Skip to content

Release v4 hardening and hosted deploy#36

Merged
vcode-sh merged 3 commits into
mainfrom
agent/v4-release-hardening
Jul 9, 2026
Merged

Release v4 hardening and hosted deploy#36
vcode-sh merged 3 commits into
mainfrom
agent/v4-release-hardening

Conversation

@vcode-sh

@vcode-sh vcode-sh commented Jul 9, 2026

Copy link
Copy Markdown
Owner

Summary

  • Implements the full 001-016 plan set: sandbox correctness and isolation coverage, memory and concurrency limits, deploy workflow rollout handling, redaction hardening, local-runtime safeguards, database-kind dedupe, docs guardrails, schema startup performance work, hosted Docker/compose deployment artifacts, and the upstream application.one proposal.
  • Bumps package, server manifest, and runtime metadata to 4.0.0.
  • Retires phase-specific Vitest configs in favor of root coverage thresholds and renamed focused test files.

Validation

  • npm run build
  • npm test
  • npm run typecheck
  • npm run lint
  • npm run docs:check:facts
  • npm run ci:budgets
  • npm run test:coverage
  • npm pack --dry-run
  • docker compose -f docs/examples/compose.hosted.yml config
  • docker build -t dokploy-mcp-http .
  • hosted image smoke: /health returns OK posture JSON; unauthenticated /mcp returns expected 401 JSON-RPC error

Release note

Do not push tag v4.0.0 until this PR is merged. The repository release workflow is tag-driven and will publish to npm, MCP Registry, and GitHub Releases from the tag.

Summary by CodeRabbit

  • New Features

    • Added hosted HTTP deployment guidance, including Docker Compose example, health checks, and environment setup notes.
    • Added OpenAPI drift checking for scheduled and manual verification.
    • Expanded deployment and log-related support, including deployment log access and broader sandbox/runtime configuration options.
  • Bug Fixes

    • Improved sandbox safety, timeout handling, concurrency limits, and worker reuse behavior.
    • Tightened HTTP session request handling and added warnings for risky local/runtime and wildcard origin settings.
  • Documentation

    • Updated setup, troubleshooting, and release guidance to reflect the latest runtime and deployment workflows.

@coderabbitai

coderabbitai Bot commented Jul 9, 2026

Copy link
Copy Markdown

Review Change Stack

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: db31c67d-4f39-4ae0-b265-96a9ed987a45

📥 Commits

Reviewing files that changed from the base of the PR and between e9dde16 and fda1a1f.

⛔ Files ignored due to path filters (6)
  • package-lock.json is excluded by !**/package-lock.json
  • src/generated/dokploy-schemas.ts is excluded by !**/generated/**
  • src/generated/dokploy-sdk.d.ts is excluded by !**/generated/**
  • src/generated/dokploy-sdk.ts is excluded by !**/generated/**
  • src/generated/openapi-index.json is excluded by !**/generated/**
  • src/generated/openapi-resolved.json is excluded by !**/generated/**
📒 Files selected for processing (78)
  • .dockerignore
  • .env.example
  • .github/workflows/ci.yml
  • .github/workflows/openapi-drift.yml
  • .github/workflows/pr-validation.yml
  • .github/workflows/release.yml
  • AGENTS.md
  • CLAUDE.md
  • Dockerfile
  • README.md
  • docs/coverage.md
  • docs/examples/compose.hosted.yml
  • docs/guides/hosted-deploy.md
  • docs/guides/hosted-http.md
  • docs/guides/modes.md
  • docs/guides/troubleshooting.md
  • docs/live-e2e-proof.md
  • docs/proposals/upstream-application-one.md
  • docs/remote-http.md
  • docs/upstream-alignment.md
  • package.json
  • scripts/sync-doc-facts.mjs
  • scripts/v2/check-openapi-drift.mjs
  • scripts/v2/lib.mjs
  • scripts/v2/official-openapi-root.json
  • server.json
  • src/codemode/catalog-overrides/runtime-hints.ts
  • src/codemode/context/execute-context-types.ts
  • src/codemode/procedure-overrides/logs.ts
  • src/codemode/procedure-overrides/secrets.ts
  • src/codemode/sandbox/concurrency.ts
  • src/codemode/sandbox/runner.ts
  • src/codemode/sandbox/runtime.ts
  • src/codemode/sandbox/subprocess-runner.ts
  • src/codemode/sandbox/worker-entry.ts
  • src/codemode/tools/execute.ts
  • src/codemode/virtual-procedures/batch.ts
  • src/codemode/virtual-procedures/database.ts
  • src/codemode/virtual-procedures/shared.ts
  • src/codemode/workflows/deploy-application.ts
  • src/http-server.ts
  • src/http/options.ts
  • src/http/request-handler.ts
  • src/version.ts
  • tests/codemode-execute.integration.test.ts
  • tests/codemode-procedure-overrides.test.ts
  • tests/codemode-security.test.ts
  • tests/codemode-subprocess-runner.test.ts
  • tests/codemode-worker-entry.test.ts
  • tests/codemode.test.ts
  • tests/codemode/fixtures/execute/logs-tail-many.js
  • tests/deploy-workflow-tasks.test.ts
  • tests/deploy-workflow.test.ts
  • tests/execute-tool-tasks.test.ts
  • tests/execute-tool-workflows.test.ts
  • tests/fixtures/subprocess-workers/test-worker.js
  • tests/helpers/subprocess-worker.ts
  • tests/http-hardening-adversarial.test.ts
  • tests/http-options.test.ts
  • tests/http-request-handler-errors.test.ts
  • tests/http-server.test.ts
  • tests/http-server.unit.test.ts
  • tests/prompts-completions-adversarial.test.ts
  • tests/release-remote-metadata.test.ts
  • tests/sampling-elicitation-runtime.test.ts
  • tests/sandbox-code-wrapping.test.ts
  • tests/sandbox-concurrency.test.ts
  • tests/subprocess-runner.integration.test.ts
  • tests/subprocess-runner.test.ts
  • tests/tasks-adversarial.test.ts
  • tests/tasks-runtime.test.ts
  • tests/workflow-adversarial.test.ts
  • tests/workflow-schemas.test.ts
  • vitest.config.ts
  • vitest.phase2.config.ts
  • vitest.phase3.config.ts
  • vitest.phase4.config.ts
  • vitest.phase5.config.ts

📝 Walkthrough

Walkthrough

This PR adds sandbox concurrency limiting, subprocess worker reuse with memory sizing, a local-runtime safety warning/restriction, deployment.readLogs support, a database virtual-procedure descriptor refactor, HTTP session request serialization, an allowed-origins warning, Docker/CI/docs for hosted deployment, an OpenAPI drift-check workflow, and a version bump to 4.0.0.

Changes

Sandbox Runtime, Concurrency, and Worker Reuse

Layer / File(s) Summary
Concurrency slot mechanism
src/codemode/sandbox/concurrency.ts, tests/sandbox-concurrency.test.ts
Adds acquireSandboxSlot/SandboxSlot with FIFO queueing, bounded queue size, abort-signal cancellation, and idempotent release, with corresponding tests.
Subprocess worker reuse and memory sizing
src/codemode/sandbox/subprocess-runner.ts, src/codemode/sandbox/worker-entry.ts, tests/codemode-subprocess-runner.test.ts, tests/subprocess-runner.test.ts, tests/subprocess-runner.integration.test.ts, tests/codemode-worker-entry.test.ts, tests/fixtures/subprocess-workers/test-worker.js, tests/helpers/subprocess-worker.ts
Wires concurrency slots into search/execute paths, adds cached warm workers keyed by mode with --max-old-space-size sizing, simplifies worker run-state machine, and expands tests.
Local runtime warning and code wrapping
src/codemode/sandbox/runtime.ts, src/codemode/sandbox/runner.ts, src/codemode/tools/execute.ts, src/http-server.ts, tests/codemode-execute.integration.test.ts, tests/sandbox-code-wrapping.test.ts, tests/http-server.unit.test.ts
Adds one-time warning for local sandbox runtime, onTimeout callback support, improved auto-return code wrapping, runExecuteLocally helper, and refusal of local runtime by serve-http.

Estimated code review effort: 4 (Complex) | ~60 minutes

Deployment Logs and Database Virtual Procedure Refactor

Layer / File(s) Summary
deployment.readLogs support and redaction updates
src/codemode/context/execute-context-types.ts, src/codemode/catalog-overrides/runtime-hints.ts, src/codemode/procedure-overrides/logs.ts, src/codemode/procedure-overrides/secrets.ts, src/codemode/virtual-procedures/batch.ts, src/codemode/virtual-procedures/shared.ts, tests/codemode-execute.integration.test.ts, tests/codemode-procedure-overrides.test.ts, tests/codemode.test.ts, tests/codemode/fixtures/execute/logs-tail-many.js
Adds a deployment kind for TailManyRequest, extends logProcedureNames and hints, broadens credential redaction regex, refactors redactRecord to recurse arrays and preserve identity, and updates tests.
Database descriptor refactor
src/codemode/virtual-procedures/database.ts, tests/codemode.test.ts
Replaces per-kind switch statements with DATABASE_KINDS descriptor lookups for schema generation, input validation, and preview routing.
Sandbox security hardening tests
tests/codemode-security.test.ts
Adds tests for constructor-chain code generation rejection, prototype-pollution isolation, frozen context enforcement, and timer non-exposure.

Estimated code review effort: 4 (Complex) | ~45 minutes

Deployment Rollout Polling Budget Handling

Layer / File(s) Summary
Separate poll executor and budget-exhaustion handling
src/codemode/workflows/deploy-application.ts, tests/deploy-workflow-tasks.test.ts, tests/tasks-runtime.test.ts
Adds a distinct pollExecutor for rollout polling calls, catches API-call budget errors during polling to return a budget-exhausted status instead of failing, and updates tests.

Estimated code review effort: 3 (Moderate) | ~25 minutes

HTTP Server Session Serialization and Origin Warning

Layer / File(s) Summary
Per-session request serialization
src/http/request-handler.ts, tests/http-server.test.ts
Adds a per-session promise queue so 'request'-kind operations execute serially, with reconnect-pressure test guards and timeout increases.
Allowed-origins wildcard warning
src/http/options.ts, tests/http-options.test.ts
Adds a console.error warning when resolved allowedOrigins includes '*', with tests for both warning and non-warning cases.

Estimated code review effort: 3 (Moderate) | ~20 minutes

Docker, CI, Docs, and Version 4.0.0 Release Prep

Layer / File(s) Summary
Docker build and env example
Dockerfile, .dockerignore, .env.example
Adds a two-stage Dockerfile, .dockerignore, and a fully documented .env.example covering credentials, transport, and sandbox limits.
Hosted deploy docs and compose example
docs/examples/compose.hosted.yml, docs/guides/hosted-deploy.md, docs/guides/hosted-http.md, docs/guides/modes.md, docs/guides/troubleshooting.md, README.md, docs/coverage.md
Adds hosted-deploy guide, compose example, sandbox runtime/worker/concurrency troubleshooting docs, and updated README fact snapshot/links.
OpenAPI drift check
.github/workflows/openapi-drift.yml, scripts/v2/check-openapi-drift.mjs, package.json
Adds a scheduled/manual workflow and CLI script that diffs a vendored OpenAPI snapshot against remote specs and exits with specific codes for drift severity.
CI build steps and vitest config cleanup
.github/workflows/ci.yml, .github/workflows/pr-validation.yml, .github/workflows/release.yml, package.json, vitest.phase2.config.ts, vitest.phase3.config.ts, vitest.phase4.config.ts, vitest.phase5.config.ts, vitest.config.ts
Adds explicit "Build test artifacts" steps before test runs, removes retired phase2-5 configs/scripts, and narrows/extends vitest coverage settings.
Version bump and doc-facts sync validation
package.json, server.json, src/version.ts, AGENTS.md, CLAUDE.md, scripts/sync-doc-facts.mjs, scripts/v2/lib.mjs, docs/live-e2e-proof.md, docs/remote-http.md
Bumps version to 4.0.0 across files, updates architecture docs, adds version-alignment and legacy-doc assertions to the doc-facts sync script, and changes generated schema embedding to use JSON.parse.
Upstream application.one proposal
docs/proposals/upstream-application-one.md, docs/upstream-alignment.md
Adds a proposal document for upstream response-shaping support and links it from the alignment tracker.

Estimated code review effort: 2 (Simple) | ~15 minutes

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch agent/v4-release-hardening

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

vcode-sh added 2 commits July 9, 2026 08:58
- Added a new script `check-openapi-drift.mjs` to verify discrepancies between the vendored OpenAPI specification and the latest public versions.
- Introduced a GitHub Actions workflow for scheduled OpenAPI drift checks.
- Updated `package.json` to include a new command for the drift check.
- Revised `README.md` and `coverage.md` to reflect the updated API procedures and tags, now totaling 544 procedures and 50 tags.
- Enhanced the OpenAPI schema to include new fields and ensure consistency across various deployment configurations.
@vcode-sh
vcode-sh marked this pull request as ready for review July 9, 2026 14:25
@vcode-sh
vcode-sh merged commit a315d54 into main Jul 9, 2026
9 of 10 checks passed

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: fda1a1f7c9

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +137 to +141
hasDrift:
addedOperations.length > 0 ||
removedOperations.length > 0 ||
addedTags.length > 0 ||
removedTags.length > 0,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Detect schema-only OpenAPI drift

When upstream changes an existing operation's parameters, request schema, or response schema without adding/removing a path or tag, this check still returns hasDrift: false because it only compares operation and tag sets. That lets the scheduled drift workflow pass while the generated runtime schemas and SDK remain stale for changed endpoints; include a canonical spec/schema hash or per-operation schema comparison in the drift decision.

Useful? React with 👍 / 👎.

Comment thread Dockerfile
USER node
EXPOSE 3000

HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 CMD ["node", "-e", "fetch('http://127.0.0.1:3000/health').then((r)=>{if(!r.ok)process.exit(1)}).catch(()=>process.exit(1))"]

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Honor configured healthcheck endpoint

When an operator overrides DOKPLOY_MCP_HTTP_PORT or DOKPLOY_MCP_HEALTH_PATH for the image, the server listens on the configured endpoint but this exec-form healthcheck still probes 127.0.0.1:3000/health, so otherwise healthy containers are marked unhealthy. Use a shell-form check or small script that reads the same env vars as the server.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant