carverauto/serviceradar

Fork 0

sync #2298

Merged

mfreeman451 merged 591 commits from refs/pull/2298/head into updates/device_registry

2025-10-07 02:09:52 +00:00

mfreeman451 commented

2025-10-07 00:22:54 +00:00

(Migrated from github.com)

Owner

Imported from GitHub pull request.

Original GitHub pull request: #1727
Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/pull/1727
Original created: 2025-10-07T00:22:54Z
Original updated: 2025-10-07T02:09:52Z
Original head: carverauto/serviceradar:main
Original base: updates/device_registry
Original merged: 2025-10-07T02:09:52Z by @mfreeman451

PR Type

Enhancement, Tests, Documentation

Description

• Major performance and scalability improvements: Enhanced SYN scanner with sharded token bucket rate limiter, implemented sharded memory store for concurrent operations, and added TCP connect scanner support
• KV store infrastructure overhaul: Added multi-domain NATS KV support, atomic operations (PutIfAbsent), configuration management endpoints, and comprehensive KV metadata handling
• API server refactoring: Removed SRQL dependency, integrated RBAC middleware, added JWKS/OIDC discovery endpoints, and implemented services tree visualization
• Agent and poller enhancements: Added KV bootstrapping, runtime configuration updates, and improved service management capabilities
• Network sweeper improvements: Integrated TCP connect scanner, implemented parallel chunk processing with worker pools, and added adaptive configuration scaling
• Device deduplication: Added backfill functionality for identity management and IP alias tombstone processing
• Release automation: New GitHub release tool for automated package publishing with CI/CD integration
• Test improvements: Refactored test structures with helper functions and added comprehensive KV metadata test coverage
• Code cleanup: Import formatting, type renaming for cleaner APIs, and enhanced error handling throughout

Diagram Walkthrough

flowchart LR
  A["SRQL System"] -- "removed" --> B["Direct DB Service"]
  C["Single KV Store"] -- "enhanced" --> D["Multi-domain KV Store"]
  E["Basic Scanner"] -- "upgraded" --> F["Sharded SYN Scanner + TCP Connect"]
  G["Simple Memory Store"] -- "optimized" --> H["Sharded Memory Store"]
  I["Manual Config"] -- "automated" --> J["KV Bootstrap + Runtime Updates"]
  K["Basic API"] -- "enhanced" --> L["RBAC + OIDC + Services Tree"]

File Walkthrough

Relevant files

Enhancement

12 files

syn_scanner.go `Major SYN scanner performance and reliability enhancements` pkg/scan/syn_scanner.go • Added comprehensive constants for timing, network packet sizes, buffer management, and performance tuning • Implemented sharded token bucket rate limiter to reduce lock contention at high concurrency • Added eventfd-based ring reader wakeup mechanism for improved cancellation handling • Enhanced error handling with predefined error variables and improved resource cleanup • Integrated fastsum library for optimized checksum calculations in packet processing	+517/-382
sweeper.go `Network sweeper scalability and TCP connect scanner integration` pkg/sweeper/sweeper.go • Added TCP connect scanner support alongside existing SYN scanner for firewall-safe scanning • Implemented parallel chunk processing with worker pools for improved configuration loading performance • Added adaptive configuration scaling based on deployment size (small/medium/large/extra-large scale) • Enhanced result processing with batching and stream processing for better memory efficiency • Added comprehensive error handling with predefined error variables	+894/-139
server.go `Major API server refactoring with KV store and auth enhancements` pkg/core/api/server.go • Removed SRQL-related imports and functionality, replacing with direct database service calls • Added comprehensive KV store management with multiple endpoint support and domain routing • Implemented JWKS and OIDC discovery endpoints for authentication • Added RBAC middleware integration and admin route protection • Introduced services tree endpoint for hierarchical poller/agent/service visualization	+612/-134
kv.pb.go `KV service protocol extension with Info endpoint` proto/kv.pb.go • Added `InfoRequest` and `InfoResponse` message types for KV server configuration queries • Extended KV service with `Info` method to expose domain and bucket information • Updated protobuf definitions to include new RPC method signatures	+142/-34
publish_packages.go `GitHub release automation tool for package publishing` release/publish_packages.go • Complete GitHub release automation tool for publishing package artifacts • Supports creating/updating releases with proper asset management and versioning • Handles Debian and RPM package naming conventions with metadata extraction • Includes dry-run mode and comprehensive error handling for CI/CD integration	+779/-0
kv_grpc.pb.go `KV gRPC service extension with conditional put and info methods` proto/kv_grpc.pb.go • Added `PutIfAbsent` method for atomic conditional key storage • Implemented `Info` RPC method for KV server configuration retrieval • Updated client and server interfaces with new method signatures • Extended service descriptor with additional RPC endpoints	+87/-5
monitoring.pb.go `Add KV store identifier field to monitoring protobuf messages` proto/monitoring.pb.go • Added `KvStoreId` field to `PollerStatusRequest`, `ServiceStatus`, and `PollerStatusChunk` structs • Added corresponding getter methods `GetKvStoreId()` for the new field • Updated protobuf field numbers and serialization descriptors to accommodate the new field	+41/-11
server.go `Enhance agent server with KV bootstrapping and runtime config updates` pkg/agent/server.go • Added bootstrap functionality to create default KV configurations for common services • Introduced new error variables for better error handling (`ErrAgentIDRequired`, `ErrInvalidChunkCount`, etc.) • Added `UpdateConfig()` and `RestartServices()` methods for runtime configuration updates • Enhanced service creation to accept context parameter and improved error handling	+147/-37
memory_store.go `Implement sharded memory store for improved concurrent performance` pkg/sweeper/memory_store.go • Implemented sharded storage architecture to reduce lock contention under high write loads • Added per-shard locking and hash-based shard selection using FNV-1a algorithm • Enhanced cleanup and metrics logging with shard-aware operations • Increased default capacity from 100k to 1M results to handle larger networks	+228/-94
backfill.go `Add device deduplication backfill functionality for identity` `management` pkg/core/backfill.go • Added `BackfillIdentityTombstones()` function to handle duplicate device cleanup based on identity keys • Added `BackfillIPAliasTombstones()` function to merge IP-based duplicates into canonical devices • Implemented helper functions for identity row processing and device ID partitioning	+414/-0
auth.go `Add configuration management endpoints with KV store support` pkg/core/api/auth.go • Added `handleGetConfig()` and `handleUpdateConfig()` methods for configuration management • Implemented support for both JSON and TOML configuration formats • Added KV domain resolution and multi-store support with fallback mechanisms • Enhanced configuration routing with service-specific key generation	+263/-5
nats.go `Add multi-domain support and atomic operations to NATS KV store` pkg/kv/nats.go • Refactored to support multi-domain JetStream operations with domain-aware key routing • Added `PutIfAbsent()` method for atomic key creation • Implemented domain extraction from keys with `domains//` pattern • Enhanced connection management with per-domain JetStream and KV instances	+136/-79

Formatting

3 files

server.go `MCP server code cleanup and interface improvements` pkg/mcp/server.go • Reorganized imports and added proper formatting with consistent spacing • Renamed types from `MCPServer`, `MCPConfig`, `MCPTool` etc. to `Server`, `Config`, `Tool` for cleaner API • Added predefined error variables for common validation errors • Updated interface references to use local `QueryExecutor` instead of external API package	+36/-31
snmp_checker.go `Minor formatting improvement in SNMP checker` pkg/agent/snmp_checker.go • Added blank line for improved code formatting and readability	+1/-0
icmp_scanner_priv_test.go `Fix import order formatting in ICMP scanner test` pkg/scan/icmp_scanner_priv_test.go • Reordered import statements to follow Go conventions (standard library, third-party, local packages)	+2/-5

Documentation

1 files

vim.css

Added vim theme CSS file for documentation

third_party/cwalk/docs/assets/css/vim.css

• Added new CSS file with single line content indicating unknown vim
theme

+1/-0

Tests

3 files

aggregation_test.go `Test refactoring for device aggregation functionality` pkg/sweeper/aggregation_test.go • Refactored test structure with helper function for better test organization • Split monolithic test into focused individual test functions • Improved test readability and maintainability with proper setup/teardown • Enhanced test coverage for device result aggregation functionality	+283/-261
end_to_end_flow_test.go `Refactor end-to-end test structure with helper functions` pkg/integration_test/end_to_end_flow_test.go • Refactored test structure by extracting helper functions for better organization • Added `createTestData()` function to separate test data creation • Split main test logic into smaller, focused functions like `executeEndToEndFlow()`, `setupKVMock()`, etc. • Improved code readability and maintainability through better separation of concerns	+148/-100
kv_metadata_test.go `Add comprehensive tests for KV metadata functionality` pkg/core/kv_metadata_test.go • Added comprehensive test suite for KV metadata extraction and service record creation • Tests cover services with and without KV store IDs, metadata validation, and integration scenarios • Includes tests for `extractSafeKVMetadata()`, `createServiceRecords()`, and `ReportStatus()` methods	+389/-0

Additional files

101 files

.bazelproject	+6/-0
.bazelignore	+14/-0
.bazelrc	+83/-0
.bazelversion	+1/-0
workflows.yaml	+41/-0
.dockerignore	+8/-0
build-rbe-image.yml	+62/-0
deploy-pages.yml	+2/-2
docker-build.yml	+69/-869
golangci-lint.yml	+2/-2
main.yml	+32/-0
ocaml-build-test.yml	+53/-0
ocaml-lint.yml	+34/-0
release.yml	+181/-203
tests-golang.yml	+1/-1
tests-rust.yml	+1/-0
web-lint.yml	+2/-3
.golangci.yml	+10/-164
.goreleaser.yml	+0/-212
.ocamlformat	+3/-0
BUILD.bazel	+47/-0
CHANGELOG	+190/-0
Cargo.toml	+29/-0
MODULE.bazel	+902/-0
Makefile	+159/-25
README-Docker.md	+24/-1
README.md	+10/-4
VERSION	+1/-1
WORKSPACE	+18/-0
bazel_implementation_plan.md	+139/-0
buildbuddy.yaml	+30/-0
buildbuddy_setup_docker_auth.sh	+43/-0
BUILD.bazel	+23/-0
main.go	+29/-5
BUILD.bazel	+21/-0
main.go	+2/-1
BUILD.bazel	+42/-0
Cargo.toml	+1/-0
build.rs	+19/-1
config.rs	+20/-22
lib.rs	+1/-2
main.rs	+13/-12
poller.rs	+3/-3
rperf.rs	+26/-11
server.rs	+51/-23
BUILD.bazel	+22/-0
main.go	+2/-1
BUILD.bazel	+37/-0
build.rs	+1/-1
config.rs	+8/-3
lib.rs	+2/-3
main.rs	+5/-2
poller.rs	+57/-38
BUILD.bazel	+31/-0
server.rs	+20/-9
BUILD.bazel	+15/-0
main.go	+14/-10
BUILD.bazel	+24/-0
main.go	+44/-13
BUILD.bazel	+22/-0
BUILD.bazel	+64/-0
Cargo.toml	+6/-6
Dockerfile	+33/-14
build.rs	+6/-4
snmp_severity.json	+22/-0
test_protobuf_conversion.rs	+4/-4
put_rule.rs	+13/-2
config.rs	+18/-6
engine.rs	+1/-1
grpc_server.rs	+6/-5
integration_tests.rs	+38/-17
lib.rs	+1/-1
main.rs	+1/-1
message_processor.rs	+34/-15
nats.rs	+1/-1
otel_logs.rs	+42/-34
rule_watcher.rs	+1/-1
tests.rs	+38/-3
BUILD.bazel	+23/-0
main.go	+43/-19
BUILD.bazel	+11/-0
BUILD.bazel	+14/-0
BUILD.bazel	+45/-0
build.rs	+81/-2
ebpf_profiler.rs	+4/-5
BUILD.bazel	+29/-0
BUILD.bazel	+14/-0
Dockerfile	+1/-1
main.go	+105/-40
BUILD.bazel	+61/-0
Cargo.toml	+11/-10
Dockerfile	+27/-13
build.rs	+13/-13
mod.rs	+5/-7
mod.rs	+4/-3
mod.rs	+8/-5
udp_input.rs	+3/-1
mod.rs	+3/-7
mod.rs	+2/-2
tls_output.rs	+13/-11
Additional files not shown

