refactor: consolidate principal-by-resource listing into membership

[rohilsurana]

Summary

• Adds membership.ListPrincipalsByResource(ctx, resourceID, resourceType, filter) as the single entrypoint for listing principals (users, service users, groups) that hold policies on a resource, with optional principal-type / role-ID filtering and role enrichment.
• Rewires every handler that previously hand-rolled member listings — ListOrganizationAdmins, ListOrganizationUsers, ListProjectAdmins, ListProjectUsers, ListProjectServiceUsers, ListProjectGroups, ListGroupUsers, ListOrganizationGroups (with members), GetGroup (with members), RemoveGroupUser, ListUsers/ListAllUsers (org/group filters) — to call the new method and hydrate entities via *.GetByIDs.
• Deletes the now-redundant user.ListByOrg, user.ListByGroup, user.getUserIDsFromPolicies, project.ListUsers, project.ListServiceUsers, project.ListGroups, and the handler-level direct calls to policyService.ListRoles for role enrichment. Drops the PolicyService/RoleService deps from user.Service and the OrgID/GroupID fields from user.Filter.
• event.Service (billing onboarding) switches from userService.ListByOrg to the membership method to look up the first org admin's email.

Test plan

• go build ./...
• golangci-lint run ./... (0 issues)
• Unit tests: go test ./... green across core/membership, core/user, core/project, core/event, internal/api/v1beta1connect
• New tests in core/membership/service_test.go cover resource-type validation, principal-type filter, role-ID filter, role enrichment, dedup, empty results, and error wrapping
• go test ./test/e2e/regression passes end-to-end (organization, user, serviceuser suites)
• Manually exercised 13 handlers (24 scenarios) against a local Frontier build — results in PR comment

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
frontier	Ready	Preview, Comment	May 12, 2026 6:30am

[coderabbitai]

Warning

Rate limit exceeded

@rohilsurana has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 22 minutes and 25 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 42f37e15-8f3b-4836-a621-f199ffe161aa

📥 Commits

Reviewing files that changed from the base of the PR and between 5e047ca and 9980f45.

⛔ Files ignored due to path filters (1)

• proto/v1beta1/frontier.pb.go is excluded by !**/*.pb.go, !proto/**

📒 Files selected for processing (31)

• Makefile
• cmd/serve.go
• core/event/mocks/membership_service.go
• core/event/mocks/role_service.go
• core/event/mocks/user_service.go
• core/event/service.go
• core/event/service_test.go
• core/membership/errors.go
• core/membership/mocks/role_service.go
• core/membership/service.go
• core/membership/service_test.go
• core/project/service.go
• core/project/service_test.go
• core/user/filter.go
• core/user/service.go
• core/user/service_test.go
• internal/api/v1beta1connect/errors.go
• internal/api/v1beta1connect/group.go
• internal/api/v1beta1connect/group_test.go
• internal/api/v1beta1connect/interfaces.go
• internal/api/v1beta1connect/mocks/group_service.go
• internal/api/v1beta1connect/mocks/membership_service.go
• internal/api/v1beta1connect/mocks/policy_service.go
• internal/api/v1beta1connect/mocks/project_service.go
• internal/api/v1beta1connect/mocks/user_service.go
• internal/api/v1beta1connect/organization.go
• internal/api/v1beta1connect/organization_test.go
• internal/api/v1beta1connect/project.go
• internal/api/v1beta1connect/project_test.go
• internal/api/v1beta1connect/user.go
• test/e2e/regression/api_test.go

📝 Walkthrough

Walkthrough

This PR refactors member listing across the codebase from policy-based role queries to membership-service-driven principal retrieval. It adds ListPrincipalsByResource and enriches Member types in the membership service, removes policy/role dependencies from the user service, wires membership and role services into event and API handlers, and updates all dependent tests and handlers to use the new membership API.

Changes

Membership Service Migration

Layer / File(s)	Summary
Membership service core types and operations core/membership/service.go, core/membership/service_test.go, core/membership/mocks/role_service.go, core/membership/errors.go	Added ListPrincipalsByResource(ctx, resourceID, resourceType, filter) method that queries policies, deduplicates principals, and enriches them with resolved roles via roleService.List. Introduced MemberFilter (PrincipalType, RoleIDs) and Member (PrincipalID, PrincipalType, Roles) types. Extended RoleService interface with List method. Added ErrInvalidResourceType error for unsupported resource types.
User service simplification core/user/service.go, core/user/filter.go, core/user/service_test.go	Removed PolicyService and RoleService dependencies from user service; updated NewService signature to accept only repository, relation service, and session service. Removed ListByOrg and ListByGroup methods. Simplified List to always delegate to repository. Removed OrgID and GroupID fields from Filter struct. Updated all test cases accordingly.
Event service membership integration core/event/service.go, core/event/service_test.go, core/event/mocks/membership_service.go, core/event/mocks/role_service.go, core/event/mocks/user_service.go	Added membershipService and roleService dependencies to event service. Implemented firstOrgAdminEmail helper that resolves the admin role, lists member principals for that role, fetches users by ID, and returns the first email. Updated UserService interface to provide GetByIDs instead of ListByOrg. Updated all test scenarios with new expectAdminLookup helper for consistent admin resolution mocking.
Service interfaces and dependency injection internal/api/v1beta1connect/interfaces.go, cmd/serve.go	Updated UserService interface to remove ListByOrg/ListByGroup methods. Updated PolicyService to remove ListRoles method. Added GroupService.GetByIDs and MembershipService.ListPrincipalsByResource. Wired membershipService into event service in cmd/serve.go. Updated user service wiring to remove policy/role services.
Organization and group API handlers internal/api/v1beta1connect/organization.go, internal/api/v1beta1connect/group.go, internal/api/v1beta1connect/organization_test.go, internal/api/v1beta1connect/group_test.go	Migrated ListOrganizationAdmins/ListOrganizationUsers to use membership service queries instead of policy-based listings. Added listGroupUsers helper in group handler for membership-based user resolution. Updated role-pair construction to derive roles from membership objects instead of policyService.ListRoles. Refactored all tests to mock membershipService.ListPrincipalsByResource and userService.GetByIDs instead of direct user/policy listing.
Project and user API handlers internal/api/v1beta1connect/project.go, internal/api/v1beta1connect/user.go, internal/api/v1beta1connect/project_test.go	Updated ListProjectAdmins/ListProjectUsers/ListProjectServiceUsers/ListProjectGroups to fetch principals via membershipService.ListPrincipalsByResource, resolve entity details by ID, and build role-pairs from membership roles. Added listUsersByResource helper in user handler for conditional org/group filtering via membership. Updated tests to mock new membership/entity resolution flows.
Generated test mocks internal/api/v1beta1connect/mocks/*, core/event/mocks/*, core/membership/mocks/*	Generated Mockery mocks for updated service interfaces: added MembershipService.ListPrincipalsByResource, RoleService.Get/List, UserService.GetByIDs, GroupService.GetByIDs methods. Removed mocks for deleted methods (UserService.ListByOrg/ListByGroup, PolicyService.ListRoles, ProjectService.ListUsers/ListServiceUsers/ListGroups).
End-to-end test updates test/e2e/regression/api_test.go	Added orgOwnerRole field to test suite to capture owner role ID during setup. Updated organization user listing assertions to filter by RoleIds instead of RoleFilters/PermissionFilter.
Build configuration and cleanup Makefile, core/project/service.go, core/project/service_test.go, internal/api/v1beta1connect/errors.go	Updated PROTON_COMMIT to new hash for protobuf generation. Removed ListUsers/ListServiceUsers/ListGroups methods and tests from project service. Removed ErrRoleFilter error variable from API errors.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related issues

• raystack/frontier#1558: Directly implements the Member abstraction and resourceSpec-driven membership operations refactoring proposed in this issue.
• raystack/frontier#1478: Both changes centralize membership logic by adding ListPrincipalsByResource API and wiring membershipService across the codebase to replace policy-based listing.

Possibly related PRs

• raystack/frontier#1537: Both PRs enhance the core/membership package with new service types, operations, and generated mocks.
• raystack/frontier#1541: Both PRs modify core/membership service.go to introduce new membership operations and update corresponding mocks.
• raystack/frontier#1572: Both PRs migrate project membership handling from policy CRUD to membership service API (ListPrincipalsByResource and related operations).

Suggested reviewers

• whoAbhishekSah
• rsbh

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[rohilsurana]

Manual API test results

Exercised all 13 modified handlers against a local Frontier build of this branch. Test fixture: one org (admin1+sa as creator-owner, alice added as owner, bob added as viewer), one project (alice creator, bob as project viewer), one service user (project viewer), one group (alice owner, bob member; group has project-viewer role on the project).

#	Endpoint	Scenario	Result	Observed
1	ListOrganizationAdmins	returns only owner-role users	PASS	admin+sa, alice
2	ListOrganizationUsers	no filter, returns all members	PASS	3 users
3	ListOrganizationUsers	with_roles=true enriches role_pairs	PASS	alice=owner, bob=viewer
4	ListOrganizationUsers	role_filters=["app_organization_owner"] (name → ID resolution)	PASS	alice + admin+sa
5	ListOrganizationUsers	role_filters=[<viewer UUID>]	PASS	bob
6	ListOrganizationUsers	(Removed) legacy permission_filter="app_organization_owner"	PASS	alice + admin+sa
7	ListProjectUsers	no flags	PASS	alice, bob
8	ListProjectUsers	with_roles=true	PASS	bob=project_viewer, 2 role_pairs
9	ListProjectAdmins	returns project users	PASS
10	ListProjectServiceUsers	lists SU with project policy	PASS	service user returned
11	ListProjectServiceUsers	with_roles=true	PASS	project_viewer
12	ListProjectServiceUsers	empty project (regression check for empty GetByIDs call)	PASS	empty list, no error
13	ListProjectGroups	lists groups with project policy	PASS	group returned
14	ListProjectGroups	with_roles=true	PASS	project_viewer
15	ListGroupUsers	lists group members	PASS	alice, bob
16	ListGroupUsers	with_roles=true	PASS	alice=group_owner+member
17	ListOrganizationGroups	with_members=true hydrates users per group	PASS	alice, bob
18	GetGroup	with_members=true	PASS	alice, bob
19	ListUsers	org_id filter delegates to membership	PASS	all 3 users
20	ListUsers	group_id filter delegates to membership	PASS	alice, bob
21	RemoveGroupUser	rejects last-owner removal	PASS	invalid_argument
22	RemoveGroupUser	removes non-owner	PASS
23	RemoveOrganizationMember	removes user from org	PASS	bob removed
24	ListUsers	org_id post-removal reflects state change	PASS	bob no longer listed

24/24 PASS. role-name-to-ID resolution in role_filters, role enrichment shape, and the empty-resource edge case in ListProjectServiceUsers (guarded after switching to GetByIDs, which errors on empty input).

[coveralls]

Coverage Report for CI Build 25717610172

Coverage increased (+0.06%) to 42.048%

Details

• Coverage increased (+0.06%) from the base build.
• Patch coverage: 162 uncovered changes across 7 files (206 of 368 lines covered, 55.98%).
• 12 coverage regressions across 3 files.

Uncovered Changes

File	Changed	Covered	%
internal/api/v1beta1connect/project.go	120	33	27.5%
internal/api/v1beta1connect/user.go	37	10	27.03%
internal/api/v1beta1connect/organization.go	50	32	64.0%
internal/api/v1beta1connect/group.go	49	36	73.47%
core/event/service.go	36	28	77.78%
core/membership/service.go	74	67	90.54%
cmd/serve.go	2	0	0.0%

Coverage Regressions

12 previously-covered lines in 3 files lost coverage.

File	Lines Losing Coverage	Coverage
internal/api/v1beta1connect/project.go	8	44.52%
internal/api/v1beta1connect/organization.go	3	62.21%
internal/api/v1beta1connect/group.go	1	74.94%

---

Coverage Stats

Relevant Lines:	37286
Covered Lines:	15678
Line Coverage:	42.05%
Coverage Strength:	11.9 hits per line

---

💛 - Coveralls

[Copilot]

Pull request overview

Refactors principal/member listing across org/project/group/user handlers to use a single membership entrypoint for “principals that hold policies on a resource”, and removes redundant service methods and dependencies.

Changes:

• Introduces membership.ListPrincipalsByResource(...) with optional principal-type filtering, role-ID filtering, and optional role enrichment.
• Rewires multiple Connect API handlers and tests to use membership listing + *.GetByIDs hydration, removing handler-level role enrichment via policyService.ListRoles.
• Removes now-redundant user/project listing APIs and updates mocks/wiring accordingly (including event billing onboarding lookup).

Reviewed changes

Copilot reviewed 30 out of 31 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
test/e2e/regression/api_test.go	Updates org user listing request to use RoleFilters instead of PermissionFilter.
internal/api/v1beta1connect/user.go	Routes org/group-filtered user listings through membership-based lookup + GetByIDs.
internal/api/v1beta1connect/project_test.go	Updates project handler tests to mock membership + hydration instead of project service list methods.
internal/api/v1beta1connect/project.go	Refactors project member/admin/service-user/group listing to membership-based lookup and membership-provided role enrichment.
internal/api/v1beta1connect/organization_test.go	Updates org admin/user listing tests to use membership listing and role resolution.
internal/api/v1beta1connect/organization.go	Replaces org admin/user listing implementation with membership-based lookup and role-ID filtering.
internal/api/v1beta1connect/mocks/user_service.go	Removes ListByOrg/ListByGroup mock methods no longer used by handler layer.
internal/api/v1beta1connect/mocks/project_service.go	Removes ListUsers/ListServiceUsers/ListGroups mock methods no longer used by handler layer.
internal/api/v1beta1connect/mocks/policy_service.go	Removes handler-layer ListRoles mock method no longer used by Connect handlers.
internal/api/v1beta1connect/mocks/membership_service.go	Adds ListPrincipalsByResource mock for Connect handler tests.
internal/api/v1beta1connect/mocks/group_service.go	Adds GetByIDs mock method for group hydration.
internal/api/v1beta1connect/interfaces.go	Updates handler dependency interfaces to align with refactor (adds membership listing, removes old list APIs, adds GroupService.GetByIDs).
internal/api/v1beta1connect/group_test.go	Updates group handler tests to use membership listing + GetByIDs hydration and role resolution.
internal/api/v1beta1connect/group.go	Refactors group member listing, group members expansion, and admin checks to membership-based lookup.
core/user/service_test.go	Updates user service tests for new constructor signature and removed org/group list behavior.
core/user/service.go	Removes policy/role dependencies and deletes org/group list helpers from user service.
core/user/filter.go	Removes OrgID/GroupID from user filter.
core/project/service_test.go	Removes tests for now-deleted project list helper methods.
core/project/service.go	Removes ListUsers/ListServiceUsers/ListGroups from project service.
core/membership/service_test.go	Adds unit tests for ListPrincipalsByResource behavior (validation, filters, enrichment, error wrapping).
core/membership/service.go	Adds ListPrincipalsByResource implementation, plus MemberFilter/Member types and PolicyService.ListRoles dependency.
core/membership/mocks/policy_service.go	Extends membership policy mock to include ListRoles.
core/membership/errors.go	Adds ErrInvalidResourceType.
core/event/service_test.go	Updates billing onboarding tests to use membership-based org-admin email lookup and new mocks.
core/event/service.go	Switches onboarding admin email lookup to membership listing + role resolution + user hydration.
core/event/mocks/user_service.go	Updates event user service mock to GetByIDs.
core/event/mocks/role_service.go	Adds new role service mock for event service.
core/event/mocks/membership_service.go	Adds new membership service mock for event service.
cmd/serve.go	Updates service wiring to new constructors (user service, event service).
Makefile	Updates PROTON_COMMIT pin.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[rohilsurana]

Trying to create a generic method can cause some unwanted performance issues, specifically because of parameter explosion and N+1 queries kind of issues. This happens because we are thinking of the new service method as a generic one but that powers other non generic rpc like ListOrganizationUsers etc. Hence we need to get details of a user separately. I don't think making this refactor will actually give us a lot of value.

