didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 15 Actions Packages Projects Releases Wiki Activity

PRD 0037: Pipelock YAML Render Contract #133

Merged
didericis merged 3 commits from prd-0037-pipelock-yaml-contract into main 2026-06-02 04:19:02 -04:00
Conversation 3 Commits 3 Files Changed 3
+415 -10
didericis-codex commented 2026-06-02 04:00:57 -04:00
Collaborator
Copy Link
Copy Source

Closes #130.

Parent hotspot review: #117.

PRD: f95ef0c446/docs/prds/0037-pipelock-yaml-render-contract.md

Summary

Implements the pipelock YAML render contract PRD. The hand-rendered YAML path now validates the narrow structured config shape before rendering and fails with plain ValueError messages that name the malformed section/key.

Implementation

  • Defines the supported pipelock render shape in validation helpers.
  • Validates required top-level, section, scalar, and list fields before rendering.
  • Rejects unsupported top-level/section keys instead of silently rendering drifted configs.
  • Keeps optional compatibility for parsed running configs that omit request_body_scanning.scan_headers, request_body_scanning.header_mode, or tls_interception.passthrough_domains.
  • Adds semantic render tests using the repo YAML-subset parser for minimal, TLS, SSRF, and all-optional-section configs.
  • Adds malformed-config tests for missing keys, wrong section types, wrong list item types, and unsupported sections.

Verification

  • python3 -m unittest tests.unit.test_pipelock_yaml
  • python3 -m unittest tests.unit.test_pipelock_allowlist
  • python3 -m unittest tests.unit.test_pipelock_apply
  • python3 -m py_compile bot_bottle/pipelock.py
  • git diff --check
  • python3 -m unittest discover -s tests/unit

Changes (3 commits)

  • docs(prd): add pipelock yaml contract
  • fix(pipelock): validate yaml render config
  • complete(prd): mark PRD 0037 active
Closes #130. Parent hotspot review: #117. PRD: https://gitea.dideric.is/didericis/bot-bottle/src/commit/f95ef0c4468827d37d0e0170a41d2096c6cb4a3b/docs/prds/0037-pipelock-yaml-render-contract.md ## Summary Implements the pipelock YAML render contract PRD. The hand-rendered YAML path now validates the narrow structured config shape before rendering and fails with plain `ValueError` messages that name the malformed section/key. ## Implementation - Defines the supported pipelock render shape in validation helpers. - Validates required top-level, section, scalar, and list fields before rendering. - Rejects unsupported top-level/section keys instead of silently rendering drifted configs. - Keeps optional compatibility for parsed running configs that omit `request_body_scanning.scan_headers`, `request_body_scanning.header_mode`, or `tls_interception.passthrough_domains`. - Adds semantic render tests using the repo YAML-subset parser for minimal, TLS, SSRF, and all-optional-section configs. - Adds malformed-config tests for missing keys, wrong section types, wrong list item types, and unsupported sections. ## Verification - `python3 -m unittest tests.unit.test_pipelock_yaml` - `python3 -m unittest tests.unit.test_pipelock_allowlist` - `python3 -m unittest tests.unit.test_pipelock_apply` - `python3 -m py_compile bot_bottle/pipelock.py` - `git diff --check` - `python3 -m unittest discover -s tests/unit` ## Changes (3 commits) - `docs(prd): add pipelock yaml contract` - `fix(pipelock): validate yaml render config` - `complete(prd): mark PRD 0037 active`
didericis commented 2026-06-02 04:04:05 -04:00
Owner
Copy Link
Copy Source

I think ValueError is fine to start out with/don't see a reason for a more specific error yet. Could be one for the dashboard in the future if we want to prompt an editor to open, but the dashboard design could change.

I think `ValueError` is fine to start out with/don't see a reason for a more specific error yet. Could be one for the dashboard in the future if we want to prompt an editor to open, but the dashboard design could change.
didericis force-pushed prd-0037-pipelock-yaml-contract from b550f5d06f to 47b75030ee 2026-06-02 04:10:01 -04:00 Compare
didericis-codex commented 2026-06-02 04:11:27 -04:00
Author
Collaborator
Copy Link
Copy Source

Acknowledged. I’ll keep the render contract failure as a plain ValueError for now and avoid adding a dedicated exception type in this PR.

Acknowledged. I’ll keep the render contract failure as a plain `ValueError` for now and avoid adding a dedicated exception type in this PR.
didericis added 1 commit 2026-06-02 04:14:49 -04:00
docs(prd): add pipelock yaml contract
test / unit (pull_request) Successful in 31s
Details
test / integration (pull_request) Successful in 42s
Details
9185c145a1
didericis force-pushed prd-0037-pipelock-yaml-contract from 47b75030ee to 9185c145a1 2026-06-02 04:14:49 -04:00 Compare
didericis added 2 commits 2026-06-02 04:15:36 -04:00
fix(pipelock): validate yaml render config 6e954da9b7
complete(prd): mark PRD 0037 active
test / unit (pull_request) Successful in 33s
Details
test / integration (pull_request) Successful in 44s
Details
test / unit (push) Successful in 29s
Details
test / integration (push) Successful in 47s
Details
f95ef0c446
didericis approved these changes 2026-06-02 04:16:21 -04:00
didericis merged commit f95ef0c446 into main 2026-06-02 04:19:02 -04:00
didericis deleted branch prd-0037-pipelock-yaml-contract 2026-06-02 04:19:02 -04:00
Sign in to join this conversation.
Reviewers
No Reviewers
didericis
Labels
Clear labels
Compat/Breaking
Breaking change that won't be backward compatible
 Kind/Bug
Something is not working
 Kind/Documentation
Documentation changes
 Kind/Enhancement
Improve existing functionality
 Kind/Feature
New functionality
 Kind/Security
This is security issue
 Kind/Testing
Issue or pull request related to testing
Priority
Critical
1
The priority is critical
Priority
High
2
The priority is high
Priority
Low
4
The priority is low
Priority
Medium
3
The priority is medium
Reviewed
Confirmed
1
Issue has been confirmed
Reviewed
Duplicate
2
This issue or pull request already exists
Reviewed
Invalid
3
Invalid issue
Reviewed
Won't Fix
3
This issue won't be fixed
Status
Abandoned
3
Somebody has started to work on this but abandoned work
Status
Blocked
1
Something is blocking this issue or pull request
Status
Need More Info
2
Feedback is required to reproduce issue or to continue work
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
didericis-claude (didericis (claude)) didericis-codex (didericis (codex)) didericis-gemma (gemma) didericis
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: didericis/bot-bottle#133
Delete Branch "prd-0037-pipelock-yaml-contract"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?