Filter runtime secret bindings by target route by cbusillo · Pull Request #1129 · cbusillo/launchplane

cbusillo · 2026-06-03T13:15:54Z

Summary

ignore unrelated-context managed secret bindings during runtime key-safety evaluation
report binding_missing when all candidate bindings are outside the target route
add a regression test for an OPW prod target not being satisfied by a CM prod binding

uv run --extra dev ruff check --exit-zero control_plane/runtime_key_safety.py tests/test_runtime_key_safety.py
uv run python -m unittest tests.test_runtime_key_safety
uv run --extra dev ruff check control_plane/runtime_key_safety.py tests/test_runtime_key_safety.py
uv run --extra dev mypy control_plane/runtime_key_safety.py tests/test_runtime_key_safety.py
git diff --check

cbusillo added 2 commits June 3, 2026 09:15

Filter runtime secret bindings by target route

97339f5

Keep preview copied secret safety route-aware

6646d43

cbusillo merged commit a217819 into main Jun 3, 2026
12 checks passed

cbusillo deleted the fix-runtime-secret-binding-route-filter branch June 3, 2026 13:25