fix(handlers): add missing log import to container_files.go

log.Printf is called at line 35 but "log" was not in the import block, causing a compile failure. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
fix(handlers): log DB Scan errors previously silently ignored (3 files)
2026-05-15 05:46:57 +00:00 · 2026-05-15 03:16:07 +00:00
7 changed files with 62 additions and 61 deletions
@@ -118,19 +118,17 @@ _DIRECTIVE_RE = re.compile(
 def parse_directives(
    comment_body: str,
    numeric_aliases: dict[int, str],
-) -> tuple[list[tuple[str, str, str]], list]:
+) -> list[tuple[str, str, str]]:
    """Extract /sop-ack and /sop-revoke directives from a comment body.

-    Returns (directives, na_directives) where:
-      directives is a list of (kind, canonical_slug, note) tuples
-        kind is "sop-ack" or "sop-revoke"
-        canonical_slug is the normalized form (or "" if unparseable)
-        note is the trailing free-text (may be "")
-      na_directives is reserved for future N/A handling (always [] for now)
+    Returns a list of (kind, canonical_slug, note) tuples where:
+      kind is "sop-ack" or "sop-revoke"
+      canonical_slug is the normalized form (or "" if unparseable)
+      note is the trailing free-text (may be "")
    """
    out: list[tuple[str, str, str]] = []
    if not comment_body:
-        return out, []
+        return out
    for m in _DIRECTIVE_RE.finditer(comment_body):
        kind = m.group(1)
        raw_slug = (m.group(2) or "").strip()
@@ -161,7 +159,7 @@ def parse_directives(
        # If we collapsed multi-word slug into kebab and there's a
        # trailing-text group too, append it.
        out.append((kind, canonical, note_from_group))
-    return out, []
+    return out


 # ---------------------------------------------------------------------------
@@ -251,8 +249,7 @@ def compute_ack_state(
        user = (c.get("user") or {}).get("login", "")
        if not user:
            continue
-        directives, _na = parse_directives(body, numeric_aliases)
-        for kind, slug, _note in directives:
+        for kind, slug, _note in parse_directives(body, numeric_aliases):
            if not slug:
                unparseable_per_user[user] = unparseable_per_user.get(user, 0) + 1
                continue
@@ -133,6 +133,7 @@ jobs:
  # the name match works on PRs that don't touch workspace-server/).
  platform-build:
    name: Platform (Go)
+    needs: changes
    runs-on: ubuntu-latest
    # mc#774 (closed 2026-05-14): Phase 4 flip of the platform-build job.
    # Phase 4 (#656) originally flipped this to continue-on-error: false based on
@@ -153,29 +154,29 @@ jobs:
      run:
        working-directory: workspace-server
    steps:
-      - if: false
+      - if: needs.changes.outputs.platform != 'true'
        working-directory: .
        run: echo "No platform/** changes — skipping real build steps; this job always runs to satisfy the required-check name on branch protection."
-      - if: always()
+      - if: needs.changes.outputs.platform == 'true'
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - if: always()
+      - if: needs.changes.outputs.platform == 'true'
        uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5
        with:
          go-version: 'stable'
-      - if: always()
+      - if: needs.changes.outputs.platform == 'true'
        run: go mod download
-      - if: always()
+      - if: needs.changes.outputs.platform == 'true'
        run: go build ./cmd/server
      # CLI (molecli) moved to standalone repo: git.moleculesai.app/molecule-ai/molecule-cli
-      - if: always()
+      - if: needs.changes.outputs.platform == 'true'
        run: go vet ./...
-      - if: always()
+      - if: needs.changes.outputs.platform == 'true'
        name: Install golangci-lint
        run: go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.12.2
-      - if: always()
+      - if: needs.changes.outputs.platform == 'true'
        name: Run golangci-lint
        run: $(go env GOPATH)/bin/golangci-lint run --timeout 3m ./...
-      - if: always()
+      - if: needs.changes.outputs.platform == 'true'
        name: Diagnostic — per-package verbose 60s
        run: |
          set +e
@@ -191,7 +192,7 @@ jobs:
          echo "::endgroup::"
        # mc#774: pre-existing continue-on-error mask; root-fix and remove, do not renew silently.
        continue-on-error: true
-      - if: always()
+      - if: needs.changes.outputs.platform == 'true'
        name: Run tests with race detection and coverage
        # Explicit timeout: cold runner cache causes OOM kills at ~4m39s on the
        # full ./... suite with race detection + coverage. A 10m per-step timeout
@@ -199,7 +200,7 @@ jobs:
        # instead of OOM-killing. The job-level timeout (15m) is a backstop.
        run: go test -race -timeout 10m -coverprofile=coverage.out ./...

-      - if: always()
+      - if: needs.changes.outputs.platform == 'true'
        name: Per-file coverage report
        # Advisory — lists every source file with its coverage so reviewers
        # can see at-a-glance where gaps are. Sorted ascending so the worst
@@ -213,7 +214,7 @@ jobs:
                   END {for (f in s) printf "%6.1f%%  %s\n", s[f]/c[f], f}' \
            | sort -n

-      - if: always()
+      - if: needs.changes.outputs.platform == 'true'
        name: Check coverage thresholds
        # Enforces two gates from #1823 Layer 1:
        #   1. Total floor (25% — ratchet plan in COVERAGE_FLOOR.md).
@@ -301,28 +302,28 @@ jobs:
  # siblings — verified empirically on PR #2314).
  canvas-build:
    name: Canvas (Next.js)
+    needs: changes
    runs-on: ubuntu-latest
-    timeout-minutes: 20
    # Phase 4 (RFC #219 §1): confirmed green on main 2026-05-12.
    continue-on-error: false
    defaults:
      run:
        working-directory: canvas
    steps:
-      - if: false
+      - if: needs.changes.outputs.canvas != 'true'
        working-directory: .
        run: echo "No canvas/** changes — skipping real build steps; this job always runs to satisfy the required-check name on branch protection."
-      - if: always()
+      - if: needs.changes.outputs.canvas == 'true'
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - if: always()
+      - if: needs.changes.outputs.canvas == 'true'
        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with:
          node-version: '22'
-      - if: always()
+      - if: needs.changes.outputs.canvas == 'true'
        run: rm -f package-lock.json && npm install
-      - if: always()
+      - if: needs.changes.outputs.canvas == 'true'
        run: npm run build
-      - if: always()
+      - if: needs.changes.outputs.canvas == 'true'
        name: Run tests with coverage
        # Coverage instrumentation is configured in canvas/vitest.config.ts
        # (provider: v8, reporters: text + html + json-summary). Step 2 of
@@ -331,7 +332,7 @@ jobs:
        # tracked in #1815) after the team sees what current coverage is.
        run: npx vitest run --coverage
      - name: Upload coverage summary as artifact
-        if: always()
+        if: needs.changes.outputs.canvas == 'true' && always()
        # Pinned to v3 for Gitea act_runner v0.6 compatibility — v4+ uses
        # the GHES 3.10+ artifact protocol that Gitea 1.22.x does NOT
        # implement, surfacing as `GHESNotSupportedError: @actions/artifact
@@ -149,18 +149,17 @@ func (h *ChannelHandler) Create(c *gin.Context) {
 		return
 	}

-	configJSON, mErr := json.Marshal(body.Config)
-	if mErr != nil {
-		log.Printf("Channels Create: marshal config for workspace %s: %v", workspaceID, mErr)
-		c.JSON(http.StatusInternalServerError, gin.H{"error": "marshal config failed"})
-		return
-	}
-	allowedJSON, mErr := json.Marshal(body.AllowedUsers)
-	if mErr != nil {
-		log.Printf("Channels Create: marshal allowed_users for workspace %s: %v", workspaceID, mErr)
-		c.JSON(http.StatusInternalServerError, gin.H{"error": "marshal allowed_users failed"})
+	// #319: encrypt sensitive fields (bot_token, webhook_secret) before
+	// persisting so a DB read/backup leak can't recover the credentials.
+	// Validation above ran against plaintext; storage is ciphertext.
+	if err := channels.EncryptSensitiveFields(body.Config); err != nil {
+		log.Printf("Channels: encrypt config failed for workspace %s: %v", workspaceID, err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "encrypt failed"})
 		return
 	}
+
+	configJSON, _ := json.Marshal(body.Config)
+	allowedJSON, _ := json.Marshal(body.AllowedUsers)
 	enabled := true
 	if body.Enabled != nil {
 		enabled = *body.Enabled
@@ -210,26 +209,16 @@ func (h *ChannelHandler) Update(c *gin.Context) {
 		// #319: re-encrypt sensitive fields on every config update — the
 		// PATCH body carries plaintext (client already had them plaintext in
 		// List response's unmasked path or typed fresh).
-		if encErr := channels.EncryptSensitiveFields(body.Config); encErr != nil {
-			log.Printf("Channels: encrypt update for workspace %s: %v", workspaceID, encErr)
+		if err := channels.EncryptSensitiveFields(body.Config); err != nil {
+			log.Printf("Channels: encrypt update for workspace %s: %v", workspaceID, err)
 			c.JSON(http.StatusInternalServerError, gin.H{"error": "encrypt failed"})
 			return
 		}
-		j, mErr := json.Marshal(body.Config)
-		if mErr != nil {
-			log.Printf("Channels Update: marshal config for channel %s: %v", channelID, mErr)
-			c.JSON(http.StatusInternalServerError, gin.H{"error": "marshal config failed"})
-			return
-		}
+		j, _ := json.Marshal(body.Config)
 		configArg = string(j)
 	}
 	if body.AllowedUsers != nil {
-		j, mErr := json.Marshal(body.AllowedUsers)
-		if mErr != nil {
-			log.Printf("Channels Update: marshal allowed_users for channel %s: %v", channelID, mErr)
-			c.JSON(http.StatusInternalServerError, gin.H{"error": "marshal allowed_users failed"})
-			return
-		}
+		j, _ := json.Marshal(body.AllowedUsers)
 		allowedArg = string(j)
 	}

@@ -6,6 +6,7 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"log"
 	"path/filepath"
 	"strings"

@@ -31,7 +32,9 @@ func (h *TemplatesHandler) findContainer(ctx context.Context, workspaceID string
 	}
 	// Also check by workspace name from DB
 	var wsName string
-	db.DB.QueryRowContext(ctx, `SELECT LOWER(REPLACE(name, ' ', '-')) FROM workspaces WHERE id = $1`, workspaceID).Scan(&wsName)
+	if err := db.DB.QueryRowContext(ctx, `SELECT LOWER(REPLACE(name, ' ', '-')) FROM workspaces WHERE id = $1`, workspaceID).Scan(&wsName); err != nil {
+		log.Printf("List: workspace name lookup for %s: %v", workspaceID, err)
+	}
 	if wsName != "" {
 		candidates = append(candidates, wsName)
 	}
@@ -166,7 +166,11 @@ func (h *MemoriesHandler) Commit(c *gin.Context) {
 	// GLOBAL scope: only root workspaces (no parent) can write
 	if body.Scope == "GLOBAL" {
 		var parentID *string
-		db.DB.QueryRowContext(ctx, `SELECT parent_id FROM workspaces WHERE id = $1`, workspaceID).Scan(&parentID)
+		if err := db.DB.QueryRowContext(ctx, `SELECT parent_id FROM workspaces WHERE id = $1`, workspaceID).Scan(&parentID); err != nil {
+			log.Printf("Commit: parent lookup for workspace %s: %v", workspaceID, err)
+			c.JSON(http.StatusInternalServerError, gin.H{"error": "workspace lookup failed"})
+			return
+		}
 		if parentID != nil {
 			c.JSON(http.StatusForbidden, gin.H{"error": "only root workspaces can write GLOBAL memories"})
 			return
@@ -278,7 +282,11 @@ func (h *MemoriesHandler) Search(c *gin.Context) {

 	// Get workspace info for access control
 	var parentID *string
-	db.DB.QueryRowContext(ctx, `SELECT parent_id FROM workspaces WHERE id = $1`, workspaceID).Scan(&parentID)
+	if err := db.DB.QueryRowContext(ctx, `SELECT parent_id FROM workspaces WHERE id = $1`, workspaceID).Scan(&parentID); err != nil {
+		// Non-critical: fall back to self-only team filter
+		log.Printf("Search: parent lookup for workspace %s: %v", workspaceID, err)
+		parentID = nil
+	}

 	// Try to generate a query embedding for semantic search.
 	// Falls back to the existing FTS/ILIKE path on failure or when no
@@ -287,7 +287,7 @@ func TestRenderCategoryRoutingYAML_StableOrdering(t *testing.T) {
 	if ai <= 0 || zi <= 0 || mi <= 0 {
 		t.Fatalf("could not locate all keys in output: %s", out)
 	}
-	if ai >= mi || mi >= zi {
+	if !(ai < mi && mi < zi) {
 		t.Errorf("keys not sorted: alpha=%d middle=%d zebra=%d, output:\n%s", ai, mi, zi, out)
 	}
 }
@@ -88,9 +88,12 @@ func (h *TokenHandler) Create(c *gin.Context) {

 	// Rate limit: max active tokens per workspace
 	var count int
-	db.DB.QueryRowContext(c.Request.Context(),
+	if err := db.DB.QueryRowContext(c.Request.Context(),
 		`SELECT COUNT(*) FROM workspace_auth_tokens WHERE workspace_id = $1 AND revoked_at IS NULL`,
-		workspaceID).Scan(&count)
+		workspaceID).Scan(&count); err != nil {
+		log.Printf("tokens: rate-limit count lookup for %s: %v", workspaceID, err)
+		count = 0 // fail open — a DB error should not block token creation
+	}
 	if count >= maxTokensPerWorkspace {
 		c.JSON(http.StatusTooManyRequests, gin.H{"error": fmt.Sprintf("maximum %d active tokens per workspace", maxTokensPerWorkspace)})
 		return
Author	SHA1	Message	Date
core-be	8dc9549dbb	fix(handlers): add missing log import to container_files.go log.Printf is called at line 35 but "log" was not in the import block, causing a compile failure. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-15 05:46:57 +00:00
fullstack-engineer	508a5976e8	fix(handlers): log DB Scan errors previously silently ignored (3 files) E2E API Smoke Test / E2E API Smoke Test (pull_request) Blocked by required conditions Details Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 18s Details Harness Replays / detect-changes (pull_request) Successful in 16s Details CI / Detect changes (pull_request) Successful in 45s Details Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 18s Details gate-check-v3 / gate-check (pull_request) Successful in 20s Details qa-review / approved (pull_request) Successful in 21s Details Handlers Postgres Integration / detect-changes (pull_request) Successful in 55s Details security-review / approved (pull_request) Successful in 22s Details Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 1m2s Details sop-tier-check / tier-check (pull_request) Successful in 22s Details lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m26s Details Harness Replays / Harness Replays (pull_request) Successful in 11s Details CI / Canvas (Next.js) (pull_request) Successful in 19s Details CI / Shellcheck (E2E scripts) (pull_request) Successful in 17s Details CI / Python Lint & Test (pull_request) Successful in 9s Details Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 11s Details CI / Platform (Go) (pull_request) Failing after 4m22s Details E2E API Smoke Test / detect-changes (pull_request) Failing after 11m15s Details Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Failing after 5m27s Details CI / Canvas Deploy Reminder (pull_request) Has been skipped Details CI / all-required (pull_request) Successful in 11s Details sop-checklist / all-items-acked (pull_request) [info tier:low] acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: comprehensive-testing, l Details tokens.go Create: COUNT query Scan error ignored — if DB fails, count=0, bypassing the per-workspace token rate limit. Now logs the error and fails open (DB errors should not block token creation). memories.go Commit: GLOBAL scope parent lookup Scan error ignored — if DB fails, workspace is incorrectly treated as root, allowing a forbidden GLOBAL write. Now returns 500 (fail closed, security-sensitive path). memories.go Search: parent lookup Scan error ignored — DB failure causes wrong TEAM-scope search results (self-only filter instead of team filter). Now logs and falls back to self-only (functional degradation, not security). container_files.go List: workspace name lookup Scan error ignored — now logs and continues (non-critical; container name candidates still tried). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-15 03:16:07 +00:00