Skip to content

Firma config review#187

Draft
LukeMathWalker wants to merge 15 commits into
mainfrom
firma-config-review
Draft

Firma config review#187
LukeMathWalker wants to merge 15 commits into
mainfrom
firma-config-review

Conversation

@LukeMathWalker

@LukeMathWalker LukeMathWalker commented Jun 21, 2026

Copy link
Copy Markdown
Contributor

Thinking Path

  • OpenFirma is a runtime enforcement boundary — every outbound agent call passes through a local Sidecar that evaluates Cedar policies and either allows or denies it
  • [Which crate or subsystem is involved: firma-core / firma-sidecar / firma-authority / firma-protobuf / firma-run / …]
  • [What problem, gap, or invariant violation prompted this change]
  • [Why it needs to be addressed now]
  • This pull request …
  • The benefit is …

What Changed

Verification

just check          # fmt + toml-fmt + lint + test + build + audit + deny (CI parity)

# Single crate (if applicable):
cargo test -p <crate-name>

# Single test (if applicable):
cargo test -p <crate-name> <module>::tests::<test_name>

Security Considerations

Risks

Model Used

Checklist

  • Thinking path traces from project context down to this specific change
  • just check passes locally (fmt + toml-fmt + lint + test + build + audit + deny)
  • No .unwrap(), .expect(), panic!(), or unsafe introduced outside of test code
  • All error paths are fail-closed — errors produce DENY, not silent ALLOW
  • No network calls added on the hot path (normalizer → Stage 1 → Stage 2)
  • Tests added or updated for the changed behaviour
  • If this touches the normalizer or action-class registry, mapping table tests are updated
  • If this changes wire format, config schema, or CLI behaviour, docs are updated under docs/ and docs-site/
  • Security considerations are documented above (or "None apply" is stated explicitly)
  • Model used is specified with version and capability details
  • I will address all reviewer comments before requesting merge

@codecov

codecov Bot commented Jun 21, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 61.66667% with 69 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
crates/firma/src/services/config.rs 0.00% 16 Missing ⚠️
crates/firma-run/src/runtime.rs 0.00% 13 Missing ⚠️
crates/firma/src/services/doctor.rs 25.00% 12 Missing ⚠️
crates/firma-config/src/resolver.rs 84.50% 10 Missing and 1 partial ⚠️
crates/firma-stack/src/config.rs 58.33% 3 Missing and 2 partials ⚠️
crates/firma/src/services/run.rs 50.00% 3 Missing and 1 partial ⚠️
crates/firma-config/src/schema.rs 85.00% 2 Missing and 1 partial ⚠️
crates/firma/src/services/sidecar.rs 66.66% 1 Missing and 2 partials ⚠️
crates/firma/src/services/authority.rs 75.00% 0 Missing and 2 partials ⚠️

📢 Thoughts on this report? Let us know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@LukeMathWalker