fix(worker): extend permission-sync fail-closed to HTTP 410

[msukkari]

PR #1215 added a fail-closed branch in the account-driven permission syncer (accountPermissionSyncer.runJob) that clears an account's AccountToRepoPermission rows when the upstream call throws 401, 403, or a token-refresh error. The predicate set is too narrow for endpoint deprecations:

Bitbucket Cloud's CHANGE-2770 removed GET /2.0/user/permissions/repositories and the endpoint now returns HTTP 410 Gone for every caller. With the existing predicate, the syncer aborts without clearing the account's rows, so stale permissions persist indefinitely. This PR makes 410 errors trigger that clean up logic

Summary by CodeRabbit

• Bug Fixes

  • Account permissions are now reliably removed when an upstream API returns HTTP 410 Gone, preventing stale access after an external resource is removed.
  • Improved upstream error classification to ensure consistent permission cleanup for permanently gone endpoints.

• Tests

  • Added coverage validating detection of upstream "gone" (410) responses across different client behaviors.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0e66973c-0386-4c95-bd9f-6c46ac8568ca

📥 Commits

Reviewing files that changed from the base of the PR and between 333a1aa and ee5b8de.

📒 Files selected for processing (1)

• CHANGELOG.md

✅ Files skipped from review due to trivial changes (1)

• CHANGELOG.md

---

Walkthrough

Adds an exported isGone helper (detects HTTP 410), tests for it, and updates AccountPermissionSyncer to treat 410 as a permanent upstream condition by deleting account-to-repo permission rows; CHANGELOG updated.

Changes

Account permission syncer 410 Gone handling

Layer / File(s)	Summary
isGone error helper and tests packages/backend/src/errors.ts, packages/backend/src/errors.test.ts	Adds exported isGone predicate (true when getStatus(err) === 410) and test coverage for Octokit, Gitbeaker, Bitbucket middleware, and negative cases.
AccountPermissionSyncer fail-closed on 410 Gone packages/backend/src/ee/accountPermissionSyncer.ts, CHANGELOG.md	Imports and applies isGone in the syncer's fail-closed catch-block; when 410 (or existing auth/refresh-token conditions) is detected, deletes accountToRepoPermission rows for the account and logs the reason. Changelog documents the Fixed entry.

Sequence Diagram(s)

sequenceDiagram
  participant AccountPermissionSyncer
  participant UpstreamAPI
  participant errors_isGone
  participant accountToRepoPermission_DB
  AccountPermissionSyncer->>UpstreamAPI: fetch permissions request
  UpstreamAPI-->>AccountPermissionSyncer: error response (HTTP 410)
  AccountPermissionSyncer->>errors_isGone: isGone(error)
  errors_isGone-->>AccountPermissionSyncer: true
  AccountPermissionSyncer->>accountToRepoPermission_DB: DELETE WHERE accountId = X
  accountToRepoPermission_DB-->>AccountPermissionSyncer: delete result

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• sourcebot-dev/sourcebot#1215: Related changes to AccountPermissionSyncer that implement fail-closed deletion for authorization-related error classifiers.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: adding HTTP 410 handling to the permission-sync fail-closed logic.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch msukkari/fix-perm-sync-fail-closed-410

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/backend/src/ee/accountPermissionSyncer.ts`:
- Around line 209-210: Remove PII and raw upstream error text from the
fail-closed warning: update the logger.warn call in accountPermissionSyncer (the
statement that currently references logger.warn and interpolates
account.user.email and the error.message/String(error)) so it only logs
account.id, reason and count (and any fixed context text), and do not include
account.user.email or the raw error message; rely on Sentry/failed-job records
for full error details instead.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e56ba7a2-590e-4a3d-8129-3747112696c2

📥 Commits

Reviewing files that changed from the base of the PR and between fd242f7 and 333a1aa.

📒 Files selected for processing (1)

• packages/backend/src/ee/accountPermissionSyncer.ts