Persist path_pairs before integrations on detach (#469.3)#496
Conversation
|
Important Review skippedAuto incremental reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
📝 WalkthroughWalkthroughThis PR fixes a crash vulnerability in the integration deletion endpoint by reversing the persistence order: ChangesIntegration deletion persistence order fix
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes 🚥 Pre-merge checks | ✅ 4✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
In IntegrationsHandler.__handle_delete the two on-disk writes ran in the wrong order: integrations.json first, then path_pairs.json. A crash between writes left integrations.json without the instance but path_pairs.json still referencing it — a dangling arr_target_id that the cross-validation in #426 rejects on next load. Swap the order so path_pairs persists first. The worst-case crash outcome is now an orphaned (no-longer-referenced) instance in integrations.json, which is harmless — it survives load and gets cleaned up the next time the user retries the delete. Adds two integration tests: one spying both to_file calls to assert the call order, one patching the second write to raise OSError and verifying the persisted path_pairs.json has the detach applied. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
nitrobass24
force-pushed
the
fix/integrations-detach-ordering
branch
from
5f50de4 to
4ea8f6c
Compare
|
@CodeRabbit review |
✅ Actions performedReview triggered.
|
|
@CodeRabbit review |
✅ Actions performedReview triggered.
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@CHANGELOG.md`:
- Line 12: The changelog entry titled "Integration delete persistence ordering"
currently ends with the wrong PR reference "(`#469`)"; update that trailing
reference to the correct PR number (e.g., "(`#496`)" if that is the intended PR)
so the entry text "Integration delete persistence ordering —
`/server/integrations/<id>` DELETE ..." ends with the accurate "(`#NNN`)" value;
confirm the correct PR and replace the existing "(`#469`)" accordingly.
In `@src/python/tests/integration/test_web/test_handler/test_integrations.py`:
- Around line 255-257: The test currently calls self.test_app.delete(...,
expect_errors=True) with integrations_config.to_file patched to raise OSError
but doesn't assert the response status; update the test to capture the response
(e.g., resp = self.test_app.delete(..., expect_errors=True)) and add an explicit
assertion that resp.status_int (or resp.status_code depending on test client)
equals 500 to ensure the handler returns a server error when
integrations_config.to_file raises OSError; reference the patched method
integrations_config.to_file and the DELETE request to
"/server/integrations/{inst.id}" when making the change.
In `@src/python/web/handler/integrations.py`:
- Around line 119-120: The current delete flow persists __path_pairs_config to
__path_pairs_path then __config to __integrations_path which can leave a partial
on-disk state if the second write fails; change the flow to perform atomic disk
updates and keep in-memory state consistent by (a) serializing both updated
configs to temporary files (or use a transactional temp dir), (b) fsync/flushing
each temp file and then atomically rename/replace them into __path_pairs_path
and __integrations_path (os.replace or equivalent), and only after both atomic
replaces succeed apply the in-memory mutation; if any step fails, delete temp
files and do not mutate in-memory state (or restore it) to avoid runtime/disk
divergence.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: 67e66c8d-fe4b-4c3e-a354-3e8a29caaf56
📒 Files selected for processing (3)
CHANGELOG.mdsrc/python/tests/integration/test_web/test_handler/test_integrations.pysrc/python/web/handler/integrations.py
CodeRabbit follow-up on #496. - CHANGELOG: change the integration delete entry's reference from the umbrella issue #469 to the actual PR #496 — matches the more common convention in this file (#456, #458–#466, #437, etc.). - test_delete_with_integrations_write_failure_leaves_no_dangling_refs: capture the response and assert status_int == 500. Without it, a regression where the handler returns 200 on a failed write would still pass the on-disk assertions below. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1 participant
Summary
Addresses item #3 in #469.
`IntegrationsHandler.__handle_delete` writes integrations.json after path_pairs.json (instead of before). Process death between the two writes previously left the on-disk integrations file without the instance but the on-disk path_pairs file still referencing it — a dangling `arr_target_id`, which the cross-validation added in #426 rejects when the path_pairs config loads on next start.
The new order downgrades the worst-case crash outcome to an orphaned (no-longer-referenced) instance in integrations.json. That's harmless: load succeeds, and the next delete attempt cleans it up.
Test plan
🤖 Generated with Claude Code
Summary by CodeRabbit
Bug Fixes