Skip to content

feat(sdk): add out of hte box controls#246

Open
namrataghadi-galileo wants to merge 1 commit into
mainfrom
feature/67101-out-of-box-controls
Open

feat(sdk): add out of hte box controls#246
namrataghadi-galileo wants to merge 1 commit into
mainfrom
feature/67101-out-of-box-controls

Conversation

@namrataghadi-galileo

Copy link
Copy Markdown
Contributor

Summary

  • Added Phase 1 out-of-box controls bootstrap tooling so startup can safely seed controls later without duplicating rows or blocking pod startup.
  • Added evaluator gating, namespace-aware seeding, initial version creation, idempotency, duplicate-name race handling, and fail-open lifespan integration.

Scope

  • User-facing/API changes: None.
  • Internal changes: New agent_control_server.bootstrap module, startup seeding hook, and bootstrap tests.
  • Out of scope: Actual OOTB control definitions, Phase 2 regex/json/list templates, and Phase 3 Luna metadata seeding.

Risk and Rollout

  • Risk level: low
  • Rollback plan: Remove the lifespan call to seed_out_of_box_controls and/or revert the bootstrap module and related tests.

Testing

  • Added or updated automated tests
  • Ran make check (not run because uv dependency resolution hit private index 401s)
  • Manually verified behavior via targeted tests, server lint, and server mypy using the existing .venv

Checklist

  • Linked issue/spec (Phase 1 from OOTB controls technical spec)
  • Updated docs/examples for user-facing changes: N/A, no user-facing changes
  • Included any required follow-up tasks in .md format: Phase 2 follow-up not yet added as a separate .md file

@codecov

codecov Bot commented Jun 29, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 94.33962% with 6 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
...nt_control_server/bootstrap/out_of_box_controls.py 94.94% 5 Missing ⚠️
server/src/agent_control_server/main.py 85.71% 1 Missing ⚠️

📢 Thoughts on this report? Let us know!

template: OutOfBoxControlTemplate,
) -> str:
control_service = ControlService(session)
if await control_service.active_control_name_exists(template.name, namespace_key=namespace_key):

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using an active, mutable name as the seed identity resurrects deleted controls and duplicates renamed ones on the next standalone startup. Could we persist an immutable seed/source ID plus an explicit opt-out tombstone, and cover delete/rename followed by reseeding?

logger.info(f"Evaluator discovery complete. Available evaluators: {available}")

try:
seed_result = await seed_out_of_box_controls(

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The try/except is fail-open only after this await returns. A database lock wait can hold startup before lifespan yields, especially because statement timeouts may be disabled. Please bound the whole bootstrap, or set a local lock timeout and retry later.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants