feat(cf): degraded-aware CF snapshot (don't act on a partial view)#282
Merged
Conversation
build_cf_state did three CF list calls (tunnels/dns/apps) with `?`, so a single flaky endpoint blanked the entire snapshot (cf_api_reachable=false, empty everything) — indistinguishable from "account is empty". That's also unsafe ground for the upcoming reconcile: a partial CF read would manufacture false orphans/missing. Make each list call independently fallible; collect which sub-fetches failed. Add `degraded` (any sub-fetch failed → cf_state is partial) and `cf_fetch_errors` to the snapshot. `cf_api_reachable` now means "at least one call returned"; drift is computed only on a complete view (`reachable && !degraded`). This is the guardrail the operator-gated reconcile will require — it must refuse to mutate in a degraded state. Snapshot JSON gains two backward-compatible fields; the iOS Manage view can surface "CF partially unreachable" instead of a misleading empty diff. compute_drift and its tests are unchanged. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
DD preview readyURL: https://pr-282.devopsdefender.com Browser login: visit https://pr-282.devopsdefender.com — DD redirects you to Machine-to-machine: GitHub Actions workflows in the Register endpoint for a local agent: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR-2 of the CF-reconcile arc.
Why
build_cf_statemade three CF list calls (tunnels / dns / apps) with?, so a single flaky endpoint blanked the entire snapshot (cf_api_reachable=false, everything empty) — indistinguishable from "account is empty". It's also unsafe ground for reconcile: a partial CF read would manufacture false orphans/missing and could drive bad deletes.What
degraded(any sub-fetch failed →cf_stateis partial) andcf_fetch_errors(which ones).cf_api_reachablenow means "at least one call returned"; drift is computed only on a complete view (reachable && !degraded).Snapshot JSON gains two backward-compatible fields (the iOS Manage view can show "CF partially unreachable" instead of a misleading empty diff).
compute_driftand its unit tests are unchanged.Validation
cargo fmtclean; compiles locally (only the unrelated macOSsessiond.rserrors; CI builds musl)./admin/cf/snapshotreturns the new fields withdegraded:falsein the normal case.🤖 Generated with Claude Code