fix(gateway): resolve 2026-06-18 array-write review findings
- Server-057: extend []-suffix normalization to AddItemBulk/AddBufferedItem so bulk-added array tags bind write-capable handles (authz check, worker bind, and registration kept consistent); update gateway.md + client READMEs. Tests: AddItemBulk/AddBufferedItem wiring. - Server-058: assert []-fallback-resolved bare array names are still denied when out of read/write scope and that MaxWriteClassification is enforced on suffixed array registrations. - Contracts-023/024/025: round-trip + field-19 descriptor pin for MxSparseArray; document MxSparseArray in docs/Contracts.md; enumerate it in the protocol-version-3 test summary. - Tests-040: add wiring tests for the six uncovered sparse-write arms (WriteSecured, Write2, WriteSecured2, Write2Bulk, WriteSecuredBulk, WriteSecured2Bulk). dotnet build + targeted tests green (184 passed).
This commit is contained in:
Joseph Doherty
+11
-8
@@ -1124,14 +1124,17 @@ Known important parity areas from existing captures:
|
||||
representation (unmentioned indices → type default) before sending the
|
||||
whole-array write to the worker.
|
||||
- Array attribute addresses require the `[]` body suffix to be write-capable.
|
||||
The gateway normalizes bare-name addresses at `AddItem` time: when Galaxy
|
||||
metadata confirms `is_array`, the gateway appends `[]` before registering the
|
||||
handle with the worker. When metadata is unavailable or the address is not
|
||||
recognized as an array, the address is forwarded unchanged so existing
|
||||
behavior is not regressed. The normalized address is stored in
|
||||
`SessionItemRegistration.TagAddress` and applies consistently to all
|
||||
subsequent writes on that handle. `ReadBulk` is unaffected — it uses raw
|
||||
address strings with its own ephemeral registration.
|
||||
The gateway normalizes bare-name addresses at add-item time across the whole
|
||||
add family — single `AddItem`/`AddItem2`, the batched `AddItemBulk`, and
|
||||
`AddBufferedItem`: when Galaxy metadata confirms `is_array`, the gateway
|
||||
appends `[]` before registering the handle with the worker. When metadata is
|
||||
unavailable or the address is not recognized as an array, the address is
|
||||
forwarded unchanged so existing behavior is not regressed. The normalized
|
||||
address is stored in `SessionItemRegistration.TagAddress` (for `AddItemBulk`
|
||||
the worker echoes the suffixed address it bound back in each
|
||||
`SubscribeResult.TagAddress`) and applies consistently to all subsequent
|
||||
writes on that handle. `ReadBulk` is unaffected — it uses raw address strings
|
||||
with its own ephemeral registration.
|
||||
|
||||
The gateway should not "fix" these behaviors unless the client explicitly opts
|
||||
into a non-parity mode.
|
||||
|
||||
Reference in New Issue
Block a user