Skip to content

Remove dead user management code from SDK #11

Open
Open
Remove dead user management code from SDK#11
@krisrowe

Description

@krisrowe
krisrowe
opened on Apr 3, 2026

Problem

gapp/admin/sdk/users.py and parts of gapp/admin/sdk/tokens.py implement user management by directly reading and writing GCS bucket files under an auth/ prefix. This was the original pattern when gapp injected an auth wrapper (gapp_run) into deployed containers.

Solutions now use mcp-app's user-identity middleware for auth, which:

  • Validates JWTs directly in the app
  • Stores user records via its own UserAuthStore (filesystem-based under data/users/)
  • Serves a REST admin API at /admin/users and /admin/tokens

The gapp user management code doesn't interact with any of this. gapp users list returns 0 users for a deployed solution that has active users, because it's looking at auth/ bucket files that don't exist in the new pattern.

User management tooling is being built in mcp-app instead (see echomodel/mcp-app#5).

What to Remove

  • gapp/admin/sdk/users.py — all functions: register_user, list_users, get_user, update_user, revoke_user, and GCS helpers (_gcs_path, _object_exists, _write_credential, _read_credential_full, _email_hash)
  • gapp/admin/sdk/tokens.py — references to users.py helpers (_email_hash, _gcs_path, _object_exists, _read_credential_full, _write_credential). create_token and revoke_tokens check user existence via GCS and need to be removed or reworked
  • gapp/admin/sdk/tokens.pycreate_status_token and _get_signing_key may still be needed by mcp_status.py for health checks. Audit before removing.
  • CLI commands that wrap these SDK functions (e.g., gapp users list, gapp users register, etc.)
  • MCP tool handlers that wrap these SDK functions (gapp_users_list, gapp_users_register, gapp_users_update, gapp_users_revoke, gapp_tokens_create, gapp_tokens_revoke)
  • build/lib/gapp/admin/sdk/tokens.py — stale build artifact with same dead code
  • Related tests if any exist

What to Keep (audit first)

  • create_status_token — used by mcp_status.py for health-check probing. This mints a short-lived JWT with scope: "status" to bypass auth on health checks. Likely still needed.
  • _get_signing_key — reads signing key from Secret Manager. Still needed by create_status_token and potentially by future admin client code.

Context

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions