Skip to content

fix(runtime): expose instance creation time in runtime bindings#178

Merged
onutc merged 1 commit intomainfrom
codex-runtime-binding-created-at-fix
Mar 30, 2026
Merged

fix(runtime): expose instance creation time in runtime bindings#178
onutc merged 1 commit intomainfrom
codex-runtime-binding-created-at-fix

Conversation

@onutc
Copy link
Copy Markdown
Member

@onutc onutc commented Mar 30, 2026

Summary

  • add createdAt to the runtime binding response
  • require a persisted instance creation timestamp when building runtime bindings
  • cover the new field in the runtime binding API tests

Why

Platform runtime auth needs immutable instance creation metadata so it can tell a live instance apart from a stale DB row when a Spritz instance name is reused.

Validation

  • go test ./...

@onutc
Copy link
Copy Markdown
Member Author

onutc commented Mar 30, 2026

Final validation report:

  • This PR adds createdAt to the internal runtime-binding payload so the backend can distinguish a reused instance name from the current live binding.
  • The API now returns the Kubernetes object creation timestamp in RFC3339Nano form and rejects zero timestamps.

Local validation:

  • cd api && go test ./... -> passed
  • git diff --check -> passed

PR state:

  • GitHub go-tests checks are green
  • gh pr view 178 --repo textcortex/spritz --json mergeable -> MERGEABLE

This is the control-plane half of the stale-binding fix and is ready to land.

@onutc onutc merged commit 0cdc227 into main Mar 30, 2026
4 checks passed
@onutc onutc deleted the codex-runtime-binding-created-at-fix branch March 30, 2026 22:51
@gitrank-connector
Copy link
Copy Markdown

gitrank-connector bot commented Mar 30, 2026

👍 GitRank PR Analysis

Score: 20 points

Metric Value
Component Other (1× multiplier)
Severity P2 - Medium (20 base pts)
Final Score 20 × 1 = 20

Eligibility Checks

Check Status
Issue/Bug Fix
Fix Implementation
PR Documented
Tests
Lines Within Limit

Impact Summary

The PR adds a createdAt field to runtime binding responses and enforces that instance creation timestamps are present when building bindings. This enables the platform to reliably differentiate between live instances and reused instance names in the database. The change is backward-incompatible for API consumers but necessary for security correctness.

Analysis Details

Component Classification: This PR modifies the runtime bindings API response structure and validation logic. While it affects the API layer, it doesn't fit neatly into a specific feature category, making OTHER the appropriate classification.

Severity Justification: This is a P2 (Medium) severity fix. It addresses a functional requirement for platform runtime authentication to distinguish live instances from stale database rows by adding immutable creation metadata. The issue has a workaround (instance name collision handling) but is necessary for correct security behavior.

Eligibility Notes: Issue: True - PR clearly describes fixing a bug where platform runtime auth needs immutable instance creation metadata. Fix Implementation: True - code changes align with PR description (adds createdAt field, validates CreationTimestamp). PR Linked: True - comprehensive description with clear 'Why' and 'Validation' sections. Tests: True - PR modifies runtime_bindings_test.go with updated test cases. Tests Required: True - this is an API change with business logic validation (checking for required CreationTimestamp), which requires test coverage to ensure the new field is properly exposed and validation works correctly.

Analyzed by GitRank 🤖

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@onutc