Release hardening: telemetry transport preflight + bundling reliability#23
Release hardening: telemetry transport preflight + bundling reliability#23
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f312df9a84
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if self._tls_cert_pins: | ||
| observed = validate_server_certificate_pin( | ||
| cloud_ingest_url=self.cloud_ingest_url, |
There was a problem hiding this comment.
_send_batch is async but it directly calls validate_server_certificate_pin, which performs blocking socket/TLS I/O (socket.create_connection in services/telemetry/transport.py) before the httpx request. When TELEMETRY_TLS_CERT_SHA256_PINS is enabled, each export attempt can block the FastAPI event loop for up to the probe timeout, delaying unrelated request handling and health checks under network latency or endpoint stalls.
Useful? React with 👍 / 👎.
| """ | ||
| if retention_days <= 0: | ||
| return 0 | ||
| cutoff_iso = (_utc_now_naive() - timedelta(days=int(retention_days))).isoformat() |
There was a problem hiding this comment.
This purge path compares text timestamps, but cutoff_iso is generated with ISO T separators while legacy created_at values come from SQLite CURRENT_TIMESTAMP (YYYY-MM-DD HH:MM:SS). In COALESCE(last_success_at, created_at) < ?, mixed formats can mis-order rows on the same date (space sorts before T), so migrated SENT rows with null last_success_at can be deleted earlier than the configured retention window.
Useful? React with 👍 / 👎.
| def __init__( | ||
| self, | ||
| db_path: str = ".sentinelid/audit.db", | ||
| keychain_dir: str = ".sentinelid/keys", |
There was a problem hiding this comment.
Audit payload encryption now depends on keychain_dir, but the constructor default hardcodes .sentinelid/keys; production wiring still instantiates AuditRepository() without passing settings. In deployments that set SENTINELID_KEYCHAIN_DIR, audit rows are encrypted with a different key location than the rest of the app (and delete-identity cleanup), which can make encrypted audit rows unreadable after restarts/rotations.
Useful? React with 👍 / 👎.
1 participant
Summary
RUN_TELEMETRY_TRANSPORT_PREFLIGHT=1.cv2is healthy.Validation
make check-telemetry-transportSKIP_DESKTOP_BUILD=1 ./scripts/smoke_test_bundling.shmake demomake release-checkTracking
mainvia this PR.v2.3.7.