feat(agents): collapse denied agent route access to 404 instead of 403 by asherfink · Pull Request #271 · scaleapi/scale-agentex

asherfink · 2026-06-03T15:17:06Z

Related work

Parent ticket: AGX1-242 - AgentEx authorization dual-write.

This change is part of a 4-PR stack across 3 repos.

Repo	PR	Purpose
scaleapi/scaleapi	scaleapi/scaleapi#146335	merged flag registry update for the shared AgentEx resources rollout flags
scaleapi/agentex	scaleapi/agentex#364	agentex-auth routes each auth verb to one backend target
scaleapi/scale-agentex	scaleapi/scale-agentex#270	registers agentex resources in the authorization graph and grants agent/task ownership
scaleapi/scale-agentex	this PR	denied direct agent access collapses to 404

Merge/deploy order: scaleapi/scaleapi#146335 is merged; deploy scaleapi/agentex#364, then merge/deploy scaleapi/scale-agentex#270, then this PR. Rollout per account is: enable fgac-agentex-resources-dual-write, backfill existing resources into Spark, then enable fgac-agentex-resources reads.

What

Collapses denied direct agent access from 403 to 404 for agent lookups by id, name, and query. Allowed checks pass through unchanged, and list behavior is unchanged (the list route already filters to authorized ids).

Why

Returning 403 for a specific agent id or name reveals that the agent exists; returning 404 makes "not found" and "exists but not visible to this caller" indistinguishable. This is read-side behavior only.

Testing

Unit tests for the agent and task authorization route behavior.

Greptile Summary

This PR extends the 403→404 collapse to agent resources across all three authorization shortcut helpers (DAuthorizedId, DAuthorizedQuery, DAuthorizedName), preventing callers from probing cross-tenant agent existence by comparing 403 vs 404 responses. A new _check_agent_or_collapse_to_404 helper is introduced, mirroring the existing patterns for tasks and API keys.

authorization_shortcuts.py: adds _check_agent_or_collapse_to_404 and wires it into DAuthorizedId, DAuthorizedQuery, and DAuthorizedName for AgentexResourceType.agent.
test_agents_authz.py (new): comprehensive unit tests for all three dependency paths, covering allowed, denied, and absent-name scenarios.
test_schedules_authz.py / test_tasks_authz.py: updated expectations to reflect that agent denials now surface as ItemDoesNotExist instead of AuthorizationError.

Confidence Score: 5/5

Safe to merge — the change is narrowly scoped to collapsing agent authorization denials to 404, all three shortcut helpers are updated consistently, and the only pre-existing omission (DAuthorizedBodyId) is unused with agent resources.

Every path that resolves an agent resource by id, query param, or name now routes through _check_agent_or_collapse_to_404. DAuthorizedBodyId is the only helper not updated, but a search of all call sites confirms it is exclusively used with task resources, so no gap exists. Tests are thorough across all three dependency helpers and cover allowed, denied, and absent-name cases.

No files require special attention.

Important Files Changed

Filename	Overview
agentex/src/utils/authorization_shortcuts.py	Adds _check_agent_or_collapse_to_404 and routes agent resources through it in DAuthorizedId, DAuthorizedQuery, and DAuthorizedName; DAuthorizedBodyId is untouched and only used with tasks, so no gap remains.
agentex/tests/unit/api/test_agents_authz.py	New test file covering all three authorization dependency helpers for agent resources, including allowed, denied (→404), and absent-name cases; also tests list filtering pass-through.
agentex/tests/unit/api/test_schedules_authz.py	Updated schedule creation test to expect ItemDoesNotExist instead of AuthorizationError on denied parent-agent check, consistent with the new collapse behavior.
agentex/tests/unit/api/test_tasks_authz.py	Renamed test and flipped assertion to ItemDoesNotExist, reflecting that agent name routes now also collapse denials.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Incoming request with agent resource] --> B{Which shortcut?}
    B --> C[DAuthorizedId\nPath param]
    B --> D[DAuthorizedQuery\nQuery param]
    B --> E[DAuthorizedName\nName resolve ID]
    C --> F{resource_type?}
    D --> F
    E --> G[repo.get name to resource.id] --> F
    F -->|agent| H[_check_agent_or_collapse_to_404]
    F -->|task| I[check_task_or_collapse_to_404]
    F -->|api_key| J[_check_api_key_or_collapse_to_404]
    F -->|other| K[authorization.check 403 on denial]
    H --> L{AuthorizationError?}
    L -->|yes| M[raise ItemDoesNotExist 404]
    L -->|no| N[return resource_id]

_{Reviews (11): Last reviewed commit: "feat(agents): collapse denied agent rout..." | Re-trigger Greptile}

#270) ## Related work Parent ticket: AGX1-242 - AgentEx authorization dual-write. This change is part of a 4-PR stack across 3 repos. | Repo | PR | Purpose | |---|---|---| | scaleapi/scaleapi | [scaleapi/scaleapi#146335](scaleapi/scaleapi#146335) | merged flag registry update for the shared AgentEx resources rollout flags | | scaleapi/agentex | [scaleapi/agentex#364](scaleapi/agentex#364) | agentex-auth routes each auth verb to one backend target | | **scaleapi/scale-agentex** | **this PR** | **registers agentex resources in the authorization graph and grants agent/task ownership** | | scaleapi/scale-agentex | [#271](#271) | denied direct agent access collapses to 404 | **Merge/deploy order:** [scaleapi/scaleapi#146335](scaleapi/scaleapi#146335) is merged; deploy [scaleapi/agentex#364](scaleapi/agentex#364) before this PR, then merge/deploy [#271](#271). Rollout per account is: enable `fgac-agentex-resources-dual-write`, backfill existing resources into Spark, then enable `fgac-agentex-resources` reads. ## What Registers agentex resources in the authorization graph on create and removes them on delete, separating resource lifecycle from explicit ownership: - **Agents and tasks** register in the authorization graph on create and record an explicit owner; on delete they deregister and the owner record is revoked. - **Schedules and agent API keys** register under their parent agent on create and deregister on delete. Permissions cascade from the parent agent, so no separate owner record is written. Registration runs before the resource is persisted, so an authorization failure fails closed with no orphaned row. If the persist (or the Temporal create, for schedules) later fails, a compensating deregister runs. ## Why Giving each verb a single backend keeps the existing ownership writes (`grant`/`revoke`) unchanged and confines the new behavior to the new lifecycle interface (`register`/`deregister`). Explicit ownership is recorded only for agents and tasks; schedules and agent API keys inherit access from their parent agent, so they need no owner record of their own. Issuing the two write kinds independently keeps both backends current, so reads can cut over per account with a clean rollback. ## Testing - Unit and integration tests covering the agent, task, schedule, and api_key authorization writes (register/deregister ordering, fail-closed-before-persist, and compensating cleanup). - `ruff check` / `ruff format`.

Direct agent-by-id and agent-by-name routes now return 404 instead of 403 when the caller isn't authorized for the agent, matching the existing behavior for tasks and api keys. A 403 on a specific id or name reveals that the agent exists, so collapsing denials to 404 stops callers from probing for agents in other tenants. The name routes resolve the name to an id first, so a genuinely missing name still surfaces the normal repository 404. Ticket: AGX1-242

#271 made denied agent-route access collapse to 404 instead of 403 and updated the unit authz tests, but this events integration test still asserted 403 -- leaving it red on main and on any open PR. Align the expectation and name with the 404 convention. CI confirms the events route already returns 404 for a denied agent (the assertion failed with `404 == 403`); this only updates the test to match the intended behavior.

Resource ownership was not recorded on agentex resource creation under fine-grained access control, due to two independent bugs. Changes: - is_whitelisted_route: use a boundary-aware match (the route itself or a true sub-path) so /agents/register-build authenticates and carries the caller principal, instead of being swept in by the /agents/register prefix. - Resolve the creator from the dict principal context in the agent, agent_api_key, and schedule register helpers; getattr on the untyped dict always returned None and silently skipped registration. - Update the events authz test to expect 404 for denied agent-route access, per the collapse-to-404 convention (#271).

