feat: add NetworkConsistencyChecker for managed publisher networks#539
Merged
feat: add NetworkConsistencyChecker for managed publisher networks#539
Conversation
) Validates adagents.json deployment health across managed domains by detecting orphaned/stale/missing pointers, schema errors, and unreachable agent endpoints. Includes SSRF protection, response size limits, and a CLI command (adcp check-network). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Use Buffer.byteLength instead of text.length for response size limit - Add 8 new tests: redirect edge cases (self-referential, non-HTTPS, one-hop follow), constructor validation, domains-only fallback, subdomain extraction, 405 agent health, tightened assertions - Organize tests into nested describe blocks Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add checkedAt (ISO 8601) timestamp to NetworkCheckReport - Add summary object with pre-computed counts (totalIssues, etc.) - Check Content-Length header before reading response body to prevent OOM - Add onProgress callback for long-running checks across many domains - Wire progress into CLI (stderr output during check phases) - CLI now uses report.summary instead of recomputing counts Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This was referenced Apr 15, 2026
Closed
Replace redirect: 'error' with redirect: 'manual' + validated one-hop following in fetchJson and probeAgent. CDN 301 redirects (e.g. bare domain to www) no longer cause false missing_pointer results. Security: redirect targets are validated by validateAgentUrl() and must use HTTPS. Missing Location headers produce explicit errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
CodeQL flagged urlStr.includes('www.example.com') as an incomplete URL
substring sanitization. Switched to exact equality check since this is
a test mock dispatching on known URLs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #536
NetworkConsistencyCheckerclass that validates managed publisher network deployments by detecting five failure modes: orphaned pointers, stale pointers, missing pointers, schema errors, and unreachable agent endpointsadcp check-networkCLI command with--url,--domains,--json,--concurrency, and--timeoutflagsvalidateAgentUrl(), response size limits (1MB), HTTP redirect blocking, error message sanitization, and concurrency cappingTest plan
npm run buildcompiles cleanlyadcp check-network --helpdisplays usage🤖 Generated with Claude Code