Imported from GitHub pull request. Original GitHub pull request: #1727 Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/pull/1727 Original created: 2025-10-07T00:22:54Z Original updated: 2025-10-07T02:09:52Z Original head: carverauto/serviceradar:main Original base: updates/device_registry Original merged: 2025-10-07T02:09:52Z by @mfreeman451 --- ### **PR Type** Enhancement, Tests, Documentation ___ ### **Description** • **Major performance and scalability improvements**: Enhanced SYN scanner with sharded token bucket rate limiter, implemented sharded memory store for concurrent operations, and added TCP connect scanner support • **KV store infrastructure overhaul**: Added multi-domain NATS KV support, atomic operations (`PutIfAbsent`), configuration management endpoints, and comprehensive KV metadata handling • **API server refactoring**: Removed SRQL dependency, integrated RBAC middleware, added JWKS/OIDC discovery endpoints, and implemented services tree visualization • **Agent and poller enhancements**: Added KV bootstrapping, runtime configuration updates, and improved service management capabilities • **Network sweeper improvements**: Integrated TCP connect scanner, implemented parallel chunk processing with worker pools, and added adaptive configuration scaling • **Device deduplication**: Added backfill functionality for identity management and IP alias tombstone processing • **Release automation**: New GitHub release tool for automated package publishing with CI/CD integration • **Test improvements**: Refactored test structures with helper functions and added comprehensive KV metadata test coverage • **Code cleanup**: Import formatting, type renaming for cleaner APIs, and enhanced error handling throughout ___ ### Diagram Walkthrough ```mermaid flowchart LR A["SRQL System"] -- "removed" --> B["Direct DB Service"] C["Single KV Store"] -- "enhanced" --> D["Multi-domain KV Store"] E["Basic Scanner"] -- "upgraded" --> F["Sharded SYN Scanner + TCP Connect"] G["Simple Memory Store"] -- "optimized" --> H["Sharded Memory Store"] I["Manual Config"] -- "automated" --> J["KV Bootstrap + Runtime Updates"] K["Basic API"] -- "enhanced" --> L["RBAC + OIDC + Services Tree"] ``` <details> <summary><h3> File Walkthrough</h3></summary> <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td>Enhancement</td><td><details><summary>12 files</summary><table> <tr> <td> <details> <summary>syn_scanner.go<dd><code>Major SYN scanner performance and reliability enhancements</code></dd></summary> <hr> pkg/scan/syn_scanner.go • Added comprehensive constants for timing, network packet sizes, buffer management, and performance tuning • Implemented sharded token bucket rate limiter to reduce lock contention at high concurrency • Added eventfd-based ring reader wakeup mechanism for improved cancellation handling • Enhanced error handling with predefined error variables and improved resource cleanup • Integrated fastsum library for optimized checksum calculations in packet processing </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-7880cd67123880e64f1e9ceb07a803af739f8692988a857f902952d0dcc58a93">+517/-382</a></td> </tr> <tr> <td> <details> <summary>sweeper.go<dd><code>Network sweeper scalability and TCP connect scanner integration</code></dd></summary> <hr> pkg/sweeper/sweeper.go • Added TCP connect scanner support alongside existing SYN scanner for firewall-safe scanning • Implemented parallel chunk processing with worker pools for improved configuration loading performance • Added adaptive configuration scaling based on deployment size (small/medium/large/extra-large scale) • Enhanced result processing with batching and stream processing for better memory efficiency • Added comprehensive error handling with predefined error variables </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-d11dee1504de681453c5a04e22ae44d64820221ac6b84a1630d3a3929dace47a">+894/-139</a></td> </tr> <tr> <td> <details> <summary>server.go<dd><code>Major API server refactoring with KV store and auth enhancements</code></dd></summary> <hr> pkg/core/api/server.go • Removed SRQL-related imports and functionality, replacing with direct database service calls • Added comprehensive KV store management with multiple endpoint support and domain routing • Implemented JWKS and OIDC discovery endpoints for authentication • Added RBAC middleware integration and admin route protection • Introduced services tree endpoint for hierarchical poller/agent/service visualization </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-1bb99367fdd853c728b7cfbf5893a293f6d217144dfb5282cb8dd32e5261021e">+612/-134</a></td> </tr> <tr> <td> <details> <summary>kv.pb.go<dd><code>KV service protocol extension with Info endpoint</code>                  </dd></summary> <hr> proto/kv.pb.go • Added <code>InfoRequest</code> and <code>InfoResponse</code> message types for KV server configuration queries • Extended KV service with <code>Info</code> method to expose domain and bucket information • Updated protobuf definitions to include new RPC method signatures </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-0b9bbdd1cf0f65de86dd5ee0c824e5d35326bb4b8edcf1c97b61864493f4477f">+142/-34</a></td> </tr> <tr> <td> <details> <summary>publish_packages.go<dd><code>GitHub release automation tool for package publishing</code>        </dd></summary> <hr> release/publish_packages.go • Complete GitHub release automation tool for publishing package artifacts • Supports creating/updating releases with proper asset management and versioning • Handles Debian and RPM package naming conventions with metadata extraction • Includes dry-run mode and comprehensive error handling for CI/CD integration </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-638cfa7da020be995c5e05ba794edd1080d194845870a0061688e0b9afbcadc7">+779/-0</a>  </td> </tr> <tr> <td> <details> <summary>kv_grpc.pb.go<dd><code>KV gRPC service extension with conditional put and info methods</code></dd></summary> <hr> proto/kv_grpc.pb.go • Added <code>PutIfAbsent</code> method for atomic conditional key storage • Implemented <code>Info</code> RPC method for KV server configuration retrieval • Updated client and server interfaces with new method signatures • Extended service descriptor with additional RPC endpoints </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-6daa12c34cd941284969fc2b1098fff1f7a96a17c57d99c7ba9267d494ebddd5">+87/-5</a>    </td> </tr> <tr> <td> <details> <summary>monitoring.pb.go<dd><code>Add KV store identifier field to monitoring protobuf messages</code></dd></summary> <hr> proto/monitoring.pb.go • Added <code>KvStoreId</code> field to <code>PollerStatusRequest</code>, <code>ServiceStatus</code>, and <code>PollerStatusChunk</code> structs • Added corresponding getter methods <code>GetKvStoreId()</code> for the new field • Updated protobuf field numbers and serialization descriptors to accommodate the new field </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-4f7e955b42854cc9cf3fb063b95e58a04f36271e6a0c1cb42ea6d7953dd96cc4">+41/-11</a>  </td> </tr> <tr> <td> <details> <summary>server.go<dd><code>Enhance agent server with KV bootstrapping and runtime config updates</code></dd></summary> <hr> pkg/agent/server.go • Added bootstrap functionality to create default KV configurations for common services • Introduced new error variables for better error handling (<code>ErrAgentIDRequired</code>, <code>ErrInvalidChunkCount</code>, etc.) • Added <code>UpdateConfig()</code> and <code>RestartServices()</code> methods for runtime configuration updates • Enhanced service creation to accept context parameter and improved error handling </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-3c51e5356a25859a3300ab62ed2494462feb2567ef69e6db3aa2bbc1032c1c5d">+147/-37</a></td> </tr> <tr> <td> <details> <summary>memory_store.go<dd><code>Implement sharded memory store for improved concurrent performance</code></dd></summary> <hr> pkg/sweeper/memory_store.go • Implemented sharded storage architecture to reduce lock contention under high write loads • Added per-shard locking and hash-based shard selection using FNV-1a algorithm • Enhanced cleanup and metrics logging with shard-aware operations • Increased default capacity from 100k to 1M results to handle larger networks </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-54c761e2155455ac0e86e2cf1405610fe315d966ab17d4f008c3dd7227a05389">+228/-94</a></td> </tr> <tr> <td> <details> <summary>backfill.go<dd><code>Add device deduplication backfill functionality for identity </code> <code>management</code></dd></summary> <hr> pkg/core/backfill.go • Added <code>BackfillIdentityTombstones()</code> function to handle duplicate device cleanup based on identity keys • Added <code>BackfillIPAliasTombstones()</code> function to merge IP-based duplicates into canonical devices • Implemented helper functions for identity row processing and device ID partitioning </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-d7d2f4aea42bb0d5c5c3439c6d4c27f27ce935961e8a5479203c67e958a10345">+414/-0</a>  </td> </tr> <tr> <td> <details> <summary>auth.go<dd><code>Add configuration management endpoints with KV store support</code></dd></summary> <hr> pkg/core/api/auth.go • Added <code>handleGetConfig()</code> and <code>handleUpdateConfig()</code> methods for configuration management • Implemented support for both JSON and TOML configuration formats • Added KV domain resolution and multi-store support with fallback mechanisms • Enhanced configuration routing with service-specific key generation </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-61eb09279471ca59a1b57a306f0ad05988a8cb39eca163b32bfb86c53f8a553e">+263/-5</a>  </td> </tr> <tr> <td> <details> <summary>nats.go<dd><code>Add multi-domain support and atomic operations to NATS KV store</code></dd></summary> <hr> pkg/kv/nats.go • Refactored to support multi-domain JetStream operations with domain-aware key routing • Added <code>PutIfAbsent()</code> method for atomic key creation • Implemented domain extraction from keys with <code>domains/<domain>/<key></code> pattern • Enhanced connection management with per-domain JetStream and KV instances </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-329ec6e09a0af7af2887a668a87058a76195be2ad869e5616a3c4f958300b538">+136/-79</a></td> </tr> </table></details></td></tr><tr><td>Formatting</td><td><details><summary>3 files</summary><table> <tr> <td> <details> <summary>server.go<dd><code>MCP server code cleanup and interface improvements</code>              </dd></summary> <hr> pkg/mcp/server.go • Reorganized imports and added proper formatting with consistent spacing • Renamed types from <code>MCPServer</code>, <code>MCPConfig</code>, <code>MCPTool</code> etc. to <code>Server</code>, <code>Config</code>, <code>Tool</code> for cleaner API • Added predefined error variables for common validation errors • Updated interface references to use local <code>QueryExecutor</code> instead of external API package </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-bbb88ac338d81b0a37cd59fc53d68171d2de4780653253a2fd257f18fbf81bd0">+36/-31</a>  </td> </tr> <tr> <td> <details> <summary>snmp_checker.go<dd><code>Minor formatting improvement in SNMP checker</code>                          </dd></summary> <hr> pkg/agent/snmp_checker.go • Added blank line for improved code formatting and readability </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-bee3089f8dea56b1e56bbc4ac9d35045c4a5f0b994166863fe024a38d7498217">+1/-0</a>      </td> </tr> <tr> <td> <details> <summary>icmp_scanner_priv_test.go<dd><code>Fix import order formatting in ICMP scanner test</code>                  </dd></summary> <hr> pkg/scan/icmp_scanner_priv_test.go • Reordered import statements to follow Go conventions (standard library, third-party, local packages) </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-a9b6f708c5a1fb6cf3749e897fcda39e87ecf604f36a107d181f991a687a278e">+2/-5</a>      </td> </tr> </table></details></td></tr><tr><td>Documentation</td><td><details><summary>1 files</summary><table> <tr> <td> <details> <summary>vim.css<dd><code>Added vim theme CSS file for documentation</code>                              </dd></summary> <hr> third_party/cwalk/docs/assets/css/vim.css • Added new CSS file with single line content indicating unknown vim theme </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-3a5a9274e70ce11b91827be4284dd315bcd312f267fc0cf1ee998cce4fcd8d31">+1/-0</a>      </td> </tr> </table></details></td></tr><tr><td>Tests</td><td><details><summary>3 files</summary><table> <tr> <td> <details> <summary>aggregation_test.go<dd><code>Test refactoring for device aggregation functionality</code>        </dd></summary> <hr> pkg/sweeper/aggregation_test.go • Refactored test structure with helper function for better test organization • Split monolithic test into focused individual test functions • Improved test readability and maintainability with proper setup/teardown • Enhanced test coverage for device result aggregation functionality </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-0c6eb392da3429542428a3c3242866632ba312a670e5face8b1d295fca100d82">+283/-261</a></td> </tr> <tr> <td> <details> <summary>end_to_end_flow_test.go<dd><code>Refactor end-to-end test structure with helper functions</code>  </dd></summary> <hr> pkg/integration_test/end_to_end_flow_test.go • Refactored test structure by extracting helper functions for better organization • Added <code>createTestData()</code> function to separate test data creation • Split main test logic into smaller, focused functions like <code>executeEndToEndFlow()</code>, <code>setupKVMock()</code>, etc. • Improved code readability and maintainability through better separation of concerns </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-6dff4f9743edf8c3c96347e647c79c69298493d14799422053709bf8634955e4">+148/-100</a></td> </tr> <tr> <td> <details> <summary>kv_metadata_test.go<dd><code>Add comprehensive tests for KV metadata functionality</code>        </dd></summary> <hr> pkg/core/kv_metadata_test.go • Added comprehensive test suite for KV metadata extraction and service record creation • Tests cover services with and without KV store IDs, metadata validation, and integration scenarios • Includes tests for <code>extractSafeKVMetadata()</code>, <code>createServiceRecords()</code>, and <code>ReportStatus()</code> methods </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-9781be6aa22021969f0bef009e7f289eb024e84b06203c0bf35ba6f20f3e0101">+389/-0</a>  </td> </tr> </table></details></td></tr><tr><td>Additional files</td><td><details><summary>101 files</summary><table> <tr> <td>.bazelproject</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-a9ff8a02a470e2f1d4358f0bf4e51383ce6be39894c8100edd425d278a123268">+6/-0</a>      </td> </tr> <tr> <td>.bazelignore</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-a5641cd37d6ad98b32cdfce1980836cc68312277bc6a7052f55da02ada5bc6cf">+14/-0</a>    </td> </tr> <tr> <td>.bazelrc</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-544556920c45b42cbfe40159b082ce8af6bd929e492d076769226265f215832f">+83/-0</a>    </td> </tr> <tr> <td>.bazelversion</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-c3633fb973fb6f3cf898f53da86fa77e9310338a7c2933143709d5e226f05f75">+1/-0</a>      </td> </tr> <tr> <td>workflows.yaml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-ab6de3b3c2e87a5324595cc6b8656ab7bae1dee7d0c60e0626128e634f71711d">+41/-0</a>    </td> </tr> <tr> <td>.dockerignore</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-2f754321d62f08ba8392b9b168b83e24ea2852bb5d815d63e767f6c3d23c6ac5">+8/-0</a>      </td> </tr> <tr> <td>build-rbe-image.yml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-267c8680ad3f655b43d9bc8d7c55af4cef338efacdc9c90b3264ef9856a22493">+62/-0</a>    </td> </tr> <tr> <td>deploy-pages.yml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-0f132b0962009071404990a6789b3466dbd8723d1f7b744f6aca0312396a7900">+2/-2</a>      </td> </tr> <tr> <td>docker-build.yml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-3414847e2ad632333f775cabb810f0dc0df61a570365df34750a08b00912fe82">+69/-869</a></td> </tr> <tr> <td>golangci-lint.yml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-d9a956120ac84289d2650137f64bd8f0893331de05e44cc41899dd984c9e0d48">+2/-2</a>      </td> </tr> <tr> <td>main.yml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-7829468e86c1cc5d5133195b5cb48e1ff6c75e3e9203777f6b2e379d9e4882b3">+32/-0</a>    </td> </tr> <tr> <td>ocaml-build-test.yml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-c84bfd564288a05e2cf23310cbe1d0d566e1c6e9372389a67a4fc113e8dc649f">+53/-0</a>    </td> </tr> <tr> <td>ocaml-lint.yml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-204e2b3bc66687a5546a45ad23cb017a3b551ecc106685c6bc36e3f8a1c366e3">+34/-0</a>    </td> </tr> <tr> <td>release.yml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-87db21a973eed4fef5f32b267aa60fcee5cbdf03c67fafdc2a9b553bb0b15f34">+181/-203</a></td> </tr> <tr> <td>tests-golang.yml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-07d64b93f6e82cf63364ba9ed8e6b02148c6b817eca20ac588da5516a3f38523">+1/-1</a>      </td> </tr> <tr> <td>tests-rust.yml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-fe45c58ef3e0ce2e65eb15e70842d134358ff957e727155bcfd21cc09ad38940">+1/-0</a>      </td> </tr> <tr> <td>web-lint.yml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-9d090859e31fc574efb47cacf534d619a3e83d55e59da3be2484999b9055b1b2">+2/-3</a>      </td> </tr> <tr> <td>.golangci.yml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-6179837f7df53a6f05c522b6b7bb566d484d5465d9894fb04910dd08bb40dcc9">+10/-164</a></td> </tr> <tr> <td>.goreleaser.yml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-42e26dc67aed8aa3edb2472b4403288c1699fb6dc47419b9a475f0f224fe4689">+0/-212</a>  </td> </tr> <tr> <td>.ocamlformat</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-73428b4294eda9633d2fdfa761e27dc2427d90eae02367476ece0b5518dc9f6b">+3/-0</a>      </td> </tr> <tr> <td>BUILD.bazel</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-7fc57714ef13c3325ce2a1130202edced92fcccc0c6db34a72f7b57f60d552a3">+47/-0</a>    </td> </tr> <tr> <td>CHANGELOG</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-ecec88c33adb7591ee6aa88e29b62ad52ef443611cba5e0f0ecac9b5725afdba">+190/-0</a>  </td> </tr> <tr> <td>Cargo.toml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-2e9d962a08321605940b5a657135052fbcef87b5e360662bb527c96d9a615542">+29/-0</a>    </td> </tr> <tr> <td>MODULE.bazel</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-6136fc12446089c3db7360e923203dd114b6a1466252e71667c6791c20fe6bdc">+902/-0</a>  </td> </tr> <tr> <td>Makefile</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-76ed074a9305c04054cdebb9e9aad2d818052b07091de1f20cad0bbac34ffb52">+159/-25</a></td> </tr> <tr> <td>README-Docker.md</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-9fd61d24482efe68c22d8d41e2a1dcc440f39195aa56e7a050f2abe598179efd">+24/-1</a>    </td> </tr> <tr> <td>README.md</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5">+10/-4</a>    </td> </tr> <tr> <td>VERSION</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-7b60b8e351cbb80c47459ffe2c79f1a26404871f49294780fe47ad0e58c09350">+1/-1</a>      </td> </tr> <tr> <td>WORKSPACE</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-5493ff8e9397811510e780de47c57abb70137f1afe85d1519130dc3679d60ce5">+18/-0</a>    </td> </tr> <tr> <td>bazel_implementation_plan.md</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-d5238d7315f2485aa072f2dd0eabaec82e13a5e564bbaf40219dee882e0687e6">+139/-0</a>  </td> </tr> <tr> <td>buildbuddy.yaml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-455c97ce748484a181e002949dbe70422aedc497a358e023dc162776ce940751">+30/-0</a>    </td> </tr> <tr> <td>buildbuddy_setup_docker_auth.sh</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-b8834135959342425abf14bc72698a3c47918fa435c7284348cc9735beb0bec4">+43/-0</a>    </td> </tr> <tr> <td>BUILD.bazel</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-143f8d1549d52f28906f19ce28e5568a5be474470ff103c2c1e63c3e6b08d670">+23/-0</a>    </td> </tr> <tr> <td>main.go</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-61358711e980ccf505246fd3915f97cbd3a380e9b66f6fa5aad46749968c5ca3">+29/-5</a>    </td> </tr> <tr> <td>BUILD.bazel</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-c5a714dfa29850bd891ea70c308bf459a16cf6623c9c20b14efce653b5a2890c">+21/-0</a>    </td> </tr> <tr> <td>main.go</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-2beb066906fd7a77f5812c5dcdb294a4886c9c2943378f49bce239cfe51b8035">+2/-1</a>      </td> </tr> <tr> <td>BUILD.bazel</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-4a15e4d3ef48348a6039522ddb9a0fc2ca5f1ee56ea80a51de4d2a8100a5cc32">+42/-0</a>    </td> </tr> <tr> <td>Cargo.toml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-d4e8f0294dbe6d131ef708fc81351a6cd18f7c99ee0cb202dd1513e91ed2ffcc">+1/-0</a>      </td> </tr> <tr> <td>build.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-251e7a923f45f8f903e510d10f183366bda06d281c8ecc3669e1858256e2186d">+19/-1</a>    </td> </tr> <tr> <td>config.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-d88a74ae9a3f4657a7bd9ec1b1df4956812c13647d59379e8c393724773dc0f3">+20/-22</a>  </td> </tr> <tr> <td>lib.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-273545b9f1e8a68d7e2d2a1372f282f539ef49cdca809b37a81e621188d826ca">+1/-2</a>      </td> </tr> <tr> <td>main.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-fb8dc04ef7087f15c7498a2d197e37fd629444ebff0291a3cc8ca49aabdc94cc">+13/-12</a>  </td> </tr> <tr> <td>poller.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-889b4699b32d153c10acda4d076746d0014d4b97cc0021c789c0ad2f5687c187">+3/-3</a>      </td> </tr> <tr> <td>rperf.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-c1bff1ac0ccebf64439cfcd4d22255f9606b02de5c29d05929c590c6580b6bea">+26/-11</a>  </td> </tr> <tr> <td>server.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-bce0f4ca6548712f224b73816825d28e831acbbff7dbed3c98671ed50f65d028">+51/-23</a>  </td> </tr> <tr> <td>BUILD.bazel</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-a4677c1b820d80470df120cbb56dd6d8a185de34399ac6f3431bf116845bbb29">+22/-0</a>    </td> </tr> <tr> <td>main.go</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-f25402eade63525184cb5e7437accff93c7b9338eebe81add6dc5f2a9eb12550">+2/-1</a>      </td> </tr> <tr> <td>BUILD.bazel</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-6ab6e69dfb3cd621d100077fa496690634adb5fcd88806f891575024f1835480">+37/-0</a>    </td> </tr> <tr> <td>build.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-2e519950c72a7e0bd53e22628bcd1a5dc31f6a6a0070b4c47221b1948a3b2099">+1/-1</a>      </td> </tr> <tr> <td>config.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-46f593479dc3970ff83d81b23db32d37c4b22ff4491baa7a418f120dcb90db03">+8/-3</a>      </td> </tr> <tr> <td>lib.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-e7e8897bb436806d2e6fb61aa2bdf32e7bf6c97915595d0e0987e43c725efad5">+2/-3</a>      </td> </tr> <tr> <td>main.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-cef134403622089f759cfa006eb04dc8f1cfda08497a9d38586cc4de03d14820">+5/-2</a>      </td> </tr> <tr> <td>poller.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-0d4828713c5d17e6ed70074eb16b948b8a7b6b14a8b43cfe76e3c78665a392ad">+57/-38</a>  </td> </tr> <tr> <td>BUILD.bazel</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-2346a623a60f467f6754b43761b090fc9e47684cd26200715ee855e6348b28e4">+31/-0</a>    </td> </tr> <tr> <td>server.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-2c4395fee16396339c3eea518ad9bec739174c67c9cedf62e6848c17136dd33e">+20/-9</a>    </td> </tr> <tr> <td>BUILD.bazel</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-28585d443ee238a985024d78e491e8a2f060b26fd076b99325bd5fb672354062">+15/-0</a>    </td> </tr> <tr> <td>main.go</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-ed4d81d29a7267f93fd77e17993fd3491b9ef6ded18490b4514d10ed1d803bc2">+14/-10</a>  </td> </tr> <tr> <td>BUILD.bazel</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-ba4bbabb721d98056e2dc9a701e251b851b58e572cb720010b7c8fe7c66b4f74">+24/-0</a>    </td> </tr> <tr> <td>main.go</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-c9a73828b631e4618af51a47bc4c618d72ad1726fef3c3cbe12ab73b57b0eb63">+44/-13</a>  </td> </tr> <tr> <td>BUILD.bazel</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-fe50aa09443ec66049932b1528481cf6ab3c09f65f10d8c1c26af0d8d22545f5">+22/-0</a>    </td> </tr> <tr> <td>BUILD.bazel</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-90cac68b6fbfbbd4bf13f53b28eba4521b280f84f7745088a27978a956bd3297">+64/-0</a>    </td> </tr> <tr> <td>Cargo.toml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-fcf0c672917b64a5b953a914af013f16dddd6a1d813810236364e32f1ae70382">+6/-6</a>      </td> </tr> <tr> <td>Dockerfile</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-9f8119755792e77da338d2d29ce5e1bbfeeb8f5816a3233e78a9e206bafb0b53">+33/-14</a>  </td> </tr> <tr> <td>build.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-4153a5e986ccd32258cb542124c79a00d348dc72dc8539a004c16787882dd45e">+6/-4</a>      </td> </tr> <tr> <td>snmp_severity.json</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-c878688a2230e487cfe0e49de71b174e50975579c6b84988aa2dd32bc4fea4da">+22/-0</a>    </td> </tr> <tr> <td>test_protobuf_conversion.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-c54c03c920ed756b176d45cc029df0465170694ef55b4d249a1f8898dad6c4d6">+4/-4</a>      </td> </tr> <tr> <td>put_rule.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-beb89dda0f6336f7028dad3a2c0ff6e8874544eb71175df4263b11b8de41b3ad">+13/-2</a>    </td> </tr> <tr> <td>config.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-05038f3867985e757de9027609950e682bad6d1992dac6acd7c28962a3c65dc4">+18/-6</a>    </td> </tr> <tr> <td>engine.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-90476c419197f41cf4ea7847c91cefbc25e935ad581ce74e8f6e72ed7398a4ae">+1/-1</a>      </td> </tr> <tr> <td>grpc_server.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-e4564a93f6cf84ff91cd3d8141fc9272ec9b4ec19defd107afa42be01fcfed5b">+6/-5</a>      </td> </tr> <tr> <td>integration_tests.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-8f8472cec653bcfc677523f13262b63dbf7ea390d52249db1e52c670fe0ce60f">+38/-17</a>  </td> </tr> <tr> <td>lib.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-35fd9a3361cdb159c06c3a51dbadb73fd00d76696fffca3b19bcc7e3b0ad39e4">+1/-1</a>      </td> </tr> <tr> <td>main.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-78494042ba6078c9704eeb6e374d97a3481a5a74426db8e95ed34da15f9133b2">+1/-1</a>      </td> </tr> <tr> <td>message_processor.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-9fcbc5358a9009e60a8cd22d21e5a9ea652787c727732d0b869e0865495114c3">+34/-15</a>  </td> </tr> <tr> <td>nats.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-97f7335def0ad5d644b594a1076ae2d7080b11259cbb8de22c7946cc8e4b39f8">+1/-1</a>      </td> </tr> <tr> <td>otel_logs.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-4542ace311c2de0c5f9389169b9b4b3429e972dde67ea1c6efb9dff04ec1c725">+42/-34</a>  </td> </tr> <tr> <td>rule_watcher.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-22e47be42ea9309e19c65dac41d6cd8218f6ebdc4c10d9c5c8a0863f996d2187">+1/-1</a>      </td> </tr> <tr> <td>tests.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-85c5601521c9a9784723e5882651a72b3828419842d17046e71c65330bb95419">+38/-3</a>    </td> </tr> <tr> <td>BUILD.bazel</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-cf437f055db002c5a1dba0ac4a4949d0ecc4b095e8e760bf5aec0f5d4c08f572">+23/-0</a>    </td> </tr> <tr> <td>main.go</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-4ab3fd1d4debc53dd2499d94a0f60c648fdae4235dd1e3678095a975f5bb434a">+43/-19</a>  </td> </tr> <tr> <td>BUILD.bazel</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-97a9259cd922a95e1845b47b64c7fd7c0ea2fa56a7988ca4d6e89a2116b3cc36">+11/-0</a>    </td> </tr> <tr> <td>BUILD.bazel</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-941aea21a72c2cb1fd728aed674b766e8da518883358ac516c0b76334359bd78">+14/-0</a>    </td> </tr> <tr> <td>BUILD.bazel</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-aa5c19161b6b0ff3eaf8e42eaadc9f7a565937f73e40ef061acd18210b072a43">+45/-0</a>    </td> </tr> <tr> <td>build.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-8b543b27bc19aeba636edcd34b59c29b3816007d059cd43cd251485f86738fbf">+81/-2</a>    </td> </tr> <tr> <td>ebpf_profiler.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-65777d967e1beb73c969136c256d46b88b3af66d3b86d5896ca23e0fac27259a">+4/-5</a>      </td> </tr> <tr> <td>BUILD.bazel</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-dc372981c580a9d68559e21394080f7e824cbe2237cc8508f9dd5c2d70d56b56">+29/-0</a>    </td> </tr> <tr> <td>BUILD.bazel</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-15d768d764ce61c26633641d404c52860ecc3da6d4b634c990acbc70c29cd944">+14/-0</a>    </td> </tr> <tr> <td>Dockerfile</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-72fbd6c8b426e64c1ee88432e9de64f3320497b811af1ebd5018cdacaffa5753">+1/-1</a>      </td> </tr> <tr> <td>main.go</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-f101715b3bafbe3843ac9df0ffa3566fd0278b8f730efa3665557ce98acf6d23">+105/-40</a></td> </tr> <tr> <td>BUILD.bazel</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-e0d27194757d8bbbfba44ac2d6b074f78fce8a879099e15c4a612ed03056504c">+61/-0</a>    </td> </tr> <tr> <td>Cargo.toml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-af6a11c5ce62ae0c7b7f89db3be8cdfb86f3740aeef4c31f0b630efdc2f6b2ef">+11/-10</a>  </td> </tr> <tr> <td>Dockerfile</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-7199f3111d0ff4e1154dd5a0f2250ea0e82c39031abdf7864356570dd1007c87">+27/-13</a>  </td> </tr> <tr> <td>build.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-76371a21f53984490f7974e3e4892e795d92a4f4708e6ad5c74fed331953a005">+13/-13</a>  </td> </tr> <tr> <td>mod.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-89aa5e80212ba1e12b87863590cc800b54d74edeabb21a880ffa9142f072b743">+5/-7</a>      </td> </tr> <tr> <td>mod.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-587d9b1e3ad27618f00a2ef16e32e28aca3d5c9ea0eb5c8af23e3b989c3c43f4">+4/-3</a>      </td> </tr> <tr> <td>mod.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-dd7b7ea7c9d376611bb19203bd29fa729051a6bc61e98a76a62c5ae8e6939545">+8/-5</a>      </td> </tr> <tr> <td>udp_input.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-cffc68de2fb2c7898014fa938a6014047f92128f76a0d7dcbdcb9bf17f1c159a">+3/-1</a>      </td> </tr> <tr> <td>mod.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-43777ae71be078e49f7fc95a9f2bc415e0b431f1eecc93f99a6f9fc682b0c5f6">+3/-7</a>      </td> </tr> <tr> <td>mod.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-19049bdd775fa6c5a03db1f8db912ae7eac67d0f8b62e554f1f084226d055965">+2/-2</a>      </td> </tr> <tr> <td>tls_output.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-16141d5b9703bf496ce2b9bb40601e3071ddbbd7f0a4e5c021a85c7a106d8cfa">+13/-11</a>  </td> </tr> <tr> <td>Additional files not shown</td> <td><a href="https://github.com/carverauto/serviceradar/pull/1727/files#diff-2f328e4cd8dbe3ad193e49d92bcf045f47a6b72b1e9487d366f6b8288589b4ca"></a></td> </tr> </table></details></td></tr></tr></tbody></table> </details> ___

qodo-code-review[bot] commented

2025-10-07 00:35:31 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/1727#issuecomment-3374738566
Original created: 2025-10-07T00:35:31Z

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
⚪	Environment-based toggle Description: Use of environment variable 'SR_SYN_USE_EVENTFD' conditionally enables eventfd-based wakeups without authentication or privilege checks, which could allow unbounded wakeups if an attacker can set the environment for the running process; ensure the runtime environment is controlled and consider a safer default. syn_scanner.go [2056-2071] Referred Code `if s.wakeFD == 0 { if os.Getenv("SR_SYN_USE_EVENTFD") == "1" { fd, err := unix.Eventfd(0, 0) if err == nil { _ = unix.SetNonblock(fd, true) s.wakeFD = fd s.logger.Debug().Msg("Using eventfd for ring wakeups") } else { // Fall back to timeout-based poll s.logger.Debug().Err(err).Msg("eventfd unavailable; using timeout-based ring polling") } } } scanStartTime := time.Now()`
	Rate limit disable risk Description: Conservative caps and defaults in rate limiting are implemented, but SetRateLimit allows disabling limits (pps<=0) resulting in allow-all behavior; if exposed to untrusted input, this could enable packet flood—validate caller and guard external configuration paths. syn_scanner.go [1599-1660] Referred Code `// Apply conservative multiplier when using risky fallback range // This reduces contention with system ephemeral port allocation originalSafeCapacity := safeCapacityPPS safeCapacityPPS /= capacityReduction // Reduce to 25% of calculated capacity if safeCapacityPPS < minSafeRatePPS { safeCapacityPPS = minSafeRatePPS // Minimum viable rate } log.Warn(). ... (clipped 41 lines)`
	Hash-based shard skew Description: FNV-1a based shard selection over user-controlled host string could be skewed by crafted inputs causing shard hotspotting; consider stronger hashing or salting to reduce targeted contention. memory_store.go [592-633] Referred Code ... (clipped 21 lines) </details></details></td></tr> <tr><td colspan='2'><strong>Ticket Compliance</strong></td></tr> <tr><td>⚪</td><td><details><summary>🎫 <strong>No ticket provided </summary></strong> - [ ] Create ticket/issue <!-- /create_ticket --create_ticket=true --> </details></td></tr> <tr><td colspan='2'><strong>Codebase Duplication Compliance</strong></td></tr> <tr><td>⚪</td><td><details><summary><strong>Codebase context is not defined </strong></summary> Follow the <a href='https://qodo-merge-docs.qodo.ai/core-abilities/rag_context_enrichment/'>guide</a> to enable codebase context checks. </details></td></tr> <tr><td colspan='2'><strong>Custom Compliance</strong></td></tr> <tr><td>⚪</td><td><details><summary><strong>No custom compliance provided</strong></summary> Follow the <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/'>guide</a> to enable custom compliance check. </details></td></tr> <tr><td align="center" colspan="2"> <!-- placeholder --> <!-- /compliance --update_compliance=true --> </td></tr></tbody></table> <details><summary>Compliance status legend</summary> 🟢 - Fully Compliant<br> 🟡 - Partial Compliant<br> 🔴 - Not Compliant<br> ⚪ - Requires Further Human Verification<br> 🏷️ - Compliance label<br> </details>

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/1727#issuecomment-3374738566 Original created: 2025-10-07T00:35:31Z --- ## PR Compliance Guide 🔍  Below is a summary of compliance checks for this PR: <table><tbody><tr><td colspan='2'>Security Compliance</td></tr> <tr><td rowspan=3>⚪</td> <td><details><summary>Environment-based toggle </summary> Description: Use of environment variable 'SR_SYN_USE_EVENTFD' conditionally enables eventfd-based wakeups without authentication or privilege checks, which could allow unbounded wakeups if an attacker can set the environment for the running process; ensure the runtime environment is controlled and consider a safer default. <a href='https://github.com/carverauto/serviceradar/pull/1727/files#diff-7880cd67123880e64f1e9ceb07a803af739f8692988a857f902952d0dcc58a93R2056-R2071'>syn_scanner.go [2056-2071]</a> <details open><summary>Referred Code</summary> ```go if s.wakeFD == 0 { if os.Getenv("SR_SYN_USE_EVENTFD") == "1" { fd, err := unix.Eventfd(0, 0) if err == nil { _ = unix.SetNonblock(fd, true) s.wakeFD = fd s.logger.Debug().Msg("Using eventfd for ring wakeups") } else { // Fall back to timeout-based poll s.logger.Debug().Err(err).Msg("eventfd unavailable; using timeout-based ring polling") } } } scanStartTime := time.Now() ``` </details></details></td></tr> <tr><td><details><summary>Rate limit disable risk </summary> Description: Conservative caps and defaults in rate limiting are implemented, but SetRateLimit allows disabling limits (pps<=0) resulting in allow-all behavior; if exposed to untrusted input, this could enable packet flood—validate caller and guard external configuration paths. <a href='https://github.com/carverauto/serviceradar/pull/1727/files#diff-7880cd67123880e64f1e9ceb07a803af739f8692988a857f902952d0dcc58a93R1599-R1660'>syn_scanner.go [1599-1660]</a> <details open><summary>Referred Code</summary> ```go // Apply conservative multiplier when using risky fallback range // This reduces contention with system ephemeral port allocation originalSafeCapacity := safeCapacityPPS safeCapacityPPS /= capacityReduction // Reduce to 25% of calculated capacity if safeCapacityPPS < minSafeRatePPS { safeCapacityPPS = minSafeRatePPS // Minimum viable rate } log.Warn(). ... (clipped 41 lines) ``` </details></details></td></tr> <tr><td><details><summary>Hash-based shard skew </summary> Description: FNV-1a based shard selection over user-controlled host string could be skewed by crafted inputs causing shard hotspotting; consider stronger hashing or salting to reduce targeted contention. <a href='https://github.com/carverauto/serviceradar/pull/1727/files#diff-54c761e2155455ac0e86e2cf1405610fe315d966ab17d4f008c3dd7227a05389R592-R633'>memory_store.go [592-633]</a> <details open><summary>Referred Code</summary> ... (clipped 21 lines) ``` </details></details></td></tr> <tr><td colspan='2'>Ticket Compliance</td></tr> <tr><td>⚪</td><td><details><summary>🎫 No ticket provided </summary> - [ ] Create ticket/issue  </details></td></tr> <tr><td colspan='2'>Codebase Duplication Compliance</td></tr> <tr><td>⚪</td><td><details><summary>Codebase context is not defined </summary> Follow the <a href='https://qodo-merge-docs.qodo.ai/core-abilities/rag_context_enrichment/'>guide</a> to enable codebase context checks. </details></td></tr> <tr><td colspan='2'>Custom Compliance</td></tr> <tr><td>⚪</td><td><details><summary>No custom compliance provided</summary> Follow the <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/'>guide</a> to enable custom compliance check. </details></td></tr> <tr><td align="center" colspan="2">   </td></tr></tbody></table> <details><summary>Compliance status legend</summary> 🟢 - Fully Compliant 🟡 - Partial Compliant 🔴 - Not Compliant ⚪ - Requires Further Human Verification 🏷️ - Compliance label </details>

qodo-code-review[bot] commented

2025-10-07 00:38:09 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/1727#issuecomment-3374743135
Original created: 2025-10-07T00:38:09Z

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Fix race condition during cleanup Fix a race condition in the scan cleanup logic by moving the port release loop to execute before the main scanner mutex is unlocked, preventing resource contention with a subsequent scan. pkg/scan/syn_scanner.go [2301-2325] // Proactively release any leftover port mappings and clear per-scan maps toRelease := make([]uint16, 0, len(s.portTargetMap)) for sp := range s.portTargetMap { toRelease = append(toRelease, sp) +} + +// Release ports while still holding the lock to prevent a race with the next scan +for _, sp := range toRelease { + s.portAlloc.Release(sp) + atomic.AddUint64(&s.stats.PortsReleased, 1) } // Reset maps to allow GC of large per-scan state s.portTargetMap = make(map[uint16]string) s.targetPorts = make(map[string][]uint16) s.targetIP = make(map[string][4]byte) s.results = make(map[string]models.Result) s.portDeadline = make(map[uint16]time.Time) s.retryCh = nil // Close wakeFD now that readers have exited if s.wakeFD > 0 { _ = unix.Close(s.wakeFD) s.wakeFD = 0 } s.mu.Unlock() -// Release ports outside the lock -for _, sp := range toRelease { - s.portAlloc.Release(sp) - atomic.AddUint64(&s.stats.PortsReleased, 1) -} - `[To ensure code accuracy, apply this suggestion manually]` Suggestion importance[1-10]: 8 __ Why: The suggestion correctly identifies a race condition where a new scan could start before the previous scan's ports are released, potentially causing port exhaustion. Moving the release logic inside the lock is a critical fix for correctness.	Medium
	Ensure consistent hashing across platforms In the `selectShard` function, use the `binary` package with a fixed byte order (e.g., `binary.LittleEndian`) to convert the port number to bytes. This ensures consistent hashing results across different machine architectures. pkg/sweeper/memory_store.go [606-633] // selectShard hashes the key to a shard index. func (s InMemoryStore) selectShard(host string, port int, mode models.SweepMode) storeShard { // FNV-1a over host \| mode \| port h := fnv.New32a() _, _ = h.Write([]byte(host)) _, _ = h.Write([]byte(string(mode))) // mix in port (2 bytes) to avoid collisions across same host/mode var b [2]byte // Safe conversion: network ports are 0-65535, fits in uint16 var u uint16 if port < 0 \|\| port > 65535 { u = 0 // Default to port 0 for invalid ports } else { u = uint16(port) // #nosec G115 - port is validated to be within uint16 range } - b[0] = byte(u) - b[1] = byte(u >> 8) + binary.LittleEndian.PutUint16(b[:], u) _, _ = h.Write(b[:]) // Safe conversion: shardCount should be positive and reasonable if s.shardCount <= 0 { return s.shards[0] // Default to first shard if invalid count } idx := int(h.Sum32() % uint32(s.shardCount)) // #nosec G115 - shardCount is validated to be positive return s.shards[idx] } `[To ensure code accuracy, apply this suggestion manually]` Suggestion importance[1-10]: 8 __ Why: The suggestion correctly identifies a potential cross-platform inconsistency issue due to not specifying byte order when hashing the port number. This could lead to hard-to-debug data inconsistency issues, making it a critical fix for correctness and reliability.	Medium
	Prevent zeroing out critical configurations Prevent critical configuration parameters in `applySmallScaleConfig` from being set to zero when `totalTargets` is zero by enforcing a minimum value of 1. pkg/sweeper/sweeper.go [1314-1330] // applySmallScaleConfig optimizes for small deployments (< 100 targets) func (s NetworkSweeper) applySmallScaleConfig(config models.Config, totalTargets int) { - config.Concurrency = minInt(8, totalTargets) // Very low concurrency - config.ICMPRateLimit = minInt(100, totalTargets2) // Conservative rate limiting - config.ICMPSettings.RateLimit = minInt(50, totalTargets) - config.ICMPSettings.MaxBatch = minInt(8, totalTargets) - config.TCPSettings.Concurrency = minInt(8, totalTargets) - config.TCPSettings.MaxBatch = minInt(8, totalTargets) + config.Concurrency = minInt(8, max(1, totalTargets)) // Very low concurrency, min 1 + config.ICMPRateLimit = minInt(100, max(1, totalTargets2)) // Conservative rate limiting, min 1 + config.ICMPSettings.RateLimit = minInt(50, max(1, totalTargets)) + config.ICMPSettings.MaxBatch = minInt(8, max(1, totalTargets)) + config.TCPSettings.Concurrency = minInt(8, max(1, totalTargets)) + config.TCPSettings.MaxBatch = minInt(8, max(1, totalTargets)) config.TCPSettings.GlobalRingMemoryMB = 4 // Minimal memory usage config.TCPSettings.RingReaders = 1 config.TCPSettings.RingPollTimeoutMs = 100 s.logger.Info(). Int("totalTargets", totalTargets). Int("concurrency", config.Concurrency). Int("icmpRateLimit", config.ICMPRateLimit). Msg("Applied small-scale adaptive configuration") } `[To ensure code accuracy, apply this suggestion manually]` Suggestion importance[1-10]: 7 __ Why: The suggestion correctly identifies that critical configuration values like `Concurrency` could be set to zero if `totalTargets` is zero, which would stall the scanner. Enforcing a minimum value of 1 is a good defensive measure.	Medium
	Parallelize network calls to improve performance Refactor `filterConfiguredServices` to perform `isServiceConfigured` checks in parallel using goroutines and a `sync.WaitGroup` to improve performance by avoiding sequential network requests. pkg/core/api/server.go [939-953] // filterConfiguredServices filters agent services to only configured ones func (s APIServer) filterConfiguredServices(r http.Request, agent AgentNode) { - filtered := make([]ServiceNode, 0, len(agent.Services)) + var wg sync.WaitGroup + configuredChan := make(chan ServiceNode, len(agent.Services)) for _, sn := range agent.Services { - ctx, cancel := context.WithTimeout(r.Context(), 2time.Second) - if s.isServiceConfigured(ctx, sn) { - filtered = append(filtered, sn) - } + wg.Add(1) + go func(serviceNode ServiceNode) { + defer wg.Done() + ctx, cancel := context.WithTimeout(r.Context(), 2*time.Second) + defer cancel() + if s.isServiceConfigured(ctx, serviceNode) { + configuredChan <- serviceNode + } + }(sn) + } - cancel() + wg.Wait() + close(configuredChan) + + filtered := make([]ServiceNode, 0, len(configuredChan)) + for sn := range configuredChan { + filtered = append(filtered, sn) } agent.Services = filtered } `[To ensure code accuracy, apply this suggestion manually]` Suggestion importance[1-10]: 7 __ Why: The suggestion correctly identifies a performance bottleneck from sequential network calls in a loop and proposes a valid parallel implementation, which will significantly improve API responsiveness.	Medium
Security	Use a struct for safe JSON generation In `handleOIDCDiscovery`, replace manual JSON string concatenation with a struct and `json.NewEncoder` to safely generate the OIDC discovery response and prevent potential injection vulnerabilities. pkg/core/api/server.go [662-682] // handleOIDCDiscovery serves a minimal OpenID Provider Configuration pointing to the JWKS. func (s APIServer) handleOIDCDiscovery(w http.ResponseWriter, r http.Request) { scheme := "http" if r.TLS != nil { scheme = "https" } host := r.Host issuer := scheme + "://" + host - jwks := issuer + "/auth/jwks.json" + jwksURI := issuer + "/auth/jwks.json" w.Header().Set("Content-Type", "application/json") - _, _ = w.Write([]byte("{\n" + - " \"issuer\": \"" + issuer + "\",\n" + - " \"jwks_uri\": \"" + jwks + "\",\n" + - " \"id_token_signing_alg_values_supported\": [\"RS256\"],\n" + - " \"response_types_supported\": [\"code\", \"token\", \"id_token\"],\n" + - " \"subject_types_supported\": [\"public\"],\n" + - " \"claims_supported\": [\"sub\", \"email\", \"roles\", \"exp\", \"iat\"]\n" + - "}")) + + resp := struct { + Issuer string `json:"issuer"` + JwksURI string `json:"jwks_uri"` + Algs []string `json:"id_token_signing_alg_values_supported"` + ResponseTypes []string `json:"response_types_supported"` + SubjectTypes []string `json:"subject_types_supported"` + Claims []string `json:"claims_supported"` + }{ + Issuer: issuer, + JwksURI: jwksURI, + Algs: []string{"RS256"}, + ResponseTypes: []string{"code", "token", "id_token"}, + SubjectTypes: []string{"public"}, + Claims: []string{"sub", "email", "roles", "exp", "iat"}, + } + + if err := json.NewEncoder(w).Encode(resp); err != nil { + s.logger.Error().Err(err).Msg("failed to encode OIDC discovery response") + http.Error(w, "failed to generate OIDC discovery response", http.StatusInternalServerError) + } } `[To ensure code accuracy, apply this suggestion manually]` Suggestion importance[1-10]: 8 __ Why: The suggestion correctly identifies a security risk and bad practice of building JSON via string concatenation with user-controllable input (`r.Host`) and provides a robust solution using `json.NewEncoder`.	Medium
General	Improve test assertion for map values In `TestEdgeCases`, replace `assert.Equal(t, "",` `deviceUpdate.Metadata["scan_available_ips"])` with `assert.Empty()` for a more idiomatic and readable test assertion. pkg/sweeper/aggregation_test.go [682] func TestEdgeCases(t *testing.T) { sweeper, _, _, _, ctrl := createTestSweeper(t) defer ctrl.Finish() // ... (test setup) ... sweeper.addAggregatedScanResults(deviceUpdate, results) - assert.Equal(t, "", deviceUpdate.Metadata["scan_available_ips"]) + assert.Empty(t, deviceUpdate.Metadata["scan_available_ips"]) assert.Equal(t, "192.168.1.1,192.168.1.2", deviceUpdate.Metadata["scan_unavailable_ips"]) assert.Equal(t, "0.0", deviceUpdate.Metadata["scan_availability_percent"]) assert.False(t, deviceUpdate.IsAvailable) } `[To ensure code accuracy, apply this suggestion manually]` Suggestion importance[1-10]: 4 __ Why: The suggestion correctly points out a potential ambiguity in the test assertion but the proposed `assert.Empty` has the same flaw; however, the change is already implemented in the PR, making the suggestion valid but redundant.	Low
More

