Skip to content

fix: bundle test panic#2944

Merged
omer-topal merged 1 commit intomasterfrom
fix/bundle-test-panic
May 5, 2026
Merged

fix: bundle test panic#2944
omer-topal merged 1 commit intomasterfrom
fix/bundle-test-panic

Conversation

@omer-topal
Copy link
Copy Markdown
Contributor

@omer-topal omer-topal commented May 5, 2026
edited by coderabbitai Bot
Loading

Summary by CodeRabbit

  • Bug Fixes
    • Improved bundle operation template handling to gracefully manage missing keys during processing, preventing potential issues when template variables are undefined.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented May 5, 2026
edited
Loading

πŸ“ Walkthrough

Walkthrough

The PR updates bundle.Operation to parse relationship and attribute write/delete templates with Option("missingkey=zero"), which alters how Go's template engine handles missing template variables during execution across four template parsing loops.

Changes

Template Missing Key Configuration

Layer / File(s) Summary
Template Parsing Configuration
pkg/bundle/bundle.go		 Relationship-write, relationship-delete, attribute-write, and attribute-delete templates now parse with Option("missingkey=zero") to render missing keys as empty strings instead of default behavior.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

A bundled fix so neat and fine,
Four templates now alignβ€”
When keys go missing, zero's friend
Makes graceful renders blend. 🐰✨

πŸš₯ Pre-merge checks | βœ… 5
βœ… Passed checks (5 passed)
Check name Status Explanation
Description Check βœ… Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check βœ… Passed The title 'fix: bundle test panic' directly corresponds to the main change: fixing a template parsing issue in bundle.Operation that was causing test panics.
Docstring Coverage βœ… Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check βœ… Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check βœ… Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
πŸ“ Generate docstrings
  • Create stacked PR
  • Commit on current branch
πŸ§ͺ Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/bundle-test-panic

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❀️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai Bot reviewed May 5, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
pkg/bundle/bundle.go (1)

5-5: ⚠️ Potential issue | 🟠 Major | ⚑ Quick win

Switch from html/template to text/template

html/template applies HTML escaping to argument values, which corrupts the structured format expected by tuple.Tuple() and attribute.Attribute(). If entity IDs or other argument values contain characters like &, <, >, or ", they will be HTML-escaped (e.g., org&co β†’ org&amp;co), breaking the tuple/attribute string format before parsing.

Fix 
 import (
 	"bytes"
-	"html/template"
+	"text/template"

 	"github.com/Permify/permify/pkg/attribute"
 	"github.com/Permify/permify/pkg/database"
πŸ€– Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/bundle/bundle.go` at line 5, Replace the html/template import with
text/template to avoid HTML auto-escaping that corrupts
tuple.Tuple()/attribute.Attribute() inputs; update the import line from
"html/template" to "text/template" and ensure any uses of template.New,
template.Parse, template.Execute (or template.Must) continue to reference the
same symbols from the text/template package so rendered strings are not
HTML-escaped before being passed to tuple.Tuple() and attribute.Attribute().
πŸ€– Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@pkg/bundle/bundle.go`:
- Line 22: The template parsing currently uses
template.New("template").Option("missingkey=zero").Parse(w) which silently
substitutes missing keys; change the Option to "missingkey=error" so
template.New("template").Option("missingkey=error").Parse(w) to surface
missing-key errors; update this replacement in all four occurrences (the
template.New(...).Option(...).Parse(w) calls found in the four loops in
pkg/bundle/bundle.go).

---

Outside diff comments:
In `@pkg/bundle/bundle.go`:
- Line 5: Replace the html/template import with text/template to avoid HTML
auto-escaping that corrupts tuple.Tuple()/attribute.Attribute() inputs; update
the import line from "html/template" to "text/template" and ensure any uses of
template.New, template.Parse, template.Execute (or template.Must) continue to
reference the same symbols from the text/template package so rendered strings
are not HTML-escaped before being passed to tuple.Tuple() and
attribute.Attribute().
πŸͺ„ Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
βš™οΈ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: afaad1e7-7851-4dc4-a863-b3b80ac36b99

πŸ“₯ Commits

Reviewing files that changed from the base of the PR and between b6fdfe2 and f96efa0.

πŸ“’ Files selected for processing (1)
  • pkg/bundle/bundle.go

Comment thread pkg/bundle/bundle.go
for _, w := range rWrites {
// Parse the write operation string into a template.
tmpl, err := template.New("template").Parse(w)
tmpl, err := template.New("template").Option("missingkey=zero").Parse(w)
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚑ Quick win

missingkey=zero silently produces malformed tuples/attributes β€” prefer missingkey=error

missingkey=zero returns the zero value (empty string for map[string]string) for missing keys, while missingkey=error stops execution immediately with an error. With missingkey=zero, a template like user:{{.user_id}}#member@group:{{.group_id}} with a missing group_id silently renders as user:alice#member@group:, which gets passed to tuple.Tuple() / attribute.Attribute(). The downstream parser may return an error, but it will describe a malformed string rather than the actual root cause (missing argument key), making debugging harder. If the downstream parser happens to accept a truncated string, data corruption occurs silently.

missingkey=error surfaces the missing key immediately with a clear error, which is the correct behaviour for a required-argument template substitution.

πŸ› Proposed fix β€” use `missingkey=error` in all four loops 
-		tmpl, err := template.New("template").Option("missingkey=zero").Parse(w)
+		tmpl, err := template.New("template").Option("missingkey=error").Parse(w)

Apply the same change to lines 58, 94, and 130.

Also applies to: 58-58, 94-94, 130-130

πŸ€– Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/bundle/bundle.go` at line 22, The template parsing currently uses
template.New("template").Option("missingkey=zero").Parse(w) which silently
substitutes missing keys; change the Option to "missingkey=error" so
template.New("template").Option("missingkey=error").Parse(w) to surface
missing-key errors; update this replacement in all four occurrences (the
template.New(...).Option(...).Parse(w) calls found in the four loops in
pkg/bundle/bundle.go).

@codecov
Copy link
Copy Markdown

codecov Bot commented May 5, 2026
edited
Loading

Codecov Report

βœ… All modified and coverable lines are covered by tests.
βœ… Project coverage is 82.58%. Comparing base (7014791) to head (f96efa0).
⚠️ Report is 2 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #2944      +/-   ##
==========================================
- Coverage   82.61%   82.58%   -0.02%     
==========================================
  Files          74       74              
  Lines        8300     8300              
==========================================
- Hits         6856     6854       -2     
- Misses        909      910       +1     
- Partials      535      536       +1

β˜” View full report in Codecov by Sentry.
πŸ“’ Have feedback on the report? Share it here.

πŸš€ New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • πŸ“¦ JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@omer-topal omer-topal merged commit d12a3b5 into master May 5, 2026
15 checks passed
@github-actions github-actions Bot locked and limited conversation to collaborators May 5, 2026
@omer-topal omer-topal deleted the fix/bundle-test-panic branch May 5, 2026 20:06
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@omer-topal