Skip to content

Fix updates endpoint: block provider infrastructure IPs#2528

Draft
riderx wants to merge 4 commits into
mainfrom
codex/block-provider-infra-update-guard
Draft

Fix updates endpoint: block provider infrastructure IPs#2528
riderx wants to merge 4 commits into
mainfrom
codex/block-provider-infra-update-guard

Conversation

@riderx

@riderx riderx commented Jun 17, 2026

Copy link
Copy Markdown
Member

What changed

  • Re-enable provider IP protection in the updates flow by adding a strict Google/Apple infrastructure check before update DB lookups.
  • Hardened supabase/functions/_backend/utils/invalids_ip.ts with provider-aware classification (google, apple) and cache-backed lookups.
  • Added provider_infrastructure_request_blocked update error code and CLI probe hint.

Notes

  • This change only affects requests identified as provider infrastructure (eg Google/Apple hosting/proxy ASNs with matching org/ISP metadata) and returns an explicit blocked update response.
  • Normal user traffic continues through standard update flow.

Validation

  • bun lint and repository typecheck are currently blocked in this environment due missing dependencies (oxlint, @antfu/eslint-config, tsgo).

@coderabbitai

coderabbitai Bot commented Jun 17, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 35cb4814-8d41-4031-a155-aa08f81e71b1

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review

Comment @coderabbitai help to get the list of available commands and usage tips.

@codspeed-hq

codspeed-hq Bot commented Jun 17, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Merging this PR will improve performance by 29.53%

⚡ 1 improved benchmark
✅ 42 untouched benchmarks
⏩ 2 skipped benchmarks1

Performance Changes

Benchmark BASE HEAD Efficiency
/updates manifest response with metadata 149.8 µs 115.6 µs +29.53%

Tip

Curious why this is faster? Comment @codspeedbot explain why this is faster on this PR, or directly use the CodSpeed MCP with your agent.

Comparing codex/block-provider-infra-update-guard (bf2dbf1) with main (4108905)

Open in CodSpeed

Footnotes

  1. 2 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports.

@sonarqubecloud

sonarqubecloud Bot commented Jun 17, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
3 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@riderx