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/1727#issuecomment-3374743135 Original created: 2025-10-07T00:38:09Z --- ## PR Code Suggestions ✨  Explore these optional code suggestions: <table><thead><tr><td>Category</td><td align=left>Suggestion                                                                                                                                    </td><td align=center>Impact</td></tr><tbody><tr><td rowspan=4>Possible issue</td> <td> <details><summary>Fix race condition during cleanup</summary> ___ **Fix a race condition in the scan cleanup logic by moving the port release loop to execute before the main scanner mutex is unlocked, preventing resource contention with a subsequent scan.** [pkg/scan/syn_scanner.go [2301-2325]](https://github.com/carverauto/serviceradar/pull/1727/files#diff-7880cd67123880e64f1e9ceb07a803af739f8692988a857f902952d0dcc58a93R2301-R2325) ```diff // Proactively release any leftover port mappings and clear per-scan maps toRelease := make([]uint16, 0, len(s.portTargetMap)) for sp := range s.portTargetMap { toRelease = append(toRelease, sp) +} + +// Release ports while still holding the lock to prevent a race with the next scan +for _, sp := range toRelease { + s.portAlloc.Release(sp) + atomic.AddUint64(&s.stats.PortsReleased, 1) } // Reset maps to allow GC of large per-scan state s.portTargetMap = make(map[uint16]string) s.targetPorts = make(map[string][]uint16) s.targetIP = make(map[string][4]byte) s.results = make(map[string]models.Result) s.portDeadline = make(map[uint16]time.Time) s.retryCh = nil // Close wakeFD now that readers have exited if s.wakeFD > 0 { _ = unix.Close(s.wakeFD) s.wakeFD = 0 } s.mu.Unlock() -// Release ports outside the lock -for _, sp := range toRelease { - s.portAlloc.Release(sp) - atomic.AddUint64(&s.stats.PortsReleased, 1) -} - ``` `[To ensure code accuracy, apply this suggestion manually]` <details><summary>Suggestion importance[1-10]: 8</summary> __ Why: The suggestion correctly identifies a race condition where a new scan could start before the previous scan's ports are released, potentially causing port exhaustion. Moving the release logic inside the lock is a critical fix for correctness. </details></details></td><td align=center>Medium </td></tr><tr><td> <details><summary>Ensure consistent hashing across platforms</summary> ___ **In the <code>selectShard</code> function, use the <code>binary</code> package with a fixed byte order (e.g., <code>binary.LittleEndian</code>) to convert the port number to bytes. This ensures consistent hashing results across different machine architectures.** [pkg/sweeper/memory_store.go [606-633]](https://github.com/carverauto/serviceradar/pull/1727/files#diff-54c761e2155455ac0e86e2cf1405610fe315d966ab17d4f008c3dd7227a05389R606-R633) ```diff // selectShard hashes the key to a shard index. func (s *InMemoryStore) selectShard(host string, port int, mode models.SweepMode) *storeShard { // FNV-1a over host | mode | port h := fnv.New32a() _, _ = h.Write([]byte(host)) _, _ = h.Write([]byte(string(mode))) // mix in port (2 bytes) to avoid collisions across same host/mode var b [2]byte // Safe conversion: network ports are 0-65535, fits in uint16 var u uint16 if port < 0 || port > 65535 { u = 0 // Default to port 0 for invalid ports } else { u = uint16(port) // #nosec G115 - port is validated to be within uint16 range } - b[0] = byte(u) - b[1] = byte(u >> 8) + binary.LittleEndian.PutUint16(b[:], u) _, _ = h.Write(b[:]) // Safe conversion: shardCount should be positive and reasonable if s.shardCount <= 0 { return s.shards[0] // Default to first shard if invalid count } idx := int(h.Sum32() % uint32(s.shardCount)) // #nosec G115 - shardCount is validated to be positive return s.shards[idx] } ``` `[To ensure code accuracy, apply this suggestion manually]` <details><summary>Suggestion importance[1-10]: 8</summary> __ Why: The suggestion correctly identifies a potential cross-platform inconsistency issue due to not specifying byte order when hashing the port number. This could lead to hard-to-debug data inconsistency issues, making it a critical fix for correctness and reliability. </details></details></td><td align=center>Medium </td></tr><tr><td> <details><summary>Prevent zeroing out critical configurations</summary> ___ **Prevent critical configuration parameters in <code>applySmallScaleConfig</code> from being set to zero when <code>totalTargets</code> is zero by enforcing a minimum value of 1.** [pkg/sweeper/sweeper.go [1314-1330]](https://github.com/carverauto/serviceradar/pull/1727/files#diff-d11dee1504de681453c5a04e22ae44d64820221ac6b84a1630d3a3929dace47aR1314-R1330) ```diff // applySmallScaleConfig optimizes for small deployments (< 100 targets) func (s *NetworkSweeper) applySmallScaleConfig(config *models.Config, totalTargets int) { - config.Concurrency = minInt(8, totalTargets) // Very low concurrency - config.ICMPRateLimit = minInt(100, totalTargets*2) // Conservative rate limiting - config.ICMPSettings.RateLimit = minInt(50, totalTargets) - config.ICMPSettings.MaxBatch = minInt(8, totalTargets) - config.TCPSettings.Concurrency = minInt(8, totalTargets) - config.TCPSettings.MaxBatch = minInt(8, totalTargets) + config.Concurrency = minInt(8, max(1, totalTargets)) // Very low concurrency, min 1 + config.ICMPRateLimit = minInt(100, max(1, totalTargets*2)) // Conservative rate limiting, min 1 + config.ICMPSettings.RateLimit = minInt(50, max(1, totalTargets)) + config.ICMPSettings.MaxBatch = minInt(8, max(1, totalTargets)) + config.TCPSettings.Concurrency = minInt(8, max(1, totalTargets)) + config.TCPSettings.MaxBatch = minInt(8, max(1, totalTargets)) config.TCPSettings.GlobalRingMemoryMB = 4 // Minimal memory usage config.TCPSettings.RingReaders = 1 config.TCPSettings.RingPollTimeoutMs = 100 s.logger.Info(). Int("totalTargets", totalTargets). Int("concurrency", config.Concurrency). Int("icmpRateLimit", config.ICMPRateLimit). Msg("Applied small-scale adaptive configuration") } ``` `[To ensure code accuracy, apply this suggestion manually]` <details><summary>Suggestion importance[1-10]: 7</summary> __ Why: The suggestion correctly identifies that critical configuration values like `Concurrency` could be set to zero if `totalTargets` is zero, which would stall the scanner. Enforcing a minimum value of 1 is a good defensive measure. </details></details></td><td align=center>Medium </td></tr><tr><td> <details><summary>Parallelize network calls to improve performance</summary> ___ **Refactor <code>filterConfiguredServices</code> to perform <code>isServiceConfigured</code> checks in parallel using goroutines and a <code>sync.WaitGroup</code> to improve performance by avoiding sequential network requests.** [pkg/core/api/server.go [939-953]](https://github.com/carverauto/serviceradar/pull/1727/files#diff-1bb99367fdd853c728b7cfbf5893a293f6d217144dfb5282cb8dd32e5261021eR939-R953) ```diff // filterConfiguredServices filters agent services to only configured ones func (s *APIServer) filterConfiguredServices(r *http.Request, agent *AgentNode) { - filtered := make([]ServiceNode, 0, len(agent.Services)) + var wg sync.WaitGroup + configuredChan := make(chan ServiceNode, len(agent.Services)) for _, sn := range agent.Services { - ctx, cancel := context.WithTimeout(r.Context(), 2*time.Second) - if s.isServiceConfigured(ctx, sn) { - filtered = append(filtered, sn) - } + wg.Add(1) + go func(serviceNode ServiceNode) { + defer wg.Done() + ctx, cancel := context.WithTimeout(r.Context(), 2*time.Second) + defer cancel() + if s.isServiceConfigured(ctx, serviceNode) { + configuredChan <- serviceNode + } + }(sn) + } - cancel() + wg.Wait() + close(configuredChan) + + filtered := make([]ServiceNode, 0, len(configuredChan)) + for sn := range configuredChan { + filtered = append(filtered, sn) } agent.Services = filtered } ``` `[To ensure code accuracy, apply this suggestion manually]` <details><summary>Suggestion importance[1-10]: 7</summary> __ Why: The suggestion correctly identifies a performance bottleneck from sequential network calls in a loop and proposes a valid parallel implementation, which will significantly improve API responsiveness. </details></details></td><td align=center>Medium </td></tr><tr><td rowspan=1>Security</td> <td> <details><summary>Use a struct for safe JSON generation</summary> ___ **In <code>handleOIDCDiscovery</code>, replace manual JSON string concatenation with a struct and <code>json.NewEncoder</code> to safely generate the OIDC discovery response and prevent potential injection vulnerabilities.** [pkg/core/api/server.go [662-682]](https://github.com/carverauto/serviceradar/pull/1727/files#diff-1bb99367fdd853c728b7cfbf5893a293f6d217144dfb5282cb8dd32e5261021eR662-R682) ```diff // handleOIDCDiscovery serves a minimal OpenID Provider Configuration pointing to the JWKS. func (s *APIServer) handleOIDCDiscovery(w http.ResponseWriter, r *http.Request) { scheme := "http" if r.TLS != nil { scheme = "https" } host := r.Host issuer := scheme + "://" + host - jwks := issuer + "/auth/jwks.json" + jwksURI := issuer + "/auth/jwks.json" w.Header().Set("Content-Type", "application/json") - _, _ = w.Write([]byte("{\n" + - " \"issuer\": \"" + issuer + "\",\n" + - " \"jwks_uri\": \"" + jwks + "\",\n" + - " \"id_token_signing_alg_values_supported\": [\"RS256\"],\n" + - " \"response_types_supported\": [\"code\", \"token\", \"id_token\"],\n" + - " \"subject_types_supported\": [\"public\"],\n" + - " \"claims_supported\": [\"sub\", \"email\", \"roles\", \"exp\", \"iat\"]\n" + - "}")) + + resp := struct { + Issuer string `json:"issuer"` + JwksURI string `json:"jwks_uri"` + Algs []string `json:"id_token_signing_alg_values_supported"` + ResponseTypes []string `json:"response_types_supported"` + SubjectTypes []string `json:"subject_types_supported"` + Claims []string `json:"claims_supported"` + }{ + Issuer: issuer, + JwksURI: jwksURI, + Algs: []string{"RS256"}, + ResponseTypes: []string{"code", "token", "id_token"}, + SubjectTypes: []string{"public"}, + Claims: []string{"sub", "email", "roles", "exp", "iat"}, + } + + if err := json.NewEncoder(w).Encode(resp); err != nil { + s.logger.Error().Err(err).Msg("failed to encode OIDC discovery response") + http.Error(w, "failed to generate OIDC discovery response", http.StatusInternalServerError) + } } ``` `[To ensure code accuracy, apply this suggestion manually]` <details><summary>Suggestion importance[1-10]: 8</summary> __ Why: The suggestion correctly identifies a security risk and bad practice of building JSON via string concatenation with user-controllable input (`r.Host`) and provides a robust solution using `json.NewEncoder`. </details></details></td><td align=center>Medium </td></tr><tr><td rowspan=1>General</td> <td> <details><summary>Improve test assertion for map values</summary> ___ **In <code>TestEdgeCases</code>, replace <code>assert.Equal(t, "", </code> <code>deviceUpdate.Metadata["scan_available_ips"])</code> with <code>assert.Empty()</code> for a more idiomatic and readable test assertion.** [pkg/sweeper/aggregation_test.go [682]](https://github.com/carverauto/serviceradar/pull/1727/files#diff-0c6eb392da3429542428a3c3242866632ba312a670e5face8b1d295fca100d82R682-R682) ```diff func TestEdgeCases(t *testing.T) { sweeper, _, _, _, ctrl := createTestSweeper(t) defer ctrl.Finish() // ... (test setup) ... sweeper.addAggregatedScanResults(deviceUpdate, results) - assert.Equal(t, "", deviceUpdate.Metadata["scan_available_ips"]) + assert.Empty(t, deviceUpdate.Metadata["scan_available_ips"]) assert.Equal(t, "192.168.1.1,192.168.1.2", deviceUpdate.Metadata["scan_unavailable_ips"]) assert.Equal(t, "0.0", deviceUpdate.Metadata["scan_availability_percent"]) assert.False(t, deviceUpdate.IsAvailable) } ``` `[To ensure code accuracy, apply this suggestion manually]` <details><summary>Suggestion importance[1-10]: 4</summary> __ Why: The suggestion correctly points out a potential ambiguity in the test assertion but the proposed `assert.Empty` has the same flaw; however, the change is already implemented in the PR, making the suggestion valid but redundant. </details></details></td><td align=center>Low </td></tr> <tr><td align="center" colspan="2"> - [ ] More  </td><td></td></tr></tbody></table>