fix(warp-core): reject unrecoverable provider evidence before install#681
Conversation
|
Warning Review limit reached
Next review available in: 51 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (2)
📝 WalkthroughWalkthroughProvider contract evidence validation is centralized and applied during trusted installation before engine index mutation. Malformed package, operation, and Target IR identities produce typed failures, with regression tests, documentation, changelog entries, and local verification feature wiring updated accordingly. ChangesProvider evidence validation
Estimated code review effort: 3 (Moderate) | ~30 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@docs/topics/WAL.md`:
- Around line 72-76: Update docs/topics/WAL.md lines 72-76 to narrow the “every
field” claim to package-reference and operation/Target-IR structural validation,
and state that reserved operation IDs are rejected during proposal construction
rather than installation preparation. Update docs/topics/security/ThreatModel.md
lines 299-301 to scope the retained-evidence decoder’s structural law to only
the validators reused during installation; no code changes are needed.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: 32a0ac23-2138-4e02-8a62-d621f61f7b9d
📒 Files selected for processing (11)
CHANGELOG.mdREADME.mdcrates/warp-core/README.mdcrates/warp-core/src/provider_contract.rscrates/warp-core/tests/provider_contract_admission_tests.rsdocs/architecture/application-contract-hosting.mddocs/topics/GeneratedRules.mddocs/topics/WAL.mddocs/topics/security/ThreatModel.mdscripts/verify-local.shtests/hooks/test_verify_local.sh
Summary
This addresses the unresolved provider installation/WAL recoverability finding from #678.
Executable claim
Every provider evidence identity accepted for installation and capable of entering a receipt or WAL record is lawful under the same structural validation required during recovery.
The new witness admits self-consistent malformed registries under exact policy equality, then proves installation fails with stable typed errors before package, operation, or writable-evidence indexes exist and without invoking provider callbacks.
Evidence
Compatibility and authority
Documentation
Updated the existing architecture, Generated Rules, WAL, threat-model, crate/root entrances, API documentation, and changelog. The documentation-accuracy audit found no stale current-state claims in the relevant guide, docs map, invariants, specifications, or ADR 0015.
Summary by CodeRabbit
Bug Fixes
Documentation
Tests