feat: exposed chat title generation api through api key

[Himanshvarma]

Description

exposed chat title generation api through api key

Summary by CodeRabbit

• New Features
  • Added a POST endpoint to generate chat titles.
  • Introduced a new API key scope ("Generate Chat Title") for granular access control so API keys can be restricted to title-generation only.
  • Endpoint enforces authentication and validates API key scope before allowing title generation.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a new API key scope GENERATE_CHAT_TITLE, registers it in the frontend API key UI, enforces the scope in the backend GenerateChatTitle API when requests use API keys, and wires a POST /chat/generateTitle route with request validation.

Changes

Cohort / File(s)	Summary
Frontend — API Key Scope UI frontend/src/routes/_authenticated/integrations/apiKey.tsx	Added AVAILABLE_SCOPES entry: id = ApiKeyScopes.GENERATE_CHAT_TITLE, name "Generate Chat Title", description "Allows generating titles for chat messages".
Backend — Types server/shared/types.ts	Added GENERATE_CHAT_TITLE = "GENERATE_CHAT_TITLE" to ApiKeyScopes enum.
Backend — API Handler server/api/chat/chat.ts	GenerateChatTitleApi now uses getAuth(c) for auth info, captures authEmail, and when via_apiKey is true enforces GENERATE_CHAT_TITLE scope (returns 403 if missing). Removed workspace lookup for API-key-authenticated path.
Backend — Router server/server.ts	Added POST /chat/generateTitle endpoint (validated by chatTitleSchema) wired to GenerateChatTitleApi in main and consumer-authenticated routers.

Sequence Diagram

sequenceDiagram
    participant Client as API Consumer
    participant Server as Router
    participant Handler as GenerateChatTitleApi
    participant Auth as Auth Module
    participant Validator as Scope Checker

    Client->>Server: POST /chat/generateTitle (payload + API key)
    Server->>Server: Validate body (chatTitleSchema)
    Server->>Handler: Invoke handler
    Handler->>Auth: getAuth(c)
    Auth-->>Handler: { email, via_apiKey, apiKeyScopes? }

    alt via_apiKey == true
        Handler->>Validator: Check GENERATE_CHAT_TITLE in apiKeyScopes
        alt scope present
            Validator-->>Handler: allowed
            Handler->>Handler: Generate title
            Handler-->>Client: 200 OK (title)
        else scope missing
            Validator-->>Handler: denied
            Handler-->>Client: 403 Forbidden
        end
    else via_apiKey == false
        Handler->>Handler: Use JWT-authenticated flow (generate title)
        Handler-->>Client: 200 OK (title)
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• feat: exposed feed back apis through api key #1237: Adds ApiKeyScopes entries and enforces API-key scope checks in handlers and routes (same pattern).
• fix: title generation flow #808: Modifies GenerateChatTitleApi and /chat/generateTitle integration (related to route/auth changes).
• fix:title-generation #852: Adjusts GenerateChatTitleApi logic (title generation changes that overlap with auth updates).

Suggested reviewers

• zereraz
• shivamashtikar
• devesh-juspay
• junaid-shirur
• kalpadhwaryu

Poem

🐰 A tiny hop for a scope so bright,
Keys now ask nicely for titles at night,
Frontend lists it, backend checks the code,
Chat names blossom down the API road,
Hooray — a rabbit's nibble on developer delight! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: exposed chat title generation api through api key' directly and clearly summarizes the main change: exposing an existing chat title generation API to work with API key authentication.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @Himanshvarma, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request extends the chat title generation functionality to be accessible through API keys. It introduces a dedicated API key scope for this feature, integrates scope-based authorization into the chat title generation API handler, and registers the new API endpoint, thereby enabling external services to programmatically generate chat titles using authenticated API keys.

Highlights

• New API Key Scope: Introduced GENERATE_CHAT_TITLE scope to allow API keys to specifically grant permission for chat title generation.
• API Key Authentication for Chat Title Generation: The GenerateChatTitleApi now supports authentication via API keys, performing scope validation to ensure the key has the necessary GENERATE_CHAT_TITLE permission.
• Endpoint Registration: The /chat/generateTitle endpoint has been formally registered in the server's routing, making it accessible for API key usage.
• Optimized User Lookup: Removed an unnecessary getUserAndWorkspaceByEmail call within GenerateChatTitleApi when the request is authenticated via an API key, streamlining the process.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request exposes the chat title generation API to be used with API keys. The changes include adding the necessary scope, exposing the endpoint, and updating the API handler to check for the correct permissions.

The implementation is mostly correct, but I've found a variable shadowing issue in GenerateChatTitleApi that could affect error logging. My review comment includes a suggestion to fix this.

Overall, a good change that expands API capabilities.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @server/api/chat/chat.ts:
- Around line 8241-8257: The outer let email = "" is being shadowed by const {
email, via_apiKey } = getAuth(c), causing the catch block to see an empty email;
replace the shadowing destructure by either assigning to the existing variable
(e.g., const auth = getAuth(c); email = auth.email; const via_apiKey =
auth.via_apiKey) or use destructuring assignment to the outer variable (({
email, via_apiKey } = getAuth(c))), and keep the via_apiKey symbol used for
scope checks (ApiKeyScopes.GENERATE_CHAT_TITLE) unchanged so the catch logs use
the populated email.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 030cc71 and fa40523.

📒 Files selected for processing (4)

• frontend/src/routes/_authenticated/integrations/apiKey.tsx
• server/api/chat/chat.ts
• server/server.ts
• server/shared/types.ts

🧰 Additional context used

🧠 Learnings (2)

📚 Learning: 2025-06-10T05:40:04.427Z

Learnt from: naSim087
Repo: xynehq/xyne PR: 525
File: frontend/src/routes/_authenticated/admin/integrations/slack.tsx:141-148
Timestamp: 2025-06-10T05:40:04.427Z
Learning: In frontend/src/routes/_authenticated/admin/integrations/slack.tsx, the ConnectAction enum and related connectAction state (lines 141-148, 469-471) are intentionally kept for future development, even though they appear unused in the current implementation.

Applied to files:

• frontend/src/routes/_authenticated/integrations/apiKey.tsx

📚 Learning: 2025-08-11T08:44:08.412Z

Learnt from: MayankBansal2004
Repo: xynehq/xyne PR: 719
File: server/api/chat/chat.ts:4023-4029
Timestamp: 2025-08-11T08:44:08.412Z
Learning: In server/api/chat/chat.ts and similar files, MayankBansal2004 prefers not to add explicit type definitions for metadata.usage structures when the receiving array is already typed and default values ensure type safety through the || 0 pattern.

Applied to files:

• server/api/chat/chat.ts

🧬 Code graph analysis (2)

server/server.ts (2)

server/api/search.ts (1)

• chatTitleSchema (142-145)

server/api/chat/chat.ts (1)

• GenerateChatTitleApi (8240-8307)

server/api/chat/chat.ts (1)

server/api/agent.ts (2)

• getAuth (171-179)
• safeGet (161-167)

🪛 GitHub Actions: TypeScript Build Check

server/server.ts

[error] 442-442: TS2345: Argument of type '{ secret: string; cookie: string; }' is not assignable to parameter of type '{ secret: SignatureKey; cookie?: string | { key: string; secret?: string | BufferSource | undefined; prefixOptions?: CookiePrefixOptions | undefined; } | undefined; alg: "RS256" | ... 11 more ... | "EdDSA"; headerName?: string | undefined; verification?: VerifyOptions | undefined; }'. Property 'alg' is missing in type '{ secret: string; cookie: string; }' but required in type '{ secret: SignatureKey; cookie?: string | { key: string; secret?: string | BufferSource | undefined; prefixOptions?: CookiePrefixOptions | undefined; } | undefined; alg: ...; }'.

---

[error] 715-715: TS2554: Expected 3 arguments, but got 2.

---

[error] 1157-1157: TS2554: Expected 3 arguments, but got 2.

---

[error] 1224-1224: TS2554: Expected 3 arguments, but got 2.

🔇 Additional comments (4)

server/shared/types.ts (1)

250-250: LGTM!

The new GENERATE_CHAT_TITLE scope follows the established naming convention and pattern used by other enum members. The addition is consistent with the PR objective of exposing the chat title generation API through API key authentication.

frontend/src/routes/_authenticated/integrations/apiKey.tsx (1)

151-155: LGTM!

The new scope entry is correctly structured and follows the established pattern. The description accurately reflects the capability being exposed, and it properly references the ApiKeyScopes.GENERATE_CHAT_TITLE enum value ensuring type consistency with the backend.

server/server.ts (2)

2023-2027: LGTM! New consumer API route for chat title generation is properly implemented.

The route correctly:

• Applies ApiKeyMiddleware (via basePath)
• Validates input with chatTitleSchema
• Delegates to GenerateChatTitleApi which enforces the GENERATE_CHAT_TITLE scope

---

442-445: The claims in this review comment are contradicted by the official hono/jwt library documentation. In hono v4.6, the alg parameter is optional and defaults to 'HS256' for both the jwt() middleware and verify() helper functions. The code as currently written does not require modifications.

The jwt() call on line 442 and the verify() calls on lines 715, 1157, and 1224 are valid and will work correctly without specifying an algorithm explicitly. If pipeline failures are occurring, they are not caused by missing alg parameters—the issue lies elsewhere.

Likely an incorrect or invalid review comment.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @server/api/chat/chat.ts:
- Around line 8243-8258: GenerateChatTitleApi must explicitly validate that the
resolved email is present before calling getChatMessagesWithAuth: check the
local/email variable after const { email: authEmail, via_apiKey } = getAuth(c)
and if email is empty return an error response (matching the pattern used in
GetAvailableModelsApi, e.g., a 401/403 JSON response with a clear message) so
you don’t proceed silently with missing context; ensure this guard sits before
any call to getChatMessagesWithAuth and does not change the existing via_apiKey
scope checks.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fa40523 and 2ef9bc2.

📒 Files selected for processing (1)

• server/api/chat/chat.ts

🧰 Additional context used

🧠 Learnings (2)

📚 Learning: 2025-08-11T08:44:08.412Z

Learnt from: MayankBansal2004
Repo: xynehq/xyne PR: 719
File: server/api/chat/chat.ts:4023-4029
Timestamp: 2025-08-11T08:44:08.412Z
Learning: In server/api/chat/chat.ts and similar files, MayankBansal2004 prefers not to add explicit type definitions for metadata.usage structures when the receiving array is already typed and default values ensure type safety through the || 0 pattern.

Applied to files:

• server/api/chat/chat.ts

📚 Learning: 2025-05-28T10:55:46.701Z

Learnt from: naSim087
Repo: xynehq/xyne PR: 484
File: server/integrations/google/gmail-worker.ts:293-294
Timestamp: 2025-05-28T10:55:46.701Z
Learning: There are two separate `parseMail` functions in the codebase: one in `server/integrations/google/gmail-worker.ts` with signature `(email, gmail, client, userEmail)` returning `{ mailData, insertedPdfCount, exist }`, and another in `server/integrations/google/gmail/index.ts` with signature `(email, gmail, userEmail, client, tracker?)` returning `{ mailData, exist }`. Each file calls its own local version correctly.

Applied to files:

• server/api/chat/chat.ts

🧬 Code graph analysis (1)

server/api/chat/chat.ts (1)

server/api/agent.ts (2)

• getAuth (171-179)
• safeGet (161-167)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build