feat: harden mediation, add state triggers/query, and enforce status consistency#2
Open
feat: harden mediation, add state triggers/query, and enforce status consistency#2
Conversation
This was referenced Mar 5, 2026
AlexU-A
commented
Mar 10, 2026
Contributor
Author
AlexU-A
left a comment
AlexU-A
left a comment
There was a problem hiding this comment.
Code Review: PR #2 — Mediation Hardening + Status Consistency
Reviewed the full diff. Summary:
Security (auth.ts + router.ts) — Solid
- Fail-closed on DB errors: catch block returns 503. Correct pattern.
- Session context matching: sessionMatchesRequestContext() checks userId + tenantId + apiKeyId. Closes cross-tenant session access vector.
- JWT subject validation: Validates payload.sub is non-empty string.
- Structured logging with request IDs, tenant context, durations.
Testing — Good Coverage (269 lines)
Covers: missing/invalid API key, fail-closed on DB unavailability, valid key context, missing bearer token, expired token, valid token, session context matching.
State Schema
customTriggers changed from string[] to CustomTriggerSchema. Breaking but acceptable pre-production.
Status Consistency + Gitleaks
Clean canonical status approach. Gitleaks switched to direct CLI.
No blocking issues found. Ready for CODEOWNER merge.
10 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary:\n- harden mediation auth/router with fail-closed behavior and tighter session scoping\n- add mediation auth middleware integration tests\n- add joyus-ai-state query_snapshots MCP tool\n- add custom config-driven file event triggers for snapshot capture\n- add canonical status registry, generator/verifier scripts, and CI status-consistency workflow\n- update README and ROADMAP to reference canonical status artifacts\n\nValidation:\n- status consistency verifier passes\n- spec governance check in joyus-ai passes\n- targeted tests passed in development worktree before branch cut