feat: ListCurrentUserPATs and GetCurrentUserPAT proto

[AmanGIT07]

Summary by CodeRabbit

• New Features
  • Added endpoints to list and retrieve current user Personal Access Tokens with advanced filtering and pagination support.
  • Extended Personal Access Token information with role and project associations, plus update timestamp tracking.

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request extends the Frontier Service API with new Personal Access Token (PAT) management capabilities by adding list and get RPC endpoints, along with corresponding request/response message types, and enhances the PAT data model with role, project, and timestamp fields.

Changes

Cohort / File(s)	Summary
New PAT RPC Endpoints raystack/frontier/v1beta1/frontier.proto	Added ListCurrentUserPATs and GetCurrentUserPAT RPC methods with corresponding request/response message types (ListCurrentUserPATsRequest, ListCurrentUserPATsResponse, GetCurrentUserPATRequest, GetCurrentUserPATResponse) to support querying PATs with filtering and pagination.
PAT Model Extension raystack/frontier/v1beta1/models.proto	Extended PAT message with three new fields: role_ids (repeated string), project_ids (repeated string), and updated_at (timestamp marked as output-only).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• fix(frontier): remove leftover grpc-gateway annotations from PAT model #445: Modifies the PAT message in models.proto to adjust the updated_at field annotations and remove grpc-gateway annotations.
• feat: add CreateCurrentUserPAT RPC #443: Adds PAT-related RPC endpoints to FrontierService and extends PAT message types, overlapping with this PR's scope.

Suggested reviewers

• rohilsurana
• whoAbhishekSah

Poem

🐰 ✨ A bunny hops through tokens bright,
Listing, getting, shining light,
Roles and projects now align,
Timestamps mark when updates shine!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main changes: adding ListCurrentUserPATs and GetCurrentUserPAT RPC endpoints to the proto file.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/list-and-get-pat-rpc-proto

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

raystack/frontier/v1beta1/frontier.proto (1)

2879-2884: Consider adding org_id for API consistency.

GetCurrentUserPATRequest only requires id, while ListCurrentUserPATsRequest requires org_id. This creates an asymmetry in the API surface.

While the PAT id is likely globally unique (UUID), including org_id would:

1. Maintain consistency with the list endpoint
2. Enable explicit org-level authorization checks
3. Follow the pattern used by similar requests like GetServiceUserRequest and GetOrganizationInvitationRequest

If the omission is intentional (e.g., PAT lookup by UUID is sufficient), please confirm and disregard.

Suggested change

 message GetCurrentUserPATRequest {
   string id = 1 [
     (validate.rules).string.uuid = true,
     (google.api.field_behavior) = REQUIRED
   ];
+  string org_id = 2 [
+    (validate.rules).string.uuid = true,
+    (google.api.field_behavior) = REQUIRED
+  ];
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@raystack/frontier/v1beta1/frontier.proto` around lines 2879 - 2884, Add an
org_id field to the GetCurrentUserPATRequest message to match
ListCurrentUserPATsRequest and enable org-level authorization: in message
GetCurrentUserPATRequest, add a second field like `string org_id = 2
[(validate.rules).string.uuid = true, (google.api.field_behavior) = REQUIRED];`
so both id and org_id are present (refer to GetServiceUserRequest and
GetOrganizationInvitationRequest for the same pattern).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@raystack/frontier/v1beta1/frontier.proto`:
- Around line 2879-2884: Add an org_id field to the GetCurrentUserPATRequest
message to match ListCurrentUserPATsRequest and enable org-level authorization:
in message GetCurrentUserPATRequest, add a second field like `string org_id = 2
[(validate.rules).string.uuid = true, (google.api.field_behavior) = REQUIRED];`
so both id and org_id are present (refer to GetServiceUserRequest and
GetOrganizationInvitationRequest for the same pattern).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b8e96487-0684-4237-91b8-f825ade2a16b

📥 Commits

Reviewing files that changed from the base of the PR and between d8accdc and 2416855.

📒 Files selected for processing (2)

• raystack/frontier/v1beta1/frontier.proto
• raystack/frontier/v1beta1/models.proto