mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-05-12 05:45:27 +00:00
804a638ea3
Fixes critical issues found by Codex code review:
**1. Fixed file locking race condition (CRITICAL)**
- Lock file was being replaced by atomic rename, invalidating the lock
- New approach: lock a separate `.lock` file that persists across renames
- Ensures concurrent writers (installer + self-heal timer) are properly serialized
- Without this fix, corruption was still possible despite Phase 2
**2. Fixed validation to honor configured allowed_nodes_file path**
- validate command now uses loadConfig() to read actual config
- Respects allowed_nodes_file setting instead of assuming default path
- Prevents false positives/negatives when path is customized
**3. Allow empty allowed_nodes lists**
- Empty lists are valid (admin may clear for security, or rely on IPC validation)
- validate no longer fails on empty lists
- set-allowed-nodes --replace with zero nodes now supported
- Critical for operational flexibility
**4. Installer error propagation**
- update_allowed_nodes failures now exit installer with error
- Prevents silent failures that leave stale allowlists
- Self-heal will abort instead of masking CLI errors
**Technical Details:**
- withLockedFile() now locks `<path>.lock` instead of target file
- Lock held for entire duration of read-modify-write-rename
- atomicWriteFile() completes while lock is still held
- Empty lists represented as `allowed_nodes: []` in YAML
**Testing:**
✅ Lock file created and persists across operations
✅ Empty list can be written with --replace
✅ Validation passes with empty lists
✅ Config path from allowed_nodes_file honored
✅ Concurrent operations properly serialized
These fixes ensure Phase 2 actually eliminates corruption by design.
Identified by Codex code review
Related to Phase 2 commit
|
||
|---|---|---|
| .. | ||
| dev | ||
| lib | ||
| systemd | ||
| tests | ||
| .go-version | ||
| backup-claude-md.sh | ||
| build-release.sh | ||
| bundle.manifest | ||
| bundle.sh | ||
| clean-mock-alerts.sh | ||
| cleanup.sh | ||
| codex-router.sh | ||
| create-sensor-user.sh | ||
| docker-build.sh | ||
| generate-release-notes.sh | ||
| harden-sensor-proxy.sh | ||
| hot-dev.sh | ||
| install-container-agent.sh | ||
| install-docker-agent-v2.sh | ||
| install-docker-agent.sh | ||
| install-docker.sh | ||
| install-go-toolchain.sh | ||
| install-host-agent.ps1 | ||
| install-host-agent.sh | ||
| install-sensor-proxy.sh | ||
| migrate-sensor-proxy-control-plane.sh | ||
| migrate-temperature-proxy.sh | ||
| package-helm-chart.sh | ||
| pulse-auto-update.sh | ||
| pulse-proxy-rotate-keys.sh | ||
| pulse-sensor-cleanup.sh | ||
| pulse-sensor-proxy.service | ||
| run-tests-mock.sh | ||
| secure-sensor-files.sh | ||
| setup-log-forwarding.sh | ||
| sync-production-config.sh | ||
| test-vm-disk.sh | ||
| toggle-mock.sh | ||
| trigger-release.sh | ||
| uninstall-host-agent.ps1 | ||
| uninstall-host-agent.sh | ||
| validate-published-release.sh | ||
| validate-release.sh | ||