Skip to content

test(controlplane): add ServerOperationsMap authz consistency tests#3256

Merged
matiasinsaurralde merged 1 commit into
mainfrom
test/authz-operations-map-consistency
Jun 30, 2026
Merged

test(controlplane): add ServerOperationsMap authz consistency tests#3256
matiasinsaurralde merged 1 commit into
mainfrom
test/authz-operations-map-consistency

Conversation

@migmartri

@migmartri migmartri commented Jun 30, 2026

Copy link
Copy Markdown
Member

Summary

Adds consistency tests for the control plane authorization ServerOperationsMap:

  • Asserts every ServerOperationsMap key matches a real controlplane.v1 wire procedure, so a typo'd or stale key (which is silently unenforced) fails the build.
  • Asserts every controlplane.v1 wire procedure is explicitly classified — role-gated in ServerOperationsMap, intentionally admin-only, or exempt from the authorization middleware — so a newly added RPC cannot silently default to admin-only without a reviewed decision.

Also removes the dead CASRedirectService/DownloadRedirect key, which matched no procedure after the RPC was renamed to GetDownloadURL.

This work was assisted by AI (Claude Code).

🤖 Posted by Maximus bot (Claude Code) on behalf of @migmartri

Review in cubic

Add tests that assert every ServerOperationsMap key matches a real
controlplane.v1 wire procedure, and that every wire procedure is
explicitly classified as role-gated, admin-only, or authz-exempt. This
guards against typo'd or stale authz keys and against newly added RPCs
silently defaulting to admin-only.

Remove the dead ServerOperationsMap key CASRedirectService/DownloadRedirect,
which matched no procedure after the RPC was renamed to GetDownloadURL.

Assisted-by: Claude Code
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>

Chainloop-Trace-Sessions: 20f7fc97-938f-4737-99a4-4a1b963d61fc
@chainloop-platform

chainloop-platform Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

AI Session Analysis

Avg score Sessions Failing policies Attribution Files Lines Total Duration
🟢 92% 1 ✅ 0 100% AI / 0% Human 2 +169 / -3 16m14s

🟢 92% — 100% AI — ✅ All policies passing

Jun 30, 2026 20:09 UTC · 16m14s · $11.67 · 53.5k in / 125.3k out · claude-code 2.1.197 (claude-opus-4-8)

View session details ↗

Change Summary

  • Adds app/controlplane/pkg/authz/authz_consistency_test.go with two authz consistency guards.
  • Removes the stale CASRedirectService/DownloadRedirect key from app/controlplane/pkg/authz/authz.go.
  • Applies one small simplify pass inside the new test and re-verifies with gofmt, go test, and lint.

AI Session Overall Score

🟢 92% — Clean session: scoped, root-cause work with repeated test verification.

AI Session Analysis Breakdown

🟢 95% · verification

🟢 AI ran the new tests red first, then green again after follow-up cleanup. · High Impact

🟢 94% · solution-quality

No notes.

🟢 93% · alignment

No notes.

🟢 90% · scope-discipline

🟢 The simplify pass stayed local and explicitly skipped broader refactors. · High Impact

🟢 88% · user-trust-signal

No notes.

🟢 86% · context-and-planning

🟢 AI turned a thin opener into an explicit A/B proposal before editing. · High Impact


File Attribution

████████████████████ 100% AI / 0% Human

Status Attribution File Lines
created ai app/controlplane/pkg/authz/authz_consistency_test.go +168 / -0
modified ai app/controlplane/pkg/authz/authz.go +1 / -3

Policies (4)

Status Policy Material Messages
✅ Passed ai-config-ai-agents-allowed ai-coding-session-20f7fc -
✅ Passed ai-config-no-dangerous-commands ai-coding-session-20f7fc -
✅ Passed ai-config-no-secrets ai-coding-session-20f7fc -
✅ Passed ai-config-mcp-servers-allowed ai-coding-session-20f7fc -

Powered by Chainloop and Chainloop Trace

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

Re-trigger cubic

@matiasinsaurralde matiasinsaurralde merged commit a7c7890 into main Jun 30, 2026
16 checks passed
@matiasinsaurralde matiasinsaurralde deleted the test/authz-operations-map-consistency branch June 30, 2026 20:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants