requireDaemonRuntimeAccess looks up a runtime and verifies the caller owns its workspace. Only pgx.ErrNoRows is treated as a real "runtime gone" 404 — the daemon uses that response to drop the stale runtime from its in-memory map and re-register, so collapsing transient DB errors into the same 404
(w http.ResponseWriter, r *http.Request, runtimeID string)
| 74 | // so collapsing transient DB errors into the same 404 would force the daemon to |
| 75 | // self-cleanup on a hiccup. Other DB errors become 500. |
| 76 | func (h *Handler) requireDaemonRuntimeAccess(w http.ResponseWriter, r *http.Request, runtimeID string) (db.AgentRuntime, bool) { |
| 77 | runtimeUUID, ok := parseUUIDOrBadRequest(w, runtimeID, "runtime_id") |
| 78 | if !ok { |
| 79 | return db.AgentRuntime{}, false |
| 80 | } |
| 81 | rt, err := h.Queries.GetAgentRuntime(r.Context(), runtimeUUID) |
| 82 | if err != nil { |
| 83 | if isNotFound(err) { |
| 84 | writeError(w, http.StatusNotFound, "runtime not found") |
| 85 | return db.AgentRuntime{}, false |
| 86 | } |
| 87 | slog.Warn("get agent runtime failed", "runtime_id", runtimeID, "error", err) |
| 88 | writeError(w, http.StatusInternalServerError, "failed to load runtime") |
| 89 | return db.AgentRuntime{}, false |
| 90 | } |
| 91 | if !h.requireDaemonWorkspaceAccess(w, r, uuidToString(rt.WorkspaceID)) { |
| 92 | return db.AgentRuntime{}, false |
| 93 | } |
| 94 | return rt, true |
| 95 | } |
| 96 | |
| 97 | // requireDaemonTaskAccess looks up a task and verifies the caller owns its workspace. |
| 98 | func (h *Handler) requireDaemonTaskAccess(w http.ResponseWriter, r *http.Request, taskID string) (db.AgentTaskQueue, bool) { |
no test coverage detected