Bug
The deploy and delete handlers check s.readonly and refuse to act when the server is in readonly mode:
if s.readonly {
err = fmt.Errorf("the server is currently in readonly mode...")
return
}However, the six config mutation handlers have no such guard:
configEnvsAddHandlerconfigEnvsRemoveHandlerconfigLabelsAddHandlerconfigLabelsRemoveHandlerconfigVolumesAddHandlerconfigVolumesRemoveHandler
These tools are annotated with ReadOnlyHint: false and some with DestructiveHint: ptr(true), correctly declaring them as mutative, but the handlers execute unconditionally regardless of s.readonly.
Impact
In readonly mode, an AI agent can freely modify func.yaml by adding or removing environment variables, labels, and volumes. This directly contradicts the purpose of readonly mode.
Fix
Add the same s.readonly guard to all six config mutation handlers, consistent with the deploy and delete handlers.
Bug
The
deployanddeletehandlers checks.readonlyand refuse to act when the server is in readonly mode:However, the six config mutation handlers have no such guard:
configEnvsAddHandlerconfigEnvsRemoveHandlerconfigLabelsAddHandlerconfigLabelsRemoveHandlerconfigVolumesAddHandlerconfigVolumesRemoveHandlerThese tools are annotated with
ReadOnlyHint: falseand some withDestructiveHint: ptr(true), correctly declaring them as mutative, but the handlers execute unconditionally regardless ofs.readonly.Impact
In readonly mode, an AI agent can freely modify
func.yamlby adding or removing environment variables, labels, and volumes. This directly contradicts the purpose of readonly mode.Fix
Add the same
s.readonlyguard to all six config mutation handlers, consistent with thedeployanddeletehandlers.