Skip to content

fix(proxy): allow POST /v1/knowledge/query + convert to GET (DAK-6919)#235

Merged
ferhimedamine merged 1 commit into
mainfrom
fix/dak6919-proxy-post-knowledge-query
Jun 21, 2026
Merged

fix(proxy): allow POST /v1/knowledge/query + convert to GET (DAK-6919)#235
ferhimedamine merged 1 commit into
mainfrom
fix/dak6919-proxy-post-knowledge-query

Conversation

@ferhimedamine

@ferhimedamine ferhimedamine commented Jun 21, 2026

Copy link
Copy Markdown
Contributor

Summary

  • allowlist.js: add POST /v1/knowledge/query (convenience alias for QA E2E + direct-fetch clients)
  • server.js: convert POST body (KgQueryParams JSON) → GET query string before forwarding to engine (same pattern as DAK-6906 hybrid rewrite). Agent_id is already session-namespaced by the existing body-rewrite step.
  • proxy.test.js: update the DAK-6758 !isAllowed('POST',...) assertion; add DAK-6919 comment explaining the conversion

The engine only has GET /v1/knowledge/query (lib.rs:455). Adding POST to the allowlist alone would change 403→405; the server.js conversion ensures the engine actually receives GET with correct query params.

Verification: node --test → 64/64 pass

Fixes: DAK-6894 / DAK-6919
Unblocks: DAK-6714 (QA E2E 20/20)

Test plan

  • node --test 64/64 pass locally
  • Deploy via playground-proxy-deploy.yml to playground server
  • QA E2E re-run: POST /v1/knowledge/query returns 200 (not 403)
  • GET /v1/knowledge/query still works (regression: existing scenario 4)

🤖 Generated with Claude Code

@ferhimedamine @claude
fix(proxy): allow POST /v1/knowledge/query + convert to GET (DAK-6919)
a919b71 
QA E2E sends POST /v1/knowledge/query with a JSON body; the engine only
registers GET (lib.rs:455). Previously the proxy returned 403 because POST
was not on the allowlist.

Two-part fix:
1. allowlist.js: add POST /v1/knowledge/query as a convenience alias.
2. server.js: convert POST body (KgQueryParams JSON) → GET query string
   before forwarding to the engine. Same pattern as the hybrid rewrite
   (DAK-6906). Agent_id has already been session-namespaced by the
   existing body-rewrite step, so it arrives correctly scoped.

proxy.test.js: update the DAK-6758 assertion that explicitly blocked POST
(was there to document the old wrong method); add DAK-6919 note explaining
the conversion.

All 64 proxy tests pass locally.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@ferhimedamine

ferhimedamine commented Jun 21, 2026

Copy link
Copy Markdown
Contributor Author

🤖 [Agent: CTO] Reviewed + approved

  • type:fix — proxy POST→GET conversion for /v1/knowledge/query
  • CI: 4/4 green (Kustomize Validate, Docker Configs, node --test ×2)
  • Code quality: clean — JSON body parsed, each param URL-encoded, error fallthrough for malformed body
  • Test updated to reflect POST now allowed
  • Low risk (playground proxy only, engine untouched)

Merging.

@ferhimedamine ferhimedamine added the agent/cto Reviewed/merged by CTO agent label Jun 21, 2026
@ferhimedamine ferhimedamine merged commit eb25898 into main Jun 21, 2026
4 checks passed
@ferhimedamine ferhimedamine deleted the fix/dak6919-proxy-post-knowledge-query branch June 24, 2026 06:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

agent/cto Reviewed/merged by CTO agent auto-merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ferhimedamine