat -n pkg/model/model/credential_format.go

Repository: praetorian-inc/tabularium

Length of output: 433

---

🏁 Script executed:

#!/bin/bash
# Find CredentialFormatter implementations
rg -n --type=go "type.*CredentialFormatter|func.*Apply.*CredentialFormat"

Repository: praetorian-inc/tabularium

Length of output: 145

---

🏁 Script executed:

#!/bin/bash
# Search for any code that enumerates or validates credential formats
rg -n --type=go "FormatEnv|FormatFile|FormatToken|CredentialFormatEnv|CredentialFormatFile|CredentialFormatToken|CredentialFormatAPIAuth|CredentialFormatBasicAuth" | head -30

Repository: praetorian-inc/tabularium

Length of output: 1219

---

🏁 Script executed:

#!/bin/bash
# Search for usages of Format* constants from credential_format.go
rg -n --type=go "FormatEnv|FormatFile|FormatToken" --no-filename | grep -v "credential_format.go"

Repository: praetorian-inc/tabularium

Length of output: 730

---

🏁 Script executed:

#!/bin/bash
# Search for which credential format constants are actually used in code
rg -n --type=go "CredentialFormat(Env|File|Token|APIAuth|BasicAuth)" | grep -v "credential.go:" | head -20

Repository: praetorian-inc/tabularium

Length of output: 267

---

🏁 Script executed:

#!/bin/bash
# Check if there are any validation checks on credential format values
rg -n --type=go "switch.*Format|case.*env|case.*file|case.*token|case.*api-auth|case.*basic-auth" -i

Repository: praetorian-inc/tabularium

Length of output: 51

---

🏁 Script executed:

#!/bin/bash
# Check if the old Format* constants are used anywhere
rg -n --type=go "FormatEnv|FormatFile|FormatToken" --no-heading

Repository: praetorian-inc/tabularium

Length of output: 961

---

🏁 Script executed:

#!/bin/bash
# Check for any implementations that might handle credential formats
rg -n --type=go "Apply.*Credential|Cleanup()" -A 5 | head -40

Repository: praetorian-inc/tabularium

Length of output: 413

---

🏁 Script executed:

#!/bin/bash
# Look for where credential formats might be validated or processed
rg -n --type=go "credential.*format|format.*credential" -i -A 3 | head -50

Repository: praetorian-inc/tabularium

Length of output: 4007

---

Consider consolidating duplicate CredentialFormat constants.

credential_format.go defines unused FormatEnv, FormatFile, and FormatToken constants that mirror those in credential.go lines 69-73. The active constants (with extended formats) live in credential.go; the old ones in credential_format.go are dead code. Either remove the duplicates from credential_format.go or consolidate the definitions to maintain a single source of truth.

Regarding the new "basic-auth" and "api-auth" formats: no downstream validation code rejects them—the formats are used only in struct fields without explicit validation logic.

🤖 Prompt for AI Agents

In `@pkg/model/model/credential.go` around lines 68 - 73, Duplicate
CredentialFormat constants (FormatEnv/FormatFile/FormatToken) in
credential_format.go mirror the authoritative constants (CredentialFormatEnv,
CredentialFormatFile, CredentialFormatToken) in credential.go; remove the dead
duplicates or replace them with aliases to the canonical constants in
credential.go, update any references to use
CredentialFormatEnv/CredentialFormatFile/CredentialFormatToken, and run a build
to ensure no remaining references to the old symbols; keep the new
CredentialFormatAPIAuth and CredentialFormatBasicAuth definitions only in
credential.go so there is a single source of truth.