asherfink requested a review from a team as a code owner June 3, 2026 15:17

asherfink mentioned this pull request Jun 3, 2026

feat(authz): register agentex resources and grant agent/task ownership #270

Merged

asherfink force-pushed the asher.fink/agx1-242-agent-dual-write branch from 685126a to 0d99f31 Compare June 3, 2026 15:31

asherfink force-pushed the asher.fink/agx1-242-agent-route-fgac branch from e358194 to eec235f Compare June 3, 2026 15:31

asherfink changed the title ~~feat(agents): collapse denied agent reads to 404 on direct routes~~ feat(agents): collapse denied agent route access to 404 instead of 403 Jun 3, 2026

asherfink force-pushed the asher.fink/agx1-242-agent-route-fgac branch from eec235f to 0cfb83c Compare June 3, 2026 15:35

asherfink force-pushed the asher.fink/agx1-242-agent-dual-write branch from 0d99f31 to 14796e9 Compare June 3, 2026 15:35

jenniechung approved these changes Jun 3, 2026

View reviewed changes

harvhan approved these changes Jun 4, 2026

View reviewed changes

asherfink force-pushed the asher.fink/agx1-242-agent-route-fgac branch from 0cfb83c to ec8c2ec Compare June 5, 2026 17:07

asherfink force-pushed the asher.fink/agx1-242-agent-dual-write branch 2 times, most recently from 883921e to 6de8f39 Compare June 5, 2026 17:29

asherfink force-pushed the asher.fink/agx1-242-agent-route-fgac branch from ec8c2ec to f7e134b Compare June 5, 2026 17:29

asherfink force-pushed the asher.fink/agx1-242-agent-dual-write branch from 6de8f39 to f1f7a42 Compare June 8, 2026 18:16

asherfink force-pushed the asher.fink/agx1-242-agent-route-fgac branch 2 times, most recently from 2bea751 to e13cfdb Compare June 8, 2026 18:30

asherfink force-pushed the asher.fink/agx1-242-agent-dual-write branch from f1f7a42 to 7bc61d6 Compare June 8, 2026 18:30

asherfink force-pushed the asher.fink/agx1-242-agent-route-fgac branch from e13cfdb to 6d88912 Compare June 8, 2026 20:28

asherfink force-pushed the asher.fink/agx1-242-agent-dual-write branch from 7bc61d6 to 1dd4143 Compare June 8, 2026 20:28

asherfink force-pushed the asher.fink/agx1-242-agent-route-fgac branch from 6d88912 to bf273c6 Compare June 8, 2026 20:37

asherfink force-pushed the asher.fink/agx1-242-agent-dual-write branch 2 times, most recently from 6d14686 to c00f3e9 Compare June 8, 2026 21:13

asherfink force-pushed the asher.fink/agx1-242-agent-route-fgac branch from bf273c6 to 68cbdb9 Compare June 8, 2026 21:13

asherfink force-pushed the asher.fink/agx1-242-agent-dual-write branch from c00f3e9 to 4c4e73a Compare June 8, 2026 22:52

asherfink force-pushed the asher.fink/agx1-242-agent-route-fgac branch from 68cbdb9 to 104ecbd Compare June 8, 2026 22:52

asherfink force-pushed the asher.fink/agx1-242-agent-dual-write branch from 4c4e73a to 73a5056 Compare June 9, 2026 00:21

Base automatically changed from asher.fink/agx1-242-agent-dual-write to main June 9, 2026 00:27

asherfink force-pushed the asher.fink/agx1-242-agent-route-fgac branch from 104ecbd to 4527982 Compare June 9, 2026 00:30

rpatel-scale approved these changes Jun 9, 2026

View reviewed changes

asherfink force-pushed the asher.fink/agx1-242-agent-route-fgac branch from 4527982 to 99106f8 Compare June 9, 2026 02:43

asherfink force-pushed the asher.fink/agx1-242-agent-route-fgac branch from 99106f8 to f0c7c1b Compare June 9, 2026 02:47

asherfink enabled auto-merge (squash) June 9, 2026 02:47

asherfink merged commit 94e7452 into main Jun 9, 2026
28 of 30 checks passed

asherfink deleted the asher.fink/agx1-242-agent-route-fgac branch June 9, 2026 02:52

greptile-apps Bot mentioned this pull request Jun 9, 2026

fix(authz): mint agentex resource ownership on create under FGAC #291

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat(agents): collapse denied agent route access to 404 instead of 403#271

feat(agents): collapse denied agent route access to 404 instead of 403#271
asherfink merged 1 commit into
mainfrom
asher.fink/agx1-242-agent-route-fgac

asherfink commented Jun 3, 2026 •

edited by greptile-apps Bot

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Uh oh!

Conversation

asherfink commented Jun 3, 2026 • edited by greptile-apps Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Related work

What

Why

Testing

Greptile Summary

Confidence Score: 5/5

Important Files Changed

Flowchart

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

asherfink commented Jun 3, 2026 •

edited by greptile-apps Bot

Loading