✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Greptile Summary

This PR adds a database migration to increase the allowedServicePrincipalIds column in the IdentityAzureAuth table from VARCHAR(255) to VARCHAR(2048), allowing users to configure more Azure service principal IDs. The change is straightforward and correctly uses a hasColumn guard to make the up migration idempotent.

Key observations:

• The migration is idempotent — both up and down use hasColumn checks before altering.
• The down migration reduces the column back to 255 characters, which will fail in PostgreSQL for any row already storing values longer than 255 chars — exactly the scenario this PR is fixing. The rollback should either be a no-op or include a length check.
• Using VARCHAR(2048) instead of TEXT may require another migration in the future if the limit is hit again; TEXT would be unlimited.
• The application-level validator (validateAzureAuthField in identity-azure-auth-validators.ts) has no .max() constraint, so if the new cap of 2048 is intentional, a .max(2048) should be added there to surface a clear API error rather than a DB-level failure.

Confidence Score: 4/5

• Safe to merge — the migration is additive and idempotent, with only minor rollback and future-proofing concerns.
• The change is a simple column size increase with an idempotency guard. No logic changes, no security concerns, and no breaking API changes. Minor issues: the down migration is unsafe in practice (would fail/truncate for rows with >255 chars), and using TEXT instead of a fixed VARCHAR(2048) would be more future-proof.
• No files require special attention; identity-azure-auth-validators.ts may optionally benefit from a .max(2048) guard.

Important Files Changed

_{Last reviewed commit: "fix: specify down le..."}