feat(metadata): support local metadata source#181
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughThis PR extends metadata fetching in ChangesLocal Metadata Fetch and Signature Verification
Estimated code review effort: 3 (Moderate) | ~25 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Deploying soar-docs with
|
| Latest commit: |
79a57a6
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://ba35595b.soar-docs.pages.dev |
| Branch Preview URL: | https://feat-metadata-local-source.soar-docs.pages.dev |
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
crates/soar-registry/src/metadata.rs (1)
214-227: 🎯 Functional Correctness | 🔵 Trivial | 💤 Low value
file://parsing ignores a possible authority/host component.
strip_prefix("file://")leaves the authority in the remainder, so an input likefile://localhost/srv/repo/metadata.sdb.zstdyieldslocalhost/srv/..., whichresolve_pathtreats as relative and joins against the CWD — resolving to the wrong location instead of/srv/.... UsingUrl::parse(...).and_then(|u| u.to_file_path().ok())for thefile://branch would handle the authority and percent-encoding correctly.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@crates/soar-registry/src/metadata.rs` around lines 214 - 227, The file URL handling in local_metadata_path currently strips the file:// prefix manually, which leaves any authority/host portion in the path and can resolve file://localhost/... incorrectly as a relative path. Update the file:// branch in local_metadata_path to parse the URL with Url::parse and convert it with to_file_path so authority components and percent-encoding are handled correctly, while keeping the existing resolve_path behavior for non-file local paths.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@crates/soar-registry/src/metadata.rs`:
- Around line 150-164: The URL validation in `metadata.rs` currently only warns
for `http` in the `parsed_url.scheme()` match, which still allows
unauthenticated metadata fetches. Update this branch to reject `http` unless
`Repository::signature_verification()` is enabled and a pubkey is configured,
using the existing `repo`/`parsed_url` checks in the same match flow. Also
revise the `RegistryError::InsecureUrl` message for unsupported or insecure
schemes so it clearly states that `http` metadata is only allowed when signature
verification is active and a pubkey is present.
---
Nitpick comments:
In `@crates/soar-registry/src/metadata.rs`:
- Around line 214-227: The file URL handling in local_metadata_path currently
strips the file:// prefix manually, which leaves any authority/host portion in
the path and can resolve file://localhost/... incorrectly as a relative path.
Update the file:// branch in local_metadata_path to parse the URL with
Url::parse and convert it with to_file_path so authority components and
percent-encoding are handled correctly, while keeping the existing resolve_path
behavior for non-file local paths.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: d1b529e3-67e6-47ac-9c5d-b579e5596437
📒 Files selected for processing (1)
crates/soar-registry/src/metadata.rs
Summary by CodeRabbit
file://sources, alongside existing remote endpoints.httpsis always allowed;httpis supported only when signature verification is enabled (with a warning when used).