fix(kubernetes): republish with correct upgrade chain (2026.06.10.1) #50

Merged
stack72 merged 1 commit from worktree-reflective-napping-quasar into main 2026-06-10 14:53:48 +00:00
Owner

Summary

  • Bumps all 15 kubernetes model versions and manifest from 2026.06.05.12026.06.10.1
  • Adds upgrade entry to each model completing the chain: 2026.05.27.22026.06.04.12026.06.04.22026.06.05.12026.06.10.1
  • Fixes the user-reported BundleBuildFailed on all 15 model types after pulling @swamp/kubernetes from the registry

Root cause

The published registry artifact 2026.06.05.1 contained stale model files (version 2026.06.04.1 with upgrades ending at 2026.05.27.2). The fix landed on main but the manifest version wasn't bumped, so CI never republished.

Test plan

  • deno check, deno lint, deno fmt, deno install --frozen — all pass
  • Pulled @swamp/kubernetes@2026.05.27.2, created a model instance, swapped to local 2026.06.10.1 source
  • swamp model get auto-upgraded typeVersion from 2026.05.27.22026.06.10.1
  • swamp doctor extensions — 15/15 Indexed, OVERALL: PASS
  • swamp model validate — 5/5 passed
  • swamp extension quality manifest.yaml — 14/14 rubric, packaging succeeded
  • Extracted the packaged .tar.gz and verified all 15 bundled .js files have version: "2026.06.10.1" with the full upgrade chain

🤖 Generated with Claude Code

## Summary - Bumps all 15 kubernetes model versions and manifest from `2026.06.05.1` → `2026.06.10.1` - Adds upgrade entry to each model completing the chain: `2026.05.27.2` → `2026.06.04.1` → `2026.06.04.2` → `2026.06.05.1` → `2026.06.10.1` - Fixes the user-reported `BundleBuildFailed` on all 15 model types after pulling `@swamp/kubernetes` from the registry ## Root cause The published registry artifact `2026.06.05.1` contained stale model files (version `2026.06.04.1` with upgrades ending at `2026.05.27.2`). The fix landed on main but the manifest version wasn't bumped, so CI never republished. ## Test plan - [x] `deno check`, `deno lint`, `deno fmt`, `deno install --frozen` — all pass - [x] Pulled `@swamp/kubernetes@2026.05.27.2`, created a model instance, swapped to local `2026.06.10.1` source - [x] `swamp model get` auto-upgraded typeVersion from `2026.05.27.2` → `2026.06.10.1` - [x] `swamp doctor extensions` — 15/15 Indexed, OVERALL: PASS - [x] `swamp model validate` — 5/5 passed - [x] `swamp extension quality manifest.yaml` — 14/14 rubric, packaging succeeded - [x] Extracted the packaged `.tar.gz` and verified all 15 bundled `.js` files have `version: "2026.06.10.1"` with the full upgrade chain 🤖 Generated with [Claude Code](https://claude.com/claude-code)
fix(kubernetes): bump all models to 2026.06.10.1 to republish with correct upgrade chain
All checks were successful
CI / cve/dirtyfrag - lint (pull_request) Has been skipped
CI / cve/mini-shai-hulud - lint (pull_request) Has been skipped
CI / cve/mini-shai-hulud - fmt (pull_request) Has been skipped
CI / cve/mini-shai-hulud - test (pull_request) Has been skipped
CI / cve/dirtyfrag - lockfile up to date (pull_request) Has been skipped
CI / kubernetes - lint (pull_request) Successful in 1m0s
CI / cve/mini-shai-hulud - lockfile up to date (pull_request) Has been skipped
CI / kubernetes - check (pull_request) Successful in 1m8s
CI / model/hetzner-cloud - lockfile up to date (pull_request) Has been skipped
CI / kubernetes - test (pull_request) Successful in 1m7s
CI / kubernetes - lockfile up to date (pull_request) Successful in 58s
CI / cve/mini-shai-hulud - check (pull_request) Has been skipped
CI / aws models - sample check (pull_request) Has been skipped
CI / model/hetzner-cloud - check (pull_request) Has been skipped
CI / model/digitalocean - lockfile up to date (pull_request) Has been skipped
CI / model/digitalocean - check (pull_request) Has been skipped
CI / kubernetes - fmt (pull_request) Successful in 1m7s
CI / aws models - lockfiles up to date (pull_request) Has been skipped
CI / gcp models - sample check (pull_request) Has been skipped
CI / gcp models - lockfiles up to date (pull_request) Has been skipped
CI / cloudflare models - sample check (pull_request) Has been skipped
CI / cloudflare models - lockfiles up to date (pull_request) Has been skipped
CI / codegen - check (pull_request) Has been skipped
CI / codegen - fmt (pull_request) Has been skipped
CI / codegen - lint (pull_request) Has been skipped
CI / codegen - lockfile up to date (pull_request) Has been skipped
CI / CI Security Review (pull_request) Has been skipped
CI / Adversarial Code Review (pull_request) Successful in 2m15s
CI / Claude Code Review (pull_request) Successful in 3m19s
CI / Merge Gate (pull_request) Successful in 28s
fe9cc9e894
The published registry artifact for 2026.06.05.1 contained stale model
files (version 2026.06.04.1, upgrades ending at 2026.05.27.2), causing
all 15 model types to fail with "Last upgrade toVersion does not match
model version". The code on main was already fixed but the manifest
version was never bumped, so CI never republished.

Bumps all 15 model versions and manifest to 2026.06.10.1 with a new
upgrade entry completing the chain. Verified: upgrade from 2026.05.27.2
loads cleanly, swamp doctor passes, quality 14/14, and the packaged
tarball bundles have correct versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Author
Owner

Adversarial Review

This PR bumps all 15 Kubernetes model versions from 2026.06.05.1 to 2026.06.10.1 and appends a corresponding upgrade entry to each model's upgrades array. The manifest version is also bumped to match.

Analysis

Every changed file follows the same mechanical pattern:

  1. version field updated from "2026.06.05.1" to "2026.06.10.1"
  2. New upgrade entry appended with toVersion: "2026.06.10.1", identity upgradeAttributes: (old) => old, and a description noting no behavior change
  3. manifest.yaml version matches the model versions

Verified:

  • Upgrade chain ordering is correct across all files: 2026.05.27.22026.06.04.12026.06.04.22026.06.05.12026.06.10.1
  • Version consistency: all 15 model files and manifest.yaml agree on 2026.06.10.1
  • Model count: manifest lists 15 models, all 15 have the bump — none missed
  • Identity upgrade function: (old: Record<string, unknown>) => old is correct for a no-schema-change bump
  • No logic, schema, or behavioral changes — purely a republish with corrected upgrade chain metadata

No security, correctness, concurrency, resource management, or data integrity concerns. There is no new logic to break.

Verdict

PASS — Mechanical version bump with correct upgrade chain entries across all 15 Kubernetes models. No code, schema, or behavior changes.

## Adversarial Review This PR bumps all 15 Kubernetes model versions from `2026.06.05.1` to `2026.06.10.1` and appends a corresponding upgrade entry to each model's `upgrades` array. The manifest version is also bumped to match. ### Analysis Every changed file follows the same mechanical pattern: 1. `version` field updated from `"2026.06.05.1"` to `"2026.06.10.1"` 2. New upgrade entry appended with `toVersion: "2026.06.10.1"`, identity `upgradeAttributes: (old) => old`, and a description noting no behavior change 3. `manifest.yaml` version matches the model versions Verified: - **Upgrade chain ordering** is correct across all files: `2026.05.27.2` → `2026.06.04.1` → `2026.06.04.2` → `2026.06.05.1` → `2026.06.10.1` - **Version consistency**: all 15 model files and `manifest.yaml` agree on `2026.06.10.1` - **Model count**: manifest lists 15 models, all 15 have the bump — none missed - **Identity upgrade function**: `(old: Record<string, unknown>) => old` is correct for a no-schema-change bump - **No logic, schema, or behavioral changes** — purely a republish with corrected upgrade chain metadata No security, correctness, concurrency, resource management, or data integrity concerns. There is no new logic to break. ### Verdict **PASS** — Mechanical version bump with correct upgrade chain entries across all 15 Kubernetes models. No code, schema, or behavior changes.
Author
Owner

Code Review

This PR bumps all 15 kubernetes extension models from 2026.06.05.1 to 2026.06.10.1 and adds the corresponding upgrade entry to each model's upgrades array. The manifest.yaml version is updated consistently. No functional code changes are present — this matches the legitimate "version bump to republish with correct upgrade chain" pattern described in CLAUDE.md.

Blocking Issues

None.

Suggestions

  1. event.ts — fieldSelector string interpolation from user-supplied names (getForPod, getForDeployment, getForService): The podName, deploymentName, and serviceName args are interpolated directly into the fieldSelector string (e.g. `involvedObject.name=${args.podName},involvedObject.kind=Pod`). A crafted name containing a comma could inject additional fieldSelector conditions (e.g. my-pod,involvedObject.kind=Deployment). In practice the K8s API rejects malformed fieldSelectors and Kubernetes resource names don't allow commas, so this is not exploitable — but consider validating names or using the Kubernetes client's structured filter API if available.

  2. node.ts — same fieldSelector interpolation in getPodsOnNode: `spec.nodeName=${args.nodeName}` has the same pattern.

  3. pod.ts — exec method doesn't support per-call namespace override: Every other method resolves namespace as args.namespace ?? context.globalArgs.namespace, but exec uses only globalArgs.namespace. This is inconsistent and may surprise callers who expect to exec into a pod in a different namespace.

  4. namespace.ts — health method marks scaled-to-zero deployments unhealthy: ready: replicas > 0 && replicas === ready always evaluates to false when replicas === 0. An intentionally scaled-down deployment will cause the overall healthy flag to be false. Consider whether replicas === 0 should be treated as a special "scaled down intentionally" case.

## Code Review This PR bumps all 15 kubernetes extension models from `2026.06.05.1` to `2026.06.10.1` and adds the corresponding upgrade entry to each model's `upgrades` array. The `manifest.yaml` version is updated consistently. No functional code changes are present — this matches the legitimate "version bump to republish with correct upgrade chain" pattern described in CLAUDE.md. ### Blocking Issues None. ### Suggestions 1. **`event.ts` — fieldSelector string interpolation from user-supplied names** (`getForPod`, `getForDeployment`, `getForService`): The `podName`, `deploymentName`, and `serviceName` args are interpolated directly into the `fieldSelector` string (e.g. `` `involvedObject.name=${args.podName},involvedObject.kind=Pod` ``). A crafted name containing a comma could inject additional fieldSelector conditions (e.g. `my-pod,involvedObject.kind=Deployment`). In practice the K8s API rejects malformed fieldSelectors and Kubernetes resource names don't allow commas, so this is not exploitable — but consider validating names or using the Kubernetes client's structured filter API if available. 2. **`node.ts` — same fieldSelector interpolation** in `getPodsOnNode`: `` `spec.nodeName=${args.nodeName}` `` has the same pattern. 3. **`pod.ts` — exec method doesn't support per-call namespace override**: Every other method resolves namespace as `args.namespace ?? context.globalArgs.namespace`, but `exec` uses only `globalArgs.namespace`. This is inconsistent and may surprise callers who expect to exec into a pod in a different namespace. 4. **`namespace.ts` — health method marks scaled-to-zero deployments unhealthy**: `ready: replicas > 0 && replicas === ready` always evaluates to `false` when `replicas === 0`. An intentionally scaled-down deployment will cause the overall `healthy` flag to be `false`. Consider whether `replicas === 0` should be treated as a special "scaled down intentionally" case.
stack72 deleted branch worktree-reflective-napping-quasar 2026-06-10 14:53:48 +00:00
Sign in to join this conversation.
No reviewers
No labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
swamp-club/swamp-extensions!50
No description provided.