Pam revamp#7015
Draft
sheensantoscapadngan wants to merge 229 commits into
Draft
Conversation
Recoverable from 08b0e6e for the phase-2 rebuild. Removed services: pam-account, pam-account-policy, pam-discovery, pam-domain, pam-folder, pam-insights, pam-project-recording-config, pam-resource (+ all per-protocol modules), pam-session, pam-session-recording-storage, pam-web-access, pam-account-rotation, pam-session-expiration, and all their routers. Unwired DI/routes and decoupled gateway from PAM. Kept generated schemas, the four PAM enum files, and the new revamp code.
feat(pam): revamp checkpoint 1 -- schema, migration, and project bootstrap
… error handler
Rename backendPid to nativeConnectionId across backend and frontend
for database-agnostic terminology. Add conn.on("error") handler to
MySQL metadata one-shot connections matching the Postgres pattern.
…xplorer components
feature(pam): windows RDP support and S3 recording overrides
|
Preview deployment for your docs. Learn more about Mintlify Previews.
💡 Tip: Enable Workflows to automatically generate PRs for you. |
* feat(pam): add command blocking and session log masking support - Register CommandBlocking as a gateway-enforced policy with appliesTo: [SSH] - Add TextAreaPolicyEditor for multi-line regex pattern input - Wire policyRules into the session credentials endpoint so the gateway receives command blocking and masking patterns - Add session log masking textarea to the template System Settings card - Fix SSH session log display (decode base64 data field) * fix(pam): specify RE2 regex syntax in policy and masking descriptions * fix(pam): prettier line break and UTF-8 safe base64 decode for session logs * fix(pam): prettier formatting for masking description * fix(pam): simplify UI descriptions and remove pattern count * fix(pam): simplify masking description * fix(pam): prettier formatting for policy description * fix(pam): improve placeholder examples and masking description * fix(pam): consistent description style between command blocking and masking * fix(pam): add non-key-value example to masking placeholder * fix(pam): add RE2 syntax reference link to pattern descriptions * fix(pam): consistent RE2 syntax reference link for both pattern fields * fix(pam): prettier formatting * refactor(pam): extract PatternRuleEditor from TextAreaPolicyEditor TextAreaPolicyEditor is now a generic textarea editor. PatternRuleEditor wraps it with RE2 syntax reference link. Both command blocking and session log masking use PatternRuleEditor. * fix(pam): remove SSH mention from command blocking description * fix(pam): restore placeholder examples for pattern editors * fix(pam): single shared placeholder in PatternRuleEditor * fix(pam): use real-world examples in pattern placeholder * fix(pam): prettier formatting for PatternRuleEditor * refactor(pam): move policyRules schema to shared pam-policies module * refactor(pam): extract shared splitPatternString helper * feat(pam): add RE2 regex validation and drop RE2 mention from descriptions * refactor(pam): consolidate PatternRuleEditor into TextAreaPolicyEditor * refactor(pam): replace hardcoded strings with enum and constant for policy rule keys * refactor(pam): add PamSettingType enum, replace standalone constant * fix(pam): lint fixes for no-new rule and prettier formatting * fix(pam): prettier formatting for policyEditors index * appliesto * refactor(pam): nest masking under settings, inline validation errors, migration fix - Nest sessionLogMaskingPatterns under settings in form schema to match DB structure - Separate input/output schemas (PamTemplateSettingsInputSchema with RE2 refine for create/update, PamTemplateSettingsSchema with plain z.string for response serialization) - Use Controller for masking field to enable inline error rendering via setError - Suppress global validation toast with skipValidationToast, show actual backend error messages for policy validation failures - Bump PAM revamp migration timestamp to run after KMS exportable migration - Revert unintended package.json changes --------- Co-authored-by: x <x@MacBook-Air.local>
…r-mysql-web-access feat(pam): add MySQL web access data explorer
Use project-level GET /projects/:id/memberships/identities API instead of PAM-specific endpoint + org identity query. Removes redundant second API call for name resolution, consistent with Members and Groups tabs. Also removes BotIcon from empty state and try-catch from delete handler to match the other two tabs. Updates PAM CLAUDE.md auth mode docs.
Reverts the identity API change in AssignAccessModal to keep all three member types (users, groups, identities) using the same org list + PAM list pattern within this file.
…r-machine-identity-in-pam feat(pam): add machine identity support to PAM
feat(pam): add Windows AD account type with multi-host selection
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Context
Screenshots
Steps to verify the change
Type
Checklist
type(scope): short description(scope is optional, e.g.,fix: prevent crash on syncorfix(api): handle null response).