[Feature] : API ENDPOINTS PR 3 : System Status and Run Management Endpoints#1132
Open
pulk17 wants to merge 5 commits into
Open
[Feature] : API ENDPOINTS PR 3 : System Status and Run Management Endpoints#1132pulk17 wants to merge 5 commits into
pulk17 wants to merge 5 commits into
Conversation
pulk17
requested review from
canihavesomecoffee and
thealphadollar
as code owners
pulk17
changed the title
cfsmp3
requested changes
Jun 24, 2026
cfsmp3
left a comment
cfsmp3
left a comment
Contributor
There was a problem hiding this comment.
HIGH:
- H2 — the C1 fix is only half-wired. The expected_outputs fix went into batch_get_run_data (run status), but get_run_summary and error_service still call the legacy is_dummy_row path (never matches). So for a run with missing output: derive_run_status says fail (right), but /summary counts it as pass with missing_output_count: 0, and /errors omits it. The endpoints contradict each other, and the headline bug resurfaces in the two endpoints users actually read. No test catches it.
- H3 — arbitrary-repo CI trigger (carryover #1117 H2). POST /runs: is_staff short-circuits ownership, repository is only regex-checked → a contributor can make the build VM clone+build any GitHub repo = arbitrary-code exec on CI infra. Gated by contributor role, but a real privilege expansion.
- H1 — migration still absent (3 PRs deep; all these routes are auth-gated so they need the token table too).
MEDIUM: cancel race (no row lock); status-filter 1000-cap drops rows + inconsistent total; summary total_samples never reconciles; _get_output_artifacts N+1 + paginates after full build; GCS signed URLs without blob.exists.
LOW/NIT: RunSummarySchema unused (raw dict, no contract); step:None dead field; queue hand-builds pagination; generic-exception→JSON path still untested.
pulk17
force-pushed
the
api-pr3-system
branch
8 times, most recently
from
dbf0613 to
a114116
Compare
9 tasks
pulk17
force-pushed
the
api-pr3-system
branch
2 times, most recently
from
2f0b3c7 to
fff7f45
Compare
|
This was referenced Jun 29, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
[FEATURE]
In raising this pull request, I confirm the following (please check boxes):
My familiarity with the project is as follows (check one):
System status and run management endpoints (PR 3/6)
Summary
Part 3 of 6 (supersedes #1117). Adds health/queue endpoints and the CI run
lifecycle, and restores the global middleware integration tests deferred from
PR 1 now that there are endpoints to test against.
System (
mod_api/routes/system.py)GET /system/health— unauthenticated; DB / local-storage / GCS status(503 only when down).
GET /system/queue—system:read; queued + running jobs withqueue_depth/running_count,?platform/?statusfilters.GET /runs/{id}/artifacts—results:read; lists run artifacts across localdisk and GCS. Path traversal blocked by
safe_resolve. (Binary/coredump/combined-stdout artifacts are produced by the CI-VM work; until that ships
they report
storage_status: "missing".)Runs (
mod_api/routes/runs.py)POST /runs—runs:write; creates a run for a commit + platform. Main-reporuns need contributor/tester/admin; fork runs require the caller to own the
fork (see dependency note). Rejects commits with no build artifact up front
(fails open if GitHub is unreachable).
GET /runs—runs:read; filter by platform/branch/commit/repo/date,sortable, paginated. Status filtering covers
queued/running/canceledatthe DB level; terminal-state filtering is intentionally not offered and
returns a clear 400.
GET /runs/{id}·/summary·/progress·/config— detail, aggregatepass/fail/skip/missing/error counts, progress timeline, launch config.
POST /runs/{id}/cancel—runs:write+ contributor/tester/admin; writes acanceledprogress row that the worker honours. Idempotent. Anyruns:writeuser may cancel any run by design in this shared CI.
Services
storage.py(local/GCS resolution + signed URLs),error_service.py(derivesstructured + infra errors),
utils.safe_resolve(realpath traversal guard).Dependency note (please read)
Fork-run permission uses
user.github_login, which is populated in PR 6(OAuth callback + a lazy fallback in this endpoint). This stack should therefore
be merged/deployed together; pre-existing users populate
github_loginon theirnext GitHub login.
Testing
137 tests across
tests/api, including the restored middleware integrationtests and permission-boundary assertions. Lint/type clean.
Next
PR 4 (#1133): samples and regression-test endpoints.