Skip to content

Commit f207349

Browse files
Copilothotlong
Copilot
and
hotlong
committed
fix: address code review feedback — document COEP rationale, replace non-null assertions
- Add comment explaining why crossOriginEmbedderPolicy is disabled (API serves cross-origin SPAs) - Replace getAuditLogAPI(kernel)! with safe getAuditAPI() helper that throws descriptive error on null Co-authored-by: hotlong <50353452+hotlong@users.noreply.github.com>
1 parent 6d16772 commit f207349

File tree

3 files changed

+28
-11
lines changed

3 files changed

+28
-11
lines changed

api/index.ts

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,9 @@ async function bootstrapKernel(): Promise<void> {
5353
objectSrc: ["'none'"],
5454
frameAncestors: ["'none'"],
5555
},
56+
// crossOriginEmbedderPolicy is disabled because API responses may be
57+
// consumed by cross-origin SPAs (Admin Console, ObjectUI) that load
58+
// resources from CDNs. COEP: require-corp would break those requests.
5659
crossOriginEmbedderPolicy: false,
5760
crossOriginResourcePolicy: 'same-origin',
5861
referrerPolicy: 'strict-origin-when-cross-origin',

packages/audit/test/integration.test.ts

Lines changed: 16 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -76,6 +76,13 @@ const triggerHook = async (
7676
}
7777
};
7878

79+
/** Retrieve the audit API or fail fast with a descriptive message */
80+
function getAuditAPI(kernel: any): AuditLogPlugin {
81+
const api = getAuditLogAPI(kernel);
82+
if (!api) throw new Error('AuditLogPlugin not registered on kernel');
83+
return api;
84+
}
85+
7986
// ── Integration tests ──────────────────────────────────────────────────────────
8087

8188
describe('Integration: Auth → Permissions → Data → Audit', () => {
@@ -114,7 +121,7 @@ describe('Integration: Auth → Permissions → Data → Audit', () => {
114121
userAgent: 'test-agent',
115122
});
116123

117-
const audit = getAuditLogAPI(kernel)!;
124+
const audit = getAuditAPI(kernel);
118125
const events = await audit.queryEvents({ userId: 'user-1' });
119126

120127
expect(events.length).toBe(1);
@@ -129,7 +136,7 @@ describe('Integration: Auth → Permissions → Data → Audit', () => {
129136
ipAddress: '192.168.1.100',
130137
});
131138

132-
const audit = getAuditLogAPI(kernel)!;
139+
const audit = getAuditAPI(kernel);
133140
const events = await audit.queryEvents({});
134141
expect(events[0].success).toBe(false);
135142
});
@@ -155,7 +162,7 @@ describe('Integration: Auth → Permissions → Data → Audit', () => {
155162
record: { id: 'acc-1', name: 'Acme Corp' },
156163
});
157164

158-
const audit = getAuditLogAPI(kernel)!;
165+
const audit = getAuditAPI(kernel);
159166
const events = await audit.queryEvents({ objectName: 'accounts' });
160167
expect(events.length).toBe(1);
161168
expect(events[0].eventType).toBe('data.create');
@@ -183,7 +190,7 @@ describe('Integration: Auth → Permissions → Data → Audit', () => {
183190
},
184191
});
185192

186-
const audit = getAuditLogAPI(kernel)!;
193+
const audit = getAuditAPI(kernel);
187194
const trail = await audit.getAuditTrail('accounts', 'acc-1');
188195
expect(trail.length).toBe(1);
189196
expect(trail[0].eventType).toBe('data.update');
@@ -206,7 +213,7 @@ describe('Integration: Auth → Permissions → Data → Audit', () => {
206213
userId: 'user-1',
207214
});
208215

209-
const audit = getAuditLogAPI(kernel)!;
216+
const audit = getAuditAPI(kernel);
210217
const events = await audit.queryEvents({
211218
objectName: 'accounts',
212219
eventType: 'data.delete',
@@ -217,7 +224,7 @@ describe('Integration: Auth → Permissions → Data → Audit', () => {
217224
// ── Complete lifecycle: login → create → update → delete → audit ───────────
218225

219226
it('should trace a full CRUD lifecycle in audit', async () => {
220-
const audit = getAuditLogAPI(kernel)!;
227+
const audit = getAuditAPI(kernel);
221228

222229
// 1. Login
223230
await triggerHook(hooks, 'auth.login', {
@@ -292,7 +299,7 @@ describe('Integration: Auth → Permissions → Data → Audit', () => {
292299
// ── Permission denied → security event ─────────────────────────────────────
293300

294301
it('should record security.access_denied when permission is denied', async () => {
295-
const audit = getAuditLogAPI(kernel)!;
302+
const audit = getAuditAPI(kernel);
296303

297304
await triggerHook(hooks, 'security.access_denied', {
298305
userId: 'user-2',
@@ -310,7 +317,7 @@ describe('Integration: Auth → Permissions → Data → Audit', () => {
310317
// ── Authorization events → audit ───────────────────────────────────────────
311318

312319
it('should record role assignment in audit trail', async () => {
313-
const audit = getAuditLogAPI(kernel)!;
320+
const audit = getAuditAPI(kernel);
314321

315322
await triggerHook(hooks, 'authz.role_assigned', {
316323
userId: 'admin-1',
@@ -361,7 +368,7 @@ describe('Integration: Auth → Permissions → Data → Audit', () => {
361368
},
362369
});
363370

364-
const auditApi = getAuditLogAPI(mock2.kernel)!;
371+
const auditApi = getAuditAPI(mock2.kernel);
365372
const trail = await auditApi.getAuditTrail('users', 'user-2');
366373
expect(trail.length).toBe(1);
367374
const fields = trail[0].changes!.map((c: any) => c.field);

packages/audit/test/performance.test.ts

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -83,6 +83,13 @@ function p95(sorted: number[]): number {
8383
return sorted[Math.min(idx, sorted.length - 1)];
8484
}
8585

86+
/** Retrieve the audit API or fail fast with a descriptive message */
87+
function getAuditAPI(kernel: any): AuditLogPlugin {
88+
const api = getAuditLogAPI(kernel);
89+
if (!api) throw new Error('AuditLogPlugin not registered on kernel');
90+
return api;
91+
}
92+
8693
// ── Constants ──────────────────────────────────────────────────────────────────
8794

8895
const ITERATIONS = 100;
@@ -219,7 +226,7 @@ describe('Performance Baseline (P95 < 100 ms)', () => {
219226
// ── Read / query operations ────────────────────────────────────────────────
220227

221228
it(`audit queryEvents P95 should be < ${P95_THRESHOLD_MS} ms (n=${ITERATIONS})`, async () => {
222-
const audit = getAuditLogAPI(kernel)!;
229+
const audit = getAuditAPI(kernel);
223230
const durations: number[] = [];
224231

225232
for (let i = 0; i < ITERATIONS; i++) {
@@ -241,7 +248,7 @@ describe('Performance Baseline (P95 < 100 ms)', () => {
241248
});
242249

243250
it(`audit getAuditTrail P95 should be < ${P95_THRESHOLD_MS} ms (n=${ITERATIONS})`, async () => {
244-
const audit = getAuditLogAPI(kernel)!;
251+
const audit = getAuditAPI(kernel);
245252
const durations: number[] = [];
246253

247254
for (let i = 0; i < ITERATIONS; i++) {

0 commit comments

Comments
 (0)