feat: implemenation of cycle 6 features#620
Merged
Conversation
Includes in-memory config cache, consumer state cleanup, and module-scoped MongoDB context. X-Lerian-Ref: 0x1
….0.0-beta.17 chore(deps): upgrade lib-commons to v3.0.0-beta.17
chore: trigger manager and worker build pipeline
…ate route Fix validation errors returning wrong HTTP status (404 instead of 400), add multi-tenant middleware to deadline routes, and change update endpoint from PUT to PATCH for consistency with partial update semantics. X-Lerian-Ref: 0x1
…lity Enforce dayOfMonth required for monthly/semiannual/annual, monthsOfYear required for semiannual/annual. Reject incompatible fields (e.g., dayOfMonth with daily frequency). Add specific error codes TPL-0049 through TPL-0052. X-Lerian-Ref: 0x1
Implement lazy recurrence advancement in ToEntity(): when a recurring deadline is delivered and dueDate has passed, automatically advance to next occurrence and reset deliveredAt. Add status query parameter filter (pending/overdue/delivered) translating computed status into MongoDB conditions. X-Lerian-Ref: 0x1
…index drift handling Move description, status, and created_at parsing to parseFilterParams to bring ValidateParameters below gocyclo threshold. Add recreateIndexes helper for handling IndexOptionsConflict by dropping and recreating conflicting indexes. X-Lerian-Ref: 0x1
…os tests Add t.Cleanup to remove toxics on early failure, assert degradation during network partition, and assert latency observed during high latency injection. X-Lerian-Ref: 0x1
Includes granular error handling in TenantMiddleware (404/422 instead of 500). X-Lerian-Ref: 0x1
X-Lerian-Ref: 0x1
X-Lerian-Ref: 0x1
….0.0-beta.18 Feat/upgrade lib commons v3.0.0 beta.18
…logic Add dayOfMonth (1-31) and monthsOfYear (1-12) range checks in ValidateScheduleFields. Introduce merge-based schedule validation on update that fetches current state before validating, with automatic cleanup of orphaned recurrence fields. Fix ValidateBusinessError to use errors.Is() iteration instead of direct map lookup so wrapped sentinel errors are correctly mapped to business responses. X-Lerian-Ref: 0x1
…orward clampDayToMonth now receives the original dueDate as reference and preserves hour, minute, second, and nanosecond instead of resetting to midnight. Prevents nearly a day of drift on each recurrence advancement. X-Lerian-Ref: 0x1
Return ErrInvalidTemplateID instead of silently ignoring invalid UUIDs in the template_id query parameter, matching the validation behavior of all other query params. X-Lerian-Ref: 0x1
recreateIndexes now tries CreateOne per index individually and only drops the specific index that conflicted. Non-conflicting indexes, including the unique constraint, remain in place throughout, avoiding windows where concurrent writes could bypass uniqueness protection. X-Lerian-Ref: 0x1
Chaos tests now fail on /health regression during fault window instead of only logging. Fuzz test comment corrected and new TestDeadline_CreatePayload_InvalidSeeds added to assert 4xx for known-invalid payloads. Integration status filter test now verifies all returned items match the requested status and that the created deadline is present. Update trivy ignore list. X-Lerian-Ref: 0x1
Add ErrDueDateInPast validation in NewDeadline and buildDeadlineUpdateFields. Deadlines with a dueDate before time.Now() are rejected with a 400 response, preventing creation of already-overdue deadlines. X-Lerian-Ref: 0x1
X-Lerian-Ref: 0x1
…rovements Enforce that semiannual requires exactly 2 months and annual requires exactly 1 month in monthsOfYear. Normalize startDate/endDate query params and reject unknown filter keys with 400. Move invalid-payload seed tests from fuzzy to integration suite. Revert plugin-auth-network from manager compose. X-Lerian-Ref: 0x1
Replace strings.Contains with strings.HasPrefix so that keys like 'foo.metadata.bar' are correctly rejected instead of being treated as metadata filters. X-Lerian-Ref: 0x1
feat: implementing deadlines CRUD
…orkflows/release.yml Bumps [LerianStudio/github-actions-shared-workflows/.github/workflows/release.yml](https://github.com/lerianstudio/github-actions-shared-workflows) from 1.13.1 to 1.15.0. - [Release notes](https://github.com/lerianstudio/github-actions-shared-workflows/releases) - [Changelog](https://github.com/LerianStudio/github-actions-shared-workflows/blob/main/docs/release-workflow.md) - [Commits](LerianStudio/github-actions-shared-workflows@v1.13.1...v1.15.0) --- updated-dependencies: - dependency-name: LerianStudio/github-actions-shared-workflows/.github/workflows/release.yml dependency-version: 1.15.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…orkflows/gptchangelog.yml Bumps [LerianStudio/github-actions-shared-workflows/.github/workflows/gptchangelog.yml](https://github.com/lerianstudio/github-actions-shared-workflows) from 1.11.0 to 1.15.0. - [Release notes](https://github.com/lerianstudio/github-actions-shared-workflows/releases) - [Changelog](https://github.com/LerianStudio/github-actions-shared-workflows/blob/main/docs/release-workflow.md) - [Commits](LerianStudio/github-actions-shared-workflows@v1.11.0...v1.15.0) --- updated-dependencies: - dependency-name: LerianStudio/github-actions-shared-workflows/.github/workflows/gptchangelog.yml dependency-version: 1.15.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…orkflows/gitops-update.yml Bumps [LerianStudio/github-actions-shared-workflows/.github/workflows/gitops-update.yml](https://github.com/lerianstudio/github-actions-shared-workflows) from 1.13.1 to 1.15.0. - [Release notes](https://github.com/lerianstudio/github-actions-shared-workflows/releases) - [Changelog](https://github.com/LerianStudio/github-actions-shared-workflows/blob/main/docs/release-workflow.md) - [Commits](LerianStudio/github-actions-shared-workflows@v1.13.1...v1.15.0) --- updated-dependencies: - dependency-name: LerianStudio/github-actions-shared-workflows/.github/workflows/gitops-update.yml dependency-version: 1.15.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…orkflows/pr-validation.yml Bumps [LerianStudio/github-actions-shared-workflows/.github/workflows/pr-validation.yml](https://github.com/lerianstudio/github-actions-shared-workflows) from 1.13.1 to 1.15.0. - [Release notes](https://github.com/lerianstudio/github-actions-shared-workflows/releases) - [Changelog](https://github.com/LerianStudio/github-actions-shared-workflows/blob/main/docs/release-workflow.md) - [Commits](LerianStudio/github-actions-shared-workflows@v1.13.1...v1.15.0) --- updated-dependencies: - dependency-name: LerianStudio/github-actions-shared-workflows/.github/workflows/pr-validation.yml dependency-version: 1.15.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…orkflows/pr-security-scan.yml Bumps [LerianStudio/github-actions-shared-workflows/.github/workflows/pr-security-scan.yml](https://github.com/lerianstudio/github-actions-shared-workflows) from 1.13.1 to 1.15.0. - [Release notes](https://github.com/lerianstudio/github-actions-shared-workflows/releases) - [Changelog](https://github.com/LerianStudio/github-actions-shared-workflows/blob/main/docs/release-workflow.md) - [Commits](LerianStudio/github-actions-shared-workflows@v1.13.1...v1.15.0) --- updated-dependencies: - dependency-name: LerianStudio/github-actions-shared-workflows/.github/workflows/pr-security-scan.yml dependency-version: 1.15.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Add two GET endpoints for the visual template builder: - GET /v1/templates/blocks-config: returns 10 block type definitions (text, variable, loop, conditional, aggregation, calculation, date_time, counter, comment, section) with properties and categories - GET /v1/templates/filters: returns Pongo2 filter definitions including DIMP filters (replace, where, sum, count) Includes unit, property, fuzz, integration, and chaos tests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…evelop/LerianStudio/github-actions-shared-workflows/dot-github/workflows/release.yml-1.15.0 ci(deps): bump LerianStudio/github-actions-shared-workflows/.github/workflows/release.yml from 1.13.1 to 1.15.0
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (3)
components/manager/internal/services/create-report_test.go (2)
953-980:⚠️ Potential issue | 🟡 MinorAssert the returned cache error in this test.
cacheIdempotencyResultnow returns an error, but this test ignores it. A regression that starts swallowing Redis write failures again would still pass here.Minimal fix
ctx := context.Background() - // This method does not return an error, it only logs. We verify no panic occurs. - uc.cacheIdempotencyResult(ctx, "idempotency:test-key", reportResult) + err := uc.cacheIdempotencyResult(ctx, "idempotency:test-key", reportResult) + require.Error(t, err) + assert.Contains(t, err.Error(), "redis write failure")🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manager/internal/services/create-report_test.go` around lines 953 - 980, The test TestUseCase_CacheIdempotencyResult_SetError currently ignores the return value of UseCase.cacheIdempotencyResult; update the test to capture the returned error from uc.cacheIdempotencyResult(ctx, "idempotency:test-key", reportResult) and assert that it is non-nil (and optionally that it matches the expected Redis write failure) so the test fails if the method starts swallowing errors again; locate the UseCase struct and cacheIdempotencyResult call in the test and change the final invocation to check the returned error via the test assertion.
321-322:⚠️ Potential issue | 🟡 MinorRemove all
defer ctrl.Finish()calls from gomock test setup.
go.uber.org/mockautomatically registers cleanup viat.Cleanup(), making manualdeferstatements redundant.Cleanup pattern
ctrl := gomock.NewController(t) -defer ctrl.Finish()Applies to lines: 321-322, 739-740, 863-864, 889-890, 915-916, 956-957, 1022-1023, 1049-1050
Per coding guideline:
**/*_test.go: "Do not usedefer ctrl.Finish()in tests; go.uber.org/mock auto-registers cleanup".🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manager/internal/services/create-report_test.go` around lines 321 - 322, Remove the manual cleanup call "defer ctrl.Finish()" used after creating gomock controllers; wherever you call "ctrl := gomock.NewController(t)" in the test files (instances creating a local variable named ctrl), delete the subsequent "defer ctrl.Finish()" line and rely on the testing framework's automatic cleanup (go.uber.org/mock registers t.Cleanup()). Ensure no other code relies on ctrl.Finish() being run manually.components/manager/internal/adapters/http/in/template_test.go (1)
142-143: 🛠️ Refactor suggestion | 🟠 MajorRemove all explicit
defer ctrl.Finish()calls in this file;go.uber.org/mock/gomockauto-registers cleanup.There are 15 instances across the file where
gomock.NewController(t)is immediately followed bydefer ctrl.Finish(). This is redundant—the controller automatically registers cleanup witht, so explicit calls violate the repository's test guidelines.Example fix
ctrl := gomock.NewController(t) -defer ctrl.Finish()Lines affected: 142-143, 266-267, 297-298, 328-329, 416-417, 447-448, 532-533, 565-566, 610-611, 686-687, 740-741, 786-787, 821-822, 853-854, 904-905.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manager/internal/adapters/http/in/template_test.go` around lines 142 - 143, Remove the redundant explicit cleanup calls: delete all occurrences of "defer ctrl.Finish()" that immediately follow gomock.NewController(t) in this test file (instances where a local variable named "ctrl" is assigned via gomock.NewController(t)); leave the gomock.NewController(t) calls intact since gomock auto-registers cleanup with the testing.T. Ensure you remove every "defer ctrl.Finish()" (15 instances referenced near the existing "ctrl" variables) so tests follow the repository guideline.
♻️ Duplicate comments (7)
.trivyignore (1)
18-20:⚠️ Potential issue | 🟠 MajorDocument why these CVEs are being ignored.
These three CVE entries still lack justification comments, which is inconsistent with the documented entries at lines 1-5 and 22-30. Security best practice requires documenting why vulnerabilities are being ignored:
- Date of decision
- Vulnerability description
- Reason for ignoring (e.g., not applicable, no upstream fix, low impact)
- Impact assessment
This ensures future developers understand the security decisions made and supports compliance and audit requirements.
📝 Suggested documentation format
+# 2026-04-10 — CVE-2026-25882 +# [Brief description of vulnerability] +# [Reason for ignoring: e.g., not applicable, no fix available, low impact] CVE-2026-25882 + +# 2026-04-10 — CVE-2026-22184 +# [Brief description of vulnerability] +# [Reason for ignoring] CVE-2026-22184 + +# 2026-04-10 — CVE-2026-27171 +# [Brief description of vulnerability] +# [Reason for ignoring] CVE-2026-27171🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.trivyignore around lines 18 - 20, Add justification comments above each listed CVE (CVE-2026-25882, CVE-2026-22184, CVE-2026-27171) matching the existing format used for entries at the top and bottom of the file: include decision date, a concise vulnerability description, the reason for ignoring (e.g., not applicable, no upstream fix, low impact), and a brief impact assessment; ensure the comment style and spacing mirror other documented entries so reviewers and auditors can understand why these CVEs were excluded.components/manager/api/openapi.yaml (1)
102-119:⚠️ Potential issue | 🟠 MajorResolve the remaining page-based contract on
/v1/deadlines.This operation still publishes
page/limit. Until the spec is switched to the cursor-based contract, generated clients and docs will keep targeting the wrong query shape. Regenerate the derived Swagger artifacts after fixing the source contract.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manager/api/openapi.yaml` around lines 102 - 119, The OpenAPI operation for /v1/deadlines still exposes the page-based query shape (parameters named "page" and "limit"); update this operation to the cursor-based contract by removing the "page" parameter, replacing it with a "cursor" query parameter (string, nullable/optional) and keep/adjust "limit" as the cursor pagination size if needed, then regenerate the derived Swagger/clients/docs so artifacts reflect the new /v1/deadlines cursor-based contract.components/manager/internal/services/create-report.go (4)
87-87:⚠️ Potential issue | 🟠 MajorDo not return success when idempotency caching fails.
If
cacheIdempotencyResultfails,CreateReportstill returns success and only releases the lock in the deferred cleanup. A retry with the same idempotency key can then create a second report because no cached result was ever stored.Suggested fix
- uc.finalizeReportIdempotency(ctx, reportInput, result, &idempotencyKey, &shouldCleanupKey) + if err := uc.finalizeReportIdempotency(ctx, reportInput, result, &idempotencyKey, &shouldCleanupKey); err != nil { + return nil, err + } return result, nil } -func (uc *UseCase) finalizeReportIdempotency(ctx context.Context, reportInput *model.CreateReportInput, result *report.Report, idempotencyKey *string, shouldCleanupKey *bool) { +func (uc *UseCase) finalizeReportIdempotency(ctx context.Context, reportInput *model.CreateReportInput, result *report.Report, idempotencyKey *string, shouldCleanupKey *bool) error { if uc.RedisRepo == nil { - return + return nil } if *idempotencyKey == "" { key, keyErr := uc.buildIdempotencyKey(ctx, reportInput) if keyErr == nil { *idempotencyKey = key } } if *idempotencyKey != "" { - if cacheErr := uc.cacheIdempotencyResult(ctx, *idempotencyKey, result); cacheErr == nil { - *shouldCleanupKey = false + if cacheErr := uc.cacheIdempotencyResult(ctx, *idempotencyKey, result); cacheErr != nil { + return cacheErr } + *shouldCleanupKey = false } + + return nil }Also applies to: 191-207
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manager/internal/services/create-report.go` at line 87, The idempotency caching failure is currently ignored so CreateReport can return success even when cacheIdempotencyResult fails; update CreateReport to check the error returned by uc.finalizeReportIdempotency (and by cacheIdempotencyResult inside it) and if it returns an error propagate/return that error instead of treating the operation as successful; ensure you still release the idempotency lock via the existing defer (idempotencyKey/shouldCleanupKey) but do not suppress or drop errors from finalizeReportIdempotency (affecting the CreateReport success path and the duplicate branch around finalizeReportIdempotency at lines ~191-207).
175-182:⚠️ Potential issue | 🟡 MinorStore the failure timestamp in UTC.
The status update path still uses
time.Now(), which will persist mixed local timestamps across nodes.Minimal fix
- if updateErr := uc.ReportRepo.UpdateReportStatusById(ctx, constant.ErrorStatus, result.ID, time.Now(), metadata); updateErr != nil { + if updateErr := uc.ReportRepo.UpdateReportStatusById(ctx, constant.ErrorStatus, result.ID, time.Now().UTC(), metadata); updateErr != nil {As per coding guidelines,
**/*.go: "Always use.UTC()when callingtime.Now()".🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manager/internal/services/create-report.go` around lines 175 - 182, The call to UpdateReportStatusById uses time.Now() which can persist non-UTC timestamps; update the error-path where uc.SendReportQueueReports fails to pass time.Now().UTC() instead of time.Now() (i.e., in the call to uc.ReportRepo.UpdateReportStatusById with constant.ErrorStatus and result.ID) so the stored failure timestamp is always in UTC; adjust any nearby similar usages in that error-handling block accordingly.
164-170:⚠️ Potential issue | 🔴 CriticalCheck
outputFormatbefore dereferencing it.
prepareReportCreationreturns*string, butsendReportMessagestill unconditionally dereferences it. If the repository returns nil here, this panics after the report has already been persisted.Minimal fix
func (uc *UseCase) sendReportMessage(ctx context.Context, span trace.Span, result *report.Report, templateID uuid.UUID, outputFormat *string, mappedFields map[string]map[string][]string, filters map[string]map[string]map[string]model.FilterCondition) error { + if outputFormat == nil { + return errors.New("missing output format") + } + reportMessage := model.ReportMessage{ TemplateID: templateID, ReportID: result.ID,🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manager/internal/services/create-report.go` around lines 164 - 170, sendReportMessage currently unconditionally dereferences the *string outputFormat (from prepareReportCreation) which can be nil and cause a panic; update sendReportMessage to check outputFormat for nil before dereferencing and set model.ReportMessage.OutputFormat conditionally (e.g., use *outputFormat when non-nil, otherwise set to an empty string or a safe default) so the function no longer panics when prepareReportCreation returns nil.
