• feat: add legacy API key scope compatibility #20021
• fix: improve RBAC scope allow list handling for create actions #20008
• feat: add API key metadata to audit logs #19996
• feat: add scope enforcement metrics to RBAC authorizer #19991
• feat: add scoped token support to CLI #19985
• feat: add API endpoint to update token API keys #19983
• feat: add allow list to API keys #19972
• feat: add allow_list to resource-scoped API tokens #19964
• feat: implement composite API key scopes for workspaces and templates #19945
• feat: publish RBAC scopes in OAuth2 metadata endpoints #19942
• feat: add multi-scope support to API keys #19917
• feat: add external API key scopes #19916
• feat: add public RBAC scope catalog for user-requestable permissions #19913 👈(View in Graphite)
• feat: generate RBAC scope name constants #19896
• feat: add lint check for API key scope enum completeness #19862
• feat: implement API key scopes database migration #19861
• chore: upgrade Node.js from 20.19.4 to 22.19.0 and update dependencies #19870
• main

This stack of pull requests is managed byGraphite. Learn more aboutstacking.

The namePublicLowLevel feels strange. We could probably just call itPublic? OrExternal to mirror theInternal language you have in the comments.

I updated it toIsPublicScope andPublicScopeNames in#19917.
I'll look into splitting off those changes and squashing them into this PR.

OrExternal to mirror theInternal language you have in the comments.

I don'treally have a preference here. When I initially named it, I was thinking ofpublic andprivate regarding OOP and field access. I am happy to rename it to better match our existing (user-facing) nomenclature.

Merge activity

• Sep 26, 9:30 AM UTC: A user started a stack merge that includes this pull request viaGraphite.
• Sep 26, 9:30 AM UTC:@ThomasK33 merged this pull request withGraphite.