From 18ea3a488ff7798976b6ac331cbaadeb56ab52ad Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 14 Apr 2026 05:20:15 +0000 Subject: [PATCH] Add debug logging to guard policy JSON unmarshaling MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add 5 targeted logGuardPolicy calls to previously unlogged functions: - GuardPolicy.UnmarshalJSON: log parsed key count and resolved policy type - AllowOnlyPolicy.UnmarshalJSON: log field count on entry and parsed fields on success - normalizeAndValidateScopeArray: log scope entry count before validation All logging uses the existing logGuardPolicy logger and pre-computed values only — no side effects in logger arguments. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- internal/config/guard_policy.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/internal/config/guard_policy.go b/internal/config/guard_policy.go index 2c8ed19d..7da22e60 100644 --- a/internal/config/guard_policy.go +++ b/internal/config/guard_policy.go @@ -69,6 +69,7 @@ func (p *GuardPolicy) UnmarshalJSON(data []byte) error { if err := json.Unmarshal(data, &raw); err != nil { return err } + logGuardPolicy.Printf("UnmarshalJSON: parsing guard policy, keys=%d", len(raw)) var allowOnlyRaw json.RawMessage var writeSinkRaw json.RawMessage @@ -106,6 +107,11 @@ func (p *GuardPolicy) UnmarshalJSON(data []byte) error { p.WriteSink = &writeSink } + if len(allowOnlyRaw) > 0 { + logGuardPolicy.Print("UnmarshalJSON: guard policy type is allow-only") + } else { + logGuardPolicy.Print("UnmarshalJSON: guard policy type is write-sink") + } return nil } @@ -123,6 +129,7 @@ func (p *AllowOnlyPolicy) UnmarshalJSON(data []byte) error { if err := json.Unmarshal(data, &raw); err != nil { return err } + logGuardPolicy.Printf("UnmarshalJSON: parsing allow-only policy, fields=%d", len(raw)) for key, value := range raw { switch strings.ToLower(key) { @@ -174,6 +181,7 @@ func (p *AllowOnlyPolicy) UnmarshalJSON(data []byte) error { return fmt.Errorf("allow-only must include min-integrity") } + logGuardPolicy.Printf("UnmarshalJSON: allow-only policy parsed, repos=%T, minIntegrity=%s", p.Repos, p.MinIntegrity) return nil } @@ -477,6 +485,7 @@ func normalizeAndValidateScopeArray(scopes []interface{}) ([]string, error) { if len(scopes) == 0 { return nil, fmt.Errorf("allow-only.repos array must contain at least one scope") } + logGuardPolicy.Printf("normalizeAndValidateScopeArray: validating %d repo scope entries", len(scopes)) seen := make(map[string]struct{}, len(scopes)) normalized := make([]string, 0, len(scopes))