Slipstream/auto_review
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases 27 Packages Activity Actions

feat(ops): report runtime isolation posture #132

Merged
jwilger merged 1 commit from issue-122-runtime-isolation-posture into main 2026-05-07 09:58:59 -07:00
Conversation 1 Commits 1 Files changed 5 +585 -49
jwilger commented 2026-05-07 07:18:10 -07:00
Owner
Copy link

Summary

  • Classify and log runtime isolation posture for the gateway, including OCI default, external container, explicit bare, setup failure, and unsupported-platform states.
  • Expose non-secret posture details from /info and surface them in auto-review ops status and auto-review ops doctor.
  • Add posture/redaction tests and update the threat model for the new operator-visible isolation diagnostics.

Verification

  • nix develop --command cargo fmt --all -- --check
  • nix develop --command cargo clippy --workspace --all-targets -- -D warnings
  • nix develop --command cargo nextest run -p ar-gateway -p ar-cli --no-tests=pass

Closes #122

## Summary - Classify and log runtime isolation posture for the gateway, including OCI default, external container, explicit bare, setup failure, and unsupported-platform states. - Expose non-secret posture details from `/info` and surface them in `auto-review ops status` and `auto-review ops doctor`. - Add posture/redaction tests and update the threat model for the new operator-visible isolation diagnostics. ## Verification - `nix develop --command cargo fmt --all -- --check` - `nix develop --command cargo clippy --workspace --all-targets -- -D warnings` - `nix develop --command cargo nextest run -p ar-gateway -p ar-cli --no-tests=pass` Closes #122
feat(ops): report runtime isolation posture
All checks were successful
CI / Nix flake check (pull_request) Successful in 3m21s
Details
CI / auto_review semantic review (pull_request) Successful in 2s
Details
auto_review auto_review: no findings
Publish release / release-publish (pull_request) Has been skipped
Details
2c77f5d319
auto-review approved these changes 2026-05-07 07:22:13 -07:00
auto-review left a comment
Copy link

This PR introduces runtime isolation posture classification and logging for the gateway, exposing non-secret details via /info and CLI commands. The changes appear well-structured and include comprehensive tests, making it safe to merge.

Walkthrough

  • crates/ar-cli/src/commands.rs:

    • Added RuntimeIsolationSummary struct to represent runtime isolation postures.
    • Implemented methods to classify different isolation postures.
    • Updated StatusSummary to include runtime isolation details.
    • Added tests to verify the rendering and computation of runtime isolation postures.

  • crates/ar-gateway/src/lib.rs:

    • Introduced RuntimeIsolationPostureInfo to encapsulate isolation posture details.

  • crates/ar-gateway/src/startup.rs:

    • Implemented classify_runtime_isolation_posture to determine the isolation posture based on environment variables and platform.
    • Added logging for the classified posture.

  • crates/ar-gateway/src/webhook.rs:

    • Updated tests to ensure /info endpoint correctly reports runtime isolation posture without leaking sensitive information.

  • docs/THREAT-MODEL.md:

    • Updated threat model documentation to include new runtime isolation posture diagnostics and their implications.
This PR introduces runtime isolation posture classification and logging for the gateway, exposing non-secret details via `/info` and CLI commands. The changes appear well-structured and include comprehensive tests, making it safe to merge. ## Walkthrough - **crates/ar-cli/src/commands.rs**: - Added `RuntimeIsolationSummary` struct to represent runtime isolation postures. - Implemented methods to classify different isolation postures. - Updated `StatusSummary` to include runtime isolation details. - Added tests to verify the rendering and computation of runtime isolation postures. - **crates/ar-gateway/src/lib.rs**: - Introduced `RuntimeIsolationPostureInfo` to encapsulate isolation posture details. - **crates/ar-gateway/src/startup.rs**: - Implemented `classify_runtime_isolation_posture` to determine the isolation posture based on environment variables and platform. - Added logging for the classified posture. - **crates/ar-gateway/src/webhook.rs**: - Updated tests to ensure `/info` endpoint correctly reports runtime isolation posture without leaking sensitive information. - **docs/THREAT-MODEL.md**: - Updated threat model documentation to include new runtime isolation posture diagnostics and their implications.
Sign in to join this conversation.
Reviewers
No reviewers
auto-review
Labels
Clear labels   
bug

   
discussion

   
enhancement
  
bug
Something is not working

  
duplicate
This issue or pull request already exists

  
enhancement
New feature

  
help wanted
Need some help

  
invalid
Something is wrong

  
question
More information is needed

  
wontfix
This won't be fixed

No labels
bug
discussion
enhancement
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
Slipstream/auto_review!132
No description provided.