Resolve Server-002, -004, -005, -006 code-review findings

Server-002: the gateway never terminated leftover MxGateway.Worker.exe processes at startup, contradicting gateway.md and CLAUDE.md. Added IRunningProcessInspector/SystemRunningProcessInspector, OrphanWorkerTerminator, and OrphanWorkerCleanupHostedService (best-effort, runs before sessions are accepted); updated gateway.md to describe the implemented behavior. Server-004: API-key scopes were persisted verbatim with no validation. Added GatewayScopes.All/IsKnown; the CLI parser and dashboard create path now reject unknown scope strings. Server-005: a non-SqlException/InvalidOperationException fault on the initial Galaxy hierarchy load faulted the BackgroundService. ExecuteAsync now catches all non-cancellation exceptions on first load and RefreshCoreAsync broadens its catch so the cache records Stale/Unavailable instead. Server-006: OpenSessionAsync incremented the open-sessions gauge before alarm auto-subscribe; an auto-subscribe failure leaked the gauge. The catch path now calls SessionRemoved() when the gauge was incremented. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-18 21:31:10 -04:00
parent 5e795aeeb8
commit 1d9e3afadd
18 changed files with 676 additions and 15 deletions
@@ -1,3 +1,5 @@
+using MxGateway.Server.Security.Authorization;
+
 namespace MxGateway.Server.Security.Authentication;

 public static class ApiKeyAdminCommandLineParser
@@ -95,6 +97,12 @@ public static class ApiKeyAdminCommandLineParser
            return ApiKeyAdminParseResult.Fail(validationError);
        }

+        string? scopeError = ValidateScopes(kind, scopes);
+        if (scopeError is not null)
+        {
+            return ApiKeyAdminParseResult.Fail(scopeError);
+        }
+
        return ApiKeyAdminParseResult.Success(new ApiKeyAdminCommand(
            Kind: kind,
            Json: json,
@@ -152,6 +160,23 @@ public static class ApiKeyAdminCommandLineParser
        return null;
    }

+    private static string? ValidateScopes(ApiKeyAdminCommandKind kind, IReadOnlySet<string> scopes)
+    {
+        if (kind != ApiKeyAdminCommandKind.CreateKey)
+        {
+            return null;
+        }
+
+        string[] unknown = scopes.Where(scope => !GatewayScopes.IsKnown(scope)).ToArray();
+        if (unknown.Length == 0)
+        {
+            return null;
+        }
+
+        return $"Unknown scope(s): {string.Join(", ", unknown)}. "
+            + $"Valid scopes are: {string.Join(", ", GatewayScopes.All)}.";
+    }
+
    private static string KindName(ApiKeyAdminCommandKind kind)
    {
        return kind switch