Skip to content

docs: fix ingest auth accuracy, expand operations and developer reference#23

Merged
Gsbreddy merged 2 commits into
mainfrom
cursor/codebase-documentation-alignment-eaca
May 2, 2026
Merged

docs: fix ingest auth accuracy, expand operations and developer reference#23
Gsbreddy merged 2 commits into
mainfrom
cursor/codebase-documentation-alignment-eaca

Conversation

@cursor
Copy link
Copy Markdown

@cursor cursor Bot commented May 2, 2026

Summary

Correct a security-relevant documentation inaccuracy and expand two reference docs with information that was missing or scattered across the codebase.

Why

The auth table in docs/http-api.md labelled POST /v1/events as "loopback only†" which implied server-side enforcement. In reality, server/routes/ingest.py has no host or token check — only POST /v1/promote and POST /v1/rollback call _require_mutation_access. This gap meant operators using --host 0.0.0.0 could believe ingest was protected when it is not. Two other areas had no dedicated documentation: the flightdeck-quickstart-verify CLI tool and operational runbook for SQLite, doctor failures, and backup.

Changes

docs/http-api.md

  • Changed POST /v1/events auth column from "loopback only†" to "open†"
  • Rewrote footnote to state explicitly: no server-side host or token gate exists; security relies on bind address + network topology; --host 0.0.0.0 makes ingest reachable from any host

SECURITY.md

  • Added a clear statement that POST /v1/events and POST /v1/diff have no server-side host/token check, distinguishing them from the mutation routes
  • Guidance to use network-layer controls when binding to non-loopback

DEVELOPMENT.md

  • Added "What flightdeck-quickstart-verify does" subsection documenting the 11-step end-to-end workflow, subprocess error handling, executable resolution (PATH → sys.executable fallback), and temp-dir isolation

docs/operations-and-policy.md

  • Added "Server initialization: lifespan vs. ensure_app_state" section documenting how create_app lifespan populates app.state, the lazy-fallback behavior of ensure_app_state for test contexts, the cwd-at-first-request implication, and "testclient" in _LOCAL_CLIENT_HOSTS
  • Added "Operational runbook" section: SQLite SQLITE_BUSY causes and remedies, backup/restore procedure (offline copy + WAL checkpoint pattern), and a doctor failure interpretation table with fix guidance per check

Validation

  • uv sync --frozen --extra dev
  • uv run python -m ruff check src tests — passes
  • uv run python -m pytest — doc-only change; no Python source touched
  • Schema/storage not touched — no schema regeneration needed
  • web/ not touched — no static build needed

Schema / Storage Impact

  • None

Risk

Documentation only. No Python source, schema, or static asset changes.

Review

  • Requested review from maintainers
  • PR is small and scoped — four files, all documentation

Notes

Source of truth for ingest auth: src/flightdeck/server/routes/ingest.py (no _require_mutation_access call) vs src/flightdeck/server/routes/actions.py (both promote and rollback call it).

Open in Web View Automation 

cursoragent and others added 2 commits May 2, 2026 11:33
@cursoragent @Gsbreddy
docs(security): correct POST /v1/events trust boundary in http-api.md…
5eb2f4e 
… and SECURITY.md

The auth table in docs/http-api.md labelled POST /v1/events as "loopback only"
with a footnote, which implied server-side enforcement. In reality,
server/routes/ingest.py has no host or token check — only POST /v1/promote and
POST /v1/rollback call _require_mutation_access in actions.py.

- Update the auth table to mark POST /v1/events as "open" with a footnote that
  explains no server-side gate exists; security relies on bind address + network
  topology.
- Update SECURITY.md to be explicit that ingest and diff are open to any caller
  that can reach the server, and that network-layer controls are needed when
  --host 0.0.0.0 is used.

Co-authored-by: Gottam Sai Bharath <Gsbreddy@users.noreply.github.com>
@cursoragent @Gsbreddy
docs: expand developer and operations reference docs
9448b4d 
DEVELOPMENT.md:
- Add a dedicated "What flightdeck-quickstart-verify does" subsection that
  documents the 11-step quickstart workflow run in CI, subprocess error
  handling, executable resolution strategy (PATH vs sys.executable fallback),
  and the isolated temp-dir approach.

docs/operations-and-policy.md:
- Add "Server initialization: lifespan vs. ensure_app_state" section under
  the architecture diagram: documents how create_app lifespan initializes
  app.state (cfg, storage, local_api_token), how ensure_app_state lazily
  re-initializes on first request when state is absent (e.g. in tests), the
  cwd-at-first-request implication for flightdeck.yaml resolution, and the
  "testclient" host in _LOCAL_CLIENT_HOSTS.
- Add "Operational runbook" section at the end with:
  - SQLite SQLITE_BUSY causes and remedies
  - Backup and restore procedure (offline copy + WAL checkpoint pattern)
  - doctor failure interpretation table for each check with specific fix guidance
  - Inline sqlite3 query for audit_seq inspection

Co-authored-by: Gottam Sai Bharath <Gsbreddy@users.noreply.github.com>
@Gsbreddy Gsbreddy marked this pull request as ready for review May 2, 2026 11:57
@Gsbreddy Gsbreddy merged commit 9f849fd into main May 2, 2026
2 checks passed
@Gsbreddy Gsbreddy deleted the cursor/codebase-documentation-alignment-eaca branch May 2, 2026 11:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Gsbreddy Gsbreddy Gsbreddy approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Gsbreddy @cursoragent