Add Inboxes API

[DagonWat]

Motivation

Cover Inboxes public API with Ruby SDK module.

Changes

• Add Inboxes API class with appropriate methods.

Summary by CodeRabbit

New Features

• Added inbox management API with full CRUD capabilities: list, retrieve, create, update, and delete inboxes
• Added inbox maintenance operations: clean all messages, mark all messages as read, and reset SMTP credentials

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

📝 Walkthrough

Walkthrough

Introduces the InboxesAPI class enabling CRUD operations and inbox management for Mailtrap, including methods to list, retrieve, create, update, delete, clean, mark-as-read, and reset credentials for inboxes. Accompanied by comprehensive RSpec test suite with VCR fixtures.

Changes

Cohort / File(s)	Summary
Core API Implementation lib/mailtrap.rb, lib/mailtrap/inboxes_api.rb	Added require for new InboxesAPI module. Introduced InboxesAPI class with 8 public methods (list, get, create, update, delete, clean, mark_as_read, reset_credentials), supporting options validation, response mapping to Inbox objects, and error handling via BaseAPI inheritance.
Model Tests spec/mailtrap/inbox_spec.rb	New test suite verifying Inbox model initialization, to_h serialization, and nil attribute handling.
API Tests spec/mailtrap/inboxes_api_spec.rb	Comprehensive RSpec suite covering all InboxesAPI methods with success and error scenarios, VCR-recorded HTTP interactions, and response mapping assertions.
VCR Test Fixtures spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_*/\*	17 YAML cassettes recording HTTP interactions for all InboxesAPI operations: list (2), get (2), create (2), update (3), delete (2), clean (2), mark_as_read (2), reset_credentials (2) covering success, 404, 422, and 401 error scenarios.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested reviewers

• IgorDobryn
• mklocek
• igorlvicente

Poem

🐰 hops with delight
A shiny new InboxesAPI springs to life,
CRUD operations, no inbox strife!
Clean, read, and reset with care so bright,
Mailtrap's mailboxes—pure delight! ✉️

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Add Inboxes API' directly and concisely summarizes the main change—introducing a new Inboxes API class with CRUD and mailbox operations.
Description check	✅ Passed	The description covers motivation and changes, but is missing the required 'How to test' section with test checkboxes and the optional 'Images and GIFs' section.
Docstring Coverage	✅ Passed	Docstring coverage is 80.00% which is sufficient. The required threshold is 80.00%.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[DagonWat]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (3)

spec/mailtrap/inbox_spec.rb (1)

16-27: Consider using realistic data types for test attributes.

Based on the VCR cassettes, several attributes have different types in the actual API:

• used should be a boolean (e.g., false), not an integer
• smtp_ports should be an array (e.g., [25, 465, 587, 2525])
• pop3_ports should be an array (e.g., [1100, 9950])

Using representative data types would make the tests more realistic and could catch type-related issues in the Inbox model.

lib/mailtrap/inboxes_api.rb (2)

28-39: Documentation missing project_id option.

The create method requires project_id to construct the API path, but it's not documented in the YARD @option tags.

🔎 Proposed fix

     # Creates a new inbox
     # @param [Hash] options The parameters to create
     # @option options [String] :name The inbox name
+    # @option options [Integer] :project_id The project identifier (required)
     # @return [Inbox] Created inbox object

---

57-59: Restrict updatable options to exclude project_id.

The update method currently uses the class-level supported_options which includes :project_id, but according to the Mailtrap API documentation, the update endpoint only accepts name and email_username. The project_id is only valid during inbox creation (to specify the target project) and cannot be updated. The base_update method supports passing a restricted options list, so you can enforce this at the validation layer:

+    UPDATE_OPTIONS = %i[name email_username].freeze
+
     # Updates an existing Inbox
     # @param inbox_id [Integer] The Inbox identifier
     # @param [Hash] options The parameters to update
     # @option options [String] :name The inbox name
     # @option options [String] :email_username The inbox email username
     # @return [Inbox] Updated Inbox object
     # @!macro api_errors
     # @raise [ArgumentError] If invalid options are provided
     def update(inbox_id, options)
-      base_update(inbox_id, options)
+      base_update(inbox_id, options, UPDATE_OPTIONS)
     end

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2173be8 and f7c0d9e.

