[feat][backend] add extra_output field to ListExperimentResultOApi response#554
Closed
VinCinx wants to merge 8 commits into
Closed
[feat][backend] add extra_output field to ListExperimentResultOApi response#554VinCinx wants to merge 8 commits into
VinCinx wants to merge 8 commits into
Conversation
…ponse - Add EvaluatorExtraOutputContent struct to domain_openapi IDL - Regenerate kitex_gen from updated IDL - Add OpenAPIEvaluatorExtraOutputContentDO2DTO convertor - Inject fileProvider into EvalOpenAPIApplication for URI-to-URL signing - Add fillExtraOutputURLs to sign TOS URIs before returning response - Regenerate wire_gen.go - Add unit tests for extra_output conversion
…riment convertor) The ListExperimentResultOApi uses openAPIEvaluatorOutputDataDO2DTO (lowercase, in convertor/experiment/openapi.go) instead of the public OpenAPIEvaluatorOutputDataDO2DTO (in convertor/evaluator/openapi.go). The private method was missing the ExtraOutput and Stdout field mapping.
… tracing Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Codecov Report❌ Patch coverage is
❌ Your patch status has failed because the patch coverage (68.11%) is below the target coverage (80.00%). You can increase the patch coverage or adjust the target coverage. @@ Coverage Diff @@
## main #554 +/- ##
==========================================
+ Coverage 77.60% 78.06% +0.45%
==========================================
Files 670 670
Lines 75995 76214 +219
==========================================
+ Hits 58979 59494 +515
+ Misses 13565 13283 -282
+ Partials 3451 3437 -14
Flags with carried forward coverage won't be shown. Click here to find out more.
... and 27 files with indirect coverage changes Continue to review full report in Codecov by Harness.
🚀 New features to boost your workflow:
|
…rs to reach 90% coverage
…o prevent horizontal privilege escalation
…r BatchGetExptAggrResultByExperimentIDs Add a dedicated table-driven case asserting that experiments whose SpaceID differs from the input spaceID are filtered out (validExptIDs), so all downstream queries (BatchGetExptAggrResultByExperimentIDs / GetEvaluatorRefByExptIDs / batchGetTagInfoByExperimentIDs) only receive the valid exptID and the cross-space exptID is dropped. Verified via mutation: removing the filter makes this case fail. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…rizontal privilege escalation UpdateExperiment used req.WorkspaceID to overwrite the DB space_id without verifying ownership, allowing an attacker to move another workspace's experiment into their own. Validate got.SpaceID == req.GetWorkspaceID() right after Get and before any write, mirroring DeleteExperiment. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add 'workspace mismatch with experiment space' case asserting the request is rejected before manager.Update is invoked, mirroring the DeleteExperiment test. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
feat
Check the PR title
[feat][backend] add extra_output field to ListExperimentResultOApi response
(Optional) Translate the PR title into Chinese
为 ListExperimentResultOApi 接口返回值增加 extra_output 字段
(Optional) More detailed description for this PR
en: Add
extra_output(containingoutput_typeandurl) to the OpenAPI experiment result response. Previously this field was only available via the internalBatchGetExperimentResultAPI. Changes include: updating the OpenAPI IDL, regenerating kitex_gen, adding entity-to-DTO conversion, injecting fileProvider for URI-to-URL signing, and fixing the private convertor in the experiment package.zh: 为 OpenAPI 实验结果接口补齐
extra_output字段(含output_type和签名后的url)。此前该字段仅在内部接口BatchGetExperimentResult中返回。改动涉及 IDL 更新、kitex 代码生成、DTO 转换逻辑、fileProvider 注入签名,以及 experiment 包内私有 convertor 的同步修复。(Optional) Which issue(s) this PR fixes
N/A