chore(deps): bump filippo.io/edwards25519 from 1.1.0 to 1.1.1#1
Merged
Merged
Conversation
Bumps [filippo.io/edwards25519](https://github.com/FiloSottile/edwards25519) from 1.1.0 to 1.1.1. - [Commits](FiloSottile/edwards25519@v1.1.0...v1.1.1) --- updated-dependencies: - dependency-name: filippo.io/edwards25519 dependency-version: 1.1.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
dependabot
Bot
deleted the
dependabot/go_modules/filippo.io/edwards25519-1.1.1
branch
aksOps
added a commit
that referenced
this pull request
Apr 25, 2026
…isolation Reviewer (cf5145d8) requested three changes on commit c839460. Addresses each with verified failure-on-regression checks. #1 — Cross-tenant boot hydration of vector index Previously main.go hydrated the index via repo.GetLogsV2(appCtx, ...) which is tenant-scoped to whatever tenant ctx carries — appCtx has none, so only the default tenant's rows reloaded after restart and find_similar_logs was cold for every other tenant until fresh ERROR logs landed. The new tenant-aware vectorIdx.Add(..., l.TenantID, ...) didn't fix it because the non-default rows were never fetched. - internal/storage/log_repo.go: new ListRecentHighSeverityLogsAllTenants — explicitly cross-tenant administrative read used only by hydration. Each row carries its own TenantID; fan-out happens in the caller. - main.go: hydration now uses the new method so every tenant's warm index survives a restart. - internal/vectordb/index.go: tenant-aware FIFO eviction. At cap, drop up to maxSize/10 of the inserting tenant's oldest rows so a noisy tenant cannot evict another tenant's warm rows (availability isolation; confidentiality is still enforced by doc.Tenant filtering in Search). Brand-new tenants drop one globally-oldest row to claim a first slot. #2 — root_cause_analysis assertion was vacuous internal/mcp/tenant_isolation_test.go:434 passed an empty ownMarker to assertNoLeak, so the merge gate would still pass if the tool regressed to returning [] for every tenant. Now passes ownService (RankedCause carries Service so it must appear in a non-empty response). Verified by sabotaging the handler to return a nil slice — the assertion fails with 'expected own marker "acme-orders" in response, body=null' as designed, then reverted. #3 — Drain cluster-id test didn't actually compare cluster IDs The previous test reused seedTenant (per-tenant service names) and only scanned response text, so a regression that surfaced the same cluster row across tenants would still pass. Rewritten to: - Use one shared service name across both tenants so Drain produces colliding (service, templateID) keys — the SignalStore partition is the only thing keeping rows separate. - Inspect the actual []graphrag.LogClusterNode returned by CorrelatedSignals (not just response text), checking Template + SampleLog content for own-marker presence and foreign-marker absence. - Log the per-tenant cluster IDs so future refactors that change the ID scheme leave a visible audit trail. - End-to-end probe via the MCP HTTP surface remains, asserting the same isolation reaches clients. RAN-20 supporting tests internal/vectordb/index_test.go, internal/api/similar_handler_test.go, internal/mcp/tools_ran20_test.go cover vectordb tenant scoping at three layers (in-memory, REST handler, MCP tool). They were sitting untracked on the branch from the parallel RAN-20 work; bundling them so the follow-up vectordb behavior added here is covered. Verified: - go vet ./... clean - go test ./... clean (full repo) - go test -race ./internal/{mcp,graphrag,vectordb,api}/... clean Co-Authored-By: Paperclip <noreply@paperclip.ing>
aksOps
added a commit
that referenced
this pull request
Apr 25, 2026
…N-20) (#31) * feat(mcp): tenant ctx through GraphRAG handlers + merge-gate isolation test (RAN-39) Threads the tenant resolved by the MCP transport (X-Tenant-ID header → ctx) into every GraphRAG-backed tool handler and adds the merge-gate integration test that asserts cross-tenant isolation for the full GraphRAG-backed MCP surface. mcp/tools.go - get_system_graph and get_service_health now accept ctx and route through GraphRAG.ServiceMap / AllServiceEdges so they pick up RAN-37's per-tenant in-memory partitioning. Legacy svcGraph remains as a fallback path only when GraphRAG isn't wired (boot windows, future test harnesses). - All other GraphRAG handlers were already ctx-threaded after RAN-37/38; no behavior change for those. vectordb/index.go (+ main.go, api/similar_handler.go) - vectordb.Index.Add and Search now take a tenant string; LogVector and SearchResult carry the tenant tag and Search filters by it. RAN-37 already added tenant args at the call sites in graphrag/clustering.go and mcp/tools.go but the matching vectordb signature change had not landed, leaving the branch unbuildable. This closes that gap with the smallest surgical change; the broader vectordb rework remains RAN-20. - main.go now passes l.TenantID into vectorIdx.Add on hydration and the live ingest hook; api/similar_handler resolves tenant from the request context before searching. graphrag/builder.go - New RegisterAnomaly(tenant, AnomalyNode) — small public API symmetric with PersistInvestigation, used by the new isolation test to seed per-tenant anomalies without depending on the throttled detector loop. mcp/tenant_isolation_test.go - Stands up an in-process MCP server (httptest) wired to GraphRAG over in-memory SQLite, seeds three tenants (acme, beta, default) with overlapping service_name / trace_id / span_id / Drain template / log body / snapshot, and exercises every GraphRAG-backed tool — get_service_map, get_service_health, get_error_chains, trace_graph, impact_analysis, root_cause_analysis, correlated_signals, get_anomaly_timeline, get_investigations, get_investigation (own + cross-tenant id-guess), get_graph_snapshot, find_similar_logs, get_system_graph — three times each (X-Tenant-ID acme, X-Tenant-ID beta, no header → DefaultTenantID). Each response is scanned for the caller's own tenant marker and for any other seeded tenant's marker (service name, log body, op name, anomaly evidence, snapshot id) to prove no cross-tenant leak. Verified: go vet ./... clean; go test ./... clean; go test -race ./internal/{mcp,graphrag}/... clean. Co-Authored-By: Paperclip <noreply@paperclip.ing> * fix(mcp,vectordb): RAN-39 reviewer follow-ups + RAN-20 vector tenant isolation Reviewer (cf5145d8) requested three changes on commit c839460. Addresses each with verified failure-on-regression checks. #1 — Cross-tenant boot hydration of vector index Previously main.go hydrated the index via repo.GetLogsV2(appCtx, ...) which is tenant-scoped to whatever tenant ctx carries — appCtx has none, so only the default tenant's rows reloaded after restart and find_similar_logs was cold for every other tenant until fresh ERROR logs landed. The new tenant-aware vectorIdx.Add(..., l.TenantID, ...) didn't fix it because the non-default rows were never fetched. - internal/storage/log_repo.go: new ListRecentHighSeverityLogsAllTenants — explicitly cross-tenant administrative read used only by hydration. Each row carries its own TenantID; fan-out happens in the caller. - main.go: hydration now uses the new method so every tenant's warm index survives a restart. - internal/vectordb/index.go: tenant-aware FIFO eviction. At cap, drop up to maxSize/10 of the inserting tenant's oldest rows so a noisy tenant cannot evict another tenant's warm rows (availability isolation; confidentiality is still enforced by doc.Tenant filtering in Search). Brand-new tenants drop one globally-oldest row to claim a first slot. #2 — root_cause_analysis assertion was vacuous internal/mcp/tenant_isolation_test.go:434 passed an empty ownMarker to assertNoLeak, so the merge gate would still pass if the tool regressed to returning [] for every tenant. Now passes ownService (RankedCause carries Service so it must appear in a non-empty response). Verified by sabotaging the handler to return a nil slice — the assertion fails with 'expected own marker "acme-orders" in response, body=null' as designed, then reverted. #3 — Drain cluster-id test didn't actually compare cluster IDs The previous test reused seedTenant (per-tenant service names) and only scanned response text, so a regression that surfaced the same cluster row across tenants would still pass. Rewritten to: - Use one shared service name across both tenants so Drain produces colliding (service, templateID) keys — the SignalStore partition is the only thing keeping rows separate. - Inspect the actual []graphrag.LogClusterNode returned by CorrelatedSignals (not just response text), checking Template + SampleLog content for own-marker presence and foreign-marker absence. - Log the per-tenant cluster IDs so future refactors that change the ID scheme leave a visible audit trail. - End-to-end probe via the MCP HTTP surface remains, asserting the same isolation reaches clients. RAN-20 supporting tests internal/vectordb/index_test.go, internal/api/similar_handler_test.go, internal/mcp/tools_ran20_test.go cover vectordb tenant scoping at three layers (in-memory, REST handler, MCP tool). They were sitting untracked on the branch from the parallel RAN-20 work; bundling them so the follow-up vectordb behavior added here is covered. Verified: - go vet ./... clean - go test ./... clean (full repo) - go test -race ./internal/{mcp,graphrag,vectordb,api}/... clean Co-Authored-By: Paperclip <noreply@paperclip.ing> * fix(mcp,graphrag): wire tenant from ctx into vectordb.Search call sites (RAN-20) The vectordb.Index.Search signature went tenant-aware in the prior commit but two call sites still used the legacy 2-arg form, leaving the branch unbuildable: - internal/mcp/tools.go: toolFindSimilarLogs had a TODO(RAN-20) marker and `_ = ctx`. Now resolves tenant via storage.TenantFromContext on mcpCtx(ctx) and passes it to Search. - internal/graphrag/clustering.go: SimilarErrors had the same TODO and `_ = ctx`. Now resolves tenant from the same ctx and passes it through. Both surfaces share the storage tenant-context idiom used everywhere else, so coercion rules (empty → DefaultTenantID) stay consistent. Verified: go build ./... clean, go vet ./... clean, go test -race ./internal/{vectordb,api,mcp,graphrag,storage}/... clean. Co-Authored-By: Paperclip <noreply@paperclip.ing> --------- Co-authored-by: Paperclip <noreply@paperclip.ing>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps filippo.io/edwards25519 from 1.1.0 to 1.1.1.
Commits
d1c650aextra: initialize receiver in MultiScalarMultDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.