harden reconcile context, validation, and storage guards #14
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…torage guards - Reconcile context/timeout: - Apply controller-configured deadlines across StoryRun/StepRun/RealtimeEngram. - Ensure status patches and external calls use the passed ctx; no background contexts. - Conditions/status/metrics: - Standardize condition reasons via pkg/conditions; consistent status patch helpers. - Record reconcile duration metrics; emit user-facing Events where actionable. - StoryRun/DAG: - Guard oversized spec.inputs (prevent etcd bloat); rely on watches for progress. - RBACManager to provision per-run SA/Role/RoleBinding with least privilege. - DAG avoids embedding step outputs in parent; resolves from StepRuns on demand. - Streaming improvements (per-story/per-run handling) and safe finalization. - StepRun: - Idempotent finalizer add/remove; background cleanup for owned Jobs. - Fallback status updates (Succeeded/Failed) with exit code classification. - Wire SDK envs (BUBU_*) and optional S3 storage envs from resolved config. - RealtimeEngram: - Finalizer lifecycle; service/workload reconcile; template resolution with Ready. - Indexing: - Add field indexers (templateRef, story refs, engram refs) for efficient watches. - Webhooks (validating): - StoryRun: require storyRef; inputs shape/size check; JSON schema validation. - StepRun: require storyRunRef/stepId; input/status size guard; total size guard. - Add shared validation helpers. - Config: - OperatorConfigManager/Resolver extensions (timeouts, security, retries, GRPC). - Safer defaults for inline size and timeouts. - CI/Lint: - Update release-please workflow/config and golangci settings. Pre-flight: - go vet ./... OK - go build ./... OK - go test ./... -race OK
lanycrost
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
harden reconcile context, validation, and storage guards
Reconcile context/timeout:
Conditions/status/metrics:
StoryRun/DAG:
StepRun:
RealtimeEngram:
Indexing:
Webhooks (validating):
Config:
CI/Lint:
Pre-flight: