Skip to content

feat(api): add instance-class create admission#132

Merged
onutc merged 5 commits intomainfrom
codex/spritz-runtime-service-delegation-doc
Mar 19, 2026
Merged

feat(api): add instance-class create admission#132
onutc merged 5 commits intomainfrom
codex/spritz-runtime-service-delegation-doc

Conversation

@onutc
Copy link
Member

@onutc onutc commented Mar 19, 2026
edited
Loading

Summary

  • add config-backed extension resolvers and instance classes to the API server startup path
  • add native preset create admission with presetInputs, resolver-driven service-account binding, and idempotency integration for provisioner creates
  • update the CLI to send --preset-input values and add API/CLI coverage for resolver matching, config validation, and create-time policy enforcement

Validation

  • go test ./... (api)
  • go test ./... (operator)
  • pnpm test (cli)
  • node --test e2e/acp-client.test.mjs e2e/acp-smoke-lib.test.mjs e2e/instance-waiter.test.mjs
  • npx -y @simpledoc/simpledoc check
  • git diff --check
  • codex review --base main (looped until no P0/P1 findings remained)

@onutc onutc changed the title docs(api): add runtime delegation policy to instance architecture feat(api): add instance-class create admission Mar 19, 2026
@onutc onutc merged commit 23510b9 into main Mar 19, 2026
5 checks passed
@onutc onutc deleted the codex/spritz-runtime-service-delegation-doc branch March 19, 2026 10:32
@gitrank-connector
Copy link

gitrank-connector bot commented Mar 19, 2026

📋 GitRank PR Analysis

Score: 0 points (ineligible)

Metric Value
Component Other (1× multiplier)
Severity P1 - High (50 base pts)
Final Score 50 × 1 = 0

Eligibility Checks

Check Status
Issue/Bug Fix
Fix Implementation
PR Documented
Tests
Lines Within Limit

Impact Summary

This PR adds a comprehensive extension framework for preset create resolution, instance class management, and admission-time policy enforcement. It enables resolver-driven service account binding, preset input validation, and idempotency integration across API and CLI. The changes are substantial (2039 lines across 14 files) and introduce new security-relevant admission logic that gates instance creation.

Analysis Details

Component Classification: This PR introduces a new feature (instance-class create admission with preset resolver integration) rather than fixing a specific categorized component. It spans API, CLI, and operator concerns without fitting neatly into a single domain-specific category.

Severity Justification: This is a high-impact feature addition that introduces critical new infrastructure for admission control, extension resolution, and instance class policy enforcement. The feature affects core create-time validation and security boundaries, making it P1 (High) rather than P2, though it is not a security vulnerability or service outage (which would be P0).

Eligibility Notes: Issue: No explicit bug fix or issue reference, but this is a feature addition. Fix Implementation: Yes, code changes align with the stated feature goals. PR Linked: Yes, comprehensive description with validation steps. Tests: Yes, extensive test coverage added (585 lines in create_admission_test.go, 71 lines in extensions_test.go, 23 lines in instance_classes_test.go, 76 lines in provisioner-create.test.ts). Tests Required: Yes, this is a new feature introducing business logic, API changes, and security-relevant admission control that requires comprehensive test coverage.

Analyzed by GitRank 🤖

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@onutc