31-56:⚠️ Potential issue | 🔴 CriticalGuard
reportInputbefore reading its fields.
reportInput.TemplateIDandlen(reportInput.Filters)are still accessed before any nil check, so a nil caller will panic instead of getting a business error.Minimal fix
func (uc *UseCase) CreateReport(ctx context.Context, reportInput *model.CreateReportInput) (*report.Report, error) { + if reportInput == nil { + return nil, pkg.ValidateBusinessError(constant.ErrInvalidRequestBody, "report") + } + reqId := ctxutil.HeaderIDFromContext(ctx)🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manager/internal/services/create-report.go` around lines 31 - 56, Guard against a nil reportInput at the start of UseCase.CreateReport to avoid panics: before reading reportInput.TemplateID or len(reportInput.Filters), add a nil check for reportInput and return a business-level error (and log it via uc.Logger) when nil; update the early part of CreateReport so span.SetAttributes and uc.Logger.Log only use reportInput.TemplateID and len(reportInput.Filters) after the nil check to ensure safe access.components/manager/internal/adapters/http/in/report_test.go (1)
128-129: 🛠️ Refactor suggestion | 🟠 MajorRemove the explicit
ctrl.Finish()calls from these tests.
gomock.NewController(t)already auto-registers cleanup, so the extra defer should be dropped everywhere it still appears in this file.Minimal cleanup
ctrl := gomock.NewController(t) -defer ctrl.Finish()As per coding guidelines,
**/*_test.go: "Do not usedefer ctrl.Finish()in tests; go.uber.org/mock auto-registers cleanup".Also applies to: 174-175, 270-271, 391-392, 562-563, 634-635, 672-673, 716-717
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manager/internal/adapters/http/in/report_test.go` around lines 128 - 129, Remove the redundant explicit cleanup calls by deleting the deferred ctrl.Finish() after creating the mock controller; locate each occurrence of "ctrl := gomock.NewController(t)" in report_test.go (e.g., the instances at the diff snippet and the other listed occurrences) and remove the corresponding "defer ctrl.Finish()" line so the tests rely on gomock's auto-registered cleanup instead.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@components/manager/api/openapi.yaml`:
- Around line 120-125: The response schema inline_response_200 used by GET
/v1/deadlines currently materializes a nested Pagination object while also
exposing top-level items/limit/page/total, which will produce incorrect SDK
models; update the OpenAPI components so the deadline list response uses a
single flattened schema (include items/limit/page/total at the same level) or
revert to composing via allOf (e.g., allOf: [{ $ref:
'#/components/schemas/Pagination' }, { properties: { items: { ... } } }])
instead of embedding Pagination as a property; ensure you update
inline_response_200 (and the equivalent schemas referenced in the 2050-2110
range) to consistently use the chosen approach so the generated models contain
only one set of pagination fields.
- Around line 2251-2257: The BearerAuth security scheme currently uses type:
apiKey which is incorrect for RFC6750 bearer tokens; update the BearerAuth entry
under securitySchemes to use type: http and scheme: bearer (optionally add
bearerFormat: "JWT" if desired) and remove apiKey-specific fields like in/name
so generators will emit an Authorization header with the "Bearer " prefix;
locate the BearerAuth block in the OpenAPI securitySchemes to make this change.
In `@components/manager/Dockerfile`:
- Line 39: The RUN that currently uses "apk add --no-cache --upgrade
ca-certificates" should pin the ca-certificates package to a specific patched
version for reproducible builds: determine the exact ca-certificates package
version available for the target base image (alpine:3.23) from Alpine's
repository, then replace the invocation in the Dockerfile's RUN line (the apk
add of ca-certificates) to install that explicit version (e.g.,
ca-certificates=<version>) and remove or avoid broad --upgrade semantics so the
build is deterministic while still using the known patched release.
In `@components/manager/README.md`:
- Around line 1-4: Replace the placeholder components/manager/README.md
(currently only a CI trigger comment) with a proper README that documents the
Manager component purpose/architecture, configuration and environment variables,
API endpoints and example usage, local development setup, and deployment
instructions; if documentation isn't ready, delete this placeholder file and
instead configure CI triggers in your workflow files (use workflow_dispatch,
path filters, or explicit includes/excludes) so builds aren't gated by an empty
README.
---
Outside diff comments:
In `@components/manager/internal/adapters/http/in/template_test.go`:
- Around line 142-143: Remove the redundant explicit cleanup calls: delete all
occurrences of "defer ctrl.Finish()" that immediately follow
gomock.NewController(t) in this test file (instances where a local variable
named "ctrl" is assigned via gomock.NewController(t)); leave the
gomock.NewController(t) calls intact since gomock auto-registers cleanup with
the testing.T. Ensure you remove every "defer ctrl.Finish()" (15 instances
referenced near the existing "ctrl" variables) so tests follow the repository
guideline.
In `@components/manager/internal/services/create-report_test.go`:
- Around line 953-980: The test TestUseCase_CacheIdempotencyResult_SetError
currently ignores the return value of UseCase.cacheIdempotencyResult; update the
test to capture the returned error from uc.cacheIdempotencyResult(ctx,
"idempotency:test-key", reportResult) and assert that it is non-nil (and
optionally that it matches the expected Redis write failure) so the test fails
if the method starts swallowing errors again; locate the UseCase struct and
cacheIdempotencyResult call in the test and change the final invocation to check
the returned error via the test assertion.
- Around line 321-322: Remove the manual cleanup call "defer ctrl.Finish()" used
after creating gomock controllers; wherever you call "ctrl :=
gomock.NewController(t)" in the test files (instances creating a local variable
named ctrl), delete the subsequent "defer ctrl.Finish()" line and rely on the
testing framework's automatic cleanup (go.uber.org/mock registers t.Cleanup()).
Ensure no other code relies on ctrl.Finish() being run manually.
---
Duplicate comments:
In @.trivyignore:
- Around line 18-20: Add justification comments above each listed CVE
(CVE-2026-25882, CVE-2026-22184, CVE-2026-27171) matching the existing format
used for entries at the top and bottom of the file: include decision date, a
concise vulnerability description, the reason for ignoring (e.g., not
applicable, no upstream fix, low impact), and a brief impact assessment; ensure
the comment style and spacing mirror other documented entries so reviewers and
auditors can understand why these CVEs were excluded.
In `@components/manager/api/openapi.yaml`:
- Around line 102-119: The OpenAPI operation for /v1/deadlines still exposes the
page-based query shape (parameters named "page" and "limit"); update this
operation to the cursor-based contract by removing the "page" parameter,
replacing it with a "cursor" query parameter (string, nullable/optional) and
keep/adjust "limit" as the cursor pagination size if needed, then regenerate the
derived Swagger/clients/docs so artifacts reflect the new /v1/deadlines
cursor-based contract.
In `@components/manager/internal/adapters/http/in/report_test.go`:
- Around line 128-129: Remove the redundant explicit cleanup calls by deleting
the deferred ctrl.Finish() after creating the mock controller; locate each
occurrence of "ctrl := gomock.NewController(t)" in report_test.go (e.g., the
instances at the diff snippet and the other listed occurrences) and remove the
corresponding "defer ctrl.Finish()" line so the tests rely on gomock's
auto-registered cleanup instead.
In `@components/manager/internal/services/create-report.go`:
- Line 87: The idempotency caching failure is currently ignored so CreateReport
can return success even when cacheIdempotencyResult fails; update CreateReport
to check the error returned by uc.finalizeReportIdempotency (and by
cacheIdempotencyResult inside it) and if it returns an error propagate/return
that error instead of treating the operation as successful; ensure you still
release the idempotency lock via the existing defer
(idempotencyKey/shouldCleanupKey) but do not suppress or drop errors from
finalizeReportIdempotency (affecting the CreateReport success path and the
duplicate branch around finalizeReportIdempotency at lines ~191-207).
- Around line 175-182: The call to UpdateReportStatusById uses time.Now() which
can persist non-UTC timestamps; update the error-path where
uc.SendReportQueueReports fails to pass time.Now().UTC() instead of time.Now()
(i.e., in the call to uc.ReportRepo.UpdateReportStatusById with
constant.ErrorStatus and result.ID) so the stored failure timestamp is always in
UTC; adjust any nearby similar usages in that error-handling block accordingly.
- Around line 164-170: sendReportMessage currently unconditionally dereferences
the *string outputFormat (from prepareReportCreation) which can be nil and cause
a panic; update sendReportMessage to check outputFormat for nil before
dereferencing and set model.ReportMessage.OutputFormat conditionally (e.g., use
*outputFormat when non-nil, otherwise set to an empty string or a safe default)
so the function no longer panics when prepareReportCreation returns nil.
- Around line 31-56: Guard against a nil reportInput at the start of
UseCase.CreateReport to avoid panics: before reading reportInput.TemplateID or
len(reportInput.Filters), add a nil check for reportInput and return a
business-level error (and log it via uc.Logger) when nil; update the early part
of CreateReport so span.SetAttributes and uc.Logger.Log only use
reportInput.TemplateID and len(reportInput.Filters) after the nil check to
ensure safe access.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 7aae547b-8430-4e6d-9a36-704af2726446
⛔ Files ignored due to path filters (1)
go.sumis excluded by!**/*.sum
📒 Files selected for processing (20)
.trivyignorecomponents/manager/Dockerfilecomponents/manager/README.mdcomponents/manager/api/docs.gocomponents/manager/api/openapi.yamlcomponents/manager/api/swagger.jsoncomponents/manager/api/swagger.yamlcomponents/manager/internal/adapters/http/in/report_test.gocomponents/manager/internal/adapters/http/in/template-builder.gocomponents/manager/internal/adapters/http/in/template_test.gocomponents/manager/internal/services/create-report.gocomponents/manager/internal/services/create-report_test.gocomponents/manager/internal/services/download-report.gocomponents/manager/internal/services/download-report_test.gocomponents/manager/internal/services/update-template-by-id.gocomponents/manager/internal/services/update-template-by-id_test.gocomponents/worker/Dockerfilecomponents/worker/README.mdcomponents/worker/internal/bootstrap/config_validation.gogo.mod
arthurkz
approved these changes
Apr 13, 2026
The --upgrade flag introduced in beta.44 updates all Alpine packages including network/TLS libraries. On the worker (alpine:3.22 + Chromium), this breaks the aws-signing-helper sidecar credential resolution, causing S3 downloads to fail with TPL-0034 in Clotilde dev. The manager (alpine:3.23, no Chromium) is unaffected because it has fewer packages to upgrade. CVE remediation should be done by pinning specific package versions instead of blanket --upgrade. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Cannot apply fix via apk --upgrade as it breaks AWS credential chain. Will address by pinning libcrypto3>=3.5.6-r0 in a follow-up. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
MEDIUM/LOW OpenSSL CVEs in Alpine base image cannot be patched via apk --upgrade without breaking AWS credential chain. All have fixes in newer OpenSSL packages but require a safe upgrade path. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
fix: revert flag that breaks AWS credential chain
Root cause: MultiQueueConsumer.Run() passed context.Background() to
lib-commons MultiTenantConsumer, which propagated a bare context with
no logger or tracer to all consumer goroutines. Every call to
ctxutil.NewLoggerFromContext(ctx) inside repository/storage code
returned NopLogger{}, silently discarding all diagnostic logs —
including ERROR-level S3 failure messages (TPL-0034).
Changes:
- Enrich root context with logger and tracer before passing to
mtConsumer.Run() so downstream handlers get real loggers
- Elevate Consumer 2 wrappedHandler error logs from WARN to ERROR
with structured body_length field for dropped message visibility
- Add notification-context ERROR log in handleCompletedNotification
when loadTemplate fails (job_id, report_id, template_id)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…lent-logging fix: resolve silent logging in multi-tenant notification handler
…control Replace implicit insecure HTTP auto-detection (URL prefix + env check) with an explicit environment variable, giving operators direct control over whether plaintext HTTP is allowed for tenant-manager connections. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…insecure-http feat: add MULTI_TENANT_ALLOW_INSECURE_HTTP env var for explicit HTTP …
fix: add inecure tls flag
There was a problem hiding this comment.
Actionable comments posted: 5
♻️ Duplicate comments (4)
.trivyignore (1)
18-20:⚠️ Potential issue | 🟠 MajorAdd justification metadata for each ignored CVE entry.
Line 18, Line 19, and Line 20 still suppress CVEs without decision context (date, reason, impact), which weakens auditability and security review traceability.
Suggested patch
+# 2026-04-13 — CVE-2026-25882 +# [one-line description] +# [reason for ignore] +# [impact assessment / scope] CVE-2026-25882 + +# 2026-04-13 — CVE-2026-22184 +# [one-line description] +# [reason for ignore] +# [impact assessment / scope] CVE-2026-22184 + +# 2026-04-13 — CVE-2026-27171 +# [one-line description] +# [reason for ignore] +# [impact assessment / scope] CVE-2026-27171🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.trivyignore around lines 18 - 20, The three CVE entries (CVE-2026-25882, CVE-2026-22184, CVE-2026-27171) are missing justification metadata; for each of those identifiers in .trivyignore add an immediately preceding comment block that records the decision metadata (date, reason for ignore, impact assessment or compensating controls, and reviewer initials or ticket/PR link) so auditability is preserved—e.g., add a comment line(s) above each CVE entry containing "Date: YYYY-MM-DD | Reason: ... | Impact: ... | Reviewer/Ticket: ...", ensuring each CVE ID has its own metadata entry.components/manager/internal/bootstrap/init_tenant.go (2)
153-156:⚠️ Potential issue | 🟠 MajorLimit the Swagger bypass to
/swaggerand/swagger/....
strings.HasPrefix(path, "/swagger")also exempts/swagger-admin,/swaggerfoo, and any future route sharing that prefix. That widens the tenant-resolution bypass beyond the docs routes.Suggested fix
for _, prefix := range tenantBypassPaths { if prefix == "/swagger" { - if strings.HasPrefix(path, prefix) { + if path == prefix || strings.HasPrefix(path, prefix+"/") { return c.Next() } } else {🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manager/internal/bootstrap/init_tenant.go` around lines 153 - 156, The current bypass loop (tenantBypassPaths) uses strings.HasPrefix(path, prefix) which wrongly matches routes like "/swagger-admin"; update the check to only allow the exact "/swagger" path or subpaths under "/swagger/" by replacing strings.HasPrefix(path, prefix) with a stricter condition such as path == prefix || strings.HasPrefix(path, prefix+"/") (apply this change where the loop checks prefix, e.g., in the block handling "/swagger" before calling c.Next()).
57-58:⚠️ Potential issue | 🟠 MajorReturn an error when multi-tenant mode is enabled without
MULTI_TENANT_URL.
cfg.MultiTenantURL == ""still takes the same no-op branch as single-tenant mode. If validation is skipped or regresses, the manager boots with tenant isolation disabled even thoughMULTI_TENANT_ENABLED=true.Suggested fix
- if !cfg.MultiTenantEnabled || cfg.MultiTenantURL == "" { + if !cfg.MultiTenantEnabled { return nil, nil, nil, nil } + if cfg.MultiTenantURL == "" { + return nil, nil, nil, fmt.Errorf("MULTI_TENANT_URL is required when MULTI_TENANT_ENABLED=true") + }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manager/internal/bootstrap/init_tenant.go` around lines 57 - 58, The current branch in the function that checks cfg.MultiTenantEnabled and cfg.MultiTenantURL returns nils for both enabled and disabled cases, allowing startup when MULTI_TENANT_ENABLED=true but MULTI_TENANT_URL is empty; update the conditional in the initializer (the block that reads cfg.MultiTenantEnabled and cfg.MultiTenantURL) to return a descriptive error (e.g., using fmt.Errorf or errors.New) when cfg.MultiTenantEnabled is true and cfg.MultiTenantURL == "" instead of returning nils, so the manager fails fast if multi-tenant mode is requested without a MULTI_TENANT_URL.components/manager/internal/bootstrap/config.go (1)
166-177:⚠️ Potential issue | 🟠 MajorKeep Mongo validation aligned with unconditional
initMongoDB().
Validate()stops requiringMONGO_HOSTandMONGO_NAMEwhenMULTI_TENANT_ENABLED=true, butInitServers()still callsinitMongoDB(cfg, logger)unconditionally at Line 484. That lets an invalid config pass validation and then fail later during bootstrap.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manager/internal/bootstrap/config.go` around lines 166 - 177, Validate() currently skips requiring MONGO_HOST and MONGO_NAME when MultiTenantEnabled is true, but InitServers() calls initMongoDB(cfg, logger) unconditionally; update Validate() so it always includes the Mongo entries (remove the !c.MultiTenantEnabled guard) and therefore always append the struct entries for c.MongoDBHost/"MONGO_HOST" and c.MongoDBName/"MONGO_NAME" (or alternatively make InitServers() call initMongoDB only when !cfg.MultiTenantEnabled—but prefer changing Validate() to always require these fields so the existing unconditional initMongoDB call is validated).
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.trivyignore:
- Around line 22-31: The shared .trivyignore CVE block lacks expiry and owner
metadata so ignores can’t be tracked; update that block (for example entries
like CVE-2026-28390, CVE-2026-28388, CVE-2026-28389, etc.) to include a short
machine-parseable comment for each CVE with an expiry date, owner, and
ticket/reference (e.g. “# expiry: 2026-05-15 owner: team@yourorg.com ref:
ISSUE-1234”) or a single header comment covering the block with the same fields
and a link to the tracking issue, ensuring every ignored CVE has expiry and
owner information to prevent permanent suppression drift.
In `@components/manager/.env.example`:
- Around line 84-85: The SWAGGER_TITLE and SWAGGER_DESCRIPTION entries currently
include literal single quotes; remove those quotes so the values are plain
unquoted strings (update SWAGGER_TITLE and SWAGGER_DESCRIPTION in the .env
example) to match the rest of the template and prevent quote characters from
being passed through to generated docs/config.
In `@components/manager/internal/bootstrap/config.go`:
- Around line 561-603: When cfg.FetcherEnabled && cfg.MultiTenantEnabled is
true, do not allow startup to continue with a nil M2M provider: validate
cfg.AWSRegion and cfg.AuthAddress up front and error if either is empty, ensure
auth.BuildCredentialFetcher returns a non-nil credFetcher (propagate/return the
error if it does not), and only set datasource.ProviderConfig.M2MTokenProvider
when auth.NewM2MCredentialProvider successfully returns a provider; otherwise
return an explicit startup error instead of leaving m2mTokenProvider nil to
avoid request-time auth failures.
In `@components/manager/internal/bootstrap/init_tenant.go`:
- Around line 180-220: The TLS handling currently only checks
cfg.MultiTenantRedisTLS and cfg.MultiTenantRedisCACert even when the code falls
back to the shared Redis (cfg.RedisHost/Password); update the logic so TLS and
CA selection follow the same fallback as host/password: determine a boolean
(e.g., useTLS) and CA string (e.g., caCertStr) by preferring
cfg.MultiTenantRedisTLS/cfg.MultiTenantRedisCACert but if
cfg.MultiTenantRedisHost == "" switch to cfg.RedisTLS/cfg.RedisCACert, then use
those variables when building tlsCfg and setting opts.TLSConfig (refer to
symbols cfg.MultiTenantRedisHost, cfg.RedisHost, cfg.MultiTenantRedisTLS,
cfg.RedisTLS, cfg.MultiTenantRedisCACert, cfg.RedisCACert, opts.TLSConfig).
- Around line 124-131: The readinessCheck closure currently only nil-checks
tmClient; update it so that in multi-tenant mode it also performs a real Redis
ping by calling checkTenantDiscoveryRedis(ctx) and returning any error (so
readiness fails if tenant-discovery Redis is unreachable). Concretely, inside
readinessCheck (the closure capturing tmClient) keep the tmClient nil-check,
then invoke checkTenantDiscoveryRedis with the same context and propagate its
error; ensure this Redis check is executed only when multi-tenant mode is active
(use the existing multi-tenant flag/config in scope).
---
Duplicate comments:
In @.trivyignore:
- Around line 18-20: The three CVE entries (CVE-2026-25882, CVE-2026-22184,
CVE-2026-27171) are missing justification metadata; for each of those
identifiers in .trivyignore add an immediately preceding comment block that
records the decision metadata (date, reason for ignore, impact assessment or
compensating controls, and reviewer initials or ticket/PR link) so auditability
is preserved—e.g., add a comment line(s) above each CVE entry containing "Date:
YYYY-MM-DD | Reason: ... | Impact: ... | Reviewer/Ticket: ...", ensuring each
CVE ID has its own metadata entry.
In `@components/manager/internal/bootstrap/config.go`:
- Around line 166-177: Validate() currently skips requiring MONGO_HOST and
MONGO_NAME when MultiTenantEnabled is true, but InitServers() calls
initMongoDB(cfg, logger) unconditionally; update Validate() so it always
includes the Mongo entries (remove the !c.MultiTenantEnabled guard) and
therefore always append the struct entries for c.MongoDBHost/"MONGO_HOST" and
c.MongoDBName/"MONGO_NAME" (or alternatively make InitServers() call initMongoDB
only when !cfg.MultiTenantEnabled—but prefer changing Validate() to always
require these fields so the existing unconditional initMongoDB call is
validated).
In `@components/manager/internal/bootstrap/init_tenant.go`:
- Around line 153-156: The current bypass loop (tenantBypassPaths) uses
strings.HasPrefix(path, prefix) which wrongly matches routes like
"/swagger-admin"; update the check to only allow the exact "/swagger" path or
subpaths under "/swagger/" by replacing strings.HasPrefix(path, prefix) with a
stricter condition such as path == prefix || strings.HasPrefix(path, prefix+"/")
(apply this change where the loop checks prefix, e.g., in the block handling
"/swagger" before calling c.Next()).
- Around line 57-58: The current branch in the function that checks
cfg.MultiTenantEnabled and cfg.MultiTenantURL returns nils for both enabled and
disabled cases, allowing startup when MULTI_TENANT_ENABLED=true but
MULTI_TENANT_URL is empty; update the conditional in the initializer (the block
that reads cfg.MultiTenantEnabled and cfg.MultiTenantURL) to return a
descriptive error (e.g., using fmt.Errorf or errors.New) when
cfg.MultiTenantEnabled is true and cfg.MultiTenantURL == "" instead of returning
nils, so the manager fails fast if multi-tenant mode is requested without a
MULTI_TENANT_URL.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 178a342b-e8ea-4301-bf9b-8b246b10042d
📒 Files selected for processing (12)
.trivyignorecomponents/manager/.env.examplecomponents/manager/Dockerfilecomponents/manager/internal/bootstrap/config.gocomponents/manager/internal/bootstrap/init_tenant.gocomponents/worker/.env.examplecomponents/worker/Dockerfilecomponents/worker/internal/bootstrap/config.gocomponents/worker/internal/bootstrap/config_fetcher.gocomponents/worker/internal/bootstrap/config_multitenant.gocomponents/worker/internal/bootstrap/consumer.gocomponents/worker/internal/services/process-notification.go
Pass tmrabbitmq.WithTLS() when creating the per-tenant RabbitMQ manager, controlled by the RABBITMQ_TLS environment variable. Without this, the manager connects via amqp:// (plaintext) even when the broker requires amqps:// (TLS), causing "frame could not be parsed" errors. Follows the same pattern as midaz (config.rabbitmq.go). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…insecure-http feat: add RABBITMQ_TLS env var for multi-tenant RabbitMQ TLS connections
fix: adding tls for rabbit mq
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (4)
components/manager/internal/bootstrap/init_helpers.go (1)
69-72:⚠️ Potential issue | 🟠 MajorDon't hardcode the logger bootstrap config.
This still forces the local logger profile and
"reporter"library name in every environment, soENV_NAME,LOG_LEVEL, andOTEL_LIBRARY_NAMEfromConfigare ignored.As per coding guidelines, "Never hardcode configuration; use environment variables instead."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manager/internal/bootstrap/init_helpers.go` around lines 69 - 72, The zap logger is being created with hardcoded values (zap.New called with zap.Config setting Environment to zap.EnvironmentLocal and OTelLibraryName to "reporter"); update the bootstrap to read environment/config values instead of hardcoding: pull ENV_NAME, LOG_LEVEL and OTEL_LIBRARY_NAME from the existing Config (or environment fallback) and pass them into zap.Config when calling zap.New (or provide defaults if missing), ensuring the logger creation uses Config values rather than literal "reporter" and zap.EnvironmentLocal; adjust any related variables (logger, zap.Config) accordingly so Config-driven settings control logger environment, log level, and OTel library name.components/manager/.env.example (1)
85-86:⚠️ Potential issue | 🟡 MinorDrop the literal quotes from the Swagger values.
Those quotes become part of the environment value and can show up in generated docs/UI labels.
Suggested fix
-SWAGGER_TITLE='Reporter' -SWAGGER_DESCRIPTION='Documentation for reporter' +SWAGGER_TITLE=Reporter +SWAGGER_DESCRIPTION=Documentation for reporter🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manager/.env.example` around lines 85 - 86, The SWAGGER_TITLE and SWAGGER_DESCRIPTION entries currently include literal single quotes which become part of the env values; remove the surrounding quotes so SWAGGER_TITLE=Reporter and SWAGGER_DESCRIPTION=Documentation for reporter (update the symbols SWAGGER_TITLE and SWAGGER_DESCRIPTION in the .env.example) to avoid quotes appearing in generated docs/UI labels.components/manager/internal/bootstrap/config.go (2)
167-178:⚠️ Potential issue | 🟠 MajorKeep Mongo validation aligned with
initMongoDB().
InitServers()still callsinitMongoDB(), andcomponents/manager/internal/bootstrap/init_helpers.goalways builds a Mongo connection fromMONGO_HOSTandMONGO_NAME. Skipping those checks whenMULTI_TENANT_ENABLED=truejust defers the failure from validation to startup.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manager/internal/bootstrap/config.go` around lines 167 - 178, InitServers() currently skips validating c.MongoDBHost and c.MongoDBName when c.MultiTenantEnabled is true, but initMongoDB() (in init_helpers.go) still expects MONGO_HOST and MONGO_NAME and will fail at startup; update the validation in InitServers()/config.go to always include checks for c.MongoDBHost and c.MongoDBName regardless of MultiTenantEnabled so the required list (the structs with value/name) always contains those two entries, keeping validation aligned with initMongoDB() and preventing deferred startup failures.
208-231:⚠️ Potential issue | 🟠 MajorRequire M2M settings when fetcher mode needs them.
With
FETCHER_ENABLED=true+MULTI_TENANT_ENABLED=true, validation still allowsAWS_REGIONandPLUGIN_AUTH_ADDRESSto be empty, andInitServers()then leavesm2mTokenProvidernil. That turns a startup misconfiguration into request-time auth failures.As per coding guidelines, "M2M authentication is required when FETCHER_ENABLED=true; use AWS_REGION, M2M_TARGET_SERVICE, M2M_CREDENTIAL_CACHE_TTL_SEC, M2M_TOKEN_CACHE_MARGIN_SEC."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/manager/internal/bootstrap/config.go` around lines 208 - 231, The validator validateManagerMultiTenantFields currently only checks multi-tenant fields but doesn't enforce M2M auth settings required when Fetcher is active; update validateManagerMultiTenantFields to add a conditional branch when c.FetcherEnabled && c.MultiTenantEnabled that appends errors if any of the M2M-related envs are missing or zero: AWS_REGION, PLUGIN_AUTH_ADDRESS (or M2M auth endpoint), M2M_TARGET_SERVICE, M2M_CREDENTIAL_CACHE_TTL_SEC, and M2M_TOKEN_CACHE_MARGIN_SEC; reference these exact env names in the error messages so InitServers() cannot leave m2mTokenProvider nil and startup will fail fast with clear messages.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@components/manager/internal/bootstrap/init_helpers.go`:
- Around line 97-99: If telemetry.ApplyGlobals() fails, ensure you shut down the
already-created telemetry provider/exporter before returning: call the telemetry
shutdown function (e.g. telemetry.Shutdown(...) or telemetry.Close() as
appropriate in your telemetry package) from the failure branch in
init_helpers.go right after ApplyGlobals() errors; attempt the shutdown, capture
any shutdown error, and still return the original ApplyGlobals error (optionally
wrapping both errors so the original failure and any shutdown error are
preserved) while not leaking the telemetry resources.
---
Duplicate comments:
In `@components/manager/.env.example`:
- Around line 85-86: The SWAGGER_TITLE and SWAGGER_DESCRIPTION entries currently
include literal single quotes which become part of the env values; remove the
surrounding quotes so SWAGGER_TITLE=Reporter and
SWAGGER_DESCRIPTION=Documentation for reporter (update the symbols SWAGGER_TITLE
and SWAGGER_DESCRIPTION in the .env.example) to avoid quotes appearing in
generated docs/UI labels.
In `@components/manager/internal/bootstrap/config.go`:
- Around line 167-178: InitServers() currently skips validating c.MongoDBHost
and c.MongoDBName when c.MultiTenantEnabled is true, but initMongoDB() (in
init_helpers.go) still expects MONGO_HOST and MONGO_NAME and will fail at
startup; update the validation in InitServers()/config.go to always include
checks for c.MongoDBHost and c.MongoDBName regardless of MultiTenantEnabled so
the required list (the structs with value/name) always contains those two
entries, keeping validation aligned with initMongoDB() and preventing deferred
startup failures.
- Around line 208-231: The validator validateManagerMultiTenantFields currently
only checks multi-tenant fields but doesn't enforce M2M auth settings required
when Fetcher is active; update validateManagerMultiTenantFields to add a
conditional branch when c.FetcherEnabled && c.MultiTenantEnabled that appends
errors if any of the M2M-related envs are missing or zero: AWS_REGION,
PLUGIN_AUTH_ADDRESS (or M2M auth endpoint), M2M_TARGET_SERVICE,
M2M_CREDENTIAL_CACHE_TTL_SEC, and M2M_TOKEN_CACHE_MARGIN_SEC; reference these
exact env names in the error messages so InitServers() cannot leave
m2mTokenProvider nil and startup will fail fast with clear messages.
In `@components/manager/internal/bootstrap/init_helpers.go`:
- Around line 69-72: The zap logger is being created with hardcoded values
(zap.New called with zap.Config setting Environment to zap.EnvironmentLocal and
OTelLibraryName to "reporter"); update the bootstrap to read environment/config
values instead of hardcoding: pull ENV_NAME, LOG_LEVEL and OTEL_LIBRARY_NAME
from the existing Config (or environment fallback) and pass them into zap.Config
when calling zap.New (or provide defaults if missing), ensuring the logger
creation uses Config values rather than literal "reporter" and
zap.EnvironmentLocal; adjust any related variables (logger, zap.Config)
accordingly so Config-driven settings control logger environment, log level, and
OTel library name.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 4bf561f2-4cc2-4444-b0b4-718d5d6e9601
📒 Files selected for processing (6)
components/manager/.env.examplecomponents/manager/internal/bootstrap/config.gocomponents/manager/internal/bootstrap/init_helpers.gocomponents/worker/.env.examplecomponents/worker/internal/bootstrap/config.gocomponents/worker/internal/bootstrap/config_multitenant.go
chore: update lib-commons to last version and new functions
chore: update lib-commons to v4.6.0
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request Checklist
Pull Request Type
Checklist
Please check each item after it's completed.
Additional Notes
Obs: Please, always remember to target your PR to develop branch instead of main.