sandbox,server: surface per-path L7 escalations as fresh draft chunks#1
Open
dkaygithub wants to merge 1 commit into
Open
sandbox,server: surface per-path L7 escalations as fresh draft chunks#1dkaygithub wants to merge 1 commit into
dkaygithub wants to merge 1 commit into
Conversation
dkaygithub
force-pushed
the
l7-per-path-escalations
branch
from
e0d40de to
0680295
Compare
Post-approval L7 (HTTP method/path) denials were vanishing instead of reaching a reviewer. Wire them through to a fresh, reviewable draft chunk while keeping straggler-flush noise suppressed. - sandbox: wire L7 relay denials into the denial aggregator. L7EvalContext gains a denial_tx channel; every L7 deny (request-log and forward paths) emits a DenialEvent carrying the observed method/path, feeding the same observation-driven analysis as connect-stage denials so mechanistic proposals can be path-aware. - server persistence: clear dedup_key when a chunk is decided (sqlite + postgres). New observations for the same host|port|binary then surface as a fresh pending chunk instead of folding their hit_count, through the status-blind submit upsert, into a row the reviewer already acted on. - server: make the post-approval mechanistic self-reject sweep L7-evidence-aware. A resubmit asking for nothing beyond the union of the approved grants for that endpoint still self-rejects (noise suppression); a submission carrying method/path asks OUTSIDE the approved grants stays pending for review. Path coverage uses a conservative glob matcher (* = one segment, ** trailing only, unknown shapes fall back to exact equality) so ambiguity errs toward surfacing a card. - server: gate the self-reject sweep on a live-policy probe (policy_covers_rule). Approved chunk records outlive the clauses they merged (a temporary grant expiring via RemoveBinary, or a manual --remove-rule); trusting the record alone would auto-reject every future denial for that endpoint, leaving it permanently un-reviewable. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
dkaygithub
force-pushed
the
l7-per-path-escalations
branch
from
0680295 to
e13242a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Post-approval L7 (HTTP method/path) denials were vanishing instead of reaching a reviewer. This surfaces them as fresh, reviewable draft chunks while suppressing straggler-flush noise.
denial_txonL7EvalContext) carrying the observed method/path, so mechanistic proposals are path-aware — same observation-driven path as connect-stage denials.dedup_keyon chunk decision (sqlite + postgres) and backfill already-decided rows via migration 006. Post-decision denials form a fresh pending chunk instead of silently folding theirhit_countinto a row the reviewer already acted on.*= one segment,**trailing only, unknown shapes → exact equality).policy_covers_rule) so an expired temporary grant / removed clause doesn't auto-reject every future denial and leave the endpoint permanently un-reviewable.Test plan
cargo test -p openshell-supervisor-network— 300 L7 tests +l7_deny_emits_denial_event_with_method_and_pathpasscargo test -p openshell-server—mechanistic_*(incl. ghost-approval/rule-removal) +l7_path_covers_glob_semantics, 7 tests passcargo checkclean against current upstream/mainNotes
Staging PR within the fork (base
dkaygithub:main, freshly mirrored to upstream). Not for upstream submission yet. Three original commits (40455dd8,8c5c19c2,cc7a01d3) squashed into one and rebased onto upstream PR NVIDIA#1650's crate split (openshell-sandbox→openshell-supervisor-network).🤖 Generated with Claude Code