Skip to content

[fix] Harden managed configuration writes#93

Draft
travis-hoover-glean wants to merge 1 commit into
mainfrom
fix/safe-managed-config-writes
Draft

[fix] Harden managed configuration writes#93
travis-hoover-glean wants to merge 1 commit into
mainfrom
fix/safe-managed-config-writes

Conversation

@travis-hoover-glean

Copy link
Copy Markdown
Contributor

Host configuration writers currently treat every read or parse failure as a missing file. During a privileged scheduled run, malformed or unreadable JSON, TOML, or YAML can therefore be replaced from an empty document while losing existing access metadata.

Solution

  • centralize managed-file locking, symlink resolution, and atomic replacement with unique temporary files
  • only treat ENOENT as a new file; preserve malformed, unreadable, and non-object configuration unchanged
  • preserve existing modes, ownership, and Windows ACLs, while creating new files with owner-only permissions
  • route generated MCP/MDM config through the same safe writer and retain unknown schema fields
  • reduce JSON, TOML, and YAML modules to codec adapters over one shared mutation policy

Test plan

  • bunx tsc --noEmit --composite false --incremental false
  • bunx vitest run (182 tests)
  • Cross-platform CI, including Windows ACL and privileged config E2E

Preserve existing configuration and access metadata when parsing or filesystem operations fail, while serializing concurrent updates through a shared mutation path.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant