The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
docs	Skipped		Jun 11, 2026 4:58pm

️✅ There are no secrets present in this pull request anymore.

If these secrets were true positive and are still valid, we highly recommend you to revoke them.
While these secrets were previously flagged, we no longer have a reference to the
specific commits where they were detected. Once a secret has been leaked into a git
repository, you should consider it compromised, even if it was deleted immediately.
Find here more information about risks.

^{_{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}}

PR Summary

High Risk
Touches encrypted credential storage, key selection for all provider requests, and a breaking DB uniqueness change; rotation is per-process so load spread varies across instances.

Overview
Workspaces can store up to 10 BYOK keys per provider (with optional labels) instead of one. A migration drops the (workspace_id, provider_id) unique constraint, adds a nullable name column, and adds a composite lookup index.

Runtime: getBYOKKey loads all keys for a provider in creation order and round-robins via an in-process cursor; decrypt failures skip to the next key. Existing call sites stay unchanged.

API: GET returns every key with name; POST accepts optional keyId (update in place) or adds a new key under a transactional cap with advisory locking; DELETE accepts optional keyId (one key vs all for the provider).

UI: Workspace BYOK settings use multi-key mode—per-provider Manage modal, named keys, per-key update/delete—while the enterprise mothership tab keeps single-key behavior on the shared BYOKKeyManager.

Unit tests cover route semantics and rotation behavior.

^{Reviewed by Cursor Bugbot for commit 3f6e3e7. Configure here.}

Greptile Summary

This PR upgrades workspace BYOK from one key per provider to a pool of up to 10 keys per provider, with round-robin rotation handled entirely in-process inside getBYOKKey. The previous (workspace_id, provider_id) unique index is dropped and replaced by an advisory-lock-serialized cap check inside a DB transaction, so concurrent adds can't bypass the limit.

• Rotation layer (byok.ts): a module-level Map tracks a per-workspaceId:providerId cursor; decrypt failures skip to the next key in the pool without consuming an extra rotation slot.
• Route changes (route.ts): POST now branches on keyId — update-in-place vs. create; create runs inside db.transaction with pg_advisory_xact_lock matching the workspace-env pattern; DELETE accepts an optional keyId to target a single key.
• UI (byok-key-manager.tsx, byok-provider-keys-modal.tsx): BYOKKeyManager gains a multiKey discriminated-union prop; configured providers show a "Manage" button that opens a per-provider key list modal.
• Migration: drops the unique index, adds nullable name column, and replaces the dropped onConflictDoNothing target with an application-level pre-check.

Confidence Score: 5/5

Safe to merge — cap enforcement, rotation logic, and all three route verbs are covered by 24 unit tests, the advisory-lock pattern mirrors existing workspace-env code, and the migration requires no backfill.

All changed paths are well-tested: rotation cycle, per-provider cursor independence, decrypt-failure fallback, and route semantics are each exercised. The concurrent-insert race addressed in previous review iterations is correctly closed with the transaction + advisory lock. The migration correctly replaces the dropped onConflictDoNothing target with an application-level idempotency guard. No unguarded cross-workspace data access or missing validation was found.

No files require special attention.

Important Files Changed

_{Reviews (3): Last reviewed commit: "fix(byok): drop ON CONFLICT on removed u..." | Re-trigger Greptile}

@greptile

@cursor review

@greptile

@cursor review