fix(clp-json): Explicitly specify what fields to update in update_archive_metadata (fixes #1039).

[haiqi96]

Description

As described in #1039 , the current update_archive_metadata relies on clp-s to output the exact fields for metadata update. However, this assumption is not always true and has been broken by a recent change.

• This pr updates update_archive_metadata so it expliclity specifies the required fields from the clp-s's archive_stats.
• This pr also updates the logic for handling the default_fields. We removed begin_ts and end_ts from the default list since they will be output by clp-s (when timestamp is not found, those fields will be 0). We also add a strict check to ensure the fields to add does not exist in the clp-s's archive stats.

Checklist

• The PR satisfies the contribution guidelines.
• This is a breaking change and that has been indicated in the PR title, OR this isn't a
  breaking change.
• Necessary docs have been updated, OR no docs need to be updated.

Validation performed

Ran package with storage_engine = clp-s.
Confirmed that a single input file can be compressed without error.

Summary by CodeRabbit

• Bug Fixes

  • Improved handling of archive metadata to ensure only expected information is stored, reducing the chance of incorrect or unexpected data being added.

• Refactor

  • Enhanced validation and control over archive metadata fields for greater reliability.

[coderabbitai]

## Walkthrough

The `update_archive_metadata` function was revised to enforce stricter control over which keys are inserted into the database. Default values are now managed through a dedicated dictionary, and only a fixed set of keys is permitted for insertion, with errors raised if defaults are already present in the input.

## Changes

| File(s)                                                                 | Change Summary                                                                                                      |
|-------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------|
| components/job-orchestration/job_orchestration/executor/compress/compression_task.py | Refactored `update_archive_metadata` to use explicit default keys, raise errors on conflicts, and restrict SQL inserts to a fixed key set. |

## Sequence Diagram(s)

```mermaid
sequenceDiagram
    participant Caller
    participant CompressionTask

    Caller->>CompressionTask: update_archive_metadata(archive_stats, creation_ix, creator_id)
    CompressionTask->>CompressionTask: Check for 'creation_ix' and 'creator_id' in archive_stats
    alt If present
        CompressionTask-->>Caller: Raise error
    else Not present
        CompressionTask->>CompressionTask: Add 'creation_ix' and 'creator_id' to archive_stats
        CompressionTask->>CompressionTask: Prepare fixed key list for insertion
        CompressionTask->>CompressionTask: Extract values in fixed order
        CompressionTask->>CompressionTask: Execute SQL insert with fixed keys/values
        CompressionTask-->>Caller: Return result
    end

Possibly related issues

• bug(clp-json): Compression fails in update_archive_metadata because update function does not parse relevant fields out of --print-archive-stats output. #1039: The changes restrict inserted keys to a fixed set, directly addressing the issue of unvalidated fields causing failures.

Suggested reviewers

• wraymo

<!-- walkthrough_end -->


---

<details>
<summary>📜 Recent review details</summary>

**Configuration used: CodeRabbit UI**
**Review profile: ASSERTIVE**
**Plan: Pro**


<details>
<summary>📥 Commits</summary>

Reviewing files that changed from the base of the PR and between 2ad7fbf39e9442ebfa6f367162fd956561940066 and 5dcde2b15484901f88affce80e16fbc8056b33b6.

</details>

<details>
<summary>📒 Files selected for processing (1)</summary>

* `components/job-orchestration/job_orchestration/executor/compress/compression_task.py` (1 hunks)

</details>

<details>
<summary>🧰 Additional context used</summary>

<details>
<summary>🧠 Learnings (2)</summary>

<details>
<summary>📓 Common learnings</summary>

Learnt from: haiqi96
PR: #594
File: components/clp-package-utils/clp_package_utils/scripts/native/del_archives.py:104-110
Timestamp: 2024-11-15T16:21:52.122Z
Learning: In clp_package_utils/scripts/native/del_archives.py, when deleting archives, the archive variable retrieved from the database is controlled and is always a single string without path components. Therefore, it's acceptable to skip additional validation checks for directory traversal in this context.

</details>
<details>
<summary>components/job-orchestration/job_orchestration/executor/compress/compression_task.py (3)</summary>

Learnt from: haiqi96
PR: #634
File: components/job-orchestration/job_orchestration/executor/compress/fs_compression_task.py:0-0
Timestamp: 2024-12-16T21:49:06.483Z
Learning: In fs_compression_task.py, when refactoring the archive processing loop in Python, the src_archive_file.unlink() operation should remain outside of the process_archive function.

Learnt from: haiqi96
PR: #594
File: components/clp-package-utils/clp_package_utils/scripts/native/del_archives.py:104-110
Timestamp: 2024-11-15T16:21:52.122Z
Learning: In clp_package_utils/scripts/native/del_archives.py, when deleting archives, the archive variable retrieved from the database is controlled and is always a single string without path components. Therefore, it's acceptable to skip additional validation checks for directory traversal in this context.

Learnt from: haiqi96
PR: #651
File: components/clp-package-utils/clp_package_utils/scripts/compress.py:0-0
Timestamp: 2025-01-16T16:58:43.190Z
Learning: In the clp-package compression flow, path validation and error handling is performed at the scheduler level rather than in the compress.py script to maintain simplicity and avoid code duplication.

</details>

</details>

</details>

<details>
<summary>⏰ Context from checks skipped due to timeout of 90000ms (1)</summary>

* GitHub Check: lint-check (ubuntu-latest)

</details>

<details>
<summary>🔇 Additional comments (3)</summary><blockquote>

<details>
<summary>components/job-orchestration/job_orchestration/executor/compress/compression_task.py (3)</summary>

`95-99`: **Well-structured approach to handle default values.**

