Skip to content

Finish sidecar polish and wire CI auto-promotion (#214)#1

Open
Svaag wants to merge 1 commit into
mainfrom
feat/finish-sidecar-polish-autopromote
Open

Finish sidecar polish and wire CI auto-promotion (#214)#1
Svaag wants to merge 1 commit into
mainfrom
feat/finish-sidecar-polish-autopromote

Conversation

@Svaag

@Svaag Svaag commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Part of the x402 Hyrule Network Proxy live rollout (AS215932/network-operations#214). Finishes the remaining sidecar technical polish and closes the last CI/CD gap.

Changes

Polish / hardening

  • HNP_LOG_LEVEL now applied. It was read into config but ignored — main.go hardcoded slog.LevelInfo. Added config.ParseLogLevel (debug/info/warn/error, defaults info) and wired it into the JSON handler after config load.
  • GET /metrics method-scoped for parity with the other routes (POST now 405).
  • Extracted buildResponse from Client.Do so the response-processing path — bounded read, truncation + x-hyrule-truncated, response-header denylist — is testable without weakening the SSRF dial guard (which correctly blocks loopback test servers).

Tests (previously-uncovered paths)

  • Response truncation + denied-header stripping (set-cookie/x-payment/x-api-key/payment-signature) against a real httptest server.
  • Redirect-policy revalidation: max-hop stop, private-IP redirect block, direct→.onion block.
  • Config loader: defaults, required-token rejection, log-level mapping.
  • Handler-level metrics emission + /metrics method scoping.

CI/CD

  • ci.yml build injects the version via -ldflags (github.sha) so the binary reports its commit.
  • New request-promotion.yml: on green CI for a push to main, dispatches app-promote to network-operations (mirrors the hyrule-cloud workflow), so promote-apps.yml auto-opens the hyrule_network_proxy_version pin-bump PR.

Operator note

request-promotion.yml reuses the existing shared promotion mechanism: the promotion GitHub App (PROMOTION_APP_ID / PROMOTION_APP_PRIVATE_KEY secrets, contents+PR write on network-operations) must be installed on this repo, and the hyrule-public-pr self-hosted runner available. Until then, promotion still works manually via gh workflow run promote-apps.yml -R AS215932/network-operations -f hyrule_network_proxy_sha=<sha>.

Validation

go test ./..., go vet ./..., go test -race ./..., go build -ldflags … all pass locally. No behavior change to the proxy request path beyond the log-level fix; the buildResponse extraction is behavior-preserving.

🤖 Generated with Claude Code

Applies the remaining technical polish for the live rollout (issue #214)
and closes the last CI/CD gap so the sidecar auto-promotes like other apps.

- config: apply HNP_LOG_LEVEL (was read but ignored; slog was hardcoded to
  info). Add ParseLogLevel and wire it into the JSON handler after load.
- server: method-scope GET /metrics for parity with the other routes.
- transport: extract buildResponse from Do() so the response-processing path
  (bounded read, truncation + x-hyrule-truncated, response header denylist) is
  unit-testable without bypassing the SSRF dial guard.
- tests: response truncation/header-stripping against a real httptest server;
  redirect-policy revalidation (max hops, private-IP + alternate-network
  block); config loader defaults/required-token/log-level; handler metrics
  emission and /metrics method scoping.
- ci: inject the build version via -ldflags so the binary reports its SHA.
- request-promotion: on green CI for a push to main, dispatch app-promote to
  network-operations (mirrors hyrule-cloud) so promote-apps.yml opens the
  hyrule_network_proxy_version pin-bump PR automatically.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant