Skip to content

fix(wfctl): R-A4 align rule consults top-level secrets block#562

Closed
Copilot wants to merge 2 commits into
mainfrom
copilot/fix-r-a4-check-top-level-secrets
Closed

fix(wfctl): R-A4 align rule consults top-level secrets block#562
Copilot wants to merge 2 commits into
mainfrom
copilot/fix-r-a4-check-top-level-secrets

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 6, 2026
edited
Loading

checkRA4 checked ${VAR} references in env_vars against ctx.secretKeys, but ctx.secretKeys was only populated from module-form secrets.generate — not the top-level secrets: block. Any config using the canonical top-level form would produce spurious R-A4 FAILs at align time, forcing unnecessary secret exports in CI just to pass validation.

Changes

  • buildAlignContext (infra_align_rules.go): when cfg.Secrets != nil, populate ctx.secretKeys from both cfg.Secrets.Generate (by key) and cfg.Secrets.Entries (by name) — the same loop that already sets ctx.secretGens for R-A9
  • processImports (config/config.go): merges top-level secrets.generate and secrets.entries from imported files so keys declared in shared/imported configs are also visible to R-A4
  • Tests (infra_align_test.go): three new cases covering top-level secrets.generate, top-level secrets.entries, and secrets declared in an imported file
# This pattern no longer triggers a spurious R-A4 FAIL
secrets:
  generate:
    - key: STAGING_PG_PASSWORD
      type: random_hex
      length: 32
modules:
  - name: api
    type: infra.container_service
    config:
      env_vars:
        DATABASE_URL: "postgres://user:${STAGING_PG_PASSWORD}@host:5432/db"

Copilot AI requested review from Copilot and removed request for Copilot May 6, 2026 04:43
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 6, 2026
edited
Loading

⏱ Benchmark Results

No significant performance regressions detected.

benchstat comparison (baseline → PR) 
## benchstat: baseline → PR
baseline-bench.txt:260: parsing iteration count: invalid syntax
baseline-bench.txt:313335: parsing iteration count: invalid syntax
baseline-bench.txt:563008: parsing iteration count: invalid syntax
baseline-bench.txt:878837: parsing iteration count: invalid syntax
baseline-bench.txt:1176606: parsing iteration count: invalid syntax
baseline-bench.txt:1459183: parsing iteration count: invalid syntax
benchmark-results.txt:260: parsing iteration count: invalid syntax
benchmark-results.txt:322677: parsing iteration count: invalid syntax
benchmark-results.txt:660535: parsing iteration count: invalid syntax
benchmark-results.txt:991229: parsing iteration count: invalid syntax
benchmark-results.txt:1281423: parsing iteration count: invalid syntax
benchmark-results.txt:1578025: parsing iteration count: invalid syntax
goos: linux
goarch: amd64
pkg: github.com/GoCodeAlone/workflow/dynamic
cpu: AMD EPYC 7763 64-Core Processor                
                            │ baseline-bench.txt │
                            │       sec/op       │
InterpreterCreation-4              3.673m ± 175%
ComponentLoad-4                    3.554m ±   1%
ComponentExecute-4                 1.931µ ±   1%
PoolContention/workers-1-4         1.078µ ±   1%
PoolContention/workers-2-4         1.083µ ±   3%
PoolContention/workers-4-4         1.085µ ±   1%
PoolContention/workers-8-4         1.082µ ±   1%
PoolContention/workers-16-4        1.090µ ±   4%
ComponentLifecycle-4               3.573m ±   2%
SourceValidation-4                 2.234µ ±   1%
RegistryConcurrent-4               811.1n ±   2%
LoaderLoadFromString-4             3.617m ±   2%
geomean                            17.60µ

                            │ baseline-bench.txt │
                            │        B/op        │
InterpreterCreation-4               2.027Mi ± 0%
ComponentLoad-4                     2.180Mi ± 0%
ComponentExecute-4                  1.203Ki ± 0%
PoolContention/workers-1-4          1.203Ki ± 0%
PoolContention/workers-2-4          1.203Ki ± 0%
PoolContention/workers-4-4          1.203Ki ± 0%
PoolContention/workers-8-4          1.203Ki ± 0%
PoolContention/workers-16-4         1.203Ki ± 0%
ComponentLifecycle-4                2.183Mi ± 0%
SourceValidation-4                  1.984Ki ± 0%
RegistryConcurrent-4                1.133Ki ± 0%
LoaderLoadFromString-4              2.182Mi ± 0%
geomean                             15.25Ki

                            │ baseline-bench.txt │
                            │     allocs/op      │
InterpreterCreation-4                15.68k ± 0%
ComponentLoad-4                      18.02k ± 0%
ComponentExecute-4                    25.00 ± 0%
PoolContention/workers-1-4            25.00 ± 0%
PoolContention/workers-2-4            25.00 ± 0%
PoolContention/workers-4-4            25.00 ± 0%
PoolContention/workers-8-4            25.00 ± 0%
PoolContention/workers-16-4           25.00 ± 0%
ComponentLifecycle-4                 18.07k ± 0%
SourceValidation-4                    32.00 ± 0%
RegistryConcurrent-4                  2.000 ± 0%
LoaderLoadFromString-4               18.06k ± 0%
geomean                               183.3

cpu: AMD EPYC 9V74 80-Core Processor                
                            │ benchmark-results.txt │
                            │        sec/op         │
InterpreterCreation-4                 3.013m ± 180%
ComponentLoad-4                       3.496m ±  18%
ComponentExecute-4                    1.823µ ±   2%
PoolContention/workers-1-4            1.028µ ±   1%
PoolContention/workers-2-4            1.022µ ±   2%
PoolContention/workers-4-4            1.027µ ±   2%
PoolContention/workers-8-4            1.027µ ±   1%
PoolContention/workers-16-4           1.025µ ±   0%
ComponentLifecycle-4                  3.524m ±   1%
SourceValidation-4                    2.077µ ±   1%
RegistryConcurrent-4                  752.9n ±   4%
LoaderLoadFromString-4                3.560m ±   2%
geomean                               16.57µ

                            │ benchmark-results.txt │
                            │         B/op          │
InterpreterCreation-4                  2.027Mi ± 0%
ComponentLoad-4                        2.180Mi ± 0%
ComponentExecute-4                     1.203Ki ± 0%
PoolContention/workers-1-4             1.203Ki ± 0%
PoolContention/workers-2-4             1.203Ki ± 0%
PoolContention/workers-4-4             1.203Ki ± 0%
PoolContention/workers-8-4             1.203Ki ± 0%
PoolContention/workers-16-4            1.203Ki ± 0%
ComponentLifecycle-4                   2.183Mi ± 0%
SourceValidation-4                     1.984Ki ± 0%
RegistryConcurrent-4                   1.133Ki ± 0%
LoaderLoadFromString-4                 2.182Mi ± 0%
geomean                                15.25Ki

                            │ benchmark-results.txt │
                            │       allocs/op       │
InterpreterCreation-4                   15.68k ± 0%
ComponentLoad-4                         18.02k ± 0%
ComponentExecute-4                       25.00 ± 0%
PoolContention/workers-1-4               25.00 ± 0%
PoolContention/workers-2-4               25.00 ± 0%
PoolContention/workers-4-4               25.00 ± 0%
PoolContention/workers-8-4               25.00 ± 0%
PoolContention/workers-16-4              25.00 ± 0%
ComponentLifecycle-4                    18.07k ± 0%
SourceValidation-4                       32.00 ± 0%
RegistryConcurrent-4                     2.000 ± 0%
LoaderLoadFromString-4                  18.06k ± 0%
geomean                                  183.3

pkg: github.com/GoCodeAlone/workflow/middleware
cpu: AMD EPYC 7763 64-Core Processor                
                                  │ baseline-bench.txt │
                                  │       sec/op       │
CircuitBreakerDetection-4                  284.2n ± 8%
CircuitBreakerExecution_Success-4          21.52n ± 0%
CircuitBreakerExecution_Failure-4          65.80n ± 0%
geomean                                    73.82n

                                  │ baseline-bench.txt │
                                  │        B/op        │
CircuitBreakerDetection-4                 144.0 ± 0%
CircuitBreakerExecution_Success-4         0.000 ± 0%
CircuitBreakerExecution_Failure-4         0.000 ± 0%
geomean                                              ¹
¹ summaries must be >0 to compute geomean

                                  │ baseline-bench.txt │
                                  │     allocs/op      │
CircuitBreakerDetection-4                 1.000 ± 0%
CircuitBreakerExecution_Success-4         0.000 ± 0%
CircuitBreakerExecution_Failure-4         0.000 ± 0%
geomean                                              ¹
¹ summaries must be >0 to compute geomean

cpu: AMD EPYC 9V74 80-Core Processor                
                                  │ benchmark-results.txt │
                                  │        sec/op         │
CircuitBreakerDetection-4                     296.9n ± 6%
CircuitBreakerExecution_Success-4             22.67n ± 0%
CircuitBreakerExecution_Failure-4             70.92n ± 0%
geomean                                       78.14n

