Skip to content

feat(framework): Enforce StartRun entitlement via can_execute#6909

Merged
panh99 merged 35 commits intomainfrom
feat/pr2-start-run-entitlement
Apr 1, 2026
Merged

feat(framework): Enforce StartRun entitlement via can_execute#6909
panh99 merged 35 commits intomainfrom
feat/pr2-start-run-entitlement

Conversation

@chongshenng
Copy link
Copy Markdown
Member

@chongshenng chongshenng commented Mar 31, 2026
edited
Loading

Gate ControlServicer.StartRun with the new typed can_execute call (ActionType.START_RUN, StartRunContext) and return NO_PERMISSIONS when denied. Update ControlServicer tests to verify denial behavior and the typed call contract.

Merge after:

@chongshenng chongshenng changed the base branch from main to feat/pr1-can-execute-hook March 31, 2026 00:06
@chongshenng chongshenng self-assigned this Mar 31, 2026
@chongshenng chongshenng marked this pull request as ready for review March 31, 2026 00:09
@github-actions github-actions bot added the Maintainer Used to determine what PRs (mainly) come from Flower maintainers. label Mar 31, 2026
chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4d78827a0c

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Base automatically changed from feat/pr1-can-execute-hook to main April 1, 2026 10:04
Copilot AI review requested due to automatic review settings April 1, 2026 10:04
Copilot AI reviewed Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR introduces an authorization gate for ControlServicer.StartRun by invoking the new typed FederationManager.can_execute hook and denying run creation when execution is not permitted.

Changes:

  • Add can_execute enforcement to ControlServicer.StartRun using ActionType.START_RUN with a typed context.
  • Return ApiErrorCode.NO_PERMISSIONS when can_execute denies the action.
  • Extend ControlServicer tests to validate denial behavior and the can_execute call contract.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
framework/py/flwr/superlink/servicer/control/control_servicer.py Adds the can_execute check for StartRun and constructs the typed authorization context.
framework/py/flwr/superlink/servicer/control/control_servicer_test.py Adds tests for entitlement denial and for verifying can_execute is called with the expected typed arguments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

panh99
panh99 reviewed Apr 1, 2026
View reviewed changes
panh99
panh99 approved these changes Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@panh99 panh99 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@panh99 panh99 enabled auto-merge (squash) April 1, 2026 10:34
@panh99 panh99 merged commit d8cd006 into main Apr 1, 2026
128 of 129 checks passed
@panh99 panh99 deleted the feat/pr2-start-run-entitlement branch April 1, 2026 10:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

@panh99 panh99 panh99 approved these changes

@tanertopal tanertopal Awaiting requested review from tanertopal tanertopal is a code owner

@danieljanes danieljanes Awaiting requested review from danieljanes danieljanes is a code owner

Assignees

@chongshenng chongshenng

Labels

Maintainer Used to determine what PRs (mainly) come from Flower maintainers.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@chongshenng @panh99