Conversation
dan2k3k4
changed the title
Contributor
There was a problem hiding this comment.
Pull request overview
This PR introduces admin/API features around Sanctum token management, tighter authorization for instance-related API access, and new Lagoon operational tooling/configuration to support richer store/app and instance workflows.
Changes:
- Added Filament admin UI for creating/revoking Sanctum API tokens and enforced
instances.readability via middleware on v1 API routes. - Improved Polydock engine validation/backfill behavior for instance variables (treat
"0"as present; hydrate Lagoon runtime defaults). - Added new Lagoon console commands (run command across instances, trigger deploy) plus store-app UI fields for Lagoon scripts/runtime settings.
Reviewed changes
Copilot reviewed 24 out of 26 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/Unit/PolydockEngine/PolydockEngineTest.php | Adds unit coverage for required-variable validation edge cases ("0" vs ""). |
| tests/Feature/Filament/CreatePolydockAppInstanceTest.php | Import ordering adjustment for Livewire usage in Filament test. |
| tests/Feature/Console/Commands/RunLagoonCommandOnAppInstancesTest.php | Adds feature tests for the new “run Lagoon command on instances” console command. |
| tests/Feature/Api/InstancesApiAuthTest.php | Adds feature tests asserting legacy register endpoints remain public and v1 instance status is token-protected. |
| routes/api.php | Introduces v1 API route group protected by Sanctum + new ability middleware. |
| package-lock.json | Updates npm lockfile (notably minimatch and transitive deps). |
| config/polydock.php | Changes service provider debug configuration. |
| composer.lock | Updates PHP dependency lockfile for new/updated packages. |
| composer.json | Adds/bumps Polydock app and Lagoon client dependencies. |
| app/PolydockServiceProviders/PolydockServiceProviderFTLagoon.php | Improves token fetch error handling + throws on missing token with debug context. |
| app/PolydockEngine/Engine.php | Overrides required-variable validation and backfills Lagoon runtime defaults during instance processing. |
| app/Models/User.php | Enables Sanctum API tokens on User model (HasApiTokens). |
| app/Models/PolydockStoreApp.php | Defaults lagoon_production_environment accessor to main. |
| app/Http/Middleware/EnsureInstancesReadAbility.php | New middleware enforcing instances.read (or *) token ability. |
| app/Http/Controllers/Api/RegisterController.php | Ensures result_data is always an array and includes Lagoon metadata fields when available. |
| app/Filament/Admin/Resources/UserRemoteRegistrationResource/Pages/ViewUserRemoteRegistration.php | Prevents null URL generation when registration has no instance. |
| app/Filament/Admin/Resources/UserRemoteRegistrationResource.php | Removes unused import. |
| app/Filament/Admin/Resources/PolydockStoreAppResource/Pages/EditPolydockStoreApp.php | Loads/persists Lagoon runtime settings into app_config. |
| app/Filament/Admin/Resources/PolydockStoreAppResource/Pages/CreatePolydockStoreApp.php | Persists Lagoon runtime defaults into app_config on create. |
| app/Filament/Admin/Resources/PolydockStoreAppResource.php | Adds Lagoon script configuration + runtime settings fields and displays runtime settings in infolist. |
| app/Filament/Admin/Resources/PolydockAppInstanceResource/Pages/ViewPolydockAppInstance.php | Adds “Trigger Deploy” action and displays last deployment date via Lagoon API/DB fallback. |
| app/Filament/Admin/Resources/ApiTokenResource/Pages/ListApiTokens.php | Adds token creation modal/action within token list page. |
| app/Filament/Admin/Resources/ApiTokenResource.php | New Filament resource listing/revoking Sanctum personal access tokens for Users. |
| app/Console/Commands/TriggerLagoonDeployOnAppInstances.php | New command to trigger Lagoon deploys across running instances (serial + intended concurrency). |
| app/Console/Commands/TriggerLagoonDeployOnAppInstance.php | New command to trigger Lagoon deploy on a single instance. |
| app/Console/Commands/RunLagoonCommandOnAppInstances.php | New command to run an allowlisted Lagoon command across running instances (serial + concurrency worker mode). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
dan2k3k4
force-pushed
the
openclaw-improvements
branch
2 times, most recently
from
95077b1 to
8d845d9
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
This PR introduces Sanctum-based API token management and begins protecting new versioned API endpoints with ability checks, while also extending store/app configuration (notably Lagoon runtime settings and scripts) and updating Lagoon command execution/authentication behavior.
Changes:
- Add Filament admin UI for creating/revoking Sanctum API tokens and introduce
instances.readability enforcement middleware. - Add/adjust v1 API routing and tests around authentication/authorization behavior.
- Extend store app configuration (Lagoon runtime + scripts) and refactor Lagoon console commands to fetch tokens via SSH/config.
Reviewed changes
Copilot reviewed 19 out of 20 changed files in this pull request and generated 15 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/Unit/PolydockEngine/PolydockEngineTest.php | Adds validation coverage for required variables, including "0" vs empty string. |
| tests/Feature/Console/Commands/RunLagoonCommandOnAppInstancesTest.php | Updates Lagoon command tests to use a temp SSH key path and a token fetcher binding. |
| tests/Feature/Api/InstancesApiAuthTest.php | Adds API auth tests for v1 instance status access control. |
| routes/api.php | Adds a /v1 route group protected by Sanctum + ability middleware. |
| composer.json | Adds amazeeio/polydock-app-amazeeclaw and loosens a Polydock app dependency constraint. |
| composer.lock | Locks new dependency and updates multiple packages. |
| app/Models/User.php | Enables Sanctum token creation via HasApiTokens. |
| app/Models/PolydockStoreApp.php | Changes Lagoon production environment default behavior. |
| app/Http/Middleware/EnsureInstancesReadAbility.php | New middleware enforcing instances.read (or *) ability. |
| app/Http/Controllers/Api/RegisterController.php | Enriches showRegister response result_data with Lagoon metadata. |
| app/Filament/Admin/Resources/UserRemoteRegistrationResource/Pages/ViewUserRemoteRegistration.php | Avoids generating a URL when the app instance is missing. |
| app/Filament/Admin/Resources/PolydockStoreAppResource/Pages/EditPolydockStoreApp.php | Persists Lagoon runtime defaults into app_config on edit. |
| app/Filament/Admin/Resources/PolydockStoreAppResource/Pages/CreatePolydockStoreApp.php | Persists Lagoon runtime defaults into app_config on create. |
| app/Filament/Admin/Resources/PolydockStoreAppResource.php | Adds Lagoon scripts + runtime settings to the Filament UI and infolist. |
| app/Filament/Admin/Resources/PolydockAppInstanceResource/Pages/ViewPolydockAppInstance.php | Adds extra validation in the “Trigger Deploy” action (and new imports). |
| app/Filament/Admin/Resources/ApiTokenResource/Pages/ListApiTokens.php | Implements token creation modal and one-time token display. |
| app/Filament/Admin/Resources/ApiTokenResource.php | Adds Filament listing + revoke action for user tokens. |
| app/Console/Commands/TriggerLagoonDeployOnAppInstances.php | Refactors Lagoon deploy command to build client config and fetch tokens directly. |
| app/Console/Commands/TriggerLagoonDeployOnAppInstance.php | Same refactor for single-instance deploy. |
| app/Console/Commands/RunLagoonCommandOnAppInstances.php | Same refactor for running commands across instances and concurrent mode. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
dan2k3k4
force-pushed
the
openclaw-improvements
branch
2 times, most recently
from
8f5c874 to
c711c0b
Compare
…for app management
feat: enhance registration response with additional Lagoon project details
fix: update response keys in RegisterController for consistency with underscore naming convention
fix error for missing lagoon-auto-idle variables, including tests
feat: add Lagoon runtime settings to Polydock Store App configuration and infolist
feat: implement API token management and access control with middleware
fix: handle null appInstance in user remote registration URL generation
chore: add amazeeio/polydock-app-amazeeclaw dependency to composer.json
chore: update dependencies in composer.json and composer.lock to latest versions
chore: move internal package dependencies to ^0.1
chore: refresh composer lock for v0.1.1 package releases
chore: update polydock-app-amazeeclaw requirement and lockfile so Polydoc consumes the new store-level app-specific configuration field behavior.
chore: update polydock-engine to consume the latest amazeeclaw release and refresh composer.lock via Dockerized composer to keep dependency resolution reproducible.
fix: update route for instance registration and add authentication middleware
fix: changed the route for showing instance registration from '/instances/{uuid}' to '/register/{uuid}' and added a TODO comment regarding future CRUD endpoint implementation.
fix: wrong helpertext for autoIdle - only allow 0/1 (off/on)
chore: artisan add trigger lagoon deploy and run lagoon commands on app instances
chore: add a button to trigger a deploy from app instance
chore: use upstream lib Ssh code
chore: add support for buildVariables
chore: update error handling for trigger deploy
chore: trigger deploy via api instead of lagoon cli
chore: only cache token for 2min
chore: enable debug with env var options
chore: fix concurrent calling
chore: create and cleanup ssh keys in tests
chore: implement getSearchResultsUsing to prevent memory-heavy query
chore: lookup uuid for instance
dan2k3k4
force-pushed
the
openclaw-improvements
branch
from
c711c0b to
300e01b
Compare
dan2k3k4
added a commit
that referenced
this pull request
Mar 17, 2026
…re/app configuration (#68) feat: add Lagoon Script Configuration section with lifecycle scripts for app management feat: enhance registration response with additional Lagoon project details fix: update response keys in RegisterController for consistency with underscore naming convention fix error for missing lagoon-auto-idle variables, including tests feat: add Lagoon runtime settings to Polydock Store App configuration and infolist feat: implement API token management and access control with middleware fix: handle null appInstance in user remote registration URL generation chore: add amazeeio/polydock-app-amazeeclaw dependency to composer.json chore: update dependencies in composer.json and composer.lock to latest versions chore: move internal package dependencies to ^0.1 chore: refresh composer lock for v0.1.1 package releases chore: update polydock-app-amazeeclaw requirement and lockfile so Polydoc consumes the new store-level app-specific configuration field behavior. chore: update polydock-engine to consume the latest amazeeclaw release and refresh composer.lock via Dockerized composer to keep dependency resolution reproducible. fix: update route for instance registration and add authentication middleware fix: changed the route for showing instance registration from '/instances/{uuid}' to '/register/{uuid}' and added a TODO comment regarding future CRUD endpoint implementation. fix: wrong helpertext for autoIdle - only allow 0/1 (off/on) chore: artisan add trigger lagoon deploy and run lagoon commands on app instances chore: add a button to trigger a deploy from app instance chore: use upstream lib Ssh code chore: add support for buildVariables chore: update error handling for trigger deploy chore: trigger deploy via api instead of lagoon cli chore: only cache token for 2min chore: enable debug with env var options chore: fix concurrent calling chore: create and cleanup ssh keys in tests chore: implement getSearchResultsUsing to prevent memory-heavy query chore: lookup uuid for instance --------- Co-authored-by: Michael Schmid <michael.schmid@amazee.io>
dan2k3k4
added a commit
that referenced
this pull request
Mar 17, 2026
* feat: Trigger Lagoon Deployments for App Instances (#56) * chore: artisan add trigger lagoon deploy and run lagoon commands on app instances * chore: add a button to trigger a deploy from app instance * Use upstream lib Ssh code * chore: add support for buildVariables * chore: only cache token for 2min * chore: tweak label Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * chore: fix deploy cmd Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * chore: cleanup test ssh Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * chore: run pint * feat: add api token management, app class discovery, and enhanced store/app configuration (#68) feat: add Lagoon Script Configuration section with lifecycle scripts for app management feat: enhance registration response with additional Lagoon project details fix: update response keys in RegisterController for consistency with underscore naming convention fix error for missing lagoon-auto-idle variables, including tests feat: add Lagoon runtime settings to Polydock Store App configuration and infolist feat: implement API token management and access control with middleware fix: handle null appInstance in user remote registration URL generation chore: add amazeeio/polydock-app-amazeeclaw dependency to composer.json chore: update dependencies in composer.json and composer.lock to latest versions chore: move internal package dependencies to ^0.1 chore: refresh composer lock for v0.1.1 package releases chore: update polydock-app-amazeeclaw requirement and lockfile so Polydoc consumes the new store-level app-specific configuration field behavior. chore: update polydock-engine to consume the latest amazeeclaw release and refresh composer.lock via Dockerized composer to keep dependency resolution reproducible. fix: update route for instance registration and add authentication middleware fix: changed the route for showing instance registration from '/instances/{uuid}' to '/register/{uuid}' and added a TODO comment regarding future CRUD endpoint implementation. fix: wrong helpertext for autoIdle - only allow 0/1 (off/on) chore: artisan add trigger lagoon deploy and run lagoon commands on app instances chore: add a button to trigger a deploy from app instance chore: use upstream lib Ssh code chore: add support for buildVariables chore: update error handling for trigger deploy chore: trigger deploy via api instead of lagoon cli chore: only cache token for 2min chore: enable debug with env var options chore: fix concurrent calling chore: create and cleanup ssh keys in tests chore: implement getSearchResultsUsing to prevent memory-heavy query chore: lookup uuid for instance --------- Co-authored-by: Michael Schmid <michael.schmid@amazee.io> * chore: Adds wildcards to allow removing multiple emails at once (#31) * Adds wildcards * chore: update app/Console/Commands/RemoveAppInstancesByEmail.php --------- Co-authored-by: Blaize Kaye <blaize.kaye@amazee.io> Co-authored-by: Dan Lemon <daniel.lemon@amazee.io> * chore: add scramble docs / openapi endpoint (#91) * chore: add endpoints for moad - chore: switch to scramble - chore: force openapi output to be `api/openapi.json` endpoint * chore: check for running instance Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * chore: bump deps * Bump league/commonmark from 2.8.0 to 2.8.1 (#92) Bumps [league/commonmark](https://github.com/thephpleague/commonmark) from 2.8.0 to 2.8.1. - [Release notes](https://github.com/thephpleague/commonmark/releases) - [Changelog](https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md) - [Commits](thephpleague/commonmark@2.8.0...2.8.1) --- updated-dependencies: - dependency-name: league/commonmark dependency-version: 2.8.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump rollup from 4.53.5 to 4.59.0 (#89) Bumps [rollup](https://github.com/rollup/rollup) from 4.53.5 to 4.59.0. - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.53.5...v4.59.0) --- updated-dependencies: - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump minimatch and editorconfig (#90) Bumps [minimatch](https://github.com/isaacs/minimatch) and [editorconfig](https://github.com/editorconfig/editorconfig-core-js). These dependencies needed to be updated together. Updates `minimatch` from 9.0.1 to 9.0.7 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v9.0.1...v9.0.7) Updates `editorconfig` from 1.0.4 to 1.0.7 - [Release notes](https://github.com/editorconfig/editorconfig-core-js/releases) - [Changelog](https://github.com/editorconfig/editorconfig-core-js/blob/main/CHANGELOG.md) - [Commits](editorconfig/editorconfig-core-js@v1.0.4...v1.0.7) --- updated-dependencies: - dependency-name: minimatch dependency-version: 9.0.7 dependency-type: indirect - dependency-name: editorconfig dependency-version: 1.0.7 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: fix import of DB facade Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Add feature tests for TriggerLagoonDeployOnAppInstances command (#101) * Initial plan * feat: add TriggerLagoonDeployOnAppInstancesTest feature tests Co-authored-by: dan2k3k4 <158704+dan2k3k4@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: dan2k3k4 <158704+dan2k3k4@users.noreply.github.com> * Pre-fetch Lagoon token once in coordinator to avoid per-worker SSH bursts (#100) * Initial plan * Pre-fetch Lagoon token once in coordinator; pass to concurrent workers via env var Co-authored-by: dan2k3k4 <158704+dan2k3k4@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: dan2k3k4 <158704+dan2k3k4@users.noreply.github.com> * chore: trigger deploy Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * chore: enhance validation Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Enforce Sanctum token abilities on authenticated API routes (#102) * Initial plan * feat: apply instances.read/write ability middleware to API routes Co-authored-by: dan2k3k4 <158704+dan2k3k4@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: dan2k3k4 <158704+dan2k3k4@users.noreply.github.com> * chore: fix tests * fix: use isolated temp directory for SSH key in skipped-metadata test (#103) * Initial plan * fix: use temp directory for key file in test_it_skips_instances_missing_metadata Co-authored-by: dan2k3k4 <158704+dan2k3k4@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: dan2k3k4 <158704+dan2k3k4@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: Michael Schmid <michael.schmid@amazee.io> Co-authored-by: Blaize Kaye <blaize.kaye@gmail.com> Co-authored-by: Blaize Kaye <blaize.kaye@amazee.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: dan2k3k4 <158704+dan2k3k4@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Introduces several major features and improvements:
New Features
ApiTokenResource) for creating and revoking API tokens with granular abilities (instances.read, instances.write, *)Store App Enhancements
polydock_app_classto a searchable dropdown with auto-discovered classesapp_configJSON column for storing app-specific settingslagoon_auto_idleandlagoon_production_environmentStore Security Improvements
EnsureInstancesReadAbilityfor token ability enforcementUI Improvements
Bug Fixes
AmazeeAiBackendRegionIdExtto return nullable string