The explicit construction of default values for fields that clp-s doesn't output is a good improvement that addresses the PR objectives. The comments clearly indicate these are values not provided by clp-s.

---

`101-104`: **Good defensive validation against conflicting fields.**

The validation ensures that clp-s doesn't unexpectedly output fields that should have default values, which prevents potential conflicts and makes the function more robust.

---

`116-121`: **SQL query construction is correct and secure.**

The parameterised query construction using placeholders properly prevents SQL injection and correctly uses the controlled `stats_to_update` dictionary.

</details>

</blockquote></details>

</details>
<!-- internal state start -->


<!-- DwQgtGAEAqAWCWBnSTIEMB26CuAXA9mAOYCmGJATmriQCaQDG+Ats2bgFyQAOFk+AIwBWJBrngA3EsgEBPRvlqU0AgfFwA6NPEgQAfACgjoCEYDEZyAAUASpETZWaCrKNwSPbABsvkCiQBHbGlcSHFcLzpIACIAM3gADwAKBi9uMCFEfAwASi4AUQTuL3gGdS95RG5ReFj5AHdYakh4ki9aZAJIbG5aag94LAADHr6aAH1nBgQpcbZcNDG0Icgk+ITpSDMARgAGAGYAThzo9Fpaf0RETcwUK+CULFxYDxHe/smKackSOZIFpYreawRR+Nr9ehdEH1SDzRbUNAteBtDrofyQJoYWiRei0bAUQZEbrvGiIDQwF6MfH+DCheDMYokNi06jwbJgkqbdnPDypdLIRAEKikSBkIiDDxdfB4bh4MKUkgJNBiJEo5DkOhRWL4PhwpbEsbSAA0kAEcueqDQ9wZ4nZ9Stpoo+AA1mRTfJEf4GOxGJjSBo3AhkLZYYpasjOpS3obPt9ZnqEUD/iDIfhRUUSmUIpVqmU6vKPP4gvB/PRWu1kLEncxGGkwIgAOTIIZTGa/QXURBDE1UHl8Z63fwVQn8LD04qldT8GV4ckASVCaC8WTBEiQmx5GMw2JH+FikCGSliaG8uHG5Y6KzkYOY+DXGCJQwEJHFGHGuC76CxB7ItHfn6rFgC0gI8Ty8UISkFU1RBPa4Czgi9kGcDwMHwGFpVwWVQmvPl61Wep1FgdBIAkJcHj3SBdhQfdN3ENgOwZO5IFQ0JtWwLEcnJABBc51DZDAlwqE1NxDQZcCdPFvSQ+xxNKUJplEZ0wjTMgHHRAdWORCtoJHRYlFxNMWPQLx/EWeRFSQOksFwxskK+NsZM7AMDAANSXeAxn4yB7WQaoKG1Cg2Hoa8KHYjAR03bhlWdNARQI54D0FHVYt+MUJUgABeWt+RWbcFAweJAoippF3sQlIkeLCkQqphvGC3kWF4aRrnoeKQTlSgnQocl3GsOxEFZRBWkjBraQJM1bSwIhsA8toJSQ79aHwTYjLEiTsG9R0SDQZ0R2mTBSGQHUwWLdEloYRx2FZdlRn6MkjH0YxwCgX9+H3E8CGIMhlBoegmFYdguF4fhhFEcQpBkeQmCUKhVHULQdEekwoDgVBLSwD7CFIcheyif7mU4Pw0BhBwnBcd0FBhlQ1E0bRdDAQwntMAx/u4bJ2EQAB6IRBDAHUFMFXt+O5wRxn5l5BeujBOcVUQ8B1TnWcuLmlea/j3ytZ0NG4WQOAMaIDYMCxIC4ucvpxiF7EcZhnHkCj9ofaRA1eW6JlbH4/gBRMWnYsQvJ80NaHDKIun8YplUlSkmrXaUkO4Xh8GVIiKOuXBxAfECSGPU9IFdWRkCDr1s0eA93dmDsPxWNriPIGFFQnLN8sFjbJre4ihgrxB33wcZXZIFYg797JbZ6oMQLk/jbccigP28wjM+z8CSLIzYAoPBhTMm8ZEly78hg37ahW32hu28hBpjRFD8F+9BkFIrxgnVa/p0wuVr33usu1HjxYl91vUJhPfDyd15TNB5HBPOBdDLPyXKZWg5kEiWRLpuQY/0Rwtnsh7Tup8qBIF0lgTqx1agFnkEtecoQeQEIzJOYuTBuARmIusKIqc25FhmqWXOJB86rCfC+QY756QhDQAyU+QxfwCPogsERJohgeVEYgeAAAvfuMjfaNWVnQcYCjlFDByC0aspdMHlwWJXR4XQO4mK7gQXuJJ+7f0gAAZQAIoABlHjXBno5GgBMmJMAwM3MQURsAKIzpuSBbcLGdm7jYw0u96Cywujfaum4mAUEuGzLEI576P1HqgMOXgI4jR4P4GOwToJNBjv2Eq7jKA30Epw7hgEawYLjO2SxKwkjVyyGwBeYFZ6pz0W1DCy8SieXZMdeumYpx53yuJfAXhnLGy4uBH6/FOhpk3EoVIzgpZHX3PXHUN9jqygEJmUUtI+JOwMFAAAcmmB2h1lLAQUUQASuB8Rcn2UUQ5URjnYFOaUc54QGH1EoB4G2SgAwG2iA9BmTMXrfgopjc2P08YsAJlwKgJNrZTxwooZQcNaaIzhcjBQrB1DHy7iU5EoK/wdk8Y9AwpKSAACYSACGPNsFQAAOfYsQGAABZ2X8u9PsAQ5xDixAFWgAAbGgAArAAdhlbsXYyq+WKvpoYUlLLFiKtiByo4JBDgCoFWyjlsrYj7BlYq7YMqWWxFoIceVMqXXbBNaqmVMqtVMuepAeVtAGBKBZQIbY8qBXcoFYcXY2xYjcu5WgWI/KSDct2CQO1BqGCppdQIfYYrvWMtJfjClHkqUkDXCQWl4xXr6CAA== -->

<!-- internal state end -->
<!-- finishing_touch_checkbox_start -->

<details open="true">
<summary>✨ Finishing Touches</summary>

- [ ] <!-- {"checkboxId": "7962f53c-55bc-4827-bfbf-6a18da830691"} --> 📝 Generate Docstrings

</details>

<!-- finishing_touch_checkbox_end -->
<!-- tips_start -->

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

<details>
<summary>❤️ Share</summary>

- [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai)
- [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai)
- [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai)
- [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code)

</details>

<details>
<summary>🪧 Tips</summary>

### Chat

There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai?utm_source=oss&utm_medium=github&utm_campaign=y-scope/clp&utm_content=1043):

- Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  - `I pushed a fix in commit <commit_id>, please review it.`
  - `Explain this complex logic.`
  - `Open a follow-up GitHub issue for this discussion.`
- Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples:
  - `@coderabbitai explain this code block.`
  -	`@coderabbitai modularize this function.`
- PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  - `@coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.`
  - `@coderabbitai read src/utils.ts and explain its main purpose.`
  - `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.`
  - `@coderabbitai help me debug CodeRabbit configuration file.`

### Support

Need help? Create a ticket on our [support page](https://www.coderabbit.ai/contact-us/support) for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

### CodeRabbit Commands (Invoked using PR comments)

- `@coderabbitai pause` to pause the reviews on a PR.
- `@coderabbitai resume` to resume the paused reviews.
- `@coderabbitai review` to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
- `@coderabbitai full review` to do a full review from scratch and review all the files again.
- `@coderabbitai summary` to regenerate the summary of the PR.
- `@coderabbitai generate docstrings` to [generate docstrings](https://docs.coderabbit.ai/finishing-touches/docstrings) for this PR.
- `@coderabbitai generate sequence diagram` to generate a sequence diagram of the changes in this PR.
- `@coderabbitai resolve` resolve all the CodeRabbit review comments.
- `@coderabbitai configuration` to show the current CodeRabbit configuration for the repository.
- `@coderabbitai help` to get help.

### Other keywords and placeholders

- Add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed.
- Add `@coderabbitai summary` to generate the high-level summary at a specific location in the PR description.
- Add `@coderabbitai` anywhere in the PR title to generate the title automatically.

### CodeRabbit Configuration File (`.coderabbit.yaml`)

- You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository.
- Please see the [configuration documentation](https://docs.coderabbit.ai/guides/configure-coderabbit) for more information.
- If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json`

### Documentation and Community

- Visit our [Documentation](https://docs.coderabbit.ai) for detailed information on how to use CodeRabbit.
- Join our [Discord Community](http://discord.gg/coderabbit) to get help, request features, and share feedback.
- Follow us on [X/Twitter](https://twitter.com/coderabbitai) for updates and announcements.

</details>

<!-- tips_end -->

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f2deb21 and e2ebfa1.

📒 Files selected for processing (1)

• components/job-orchestration/job_orchestration/executor/compress/compression_task.py (1 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: haiqi96
PR: y-scope/clp#594
File: components/clp-package-utils/clp_package_utils/scripts/native/del_archives.py:104-110
Timestamp: 2024-11-15T16:21:52.122Z
Learning: In `clp_package_utils/scripts/native/del_archives.py`, when deleting archives, the `archive` variable retrieved from the database is controlled and is always a single string without path components. Therefore, it's acceptable to skip additional validation checks for directory traversal in this context.

components/job-orchestration/job_orchestration/executor/compress/compression_task.py (2)

Learnt from: haiqi96
PR: y-scope/clp#634
File: components/job-orchestration/job_orchestration/executor/compress/fs_compression_task.py:0-0
Timestamp: 2024-12-16T21:49:06.483Z
Learning: In `fs_compression_task.py`, when refactoring the archive processing loop in Python, the `src_archive_file.unlink()` operation should remain outside of the `process_archive` function.

Learnt from: haiqi96
PR: y-scope/clp#594
File: components/clp-package-utils/clp_package_utils/scripts/native/del_archives.py:104-110
Timestamp: 2024-11-15T16:21:52.122Z
Learning: In `clp_package_utils/scripts/native/del_archives.py`, when deleting archives, the `archive` variable retrieved from the database is controlled and is always a single string without path components. Therefore, it's acceptable to skip additional validation checks for directory traversal in this context.

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: lint-check (ubuntu-latest)
• GitHub Check: lint-check (macos-latest)

🔇 Additional comments (2)

components/job-orchestration/job_orchestration/executor/compress/compression_task.py (2)

95-102: Good implementation of conflict detection for default fields.

The explicit validation prevents silent overwrites of fields that should be defaults, which improves data integrity and makes debugging easier when clp-s unexpectedly outputs these fields.

---

113-118: Approve the parameterised SQL construction.

The explicit field ordering and parameterised query construction is secure and maintains consistency between the field names and their values. This approach prevents SQL injection and ensures the correct mapping of values to database columns.

[coderabbitai]

🛠️ Refactor suggestion

Consider adding validation for required fields from clp-s.

While explicitly defining the expected fields improves control, the function assumes all keys in stats_to_update exist in archive_stats. If clp-s fails to output required fields like begin_timestamp, end_timestamp, id, size, or uncompressed_size, the subsequent database operation will fail with a KeyError.

Add validation to ensure required fields exist:

 stats_to_update = [
     "begin_timestamp",
     "end_timestamp", 
     "id",
     "size",
     "uncompressed_size",
 ]
 stats_to_update.extend(default_creation_stats.keys())
+
+# Validate that all required fields from clp-s are present
+required_clp_fields = ["begin_timestamp", "end_timestamp", "id", "size", "uncompressed_size"]
+missing_fields = [field for field in required_clp_fields if field not in archive_stats]
+if missing_fields:
+    raise ValueError(f"Missing required fields from archive stats: {missing_fields}")

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	stats_to_update = [
	"begin_timestamp",
	"end_timestamp",
	"id",
	"size",
	"uncompressed_size",
	]
	stats_to_update.extend(default_creation_stats.keys())
	stats_to_update = [
	"begin_timestamp",
	"end_timestamp",
	"id",
	"size",
	"uncompressed_size",
	]
	stats_to_update.extend(default_creation_stats.keys())
	# Validate that all required fields from clp-s are present
	required_clp_fields = ["begin_timestamp", "end_timestamp", "id", "size", "uncompressed_size"]
	missing_fields = [field for field in required_clp_fields if field not in archive_stats]
	if missing_fields:
	raise ValueError(f"Missing required fields from archive stats: {missing_fields}")

🤖 Prompt for AI Agents

In
components/job-orchestration/job_orchestration/executor/compress/compression_task.py
around lines 104 to 111, the code assumes all keys in stats_to_update exist in
archive_stats, which can cause a KeyError if any required field is missing. Add
validation before using these keys by checking that each required field
(begin_timestamp, end_timestamp, id, size, uncompressed_size) is present in
archive_stats, and handle missing keys appropriately, such as raising a clear
error or providing a default value.

[gibber9809]

LGTM. I think it's fine to not check that those keys exist like rabbit is suggesting since part of the intended behaviour of --print-archive-stats is for those fields to exist. We currently don't document what fields are guaranteed to exist in the output of --print-archive-stats, but that's a separate issue. Granted, I'd also be fine with explicitly checking that the fields exist if we want to be cautious.

I think the PR title is fine by me as well.

[kirkrodrigues]

For the PR title, how about:

fix(clp-json): Explicitly specify what fields to update in `update_archive_metadata` (fixes #1039).

[kirkrodrigues]

I think it'd be clearer for future devs if we implement it as follows:

• Create default_creation_stats with the default values
• Validate the default keys don't exist
• Iterate over stats_to_update and add each kv-pair to default_creation_stats
• The rest of the logic, except in the query, use default_creation_stats

Obviously, the names wouldn't make sense anymore, so how about renaming:

• default_creation_stats -> stats_to_update
• stats_to_update -> required_stat_names