fix: isolate artifact broker namespaces#770
Conversation
|
Codex review: needs changes before merge. Reviewed July 2, 2026, 6:12 AM ET / 10:12 UTC. Summary Reproducibility: yes. Source inspection on current main shows two authenticated POST /v1/artifacts/uploads requests with the same owner, prefix, and file name can still reach an owner-only key builder and derive the same key across orgs. Review metrics: 3 noteworthy metrics.
Root-cause cluster Members:
Proposal only: this assessment does not dispatch repair, suppress jobs, mutate sibling items, close, or merge anything. Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Risk before merge
Maintainer options:
Next step before merge
Security Review findings
Review detailsBest possible solution: Land the v2 new-write-only org/owner namespace after maintainer acceptance of the key-contract compatibility impact and the release-owned changelog handling is resolved. Do we have a high-confidence way to reproduce the issue? Yes. Source inspection on current main shows two authenticated POST /v1/artifacts/uploads requests with the same owner, prefix, and file name can still reach an owner-only key builder and derive the same key across orgs. Is this the best way to solve the issue? Mostly yes. The v2 base64url org/owner namespace preserves exact identity bytes and covers both collision classes; compatibility handling only needs to expand if maintainers reject the documented new-write-only contract. Full review comments:
Overall correctness: patch is correct AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 098225a7d964. Label changesLabel justifications:
Evidence reviewedAcceptance criteria:
What I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 3de6b185ee
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
@clawsweeper re-review Exact-head remote proof is now in the PR body: fresh brokered AWS checkout of |
|
🦞🧹 I asked ClawSweeper to review this item again. |
|
Exact-head route/broker proof for
Redacted namespace output: This exercises the real HTTP auth, route, Durable Object, signer, and response serialization path. It intentionally does not mutate an external object store. The exact head also passed the fresh brokered AWS run already recorded in the PR body, and that lease is verified released. |
|
Landed as Proof on exact PR head
The landed contract is new-write-only |
Closes #702.
Summary
v2/org/.../owner/...key contract, preventing cross-org and owner/prefix boundary collisions.slash-boundary, backslash, Unicode, and composed/decomposed Unicode identities.
Verification
npm run format:check --prefix workernpm run lint --prefix workernpm run check --prefix workernpm test --prefix worker -- artifacts.test.ts fleet.test.ts— 307 tests passed.npm run build --prefix worker— Wrangler dry-run passed.git diff --check.agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main --parallel-tests 'npm test --prefix worker -- artifacts.test.ts fleet.test.ts && npm run check --prefix worker' --stream-engine-output— clean, no accepted/actionable findings; final patch correct at 0.88 confidence.The route-level integration proof shows identical owner/prefix/name tuples produce different keys across orgs, and an owner containing a path separator cannot collide with the same separator moved into the caller prefix.
Fresh-checkout remote proof
89572cbe5b8f93003385b541cc68a0ddf417d2c7was checked out on a fresh brokered AWSc7a.8xlargelease after merging currentmain.run_45dc16dc41c5installed Node.js 22.22.1/npm 9.2.0 and passed both focused files: 2 files, 307 tests.cbx_df7bf89adf79finished in 1m13s and is verifiedreleasedwith no cleanup error.