[rohilsurana]

Manual API test results (post-refactor)

Tested all changed handlers against a local Frontier build of this branch (d7feecd). Test fixture: one org (admin1+sa as creator-owner, alice added as owner, bob added as viewer), one project (admin1+sa creator/owner, bob as project viewer), one service user (project viewer), one group (admin1+sa owner, bob member; group has project-viewer role on the project).

#	Endpoint	Scenario	Result	Observed
1	ListOrganizationAdmins	returns only owner-role users	PASS	admin+sa, alice
2	ListOrganizationUsers	no filter, returns all members	PASS	3 users
3	ListOrganizationUsers	roles always returned (no with_roles flag needed)	PASS	role_pairs present: admin=owner, alice=owner, bob=viewer
4	ListOrganizationUsers	role_ids=[<owner UUID>]	PASS	alice + admin+sa
5	ListOrganizationUsers	role_ids=[<viewer UUID>]	PASS	bob
6	ListOrganizationUsers	role_ids=[] (empty array)	PASS	returns all users — no filtering, same as omitting the field
7	ListOrganizationUsers	role_ids=["not-a-uuid"]	PASS	proto validation rejects: value must be a valid UUID
8	ListOrganizationUsers	role_ids=[""] (empty string)	PASS	proto validation rejects: value is empty, which is not a valid UUID
9	ListProjectAdmins	returns only project owner	PASS	admin1+sa only (bob excluded despite having viewer policy)
10	ListProjectUsers	all project members with roles	PASS	admin (owner), bob (viewer) — role_pairs always included
11	ListProjectServiceUsers	lists SU with project policy	PASS	service user returned with app_project_viewer role
12	ListProjectServiceUsers	empty project (no SUs)	PASS	empty list, no error
13	ListProjectGroups	lists groups with project policy	PASS	group returned with app_project_viewer role
14	ListGroupUsers	lists group members with roles	PASS	admin (group_owner), bob (group_member) — role_pairs always included
15	ListOrganizationGroups	with_members=true hydrates users per group	PASS	admin+sa, bob
16	GetGroup	with_members=true	PASS	admin+sa, bob
17	ListUsers	org_id filter delegates to membership	PASS	all 3 users
18	ListUsers	group_id filter delegates to membership	PASS	admin+sa, bob
19	RemoveGroupUser	rejects last-owner removal	PASS	invalid_argument: group must have at least one owner
20	RemoveGroupUser	removes non-owner (bob)	PASS	bob removed from group
21	RemoveOrganizationMember	removes bob from org	PASS	bob removed
22	ListUsers	org_id post-removal reflects state change	PASS	bob no longer listed

22/22 PASS. Key behavioral changes verified:

• with_roles field removed from all request messages — roles are always returned in role_pairs
• permission_filter removed from request messages — no longer silently ignored
• role_filters renamed to role_ids with proto-level UUID validation — handler no longer does name-to-ID resolution
• Empty role_ids array behaves as "no filter" (returns all members); empty string and non-UUID values are rejected by proto validation
• ListProjectAdmins now correctly filters by app_project_owner role instead of returning all project members
• N+1 role enrichment replaced with batch fetch (2 queries regardless of member count)

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

core/membership/service.go (1)

965-972: ⚡ Quick win

Avoid an unnecessary second policy read on empty results.

At Line 969, the enrichment query runs even when no principals matched in the first query. Early-returning avoids a redundant DB call on empty-resource paths.

Proposed patch

 	// deduplicate by (principalID, principalType) preserving order
 	memberIndex := make(map[string]int, len(policies))
 	members := make([]Member, 0, len(policies))
 	for _, pol := range policies {
 		key := pol.PrincipalType + "\x00" + pol.PrincipalID
 		if _, ok := memberIndex[key]; ok {
 			continue
 		}
 		memberIndex[key] = len(members)
 		members = append(members, Member{
 			PrincipalID:   pol.PrincipalID,
 			PrincipalType: pol.PrincipalType,
 		})
 	}
+
+	if len(members) == 0 {
+		return members, nil
+	}
 
 	// fetch all policies for the resource (without role filtering) to get
 	// the complete set of roles per principal in a single query
 	roleFlt := flt

internal/api/v1beta1connect/project.go (1)

230-245: ⚡ Quick win

Consider extracting role transformation logic to reduce duplication.

The role-pair construction pattern appears three times with identical structure:

• Lines 230-245 (ListProjectUsers)
• Lines 296-311 (ListProjectServiceUsers)
• Lines 362-378 (ListProjectGroups)

Each block does:

rolesPb := utils.Filter(utils.Map(m.Roles, func(r role.Role) *frontierv1beta1.Role {
    pb, err := transformRoleToPB(r)
    if err != nil {
        errorLogger.LogTransformError(...)
        return nil
    }
    return &pb
}), func(r *frontierv1beta1.Role) bool {
    return r != nil
})

Consider extracting this to a helper function to improve maintainability:

func (h *ConnectHandler) transformMemberRolesToPB(ctx context.Context, request interface{}, handlerName string, m membership.Member, errorLogger *ErrorLogger) []*frontierv1beta1.Role {
    return utils.Filter(utils.Map(m.Roles, func(r role.Role) *frontierv1beta1.Role {
        pb, err := transformRoleToPB(r)
        if err != nil {
            errorLogger.LogTransformError(ctx, request, handlerName, r.ID, err)
            return nil
        }
        return &pb
    }), func(r *frontierv1beta1.Role) bool {
        return r != nil
    })
}

Also applies to: 296-311, 362-378

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: e760c090-006e-4ca7-98f5-4e0b46fcd88a

📥 Commits

Reviewing files that changed from the base of the PR and between 452e047 and 5e047ca.

⛔ Files ignored due to path filters (1)

• proto/v1beta1/frontier.pb.go is excluded by !**/*.pb.go, !proto/**

📒 Files selected for processing (31)

• Makefile
• cmd/serve.go
• core/event/mocks/membership_service.go
• core/event/mocks/role_service.go
• core/event/mocks/user_service.go
• core/event/service.go
• core/event/service_test.go
• core/membership/errors.go
• core/membership/mocks/role_service.go
• core/membership/service.go
• core/membership/service_test.go
• core/project/service.go
• core/project/service_test.go
• core/user/filter.go
• core/user/service.go
• core/user/service_test.go
• internal/api/v1beta1connect/errors.go
• internal/api/v1beta1connect/group.go
• internal/api/v1beta1connect/group_test.go
• internal/api/v1beta1connect/interfaces.go
• internal/api/v1beta1connect/mocks/group_service.go
• internal/api/v1beta1connect/mocks/membership_service.go
• internal/api/v1beta1connect/mocks/policy_service.go
• internal/api/v1beta1connect/mocks/project_service.go
• internal/api/v1beta1connect/mocks/user_service.go
• internal/api/v1beta1connect/organization.go
• internal/api/v1beta1connect/organization_test.go
• internal/api/v1beta1connect/project.go
• internal/api/v1beta1connect/project_test.go
• internal/api/v1beta1connect/user.go
• test/e2e/regression/api_test.go

💤 Files with no reviewable changes (8)

• internal/api/v1beta1connect/errors.go
• core/project/service_test.go
• internal/api/v1beta1connect/mocks/user_service.go
• core/user/filter.go
• internal/api/v1beta1connect/mocks/policy_service.go
• core/project/service.go
• core/user/service.go
• internal/api/v1beta1connect/mocks/project_service.go