chore(deps): bump sdk/go to v0.11.0 (v0.3.0 envelope migration)#67
Merged
Conversation
Bumps github.com/agent-receipts/ar/sdk/go from v0.9.0 to v0.11.0 (stable v0.3.0). Per ADR-0012, Action.ParametersDisclosure changed from a flat map[string]string to *receipt.DisclosureEnvelope (HPKE-encrypted ciphertext), which breaks reader_test.go assignments. Refactors the affected tests around the new envelope shape: - TestReader_ListReceipts_ParametersDisclosurePreview becomes TestReader_ListReceipts_ParametersDisclosurePresence: asserts the HasParametersDisclosure indicator still fires on envelope presence, and that the input/output preview columns stay empty (the SQL paths target keys that no longer exist on the wire). - TestReader_ListReceipts_OutputStatusMismatch reduces to a control: the dashboard cannot peek inside the encrypted payload, so the mismatch flag must always be false at the list-view layer. Production code in reader.go still compiles unchanged. Rendering the envelope-shape parameters_disclosure (detail view, mismatch detection) is out of scope here and tracked separately.
There was a problem hiding this comment.
Pull request overview
This PR updates the dashboard’s Go SDK dependency to github.com/agent-receipts/ar/sdk/go v0.11.0 and adjusts internal/store/reader_test.go to compile with the new parameters_disclosure envelope type (*receipt.DisclosureEnvelope) introduced by the v0.3.0 envelope migration. The production reader logic remains unchanged; the updates are primarily dependency + test refactors.
Changes:
- Bump
github.com/agent-receipts/ar/sdk/gofromv0.9.0tov0.11.0(and pull in new indirect crypto deps). - Refactor list-view disclosure tests to use
*receipt.DisclosureEnvelopeand assert list previews remain empty under the opaque envelope shape. - Simplify
OutputStatusMismatchlist-view test expectations for envelope-shaped receipts.
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
internal/store/reader_test.go |
Updates tests to construct DisclosureEnvelope instead of legacy disclosure maps; adjusts assertions accordingly. |
go.mod |
Bumps github.com/agent-receipts/ar/sdk/go to v0.11.0 and adds new indirect requirements. |
go.sum |
Updates module checksums for the bumped SDK and newly introduced indirect dependencies. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
The SQL mismatch detector in reader.go is shape-agnostic — it looks at parameters_disclosure.output regardless of whether the disclosure was written by a v0.2.x SDK (flat map) or a v0.3.0 SDK (envelope). The existing envelope-shape test asserts the v0.3.0 side; this test pins the legacy v0.2.x side by inserting a raw flat-map receipt_json directly into the store, bypassing the typed Insert path that now forces the envelope shape. Per Copilot review on #67.
| if row.OutputStatusMismatch != tc.want { | ||
| t.Errorf("%s: OutputStatusMismatch=%v, want %v", tc.id, row.OutputStatusMismatch, tc.want) | ||
| } | ||
| db.Close() |
3 tasks
ojongerius
added a commit
that referenced
this pull request
May 22, 2026
…est (#68) * test(store): remove double-close on raw sqlite handle in legacy-shape test The previous patch (#67) used both `defer db.Close()` and an explicit `db.Close()` to release the writer before opening the reader. That double-closes the handle and can mask the inner-Close error. Drop the defer; the explicit close is required (and now error-checked) so the reader sees a quiesced file. Per Copilot review on #67 (landed after merge). * test(store): t.Cleanup as failure-path Close safety net
7 tasks
ojongerius
added a commit
that referenced
this pull request
May 22, 2026
CHANGELOG entry for the v0.3.0 cut: brings the dashboard onto sdk/go v0.11.0 (envelope-shape parameters_disclosure per ADR-0012) via #67/#68, and backfills the missing 0.2.x compare links. After merge, push tag v0.3.0 to trigger release.yml → goreleaser → binaries + GitHub Release + homebrew-tap formula update.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
github.com/agent-receipts/ar/sdk/gofromv0.9.0to the stablev0.11.0.internal/store/reader_test.goso it compiles against the new envelope-shapeAction.ParametersDisclosure(*receipt.DisclosureEnvelopeinstead of the legacymap[string]string).internal/store/reader.gobuilds unchanged; no runtime behaviour rewrite in this PR.Why
Phase 6 of the
v0.3.0release inagent-receipts/ar(issue #280): the SDK has graduated tov0.11.0, and per ADR-0012parameters_disclosureswitched from a flat{input, output}map to an HPKE-encryptedDisclosureEnvelope({v, alg, recipients, ct}). Consumers must move off the alpha.Test plan
go build ./...clean locallygo vet ./...clean locallygo test ./...clean locally (all four packages green)Test refactor scope
TestReader_ListReceipts_ParametersDisclosurePreview→ renamed toTestReader_ListReceipts_ParametersDisclosurePresence. The old test exercised the SQLjson_extract(..., '.parameters_disclosure.input/.output')preview path against amap[string]stringliteral. Under the envelope shape those keys no longer exist on the wire, so the previews are necessarily empty; the rewritten test asserts theHasParametersDisclosureindicator still fires when an envelope is attached and that no envelope payload leaks into the preview columns. The long-string SQL-truncation sub-case and the non-primary-keys sub-case were dropped — neither has a v0.3.0 analog.TestReader_ListReceipts_OutputStatusMismatchreduced from six cases to two. The legacy SQL inspectedparameters_disclosure.outputfor anisError:truemarker (issue MCP tool receipts record outcome.status=success even when output is isError:true #50). The dashboard cannot peek inside an encrypted envelope, so the flag is now alwaysfalseat the list-view layer; the test asserts exactly that under both "envelope present" and "no disclosure" rows.testDisclosureEnvelope(kid, ct)helper builds a sentinel*receipt.DisclosureEnvelope(43-char placeholderenc, opaquect) so the assignment sites stay one line and stay aligned with the v1 ciphersuite shape.Follow-up
The dashboard's UI rendering of
parameters_disclosureunder the envelope shape is a separate piece of work. The envelope is opaque ciphertext (only the forensic-key holder can decrypt it), so:reader.go(disclosurePreviewMaxLen,json_extractof.input/.output) still runs but now always yields empty strings — left in place rather than ripped out so the follow-up can decide whether to render envelope metadata (alg, recipient kid count) or wire up a decryption path.OutputStatusMismatchdetection (issue MCP tool receipts record outcome.status=success even when output is isError:true #50) needs to move to whatever component eventually holds the forensic key, since the list-view reader can no longer see inside the payload.A separate issue should track the rendering UX. This PR is purely the compile/test path.