fix(firmware): populate detection_roots on tar/zip-rootfs shortcut paths

eastmadc · claude · eastmadc · commit 5b8d6069b1c6 · 2026-04-21T00:12:11.000-06:00
The two archive-shortcut branches in FirmwareService.create_firmware (tar device-dump shortcut at line 338, zip-rootfs shortcut at line 418) previously returned firmware rows with device_metadata=NULL. Downstream walkers (hardware-firmware detection, SBOM generation, MCP file-tree tools) have to re-derive roots from extracted_path on every call, and Rule #16 explicitly names this as an anti-pattern. Fix: before each early-return, call _compute_roots_sync(fs_root) and _persist_roots(firmware, roots) to populate device_metadata['detection_roots'] inline. Both helpers are synchronous and safe inside loop.run_in_executor (already proven in firmware_paths and other callers). The result is that shortcut-path firmware now reaches the DB with detection_roots populated, matching the behaviour of the full unpack pipeline (Phase 2). Cost: one extra filesystem walk per successful shortcut, already an async executor task — no event-loop blocking. Benefit: eliminates Rule #16 violations on the two shortcut paths (previously, every ADB device dump and every rootfs ZIP left the field empty). Companion to commit 38d01d8 (find_filesystem_root fallback gate) — together they close the gap between 'tar was extracted' and 'firmware is queryable via detection_roots' for every shortcut outcome. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
diff --git a/backend/app/services/firmware_service.py b/backend/app/services/firmware_service.py
@@ -399,6 +399,18 @@ def _extract_tar():
                                 except Exception:
                                     logger.debug("Failed to parse %s", getprop_name, exc_info=True)
                                 break
+                        # Rule #16: populate detection_roots so downstream
+                        # walkers (hardware-firmware, SBOM, MCP file tree)
+                        # don't have to re-derive them from extracted_path.
+                        # Safe + synchronous — already wrapped for walk I/O.
+                        from app.services.firmware_paths import (
+                            _compute_roots_sync,
+                            _persist_roots,
+                        )
+                        roots = await loop.run_in_executor(
+                            None, _compute_roots_sync, fs_root
+                        )
+                        _persist_roots(firmware, roots)
                         self.db.add(firmware)
                         await self.db.flush()
                         return firmware
@@ -479,6 +491,16 @@ def _extract_tar():
                 firmware.kernel_path = await loop.run_in_executor(
                     None, detect_kernel, extraction_dir, fs_root
                 )
+                # Rule #16: populate detection_roots so downstream walkers
+                # don't have to re-derive them from extracted_path.
+                from app.services.firmware_paths import (
+                    _compute_roots_sync,
+                    _persist_roots,
+                )
+                roots = await loop.run_in_executor(
+                    None, _compute_roots_sync, fs_root
+                )
+                _persist_roots(firmware, roots)
                 self.db.add(firmware)
                 await self.db.flush()
                 return firmware
