Allow body-driven Email Routing rule verification#18
Conversation
![kilo-code-bot[bot]](https://avatars.githubusercontent.com/in/2193792?s=60&v=4){kind=small}
|
|
||
| report_file="$(printf '%s\n' "${mutation_report}" | tail -n 1)" | ||
| if [[ "${APPLY}" == "1" && "${status}" -eq 0 && -f "${report_file}" ]]; then | ||
| if [[ -n "${BODY_JSON:-}" || -n "${BODY_FILE:-}" ]]; then |
There was a problem hiding this comment.
WARNING: Incomplete verification logic for custom BODY_JSON/BODY_FILE path
When a custom payload is provided via BODY_JSON or BODY_FILE, the verification only checks that a matcher exists for the address and that the rule is enabled. It does NOT verify that the rule's actions route to the expected WORKER_NAME (unlike the standard path at lines 158-168). This creates a security/logic gap: a rule could match the address but route to a different destination, and verification would still pass.
| report_file="$(printf '%s\n' "${mutation_report}" | tail -n 1)" | ||
| if [[ "${APPLY}" == "1" && "${status}" -eq 0 && -f "${report_file}" ]]; then | ||
| if [[ -n "${BODY_JSON:-}" || -n "${BODY_FILE:-}" ]]; then | ||
| if jq -e --arg address "${RULE_ADDRESS}" ' |
There was a problem hiding this comment.
SUGGESTION: RULE_ADDRESS may be empty in custom payload path
The custom BODY_JSON/BODY_FILE branch allows RULE_ADDRESS to be unset (build_payload at line 46-49 doesn't require it). If RULE_ADDRESS is empty, the jq filter will silently match nothing and verification will fail with a generic error message, making debugging difficult.
Code Review SummaryStatus: 2 Issues Found | Recommendation: Address before merge Overview
Issue Details (click to expand)WARNING
SUGGESTION
Other Observations (not in diff)No issues found in unchanged code. Files Reviewed (1 file)
Fix these issues in Kilo Cloud Reviewed by grok-code-fast-1:optimized:free · 100,075 tokens |
1 participant
Summary
email.routing_rulemutations that provide a full body payload to verify by recipient/enabled state instead of always requiring a Worker action--service <worker>flowWhy
maildesk-cfneeded to temporarily reconcile directforwardEmail Routing rules for operator delivery addresses. The surface already accepts--body, but post-apply verification assumed every rule action wasworker, so valid forward-action payloads failed verification.Verification
bash -n scripts/cf_mutate_email_routing_rule.sh./scripts/verify_static_contract.shNotes
This does not add a full first-class destination-address model. That remains tracked in #17.