Skip to content

refactor(auth): deterministic allowlist list order#1

Open
KeyCode17 wants to merge 1 commit into
mainfrom
refactor/allowlist-deterministic-list
Open

refactor(auth): deterministic allowlist list order#1
KeyCode17 wants to merge 1 commit into
mainfrom
refactor/allowlist-deterministic-list

Conversation

@KeyCode17
Copy link
Copy Markdown
Owner

@KeyCode17 KeyCode17 commented May 17, 2026

Summary

  • Switch YamlAllowlistStore from HashMap<String, AllowlistEntry> to BTreeMap, so list() returns entries sorted by domain.
  • Add unit tests covering the sort guarantee and the lookup path.

Why

HashMap iteration order is non-deterministic, which makes px-cli allowlist list flaky and breaks reproducible audit diffs when the store is rebuilt. BTreeMap keeps lookup() semantics identical while giving operators a stable, sorted view.

Test plan

  • cargo test -p pxsolver-auth --lib yaml_allowlist_store — 2/2 passing
  • cargo fmt --all -- --check
  • cargo clippy --workspace --all-targets --all-features clean against the lefthook ruleset (-D warnings -D unwrap_used -D expect_used -D panic -D dbg_macro -D todo -D unimplemented)
  • Lefthook pre-commit + pre-push hooks pass locally

🤖 Generated with Claude Code

@KeyCode17 @claude
refactor(auth): make allowlist list() order deterministic
c21c60b 
Use BTreeMap so YamlAllowlistStore::list() returns entries sorted by
domain. Previously a HashMap iteration could return entries in any
order, which surfaced as flaky `px-cli allowlist list` output and
non-reproducible audit diffs when the store is rebuilt.

Added unit tests for the sort guarantee and the lookup path.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@KeyCode17