Skip to content

Accept legacy QuackbackConfig discriminator in config schema#38

Open
BunsDev wants to merge 1 commit into
mainfrom
codex/fix-config-schema-vulnerability-qp7s6y
Open

Accept legacy QuackbackConfig discriminator in config schema#38
BunsDev wants to merge 1 commit into
mainfrom
codex/fix-config-schema-vulnerability-qp7s6y

Conversation

@BunsDev
Copy link
Copy Markdown
Member

@BunsDev BunsDev commented Jun 5, 2026

Motivation

  • A recent rebrand changed the declarative config kind literal from QuackbackConfig to quackbackConfig, which rejects existing managed YAMLs and prevents the config watcher from reconciling managed workspace/auth settings; this patch restores compatibility so existing deployments continue to apply managed settings.
  • The intent of the original change appears to be a branding/rename of the public discriminator, but we must preserve backward compatibility to avoid a security regression during fresh installs.

Description

  • Update the Zod schema to accept both discriminators by changing kind: z.literal('quackbackConfig') to kind: z.enum(['QuackbackConfig', 'quackbackConfig']) in apps/web/src/lib/server/config-file/schema.ts so legacy files are still valid.
  • Add a unit test that verifies the rebranded kind: 'quackbackConfig' is accepted in apps/web/src/lib/server/config-file/__tests__/schema.test.ts while preserving existing tests that use QuackbackConfig.
  • The change is intentionally minimal and preserves the existing parseQuackbackConfig API and types (QuackbackConfig, QuackbackConfigSpec).

Testing

  • Added a unit test that asserts parseQuackbackConfig accepts kind: 'quackbackConfig' (test file: apps/web/src/lib/server/config-file/__tests__/schema.test.ts).
  • Attempted to run the relevant Vitest suite (apps/web/src/lib/server/config-file/__tests__/schema.test.ts, plus loader/watcher tests) but execution was blocked due to dependency resolution failing to fetch vitest from the registry (403) because node_modules are not present; tests could not be executed in this environment.

Codex Task

Copilot AI review requested due to automatic review settings June 5, 2026 23:59
Copilot AI reviewed Jun 6, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR restores backward compatibility for declarative config YAMLs by allowing both the legacy and rebranded kind discriminator values in the server-side Zod schema, preventing existing managed deployments from being rejected during config reconciliation.

Changes:

  • Updated quackbackConfigSchema.kind to accept both QuackbackConfig (legacy) and quackbackConfig (rebranded).
  • Added a unit test asserting parseQuackbackConfig accepts kind: 'quackbackConfig'.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
apps/web/src/lib/server/config-file/schema.ts Broadens the Zod discriminator validation to accept both legacy and rebranded kind values.
apps/web/src/lib/server/config-file/tests/schema.test.ts Adds coverage ensuring the rebranded kind value is accepted by parseQuackbackConfig.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@BunsDev BunsDev self-assigned this Jun 6, 2026
@BunsDev BunsDev force-pushed the codex/fix-config-schema-vulnerability-qp7s6y branch from 79165c9 to 3bc3168 Compare June 7, 2026 00:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@BunsDev BunsDev

Labels

aardvark codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@BunsDev