raystack · AmanGIT07 · Mar 23, 2026 · Mar 20, 2026 · Mar 23, 2026 · Mar 23, 2026
diff --git a/Makefile b/Makefile
@@ -4,7 +4,7 @@ TAG := $(shell git rev-list --tags --max-count=1)
 VERSION := $(shell git describe --tags ${TAG})
 .PHONY: build check fmt lint test test-race vet test-cover-html help install proto admin-app compose-up-dev
 .DEFAULT_GOAL := build
-PROTON_COMMIT := "0e66eea2643eb54aba01be2c2b7298e96c82d749"
+PROTON_COMMIT := "3acffc58e07cdfdc080d041f4a1bdb5e8545bbd5"
 
 admin-app:
 	@echo " > generating admin build"

diff --git a/core/userpat/mocks/repository.go b/core/userpat/mocks/repository.go
diff --git a/core/userpat/service.go b/core/userpat/service.go
@@ -95,6 +95,14 @@ func (s *Service) GetByID(ctx context.Context, id string) (patmodels.PAT, error)
 	return s.repo.GetByID(ctx, id)
 }
 
+// IsTitleAvailable checks if a PAT title is available for the given user and org.
+func (s *Service) IsTitleAvailable(ctx context.Context, userID, orgID, title string) (bool, error) {
+	if !s.config.Enabled {
+		return false, paterrors.ErrDisabled
+	}
+	return s.repo.IsTitleAvailable(ctx, userID, orgID, title)
+}
+
 // Get retrieves a PAT by ID, verifying it belongs to the given user.
 // Returns ErrDisabled if PATs are not enabled, ErrNotFound if the PAT
 // does not exist or belongs to a different user.

diff --git a/core/userpat/service_test.go b/core/userpat/service_test.go
@@ -2369,3 +2369,91 @@ func TestService_Regenerate(t *testing.T) {
 		})
 	}
 }
+
+func TestService_IsTitleAvailable(t *testing.T) {
+	tests := []struct {
+		name          string
+		setup         func() *userpat.Service
+		userID        string
+		orgID         string
+		title         string
+		wantAvailable bool
+		wantErr       bool
+		wantErrIs     error
+	}{
+		{
+			name:   "should return ErrDisabled when PAT feature is disabled",
+			userID: "user-1",
+			orgID:  "org-1",
+			title:  "my-token",
+			setup: func() *userpat.Service {
+				return userpat.NewService(log.NewNoop(), nil, userpat.Config{
+					Enabled: false,
+				}, nil, nil, nil, nil)
+			},
+			wantErr:   true,
+			wantErrIs: paterrors.ErrDisabled,
+		},
+		{
+			name:   "should return true when title is available",
+			userID: "user-1",
+			orgID:  "org-1",
+			title:  "new-token",
+			setup: func() *userpat.Service {
+				repo := mocks.NewRepository(t)
+				repo.EXPECT().IsTitleAvailable(mock.Anything, "user-1", "org-1", "new-token").
+					Return(true, nil)
+				return userpat.NewService(log.NewNoop(), repo, defaultConfig, nil, nil, nil, nil)
+			},
+			wantAvailable: true,
+		},
+		{
+			name:   "should return false when title is taken",
+			userID: "user-1",
+			orgID:  "org-1",
+			title:  "existing-token",
+			setup: func() *userpat.Service {
+				repo := mocks.NewRepository(t)
+				repo.EXPECT().IsTitleAvailable(mock.Anything, "user-1", "org-1", "existing-token").
+					Return(false, nil)
+				return userpat.NewService(log.NewNoop(), repo, defaultConfig, nil, nil, nil, nil)
+			},
+			wantAvailable: false,
+		},
+		{
+			name:   "should return error when repo fails",
+			userID: "user-1",
+			orgID:  "org-1",
+			title:  "my-token",
+			setup: func() *userpat.Service {
+				repo := mocks.NewRepository(t)
+				repo.EXPECT().IsTitleAvailable(mock.Anything, "user-1", "org-1", "my-token").
+					Return(false, errors.New("db error"))
+				return userpat.NewService(log.NewNoop(), repo, defaultConfig, nil, nil, nil, nil)
+			},
+			wantErr: true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			svc := tt.setup()
+			available, err := svc.IsTitleAvailable(context.Background(), tt.userID, tt.orgID, tt.title)
+			if tt.wantErr {
+				if err == nil {
+					t.Fatal("IsTitleAvailable() expected error, got nil")
+				}
+				if tt.wantErrIs != nil && !errors.Is(err, tt.wantErrIs) {
+					t.Errorf("IsTitleAvailable() error = %v, want %v", err, tt.wantErrIs)
+				}
+				return
+			}
+			if err != nil {
+				t.Fatalf("IsTitleAvailable() unexpected error: %v", err)
+			}
+			if available != tt.wantAvailable {
+				t.Errorf("IsTitleAvailable() = %v, want %v", available, tt.wantAvailable)
+			}
+		})
+	}
+}
diff --git a/core/userpat/userpat.go b/core/userpat/userpat.go
@@ -14,6 +14,7 @@ type Repository interface {
 	GetByID(ctx context.Context, id string) (models.PAT, error)
 	List(ctx context.Context, userID, orgID string, query *rql.Query) (models.PATList, error)
 	GetBySecretHash(ctx context.Context, secretHash string) (models.PAT, error)
+	IsTitleAvailable(ctx context.Context, userID, orgID, title string) (bool, error)
 	UpdateLastUsedAt(ctx context.Context, id string, at time.Time) error
 	Update(ctx context.Context, pat models.PAT) (models.PAT, error)
 	Regenerate(ctx context.Context, id, secretHash string, expiresAt time.Time) (models.PAT, error)

diff --git a/internal/api/v1beta1connect/interfaces.go b/internal/api/v1beta1connect/interfaces.go
@@ -407,5 +407,6 @@ type UserPATService interface {
 	Delete(ctx context.Context, userID, id string) error
 	Update(ctx context.Context, toUpdate models.PAT) (models.PAT, error)
 	Regenerate(ctx context.Context, userID, id string, newExpiresAt time.Time) (models.PAT, string, error)
+	IsTitleAvailable(ctx context.Context, userID, orgID, title string) (bool, error)
 	ListAllowedRoles(ctx context.Context, scopes []string) ([]role.Role, error)
 }
diff --git a/internal/api/v1beta1connect/mocks/user_pat_service.go b/internal/api/v1beta1connect/mocks/user_pat_service.go
diff --git a/internal/api/v1beta1connect/user_pat.go b/internal/api/v1beta1connect/user_pat.go
@@ -270,6 +270,40 @@ func (h *ConnectHandler) RegenerateCurrentUserPAT(ctx context.Context, request *
 	}), nil
 }
 
+func (h *ConnectHandler) CheckCurrentUserPATTitle(ctx context.Context, request *connect.Request[frontierv1beta1.CheckCurrentUserPATTitleRequest]) (*connect.Response[frontierv1beta1.CheckCurrentUserPATTitleResponse], error) {
+	errorLogger := NewErrorLogger()
+
+	principal, err := h.GetLoggedInPrincipal(ctx)
+	if err != nil {
+		return nil, err
+	}
+	if principal.User == nil {
+		return nil, connect.NewError(connect.CodePermissionDenied, ErrUnauthenticated)
+	}
+
+	if err := request.Msg.Validate(); err != nil {
+		return nil, connect.NewError(connect.CodeInvalidArgument, err)
+	}
+
+	available, err := h.userPATService.IsTitleAvailable(ctx, principal.User.ID, request.Msg.GetOrgId(), request.Msg.GetTitle())
+	if err != nil {
+		errorLogger.LogServiceError(ctx, request, "CheckCurrentUserPATTitle", err,
+			zap.String("user_id", principal.User.ID),
+			zap.String("org_id", request.Msg.GetOrgId()))
+
+		switch {
+		case errors.Is(err, paterrors.ErrDisabled):
+			return nil, connect.NewError(connect.CodeFailedPrecondition, err)
+		default:
+			return nil, connect.NewError(connect.CodeInternal, ErrInternalServerError)
+		}
+	}
+
+	return connect.NewResponse(&frontierv1beta1.CheckCurrentUserPATTitleResponse{
+		Available: available,
+	}), nil
+}
+
 func transformPATToPB(pat models.PAT, patValue string) *frontierv1beta1.PAT {
 	pbPAT := &frontierv1beta1.PAT{
 		Id:         pat.ID,