Summary#
Add server-side EXCLUDED_REPOS filtering across all CC API endpoints so items from excluded repos (default: AgentSDE/agent-core-e2e) never reach the frontend. Replaces the existing hardcoded exclusion in MetricsService with a configurable, centralized approach.
Files#
| File | Action | Description |
|---|---|---|
src/config/config.schema.ts | modify | Add EXCLUDED_REPOS env var with default |
src/config/excluded-repos.service.ts | create | Injectable service: parses EXCLUDED_REPOS CSV, exposes getList() and isExcluded(repo) |
src/config/config.module.ts | modify | Register and export ExcludedReposService |
src/control-api/controllers/tasks.controller.ts | modify | Inject ExcludedReposService; add NOT IN filter to listTasks() and bulkAction() QBs; guard getTask() with 404 |
src/control-api/controllers/events.controller.ts | modify | Inject service; join events→tasks, add NOT IN filter to listEvents() |
src/control-api/controllers/jobs.controller.ts | modify | Inject service; add NOT IN filter to listJobs(); guard getJob() with 404 |
src/metrics/metrics.service.ts | modify | Replace hardcoded EXCLUDED_REPOS constant with injected ExcludedReposService; use parameterized queries |
src/config/excluded-repos.service.spec.ts | create | Unit tests for parsing, isExcluded(), empty/default cases |
src/control-api/controllers/tasks.controller.spec.ts | create | Tests for list filtering and direct-fetch 404 on excluded repos |
src/metrics/metrics.service.spec.ts | modify | Update tests to provide ExcludedReposService mock |
Steps#
- Add
EXCLUDED_REPOStoconfig.schema.ts(Joi string, defaultAgentSDE/agent-core-e2e) and createExcludedReposServiceinsrc/config/that reads it fromConfigService, splits on comma, and exposesgetList(): string[]+isExcluded(repo: string): boolean. Export fromAppConfigModule. - Inject
ExcludedReposServiceintoTasksController,EventsController,JobsController. ApplyNOT IN (:...excludedRepos)clause to all list query builders. ForgetTask()andgetJob(), checkisExcluded(entity.repo)after fetch — throwNotFoundExceptionif excluded. Add debug-level logging on excluded access attempts. ForEventsController.listEvents(), join totaskstable viataskIdto filter by repo. - Inject
ExcludedReposServiceintoMetricsService. Replace the hardcodedEXCLUDED_REPOSstring constant withgetList()values. Convert raw SQLINclauses to use parameterized placeholders instead of string interpolation. - Write unit tests:
ExcludedReposServiceparsing (CSV split, trim, empty string handling),TasksControllerlist filtering + 404 on excluded direct fetch,MetricsServicewith mocked exclusion service.
Verification#
npm run lintpasses with zero warningsnpm run testpasses — new and existing tests- Manual:
GET /api/cc/taskswithagent-core-e2etasks in DB returns none;GET /api/cc/tasks/:idfor an excluded task returns 404
Risks#
- Events lack a
repocolumn —listEvents()must join totasksviataskId, adding a JOIN that wasn't there before. Mitigated by indexing ontaskId(FK, already indexed). - MetricsService raw SQL refactor — switching from string interpolation to parameterized queries changes the SQL shape. Mitigated by test coverage on all four metric methods.