Refactor control service packaging under app namespace#52
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| control: | ||
| build: | ||
| context: . | ||
| dockerfile: app/control/Dockerfile | ||
| env_file: .env | ||
| environment: | ||
| AION_CONTROL_API_PREFIX: ${AION_CONTROL_API_PREFIX} | ||
| AION_CONTROL_REDIS_URL: ${AION_CONTROL_REDIS_URL} | ||
| AION_CONTROL_POSTGRES_DSN: ${AION_CONTROL_POSTGRES_DSN} | ||
| AION_CONTROL_MONGO_DSN: ${AION_CONTROL_MONGO_DSN} | ||
| AION_CONTROL_QDRANT_URL: ${AION_CONTROL_QDRANT_URL} | ||
| AION_CONTROL_MODELS_DIRECTORY: ${AION_CONTROL_MODELS_DIRECTORY} | ||
| AION_CONTROL_POLICIES_DIRECTORY: ${AION_CONTROL_POLICIES_DIRECTORY} | ||
| TENANCY_MODE: ${TENANCY_MODE} | ||
| MINIO_ENDPOINT: ${MINIO_ENDPOINT} | ||
| MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY} | ||
| MINIO_SECRET_KEY: ${MINIO_SECRET_KEY} | ||
| PYTHONPATH: /srv/app:/srv/app/app | ||
| volumes: | ||
| - ./policies:${AION_CONTROL_POLICIES_DIRECTORY} | ||
| - ./config/certs:/app/config/certs:ro |
There was a problem hiding this comment.
The new control service image switches its working directory to /srv/app (app/control/Dockerfile), but the compose file still mounts the TLS certificate bundle into /app/config/certs. create_grpc_server() looks for config/certs/... relative to the working directory, so the cert and key will never be found at runtime. The server will therefore emit the warning about missing TLS material and fall back to an insecure gRPC listener, silently dropping mTLS even though the configuration still expects it. The volume target should be updated to /srv/app/config/certs (or the settings paths changed) so the certificates are available and the service keeps running with TLS.
Useful? React with 👍 / 👎.
1 participant
Summary
app/control/appwith compatibility shims and move the plugin bundle alongside it.dockerignoreTesting
Codex Task