Conversation
Addresses 18 issues found during critical review of the network module: Security (P0): - Add HMAC-signed callback URLs to prevent unauthorized message injection - Add ownership authorization checks on all channel operations - Add SSRF-safe URL validation for callback_url and A2A agent card fetching - Fix DB session leak in A2A discovery routes (use FastAPI Depends) - Add content size limits (64KB) to all message schemas Correctness (P1): - Wire TopologyValidator into ChannelService (was dead code) - Fix inbox to return only unread messages for the recipient - Integrate DeliveryWorker into send_message flow with retry enqueue - Fix delivery worker: ACK only on success, use delayed re-enqueue instead of blocking sleep for backoff - Start DeliveryWorker in app lifespan Quality (P2): - Replace string fields with Literal types in Pydantic schemas - Consolidate 3 identical channel request schemas into ChannelRequest - Add CallResponse and AckResponse typed response models - Include message_id in Redis context window output - Add 63 unit tests covering callback auth, URL validation, topology, convergence detectors, and aggregation strategies https://claude.ai/code/session_016TBT33dehTx3ePbkvT2L3P
- Remove manual __aenter__() call that leaked DB sessions on every request - Reuse the request-scoped session from the discovery service dependency - Add owner_id authorization to A2A task send calls - Narrow except clause to ValueError/KeyError instead of broad Exception that was masking programming errors with 500 JSON-RPC responses https://claude.ai/code/session_016TBT33dehTx3ePbkvT2L3P
- Create docs/INTEGRATION_GUIDE.md: comprehensive guide for building external agents on Intuno networks, covering webhook/polling patterns, all 3 channel types, proactive communication, callback auth, context windows, topology constraints, and full API reference - Create docs/E2E_TEST_SPEC.md: E2E test specification with 5 reference agent types and 12 test scenarios for the agents repo, including 24/7 monitoring strategy, CI workflows, and Docker Compose setup - Update docs/NETWORKS.md: fix outdated unauthenticated callback docs, add HMAC-signed reply_url, security section, delivery worker, and updated file layout reflecting recent security hardening https://claude.ai/code/session_016TBT33dehTx3ePbkvT2L3P
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Addresses 18 issues found during critical review of the network module:
Security (P0):
Correctness (P1):
instead of blocking sleep for backoff
Quality (P2):
convergence detectors, and aggregation strategies
https://claude.ai/code/session_016TBT33dehTx3ePbkvT2L3P