Skip to content

fix(signals): validate repository before returning cached burden forecasts#516

Merged
JSONbored merged 2 commits into
mainfrom
codex/fix-orphaned-burden-forecasts-exposure
Jun 10, 2026
Merged

fix(signals): validate repository before returning cached burden forecasts#516
JSONbored merged 2 commits into
mainfrom
codex/fix-orphaned-burden-forecasts-exposure

Conversation

@JSONbored

@JSONbored JSONbored commented Jun 9, 2026

Copy link
Copy Markdown
Owner

Motivation

  • Prevent leaking stale or orphaned burden forecast snapshots for repositories that no longer exist or are not registered.
  • Ensure cached forecasts are only returned when the canonical repository record is present and authorized.

Description

  • In loadOrComputeBurdenForecastResponse validate the repository first with getRepository(env, fullName) and return null when the repo is unknown.
  • Use the repository's canonical repo.fullName for the cached getBurdenForecast lookup, response metadata, and all bounded listers used when computing a forecast.
  • Add a unit regression test that seeds an orphaned burden_forecasts row and asserts the service does not expose it.
  • Adjust the malformed-timestamp unit test to register the repository before inserting the cached forecast so stale-timestamp behavior remains covered.

Testing

  • Ran npm test -- test/unit/burden-forecast.test.ts and the unit suite passed.
  • Ran npm run typecheck (tsc --noEmit) and type checking completed successfully.

Codex Task

@dosubot dosubot Bot added the size:S This PR changes 10-29 lines, ignoring generated files. label Jun 9, 2026
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jun 9, 2026
edited
Loading

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs		 gittensory-ui df2af0a Commit Preview URL

Branch Preview URL		 Jun 10 2026, 05:46 AM

@gittensory

gittensory Bot commented Jun 9, 2026
edited
Loading

Copy link
Copy Markdown

Note

Gittensory Gate skipped

PR closed before full evaluation. No late first comment was created.

Signal Result Evidence Action
Gate result ⚠️ Skipped #516 is no longer open. No action.

Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.

@github-actions github-actions Bot added the gittensor:bug Gittensor-scored bug fix label Jun 9, 2026
@gittensory gittensory Bot added the gittensory:reviewed Gittensor contributor context label Jun 9, 2026
@superagent-security

superagent-security Bot commented Jun 9, 2026

Copy link
Copy Markdown

Superagent didn't find any vulnerabilities or security issues in this PR.

@JSONbored JSONbored self-assigned this Jun 10, 2026
@JSONbored JSONbored force-pushed the codex/fix-orphaned-burden-forecasts-exposure branch from 65f6382 to 662982b Compare June 10, 2026 05:42
@JSONbored JSONbored merged commit fe361a0 into main Jun 10, 2026
10 checks passed
@JSONbored JSONbored deleted the codex/fix-orphaned-burden-forecasts-exposure branch June 10, 2026 05:47
@github-project-automation github-project-automation Bot moved this from Todo to Done in gittensory - v1 roadmap Jun 10, 2026
@JSONbored JSONbored added the gittensor:feature Gittensor-scored feature linked to a feature issue label Jun 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@JSONbored JSONbored

Labels

gittensor:bug Gittensor-scored bug fix gittensor:feature Gittensor-scored feature linked to a feature issue gittensory:reviewed Gittensor contributor context size:S This PR changes 10-29 lines, ignoring generated files.

Projects

gittensory - v1 roadmap
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@JSONbored