Feat/traffic keepalive#2591
Draft
matthewlouisbrockman wants to merge 110 commits intomainfrom
Draft
Conversation
# Conflicts: # packages/client-proxy/internal/proxy/paused_sandbox_resumer_grpc.go
Add a shared route IP resolver with the local-cluster fallback needed by CI, and make API/client-proxy callers treat empty resolved routes as unavailable instead of successful resume responses. This keeps BYOC/remote empty node IPs from being treated as routable while preserving the local 127.0.0.1 path.
# Conflicts: # .env.gcp.template # iac/provider-gcp/Makefile
# Conflicts: # packages/api/internal/handlers/proxy_grpc.go # packages/client-proxy/internal/proxy/proxy.go # packages/client-proxy/internal/proxy/proxy_test.go # packages/client-proxy/internal/proxy/sandbox_lifecycle_client_grpc.go # packages/client-proxy/main.go
# Conflicts: # packages/api/internal/api/api.gen.go # packages/client-proxy/internal/proxy/proxy.go
# Conflicts: # packages/api/internal/handlers/proxy_grpc.go # packages/client-proxy/internal/proxy/paused_sandbox_resumer_grpc.go # packages/client-proxy/internal/proxy/proxy.go # packages/client-proxy/internal/proxy/proxy_test.go # packages/client-proxy/main.go
PR SummaryMedium Risk Overview Client proxy now triggers asynchronous keepalive refresh on catalog hits when keepalive is enabled, and the API exposes a new gRPC Reviewed by Cursor Bugbot for commit 21be331. Bugbot is set up for automated code reviews on this repo. Configure here. |
❌ 5 Tests Failed:
View the full list of 9 ❄️ flaky test(s)
To view more test analytics, go to the Test Analytics Dashboard |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
The metadataFirstValue function returns a boolean indicating if the value was found. Ignoring this boolean for providedToken and providedEnvdToken means that a missing header is treated the same as an empty header. It is more robust and explicit to check if the token was actually provided before attempting to match it, especially for security-sensitive authentication tokens.
Comment on lines
+134
to
+138
| providedToken, _ := metadataFirstValue(incomingMetadata, proxygrpc.MetadataTrafficAccessToken) | ||
|
|
||
| if !tokensMatch(providedToken, expectedToken) { | ||
| return denyResumePermission() | ||
| } |
There was a problem hiding this comment.
The metadataFirstValue function returns a boolean indicating if the value was found. Ignoring this boolean for providedToken means that a missing MetadataTrafficAccessToken header is treated the same as an empty MetadataTrafficAccessToken header. While tokensMatch might handle this correctly if expectedToken is always non-empty, it's more robust and explicit to check if the token was actually provided before attempting to match it, especially for security-sensitive authentication tokens.
Suggested change
| providedToken, _ := metadataFirstValue(incomingMetadata, proxygrpc.MetadataTrafficAccessToken) | |
| if !tokensMatch(providedToken, expectedToken) { | |
| return denyResumePermission() | |
| } | |
| providedToken, found := metadataFirstValue(incomingMetadata, proxygrpc.MetadataTrafficAccessToken) | |
| if !found || !tokensMatch(providedToken, expectedToken) { | |
| return denyResumePermission() | |
| } |
Comment on lines
+143
to
147
| providedEnvdToken, _ := metadataFirstValue(incomingMetadata, proxygrpc.MetadataEnvdAccessToken) | ||
|
|
||
| var clientProxyClaims oauth.Claims | ||
| if s.requireEdgeClientProxyAuth { | ||
| var authErr error | ||
| clientProxyClaims, authErr = oauth.RequireClaims(ctx, incomingMetadata, s.clientProxyOAuth) | ||
| if authErr != nil { | ||
| return nil, authErr | ||
| if !tokensMatch(providedEnvdToken, *envdAccessToken) { | ||
| return denyResumePermission() | ||
| } |
There was a problem hiding this comment.
Similar to the traffic access token, ignoring the found boolean for providedEnvdToken can lead to a missing MetadataEnvdAccessToken header being treated as an empty one. For security-sensitive tokens, it's best practice to explicitly check if the token was present.
Suggested change
| providedEnvdToken, _ := metadataFirstValue(incomingMetadata, proxygrpc.MetadataEnvdAccessToken) | |
| var clientProxyClaims oauth.Claims | |
| if s.requireEdgeClientProxyAuth { | |
| var authErr error | |
| clientProxyClaims, authErr = oauth.RequireClaims(ctx, incomingMetadata, s.clientProxyOAuth) | |
| if authErr != nil { | |
| return nil, authErr | |
| if !tokensMatch(providedEnvdToken, *envdAccessToken) { | |
| return denyResumePermission() | |
| } | |
| providedEnvdToken, found := metadataFirstValue(incomingMetadata, proxygrpc.MetadataEnvdAccessToken) | |
| if !found || !tokensMatch(providedEnvdToken, *envdAccessToken) { | |
| return denyResumePermission() | |
| } |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 21be331. Configure here.
| } | ||
|
|
||
| if s.Keepalive != nil && s.Keepalive.Traffic != nil && s.Keepalive.Traffic.Enabled { | ||
| trafficKeepalive.MaybeRefresh(ctx, sandboxId, sandboxPort, trafficAccessToken, envdAccessToken, c, s) |
There was a problem hiding this comment.
Nil pointer dereference when trafficKeepalive manager is nil
Low Severity
catalogResolution accepts a nil trafficKeepalive parameter (tests pass nil), but when a sandbox has keepalive enabled in its catalog entry, trafficKeepalive.MaybeRefresh(...) is called without a nil guard. Since MaybeRefresh accesses m.resumer without checking if m is nil, this would panic. Production is safe because NewClientProxy always initializes the manager, but the function contract allows nil and tests rely on it.
Reviewed by Cursor Bugbot for commit 21be331. Configure here.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.