Slipstream/auto_review
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases 27 Packages Activity Actions

fix(gateway): clean failed OCI stages #263

Merged
jwilger merged 4 commits from fix/issue-147-oci-stage-cleanup into main 2026-05-18 22:58:23 -07:00
Conversation 1 Commits 4 Files changed 2 +194 -24
jwilger commented 2026-05-18 22:46:39 -07:00
Owner
Copy link

Why:

  • Failed embedded OCI staging after directory creation could leave secret-bearing staged bundle directories or partial generated config.json files on disk.
  • Closes #147.

What:

  • Clean staged OCI bundles best-effort on post-create staging failures while preserving the original sanitized diagnostic.
  • Add deterministic tests for missing packaged config, injected config write failure, and partial config write cleanup.
  • Update the T1a threat model coverage notes for failed-staging cleanup.

Validation:

  • cargo nextest run -p ar-gateway staged_oci_bundle
  • cargo nextest run -p ar-gateway
  • just fmt
  • just clippy
  • just test
  • cargo build --workspace after cleaning stale local artifacts
  • Security reviewer approved the OCI cleanup/redaction diff.
Why: - Failed embedded OCI staging after directory creation could leave secret-bearing staged bundle directories or partial generated `config.json` files on disk. - Closes #147. What: - Clean staged OCI bundles best-effort on post-create staging failures while preserving the original sanitized diagnostic. - Add deterministic tests for missing packaged config, injected config write failure, and partial config write cleanup. - Update the T1a threat model coverage notes for failed-staging cleanup. Validation: - `cargo nextest run -p ar-gateway staged_oci_bundle` - `cargo nextest run -p ar-gateway` - `just fmt` - `just clippy` - `just test` - `cargo build --workspace` after cleaning stale local artifacts - Security reviewer approved the OCI cleanup/redaction diff.
Why:\n- Failed OCI staging after directory creation could leave secret-bearing staged bundles on disk.\n\nWhat:\n- Clean staged bundles on post-create staging errors while preserving sanitized diagnostics.\n- Cover the cleanup path with a focused gateway startup test.\n\nValidation:\n- cargo nextest run -p ar-gateway staged_oci_bundle_failure_after_stage_creation_cleans_staged_bundle_and_partial_secret_config
Why:\n- Issue #147 called out staged config write failures as a cleanup risk for secret-bearing OCI bundles.\n\nWhat:\n- Add a private config-writer seam for deterministic write-failure coverage.\n- Verify write failures clean the staged bundle and keep public diagnostics redacted.\n\nValidation:\n- cargo nextest run -p ar-gateway staged_oci_bundle_config_write_failure_cleans_stage_and_redacts_public_diagnostic
Why:\n- Partial staged config writes can leave secret-bearing fragments if cleanup regresses.\n\nWhat:\n- Add focused coverage for a writer that creates partial config content before failing.\n\nValidation:\n- cargo nextest run -p ar-gateway staged_oci_bundle_partial_config_write_failure_removes_partial_config
docs: note failed OCI staging cleanup
All checks were successful
CI / Classify changed paths (pull_request) Successful in 3s
Details
CI / opencode plugin tests (pull_request) Has been skipped
Details
CI / Dependency policy (pull_request) Successful in 12s
Details
CI / Test (pull_request) Successful in 53s
Details
CI / Build (pull_request) Successful in 32s
Details
CI / Build PR artifacts (no token) (pull_request) Has been skipped
Details
CI / Format check (pull_request) Successful in 6s
Details
CI / Clippy (pull_request) Successful in 40s
Details
CI / Request auto_review semantic review (pull_request) Successful in 1s
Details
auto_review auto_review: no findings
f283cd4cd8
 
Why:\n- The threat model should describe the cleanup guarantee added for failed OCI staging.\n\nWhat:\n- Document best-effort staged bundle cleanup for setup failures and its T1a test coverage.\n\nValidation:\n- Documentation-only change after just test passed.
auto-review approved these changes 2026-05-18 22:57:55 -07:00
auto-review left a comment
Copy link

The PR introduces a refactor to handle OCI staging failures more securely by cleaning up partial configurations and preventing sensitive data leaks. It adds comprehensive tests to validate these changes, ensuring robustness and security. The changes appear safe to merge.

Walkthrough

  • Refactor in startup.rs:
    • The function stage_embedded_oci_gateway_bundle_at_path now calls stage_embedded_oci_gateway_bundle_at_path_with_config_writer, promoting code reuse and maintainability.
    • Error handling is improved to ensure cleanup of staged bundles on failure.
  • New Tests:
    • Added tests to verify that failed OCI staging cleans up partial configurations and does not leak sensitive information.
  • Threat Model Update:
    • Documentation updated to reflect the new cleanup strategy for failed staging attempts, enhancing the security posture.

LLM usage and cost

The PR introduces a refactor to handle OCI staging failures more securely by cleaning up partial configurations and preventing sensitive data leaks. It adds comprehensive tests to validate these changes, ensuring robustness and security. The changes appear safe to merge. ## Walkthrough - **Refactor in `startup.rs`:** - The function `stage_embedded_oci_gateway_bundle_at_path` now calls `stage_embedded_oci_gateway_bundle_at_path_with_config_writer`, promoting code reuse and maintainability. - Error handling is improved to ensure cleanup of staged bundles on failure. - **New Tests:** - Added tests to verify that failed OCI staging cleans up partial configurations and does not leak sensitive information. - **Threat Model Update:** - Documentation updated to reflect the new cleanup strategy for failed staging attempts, enhancing the security posture. ## LLM usage and cost - Reasoning (gpt-4o) in=6443 out=337 cost=$0.037270 - Cheap (gpt-4o-mini) in=429 out=49 cost=$0.000094 Estimated total USD: $0.037364 via https://api.openai.com and https://api.openai.com
jwilger deleted branch fix/issue-147-oci-stage-cleanup 2026-05-18 22:58:23 -07:00
Sign in to join this conversation.
Reviewers
No reviewers
auto-review
Labels
Clear labels   
bug

   
discussion

   
enhancement
  
bug
Something is not working

  
duplicate
This issue or pull request already exists

  
enhancement
New feature

  
help wanted
Need some help

  
invalid
Something is wrong

  
question
More information is needed

  
wontfix
This won't be fixed

No labels
bug
discussion
enhancement
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
Slipstream/auto_review!263
No description provided.