All files / src/entities/deploy-keys schema-readonly.ts

100% Statements 8/8
100% Branches 3/3
100% Functions 1/1
100% Lines 8/8

Press n or j to go to the next uncovered block, b, p or k for the previous block. 



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
5417x
17x
 
 
 
 
 
 
 
 
 
17x
 
 
17x
 
 
17x
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
17x
 
 
 
 
 
 
 
 
17x
 
 
5x
 
 
 
 
 
 
 
 
import { z } from 'zod';
import { requiredId, paginationFields, flexibleBoolean } from '../utils';
 
// ============================================================================
// browse_deploy_keys - CQRS Query Tool (discriminated union schema)
// Actions: list, get
//
// Deploy keys are SSH public keys that grant a project read (or read/write)
// repository access without a user PAT — used by CI/automation to clone/push.
// ============================================================================
 
export const projectIdField = requiredId.describe(
  "Project ID or URL-encoded path (e.g. 'group/project' or '123').",
);
export const keyIdField = z.coerce.number().int().positive().describe('Numeric deploy key ID.');
 
// --- Action: list ---
const ListDeployKeysSchema = z.object({
  action: z
    .literal('list')
    .describe(
      'List deploy keys. With project_id: the keys on that project. Without project_id: all deploy keys across the instance (requires admin).',
    ),
  project_id: requiredId
    .optional()
    .describe('Project to list keys for. Omit to list all instance deploy keys (admin only).'),
  public: flexibleBoolean
    .optional()
    .describe('Instance list only: when true, return only the public (non-sensitive) fields.'),
  ...paginationFields(),
});
 
// --- Action: get ---
const GetDeployKeySchema = z.object({
  action: z.literal('get').describe('Get a single project deploy key by ID'),
  project_id: projectIdField,
  key_id: keyIdField,
});
 
// --- Discriminated union combining all actions ---
// `public` only applies to the instance-wide list (GET /deploy_keys); the
// project-scoped endpoint rejects it, so forbid the nonsensical combination.
export const BrowseDeployKeysSchema = z
  .discriminatedUnion('action', [ListDeployKeysSchema, GetDeployKeySchema])
  .refine(
    (data) => data.action !== 'list' || data.public === undefined || data.project_id === undefined,
    {
      message: 'public is only valid for the instance-wide list (omit project_id)',
      path: ['public'],
    },
  );
 
export type BrowseDeployKeysInput = z.infer<typeof BrowseDeployKeysSchema>;
 
Code coverage generated by istanbul at 2026-06-22T12:07:14.959Z