Skip to content

chore: enable MDB auditing#6

Merged
cbullinger merged 1 commit intomainfrom
chore/enable-auditing
Apr 14, 2026
Merged

chore: enable MDB auditing#6
cbullinger merged 1 commit intomainfrom
chore/enable-auditing

Conversation

@cbullinger
Copy link
Copy Markdown
Collaborator

@cbullinger cbullinger commented Apr 14, 2026

MongoDB URI already added as a gcloud secret

dacharyc
dacharyc approved these changes Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@dacharyc dacharyc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@cbullinger cbullinger merged commit 18c2769 into main Apr 14, 2026
8 checks passed
cbullinger added a commit that referenced this pull request Apr 22, 2026
@cbullinger
test(operator): cover verifySuggestedRule, llm client dispatch, helpers
f1dd852 
Addresses PR review #6 — the security-critical surface had zero tests.
Adds table-driven coverage for:

- verifySuggestedRule, the invariant the AI suggester depends on to
  decide whether to show a "not verified" warning. Covers every
  transform type (move/copy/glob/regex), pattern mismatches, target
  mismatches, and invalid regex.
- NewLLMClient dispatch: empty/ollama/anthropic/unsupported, plus the
  "anthropic provider requires ANTHROPIC_API_KEY" guard.
- anthropic client getters/setters and ErrModelManagementNotSupported
  returned by PullModel / DeleteModel.
- stripJSONFences edge cases (fenced, unfenced, nested JSON).
- Rune-aware truncate (multi-byte glyphs not cut mid-byte).

The earlier operator_auth_test.go covers validateGitHubPAT role mapping
and the 404→denied / 5xx→writer auth semantics; this completes the
review's minimum bar.
cbullinger added a commit that referenced this pull request Apr 24, 2026
@cbullinger
test(operator): cover verifySuggestedRule, llm client dispatch, helpers
14c9d29 
Addresses PR review #6 — the security-critical surface had zero tests.
Adds table-driven coverage for:

- verifySuggestedRule, the invariant the AI suggester depends on to
  decide whether to show a "not verified" warning. Covers every
  transform type (move/copy/glob/regex), pattern mismatches, target
  mismatches, and invalid regex.
- NewLLMClient dispatch: empty/ollama/anthropic/unsupported, plus the
  "anthropic provider requires ANTHROPIC_API_KEY" guard.
- anthropic client getters/setters and ErrModelManagementNotSupported
  returned by PullModel / DeleteModel.
- stripJSONFences edge cases (fenced, unfenced, nested JSON).
- Rune-aware truncate (multi-byte glyphs not cut mid-byte).

The earlier operator_auth_test.go covers validateGitHubPAT role mapping
and the 404→denied / 5xx→writer auth semantics; this completes the
review's minimum bar.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dacharyc dacharyc dacharyc approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cbullinger @dacharyc