f81e839ba2
- validate instance names at the host lib and web boundary against
[a-z0-9][a-z0-9_-]{0,63} to prevent path traversal via Server.name
- fail-closed on SECRET_KEY: load_config returns None when env unset,
create_app raises if missing or "dev" outside TESTING
- close login timing oracle by hashing a dummy digest when the user
is not found, equalizing response time
- set SESSION_COOKIE_SECURE outside TESTING
- delete_instance tolerates stop_service and fusermount3 failures so
partially-initialized instances clean up without contract breaks;
drops the is_mount() preflight that violated AGENTS.md
- document claim_next_job's single-process assumption
- clarify emit_step contract via docstring
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
9 lines
353 B
Python
9 lines
353 B
Python
from typing import Callable
|
|
|
|
def emit_step(msg: str, on_stdout: Callable[[str], None] | None, passthrough: bool) -> None:
|
|
"""Emit a `Step: …` line to both channels independently when both are set."""
|
|
formatted = f"Step: {msg}"
|
|
if on_stdout is not None:
|
|
on_stdout(formatted)
|
|
if passthrough:
|
|
print(formatted, flush=True)
|