Add server options

[c-r33d]

Proposed Changes

1.) Add server options for pluggable interceptors

Checklist

• I have added or updated unit tests
• I have added or updated integration tests (if appropriate)
• I have added or updated documentation

Testing Instructions

---

Proposed Changes

Checklist

• I have added or updated unit tests
• I have added or updated integration tests (if appropriate)
• I have added or updated documentation

Testing Instructions

[gemini-code-assist]

Summary of Changes

Hello @c-r33d, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a significant enhancement to the server's extensibility by enabling the programmatic injection of custom interceptors for both standard Connect RPC and inter-process communication (IPC). This change allows developers to easily add custom logic, such as logging, metrics, or security checks, to the request processing pipeline without modifying core server code, thereby improving modularity and maintainability.

Highlights

• Extensible Interceptors: Introduced ExtraConnectInterceptors and ExtraIPCInterceptors fields in the server configuration to allow programmatic injection of custom Connect and IPC interceptors.
• Unified RPC Server Creation: Refactored the newConnectRPC function to handle both standard Connect RPC and IPC server creation, consolidating logic and accepting the new interceptor types.
• Configuration Options: Added WithConnectInterceptors and WithIPCInterceptors functions to the server.StartOptions to provide a clean API for users to supply custom interceptors at server startup.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• service/internal/server/server.go
  • Added ExtraConnectInterceptors and ExtraIPCInterceptors fields to the Config struct.
  • Modified newConnectRPC to accept an authentication interceptor and a slice of additional interceptors, unifying the logic previously split between newConnectRPC and newConnectRPCIPC.
  • Updated NewOpenTDFServer to pass the appropriate authentication and extra interceptors to the refactored newConnectRPC function for both Connect and IPC servers.
• service/pkg/server/options.go
  • Imported the connect package.
  • Added extraConnectInterceptors and extraIPCInterceptors fields to the StartConfig struct.
  • Introduced WithConnectInterceptors and WithIPCInterceptors functions to allow users to specify additional interceptors when starting the server.
• service/pkg/server/start.go
  • Modified the Start function to transfer the extraConnectInterceptors and extraIPCInterceptors from StartConfig to the main server Config before server initialization.

Activity

• The pull request description outlines proposed changes and includes a checklist, but no further human activity (comments, reviews, or progress updates) has been recorded.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

---

A server starts anew, Interceptors, fresh and true, Code flows, logic gleams.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a valuable feature for server extensibility by allowing programmatic injection of interceptors. However, a significant security vulnerability has been identified: the introduced extra interceptors run before request validation and audit logging. This contradicts the documented execution order and could lead to security issues if developers assume the input is already validated. The current ordering in service/internal/server/server.go also leads to incorrect auditing and does not align with the documented behavior for extra interceptors.

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	194.580709ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	107.638777ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	362.975827ms
Throughput	275.50 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	39.128710087s
Average Latency	388.603537ms
Throughput	127.78 requests/second

[github-actions]

X-Test Results

opentdfplatformTWOVHC.dockerbuild
cukes-report
✅ js-v0.9.0
✅ js-pull-3049
✅ java-v0.9.0
bats-test-results
test-cases-mapping-report
✅ go-v0.9.0
✅ java-pull-3049
✅ go-pull-3049

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	181.636102ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	95.778514ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	391.661615ms
Throughput	255.32 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	38.368001503s
Average Latency	381.959886ms
Throughput	130.32 requests/second

[github-actions]

X-Test Results

opentdfplatformJTHZ0D.dockerbuild
cukes-report
✅ js-v0.9.0
✅ js-pull-3049
bats-test-results
test-cases-mapping-report
✅ java-v0.9.0
✅ java-pull-3049
✅ go-v0.9.0
✅ go-pull-3049

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	186.549748ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	100.999981ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	361.576331ms
Throughput	276.57 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	38.890836583s
Average Latency	387.625482ms
Throughput	128.56 requests/second

[github-actions]

X-Test Results

opentdfplatformWOU2O6.dockerbuild
cukes-report
✅ js-v0.9.0
✅ java-v0.9.0
✅ js-pull-3049
bats-test-results
test-cases-mapping-report
✅ go-v0.9.0
✅ java-pull-3049
✅ go-pull-3049