carverauto/serviceradar

Fork 0

Fix/ash oban tenant scheduler broken #2638

Merged

mfreeman451 merged 10 commits from refs/pull/2638/head into testing

2026-01-09 04:48:37 +00:00

mfreeman451 commented

2026-01-09 02:58:11 +00:00

(Migrated from github.com)

Owner

Imported from GitHub pull request.

Original GitHub pull request: #2231
Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/pull/2231
Original created: 2026-01-09T02:58:11Z
Original updated: 2026-01-09T04:48:57Z
Original head: carverauto/serviceradar:fix/ash_oban_tenant_scheduler_broken
Original base: testing
Original merged: 2026-01-09T04:48:37Z by @mfreeman451

User description

IMPORTANT: Please sign the Developer Certificate of Origin

Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include
a DCO sign-off statement indicating the DCO acceptance in one commit message. Here
is an example DCO Signed-off-by line in a commit message:

Signed-off-by: J. Doe <j.doe@domain.com>

Describe your changes

Issue ticket number and link

Code checklist before requesting a review

I have signed the DCO?
The build completes without errors?
All tests are passing when running make test?

PR Type

Enhancement, Bug fix

Description

Major architectural refactor from poller to gateway model: Comprehensive rename and restructuring of the entire codebase to replace the poller-based architecture with a new gateway-based push-first communication model
Multi-tenant support: Implemented full multi-tenant architecture with tenant ID and slug propagation throughout the system
Gateway monitoring and status management: New comprehensive gateway health checking, offline/recovery detection, and alert handling with periodic monitoring and streaming status report support
NATS bootstrap and account management: Added new NATS bootstrap functionality with JWT and credentials file management, supporting multi-tenant routing and operator/account generation
Push-based result delivery: Refactored sync service to use gateway client for push-based result delivery instead of pull-based KV storage
Dynamic configuration updates: Implemented gateway enrollment, config polling, and heartbeat loops for dynamic configuration management
Protobuf message updates: Refactored protobuf messages from poller to gateway architecture with new agent-gateway communication types
Removed legacy components: Deleted poller package, poller-related CLI commands, and associated infrastructure code
Updated terminology: Systematic updates across API documentation, SNMP checker, edge onboarding, and all related services

Diagram Walkthrough

flowchart LR
  A["Poller Architecture<br/>Pull-based KV storage"] -->|Refactor| B["Gateway Architecture<br/>Push-based delivery"]
  B --> C["Multi-tenant<br/>Support"]
  B --> D["NATS Bootstrap<br/>& Account Mgmt"]
  B --> E["Gateway Monitoring<br/>& Status Mgmt"]
  C --> F["Tenant ID/Slug<br/>Propagation"]
  D --> G["JWT & Credentials<br/>Management"]
  E --> H["Health Checks<br/>& Recovery"]

File Walkthrough

Relevant files

Enhancement

6 files

monitoring.pb.go `Refactor protobuf messages from poller to gateway architecture` proto/monitoring.pb.go Renamed `PollerId` field to `GatewayId` across multiple message types (`StatusRequest`, `ResultsRequest`, `StatusResponse`, `ResultsResponse`) Removed deprecated `PollerStatusRequest`, `PollerStatusResponse`, and `ServiceStatus` message types Replaced `PollerStatusChunk` with new `GatewayStatusRequest`, `GatewayStatusResponse`, and `GatewayStatusChunk` types Added new `GatewayServiceStatus` message type with tenant-related fields (`TenantId`, `TenantSlug`) Added new agent-gateway communication messages: `AgentHelloRequest`, `AgentHelloResponse`, `AgentConfigRequest`, `AgentConfigResponse`, `AgentCheckConfig` Updated proto descriptor indices to reflect removed message types	+1039/-404
nats_bootstrap.go `Add comprehensive NATS bootstrap and configuration management` pkg/cli/nats_bootstrap.go New file implementing NATS bootstrap functionality with handlers for `nats-bootstrap` and `admin nats` subcommands Provides local and remote NATS operator/account generation with JWT and credentials file management Implements bootstrap token generation, status checking, and tenant account listing via Core API Includes configuration validation, file I/O operations, and both text and JSON output formats Supports multi-tenant routing with tenant ID and slug propagation	+961/-0
service.go `Multi-tenant gateway push architecture with dynamic config` pkg/sync/service.go Refactored sync service to support multi-tenant architecture with gateway push-first communication model Removed KV client and gRPC client dependencies; added gateway client for push-based result delivery Implemented per-source discovery scheduling with interval tracking and per-tenant source configuration management Added gateway enrollment, config polling, and heartbeat loops for dynamic configuration updates Replaced streaming results storage with device/source count tracking; deprecated pull-based GetResults API	+1260/-316
gateways.go `Complete gateway monitoring and status management system` pkg/core/gateways.go New comprehensive gateway monitoring and status management implementation with 1540 lines of core functionality Implements gateway health checks, offline/recovery detection, and alert handling with periodic monitoring Adds streaming status report support for large datasets with chunk reassembly and service message handling Includes gateway registration, device inventory updates, and integration with service registry and event publishing	+1540/-0
edge_onboarding.go `Rename poller to gateway terminology in edge onboarding` pkg/core/edge_onboarding.go Systematic rename of all `poller` references to `gateway` throughout the edge onboarding service (200+ occurrences) Updates type names, function names, variable names, and comments to reflect gateway terminology Adds support for `EdgeOnboardingComponentTypeSync` component type in package creation and validation Updates KV config paths from `config/pollers/` to `config/gateways/` and related metadata field names	+208/-206
main.go `Update SNMP checker to use gateway terminology` cmd/checkers/snmp/main.go Updates SNMP checker service instantiation from `NewSNMPPollerService` to `NewSNMPGatewayService` Changes struct type from `snmp.Poller` to `snmp.Gateway` to align with gateway terminology	+1/-1

Documentation

1 files

main.go

Update API documentation terminology

cmd/core/main.go

Updated API description from "service pollers" to "service gateways"
in Swagger documentation

+1/-1

Configuration changes

2 files

prod.exs `Add Elixir production configuration` elixir/serviceradar_agent_gateway/config/prod.exs New production configuration file for Elixir agent-gateway service Sets logger level to `info` for production environment	+4/-0
dev.exs `Development configuration for Elixir gateway service` elixir/serviceradar_agent_gateway/config/dev.exs Added new development configuration file for Elixir service Sets logger level to debug for development environment	+4/-0

Dependencies

2 files

nats_account.pb.go `NATS account management protobuf definitions` proto/nats_account.pb.go Generated protobuf code for NATS account management service with 15 message types and 1 enum Defines account limits, subject mappings, user credentials, and operator bootstrap functionality Includes request/response types for tenant account creation, user credential generation, and JWT signing	+1266/-0
nats_account_grpc.pb.go `Generated gRPC code for NATS account service` proto/nats_account_grpc.pb.go Auto-generated gRPC service code for NATS account management operations Implements client and server interfaces for JWT signing, account creation, and credential generation Provides stateless operations for NATS operator bootstrap and tenant account management	+376/-0

Miscellaneous

1 files

mock_armis.go

Remove KVWriter from Armis mock interfaces

pkg/sync/integrations/armis/mock_armis.go

Updated mock generation command to remove KVWriter interface from
mocked interfaces
Reflects removal of KV writing functionality from Armis integration

+2/-40

Additional files

101 files

.bazelignore	+4/-0
.bazelrc	+5/-0
.env-sample	+33/-0
.env.example	+38/-0
main.yml	+18/-0
AGENTS.md	+177/-11
INSTALL.md	+11/-11
MODULE.bazel	+5/-0
Makefile	+55/-14
README-Docker.md	+17/-2
README.md	+3/-3
ROADMAP.md	+1/-1
BUILD.bazel	+11/-6
BUILD.bazel	+12/-0
mix_release.bzl	+124/-49
BUILD.bazel	+1/-0
README.md	+4/-4
config.json	+5/-6
main.go	+174/-74
build.rs	+0/-1
monitoring.proto	+3/-26
server.rs	+2/-0
README.md	+2/-2
monitoring.proto	+2/-26
server.rs	+6/-6
main.go	+16/-2
config.rs	+26/-0
grpc_server.rs	+2/-2
message_processor.rs	+1/-0
nats.rs	+4/-0
zen-consumer-with-otel.json	+1/-0
zen-consumer.json	+1/-0
app.go	+1/-1
config.json	+4/-4
config.json	+4/-4
BUILD.bazel	+1/-0
main.go	+68/-0
README.md	+3/-3
README.md	+9/-12
flowgger.toml	+1/-0
nats_output.rs	+14/-0
otel.toml	+1/-0
config.rs	+13/-0
nats_output.rs	+7/-0
setup.rs	+1/-0
BUILD.bazel	+0/-25
config.json	+0/-111
main.go	+0/-138
BUILD.bazel	+0/-25
config.json	+0/-77
main.go	+0/-123
main.go	+1/-1
config.rs	+21/-0
main.rs	+23/-3
docker-compose.elx.yml	+109/-0
docker-compose.spiffe.yml	+8/-157
docker-compose.yml	+318/-269
Dockerfile.agent-gateway	+94/-0
Dockerfile.core-elx	+108/-0
Dockerfile.poller	+0/-70
Dockerfile.sync	+0/-95
Dockerfile.tools	+1/-2
Dockerfile.web-ng	+6/-0
agent-minimal.docker.json	+6/-6
agent.docker.json	+5/-20
agent.mtls.json	+7/-10
bootstrap-nested-spire.sh	+0/-80
.gitkeep	+1/-0
datasvc.docker.json	+3/-2
datasvc.mtls.json	+14/-1
db-event-writer.docker.json	+2/-2
db-event-writer.mtls.json	+3/-2
FRICTION_POINTS.md	+0/-355
README.md	+0/-207
SETUP_GUIDE.md	+0/-307
docker-compose.edge-e2e.yml	+0/-27
manage-packages.sh	+0/-211
setup-edge-e2e.sh	+0/-198
edge-poller-restart.sh	+0/-178
downstream-agent.conf	+0/-32
env	+0/-4
server.conf	+0/-51
upstream-agent.conf	+0/-32
entrypoint-certs.sh	+13/-9
entrypoint-poller.sh	+0/-274
entrypoint-sync.sh	+0/-96
fix-cert-permissions.sh	+2/-2
flowgger.docker.toml	+2/-1
generate-certs.sh	+214/-12
nats.docker.conf	+16/-160
netflow-consumer.mtls.json	+1/-0
otel.docker.toml	+2/-0
pg_hba.conf	+9/-0
pg_ident.conf	+17/-0
poller-stack.compose.yml	+0/-121
poller.docker.json	+0/-128
poller.mtls.json	+0/-135
poller.spiffe.json	+0/-55
refresh-upstream-credentials.sh	+0/-248
seed-poller-kv.sh	+0/-83
Additional files not shown

Imported from GitHub pull request. Original GitHub pull request: #2231 Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/pull/2231 Original created: 2026-01-09T02:58:11Z Original updated: 2026-01-09T04:48:57Z Original head: carverauto/serviceradar:fix/ash_oban_tenant_scheduler_broken Original base: testing Original merged: 2026-01-09T04:48:37Z by @mfreeman451 --- ### **User description** ## IMPORTANT: Please sign the Developer Certificate of Origin Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include a [DCO sign-off statement]( https://developercertificate.org/) indicating the DCO acceptance in one commit message. Here is an example DCO Signed-off-by line in a commit message: ``` Signed-off-by: J. Doe <j.doe@domain.com> ``` ## Describe your changes ## Issue ticket number and link ## Code checklist before requesting a review - [ ] I have signed the DCO? - [ ] The build completes without errors? - [ ] All tests are passing when running make test? ___ ### **PR Type** Enhancement, Bug fix ___ ### **Description** - **Major architectural refactor from poller to gateway model**: Comprehensive rename and restructuring of the entire codebase to replace the poller-based architecture with a new gateway-based push-first communication model - **Multi-tenant support**: Implemented full multi-tenant architecture with tenant ID and slug propagation throughout the system - **Gateway monitoring and status management**: New comprehensive gateway health checking, offline/recovery detection, and alert handling with periodic monitoring and streaming status report support - **NATS bootstrap and account management**: Added new NATS bootstrap functionality with JWT and credentials file management, supporting multi-tenant routing and operator/account generation - **Push-based result delivery**: Refactored sync service to use gateway client for push-based result delivery instead of pull-based KV storage - **Dynamic configuration updates**: Implemented gateway enrollment, config polling, and heartbeat loops for dynamic configuration management - **Protobuf message updates**: Refactored protobuf messages from poller to gateway architecture with new agent-gateway communication types - **Removed legacy components**: Deleted poller package, poller-related CLI commands, and associated infrastructure code - **Updated terminology**: Systematic updates across API documentation, SNMP checker, edge onboarding, and all related services ___ ### Diagram Walkthrough ```mermaid flowchart LR A["Poller Architecture Pull-based KV storage"] -->|Refactor| B["Gateway Architecture Push-based delivery"] B --> C["Multi-tenant Support"] B --> D["NATS Bootstrap & Account Mgmt"] B --> E["Gateway Monitoring & Status Mgmt"] C --> F["Tenant ID/Slug Propagation"] D --> G["JWT & Credentials Management"] E --> H["Health Checks & Recovery"] ``` <details><summary><h3>File Walkthrough</h3></summary> <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td>Enhancement</td><td><details><summary>6 files</summary><table> <tr> <td> <details> <summary>monitoring.pb.go<dd><code>Refactor protobuf messages from poller to gateway architecture</code></dd></summary> <hr> proto/monitoring.pb.go <ul><li>Renamed <code>PollerId</code> field to <code>GatewayId</code> across multiple message types (<code>StatusRequest</code>, <code>ResultsRequest</code>, <code>StatusResponse</code>, <code>ResultsResponse</code>) <li> Removed deprecated <code>PollerStatusRequest</code>, <code>PollerStatusResponse</code>, and <code>ServiceStatus</code> message types <li> Replaced <code>PollerStatusChunk</code> with new <code>GatewayStatusRequest</code>, <code>GatewayStatusResponse</code>, and <code>GatewayStatusChunk</code> types <li> Added new <code>GatewayServiceStatus</code> message type with tenant-related fields (<code>TenantId</code>, <code>TenantSlug</code>) <li> Added new agent-gateway communication messages: <code>AgentHelloRequest</code>, <code>AgentHelloResponse</code>, <code>AgentConfigRequest</code>, <code>AgentConfigResponse</code>, <code>AgentCheckConfig</code> <li> Updated proto descriptor indices to reflect removed message types</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-4f7e955b42854cc9cf3fb063b95e58a04f36271e6a0c1cb42ea6d7953dd96cc4">+1039/-404</a></td> </tr> <tr> <td> <details> <summary>nats_bootstrap.go<dd><code>Add comprehensive NATS bootstrap and configuration management</code></dd></summary> <hr> pkg/cli/nats_bootstrap.go <ul><li>New file implementing NATS bootstrap functionality with handlers for <code>nats-bootstrap</code> and <code>admin nats</code> subcommands <li> Provides local and remote NATS operator/account generation with JWT and credentials file management <li> Implements bootstrap token generation, status checking, and tenant account listing via Core API <li> Includes configuration validation, file I/O operations, and both text and JSON output formats <li> Supports multi-tenant routing with tenant ID and slug propagation</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-2176d03ba6ab4ccc1b0587a4727171546eecf6123e4df815ead583aaab062457">+961/-0</a>  </td> </tr> <tr> <td> <details> <summary>service.go<dd><code>Multi-tenant gateway push architecture with dynamic config</code></dd></summary> <hr> pkg/sync/service.go <ul><li>Refactored sync service to support multi-tenant architecture with gateway push-first communication model <li> Removed KV client and gRPC client dependencies; added gateway client for push-based result delivery <li> Implemented per-source discovery scheduling with interval tracking and per-tenant source configuration management <li> Added gateway enrollment, config polling, and heartbeat loops for dynamic configuration updates <li> Replaced streaming results storage with device/source count tracking; deprecated pull-based GetResults API</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-b4ea5a5b3d811fa94c6a84c71c0ddb920ce177a376d13cb776f05dd6017c4c7e">+1260/-316</a></td> </tr> <tr> <td> <details> <summary>gateways.go<dd><code>Complete gateway monitoring and status management system</code>  </dd></summary> <hr> pkg/core/gateways.go <ul><li>New comprehensive gateway monitoring and status management implementation with 1540 lines of core functionality <li> Implements gateway health checks, offline/recovery detection, and alert handling with periodic monitoring <li> Adds streaming status report support for large datasets with chunk reassembly and service message handling <li> Includes gateway registration, device inventory updates, and integration with service registry and event publishing</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-260332914ad2238e720f4637a71b0f9f01e899102bc6b37f7827782e56b0b5c0">+1540/-0</a></td> </tr> <tr> <td> <details> <summary>edge_onboarding.go<dd><code>Rename poller to gateway terminology in edge onboarding</code>    </dd></summary> <hr> pkg/core/edge_onboarding.go <ul><li>Systematic rename of all <code>poller</code> references to <code>gateway</code> throughout the edge onboarding service (200+ occurrences) <li> Updates type names, function names, variable names, and comments to reflect gateway terminology <li> Adds support for <code>EdgeOnboardingComponentTypeSync</code> component type in package creation and validation <li> Updates KV config paths from <code>config/pollers/</code> to <code>config/gateways/</code> and related metadata field names</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-85874e3c4bdcc9110db09909f10648d44cdee554b26c987f910502321eb20b5c">+208/-206</a></td> </tr> <tr> <td> <details> <summary>main.go<dd><code>Update SNMP checker to use gateway terminology</code>                      </dd></summary> <hr> cmd/checkers/snmp/main.go <ul><li>Updates SNMP checker service instantiation from <code>NewSNMPPollerService</code> to <code>NewSNMPGatewayService</code> <li> Changes struct type from <code>snmp.Poller</code> to <code>snmp.Gateway</code> to align with gateway terminology</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-f25402eade63525184cb5e7437accff93c7b9338eebe81add6dc5f2a9eb12550">+1/-1</a>      </td> </tr> </table></details></td></tr><tr><td>Documentation</td><td><details><summary>1 files</summary><table> <tr> <td> <details> <summary>main.go<dd><code>Update API documentation terminology</code>                                          </dd></summary> <hr> cmd/core/main.go <ul><li>Updated API description from "service pollers" to "service gateways" in Swagger documentation</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-4ab3fd1d4debc53dd2499d94a0f60c648fdae4235dd1e3678095a975f5bb434a">+1/-1</a>      </td> </tr> </table></details></td></tr><tr><td>Configuration changes</td><td><details><summary>2 files</summary><table> <tr> <td> <details> <summary>prod.exs<dd><code>Add Elixir production configuration</code>                                            </dd></summary> <hr> elixir/serviceradar_agent_gateway/config/prod.exs <ul><li>New production configuration file for Elixir agent-gateway service <li> Sets logger level to <code>info</code> for production environment</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-5fdc859dfda96a02326392f61218325913f22f9f0c75a1276ee940d5db9fc62b">+4/-0</a>      </td> </tr> <tr> <td> <details> <summary>dev.exs<dd><code>Development configuration for Elixir gateway service</code>          </dd></summary> <hr> elixir/serviceradar_agent_gateway/config/dev.exs <ul><li>Added new development configuration file for Elixir service <li> Sets logger level to debug for development environment</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-378e53cb66373073730a5d7ceba4973777eb84ae419c8a38472e3f69c3056fe9">+4/-0</a>      </td> </tr> </table></details></td></tr><tr><td>Dependencies</td><td><details><summary>2 files</summary><table> <tr> <td> <details> <summary>nats_account.pb.go<dd><code>NATS account management protobuf definitions</code>                          </dd></summary> <hr> proto/nats_account.pb.go <ul><li>Generated protobuf code for NATS account management service with 15 message types and 1 enum <li> Defines account limits, subject mappings, user credentials, and operator bootstrap functionality <li> Includes request/response types for tenant account creation, user credential generation, and JWT signing</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-49eb93c28e2d86d8dcf4ee78fd24bed498cf3fcfaa8e49849a36e70980420087">+1266/-0</a></td> </tr> <tr> <td> <details> <summary>nats_account_grpc.pb.go<dd><code>Generated gRPC code for NATS account service</code>                          </dd></summary> <hr> proto/nats_account_grpc.pb.go <ul><li>Auto-generated gRPC service code for NATS account management operations <li> Implements client and server interfaces for JWT signing, account creation, and credential generation <li> Provides stateless operations for NATS operator bootstrap and tenant account management</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-af98ae5f073d25a2ea0a044c996542fc65d215f6a70f14a9fba0447d87b34e11">+376/-0</a>  </td> </tr> </table></details></td></tr><tr><td>Miscellaneous</td><td><details><summary>1 files</summary><table> <tr> <td> <details> <summary>mock_armis.go<dd><code>Remove KVWriter from Armis mock interfaces</code>                              </dd></summary> <hr> pkg/sync/integrations/armis/mock_armis.go <ul><li>Updated mock generation command to remove <code>KVWriter</code> interface from mocked interfaces <li> Reflects removal of KV writing functionality from Armis integration</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-54fcd2e5cc009f705d49f5acabba4c8bf66841758c70ea6b8474f7e9318e8e46">+2/-40</a>    </td> </tr> </table></details></td></tr><tr><td>Additional files</td><td><details><summary>101 files</summary><table> <tr> <td>.bazelignore</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-a5641cd37d6ad98b32cdfce1980836cc68312277bc6a7052f55da02ada5bc6cf">+4/-0</a>      </td> </tr> <tr> <td>.bazelrc</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-544556920c45b42cbfe40159b082ce8af6bd929e492d076769226265f215832f">+5/-0</a>      </td> </tr> <tr> <td>.env-sample</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-c4368a972a7fa60d9c4e333cebf68cdb9a67acb810451125c02e3b7eb2594e3d">+33/-0</a>    </td> </tr> <tr> <td>.env.example</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-a3046da0d15a27e89f2afe639b25748a7ad4d9290af3e7b1b6c1a5533c8f0a8c">+38/-0</a>    </td> </tr> <tr> <td>main.yml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-7829468e86c1cc5d5133195b5cb48e1ff6c75e3e9203777f6b2e379d9e4882b3">+18/-0</a>    </td> </tr> <tr> <td>AGENTS.md</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-a54ff182c7e8acf56acfd6e4b9c3ff41e2c41a31c9b211b2deb9df75d9a478f9">+177/-11</a></td> </tr> <tr> <td>INSTALL.md</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-09b140a43ebfdd8dbec31ce72cafffd15164d2860fd390692a030bcb932b54a0">+11/-11</a>  </td> </tr> <tr> <td>MODULE.bazel</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-6136fc12446089c3db7360e923203dd114b6a1466252e71667c6791c20fe6bdc">+5/-0</a>      </td> </tr> <tr> <td>Makefile</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-76ed074a9305c04054cdebb9e9aad2d818052b07091de1f20cad0bbac34ffb52">+55/-14</a>  </td> </tr> <tr> <td>README-Docker.md</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-9fd61d24482efe68c22d8d41e2a1dcc440f39195aa56e7a050f2abe598179efd">+17/-2</a>    </td> </tr> <tr> <td>README.md</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5">+3/-3</a>      </td> </tr> <tr> <td>ROADMAP.md</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-683343bdf93f55ed3cada86151abb8051282e1936e58d4e0a04beca95dff6e51">+1/-1</a>      </td> </tr> <tr> <td>BUILD.bazel</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-884fa9353a5226345e44fbabea3300efc7a87dfbcde0b6a42521ca51823f1b68">+11/-6</a>    </td> </tr> <tr> <td>BUILD.bazel</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-0e80ea46aeb61a873324685edb96eae864c7a2004fbb7ee404b4ec951190ba10">+12/-0</a>    </td> </tr> <tr> <td>mix_release.bzl</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-86ec281f99363b6b6eb1f49e21d83b7eeca93a35b552b9f305fffc6855e38ccd">+124/-49</a></td> </tr> <tr> <td>BUILD.bazel</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-143f8d1549d52f28906f19ce28e5568a5be474470ff103c2c1e63c3e6b08d670">+1/-0</a>      </td> </tr> <tr> <td>README.md</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-bfd308915d0cf522e7fc76600dee687617dc69165ab22502a1d219850c0c0860">+4/-4</a>      </td> </tr> <tr> <td>config.json</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-5b1bc8fe77422534739bdd3a38dc20d2634a86c171265c34e1b5d0c5a61b6bab">+5/-6</a>      </td> </tr> <tr> <td>main.go</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-61358711e980ccf505246fd3915f97cbd3a380e9b66f6fa5aad46749968c5ca3">+174/-74</a></td> </tr> <tr> <td>build.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-251e7a923f45f8f903e510d10f183366bda06d281c8ecc3669e1858256e2186d">+0/-1</a>      </td> </tr> <tr> <td>monitoring.proto</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-b56f709f4a0a3db694f2124353908318631f23e20b7846bc4b8ee869e2e0632a">+3/-26</a>    </td> </tr> <tr> <td>server.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-bce0f4ca6548712f224b73816825d28e831acbbff7dbed3c98671ed50f65d028">+2/-0</a>      </td> </tr> <tr> <td>README.md</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-2e9751b437fa61442aac074c7a4a912d0ac50ac3ea156ac8aedd8478d21c6bdb">+2/-2</a>      </td> </tr> <tr> <td>monitoring.proto</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-9faf6025eb0d3d38383f5b7ad2b733abeb38454d5e4de3e83994e94b12d87a50">+2/-26</a>    </td> </tr> <tr> <td>server.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-2c4395fee16396339c3eea518ad9bec739174c67c9cedf62e6848c17136dd33e">+6/-6</a>      </td> </tr> <tr> <td>main.go</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-ed4d81d29a7267f93fd77e17993fd3491b9ef6ded18490b4514d10ed1d803bc2">+16/-2</a>    </td> </tr> <tr> <td>config.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-05038f3867985e757de9027609950e682bad6d1992dac6acd7c28962a3c65dc4">+26/-0</a>    </td> </tr> <tr> <td>grpc_server.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-e4564a93f6cf84ff91cd3d8141fc9272ec9b4ec19defd107afa42be01fcfed5b">+2/-2</a>      </td> </tr> <tr> <td>message_processor.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-9fcbc5358a9009e60a8cd22d21e5a9ea652787c727732d0b869e0865495114c3">+1/-0</a>      </td> </tr> <tr> <td>nats.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-97f7335def0ad5d644b594a1076ae2d7080b11259cbb8de22c7946cc8e4b39f8">+4/-0</a>      </td> </tr> <tr> <td>zen-consumer-with-otel.json</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-68375f1f7847e1fbdf75664f6be65b1ad94ae6ce86ed73fc5964d65054668acb">+1/-0</a>      </td> </tr> <tr> <td>zen-consumer.json</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-4d308af9802a93a0f656e8c02a3b5fcd8991407bb18360f087470db74e1f9524">+1/-0</a>      </td> </tr> <tr> <td>app.go</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-4ad8a289575edf3b163088617b7a40ae1305c29ced0c7d59b3751c57d6938072">+1/-1</a>      </td> </tr> <tr> <td>config.json</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-2423ef78d36e905ae993b69ff59f5df6b2e1b9492fb0fa8c6d0aad7c76d2d229">+4/-4</a>      </td> </tr> <tr> <td>config.json</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-ef778d85ac6f9652c25cb0d631f0fe8dfb3edac4dde5d719a4fc2926fb5c3216">+4/-4</a>      </td> </tr> <tr> <td>BUILD.bazel</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-c62c0139ebdb337369f4067567cd2c52b8e7decb3ddfabc77f9f67b2f6e5789c">+1/-0</a>      </td> </tr> <tr> <td>main.go</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-5e7731adfb877918cd65d9d5531621312496450fd550fea2682efca4ca8fe816">+68/-0</a>    </td> </tr> <tr> <td>README.md</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-0b0725713b87dca1de57200214a4fe04633f0d856c39aa8032280227bf8e8141">+3/-3</a>      </td> </tr> <tr> <td>README.md</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-f425b4378f84e0ba0c6f532facff17ff5d55b4dc6033d8bf35130a159cd2ba32">+9/-12</a>    </td> </tr> <tr> <td>flowgger.toml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-af9f49f931e282dca53d1f0521b036d222fe671f77e61a876a84cf4c6d7cca4d">+1/-0</a>      </td> </tr> <tr> <td>nats_output.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-a82e2e4d413539bf0b414b5629665b19648447523994cba639c4d1238aa5a0c1">+14/-0</a>    </td> </tr> <tr> <td>otel.toml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-c64b9ace832b8ea57a2be62f84166e03bb1904882635d444ec76a880cdf14cc0">+1/-0</a>      </td> </tr> <tr> <td>config.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-abbaec651da3d6af96b482e0f77bb909b65dbe0cabd78b5803769cc9dab0a1b0">+13/-0</a>    </td> </tr> <tr> <td>nats_output.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-6b585ea3564a481174e04da1270e2e13edd4e2b980d02a2652d6d21e6d82a498">+7/-0</a>      </td> </tr> <tr> <td>setup.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-3891f667deb20fd26e296d3e2742c57378d3764fe1743118e612465ae360391f">+1/-0</a>      </td> </tr> <tr> <td>BUILD.bazel</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-e1f7c698e0e3a4e6afa971c1140e71cbf22593fbb19c81cb26b02c15c5dc46ec">+0/-25</a>    </td> </tr> <tr> <td>config.json</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-9edc2486fff55fc399e0ac96dba5137948a7ea7285f5ef7846835355684b7ab5">+0/-111</a>  </td> </tr> <tr> <td>main.go</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-4b8ec845da50cd58d011e69f9d1c30530ee1968df26616b8768bb1fc03433bbe">+0/-138</a>  </td> </tr> <tr> <td>BUILD.bazel</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-4f5d2ea4260d490a0d6f28adde0b35eca8af77d22f3ee366a783946c53687619">+0/-25</a>    </td> </tr> <tr> <td>config.json</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-bcac20d6b3cb81f0059e766839ba1ee59a885009249501b0ba1182ebb1daea25">+0/-77</a>    </td> </tr> <tr> <td>main.go</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-78dc6bc53f1c760c66f43ff5f486bfe78a65bee8b2e0d4862293ec0892da2b29">+0/-123</a>  </td> </tr> <tr> <td>main.go</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-bc6eeb1b05bcb9179525e32fac1de9926b5823ec3504be546ab10c5c9740f544">+1/-1</a>      </td> </tr> <tr> <td>config.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-c89b88ba4d2bf0a054d0ba69a672a92c30140b8d19503d67b980a218ffe3106d">+21/-0</a>    </td> </tr> <tr> <td>main.rs</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-33b655d8730ae3e9c844ee280787d11f1b0d5343119188273f89558805f814ba">+23/-3</a>    </td> </tr> <tr> <td>docker-compose.elx.yml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-9562070d7ad4a3e9b2d06567008cf35de1d96448d914b3b45bf6c36d97cdd914">+109/-0</a>  </td> </tr> <tr> <td>docker-compose.spiffe.yml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-603fd9e7d40841d174f26b95d0cb0c9537430bf3f7a5da3ccbba4ea3d8ac66c9">+8/-157</a>  </td> </tr> <tr> <td>docker-compose.yml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-e45e45baeda1c1e73482975a664062aa56f20c03dd9d64a827aba57775bed0d3">+318/-269</a></td> </tr> <tr> <td>Dockerfile.agent-gateway</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-332bc81a932ae08efa711a71b60fe0954d99bf17ebdab00a3baaa177a44de8b0">+94/-0</a>    </td> </tr> <tr> <td>Dockerfile.core-elx</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-5ec7a971285669999af442a0c7f141c34f7fd9180257307f5c4ed12f789a2182">+108/-0</a>  </td> </tr> <tr> <td>Dockerfile.poller</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-d3ba129830fb366bfe23b00db4ef6218b10fc981d3c04842b1b3b3b367a8982f">+0/-70</a>    </td> </tr> <tr> <td>Dockerfile.sync</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-0227933b9961fd553af1d229e89d71a0271fdc475081bbcef49b587941af1eda">+0/-95</a>    </td> </tr> <tr> <td>Dockerfile.tools</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-0258db71e4070e342198965f1d046f3097640850b037df8a2287a7e239630add">+1/-2</a>      </td> </tr> <tr> <td>Dockerfile.web-ng</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-92d43af1965575d56c3380ecc8a81024aac2ff36f039ec2d3839e9fc7852bc10">+6/-0</a>      </td> </tr> <tr> <td>agent-minimal.docker.json</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-1f09fad94636c90373af8e270f6ba0332ae4f4d1df50a4909729280a3a9691e6">+6/-6</a>      </td> </tr> <tr> <td>agent.docker.json</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-5d33fe703515d03076d31261ecf946e9c6fc668cf5bf65099d49b670739e455e">+5/-20</a>    </td> </tr> <tr> <td>agent.mtls.json</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-008f2216f159a9bd5db9cc90baaf6f1e64487df7af05b56ab3b9d6c4946aa95f">+7/-10</a>    </td> </tr> <tr> <td>bootstrap-nested-spire.sh</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-ab4746a08fb1e0b307a1e47660cd22182e283a087cba87dcbff0fdfe750f44f1">+0/-80</a>    </td> </tr> <tr> <td>.gitkeep</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-d72c41aab2d6f2c230a4340dfefe7917cdd12bed942c825aa0d4c9875a637bac">+1/-0</a>      </td> </tr> <tr> <td>datasvc.docker.json</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-3f2719d3dbfe042e8383739e3c78e74e5f851a44e5e46bea8e79c4b79fdcc34f">+3/-2</a>      </td> </tr> <tr> <td>datasvc.mtls.json</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-3a45619e57f1e6e9a31486ec7fffb33ef246e271f82bac272ee0a946b88da70a">+14/-1</a>    </td> </tr> <tr> <td>db-event-writer.docker.json</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-9fc51271f7ef5bb460160013e24e44e829b730656891d26fc49d5fe72fbb3147">+2/-2</a>      </td> </tr> <tr> <td>db-event-writer.mtls.json</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-7a33f95f7545499abf0ed9fc91b58499ab209639e4885019579c959583fc7496">+3/-2</a>      </td> </tr> <tr> <td>FRICTION_POINTS.md</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-b0653c58880f810ba832c0500733d63de309db98b43009fe73a1862494cf41bd">+0/-355</a>  </td> </tr> <tr> <td>README.md</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-31849f033cfc932acee35f549c069abb1f36101c352e553dd6bff8713b29f98c">+0/-207</a>  </td> </tr> <tr> <td>SETUP_GUIDE.md</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-b4914f8640a78038e45f51235a624535672680dc902de5f107fc051f4f281913">+0/-307</a>  </td> </tr> <tr> <td>docker-compose.edge-e2e.yml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-575d19ea771bdf8102cb9729db43a1bfd6afc2527160e54105beeac2e314f362">+0/-27</a>    </td> </tr> <tr> <td>manage-packages.sh</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-3c2ff6febbddb956c71557894adaf7d0a39a1f20dda120fe126364946bc47280">+0/-211</a>  </td> </tr> <tr> <td>setup-edge-e2e.sh</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-2714e2c7e111f69ea9e9f5ddd7f6a70fa5ea96e3a53b851cb13b8b8b7cd12917">+0/-198</a>  </td> </tr> <tr> <td>edge-poller-restart.sh</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-96a8fe52c38fd0d7c14895127df34a27be311cac89c53d28ee178661b629bd22">+0/-178</a>  </td> </tr> <tr> <td>downstream-agent.conf</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-747de0375ced42af978ca7dac239862bdabb7f6bd0bd634f134b485517a7b4ee">+0/-32</a>    </td> </tr> <tr> <td>env</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-686f1a954c542f2ec9bf14c3170648b65190ad242c7f3a95a0f872ae41b8b1c6">+0/-4</a>      </td> </tr> <tr> <td>server.conf</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-025f5b5ab79526cf549ca1fdb90dd659ba76b438f05a7f77d916d18728c4b572">+0/-51</a>    </td> </tr> <tr> <td>upstream-agent.conf</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-e8a869ddf4affa31536a8d4e4e6f09c40072a7026da2c609d93c6ecf04138902">+0/-32</a>    </td> </tr> <tr> <td>entrypoint-certs.sh</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-83d6800b184a5233c66c69766286b0a60fece1bc64addb112d9f8dc019437f05">+13/-9</a>    </td> </tr> <tr> <td>entrypoint-poller.sh</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-e202d27e3331088745eb55cdd2b3e40ac3f5df109d9ff5c76c0faed60772807a">+0/-274</a>  </td> </tr> <tr> <td>entrypoint-sync.sh</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-9d5620b8e6833309dbafb8ee6b6b75c3b942d163c3fe7f1a9827958b2d640265">+0/-96</a>    </td> </tr> <tr> <td>fix-cert-permissions.sh</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-17ea40a11edcaa7c85bb4215fda46b5a32505246fef0ab5f3ed47b28470c5ec8">+2/-2</a>      </td> </tr> <tr> <td>flowgger.docker.toml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-824f8797b418d4b9f5ea41e4a3741a0ed64b881f343072464489a76b7ea01008">+2/-1</a>      </td> </tr> <tr> <td>generate-certs.sh</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-8298241543b4744a6ac7780c760ac5b5a0a87ba62de19c8612ebe1aba0996ebd">+214/-12</a></td> </tr> <tr> <td>nats.docker.conf</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-06f2012494f428fe1bfb304972061c2094e0d99da88ba9af6914f7776872e6eb">+16/-160</a></td> </tr> <tr> <td>netflow-consumer.mtls.json</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-f15920e8498a24f71ce3eec4f48fe8fefbb1765a90362998af779a660fcef9e1">+1/-0</a>      </td> </tr> <tr> <td>otel.docker.toml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-d4af38790e3657b7589cd37a7539d5308b032f11caba7aa740ddc86bf99f4415">+2/-0</a>      </td> </tr> <tr> <td>pg_hba.conf</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-7bd5f7292054916c7e5997f4c84ac9ec07d4c945621a48936c2aed0575fb96eb">+9/-0</a>      </td> </tr> <tr> <td>pg_ident.conf</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-e7b8ce062e32c61fdc3bcc9e525c1f1df1c8008fbc02b11409e58c67baa17cc5">+17/-0</a>    </td> </tr> <tr> <td>poller-stack.compose.yml</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-f3b5c991c2c1f7646db0ca4ed9bcb5df0f313ce6a05d8f3c890f80c873f776f5">+0/-121</a>  </td> </tr> <tr> <td>poller.docker.json</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-d64ebb69ec31e831efd187c47a5bfff2573960306b177f6464e91cb44a3c709d">+0/-128</a>  </td> </tr> <tr> <td>poller.mtls.json</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-ef5d74bb3607431245c2bf06169d7fee89cae817e114035075b59a671229ab46">+0/-135</a>  </td> </tr> <tr> <td>poller.spiffe.json</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-4e04bd23a0216287d5c0bb3831e0f95e7922ed03e8386a10ae7f4873e4fdb538">+0/-55</a>    </td> </tr> <tr> <td>refresh-upstream-credentials.sh</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-d3b3a8fcdea1b49c9e1c0ecc12d61fb6d416313520e8ad52edbee9094dbdc271">+0/-248</a>  </td> </tr> <tr> <td>seed-poller-kv.sh</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-c12070f475dbe7dc83e747fa6ec9d2ebdbdd97921a54f372abc89a102b783ad7">+0/-83</a>    </td> </tr> <tr> <td>Additional files not shown</td> <td><a href="https://github.com/carverauto/serviceradar/pull/2231/files#diff-2f328e4cd8dbe3ad193e49d92bcf045f47a6b72b1e9487d366f6b8288589b4ca"></a></td> </tr> </table></details></td></tr></tbody></table> </details> ___

qodo-code-review[bot] commented

2026-01-09 02:59:58 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2231#issuecomment-3726829494
Original created: 2026-01-09T02:59:58Z

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Unvalidated External IDs: New externally-supplied identifiers (`gateway_id`, `tenant_id`, `tenant_slug`) are introduced in request messages without any visible validation/sanitization in the diff, requiring verification that upstream handlers enforce expected formats and authorization boundaries. Referred Code // GatewayStatusRequest is sent by agents to push their status to the gateway. type GatewayStatusRequest struct { state protoimpl.MessageState `protogen:"open.v1"` Services []*GatewayServiceStatus `protobuf:"bytes,1,rep,name=services,proto3" json:"services,omitempty"` GatewayId string `protobuf:"bytes,2,opt,name=gateway_id,json=gatewayId,proto3" json:"gateway_id,omitempty"` // Gateway receiving this status AgentId string `protobuf:"bytes,3,opt,name=agent_id,json=agentId,proto3" json:"agent_id,omitempty"` // Agent sending this status Timestamp int64 `protobuf:"varint,4,opt,name=timestamp,proto3" json:"timestamp,omitempty"` Partition string `protobuf:"bytes,5,opt,name=partition,proto3" json:"partition,omitempty"` // Partition identifier SourceIp string `protobuf:"bytes,6,opt,name=source_ip,json=sourceIp,proto3" json:"source_ip,omitempty"` // Host IP where agent is running KvStoreId string `protobuf:"bytes,7,opt,name=kv_store_id,json=kvStoreId,proto3" json:"kv_store_id,omitempty"` // KV store identifier this agent is using TenantId string `protobuf:"bytes,8,opt,name=tenant_id,json=tenantId,proto3" json:"tenant_id,omitempty"` // Tenant UUID for multi-tenant routing TenantSlug string `protobuf:"bytes,9,opt,name=tenant_slug,json=tenantSlug,proto3" json:"tenant_slug,omitempty"` // Tenant slug for NATS subject prefixing unknownFields protoimpl.UnknownFields Learn more about managing compliance generic rules or creating your own custom rules
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2231#issuecomment-3726829494 Original created: 2026-01-09T02:59:58Z --- ## PR Compliance Guide 🔍  Below is a summary of compliance checks for this PR: <table><tbody><tr><td colspan='2'>Security Compliance</td></tr> <tr><td>🟢</td><td><details><summary>No security concerns identified</summary> No security vulnerabilities detected by AI analysis. Human verification advised for critical code. </details></td></tr> <tr><td colspan='2'>Ticket Compliance</td></tr> <tr><td>⚪</td><td><details><summary>🎫 No ticket provided </summary> - [ ] Create ticket/issue  </details></td></tr> <tr><td colspan='2'>Codebase Duplication Compliance</td></tr> <tr><td>⚪</td><td><details><summary>Codebase context is not defined </summary> Follow the <a href='https://qodo-merge-docs.qodo.ai/core-abilities/rag_context_enrichment/'>guide</a> to enable codebase context checks. </details></td></tr> <tr><td colspan='2'>Custom Compliance</td></tr> <tr><td rowspan=5>🟢</td><td> <details><summary>Generic: Comprehensive Audit Trails</summary> **Objective:** To create a detailed and reliable record of critical system actions for security analysis and compliance. **Status:** Passed > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary>Generic: Meaningful Naming and Self-Documenting Code</summary> **Objective:** Ensure all identifiers clearly express their purpose and intent, making code self-documenting **Status:** Passed > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary>Generic: Robust Error Handling and Edge Case Management</summary> **Objective:** Ensure comprehensive error handling that provides meaningful context and graceful degradation **Status:** Passed > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary>Generic: Secure Error Handling</summary> **Objective:** To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. **Status:** Passed > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary>Generic: Secure Logging Practices</summary> **Objective:** To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. **Status:** Passed > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td rowspan=1>⚪</td> <td><details> <summary>Generic: Security-First Input Validation and Data Handling</summary> **Objective:** Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities **Status:** <a href='https://github.com/carverauto/serviceradar/pull/2231/files#diff-4f7e955b42854cc9cf3fb063b95e58a04f36271e6a0c1cb42ea6d7953dd96cc4R826-R838'>Unvalidated External IDs</a>: New externally-supplied identifiers (<code>gateway_id</code>, <code>tenant_id</code>, <code>tenant_slug</code>) are introduced in request messages without any visible validation/sanitization in the diff, requiring verification that upstream handlers enforce expected formats and authorization boundaries. <details open><summary>Referred Code</summary> ```go // GatewayStatusRequest is sent by agents to push their status to the gateway. type GatewayStatusRequest struct { state protoimpl.MessageState `protogen:"open.v1"` Services []*GatewayServiceStatus `protobuf:"bytes,1,rep,name=services,proto3" json:"services,omitempty"` GatewayId string `protobuf:"bytes,2,opt,name=gateway_id,json=gatewayId,proto3" json:"gateway_id,omitempty"` // Gateway receiving this status AgentId string `protobuf:"bytes,3,opt,name=agent_id,json=agentId,proto3" json:"agent_id,omitempty"` // Agent sending this status Timestamp int64 `protobuf:"varint,4,opt,name=timestamp,proto3" json:"timestamp,omitempty"` Partition string `protobuf:"bytes,5,opt,name=partition,proto3" json:"partition,omitempty"` // Partition identifier SourceIp string `protobuf:"bytes,6,opt,name=source_ip,json=sourceIp,proto3" json:"source_ip,omitempty"` // Host IP where agent is running KvStoreId string `protobuf:"bytes,7,opt,name=kv_store_id,json=kvStoreId,proto3" json:"kv_store_id,omitempty"` // KV store identifier this agent is using TenantId string `protobuf:"bytes,8,opt,name=tenant_id,json=tenantId,proto3" json:"tenant_id,omitempty"` // Tenant UUID for multi-tenant routing TenantSlug string `protobuf:"bytes,9,opt,name=tenant_slug,json=tenantSlug,proto3" json:"tenant_slug,omitempty"` // Tenant slug for NATS subject prefixing unknownFields protoimpl.UnknownFields ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td align="center" colspan="2"> - [ ] Update  </td></tr></tbody></table> <details><summary>Compliance status legend</summary> 🟢 - Fully Compliant 🟡 - Partial Compliant 🔴 - Not Compliant ⚪ - Requires Further Human Verification 🏷️ - Compliance label </details>

qodo-code-review[bot] commented

2026-01-09 03:01:38 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2231#issuecomment-3726832504
Original created: 2026-01-09T03:01:38Z

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Prevent buffer reuse bug in chunking In `buildResultsChunks`, fix a data corruption bug by ensuring a new backing array is allocated for each `payload` slice, preventing it from being overwritten by subsequent writes to the shared buffer. pkg/sync/service.go [1135-1169] func (s SimpleSyncService) buildResultsChunks( allDeviceUpdates []models.DeviceUpdate, sequence string, ) ([]*proto.ResultsChunk, error) { ... var payloads [][]byte var buf bytes.Buffer deviceCount := 0 flush := func() { if deviceCount == 0 { return } _ = buf.WriteByte(']') - payload := make([]byte, buf.Len()) - copy(payload, buf.Bytes()) + // Use append to a nil slice to force a new allocation and copy, + // preventing the underlying array from being overwritten by buf.Reset(). + payload := append([]byte(nil), buf.Bytes()...) payloads = append(payloads, payload) buf.Reset() deviceCount = 0 } ... `[To ensure code accuracy, apply this suggestion manually]` Suggestion importance[1-10]: 9 __ Why: The suggestion correctly identifies a critical bug where `buf.Reset()` does not clear the underlying array, causing subsequent writes to corrupt previously created `payload` slices that share the same backing array. This would lead to data corruption in the generated chunks.	High
	✅ ~~Use idiomatic error check for stream~~ Suggestion Impact: Updated the stream receive error handling to use errors.Is(err, io.EOF) instead of comparing err.Error() to "EOF", and added the missing io import. code diff: `@@ -20,6 +20,7 @@ "context" "errors" "fmt" + "io" "net" "os" "strings" @@ -999,7 +1000,7 @@ for { chunk, err := stream.Recv() if err != nil { - if err.Error() == "EOF" { + if errors.Is(err, io.EOF) { break }` Replace the string comparison `err.Error() == "EOF"` with the idiomatic `errors.Is(err, io.EOF)` to reliably detect the end of a gRPC stream. pkg/core/gateways.go [1001-1007] `if err != nil { - if err.Error() == "EOF" { + if errors.Is(err, io.EOF) { break } return nil, metadata, fmt.Errorf("error receiving stream chunk: %w", err) }` `[To ensure code accuracy, apply this suggestion manually]` Suggestion importance[1-10]: 6 __ Why: This suggestion is correct and improves code robustness by replacing a brittle string comparison (`err.Error() == "EOF"`) with the idiomatic `errors.Is(err, io.EOF)` for checking the end of a stream.	Low
	Avoid potential deadlock in config update In `UpdateConfig`, move the creation of new integrations outside the `configMu` lock to reduce lock contention and minimize the critical section. pkg/sync/service.go [372-404] func (s SimpleSyncService) UpdateConfig(newCfg Config) { if newCfg == nil { return + } + + // Create new integrations outside the lock to avoid potential deadlocks + // and reduce lock contention. + newSources := make(map[string]Integration) + agentID := newCfg.AgentID + gatewayID := newCfg.GatewayID + for name, src := range newCfg.Sources { + if f, ok := s.registry[src.Type]; ok { + newSources[name] = s.createIntegration(s.ctx, src, f, agentID, gatewayID) + } } s.configMu.Lock() defer s.configMu.Unlock() // Check interval changes newDisc := time.Duration(newCfg.DiscoveryInterval) newUpd := time.Duration(newCfg.UpdateInterval) intervalsChanged := (newDisc != s.discoveryInterval) \|\| (newUpd != s.armisUpdateInterval) s.discoveryInterval = newDisc s.armisUpdateInterval = newUpd - // Rebuild integrations even when sources are cleared. - // Use fallback values from the new config being applied. - agentID := newCfg.AgentID - gatewayID := newCfg.GatewayID - s.sources = make(map[string]Integration) - for name, src := range newCfg.Sources { - if f, ok := s.registry[src.Type]; ok { - s.sources[name] = s.createIntegration(s.ctx, src, f, agentID, gatewayID) - } - } + + // Atomically swap the integrations + s.sources = newSources + if intervalsChanged { select { case s.reloadChan <- struct{}{}: default: s.logger.Debug().Msg("Reload channel full; skipping reload trigger") } } s.config = *newCfg } `[To ensure code accuracy, apply this suggestion manually]` Suggestion importance[1-10]: 5 __ Why: The suggestion's reasoning about a specific deadlock path is incorrect, as `createIntegration` does not call `GetEffectiveDiscoveryInterval`. However, the proposed change correctly applies a best practice of minimizing lock duration by performing expensive operations (integration creation) outside the critical section, which reduces lock contention and improves maintainability.	Low
	Use a valid base context Replace the call to `context.WithoutCancel` with `context.Background()` to create a valid base context for the background goroutine, preventing potential compilation errors. pkg/core/gateways.go [617-619] `-// Run in a separate goroutine to not block the main status report flow. -// Create a detached context but preserve trace information -detachedCtx := context.WithoutCancel(ctx) +detachedCtx := context.Background() s.registerServiceOrCoreDevice(detachedCtx, req.GatewayId, req.Partition, normalizedIP, services, now)` `[To ensure code accuracy, apply this suggestion manually]` Suggestion importance[1-10]: 5 __ Why: The suggestion correctly identifies that `context.WithoutCancel` is a new function and might not be available, proposing `context.Background()` as a fix, which is a valid approach to detach a background task's lifecycle.	Low
General	✅ ~~Bubble enrollment-pending error~~ Suggestion Impact: Removed the special-case block that returned nil when ensureGatewayEnrolled() returned errGatewayNotEnrolled, causing the error to be propagated upward (and added the explanatory comment). code diff: `@@ -918,10 +918,8 @@ return err } + // Propagate enrollment-pending so Start() can defer bootstrap if err := s.ensureGatewayEnrolled(ctx); err != nil { - if errors.Is(err, errGatewayNotEnrolled) { - return nil - } return err }` In `bootstrapGatewayConfig`, propagate the `errGatewayNotEnrolled` error instead of swallowing it, allowing the calling `Start` function to correctly handle the pending enrollment state. pkg/sync/service.go [912-929] `func (s *SimpleSyncService) bootstrapGatewayConfig(ctx context.Context) error { if s.gatewayClient == nil { return nil } if err := s.ensureGatewayConnected(ctx); err != nil { return err } + // Propagate enrollment-pending so Start() can defer bootstrap if err := s.ensureGatewayEnrolled(ctx); err != nil { - if errors.Is(err, errGatewayNotEnrolled) { - return nil - } return err } return s.fetchAndApplyConfig(ctx) }` `[To ensure code accuracy, apply this suggestion manually]` Suggestion importance[1-10]: 8 __ Why: The suggestion correctly points out that swallowing `errGatewayNotEnrolled` breaks the intended logic in the `Start` function, which relies on this error to defer configuration bootstrapping. Propagating the error is critical for the correct startup behavior.	Medium
	Remove redundant tenant fields from message Remove the redundant `TenantId` and `TenantSlug` fields from the `GatewayServiceStatus` message, as they are already present in parent messages. proto/monitoring.pb.go [1113-1130] // GatewayServiceStatus represents a single service status pushed by an agent. type GatewayServiceStatus struct { state protoimpl.MessageState `protogen:"open.v1"` ServiceName string `protobuf:"bytes,1,opt,name=service_name,json=serviceName,proto3" json:"service_name,omitempty"` Available bool `protobuf:"varint,2,opt,name=available,proto3" json:"available,omitempty"` Message []byte `protobuf:"bytes,3,opt,name=message,proto3" json:"message,omitempty"` ServiceType string `protobuf:"bytes,4,opt,name=service_type,json=serviceType,proto3" json:"service_type,omitempty"` ResponseTime int64 `protobuf:"varint,5,opt,name=response_time,json=responseTime,proto3" json:"response_time,omitempty"` AgentId string `protobuf:"bytes,6,opt,name=agent_id,json=agentId,proto3" json:"agent_id,omitempty"` // Agent ID for traceability GatewayId string `protobuf:"bytes,7,opt,name=gateway_id,json=gatewayId,proto3" json:"gateway_id,omitempty"` // Gateway ID for traceability Partition string `protobuf:"bytes,8,opt,name=partition,proto3" json:"partition,omitempty"` // Partition identifier Source string `protobuf:"bytes,9,opt,name=source,proto3" json:"source,omitempty"` // Source of the message: "status" or "results" KvStoreId string `protobuf:"bytes,10,opt,name=kv_store_id,json=kvStoreId,proto3" json:"kv_store_id,omitempty"` // KV store identifier this service is using - TenantId string `protobuf:"bytes,11,opt,name=tenant_id,json=tenantId,proto3" json:"tenant_id,omitempty"` // Tenant UUID for multi-tenant routing - TenantSlug string `protobuf:"bytes,12,opt,name=tenant_slug,json=tenantSlug,proto3" json:"tenant_slug,omitempty"` // Tenant slug for NATS subject prefixing unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } `[To ensure code accuracy, apply this suggestion manually]` Suggestion importance[1-10]: 7 __ Why: The suggestion correctly identifies data redundancy in the Protobuf message design, which impacts payload size and data consistency, and proposes a valid improvement.	Medium
	Regenerate Protobuf Go file Ensure the `monitoring.pb.go` file is not manually edited by regenerating it from the source `.proto` file. proto/monitoring.pb.go [827-840] -type GatewayStatusRequest struct { - state protoimpl.MessageState `protogen:"open.v1"` - Services []*GatewayServiceStatus `protobuf:"bytes,1,rep,name=services,proto3" json:"services,omitempty"` - GatewayId string `protobuf:"bytes,2,opt,name=gateway_id,json=gatewayId,proto3" json:"gateway_id,omitempty"` // Gateway receiving this status - AgentId string `protobuf:"bytes,3,opt,name=agent_id,json=agentId,proto3" json:"agent_id,omitempty"` // Agent sending this status - Timestamp int64 `protobuf:"varint,4,opt,name=timestamp,proto3" json:"timestamp,omitempty"` - Partition string `protobuf:"bytes,5,opt,name=partition,proto3" json:"partition,omitempty"` // Partition identifier - SourceIp string `protobuf:"bytes,6,opt,name=source_ip,json=sourceIp,proto3" json:"source_ip,omitempty"` // Host IP where agent is running - KvStoreId string `protobuf:"bytes,7,opt,name=kv_store_id,json=kvStoreId,proto3" json:"kv_store_id,omitempty"` // KV store identifier this agent is using - TenantId string `protobuf:"bytes,8,opt,name=tenant_id,json=tenantId,proto3" json:"tenant_id,omitempty"` // Tenant UUID for multi-tenant routing - TenantSlug string `protobuf:"bytes,9,opt,name=tenant_slug,json=tenantSlug,proto3" json:"tenant_slug,omitempty"` // Tenant slug for NATS subject prefixing - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache -} +# no manual edits; regenerate entire file via protoc `[To ensure code accuracy, apply this suggestion manually]` Suggestion importance[1-10]: 7 __ Why: The suggestion provides a critical best practice for working with generated code, correctly advising to modify the source `.proto` file rather than the output, which is what the PR author has already done.	Medium
Update

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2231#issuecomment-3726832504 Original created: 2026-01-09T03:01:38Z --- ## PR Code Suggestions ✨  Explore these optional code suggestions: <table><thead><tr><td>Category</td><td align=left>Suggestion                                                                                                                                    </td><td align=center>Impact</td></tr><tbody><tr><td rowspan=4>Possible issue</td> <td> <details><summary>Prevent buffer reuse bug in chunking</summary> ___ **In <code>buildResultsChunks</code>, fix a data corruption bug by ensuring a new backing array is allocated for each <code>payload</code> slice, preventing it from being overwritten by subsequent writes to the shared buffer.** [pkg/sync/service.go [1135-1169]](https://github.com/carverauto/serviceradar/pull/2231/files#diff-b4ea5a5b3d811fa94c6a84c71c0ddb920ce177a376d13cb776f05dd6017c4c7eR1135-R1169) ```diff func (s *SimpleSyncService) buildResultsChunks( allDeviceUpdates []*models.DeviceUpdate, sequence string, ) ([]*proto.ResultsChunk, error) { ... var payloads [][]byte var buf bytes.Buffer deviceCount := 0 flush := func() { if deviceCount == 0 { return } _ = buf.WriteByte(']') - payload := make([]byte, buf.Len()) - copy(payload, buf.Bytes()) + // Use append to a nil slice to force a new allocation and copy, + // preventing the underlying array from being overwritten by buf.Reset(). + payload := append([]byte(nil), buf.Bytes()...) payloads = append(payloads, payload) buf.Reset() deviceCount = 0 } ... ``` `[To ensure code accuracy, apply this suggestion manually]` <details><summary>Suggestion importance[1-10]: 9</summary> __ Why: The suggestion correctly identifies a critical bug where `buf.Reset()` does not clear the underlying array, causing subsequent writes to corrupt previously created `payload` slices that share the same backing array. This would lead to data corruption in the generated chunks. </details></details></td><td align=center>High </td></tr><tr><td> <details><summary>✅ <s>Use idiomatic error check for stream</s></summary> ___ <details><summary>Suggestion Impact:</summary>Updated the stream receive error handling to use errors.Is(err, io.EOF) instead of comparing err.Error() to "EOF", and added the missing io import. code diff: ```diff @@ -20,6 +20,7 @@ "context" "errors" "fmt" + "io" "net" "os" "strings" @@ -999,7 +1000,7 @@ for { chunk, err := stream.Recv() if err != nil { - if err.Error() == "EOF" { + if errors.Is(err, io.EOF) { break } ``` </details> ___ **Replace the string comparison <code>err.Error() == "EOF"</code> with the idiomatic <code>errors.Is(err, io.EOF)</code> to reliably detect the end of a gRPC stream.** [pkg/core/gateways.go [1001-1007]](https://github.com/carverauto/serviceradar/pull/2231/files#diff-260332914ad2238e720f4637a71b0f9f01e899102bc6b37f7827782e56b0b5c0R1001-R1007) ```diff if err != nil { - if err.Error() == "EOF" { + if errors.Is(err, io.EOF) { break } return nil, metadata, fmt.Errorf("error receiving stream chunk: %w", err) } ``` `[To ensure code accuracy, apply this suggestion manually]` <details><summary>Suggestion importance[1-10]: 6</summary> __ Why: This suggestion is correct and improves code robustness by replacing a brittle string comparison (`err.Error() == "EOF"`) with the idiomatic `errors.Is(err, io.EOF)` for checking the end of a stream. </details></details></td><td align=center>Low </td></tr><tr><td> <details><summary>Avoid potential deadlock in config update</summary> ___ **In <code>UpdateConfig</code>, move the creation of new integrations outside the <code>configMu</code> lock to reduce lock contention and minimize the critical section.** [pkg/sync/service.go [372-404]](https://github.com/carverauto/serviceradar/pull/2231/files#diff-b4ea5a5b3d811fa94c6a84c71c0ddb920ce177a376d13cb776f05dd6017c4c7eR372-R404) ```diff func (s *SimpleSyncService) UpdateConfig(newCfg *Config) { if newCfg == nil { return + } + + // Create new integrations outside the lock to avoid potential deadlocks + // and reduce lock contention. + newSources := make(map[string]Integration) + agentID := newCfg.AgentID + gatewayID := newCfg.GatewayID + for name, src := range newCfg.Sources { + if f, ok := s.registry[src.Type]; ok { + newSources[name] = s.createIntegration(s.ctx, src, f, agentID, gatewayID) + } } s.configMu.Lock() defer s.configMu.Unlock() // Check interval changes newDisc := time.Duration(newCfg.DiscoveryInterval) newUpd := time.Duration(newCfg.UpdateInterval) intervalsChanged := (newDisc != s.discoveryInterval) || (newUpd != s.armisUpdateInterval) s.discoveryInterval = newDisc s.armisUpdateInterval = newUpd - // Rebuild integrations even when sources are cleared. - // Use fallback values from the new config being applied. - agentID := newCfg.AgentID - gatewayID := newCfg.GatewayID - s.sources = make(map[string]Integration) - for name, src := range newCfg.Sources { - if f, ok := s.registry[src.Type]; ok { - s.sources[name] = s.createIntegration(s.ctx, src, f, agentID, gatewayID) - } - } + + // Atomically swap the integrations + s.sources = newSources + if intervalsChanged { select { case s.reloadChan <- struct{}{}: default: s.logger.Debug().Msg("Reload channel full; skipping reload trigger") } } s.config = *newCfg } ``` `[To ensure code accuracy, apply this suggestion manually]` <details><summary>Suggestion importance[1-10]: 5</summary> __ Why: The suggestion's reasoning about a specific deadlock path is incorrect, as `createIntegration` does not call `GetEffectiveDiscoveryInterval`. However, the proposed change correctly applies a best practice of minimizing lock duration by performing expensive operations (integration creation) outside the critical section, which reduces lock contention and improves maintainability. </details></details></td><td align=center>Low </td></tr><tr><td> <details><summary>Use a valid base context</summary> ___ **Replace the call to <code>context.WithoutCancel</code> with <code>context.Background()</code> to create a valid base context for the background goroutine, preventing potential compilation errors.** [pkg/core/gateways.go [617-619]](https://github.com/carverauto/serviceradar/pull/2231/files#diff-260332914ad2238e720f4637a71b0f9f01e899102bc6b37f7827782e56b0b5c0R617-R619) ```diff -// Run in a separate goroutine to not block the main status report flow. -// Create a detached context but preserve trace information -detachedCtx := context.WithoutCancel(ctx) +detachedCtx := context.Background() s.registerServiceOrCoreDevice(detachedCtx, req.GatewayId, req.Partition, normalizedIP, services, now) ``` `[To ensure code accuracy, apply this suggestion manually]` <details><summary>Suggestion importance[1-10]: 5</summary> __ Why: The suggestion correctly identifies that `context.WithoutCancel` is a new function and might not be available, proposing `context.Background()` as a fix, which is a valid approach to detach a background task's lifecycle. </details></details></td><td align=center>Low </td></tr><tr><td rowspan=3>General</td> <td> <details><summary>✅ <s>Bubble enrollment-pending error</s></summary> ___ <details><summary>Suggestion Impact:</summary>Removed the special-case block that returned nil when ensureGatewayEnrolled() returned errGatewayNotEnrolled, causing the error to be propagated upward (and added the explanatory comment). code diff: ```diff @@ -918,10 +918,8 @@ return err } + // Propagate enrollment-pending so Start() can defer bootstrap if err := s.ensureGatewayEnrolled(ctx); err != nil { - if errors.Is(err, errGatewayNotEnrolled) { - return nil - } return err } ``` </details> ___ **In <code>bootstrapGatewayConfig</code>, propagate the <code>errGatewayNotEnrolled</code> error instead of swallowing it, allowing the calling <code>Start</code> function to correctly handle the pending enrollment state.** [pkg/sync/service.go [912-929]](https://github.com/carverauto/serviceradar/pull/2231/files#diff-b4ea5a5b3d811fa94c6a84c71c0ddb920ce177a376d13cb776f05dd6017c4c7eR912-R929) ```diff func (s *SimpleSyncService) bootstrapGatewayConfig(ctx context.Context) error { if s.gatewayClient == nil { return nil } if err := s.ensureGatewayConnected(ctx); err != nil { return err } + // Propagate enrollment-pending so Start() can defer bootstrap if err := s.ensureGatewayEnrolled(ctx); err != nil { - if errors.Is(err, errGatewayNotEnrolled) { - return nil - } return err } return s.fetchAndApplyConfig(ctx) } ``` `[To ensure code accuracy, apply this suggestion manually]` <details><summary>Suggestion importance[1-10]: 8</summary> __ Why: The suggestion correctly points out that swallowing `errGatewayNotEnrolled` breaks the intended logic in the `Start` function, which relies on this error to defer configuration bootstrapping. Propagating the error is critical for the correct startup behavior. </details></details></td><td align=center>Medium </td></tr><tr><td> <details><summary>Remove redundant tenant fields from message</summary> ___ **Remove the redundant <code>TenantId</code> and <code>TenantSlug</code> fields from the <code>GatewayServiceStatus</code> message, as they are already present in parent messages.** [proto/monitoring.pb.go [1113-1130]](https://github.com/carverauto/serviceradar/pull/2231/files#diff-4f7e955b42854cc9cf3fb063b95e58a04f36271e6a0c1cb42ea6d7953dd96cc4R1113-R1130) ```diff // GatewayServiceStatus represents a single service status pushed by an agent. type GatewayServiceStatus struct { state protoimpl.MessageState `protogen:"open.v1"` ServiceName string `protobuf:"bytes,1,opt,name=service_name,json=serviceName,proto3" json:"service_name,omitempty"` Available bool `protobuf:"varint,2,opt,name=available,proto3" json:"available,omitempty"` Message []byte `protobuf:"bytes,3,opt,name=message,proto3" json:"message,omitempty"` ServiceType string `protobuf:"bytes,4,opt,name=service_type,json=serviceType,proto3" json:"service_type,omitempty"` ResponseTime int64 `protobuf:"varint,5,opt,name=response_time,json=responseTime,proto3" json:"response_time,omitempty"` AgentId string `protobuf:"bytes,6,opt,name=agent_id,json=agentId,proto3" json:"agent_id,omitempty"` // Agent ID for traceability GatewayId string `protobuf:"bytes,7,opt,name=gateway_id,json=gatewayId,proto3" json:"gateway_id,omitempty"` // Gateway ID for traceability Partition string `protobuf:"bytes,8,opt,name=partition,proto3" json:"partition,omitempty"` // Partition identifier Source string `protobuf:"bytes,9,opt,name=source,proto3" json:"source,omitempty"` // Source of the message: "status" or "results" KvStoreId string `protobuf:"bytes,10,opt,name=kv_store_id,json=kvStoreId,proto3" json:"kv_store_id,omitempty"` // KV store identifier this service is using - TenantId string `protobuf:"bytes,11,opt,name=tenant_id,json=tenantId,proto3" json:"tenant_id,omitempty"` // Tenant UUID for multi-tenant routing - TenantSlug string `protobuf:"bytes,12,opt,name=tenant_slug,json=tenantSlug,proto3" json:"tenant_slug,omitempty"` // Tenant slug for NATS subject prefixing unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } ``` `[To ensure code accuracy, apply this suggestion manually]` <details><summary>Suggestion importance[1-10]: 7</summary> __ Why: The suggestion correctly identifies data redundancy in the Protobuf message design, which impacts payload size and data consistency, and proposes a valid improvement. </details></details></td><td align=center>Medium </td></tr><tr><td> <details><summary>Regenerate Protobuf Go file</summary> ___ **Ensure the <code>monitoring.pb.go</code> file is not manually edited by regenerating it from the source <code>.proto</code> file.** [proto/monitoring.pb.go [827-840]](https://github.com/carverauto/serviceradar/pull/2231/files#diff-4f7e955b42854cc9cf3fb063b95e58a04f36271e6a0c1cb42ea6d7953dd96cc4R827-R840) ```diff -type GatewayStatusRequest struct { - state protoimpl.MessageState `protogen:"open.v1"` - Services []*GatewayServiceStatus `protobuf:"bytes,1,rep,name=services,proto3" json:"services,omitempty"` - GatewayId string `protobuf:"bytes,2,opt,name=gateway_id,json=gatewayId,proto3" json:"gateway_id,omitempty"` // Gateway receiving this status - AgentId string `protobuf:"bytes,3,opt,name=agent_id,json=agentId,proto3" json:"agent_id,omitempty"` // Agent sending this status - Timestamp int64 `protobuf:"varint,4,opt,name=timestamp,proto3" json:"timestamp,omitempty"` - Partition string `protobuf:"bytes,5,opt,name=partition,proto3" json:"partition,omitempty"` // Partition identifier - SourceIp string `protobuf:"bytes,6,opt,name=source_ip,json=sourceIp,proto3" json:"source_ip,omitempty"` // Host IP where agent is running - KvStoreId string `protobuf:"bytes,7,opt,name=kv_store_id,json=kvStoreId,proto3" json:"kv_store_id,omitempty"` // KV store identifier this agent is using - TenantId string `protobuf:"bytes,8,opt,name=tenant_id,json=tenantId,proto3" json:"tenant_id,omitempty"` // Tenant UUID for multi-tenant routing - TenantSlug string `protobuf:"bytes,9,opt,name=tenant_slug,json=tenantSlug,proto3" json:"tenant_slug,omitempty"` // Tenant slug for NATS subject prefixing - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache -} +# no manual edits; regenerate entire file via protoc ``` `[To ensure code accuracy, apply this suggestion manually]` <details><summary>Suggestion importance[1-10]: 7</summary> __ Why: The suggestion provides a critical best practice for working with generated code, correctly advising to modify the source `.proto` file rather than the output, which is what the PR author has already done. </details></details></td><td align=center>Medium </td></tr> <tr><td align="center" colspan="2"> - [ ] Update  </td><td></td></tr></tbody></table>

qodo-code-review[bot] commented

2026-01-09 04:25:41 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2231#issuecomment-3727140590
Original created: 2026-01-09T04:25:41Z

CI Feedback 🧐

(Feedback updated until commit `github.com/carverauto/serviceradar@9b433887d6`)

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: build

Failed stage: Configure SRQL fixture database for tests [❌]

Failed test name: ""

Failure summary:

The action failed because a required secret for TLS verification was missing:
- The job exited with
code 1 after printing: SRQL_TEST_DATABASE_CA_CERT secret must be configured to verify SRQL fixture
TLS. (log line 671).
- The environment shows SRQL_TEST_DATABASE_CA_CERT: is empty, so the workflow
cannot verify the SRQL test fixture database TLS connection and aborts.

Relevant error logs:

1:  Runner name: 'arc-runner-set-2tp2m-runner-k4cvn'
2:  Runner group name: 'Default'
...

174:  ^[[36;1mif command -v apt-get >/dev/null 2>&1; then^[[0m
175:  ^[[36;1m  sudo apt-get update^[[0m
176:  ^[[36;1m  sudo apt-get install -y build-essential pkg-config libssl-dev protobuf-compiler cmake flex bison^[[0m
177:  ^[[36;1melif command -v dnf >/dev/null 2>&1; then^[[0m
178:  ^[[36;1m  sudo dnf install -y gcc gcc-c++ make openssl-devel protobuf-compiler cmake flex bison^[[0m
179:  ^[[36;1melif command -v yum >/dev/null 2>&1; then^[[0m
180:  ^[[36;1m  sudo yum install -y gcc gcc-c++ make openssl-devel protobuf-compiler cmake flex bison^[[0m
181:  ^[[36;1melif command -v microdnf >/dev/null 2>&1; then^[[0m
182:  ^[[36;1m  sudo microdnf install -y gcc gcc-c++ make openssl-devel protobuf-compiler cmake flex bison^[[0m
183:  ^[[36;1melse^[[0m
184:  ^[[36;1m  echo "Unsupported package manager; please install gcc, g++ (or clang), make, OpenSSL headers, pkg-config, and protoc manually." >&2^[[0m
185:  ^[[36;1m  exit 1^[[0m
186:  ^[[36;1mfi^[[0m
187:  ^[[36;1m^[[0m
188:  ^[[36;1mensure_pkg_config^[[0m
189:  ^[[36;1mprotoc --version || (echo "protoc installation failed" && exit 1)^[[0m
190:  shell: /usr/bin/bash -e {0}
...

351:  shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
352:  env:
353:  BUILDBUDDY_ORG_API_KEY: ***
354:  SRQL_TEST_DATABASE_URL: ***
355:  SRQL_TEST_ADMIN_URL: ***
356:  SRQL_TEST_DATABASE_CA_CERT: 
357:  DOCKERHUB_USERNAME: ***
358:  DOCKERHUB_TOKEN: ***
359:  TEST_CNPG_DATABASE: serviceradar_web_ng_test
360:  INSTALL_DIR_FOR_OTP: /home/runner/_work/_temp/.setup-beam/otp
361:  INSTALL_DIR_FOR_ELIXIR: /home/runner/_work/_temp/.setup-beam/elixir
362:  ##[endgroup]
363:  ##[group]Run : install rustup if needed
364:  ^[[36;1m: install rustup if needed^[[0m
365:  ^[[36;1mif ! command -v rustup &>/dev/null; then^[[0m
366:  ^[[36;1m  curl --proto '=https' --tlsv1.2 --retry 10 --retry-connrefused --location --silent --show-error --fail https://sh.rustup.rs | sh -s -- --default-toolchain none -y^[[0m
367:  ^[[36;1m  echo "$CARGO_HOME/bin" >> $GITHUB_PATH^[[0m
...

507:  shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
508:  env:
509:  BUILDBUDDY_ORG_API_KEY: ***
510:  SRQL_TEST_DATABASE_URL: ***
511:  SRQL_TEST_ADMIN_URL: ***
512:  SRQL_TEST_DATABASE_CA_CERT: 
513:  DOCKERHUB_USERNAME: ***
514:  DOCKERHUB_TOKEN: ***
515:  TEST_CNPG_DATABASE: serviceradar_web_ng_test
516:  INSTALL_DIR_FOR_OTP: /home/runner/_work/_temp/.setup-beam/otp
517:  INSTALL_DIR_FOR_ELIXIR: /home/runner/_work/_temp/.setup-beam/elixir
518:  CARGO_HOME: /home/runner/.cargo
519:  CARGO_INCREMENTAL: 0
520:  CARGO_TERM_COLOR: always
521:  ##[endgroup]
522:  ##[group]Run : work around spurious network errors in curl 8.0
523:  ^[[36;1m: work around spurious network errors in curl 8.0^[[0m
524:  ^[[36;1m# https://rust-lang.zulipchat.com/#narrow/stream/246057-t-cargo/topic/timeout.20investigation^[[0m
...

575:  SRQL_TEST_DATABASE_CA_CERT: 
576:  DOCKERHUB_USERNAME: ***
577:  DOCKERHUB_TOKEN: ***
578:  TEST_CNPG_DATABASE: serviceradar_web_ng_test
579:  INSTALL_DIR_FOR_OTP: /home/runner/_work/_temp/.setup-beam/otp
580:  INSTALL_DIR_FOR_ELIXIR: /home/runner/_work/_temp/.setup-beam/elixir
581:  CARGO_HOME: /home/runner/.cargo
582:  CARGO_INCREMENTAL: 0
583:  CARGO_TERM_COLOR: always
584:  ##[endgroup]
585:  Attempting to download 1.x...
586:  Acquiring v1.27.0 from https://github.com/bazelbuild/bazelisk/releases/download/v1.27.0/bazelisk-linux-amd64
587:  Adding to the cache ...
588:  Successfully cached bazelisk to /home/runner/_work/_tool/bazelisk/1.27.0/x64
589:  Added bazelisk to the path
590:  ##[warning]Failed to restore: Cache service responded with 400
591:  Restored bazelisk cache dir @ /home/runner/.cache/bazelisk
...

657:  env:
658:  BUILDBUDDY_ORG_API_KEY: ***
659:  SRQL_TEST_DATABASE_URL: ***
660:  SRQL_TEST_ADMIN_URL: ***
661:  SRQL_TEST_DATABASE_CA_CERT: 
662:  DOCKERHUB_USERNAME: ***
663:  DOCKERHUB_TOKEN: ***
664:  TEST_CNPG_DATABASE: serviceradar_web_ng_test
665:  INSTALL_DIR_FOR_OTP: /home/runner/_work/_temp/.setup-beam/otp
666:  INSTALL_DIR_FOR_ELIXIR: /home/runner/_work/_temp/.setup-beam/elixir
667:  CARGO_HOME: /home/runner/.cargo
668:  CARGO_INCREMENTAL: 0
669:  CARGO_TERM_COLOR: always
670:  ##[endgroup]
671:  SRQL_TEST_DATABASE_CA_CERT secret must be configured to verify SRQL fixture TLS.
672:  ##[error]Process completed with exit code 1.
673:  Post job cleanup.

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2231#issuecomment-3727140590 Original created: 2026-01-09T04:25:41Z --- ## CI Feedback 🧐 #### (Feedback updated until commit https://github.com/carverauto/serviceradar/commit/9b433887d6aa89860bfab4b1fe2c1f38df6fa3d4) A test triggered by this PR failed. Here is an AI-generated analysis of the failure: <table><tr><td> **Action:** build</td></tr> <tr><td> **Failed stage:** [Configure SRQL fixture database for tests](https://github.com/carverauto/serviceradar/actions/runs/20841151705/job/59875649426) [❌] </td></tr> <tr><td> **Failed test name:** "" </td></tr> <tr><td> **Failure summary:** The action failed because a required secret for TLS verification was missing: - The job exited with code <code>1</code> after printing: <code>SRQL_TEST_DATABASE_CA_CERT secret must be configured to verify SRQL fixture </code> <code>TLS.</code> (log line 671). - The environment shows <code>SRQL_TEST_DATABASE_CA_CERT:</code> is empty, so the workflow cannot verify the SRQL test fixture database TLS connection and aborts. </td></tr> <tr><td> <details><summary>Relevant error logs:</summary> ```yaml 1: Runner name: 'arc-runner-set-2tp2m-runner-k4cvn' 2: Runner group name: 'Default' ... 174: ^[[36;1mif command -v apt-get >/dev/null 2>&1; then^[[0m 175: ^[[36;1m sudo apt-get update^[[0m 176: ^[[36;1m sudo apt-get install -y build-essential pkg-config libssl-dev protobuf-compiler cmake flex bison^[[0m 177: ^[[36;1melif command -v dnf >/dev/null 2>&1; then^[[0m 178: ^[[36;1m sudo dnf install -y gcc gcc-c++ make openssl-devel protobuf-compiler cmake flex bison^[[0m 179: ^[[36;1melif command -v yum >/dev/null 2>&1; then^[[0m 180: ^[[36;1m sudo yum install -y gcc gcc-c++ make openssl-devel protobuf-compiler cmake flex bison^[[0m 181: ^[[36;1melif command -v microdnf >/dev/null 2>&1; then^[[0m 182: ^[[36;1m sudo microdnf install -y gcc gcc-c++ make openssl-devel protobuf-compiler cmake flex bison^[[0m 183: ^[[36;1melse^[[0m 184: ^[[36;1m echo "Unsupported package manager; please install gcc, g++ (or clang), make, OpenSSL headers, pkg-config, and protoc manually." >&2^[[0m 185: ^[[36;1m exit 1^[[0m 186: ^[[36;1mfi^[[0m 187: ^[[36;1m^[[0m 188: ^[[36;1mensure_pkg_config^[[0m 189: ^[[36;1mprotoc --version || (echo "protoc installation failed" && exit 1)^[[0m 190: shell: /usr/bin/bash -e {0} ... 351: shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0} 352: env: 353: BUILDBUDDY_ORG_API_KEY: *** 354: SRQL_TEST_DATABASE_URL: *** 355: SRQL_TEST_ADMIN_URL: *** 356: SRQL_TEST_DATABASE_CA_CERT: 357: DOCKERHUB_USERNAME: *** 358: DOCKERHUB_TOKEN: *** 359: TEST_CNPG_DATABASE: serviceradar_web_ng_test 360: INSTALL_DIR_FOR_OTP: /home/runner/_work/_temp/.setup-beam/otp 361: INSTALL_DIR_FOR_ELIXIR: /home/runner/_work/_temp/.setup-beam/elixir 362: ##[endgroup] 363: ##[group]Run : install rustup if needed 364: ^[[36;1m: install rustup if needed^[[0m 365: ^[[36;1mif ! command -v rustup &>/dev/null; then^[[0m 366: ^[[36;1m curl --proto '=https' --tlsv1.2 --retry 10 --retry-connrefused --location --silent --show-error --fail https://sh.rustup.rs | sh -s -- --default-toolchain none -y^[[0m 367: ^[[36;1m echo "$CARGO_HOME/bin" >> $GITHUB_PATH^[[0m ... 507: shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0} 508: env: 509: BUILDBUDDY_ORG_API_KEY: *** 510: SRQL_TEST_DATABASE_URL: *** 511: SRQL_TEST_ADMIN_URL: *** 512: SRQL_TEST_DATABASE_CA_CERT: 513: DOCKERHUB_USERNAME: *** 514: DOCKERHUB_TOKEN: *** 515: TEST_CNPG_DATABASE: serviceradar_web_ng_test 516: INSTALL_DIR_FOR_OTP: /home/runner/_work/_temp/.setup-beam/otp 517: INSTALL_DIR_FOR_ELIXIR: /home/runner/_work/_temp/.setup-beam/elixir 518: CARGO_HOME: /home/runner/.cargo 519: CARGO_INCREMENTAL: 0 520: CARGO_TERM_COLOR: always 521: ##[endgroup] 522: ##[group]Run : work around spurious network errors in curl 8.0 523: ^[[36;1m: work around spurious network errors in curl 8.0^[[0m 524: ^[[36;1m# https://rust-lang.zulipchat.com/#narrow/stream/246057-t-cargo/topic/timeout.20investigation^[[0m ... 575: SRQL_TEST_DATABASE_CA_CERT: 576: DOCKERHUB_USERNAME: *** 577: DOCKERHUB_TOKEN: *** 578: TEST_CNPG_DATABASE: serviceradar_web_ng_test 579: INSTALL_DIR_FOR_OTP: /home/runner/_work/_temp/.setup-beam/otp 580: INSTALL_DIR_FOR_ELIXIR: /home/runner/_work/_temp/.setup-beam/elixir 581: CARGO_HOME: /home/runner/.cargo 582: CARGO_INCREMENTAL: 0 583: CARGO_TERM_COLOR: always 584: ##[endgroup] 585: Attempting to download 1.x... 586: Acquiring v1.27.0 from https://github.com/bazelbuild/bazelisk/releases/download/v1.27.0/bazelisk-linux-amd64 587: Adding to the cache ... 588: Successfully cached bazelisk to /home/runner/_work/_tool/bazelisk/1.27.0/x64 589: Added bazelisk to the path 590: ##[warning]Failed to restore: Cache service responded with 400 591: Restored bazelisk cache dir @ /home/runner/.cache/bazelisk ... 657: env: 658: BUILDBUDDY_ORG_API_KEY: *** 659: SRQL_TEST_DATABASE_URL: *** 660: SRQL_TEST_ADMIN_URL: *** 661: SRQL_TEST_DATABASE_CA_CERT: 662: DOCKERHUB_USERNAME: *** 663: DOCKERHUB_TOKEN: *** 664: TEST_CNPG_DATABASE: serviceradar_web_ng_test 665: INSTALL_DIR_FOR_OTP: /home/runner/_work/_temp/.setup-beam/otp 666: INSTALL_DIR_FOR_ELIXIR: /home/runner/_work/_temp/.setup-beam/elixir 667: CARGO_HOME: /home/runner/.cargo 668: CARGO_INCREMENTAL: 0 669: CARGO_TERM_COLOR: always 670: ##[endgroup] 671: SRQL_TEST_DATABASE_CA_CERT secret must be configured to verify SRQL fixture TLS. 672: ##[error]Process completed with exit code 1. 673: Post job cleanup. ``` </details></td></tr></table>