fix(runtime): serve hardening — guard/reset auth, os NameError, wrist kwarg#237
Open
rylinjames wants to merge 2 commits into
Open
fix(runtime): serve hardening — guard/reset auth, os NameError, wrist kwarg#237rylinjames wants to merge 2 commits into
rylinjames wants to merge 2 commits into
Conversation
… kwarg
Audit §3.2. Three independent runtime bugs in server.py:
1. /guard/reset was unauthenticated — anyone reachable could clear a tripped
safety guard, while /act and /config require the api key. Added the same
`_auth: None = Depends(_require_api_key)` dependency.
2. NameError: os in create_app's lifespan — the function imports `os as _os`,
but the curate block read `os.environ.get("TETHER_CURATE_DRY_RUN")` (bare
os), raising NameError (swallowed) whenever a user opted into curate
uploads. Fixed to _os.environ. Verified no bare `os.` remains in the fn.
3. image_wrist_b64 kwarg TypeError — the /act path calls
server.predict_from_base64_async(image_wrist_b64=...), but the TetherServer
base class only accepted (image_b64, instruction, state), so every
wrist-camera request to a single-camera model raised TypeError.
Pi05DecomposedServer already accepts + uses it. Added the param to the base
class's predict_from_base64[_async]; the single-camera base drops the wrist
image with a debug log (not silently) — multi-camera VLAs route to the
decomposed server that consumes it.
Tests: tests/test_runtime_serve_hardening.py (9) — guard_reset auth via route
introspection + TestClient 401/200; no-bare-os scan + compile; wrist-kwarg
signature + live-call + cross-class checks. All pass.
Implemented by a Sonnet subagent against a verified spec; reviewed + the
wrist-drop debug log added on review.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The runtime serve hardening test suite used an absolute macOS checkout path for server.py, which made GitHub CI fail on Linux runners. Resolve server.py relative to the test file instead and clean up the test imports so the new test file is ruff-clean. Tests: PYTHONPATH=src /Users/romirjain/Desktop/building\ projects/fastcrest/tether/.venv/bin/python -m pytest tests/test_runtime_serve_hardening.py -p no:cacheprovider Lint: PYTHONPATH=src /Users/romirjain/Desktop/building\ projects/fastcrest/tether/.venv/bin/ruff check tests/test_runtime_serve_hardening.py Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Audit §3.2 — three independent runtime bugs in
server.py./guard/resetunauthenticated — anyone reachable could clear a tripped safety guard (while/act//configneed the key)Depends(_require_api_key)NameError: osin thecreate_applifespan — fn importsos as _osbut the curate block read bareos.environ→ swallowed NameError when a user opted into curate uploadsos.→_os.; verified none remainimage_wrist_b64kwarg TypeError —/actpasses it but theTetherServerbase class didn't accept it → every wrist-camera request to a single-cam model 500'dPi05DecomposedServerwhich consumes it)Tests:
tests/test_runtime_serve_hardening.py(9) — guard_reset auth via route introspection + TestClient 401/200; no-bare-osscan + compile; wrist-kwarg signature + live-call + cross-class checks. All pass.Implemented by a Sonnet subagent against a verified spec; reviewed, and the wrist-drop debug log added on review (no silent fallback).
🤖 Generated with Claude Code