Skip to content

fix(selfhost): use own-property check for retired config-lint fields#3379

Merged
JSONbored merged 1 commit into
JSONbored:mainfrom
galuis116:fix/config-lint-retired-field-own-property-v2
Jul 5, 2026
Merged

fix(selfhost): use own-property check for retired config-lint fields#3379
JSONbored merged 1 commit into
JSONbored:mainfrom
galuis116:fix/config-lint-retired-field-own-property-v2

Conversation

@galuis116

Copy link
Copy Markdown
Contributor

Summary

unknownTopLevelWarnings() in src/selfhost/config-lint.ts splits unknown top-level manifest fields into "retired" (with a migration warning) vs genuinely "unknown", using the JavaScript in operator:

const retiredWarnings = keys.filter((key) => key in RETIRED_FIELD_MIGRATION_WARNINGS).map((key) => RETIRED_FIELD_MIGRATION_WARNINGS[key]!);
const unknown = keys.filter((key) => !(key in RETIRED_FIELD_MIGRATION_WARNINGS)).map(formatFieldName);

RETIRED_FIELD_MIGRATION_WARNINGS is a plain object literal, so in walks the prototype chain: "constructor" in obj, "toString" in obj, "hasOwnProperty" in obj, "valueOf" in obj, etc. are all true. A manifest with a field named like an Object.prototype member is therefore misclassified as retired, and RETIRED_FIELD_MIGRATION_WARNINGS["constructor"] resolves to the inherited Object function, which is pushed into a declared string[]. Because JSON.stringify drops function values, that warning serializes to null over any API — and the genuine "Manifest contains unknown top-level field: constructor." warning is silently suppressed, so the suspicious unknown field disappears from operator-facing output.

The sibling recognizedFieldsFor in the same file already does this correctly with Object.prototype.hasOwnProperty.call(...); this call site was the inconsistent one. The fix uses an own-property check. Adds a regression test that lints a constructor: field and asserts the correct unknown-field warning plus that every warning is a string.

No linked issue: issue creation on this repo is restricted to collaborators, and this is a small, self-contained correctness fix (own-property check, matching the sibling in the same file) whose rationale is self-evident from the diff.

Scope

  • The PR title follows type(scope): short summary Conventional Commit format, for example fix(api): restore profile access checks.
  • This PR is focused and does not mix unrelated backend, UI, MCP, docs, dependency, and deploy changes.
  • This follows CONTRIBUTING.md and does not reintroduce GitHub Pages, VitePress, site/, or CNAME.
  • I linked an issue, or this is small enough that the summary explains why an issue is not needed.

Validation

  • git diff --check
  • npm run actionlint
  • npm run typecheck
  • npm run test:coverage locally; codecov/patch requires ≥99% coverage of the lines AND branches you changed (aim for 100% on your diff so CI variance does not fail near the threshold). Global coverage is a non-blocking trend with a loose 90% backstop, not the gate.
  • npm run test:workers
  • npm run build:mcp
  • npm run test:mcp-pack
  • npm run ui:openapi:check
  • npm run ui:lint
  • npm run ui:typecheck
  • npm run ui:build
  • npm audit --audit-level=moderate
  • New or changed behavior has unit/integration tests for new branches, fallback paths, and sanitizer boundaries

If any required check was skipped, explain why:

  • The full npm run test:ci aggregate ran green plus npm audit --audit-level=moderate (0 vulnerabilities). The changed lines are exercised by the existing retired/unknown-field tests plus the new constructor-named-field regression test (which fails on the old in operator and passes with hasOwnProperty), so codecov/patch is 100% for the diff.

Safety

  • No secrets, wallet details, hotkeys, coldkeys, user PATs, private keys, raw trust scores, private rankings, or private maintainer evidence are exposed.
  • Public GitHub text stays sanitized, low-noise, and does not imply compensation guarantees or optimization tactics.
  • Auth, cookie, CORS, GitHub App, Cloudflare, or session changes include negative-path tests.
  • API/OpenAPI/MCP behavior is updated and tested where needed.
  • UI changes use live API data or real empty/error/loading states, not production mock/demo fallbacks.
  • Visible UI changes include a UI Evidence section below with JPG/JPEG or PNG screenshots arranged as organized, captioned, clickable thumbnails. SVG screenshots are not used as review evidence. Review-only screenshots or recordings are not committed to the repository.
  • Public docs/changelogs are updated where needed; changelogs are only edited for release-prep PRs.

Pure config-lint logic; it makes operator-facing manifest linting correct for prototype-named fields and exposes no secrets. No auth/CORS/session surface, no API/OpenAPI shape change, no UI.

Notes

  • Three-line change (own-property predicate) plus a regression test. No schema, migration, OpenAPI, wrangler, or generated-artifact impact.

unknownTopLevelWarnings classified retired vs unknown top-level manifest
fields with `key in RETIRED_FIELD_MIGRATION_WARNINGS`, which walks the
prototype chain. A manifest field named like an Object.prototype member
(constructor, toString, hasOwnProperty, valueOf, ...) therefore tested true
for the inherited property and resolved to the prototype's function instead
of a real warning string — corrupting the string[] result (the function
serializes to null over JSON) and suppressing the genuine unknown-field
warning for that suspicious key.

Use Object.prototype.hasOwnProperty.call, matching the sibling
recognizedFieldsFor in the same file. Adds a regression test for a
constructor-named field.
@galuis116 galuis116 requested a review from JSONbored as a code owner July 5, 2026 05:40
@superagent-security

Copy link
Copy Markdown

Superagent didn't find any vulnerabilities or security issues in this PR.

@codecov

codecov Bot commented Jul 5, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.89%. Comparing base (113da08) to head (0393ee6).
⚠️ Report is 11 commits behind head on main.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #3379   +/-   ##
=======================================
  Coverage   93.89%   93.89%           
=======================================
  Files         283      283           
  Lines       30573    30574    +1     
  Branches    11138    11138           
=======================================
+ Hits        28705    28706    +1     
  Misses       1211     1211           
  Partials      657      657           
Files with missing lines Coverage Δ
src/selfhost/config-lint.ts 100.00% <100.00%> (ø)
🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@gittensory-orb gittensory-orb Bot added the gittensor:bug Gittensor-scored bug fix — scores a 0.5x multiplier. label Jul 5, 2026
@gittensory-orb

gittensory-orb Bot commented Jul 5, 2026

Copy link
Copy Markdown

Warning

🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨

⏸️ Gittensory review result - manual review recommended

Review updated: 2026-07-05 06:27:04 UTC

2 files · 1 AI reviewer · no blockers · readiness 80/100 · CI green · clean

⏸️ Suggested Action - Manual Review

  • Touches a guarded path — held for manual review: This PR changes guardrail-protected path(s): src/selfhost/config-lint.ts (matched src/selfhost/**).

Review summary
This change fixes the real source of the retired-field misclassification by replacing prototype-chain membership with an own-property check in `unknownTopLevelWarnings`, matching the existing pattern in `recognizedFieldsFor`. The regression test exercises the production `lintManifestText` path with `constructor`, verifies the unknown-field warning, and guards the string contract for warnings. I do not see a reachable correctness issue in the diff.

Nits — 3 non-blocking
  • src/selfhost/config-lint.ts:79: nit: the multi-line comment is accurate but longer than the local code needs now that the regression test documents the failure mode; consider trimming it to the `key in` vs own-property rationale.
  • src/selfhost/config-lint.ts:82: consider hoisting the own-property helper or using a shared local helper if more retired-field maps are added, so this convention stays consistent with `recognizedFieldsFor`.
  • Touches a guarded path — held for manual review — A maintainer must review and merge this change.
Signal Result Evidence
Code review ✅ No blockers 1 reviewer
Linked issue ✅ No-issue rationale PR body explains why no issue is linked.
Related work ✅ No active overlap found No same-issue or scoped active PR overlap found.
Change scope ✅ 20/20 Low review scope from cached public metadata (no linked issue context).
Validation posture ❌ 5/25 Preflight is holding this PR: the review lane is unavailable, so it is not ready for automated review.
Contributor workload ✅ 10/10 Author activity: 1888 registered-repo PR(s), 1249 merged, 59 issue(s).
Contributor context ✅ Confirmed Gittensor contributor galuis116; Gittensor profile; 1888 PR(s), 59 issue(s).
Gate result ⚠️ Not blocking Advisory; not blocking this PR.
Review context
  • Author: galuis116
  • Role context: outside_contributor
  • Public audience mode: oss maintainer
  • Lane context: Repository registration is not available in the local Gittensory cache.
  • Public profile languages: not available
  • Official Gittensor activity: 1888 PR(s), 59 issue(s).
  • PR-specific overlap: none found.
Contributor next steps
  • Await review-lane availability.
  • Refresh registry data or choose a registered active repo.
  • Link the issue being solved, or explicitly explain why this is a no-issue PR.
Signal definitions
  • Related work = same linked issue, overlapping active PRs, or title/path similarity.
  • Change scope = cached public metadata such as size labels, draft state, and review-burden hints.
  • Validation posture = whether the PR provides enough public validation/test evidence for maintainer review.
  • Contributor workload = public contributor activity and cleanup pressure, not a repo-wide quality failure.
  • Contributor context = public GitHub/Gittensor identity context; non-Gittensor status is not a blocker.

🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed


💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →.

Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.

  • Re-run Gittensory review

@JSONbored JSONbored merged commit 1473f7b into JSONbored:main Jul 5, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

gittensor:bug Gittensor-scored bug fix — scores a 0.5x multiplier. manual-review Gittensor contributor context

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants