Skip to content

Backlog/v12 soar command execution#2330

Closed
AlexSanchez-bit wants to merge 2 commits into
release/v12.0.0from
backlog/v12_soar_command_execution
Closed

Backlog/v12 soar command execution#2330
AlexSanchez-bit wants to merge 2 commits into
release/v12.0.0from
backlog/v12_soar_command_execution

Conversation

@AlexSanchez-bit

Copy link
Copy Markdown
Contributor

No description provided.

@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown

🛑 AI review — Engineer review required

This PR touches critical paths or introduces changes the model cannot judge with sufficient confidence. @Kbayero @osmontero please review.

🛑 architecture (gemini-3-flash-lite) — blocking — must fix before merge

Summary: Breaking change to the SOAR command WebSocket protocol, requiring synchronized frontend and backend updates.

  • high backend/modules/soar/handler/command_ws.go:85 — Protocol change: 'done' message replaced with 'ready'. This breaks compatibility with any existing frontend clients or external integrations expecting the legacy protocol.
  • high backend/modules/soar/handler/command_ws.go:130 — Architectural shift from ephemeral (one-command-per-connection) to persistent WebSocket sessions. This changes the state management model for the SOAR command stream.
  • medium frontend/src/features/datasources/services/agent-console.ts:35 — The protocol change forces a synchronized deployment. Because the backend no longer closes the connection after a command, older frontend versions will hang or fail to process command completion.

🛑 bugs (gemini-3-flash-lite) — blocking — must fix before merge

Summary: The backend handler fails to read the initial command payload, causing the WebSocket to hang or fail immediately upon connection.

  • high backend/modules/soar/handler/command_ws.go:127 — The loop starts by reading a command, but the client (AgentConsole.tsx) never sends the initial command payload after opening the socket. The backend will block on wsjson.Read indefinitely, and the client will never receive a 'ready' signal to start sending commands.

🛑 security (gemini-3-flash-lite) — blocking — must fix before merge

Summary: Refactored WebSocket command stream to a persistent session model; touches authentication/authorization flow and command execution logic.

  • medium backend/modules/soar/handler/command_ws.go:132 — The refactored CommandStream loop removes the initial request validation that previously occurred before entering the command loop. While the loop now reads requests, ensure that the agentID and session context are strictly validated for every command received to prevent potential command injection or unauthorized execution if the session is hijacked.

@utmstackprapprover utmstackprapprover Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes requested — AI review found blocking issues (high/critical, or engineer review required). See above.

@AlexSanchez-bit AlexSanchez-bit deleted the backlog/v12_soar_command_execution branch July 7, 2026 17:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant