Skip to content

^D Document injection-policy schema + doc/parser drift check (E5)#391

Merged
omkhar merged 4 commits into
mainfrom
e5/injection-policy-schema
Jul 5, 2026
Merged

^D Document injection-policy schema + doc/parser drift check (E5)#391
omkhar merged 4 commits into
mainfrom
e5/injection-policy-schema

Conversation

@omkhar

@omkhar omkhar commented Jul 5, 2026

Copy link
Copy Markdown
Owner

E5 (v0.14): injection-policy schema documentation + drift guard.

What

  • docs/injection-policy.md documents every accepted key of the injection policy, per section (credentials, copies, network, ssh).
  • internal/injection/schema_doc_drift_test.go is a white-box test that cross-checks the documented keys against the validator's allowed-key sets, so the doc cannot silently drift from the parser.
  • The render_*.go change is a behavior-preserving extraction of the inline mapKeysSet(...) allowed-key literals into package-level vars, so the validator and the drift test read a single source of truth (same keys, no runtime change).

Validation

go test ./internal/injection/ (incl. the drift check + its negative cases), markdownlint, doc-links — all green. 375 lines / 6 files.

🤖 Generated with Claude Code

@omkhar

omkhar commented Jul 5, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3873765106

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread docs/injection-policy.md

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3873765106

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread docs/injection-policy.md
@omkhar

omkhar commented Jul 5, 2026

Copy link
Copy Markdown
Owner Author

Fixed: added a scope note (outside the schema markers, so the drift check is unaffected) clarifying the credential-entry table is the post-resolution injection-policy key set, and that resolver-backed sources additionally accept resolver/materialization which internal/authresolve resolves into source before this validation. Kept the table at the 3 post-resolution keys since the drift check pins it to the renderer's allowed set.

@omkhar

omkhar commented Jul 5, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. Keep them coming!

Reviewed commit: 5033508b97

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

omkhar added 2 commits July 5, 2026 10:08
… (docs/injection-policy.md annotates every accepted key per section; a white-box test (schema_doc_drift_test.go) cross-checks the documented keys against the validator's allowed-key sets so the doc can't silently drift from the parser; the render_*.go change is a behavior-preserving extraction of the inline mapKeysSet allowed-key literals into package-level vars so both the validator and the drift test read one source - same keys, no runtime change) (drift check green + negative-tested, behavior-preserving var extraction; user-visible operator security docs are the primary deliverable, refactor is supporting)
…P2) (the credential-entry table is machine-checked against the injection renderer's post-resolution key set (source/providers/modes), but resolver-backed sources like codex-home-auth-file/claude-macos-keychain also accept resolver and materialization in internal/authresolve before resolution - adding those rows would break the drift check, so add a prose scope note (outside the schema markers) clarifying the table is post-resolution and pointing to the resolver keys) (drift check + markdownlint green; doc accuracy for the resolver workflow)
@omkhar

omkhar commented Jul 5, 2026

Copy link
Copy Markdown
Owner Author

Rebased onto main (now includes the Cloudflare CDN mirror fix #392) so CI builds on the reliable mirror. Content unchanged from the prior LGTM — just re-based.

@omkhar

omkhar commented Jul 5, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@omkhar omkhar force-pushed the e5/injection-policy-schema branch from 5033508 to 6ea5aaf Compare July 5, 2026 14:09
@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. What shall we delve into next?

Reviewed commit: 6ea5aaf169

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

… (the schema examples used /home/op/... absolute paths, which check-public-repo-hygiene.sh flags as machine-specific home paths - the failure was masked while the Debian-mirror outage blocked Validate from running; switch to the sanctioned /home/example placeholder the check allowlists) (hygiene/drift/markdownlint green; docs-only example-path fix)
@omkhar

omkhar commented Jul 5, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 45c4cb0cd1

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread internal/injection/schema_doc_drift_test.go
…a (P2) (drift check exercises the new credentials-entry-resolver scope + negative-tested, go test green for internal/injection and internal/authresolve, markdownlint/doc-links/hygiene clean; the doc table is the user-visible deliverable, the CredentialEntryKeys export is a read-only rename supporting the drift test)

The credentials-entry table was machine-checked only against the injection
renderer's post-resolution key set (source/providers/modes), leaving the
resolver entry form (resolver/materialization, accepted by internal/authresolve
before rendering) undocumented and unchecked. Add a separate machine-checked
credentials-entry-resolver table for the pre-resolution form, split the prose
into pre- vs post-resolution stages, export authresolve.CredentialEntryKeys
read-only so the drift test grounds the new scope against the real parser set,
and wire the credentials-entry-resolver scope into schemaScopeSets.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@omkhar

omkhar commented Jul 5, 2026

Copy link
Copy Markdown
Owner Author

Fixed: split the credential-entry schema into two machine-checked tables — a pre-resolution resolver form (source/resolver/materialization/providers/modes, checked against the now-exported authresolve.CredentialEntryKeys) and the post-resolution rendered form (source/providers/modes). Both are drift-checked; negative control confirmed the new scope guards. go test (injection+authresolve)/markdownlint/links/hygiene green.

@omkhar

omkhar commented Jul 5, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. Swish!

Reviewed commit: b0995a4f9c

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@omkhar omkhar merged commit 57299db into main Jul 5, 2026
14 checks passed
@omkhar omkhar deleted the e5/injection-policy-schema branch July 5, 2026 14:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant