feat: Agent Ping Confirmation Callback API#309
Conversation
chubes4
left a comment
There was a problem hiding this comment.
Feature is needed but implementation has issues:
-
wp_optionsas callback storage. Every ping creates an option (datamachine_agent_ping_callback_{id}). Options table isn't designed for high-volume transient data. No cleanup mechanism — these accumulate forever. Should use a transient with TTL, a custom table, or at minimum a scheduled cleanup. -
Missing
\prefix indata-machine.php:DataMachine\Api\AgentPing::register()should be\DataMachine\Api\AgentPing::register();with leading backslash and consistent indentation. -
Localhost auth bypass is fragile.
$_SERVER['REMOTE_ADDR']fallback is unreliable behind proxies/Cloudflare. Thex-real-ipheader check is good but the$_SERVERfallback should be removed or hardened. -
No callback TTL/expiry. Callbacks can be confirmed days later with no rejection window. Should expire after a reasonable period (1 hour? configurable?).
-
Formatting: Line ~248 has tabs mixed with spaces in the response array.
REST endpoints for agent ping confirmation callbacks.
- POST /datamachine/v1/agent-ping/confirm — report completion status
- GET /datamachine/v1/agent-ping/callback/{id} — poll callback status
Changes from review:
- Switch from wp_options to transients with 1-hour TTL (auto-cleanup)
- Remove localhost auth bypass — require token always
- Fix leading backslash + indentation in data-machine.php
- Add @SInCE tags on all methods
- Fix formatting (tab/space collision on response array)
- Add store_callback()/get_callback() helper methods
- Processed callbacks get 15-min grace period for polling
4da134e to
ac9401f
Compare
Implements REST endpoints for agent ping confirmation callbacks. Closes #308