                                  │ benchmark-results.txt │
                                  │         B/op          │
CircuitBreakerDetection-4                    144.0 ± 0%
CircuitBreakerExecution_Success-4            0.000 ± 0%
CircuitBreakerExecution_Failure-4            0.000 ± 0%
geomean                                                 ¹
¹ summaries must be >0 to compute geomean

                                  │ benchmark-results.txt │
                                  │       allocs/op       │
CircuitBreakerDetection-4                    1.000 ± 0%
CircuitBreakerExecution_Success-4            0.000 ± 0%
CircuitBreakerExecution_Failure-4            0.000 ± 0%
geomean                                                 ¹
¹ summaries must be >0 to compute geomean

pkg: github.com/GoCodeAlone/workflow/module
cpu: AMD EPYC 7763 64-Core Processor                
                                 │ baseline-bench.txt │
                                 │       sec/op       │
JQTransform_Simple-4                     884.7n ± 32%
JQTransform_ObjectConstruction-4         1.469µ ±  1%
JQTransform_ArraySelect-4                3.337µ ±  2%
JQTransform_Complex-4                    38.58µ ±  1%
JQTransform_Throughput-4                 1.780µ ±  1%
SSEPublishDelivery-4                     71.88n ± 42%
geomean                                  1.666µ

                                 │ baseline-bench.txt │
                                 │        B/op        │
JQTransform_Simple-4                   1.273Ki ± 0%
JQTransform_ObjectConstruction-4       1.773Ki ± 0%
JQTransform_ArraySelect-4              2.625Ki ± 0%
JQTransform_Complex-4                  16.22Ki ± 0%
JQTransform_Throughput-4               1.984Ki ± 0%
SSEPublishDelivery-4                     0.000 ± 0%
geomean                                             ¹
¹ summaries must be >0 to compute geomean

                                 │ baseline-bench.txt │
                                 │     allocs/op      │
JQTransform_Simple-4                     10.00 ± 0%
JQTransform_ObjectConstruction-4         15.00 ± 0%
JQTransform_ArraySelect-4                30.00 ± 0%
JQTransform_Complex-4                    324.0 ± 0%
JQTransform_Throughput-4                 17.00 ± 0%
SSEPublishDelivery-4                     0.000 ± 0%
geomean                                             ¹
¹ summaries must be >0 to compute geomean

cpu: AMD EPYC 9V74 80-Core Processor                
                                 │ benchmark-results.txt │
                                 │        sec/op         │
JQTransform_Simple-4                        834.4n ± 32%
JQTransform_ObjectConstruction-4            1.440µ ± 24%
JQTransform_ArraySelect-4                   3.369µ ±  1%
JQTransform_Complex-4                       41.01µ ±  2%
JQTransform_Throughput-4                    1.728µ ±  2%
SSEPublishDelivery-4                        64.54n ±  1%
geomean                                     1.626µ

                                 │ benchmark-results.txt │
                                 │         B/op          │
JQTransform_Simple-4                      1.273Ki ± 0%
JQTransform_ObjectConstruction-4          1.773Ki ± 0%
JQTransform_ArraySelect-4                 2.625Ki ± 0%
JQTransform_Complex-4                     16.22Ki ± 0%
JQTransform_Throughput-4                  1.984Ki ± 0%
SSEPublishDelivery-4                        0.000 ± 0%
geomean                                                ¹
¹ summaries must be >0 to compute geomean

                                 │ benchmark-results.txt │
                                 │       allocs/op       │
JQTransform_Simple-4                        10.00 ± 0%
JQTransform_ObjectConstruction-4            15.00 ± 0%
JQTransform_ArraySelect-4                   30.00 ± 0%
JQTransform_Complex-4                       324.0 ± 0%
JQTransform_Throughput-4                    17.00 ± 0%
SSEPublishDelivery-4                        0.000 ± 0%
geomean                                                ¹
¹ summaries must be >0 to compute geomean

pkg: github.com/GoCodeAlone/workflow/schema
cpu: AMD EPYC 7763 64-Core Processor                
                                    │ baseline-bench.txt │
                                    │       sec/op       │
SchemaValidation_Simple-4                    1.099µ ± 8%
SchemaValidation_AllFields-4                 1.661µ ± 1%
SchemaValidation_FormatValidation-4          1.573µ ± 1%
SchemaValidation_ManySchemas-4               1.801µ ± 2%
geomean                                      1.508µ

                                    │ baseline-bench.txt │
                                    │        B/op        │
SchemaValidation_Simple-4                   0.000 ± 0%
SchemaValidation_AllFields-4                0.000 ± 0%
SchemaValidation_FormatValidation-4         0.000 ± 0%
SchemaValidation_ManySchemas-4              0.000 ± 0%
geomean                                                ¹
¹ summaries must be >0 to compute geomean

                                    │ baseline-bench.txt │
                                    │     allocs/op      │
SchemaValidation_Simple-4                   0.000 ± 0%
SchemaValidation_AllFields-4                0.000 ± 0%
SchemaValidation_FormatValidation-4         0.000 ± 0%
SchemaValidation_ManySchemas-4              0.000 ± 0%
geomean                                                ¹
¹ summaries must be >0 to compute geomean

cpu: AMD EPYC 9V74 80-Core Processor                
                                    │ benchmark-results.txt │
                                    │        sec/op         │
SchemaValidation_Simple-4                       1.122µ ± 4%
SchemaValidation_AllFields-4                    1.662µ ± 6%
SchemaValidation_FormatValidation-4             1.585µ ± 1%
SchemaValidation_ManySchemas-4                  1.628µ ± 1%
geomean                                         1.481µ

                                    │ benchmark-results.txt │
                                    │         B/op          │
SchemaValidation_Simple-4                      0.000 ± 0%
SchemaValidation_AllFields-4                   0.000 ± 0%
SchemaValidation_FormatValidation-4            0.000 ± 0%
SchemaValidation_ManySchemas-4                 0.000 ± 0%
geomean                                                   ¹
¹ summaries must be >0 to compute geomean

                                    │ benchmark-results.txt │
                                    │       allocs/op       │
SchemaValidation_Simple-4                      0.000 ± 0%
SchemaValidation_AllFields-4                   0.000 ± 0%
SchemaValidation_FormatValidation-4            0.000 ± 0%
SchemaValidation_ManySchemas-4                 0.000 ± 0%
geomean                                                   ¹
¹ summaries must be >0 to compute geomean

pkg: github.com/GoCodeAlone/workflow/store
cpu: AMD EPYC 7763 64-Core Processor                
                                   │ baseline-bench.txt │
                                   │       sec/op       │
EventStoreAppend_InMemory-4                1.259µ ± 13%
EventStoreAppend_SQLite-4                  1.496m ± 10%
GetTimeline_InMemory/events-10-4           13.74µ ±  3%
GetTimeline_InMemory/events-50-4           68.44µ ± 15%
GetTimeline_InMemory/events-100-4          123.7µ ±  2%
GetTimeline_InMemory/events-500-4          632.1µ ±  1%
GetTimeline_InMemory/events-1000-4         1.295m ±  1%
GetTimeline_SQLite/events-10-4             107.0µ ±  1%
GetTimeline_SQLite/events-50-4             248.2µ ±  0%
GetTimeline_SQLite/events-100-4            417.2µ ±  0%
GetTimeline_SQLite/events-500-4            1.795m ±  0%
GetTimeline_SQLite/events-1000-4           3.513m ±  1%
geomean                                    219.5µ

                                   │ baseline-bench.txt │
                                   │        B/op        │
EventStoreAppend_InMemory-4                  810.5 ± 8%
EventStoreAppend_SQLite-4                  1.987Ki ± 2%
GetTimeline_InMemory/events-10-4           7.953Ki ± 0%
GetTimeline_InMemory/events-50-4           46.62Ki ± 0%
GetTimeline_InMemory/events-100-4          94.48Ki ± 0%
GetTimeline_InMemory/events-500-4          472.8Ki ± 0%
GetTimeline_InMemory/events-1000-4         944.3Ki ± 0%
GetTimeline_SQLite/events-10-4             16.74Ki ± 0%
GetTimeline_SQLite/events-50-4             87.14Ki ± 0%
GetTimeline_SQLite/events-100-4            175.4Ki ± 0%
GetTimeline_SQLite/events-500-4            846.1Ki ± 0%
GetTimeline_SQLite/events-1000-4           1.639Mi ± 0%
geomean                                    67.50Ki

