Bref serverless support

[ioaniftimesei]

Summary by Aikido

Security Issues: 0	Quality Issues: 0	Resolved Issues: 0

🚀 New Features

• Added AWS Lambda (Bref) serverless support across agent and processor.

⚡ Enhancements

• Updated inter-process init to pass Lambda flag and wait for socket.
• Adjusted server cleanup logic to skip inactivity eviction when Lambda.
• Extended CI workflows to build and publish Bref Lambda layer artifacts.

🔧 Refactors

• Refactored runtime directory, socket and pid handling to be dynamic.

^{More info}

[aikido-pr-checks]

Added AIKIDO_LOG_INFO debug output in GetRuntimeDir() that logs AWS_LAMBDA_FUNCTION_NAME and path choice; remove or downgrade to appropriate log level or gate behind debug flag.

Show fix

Suggested change

	AIKIDO_LOG_INFO("GetRuntimeDir: AWS_LAMBDA_FUNCTION_NAME=%s\n", lambdaEnv ? lambdaEnv : "(null)");
	if (lambdaEnv != nullptr) {
	AIKIDO_LOG_INFO("GetRuntimeDir: Using /tmp path for Lambda\n");
	return "/tmp/aikido-" + std::string(PHP_AIKIDO_VERSION);
	}
	AIKIDO_LOG_INFO("GetRuntimeDir: Using /run path (non-Lambda)\n");
	if (lambdaEnv != nullptr) {
	return "/tmp/aikido-" + std::string(PHP_AIKIDO_VERSION);
	}

Details

✨ AI Reasoning
​GetRuntimeDir() was added with AIKIDO_LOG_INFO calls that print the AWS_LAMBDA_FUNCTION_NAME and note path selection. These informational logs are newly introduced and look like ad-hoc debug traces in runtime initialization, potentially leaking environment details or causing noisy logs in production.

_{Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info}

[aikido-pr-checks]

isRunDirWritable combines two filesystem operations with && on one line; split the MkdirAll and Remove calls into separate statements with explicit error handling for clarity.

Show fix

Suggested change

	return os.MkdirAll("/run/aikido-writetest", 0777) == nil && os.Remove("/run/aikido-writetest") == nil
	if err := os.MkdirAll("/run/aikido-writetest", 0777); err != nil {
	return false
	}
	if err := os.Remove("/run/aikido-writetest"); err != nil {
	return false
	}
	return true

Details

✨ AI Reasoning
​A single function returns the boolean result of two filesystem operations combined with &&. This bundles IO side effects into one-line logic, increasing cognitive load and hiding partial failure details. Separating the calls improves readability and error handling.

_{Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info}

[aikido-pr-checks]

isRunDirWritable combines os.MkdirAll and os.Remove in one boolean expression; separate the operations and handle errors explicitly to improve readability and debuggability.

Show fix

Suggested change

	return os.MkdirAll("/run/aikido-writetest", 0777) == nil && os.Remove("/run/aikido-writetest") == nil
	mkdirErr := os.MkdirAll("/run/aikido-writetest", 0777)
	if mkdirErr != nil {
	return false
	}
	removeErr := os.Remove("/run/aikido-writetest")
	return removeErr == nil

Details

✨ AI Reasoning
​A new utility function returns the combined result of directory creation and removal in one expression. This compresses two IO operations into one line, making failure modes harder to inspect and increasing reasoning complexity for future maintainers.

_{Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info}

[aikido-pr-checks]

Agent::Init adds an inlined polling loop that returns from inside the loop; extract or convert this wait into a guard/helper (early-return) to flatten Init's control flow and improve readability.

Details

✨ AI Reasoning
​Agent::Init was modified to add a polling loop that waits for the agent socket to appear, returning from inside the loop when ready or logging a warning after the loop. This increases nesting and mixes startup orchestration with waiting logic, which could be clearer if the wait were a separate guard/helper or inverted into an early-return check. The change makes the control flow less linear and slightly harder to follow, so a guard/early-return or small helper function would improve maintainability.

🔧 How do I fix it?
Place parameter validation and guard clauses at the function start. Use early returns to reduce nesting levels and improve readability.

_{Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info}

[aikido-pr-checks]

SetRuntimeDir assigns SocketPath to a directory ("/tmp/aikido-"+Version) instead of the socket file path, so Lambda mode uses an invalid socket location.

Suggested change

	SocketPath = "/tmp/aikido-" + Version
	SocketPath = "/tmp/aikido-" + Version + "/aikido-agent.sock"

Details

✨ AI Reasoning
​The runtime-path switch changes a value that is used as a Unix socket file location, but in the Lambda branch it becomes a directory string instead of a socket filename. That makes the path semantics contradictory: non-Lambda points to a socket file, Lambda points to a folder. This causes incorrect behavior whenever the code tries to dial or check the socket using that variable.

_{Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info}