Skip to content

Harden Flask health endpoint registration#159

Merged
Pigbibi merged 1 commit into
mainfrom
codex/harden-health-endpoint-registration-20260701
Jul 1, 2026
Merged

Harden Flask health endpoint registration#159
Pigbibi merged 1 commit into
mainfrom
codex/harden-health-endpoint-registration-20260701

Conversation

@Pigbibi

@Pigbibi Pigbibi commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Summary

  • register QPK Flask health routes with explicit non-colliding endpoint names
  • skip auto-registration for /health or /healthz when an app already owns that route
  • add Flask tests for route preservation and endpoint-name collision prevention

Validation

  • python -m py_compile src/quant_platform_kit/common/health.py tests/test_common_health.py
  • uvx ruff check src/quant_platform_kit/common/health.py tests/test_common_health.py
  • PYTHONPATH=src uvx --with pytest --with flask pytest tests/test_common_health.py

@Pigbibi Pigbibi force-pushed the codex/harden-health-endpoint-registration-20260701 branch from d7bd10a to 40325da Compare July 1, 2026 07:19

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d7bd10ad88

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread tests/test_common_health.py Outdated
@@ -0,0 +1,31 @@
from __future__ import annotations

from flask import Flask

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Add Flask to the test environment

This new test module imports Flask at collection time, but the checked CI workflow installs only -e . numpy pandas pytest pytest-cov ruff before running PYTHONPATH=src python -m pytest ... tests (.github/workflows/ci.yml lines 27-28 and 76), and pyproject.toml still has an empty dependency list. In the normal CI environment this raises ModuleNotFoundError: No module named 'flask' before any tests run; either add Flask to the CI/test dependencies or guard/skip these tests when Flask is unavailable.

Useful? React with 👍 / 👎.

return jsonify({"status": "ok", "timestamp": datetime.now(timezone.utc).isoformat()})

existing_rules = {getattr(rule, "rule", "") for rule in self._app.url_map.iter_rules()}
if "/health" not in existing_rules:

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Check methods before skipping health routes

This path-only check suppresses the GET health handler whenever any /health rule already exists, even if that rule only handles another method such as POST; in that app register_health_endpoint(app) still promises to add GET /health, but GET requests will return 405 because Flask allows separate rules for the same path with different methods. The same issue applies to the /healthz check below, so skip only when an existing rule actually handles GET/HEAD.

Useful? React with 👍 / 👎.

if "/health" not in existing_rules:
self._app.add_url_rule(
"/health",
endpoint="qpk_health",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Avoid fixed endpoint names for health routes

Using a fixed qpk_health endpoint still allows the same collision this change is trying to harden against: if the host Flask app already has any view registered with endpoint/function name qpk_health, or defines one after calling register_health_endpoint, Flask raises an endpoint-overwrite assertion even though /health itself may be free. Generate or probe for an unused endpoint name before registering the QPK health view.

Useful? React with 👍 / 👎.

@Pigbibi Pigbibi merged commit 6d36759 into main Jul 1, 2026
5 of 6 checks passed
@Pigbibi Pigbibi deleted the codex/harden-health-endpoint-registration-20260701 branch July 1, 2026 07:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant