Copilot/fix unauthorized data in path expression

backend/auth.py

@@ -22,16 +22,33 @@ def _resolve_secret_key() -> tuple[str, bool]:
     if configured_file:
         fallback_path = Path(configured_file).expanduser()
         try:
-            if fallback_path.exists() and fallback_path.is_file():
+            if not fallback_path.exists():
+                logger.error(
+                    "SECRET_KEY_FILE is configured but does not exist: %s. Falling back to ephemeral runtime secret.",
+                    str(fallback_path),
+                )
+            elif not fallback_path.is_file():
+                logger.error(
+                    "SECRET_KEY_FILE is configured but is not a file: %s. Falling back to ephemeral runtime secret.",
+                    str(fallback_path),
+                )
+            else:
                 cached_secret = fallback_path.read_text(encoding="utf-8").strip()
                 if cached_secret:
                     return cached_secret, True
+                logger.error(
+                    "SECRET_KEY_FILE is configured but empty: %s. Falling back to ephemeral runtime secret.",
+                    str(fallback_path),
+                )
         except Exception:
-            pass
-
-    logger.error(
-        "SECRET_KEY/SECRET_KEY_FILE is not configured; generating ephemeral runtime secret that invalidates tokens on restart."
-    )
+            logger.exception(
+                "Failed to read SECRET_KEY_FILE at %s. Falling back to ephemeral runtime secret.",
+                str(fallback_path),
+            )
+    else:
+        logger.error(
+            "SECRET_KEY/SECRET_KEY_FILE is not configured; generating ephemeral runtime secret that invalidates tokens on restart."
+        )
     return secrets.token_urlsafe(48), True
 
 

backend/llm/orchestrator.py

@@ -2695,8 +2695,10 @@ def _runtime_progress_root() -> Path:
     return progress_root
 
 
-def _orchestration_progress_store_path() -> Path:
-    return _runtime_progress_root() / "progress_store.json"
+def _orchestration_progress_file_path(run_id: str) -> Path:
+    safe_run_id = str(run_id or "unknown")
+    file_name = f"{hashlib.sha256(safe_run_id.encode('utf-8')).hexdigest()}.json"
+    return _runtime_progress_root() / file_name
 
 
 def _build_progress_poll_url(run_id: str) -> str:
@@ -2712,40 +2714,54 @@ def _save_orchestration_progress(run_id: str, payload: Dict[str, Any]) -> Dict[s
     normalized["run_id"] = str(run_id or normalized.get("run_id") or "")
     normalized.setdefault("updated_at", datetime.utcnow().isoformat() + "Z")
     _ORCHESTRATION_PROGRESS_STORE[normalized["run_id"]] = normalized
-    progress_path = _orchestration_progress_store_path()
+    progress_path = _orchestration_progress_file_path(normalized["run_id"])
     with _ORCHESTRATION_PROGRESS_FILE_LOCK:
-        persisted_payload: Dict[str, Any] = {}
+        temp_path: Optional[Path] = None
         try:
-            if progress_path.exists() and progress_path.is_file():
-                existing_payload = json.loads(progress_path.read_text(encoding="utf-8"))
-                if isinstance(existing_payload, dict):
-                    persisted_payload = dict(existing_payload)
+            with tempfile.NamedTemporaryFile(
+                mode="w",
+                encoding="utf-8",
+                dir=str(progress_path.parent),
+                prefix=f"{progress_path.name}.",
+                suffix=".tmp",
+                delete=False,
+            ) as temp_file:
+                temp_file.write(json.dumps(normalized, ensure_ascii=False, indent=2))
+                temp_file.flush()
+                os.fsync(temp_file.fileno())
+                temp_path = Path(temp_file.name)
+            os.replace(temp_path, progress_path)
         except Exception:
+            if temp_path is not None:
+                try:
+                    temp_path.unlink(missing_ok=True)
+                except Exception:
+                    logger.warning(
+                        "Failed to remove temporary orchestration progress file %s",
+                        str(temp_path),
+                        exc_info=True,
+                    )
             logger.warning(
-                "Failed to read orchestration progress store from %s before write",
+                "Failed to write orchestration progress file at %s",
                 str(progress_path),
                 exc_info=True,
             )
-            persisted_payload = {}
-        persisted_payload[normalized["run_id"]] = normalized
-        progress_path.write_text(json.dumps(persisted_payload, ensure_ascii=False, indent=2), encoding="utf-8")
+            return dict(_ORCHESTRATION_PROGRESS_STORE.get(normalized["run_id"], {}))
     return normalized
 
 
 def _load_orchestration_progress(run_id: str) -> Dict[str, Any]:
     cached = _ORCHESTRATION_PROGRESS_STORE.get(str(run_id or ""))
     if isinstance(cached, dict) and cached:
         return dict(cached)
-    progress_path = _orchestration_progress_store_path()
+    progress_path = _orchestration_progress_file_path(run_id)
     try:
         with _ORCHESTRATION_PROGRESS_FILE_LOCK:
             if progress_path.exists() and progress_path.is_file():
                 payload = json.loads(progress_path.read_text(encoding="utf-8"))
                 if isinstance(payload, dict):
-                    stored = payload.get(str(run_id or ""))
-                    if isinstance(stored, dict):
-                        _ORCHESTRATION_PROGRESS_STORE[str(run_id or "")] = dict(stored)
-                        return dict(stored)
+                    _ORCHESTRATION_PROGRESS_STORE[str(run_id or "")] = dict(payload)
+                    return dict(payload)
     except Exception:
         logger.error("Failed to load orchestration progress for run_id=%s", str(run_id or ""), exc_info=True)
         return {}