fix: clamp template port sharing level in SubAgentAPI#26061
Conversation
|
/coder-agents-review |
|
Chat: Review in progress | View chat deep-review v0.7.1 | Round 2 | Last posted: Round 2, 11 findings (3 P3, 5 Nit, 3 Note), APPROVE. Review Finding inventoryFindings
Round logRound 1Panel. 3 P3, 2 Nit, 3 Note. Reviewed against 2cbce86..49e0119. Round 2Panel. CRF-1 through CRF-8 addressed. 3 Nit new. Reviewed against 2cbce86..4d5a974. About deep-reviewCRF = Coder Review Finding (P0-P4, Nit, Note)
|
| return ctx, api, &upsertedApps | ||
| } | ||
|
|
||
| func TestDevcontainerCoderAppShareClampedByTemplateMaxPortShareLevel(t *testing.T) { |
There was a problem hiding this comment.
review: chose to go with an "integration-ish" style test, avoiding the full overhead of standing up an agent with fake CLIs etc in favour of just calling the relevant DRPC methods using a stubbed client.
There was a problem hiding this comment.
Clean, well-scoped fix. The clamping design (warn+restrict vs reject) is the right call for the SubAgentAPI's infrastructure callers, and the test coverage is thorough: 4 max-level boundary cases in the mock test plus a real-DB integration test through the full SubAgentClient stack. The PortSharer atomic pointer follows the established AGPL/Enterprise injection pattern. Good work.
Severity count: 3 P3, 2 Nit, 3 Note.
Pariston, after trying to build a case against this change: "I tried to build a case against this change and couldn't. The problem is correctly identified, the fix is at the right layer, the clamping behavior is the correct choice for infrastructure callers, and the tests cover the level ordering thoroughly. The premises hold."
One observation for the PR description: the current text describes the mechanism ("adds a check for and clamp") without stating the problem. Consider leading with: sub-agent apps created via CreateSubAgent bypassed the template's max port sharing level. Then the fix.
coderd/provisionerdserver/provisionerdserver.go:3642
Note [CRF-6] The provisioner maps sdkproto.AppSharingLevel to database.AppSharingLevel and stores it directly without calling AuthorizedLevel. A template with max_port_sharing_level = "authenticated" and a terraform-defined app with sharing_level = "public" stores "public" in the database. The risk is lower than the SubAgentAPI case (template admin controls both settings), but it's structurally the same gap. Not in scope for this PR, noting for visibility. (Pariston)
🤖
🤖 This review was automatically generated with Coder Agents.
|
Note: leaving CRF-6 above explicitly out of scope. |
|
/coder-agents-review |
There was a problem hiding this comment.
All 8 R1 findings addressed in 4d5a974. Fixes verified by Netero and the full panel (9 reviewers). The comments documenting the ACL dependency, nil-PortSharer behavior, and clamp-vs-reject rationale are all accurate and well-placed. The warn log now carries sub-agent name, sub-agent ID, app slug, requested level, max level, and the underlying error, giving operators full diagnostic context.
Severity count: 3 Nit (new). All prior findings resolved.
Hisoka, after pulling every thread: "I came looking for a fight. I pulled every thread I could find. [...] No findings. The code held up."
One process note: the fix commit subject ("address automated code review feedback") is opaque, but this PR will squash-merge under the PR title, which is good.
🤖 This review was automatically generated with Coder Agents.
There was a problem hiding this comment.
Pull request overview
This PR addresses a bypass where sub-agent workspace apps created via CreateSubAgent could exceed the template’s maximum allowed port/app sharing level by adding clamping logic in coderd/agentapi.SubAgentAPI, wiring the PortSharer into the agent RPC API, and adding unit/integration-ish test coverage for sharing-level clamping.
Changes:
- Add template-aware clamping for dynamically inserted
workspace_appsincoderd/agentapi.SubAgentAPI, with warning logs when clamping occurs. - Thread
PortSharerthroughagentapi.Optionsand the workspace agent RPC setup soSubAgentAPIcan enforce enterprise sharing restrictions. - Add a new enterprise test file covering a max-sharing-level matrix and a devcontainer sub-agent client path.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| enterprise/coderd/subagent_test.go | Adds unit + integration-ish tests validating app share level clamping against template max. |
| coderd/workspaceagentsrpc.go | Passes the server PortSharer into the per-agent agentapi.Options. |
| coderd/agentapi/subagent.go | Fetches the workspace/template for sub-agent app creation and clamps share levels via PortSharer. |
| coderd/agentapi/api.go | Extends agent API options/sub-agent wiring to include PortSharer. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| func (a *SubAgentAPI) CreateSubAgent(ctx context.Context, req *agentproto.CreateSubAgentRequest) (*agentproto.CreateSubAgentResponse, error) { | ||
| //nolint:gocritic // This gives us only the permissions required to do the job. | ||
| ctx = dbauthz.AsSubAgentAPI(ctx, a.OrganizationID, a.OwnerID) | ||
| ctx = dbauthz.AsSubAgentAPI(ctx, a.OrganizationID, a.OwnerID, a.OwnerGroups) |
There was a problem hiding this comment.
This is a bit strange. The subagent should take the owner's groups for template access? Should we just add template read to the org permissions on Sub Agent API?
There was a problem hiding this comment.
That was my initial thought as well, but is that too broad?
Fixes an issue where sub-agent apps created via CreateSubAgent would bypass the check for the template's max port sharing level:
workspace_appsto the template max sharing level incoderd.agentapi.SubAgentAPI.Generated by Coder Agents with guidance from a human.