Skip to content

fix(permissions): 🧭 detect missing storage buckets in queryPermissions#484

Closed
binggg wants to merge 1 commit intomainfrom
feature/attribution-querypermissions-storage-not-found
Closed

fix(permissions): 🧭 detect missing storage buckets in queryPermissions#484
binggg wants to merge 1 commit intomainfrom
feature/attribution-querypermissions-storage-not-found

Conversation

@binggg
Copy link
Copy Markdown
Member

@binggg binggg commented Apr 8, 2026

Summary

  • validate storage bucket existence against env metadata before queryPermissions(action="getResourcePermission") returns a success payload
  • add explicit error field to permission error envelopes so RESULT.json can preserve failure semantics directly
  • add a regression test covering nonexistent storage buckets

Attribution

  • issue: issue_mnoyd73x_516z19
  • representative run: atomic-js-none-describe-storage-acl-not-found/2026-04-07T18-26-55-ymwnt3

Verification

  • cd mcp && npx vitest run src/tools/permissions.storage-not-found.test.ts
  • cd mcp && npx vitest run src/tools/permissions.test.ts src/tools/permissions.storage-not-found.test.ts
  • cd mcp && npm run build
  • report-api evaluation: atomic-js-none-describe-storage-acl-not-found/2026-04-08T02-45-41-d59647 (RESULT.json error check now passes; remaining failure is grader/environment mismatch because direct DescribeStorageSafeRule still returns READONLY for the fake bucket outside MCP code)

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3fe5ae0e2d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

mcp/src/tools/permissions.ts

const envInfo = await envService.getEnvInfo();
const knownBuckets = extractStorageBuckets(envInfo);
if (knownBuckets.length > 0 && !knownBuckets.includes(params.resourceId)) {
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector bot Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Treat empty bucket lists as missing resources

This condition bypasses validation whenever getEnvInfo() returns no Storages/StaticStorages, so in fresh or storage-disabled environments queryPermissions(action="getResourcePermission", resourceType="storage") still falls through to describeResourcePermission and can report a fake bucket as readable. That leaves the original false-success behavior in place for a real runtime scenario; after a successful getEnvInfo() call, an empty inventory should be handled as “bucket not found” (or at least as an explicit validation failure) rather than skipped.

Useful? React with 👍 / 👎.

@binggg binggg closed this Apr 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@binggg