Finish sidecar polish and wire CI auto-promotion (#214)#1
Open
Svaag wants to merge 1 commit into
Open
Conversation
Applies the remaining technical polish for the live rollout (issue #214) and closes the last CI/CD gap so the sidecar auto-promotes like other apps. - config: apply HNP_LOG_LEVEL (was read but ignored; slog was hardcoded to info). Add ParseLogLevel and wire it into the JSON handler after load. - server: method-scope GET /metrics for parity with the other routes. - transport: extract buildResponse from Do() so the response-processing path (bounded read, truncation + x-hyrule-truncated, response header denylist) is unit-testable without bypassing the SSRF dial guard. - tests: response truncation/header-stripping against a real httptest server; redirect-policy revalidation (max hops, private-IP + alternate-network block); config loader defaults/required-token/log-level; handler metrics emission and /metrics method scoping. - ci: inject the build version via -ldflags so the binary reports its SHA. - request-promotion: on green CI for a push to main, dispatch app-promote to network-operations (mirrors hyrule-cloud) so promote-apps.yml opens the hyrule_network_proxy_version pin-bump PR automatically. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Part of the x402 Hyrule Network Proxy live rollout (AS215932/network-operations#214). Finishes the remaining sidecar technical polish and closes the last CI/CD gap.
Changes
Polish / hardening
HNP_LOG_LEVELnow applied. It was read into config but ignored —main.gohardcodedslog.LevelInfo. Addedconfig.ParseLogLevel(debug/info/warn/error, defaults info) and wired it into the JSON handler after config load.GET /metricsmethod-scoped for parity with the other routes (POST now 405).buildResponsefromClient.Doso the response-processing path — bounded read, truncation +x-hyrule-truncated, response-header denylist — is testable without weakening the SSRF dial guard (which correctly blocks loopback test servers).Tests (previously-uncovered paths)
set-cookie/x-payment/x-api-key/payment-signature) against a realhttptestserver..onionblock./metricsmethod scoping.CI/CD
ci.ymlbuild injects the version via-ldflags(github.sha) so the binary reports its commit.request-promotion.yml: on green CI for a push tomain, dispatchesapp-promotetonetwork-operations(mirrors the hyrule-cloud workflow), sopromote-apps.ymlauto-opens thehyrule_network_proxy_versionpin-bump PR.Operator note
request-promotion.ymlreuses the existing shared promotion mechanism: the promotion GitHub App (PROMOTION_APP_ID/PROMOTION_APP_PRIVATE_KEYsecrets, contents+PR write onnetwork-operations) must be installed on this repo, and thehyrule-public-prself-hosted runner available. Until then, promotion still works manually viagh workflow run promote-apps.yml -R AS215932/network-operations -f hyrule_network_proxy_sha=<sha>.Validation
go test ./...,go vet ./...,go test -race ./...,go build -ldflags …all pass locally. No behavior change to the proxy request path beyond the log-level fix; thebuildResponseextraction is behavior-preserving.🤖 Generated with Claude Code