Skip to content

Fix key routes for base64 public keys#244

Open
naturedesk wants to merge 1 commit into
tinyhumansai:mainfrom
naturedesk:fix/keys-public-key-route-and-bounty-diagnostics
Open

Fix key routes for base64 public keys#244
naturedesk wants to merge 1 commit into
tinyhumansai:mainfrom
naturedesk:fix/keys-public-key-route-and-bounty-diagnostics

Conversation

@naturedesk

@naturedesk naturedesk commented Jul 11, 2026

Copy link
Copy Markdown
Contributor

Summary

  • route base64 public keys through /keys/by-public-key/<base64url>/... in the TypeScript and Python SDKs while preserving legacy /keys/<agentId>/... paths for handles/ids
  • add coverage for slash-bearing base64 public keys so /, +, and padding are not embedded directly as path segments
  • classify admin approval is not configured as a non-retryable operator/configuration error instead of a transient 503

Verification

  • ./node_modules/.bin/vitest run tests/keys.test.ts tests/tinyplace-error.test.ts
  • ./node_modules/.bin/tsc --noEmit
  • uv run --with pytest --with pytest-asyncio pytest -o addopts='' tests/test_api_namespaces.py

Notes

This is the SDK/client half of #213. The live backend still needs to expose and decode the matching /keys/by-public-key/<base64url>/... route for full end-to-end resolution. For #243, this improves the SDK/operator error surface, but the actual payout recovery still requires backend admin approval configuration or platform support.

Refs #213
Refs #243

Summary by CodeRabbit

  • New Features

    • Key-related requests now support public-key identifiers with URL-safe routing across Python and TypeScript SDKs.
    • Added a distinct admin_not_configured error classification with guidance indicating that the issue is not retryable.
  • Bug Fixes

    • Improved handling of base64 public keys in key endpoint URLs while preserving the original agent identity in request metadata.
    • Added coverage for key routing and administrator-configuration error behavior.

@vercel

vercel Bot commented Jul 11, 2026

Copy link
Copy Markdown

@naturedesk is attempting to deploy a commit to the Vezures Team on Vercel.

A member of the Team first needs to authorize it.

@coderabbitai

coderabbitai Bot commented Jul 11, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

The SDKs now route base64-like public keys through URL-safe key paths in Python and TypeScript. TypeScript error classification also adds the non-retryable admin_not_configured category for missing admin approval configuration.

Changes

Public-key key routing

Layer / File(s) Summary
TypeScript key route construction
sdk/typescript/src/api/keys.ts, sdk/typescript/tests/keys.test.ts
Key operations use shared routing helpers to produce URL-safe by-public-key paths, while preserving request headers.
Python key route construction
sdk/python/src/tinyplace/api/keys.py, sdk/python/tests/test_api_namespaces.py
Python key operations apply equivalent base64-to-base64url routing and verify all affected endpoints.

Admin configuration error classification

Layer / File(s) Summary
Admin configuration error classification
sdk/typescript/src/errors.ts, sdk/typescript/tests/tinyplace-error.test.ts
Adds admin_not_configured, its hint and non-retryable metadata, matching precedence, and classification coverage.

Estimated code review effort: 3 (Moderate) | ~20 minutes

Sequence Diagram(s)

sequenceDiagram
  participant Application
  participant KeysApi
  participant KeyRouter
  participant KeysHandler
  Application->>KeysApi: request bundle, health, prekeys, or signed-prekey
  KeysApi->>KeyRouter: construct keyPath(agentId, suffix)
  KeyRouter->>KeysHandler: send URL-safe by-public-key route
  KeysHandler-->>Application: return key operation response
Loading

Poem

A rabbit hops through paths made bright,
Turning plus and slash to flight.
Keys find routes both safe and true,
While errors name what admins should do.
“No retry,” I nibble, “configure with care!” 🐇

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Out of Scope Changes check ⚠️ Warning The new admin_not_configured error classification is unrelated to #213's key-route fix and expands scope beyond the linked issue. Move the admin_not_configured handling into a separate PR or remove it from this patch.
✅ Passed checks (4 passed)
Check name Status Explanation
Linked Issues check ✅ Passed The route changes and tests address #213 by sending base64-like agent IDs through /keys/by-public-key/... while preserving legacy paths.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main change: routing key endpoints for base64 public keys.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@sdk/python/src/tinyplace/api/keys.py`:
- Around line 45-50: Update _looks_like_base64_public_key to match the
TypeScript heuristic exactly: use an ASCII-only regex for the allowed base64
characters and permit zero to two trailing padding characters, while preserving
the existing minimum length and required marker checks. Move or add the re
import at module scope as needed.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e7a50927-0cff-4718-8f45-20753c786940

📥 Commits

Reviewing files that changed from the base of the PR and between adedeb7 and 71eea26.

📒 Files selected for processing (6)
  • sdk/python/src/tinyplace/api/keys.py
  • sdk/python/tests/test_api_namespaces.py
  • sdk/typescript/src/api/keys.ts
  • sdk/typescript/src/errors.ts
  • sdk/typescript/tests/keys.test.ts
  • sdk/typescript/tests/tinyplace-error.test.ts

Comment on lines +45 to +50
def _looks_like_base64_public_key(value: str) -> bool:
if len(value) < 40 or not any(marker in value for marker in "+/="):
return False
return all(char.isalnum() or char in "+/=" for char in value) and (
value.rstrip("=").count("=") == 0
)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Align _looks_like_base64_public_key with the TypeScript heuristic for cross-language parity.

The Python validation is more permissive than the TypeScript looksLikeBase64PublicKey in two ways: char.isalnum() is Unicode-aware (vs ASCII-only [A-Za-z0-9]), and there's no limit on trailing = count (vs {0,2}). A 40+ char string with 3+ trailing = or Unicode letters would pass Python but fail TypeScript, causing the SDKs to route the same input differently — undermining the PR's cross-language routing goal.

Using a regex matching the TypeScript implementation closes both gaps:

🔧 Proposed fix for cross-language parity
 def _looks_like_base64_public_key(value: str) -> bool:
     if len(value) < 40 or not any(marker in value for marker in "+/="):
         return False
-    return all(char.isalnum() or char in "+/=" for char in value) and (
-        value.rstrip("=").count("=") == 0
-    )
+    import re
+    return bool(re.fullmatch(r"[A-Za-z0-9+/]+={0,2}", value))

Move the import re to the top of the file if not already present.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
def _looks_like_base64_public_key(value: str) -> bool:
if len(value) < 40 or not any(marker in value for marker in "+/="):
return False
return all(char.isalnum() or char in "+/=" for char in value) and (
value.rstrip("=").count("=") == 0
)
def _looks_like_base64_public_key(value: str) -> bool:
if len(value) < 40 or not any(marker in value for marker in "+/="):
return False
import re
return bool(re.fullmatch(r"[A-Za-z0-9+/]+={0,2}", value))
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@sdk/python/src/tinyplace/api/keys.py` around lines 45 - 50, Update
_looks_like_base64_public_key to match the TypeScript heuristic exactly: use an
ASCII-only regex for the allowed base64 characters and permit zero to two
trailing padding characters, while preserving the existing minimum length and
required marker checks. Move or add the re import at module scope as needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant