feat: Add DSAR self-service endpoints for CIRISLens trace deletion#648
feat: Add DSAR self-service endpoints for CIRISLens trace deletion#648
Conversation
Add /v1/my-data/* endpoints enabling users to view their hashed agent ID (lens identifier), manage accord metrics settings, and request deletion of their traces from CIRISLens. Hook consent revocation to automatically queue a lens deletion request. New endpoints: - GET /v1/my-data/lens-identifier - View agent_id_hash and consent status - DELETE /v1/my-data/lens-traces - Request trace deletion from CIRISLens - GET /v1/my-data/accord-settings - View adapter settings - PUT /v1/my-data/accord-settings - Update trace level and consent https://claude.ai/code/session_01CWwK4VqNm8CyfRSysVELuh
|
|
1 similar comment
|
|
![github-code-quality[bot]](https://avatars.githubusercontent.com/u/9919?s=60&v=4){kind=small}
| """ | ||
|
|
||
| import hashlib | ||
| from unittest.mock import AsyncMock, MagicMock, Mock, patch |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 4b1c81eadc
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| adapters = getattr(adapter_manager, "_adapters", {}) | ||
| for adapter in adapters.values(): | ||
| type_name = type(adapter).__name__ | ||
| if "AccordMetrics" in type_name: | ||
| return adapter |
There was a problem hiding this comment.
_get_accord_adapter() only inspects runtime.adapter_manager._adapters, but the real RuntimeAdapterManager stores active adapters in loaded_adapters, and each entry is an AdapterInstance wrapper (ciris_engine/logic/runtime/adapter_manager.py). In a normal runtime this helper returns None even when ciris_accord_metrics is loaded, so the new /v1/my-data endpoints either 404 or take the misleading “no traces to delete” fallback instead of operating on the live adapter.
Useful? React with 👍 / 👎.
| # Step 2: Revoke local consent (stops future collection) | ||
| local_revoked = False | ||
| if adapter: | ||
| adapter.update_consent(False) |
There was a problem hiding this comment.
If _send_lens_deletion_request() cannot reach CIRISLens or gets a non-accepting response, this path still just calls update_consent(False) and returns a message saying the request was logged/saved for retry. The new request_lens_deletion hook added in AccordMetricsAdapter.update_consent() is never used here, so in those failure cases the DSAR erasure request is silently dropped instead of being retried later.
Useful? React with 👍 / 👎.
| if settings.consent_given is not None: | ||
| adapter.update_consent(settings.consent_given) | ||
| changes.append(f"consent_given={settings.consent_given}") |
There was a problem hiding this comment.
This endpoint exposes live opt-in, but adapter.update_consent(True) only flips the in-memory consent flags. When the adapter was started without consent—the default path—AccordMetricsService.start() never created an HTTP session/flush task and AccordMetricsAdapter.get_services_to_register() never registered the service, so enabling consent through /v1/my-data/accord-settings does not actually start collection until the adapter is reloaded.
Useful? React with 👍 / 👎.
1. _get_accord_adapter now uses RuntimeAdapterManager.loaded_adapters and unwraps AdapterInstance.adapter instead of looking at a non-existent _adapters dict. 2. When CIRISLens deletion request fails, consent revocation now passes request_lens_deletion=True so the deletion event is queued for retry on the next flush cycle instead of being silently dropped. 3. AccordMetricsService.set_consent(True) now initializes the HTTP session and periodic flush task if they weren't created at start time (adapter started without consent). Extracted _initialize_http_session() helper and reuse it in start(). https://claude.ai/code/session_01CWwK4VqNm8CyfRSysVELuh
2 participants
Add /v1/my-data/* endpoints enabling users to view their hashed agent ID
(lens identifier), manage accord metrics settings, and request deletion
of their traces from CIRISLens. Hook consent revocation to automatically
queue a lens deletion request.
New endpoints:
https://claude.ai/code/session_01CWwK4VqNm8CyfRSysVELuh