Skip to content

[codex] harden model control apply runtime and config validation#133

Merged
human-bee merged 1 commit intomainfrom
codex/model-controls-prod-hotfix
Feb 26, 2026
Merged

[codex] harden model control apply runtime and config validation#133
human-bee merged 1 commit intomainfrom
codex/model-controls-prod-hotfix

Conversation

@human-bee
Copy link
Owner

@human-bee human-bee commented Feb 26, 2026

Summary

This PR hardens the model-control apply path by replacing webhook fan-out with direct provider adapters, validating apply config strictly, and adding targeted runtime tests.

Issue and User Impact

/api/admin/model-controls/apply and related production operations were brittle due to:

  • webhook indirection requiring multiple endpoint env vars,
  • malformed MODEL_CONTROL_APPLY_CONFIG_JSON risk (especially trailing literal \\n artifacts),
  • limited unit coverage around apply orchestration.

Impact: admins could hit apply failures/500s, and operations were harder to reason about and maintain.

Root Cause

  1. Apply execution depended on external webhook URLs instead of first-party provider API adapters.
  2. Config parsing did not enforce nested strictness for provider objects, so typos could silently fall back.
  3. Runtime logic lacked dedicated tests for adapter success/failure branches.

Why This Solves Root Cause

  • Apply endpoint now dispatches directly through typed Vercel/Railway adapters (runApplyService) and validates config before execution.
  • Config schema now strictly validates nested vercel and railway objects.
  • Runtime tests now cover missing config, Vercel adapter success path, and Railway discovery dedupe under concurrent apply.

Changes by Surface

API

  • src/app/api/admin/model-controls/apply/route.ts
    • Removed webhook dispatch code.
    • Added config validation guard (invalid_apply_configuration).
    • Calls getApplyServices() + runApplyService() and preserves audit logging.

Control Plane Runtime

  • src/lib/agents/control-plane/apply-config.ts
    • Added dedicated config parser/cache.
    • Normalizes trailing literal \\n/\\r artifacts.
    • Enforces strict nested provider schema.
  • src/lib/agents/control-plane/apply-runtime.ts
    • Added direct Vercel + Railway apply adapters.
    • Added Railway environment/service discovery and in-flight dedupe cache.
    • Added helper to reset caches for tests.

Tests

  • src/lib/agents/control-plane/apply-config.test.ts
    • Added parser/normalization/strictness coverage.
  • src/lib/agents/control-plane/apply-runtime.test.ts
    • Added adapter and concurrency behavior tests.

Backward Compatibility

  • No client-facing response contract break for existing apply consumers; response still returns step statuses and ok.
  • Legacy internalToken field remains tolerated in config parsing for compatibility with previously written payloads.
  • Existing admin auth gate and audit semantics are preserved.

Validation

  • npm test -- src/lib/agents/control-plane/apply-config.test.ts src/lib/agents/control-plane/apply-runtime.test.ts --runInBand
  • npm run typecheck:app && npm run typecheck:agent
  • npx biome lint src/app/api/admin/model-controls/apply/route.ts src/lib/agents/control-plane/apply-config.ts src/lib/agents/control-plane/apply-runtime.ts src/lib/agents/control-plane/apply-config.test.ts src/lib/agents/control-plane/apply-runtime.test.ts
  • Live operational smoke was run before this PR flow for all apply targets (Vercel web + Railway conductor/realtime).

Reviewer Passes

  • Reviewer A (correctness/regression/security/perf): final pass reported no findings; residual integration-contract risk only.
  • Reviewer B (hygiene/maintainability): final pass reported no findings; noted non-blocking caveats around module size and hardcoded single-project defaults.

Accepted Risks / Follow-ups

  • apply-runtime still contains single-project production fallback defaults. This is intentional for current unreleased single-project scope, but should be revisited if multi-env reuse expands.
  • Provider API contract drift risk remains integration-level (unit mocks cannot fully eliminate this).

UI Evidence

  • WebM: /Users/bsteinher/.codex/worktrees/0e60/PRESENT/artifacts/webm/model-controls-showcase-2026-02-26T04-00-18-414Z.webm
  • Before screenshot: /Users/bsteinher/.codex/worktrees/0e60/PRESENT/artifacts/screenshots/model-controls-before.png
  • After screenshot: /Users/bsteinher/.codex/worktrees/0e60/PRESENT/artifacts/screenshots/model-controls-after.png

@vercel
Copy link

vercel bot commented Feb 26, 2026

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
present Building Building Preview, Comment Feb 26, 2026 5:34am

Request Review

@human-bee human-bee marked this pull request as ready for review February 26, 2026 05:40
@human-bee human-bee merged commit 240bd3f into main Feb 26, 2026
4 checks passed
@human-bee human-bee deleted the codex/model-controls-prod-hotfix branch February 26, 2026 05:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@human-bee