                                   │ baseline-bench.txt │
                                   │     allocs/op      │
EventStoreAppend_InMemory-4                  7.000 ± 0%
EventStoreAppend_SQLite-4                    53.00 ± 0%
GetTimeline_InMemory/events-10-4             125.0 ± 0%
GetTimeline_InMemory/events-50-4             653.0 ± 0%
GetTimeline_InMemory/events-100-4           1.306k ± 0%
GetTimeline_InMemory/events-500-4           6.514k ± 0%
GetTimeline_InMemory/events-1000-4          13.02k ± 0%
GetTimeline_SQLite/events-10-4               382.0 ± 0%
GetTimeline_SQLite/events-50-4              1.852k ± 0%
GetTimeline_SQLite/events-100-4             3.681k ± 0%
GetTimeline_SQLite/events-500-4             18.54k ± 0%
GetTimeline_SQLite/events-1000-4            37.29k ± 0%
geomean                                     1.162k

cpu: AMD EPYC 9V74 80-Core Processor                
                                   │ benchmark-results.txt │
                                   │        sec/op         │
EventStoreAppend_InMemory-4                   1.140µ ± 18%
EventStoreAppend_SQLite-4                     1.040m ±  1%
GetTimeline_InMemory/events-10-4              12.50µ ±  2%
GetTimeline_InMemory/events-50-4              53.52µ ± 21%
GetTimeline_InMemory/events-100-4             107.1µ ±  1%
GetTimeline_InMemory/events-500-4             546.4µ ±  0%
GetTimeline_InMemory/events-1000-4            1.113m ±  1%
GetTimeline_SQLite/events-10-4                83.67µ ±  1%
GetTimeline_SQLite/events-50-4                220.4µ ±  1%
GetTimeline_SQLite/events-100-4               384.3µ ±  1%
GetTimeline_SQLite/events-500-4               1.674m ±  1%
GetTimeline_SQLite/events-1000-4              3.272m ±  2%
geomean                                       188.5µ

                                   │ benchmark-results.txt │
                                   │         B/op          │
EventStoreAppend_InMemory-4                     750.5 ± 7%
EventStoreAppend_SQLite-4                     1.984Ki ± 1%
GetTimeline_InMemory/events-10-4              7.953Ki ± 0%
GetTimeline_InMemory/events-50-4              46.62Ki ± 0%
GetTimeline_InMemory/events-100-4             94.48Ki ± 0%
GetTimeline_InMemory/events-500-4             472.8Ki ± 0%
GetTimeline_InMemory/events-1000-4            944.3Ki ± 0%
GetTimeline_SQLite/events-10-4                16.74Ki ± 0%
GetTimeline_SQLite/events-50-4                87.14Ki ± 0%
GetTimeline_SQLite/events-100-4               175.4Ki ± 0%
GetTimeline_SQLite/events-500-4               846.1Ki ± 0%
GetTimeline_SQLite/events-1000-4              1.639Mi ± 0%
geomean                                       67.06Ki

                                   │ benchmark-results.txt │
                                   │       allocs/op       │
EventStoreAppend_InMemory-4                     7.000 ± 0%
EventStoreAppend_SQLite-4                       53.00 ± 0%
GetTimeline_InMemory/events-10-4                125.0 ± 0%
GetTimeline_InMemory/events-50-4                653.0 ± 0%
GetTimeline_InMemory/events-100-4              1.306k ± 0%
GetTimeline_InMemory/events-500-4              6.514k ± 0%
GetTimeline_InMemory/events-1000-4             13.02k ± 0%
GetTimeline_SQLite/events-10-4                  382.0 ± 0%
GetTimeline_SQLite/events-50-4                 1.852k ± 0%
GetTimeline_SQLite/events-100-4                3.681k ± 0%
GetTimeline_SQLite/events-500-4                18.54k ± 0%
GetTimeline_SQLite/events-1000-4               37.29k ± 0%
geomean                                        1.162k

Benchmarks run with go test -bench=. -benchmem -count=6.
Regressions ≥ 20% are flagged. Results compared via benchstat.

Copilot AI linked an issue May 6, 2026 that may be closed by this pull request
R-A4 align rule should also consult top-level secrets.generate keys (not just module-form) #541
Closed
Copilot AI changed the title [WIP] Fix R-A4 align rule to consult top-level secrets for key generation fix(wfctl): R-A4 align rule consults top-level secrets block May 6, 2026
Copilot AI requested a review from intel352 May 6, 2026 05:27
@intel352 intel352 marked this pull request as ready for review May 6, 2026 06:00
Copilot AI review requested due to automatic review settings May 6, 2026 06:00
Copilot AI reviewed May 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

@intel352 intel352 closed this May 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@intel352 intel352 Awaiting requested review from intel352

Assignees

@intel352 intel352

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

R-A4 align rule should also consult top-level secrets.generate keys (not just module-form)

3 participants

@intel352