📒 Files selected for processing (21)

• lib/mailtrap.rb
• lib/mailtrap/inboxes_api.rb
• spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_clean/returns_nil.yml
• spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_clean/when_inbox_does_not_exist/raises_not_found_error.yml
• spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_create/maps_response_data_to_Inbox_object.yml
• spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_create/when_API_returns_an_error/raises_a_Mailtrap_Error.yml
• spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_delete/returns_deleted_inbox_data.yml
• spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_delete/when_inbox_does_not_exist/raises_not_found_error.yml
• spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_get/maps_response_data_to_Inbox_object.yml
• spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_get/when_inbox_does_not_exist/raises_not_found_error.yml
• spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_list/maps_response_data_to_Inboxe_objects.yml
• spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_list/when_api_key_is_incorrect/raises_authorization_error.yml
• spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_mark_as_read/returns_nil.yml
• spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_mark_as_read/when_inbox_does_not_exist/raises_not_found_error.yml
• spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_reset_credentials/returns_nil.yml
• spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_reset_credentials/when_inbox_does_not_exist/raises_not_found_error.yml
• spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_update/maps_response_data_to_Inbox_object.yml
• spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_update/when_inbox_does_not_exist/raises_not_found_error.yml
• spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_update/with_hash_request/maps_response_data_to_Inbox_object.yml
• spec/mailtrap/inbox_spec.rb
• spec/mailtrap/inboxes_api_spec.rb

🧰 Additional context used

🧬 Code graph analysis (2)

spec/mailtrap/inboxes_api_spec.rb (2)

lib/mailtrap/action_mailer/delivery_method.rb (1)

• client (24-26)

lib/mailtrap/inboxes_api.rb (9)

• list (16-18)
• include (7-97)
• get (24-26)
• create (34-39)
• update (57-59)
• clean (65-68)
• mark_as_read (74-77)
• reset_credentials (83-86)
• delete (45-47)

lib/mailtrap/inboxes_api.rb (3)

lib/mailtrap/base_api.rb (7)

• supported_options (27-29)
• response_class (31-33)
• base_list (67-70)
• base_get (46-49)
• validate_options! (35-40)
• base_delete (63-65)
• base_update (57-61)

lib/mailtrap/action_mailer/delivery_method.rb (1)

• client (24-26)

lib/mailtrap/client.rb (2)

• post (187-194)
• patch (201-208)

🪛 ast-grep (0.40.3)

lib/mailtrap/inboxes_api.rb

[warning] 35-36: Found the use of an hardcoded passphrase for RSA. The passphrase can be easily discovered, and therefore should not be stored in source-code. It is recommended to remove the passphrase from source-code, and use system environment variables or a restricted configuration file.
Context: client.post("/api/accounts/#{account_id}/projects/#{options[:project_id]}/inboxes",
wrap_request(options))
Note: [CWE-798]: Use of Hard-coded Credentials [OWASP A07:2021]: Identification and Authentication Failures [REFERENCES]
https://cwe.mitre.org/data/definitions/522.html

(hardcoded-secret-rsa-passphrase-ruby)

🔇 Additional comments (21)

spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_update/when_inbox_does_not_exist/raises_not_found_error.yml (1)

1-166: VCR fixture looks correct.

This VCR cassette properly records a 404 Not Found scenario for updating a non-existent inbox. The Bearer token is appropriately masked, and the fixture structure is standard.

spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_delete/returns_deleted_inbox_data.yml (1)

1-168: VCR fixture looks correct.

This cassette properly records a successful delete operation returning the deleted inbox data. The fixture structure is standard, and sensitive data is appropriately masked.

spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_delete/when_inbox_does_not_exist/raises_not_found_error.yml (1)

1-166: VCR fixture looks correct.

This cassette properly records a 404 Not Found scenario for deleting a non-existent inbox. The fixture structure is standard.

spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_reset_credentials/when_inbox_does_not_exist/raises_not_found_error.yml (1)

1-166: VCR fixture looks correct.

This cassette properly records a 404 Not Found scenario for resetting credentials on a non-existent inbox. The fixture structure is standard.

lib/mailtrap.rb (1)

14-14: LGTM!

The require statement follows the established pattern for loading API modules and is correctly placed in the sequence.

spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_list/maps_response_data_to_Inboxe_objects.yml (1)

1-168: VCR fixture looks correct.

This cassette properly records a successful list operation returning an array of inbox objects. The fixture structure is standard.

spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_reset_credentials/returns_nil.yml (1)

1-168: VCR fixture looks correct.

This cassette properly records a successful reset_credentials operation. The fixture structure is standard, and the response includes the updated inbox object with new credentials.

spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_list/when_api_key_is_incorrect/raises_authorization_error.yml (1)

1-168: VCR fixture looks correct.

This cassette properly records a 401 Unauthorized scenario for an incorrect API token. The fixture structure is standard and includes the expected WWW-Authenticate header.

spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_clean/returns_nil.yml (1)

1-168: LGTM! Standard VCR cassette for the clean endpoint.

This fixture appropriately records the PATCH request to clean an inbox and the 200 OK response. Bearer tokens are properly masked, and the response structure aligns with the Mailtrap Inboxes API.

spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_mark_as_read/when_inbox_does_not_exist/raises_not_found_error.yml (1)

1-166: LGTM! Appropriate error case fixture.

This cassette correctly captures the 404 Not Found response when attempting to mark a non-existent inbox as read. The error handling test coverage is valuable.

spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_clean/when_inbox_does_not_exist/raises_not_found_error.yml (1)

1-166: LGTM! Consistent error handling fixture.

This cassette appropriately tests the 404 Not Found scenario for the clean endpoint when the inbox doesn't exist. Error handling coverage is consistent with other operations.

spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_create/when_API_returns_an_error/raises_a_Mailtrap_Error.yml (1)

1-167: LGTM! Validation error fixture for create endpoint.

This cassette captures a 422 Unprocessable Entity response when the sandbox limit is reached. The fixture appropriately tests API error handling with a meaningful error message.

spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_mark_as_read/returns_nil.yml (1)

1-168: LGTM! Standard success case for mark_as_read.

This cassette correctly records the PATCH request to mark all inbox messages as read and the 200 OK response. The response structure is consistent with other successful operations.

spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_get/maps_response_data_to_Inbox_object.yml (1)

1-168: LGTM! Comprehensive fixture for inbox retrieval.

This cassette appropriately captures the GET request to retrieve an inbox and includes a complete inbox payload for testing object mapping. The fixture supports validation of the Mailtrap::Inbox object initialization.

spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_get/when_inbox_does_not_exist/raises_not_found_error.yml (1)

1-166: LGTM! Error handling for non-existent inbox.

This cassette correctly captures the 404 Not Found response when attempting to retrieve a non-existent inbox. The error handling test coverage is complete.

spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_create/maps_response_data_to_Inbox_object.yml (1)

1-168: LGTM! Success case for inbox creation.

This cassette appropriately captures the POST request to create an inbox and the response with complete inbox data. The fixture supports testing object mapping for newly created inboxes.

Note: The API returns 200 OK for creation instead of the more conventional 201 Created, but this accurately reflects the actual API behavior.

spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_update/with_hash_request/maps_response_data_to_Inbox_object.yml (1)

1-168: VCR cassette looks good.

The fixture properly records the PATCH request for updating an inbox with a hash request containing only the name field. The authorization token is correctly sanitized with a placeholder <BEARER_TOKEN>.

spec/fixtures/vcr_cassettes/Mailtrap_InboxesAPI/_update/maps_response_data_to_Inbox_object.yml (1)

1-168: VCR cassette is correctly structured.

The fixture properly captures the PATCH request for updating an inbox with both name and email_username fields. Authorization token is appropriately sanitized.

spec/mailtrap/inboxes_api_spec.rb (1)

1-236: Comprehensive test coverage for the InboxesAPI.

The test suite covers all CRUD operations, inbox management methods (clean, mark_as_read, reset_credentials), and error handling scenarios including authorization errors and not found cases. Good use of VCR for HTTP interaction recording.

lib/mailtrap/inboxes_api.rb (2)

35-38: Static analysis false positive - no hardcoded credentials here.

The ast-grep warning about hardcoded credentials is a false positive. This is simply an API endpoint URL constructed from dynamic parameters (account_id, project_id). No actual secrets or passphrases are present in this code.

---

6-97: Well-structured API implementation.

The InboxesAPI class follows the established patterns from BaseAPI, with clean method implementations for CRUD and inbox management operations. The private helpers (wrap_request, base_path) are appropriately scoped, and the YARD documentation provides good API reference material.