Skip to content

fix: preserve admin auth effective config#47

Merged
intel352 merged 2 commits into
mainfrom
codex/auth-describe-effective-config
Jun 3, 2026
Merged

fix: preserve admin auth effective config#47
intel352 merged 2 commits into
mainfrom
codex/auth-describe-effective-config

Conversation

@intel352
Copy link
Copy Markdown
Contributor

@intel352 intel352 commented Jun 3, 2026

Summary

  • preserve admin auth effective_config through the strict typed describe path
  • recover safe admin config keys from prior step outputs for describe-only flows
  • whitelist effective/accepted auth config keys so request headers and other pipeline data are not echoed

Tests

  • GOWORK=off go test ./internal -run 'TestTypedAuthAdminConfigDescribePreservesEffectiveConfig|TestAuthAdminConfigDescribeExposesRealConfigControls|TestAuthAdminConfigValidateAcceptsPasskeyPatchAndRedactsSecrets' -count=1
  • GOWORK=off go test ./... -count=1

Copilot AI review requested due to automatic review settings June 3, 2026 13:29
Copilot AI reviewed Jun 3, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the strict-typed (protobuf) step handling for step.auth_admin_config_describe so admin-auth “effective_config” is preserved through typed execution, while also preventing unrelated pipeline/request data (e.g., headers) from being echoed back in describe outputs.

Changes:

  • Add a dedicated typed handler for step.auth_admin_config_describe that can recover effective admin-auth config from prior step outputs during describe-only flows.
  • Introduce an allowlist for admin-auth config keys to ensure only intended configuration fields can appear in effective_config / accepted_config.
  • Add a regression test ensuring effective config is preserved and request headers are not leaked.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File Description
internal/typed.go Adds a custom typed handler for admin config describe and merges recovered config into the typed current.
internal/step_admin_config.go Replaces ad-hoc sanitization with an allowlisted key filter; adds helpers to recover safe config keys from step outputs.
internal/plugin.go Switches the typed step factory wiring for step.auth_admin_config_describe to the new handler.
internal/plugin_contracts_test.go Adds a typed regression test for preserving effective_config while preventing header leakage.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread internal/typed.go Outdated
Comment thread internal/step_admin_config.go
@intel352 intel352 merged commit b3e7438 into main Jun 3, 2026
7 of 8 checks passed
@intel352 intel352 deleted the codex/auth-describe-effective-config branch June 3, 2026 13:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@intel352