agent-permissions: store agent cards in registry service#3631
Conversation
✅ Deploy Preview for golemcloud canceled.
|
mschuwalow
changed the title
mschuwalow
changed the title
|
📖 Docs preview: https://docs-nvqykk39v-golem-cloud.vercel.app Built from commit |
mschuwalow
changed the title
mschuwalow
force-pushed
the
agent-permissions-16
branch
from
a1d7c2d to
3895a60
Compare
mschuwalow
force-pushed
the
agent-permissions-17
branch
from
39a170c to
b82335b
Compare
mschuwalow
force-pushed
the
agent-permissions-16
branch
from
3895a60 to
dddfc1f
Compare
mschuwalow
force-pushed
the
agent-permissions-17
branch
from
b82335b to
204af2e
Compare
mschuwalow
force-pushed
the
agent-permissions-16
branch
from
dddfc1f to
45bedac
Compare
mschuwalow
force-pushed
the
agent-permissions-17
branch
from
204af2e to
14b2aff
Compare
mschuwalow
force-pushed
the
agent-permissions-17
branch
from
25646c2 to
41b94c4
Compare
mschuwalow
force-pushed
the
agent-permissions-17
branch
from
41b94c4 to
dab14e0
Compare
This comment has been minimized.
This comment has been minimized.
| let component_metadata = | ||
| component_metadata.with_agent_initial_permissions(default_initial_permissions( | ||
| let component_metadata = component_metadata.with_agent_initial_permissions( | ||
| self.create_default_initial_permissions( |
There was a problem hiding this comment.
What happens with this if the validate step below fails?
There was a problem hiding this comment.
Right now this will leak the card (which is not great, but not a correctness problem). I will switch this to be part of the component transaction once we are actually getting the cards from the api instead of using a placeholder
| self.cache_revoked_cards(card_ids); | ||
| } | ||
|
|
||
| async fn check_cards( |
There was a problem hiding this comment.
How efficient this batched registry service call is? As we do this on every agent instantiation. Can we cache it?
There was a problem hiding this comment.
We cannot really cache it as we can otherwise miss invalidations. The correct behaviour relies on us starting the subscription first and then checking all live cards explicitly.
We can potentially improve this by skipping the fetch for a card if another agent already loaded it and we can guarantee that it is still valid. Let me do this in a followup, as the shape of this service changes quite a bit in the following prs.
| .map(|(k, v)| { | ||
| crate::serialization::serialize(&v) | ||
| .map(|template| (k.0, template)) | ||
| .expect("failed to serialize agent initial permission template") |
There was a problem hiding this comment.
The component-metadata cards are just placeholders until they are properly passing in through the api and put into the AgentProvisionConfig. So I would like to leave it like this here
mschuwalow
force-pushed
the
agent-permissions-17
branch
from
dab14e0 to
d9c2598
Compare
2 participants
No description provided.