Skip to content

Release Dewey 7.0.2 to main#61

Merged
iamh2o merged 36 commits into
mainfrom
jem-dev
Jul 2, 2026
Merged

Release Dewey 7.0.2 to main#61
iamh2o merged 36 commits into
mainfrom
jem-dev

Conversation

@iamh2o

@iamh2o iamh2o commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Scope

Release dewey-service 7.0.2 from jem-dev to main for the Dayhoff main roll-up.

  • Formats Dewey source/tests with the CI Ruff formatter.
  • Adds a targeted # nosec B303 on CloudFront RSA-SHA1 signing; CloudFront signed policy/cookie signing requires this algorithm.
  • Installs Playwright Chromium in CI before running the existing E2E-auth tests.
  • Hardens the broker user-preferences proxy URL construction with HTTPS/host/credential/fragment validation, optional allowed-host checks, and encoded email path replacement.
  • Annotated tags pushed: 7.0.0, 7.0.1, 7.0.2. Use 7.0.2 for Dayhoff pins.

Local validation

  • ruff check dewey_service tests -> pass
  • ruff format --check dewey_service tests -> pass
  • bandit -c pyproject.toml -r dewey_service -> pass
  • focused broker URL guard tests -> 3 passed
  • source ./activate codrel && DAYHOFF_PROJECT_ROOT=/Users/jmajor/projects/mega_dayhoff/dayhoff ./.venv/bin/python -m pytest tests -q -> pass, 2 skipped

Merge policy

Merge normally when GitHub checks and review policy allow it. Do not use admin merge or force-push.

Comment thread dewey_service/app.py Fixed
Comment thread dewey_service/app.py Fixed
Comment thread dewey_service/app.py Fixed

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: fe81741ea3

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread dewey_service/app.py
Comment on lines +2952 to +2955
payload = service.revoke_share(
share_euid,
revoked_by=str(profile.get("email") or "").strip(),
reason=str(form.get("reason") or "").strip() or None,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Check ownership before revoking UI shares

Any signed-in UI user can reach this handler and revoke the supplied share_euid; there is no replacement for the previous admin-or-issuer check before calling service.revoke_share. Since /shares lists active shares to regular UI users, this lets one user disable another user's share just by pressing the Revoke action or posting the share id.

Useful? React with 👍 / 👎.

Comment thread dewey_service/services/sharing.py Outdated
)
self._append_share_audit(session, share, event)
raise PermissionError("share access denied")
ttl_limit = max(60, int(signed_ttl_seconds or payload.get("default_signed_ttl_seconds") or self.share_default_signed_ttl_seconds))

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Cap signed package TTL at the share expiry

When a share expires sooner than the requested/default signed TTL, this uses the requested TTL unchanged and passes it to S3/CloudFront signing, so a caller can mint access URLs or cookies that remain valid after the Dewey share has expired. The old share-reference path capped presign TTL by seconds_remaining; this path should similarly clamp ttl_limit to the remaining share lifetime before signing.

Useful? React with 👍 / 👎.

Comment thread dewey_service/auth.py
Comment on lines +596 to +598
if is_ai_agent_token(token):
try:
grant = validate_ai_agent_request(request, token)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Wire AI-agent tokens into the route auth dependencies

This AI-token branch is only inside require_observability_access, but the cataloged artifact/search endpoints are protected by api_auth_dep or session_or_api_auth_dep; observability routes are not in ENDPOINT_CATALOG, so a kahlo_ai_ token is rejected everywhere rather than being validated for the advertised read-only endpoints. In an AI-agent-enabled deployment, allowed agents therefore cannot read any of the Dewey endpoints this feature is meant to expose.

Useful? React with 👍 / 👎.

EndpointSpec("dewey.artifacts.list", "GET", "/api/v1/artifacts"),
EndpointSpec("dewey.artifacts.detail", "GET", "/api/v1/artifacts/{artifact_euid}"),
EndpointSpec("dewey.artifacts.graph", "GET", "/api/v1/artifacts/{artifact_euid}/graph"),
EndpointSpec("dewey.search.query", "POST", "/api/v1/search/query"),

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Point AI search grants at the live search route

dewey.search.query is registered for /api/v1/search/query, but this app exposes the search query route at /api/search/v2/query and has no /api/v1/search/query route. A grant containing dewey.search.query will therefore fail endpoint matching on the actual search API even after AI-token auth is wired into that route.

Useful? React with 👍 / 👎.

Comment thread dewey_service/cli/db.py
Comment on lines +199 to +200
@db_app.command("verify-templates")
def verify_templates() -> None:

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Register the new template commands

Defining verify-templates and repair-templates on db_app is not enough for the shipped dewey entry point: dewey_service.cli:main builds commands from the explicit register_group_commands list below, and these new callbacks are not added there. Operators will not be able to run dewey db verify-templates or dewey db repair-templates when the new template verification/repair flow is needed.

Useful? React with 👍 / 👎.

@iamh2o iamh2o changed the title [jemdev5] Merge Dewey jem-dev to main for Dayhoff 7.1.44 review train Release Dewey 7.0.0 to main Jul 1, 2026
@iamh2o iamh2o changed the title Release Dewey 7.0.0 to main Release Dewey 7.0.1 to main Jul 1, 2026
@iamh2o iamh2o changed the title Release Dewey 7.0.1 to main Release Dewey 7.0.2 to main Jul 1, 2026
@iamh2o iamh2o merged commit 818bf15 into main Jul 2, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants