(pb: {
getFirst<T>(collection: string, filter: string): Promise<T | null>;
})
| 2055 | * without spinning up the full boot path. |
| 2056 | */ |
| 2057 | export function createStatusReader(pb: { |
| 2058 | getFirst<T>(collection: string, filter: string): Promise<T | null>; |
| 2059 | }): { |
| 2060 | getStateByKey(key: string): Promise<State | null>; |
| 2061 | } { |
| 2062 | return { |
| 2063 | async getStateByKey(key: string): Promise<State | null> { |
| 2064 | // Mirror alert-state-store's defense-in-depth: reject keys with |
| 2065 | // C0/C1 control chars BEFORE they reach PB's filter parser. |
| 2066 | // Today's probes only emit printable-ASCII keys, but a future |
| 2067 | // probe emitting a control char would throw at PB filter parse |
| 2068 | // time — the throw gets swallowed by dispatchCronAlert's wrapper |
| 2069 | // and the rule silently fails. `assertSafeKey` throws with a |
| 2070 | // clear message; callers see a specific failure rather than an |
| 2071 | // opaque PB DSL error. |
| 2072 | assertSafeKey("key", key); |
| 2073 | const row = await pb.getFirst<StatusRecord>( |
| 2074 | "status", |
| 2075 | `key = ${JSON.stringify(key)}`, |
| 2076 | ); |
| 2077 | // A6(viii) (round 7): degrade-don't-trust, same as every other PB |
| 2078 | // state read. Returning `row?.state` RAW let a corrupt/legacy value |
| 2079 | // (anything outside green|red|degraded) flow into dispatchCronAlert's |
| 2080 | // synthesized WriteOutcome as a bogus prior state. |
| 2081 | return asKnownState(row?.state) ?? null; |
| 2082 | }, |
| 2083 | }; |
| 2084 | } |
| 2085 | |
| 2086 | /** |
| 2087 | * Project a per-cfg env overlay for `buildProbeInvoker`. Drivers that |
no outgoing calls
no test coverage detected
searching dependent graphs…