✨ feat(edge): finalize lookout/1.0 for RC — experimental gate, audit bug fixes, docs (M4+M5)#433
Merged
Merged
Conversation
…t off) The edge WebSocket endpoint and /lookout key-registry router mount only when DD_EXPERIMENTAL_LOOKOUT=true. Default-off means zero runtime footprint so the feature can soak as an experimental opt-in before GA. Adds getExperimentalLookoutEnabled(); gates the router mount (api.ts) and attachLookoutWsServer (index.ts); tests cover both branches.
- 🐛 stream-request error frames no longer dropped — EdgeAgentAdapter routes error frames under the stream: key, so sendStreamRequest rejects immediately instead of hanging the 30s timeout - 🐛 startExec no longer sends an exec_end for a never-started execId when the session limit is hit (was a protocol violation) - 🐛 revoked keys present in the authorized_keys file are no longer silently re-activated on restart (idempotency check now matches any record, warns on revoked) - ✨ key revocation now disconnects any live WebSocket session for that key (disconnectByKeyId) - 🔒 DELETE /lookout/keys/:keyId validates the 16-hex keyId format (400) before use, with a fixed error message (no raw reflection) - 🐛 hello-timeout timer cleared on premature close/error; non-finite timestamp rejected; over-long signature rejected before crypto
…(M4+M5) - 📝 lookout.mdx: flip path hierarchy to /api/v1 primary (/api deprecated, v1.6.0); document base64url signature encoding vs standard-base64 pubkey; add hello-frame schema with the real pubKeyId field; add welcome-frame shape; complete the 13-code error catalogue; fix revoke-404 wording; prominent DD_EXPERIMENTAL_LOOKOUT callout - 📝 agent.mdx: add M4 logLevel/pollInterval to the dd:ack example - ✨ OpenAPI 3.1 paths for GET/POST/DELETE /api/v1/lookout/keys (Lookout tag) - 📝 README: experimental edge-agent dial-out (Ed25519) in features + v1.5.0 roadmap row - 📝 CHANGELOG: Added entries for M5 (experimental edge endpoint, PR #429) and M4 (ack logLevel/pollInterval, PR #430)
scttbnsn
requested review from
ALARGECOMPANY and
biggest-littlest
as code owners
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
biggest-littlest
approved these changes
Jun 13, 2026
biggest-littlest
left a comment
biggest-littlest
left a comment
Member
There was a problem hiding this comment.
Approved — consolidated lookout RC-readiness PR. Verified: experimental gate defaults off, audit bug fixes carry tests, docs corrected (paths/base64url/pubKeyId/error codes), CHANGELOG M4+M5 present. Local gate green (100% cov app+ui).
ALARGECOMPANY
approved these changes
Jun 13, 2026
ALARGECOMPANY
left a comment
ALARGECOMPANY
left a comment
Member
There was a problem hiding this comment.
Second code-owner approval. Endpoint is opt-in via DD_EXPERIMENTAL_LOOKOUT; revocation now disconnects live sessions and revoked keys no longer reactivate on restart. LGTM for the RC.
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What & why
A multi-agent audit of the merged lookout/1.0 edge integration (M4 #430 + M5 #429) found the code fundamentally sound — Ed25519 auth is correct, the SPKI header byte-exact, nonce-commit-after-verify ordering safe, the CodeQL TOCTOU fix genuine — but surfaced confirmed protocol/auth bugs, documentation inaccuracies, and a release-readiness gap: the feature shipped to
mainwith no CHANGELOG entry and its docs were stranded in the unmerged #432.This PR makes lookout RC-ready and supersedes #432 (whose docs had real accuracy bugs, fixed here). Per decision: ship the feature experimental / opt-in for this RC, and fix the confirmed code bugs.
Changes
✨ Experimental gate (default off)
DD_EXPERIMENTAL_LOOKOUT=trueis now required to mount thelookout/1.0WebSocket endpoint and the/lookoutkey-registry router. Default-off = zero runtime footprint, so the endpoint can soak as an opt-in before any GA commitment. The wire protocol may change while experimental.🐛 Audit-confirmed bug fixes (each with tests; 100% coverage held)
EdgeAgentAdapterrouted error frames under the barerequestIdwhile streaming requests are keyedstream:${requestId}, so a streaming call would hang the full 30 s timeout instead of rejecting. Now rejects immediately.startExecno longer sends anexec_endfor a never-startedexecIdwhen the session limit is hit (was a subprotocol violation).authorized_keysfile no longer silently re-activate on restart — the idempotency check now matches any record (active or revoked) and warns instead of re-inserting.DELETE /lookout/keys/:keyIdcloses any live WebSocket authenticated under that key (disconnectByKeyId).DELETE /lookout/keys/:keyIdvalidates the 16-hex keyId format (400) before use, with a fixed message (no raw input reflection).📝 Docs + spec
lookout.mdx: flip path hierarchy to/api/v1/...primary (/api/...deprecated, removal v1.6.0); document the base64url signature encoding (vs standard-base64 pubkey); add the hello-frame schema using the realpubKeyIdfield name; add the welcome-frame shape; complete the 13-code error catalogue; correct the revoke-404 wording; prominentDD_EXPERIMENTAL_LOOKOUTcallout.agent.mdx: add the M4logLevel/pollIntervalfields to thedd:ackexample.GET/POST/DELETE /api/v1/lookout/keys(newLookouttag).Addedentries for M5 (PR ✨ feat(edge): lookout/1.0 edge WebSocket endpoint with Ed25519 auth (M5) #429) and M4 (PR ✨ feat(agents): declare lookout runtime info fields in ack payload (M4) #430) — both were previously absent frommain's changelog entirely.Verification
tscbuild clean; biome clean (the 2 remaining warnings are pre-existing write-only-field warnings onEdgeAgentAdapter, unchanged frommain).Supersedes #432.