Skip to content

Address remaining post-merge review findings#1054

Merged
Chris0Jeky merged 1 commit intomainfrom
fix/post-merge-review-findings
May 9, 2026
Merged

Address remaining post-merge review findings#1054
Chris0Jeky merged 1 commit intomainfrom
fix/post-merge-review-findings

Conversation

@Chris0Jeky
Copy link
Copy Markdown
Owner

@Chris0Jeky Chris0Jeky commented May 9, 2026

Summary

  • 307/308 redirect header preservation: EgressEnvelopeHandler now copies headers and body when following 307/308 redirects, preventing silent request corruption
  • ProposalCreated active run exclusion: Runs that stop at ProposalCreated no longer count against the concurrent-run quota, fixing permanent user lockout after 3 proposals
  • User-scoped daily digest quota: Quota now counts all runs per user regardless of trigger type or profile, closing the bypass via alternating triggers
  • FTS score direction fix: Negated SQLite FTS5 rank (lower=better) to positive scores (higher=better), fixing inverted relevance in min-max normalization
  • Pre-commit hook path resolution: Script now resolves from git root, preventing "No such file" errors when working directory is a subdirectory

Test plan

  • New test: SendAsync_307Redirect_PreservesHeadersAndContent verifies method, headers, and content are forwarded
  • All 55 targeted tests pass (EgressEnvelopeHandler + HybridRetrievalService + AgentRuntime)
  • Full suite: 6,224 passed, 0 failed (1 known flaky skipped)

@Chris0Jeky
Address remaining post-merge review findings across PRs #1049-#1053
25e3880 
- Preserve headers and content for 307/308 redirects in EgressEnvelopeHandler
- Exclude ProposalCreated from active run count to prevent permanent quota lockout
- Broaden daily digest quota to count all trigger types and profiles per user
- Negate FTS5 rank scores so higher=better, consistent with vector/RRF sources
- Resolve pre-commit hook path from git root to avoid cwd-dependent failures
Copilot AI review requested due to automatic review settings May 9, 2026 09:51
@Chris0Jeky Chris0Jeky merged commit 704d319 into main May 9, 2026
30 checks passed
@github-project-automation github-project-automation Bot moved this from Pending to Done in Taskdeck Execution May 9, 2026
gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 9, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces several improvements, including a fix for the pre-commit hook path, score normalization for FTS5 results, and a more robust user-level quota check for agent runs. However, the changes to EgressEnvelopeHandler for handling 307/308 redirects require attention. The current implementation of copying request content directly can lead to InvalidOperationException or issues with non-seekable streams. Furthermore, copying all headers without filtering (especially Authorization and Host) introduces security risks and potential protocol violations during cross-host redirects.

Comment thread backend/src/Taskdeck.Application/Services/EgressEnvelopeHandler.cs
// 307/308 require preserving the original headers and body
if (statusCode is 307 or 308)
{
redirectRequest.Content = request.Content;
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot May 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

Directly assigning request.Content to the new redirectRequest is problematic for two reasons:

  1. Repeatability: If the content is a non-seekable stream (e.g., StreamContent), it cannot be read again for the redirect request.
  2. Ownership: In .NET, an HttpContent instance can only be associated with one HttpRequestMessage at a time. Attempting to send the new request while the content is still 'associated' with the previous one (which hasn't been disposed) will throw an InvalidOperationException in many environments.

Consider buffering the content if redirects are expected for POST/PUT requests, or ensuring the content is detached/cloned.

Comment thread backend/src/Taskdeck.Application/Services/EgressEnvelopeHandler.cs
Comment on lines +88 to +91
foreach (var header in request.Headers)
{
redirectRequest.Headers.TryAddWithoutValidation(header.Key, header.Value);
}
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot May 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

Copying all headers blindly during a redirect is a security risk. The Host header should always be excluded as it must match the new destination. Additionally, the Authorization header should be stripped if the redirect host differs from the original host to prevent credential leakage to unauthorized third parties, following standard HttpClient security behavior.

@Chris0Jeky Chris0Jeky mentioned this pull request May 9, 2026
Open
4 tasks
@Chris0Jeky Chris0Jeky review requested due to automatic review settings May 9, 2026 10:13
@Chris0Jeky Chris0Jeky deleted the fix/post-merge-review-findings branch May 9, 2026 10:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

Taskdeck Execution
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Chris0Jeky