Skip to content

fix: shared-client Close() safety in adapters; harden CI workflows#13

Merged
muralx merged 1 commit into
mainfrom
fix/adapter-close-and-ci-hardening
Jun 17, 2026
Merged

fix: shared-client Close() safety in adapters; harden CI workflows#13
muralx merged 1 commit into
mainfrom
fix/adapter-close-and-ci-hardening

Conversation

@muralx

@muralx muralx commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

Summary

Code-only batch since the last release: two adapter fixes plus CI/security hardening.

  • mcp, mark3labs: (*Adapter).Close() is now a no-op for adapters built with NewAdapterFromClientAndResource — closing one no longer tears down a caller-supplied client shared across adapters. NewAdapter-built adapters still own and close it.
  • http: (*Adapter).RequireScopes names every missing scope in error_description (was: stopped at the first miss) by delegating to claims.RequireScopes (RFC 6750 §3).
  • ci: add CodeQL + workflow linting (actionlint/shellcheck), pin actions to SHAs, clear Scorecard findings; bump indirect golang.org/x/sys to v0.44.0 (mcp).

Testing

go vet / go build / go test -race ./... green across core, http, mark3labs, mcp (conformance included); golangci-lint run — 0 issues per module.

@muralx
fix: shared-client Close() safety in adapters; harden CI workflows
fd44656 
- mcp, mark3labs: `(*Adapter).Close()` is now a no-op for adapters built
  with `NewAdapterFromClientAndResource`. Such adapters do not own the
  caller-supplied `*authplane.Client`, so closing one adapter no longer
  tears down a client shared across other adapters. `NewAdapter`-built
  adapters still own and close the client they create.
- http: `(*Adapter).RequireScopes` now names every missing scope in the
  `error_description` instead of returning on the first miss, by delegating
  to `claims.RequireScopes`. Middleware-enforced and code-enforced scope
  checks now surface the same diagnostic (RFC 6750 §3).
- ci: add CodeQL analysis and workflow linting (actionlint + shellcheck),
  pin third-party actions to commit SHAs, and clear Scorecard findings.
- mcp: bump indirect `golang.org/x/sys` to v0.44.0.
@muralx muralx requested a review from a team as a code owner June 16, 2026 23:25
@github-advanced-security

github-advanced-security AI commented Jun 16, 2026

Copy link
Copy Markdown

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@muralx muralx merged commit 0c8f5f4 into main Jun 17, 2026
13 checks passed
@muralx muralx deleted the fix/adapter-close-and-ci-hardening branch June 17, 2026 15:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RobertoIskandarani RobertoIskandarani RobertoIskandarani approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@muralx @github-advanced-security @RobertoIskandarani