Harden orchestrator/auth error surfaces and remove CodeQL-flagged unsafe patterns

[Copilot]

This PR addresses a cluster of CodeQL findings across backend and frontend: untrusted data in path expressions, plaintext persistence of sensitive material, exception-detail leakage, and a frontend no-op string replacement. The changes focus on reducing data exposure and tightening file/secret handling without broad behavioral refactors.

• Path expression hardening (backend/llm/orchestrator.py)

  • Removed run-id-derived filesystem paths for progress persistence.
  • Switched to a shared progress store file with in-process locking and keyed records by run_id.
  • Added structured logging on read/write failures to preserve observability without exposing internals to clients.

• JWT secret persistence hardening (backend/auth.py)

  • Removed automatic cleartext file write of generated JWT secret.
  • Kept support for configured SECRET_KEY / SECRET_KEY_FILE reads.
  • Fallback now uses ephemeral runtime secret only (no disk persistence), with explicit operational logging.

• Exception exposure reduction (backend/main.py, backend/marketplace/router.py, gpu-llm-server/custom-server/server.py)

  • Replaced client-visible raw exception strings with sanitized error messages/codes.
  • Preserved detailed failure context in server logs via logger.exception/exc_info.

• Frontend cleanup (frontend/frontend/hooks/use-feature-orchestrator.ts)

  • Removed self-replacing string operation flagged by CodeQL (replace('AI ', 'AI ')), using direct value assignment.

# before
local_metadata["error"] = str(exc)
yield _build_feature_sse_event("failed", {"message": str(exc)})

# after
public_error_message = "라이브뷰 실행 중 오류가 발생했습니다. 잠시 후 다시 시도해주세요."
local_metadata["error"] = public_error_message
yield _build_feature_sse_event("failed", {"message": public_error_message})

Summary by Sourcery

Harden error handling, progress persistence, and JWT secret management across backend services and clean up a minor frontend CodeQL finding.

Bug Fixes:

• Prevent leakage of raw exception details to clients by returning sanitized error messages and codes while preserving full context in logs.
• Avoid exposing internal runtime and queue diagnostics by replacing exception strings in health and streaming responses with stable error identifiers.
• Fix potential unsafe filesystem usage for orchestration progress by consolidating state into a single shared store file with locking.

Enhancements:

• Change orchestration progress persistence to use a shared JSON store keyed by run_id with guarded read/write and structured logging on failures.
• Adjust JWT secret resolution to rely on configured environment variables or an in-memory ephemeral secret instead of auto-writing a plaintext secret file, with explicit operational logging.
• Improve GPU LLM server resilience by standardizing model load errors to a generic status string while keeping detailed logs server-side.

Chores:

• Remove a no-op string replacement in the feature orchestrator frontend hook flagged by CodeQL.

[sourcery-ai]

Reviewer's Guide

Tightens security and observability around orchestration progress persistence, JWT secret handling, and error exposure, plus a small frontend cleanup, to resolve CodeQL findings without changing core behavior.

Sequence diagram for sanitized feature orchestration failure handling

sequenceDiagram
    actor User
    participant WebClient
    participant MarketplaceRouter
    participant Orchestrator
    participant Logger

    User->>WebClient: Start_feature_run
    WebClient->>MarketplaceRouter: POST /feature/orchestrate
    MarketplaceRouter->>Orchestrator: Stream_feature_events

    Orchestrator-->>MarketplaceRouter: SSE_events

    Orchestrator-->>MarketplaceRouter: Exception_raised
    MarketplaceRouter->>Logger: logger.exception(Marketplace_feature_orchestrate_stream_failed)
    MarketplaceRouter->>MarketplaceRouter: Set public_error_message
    MarketplaceRouter->>MarketplaceRouter: Update local_metadata with public_error_message
    MarketplaceRouter->>MarketplaceRouter: _persist_progress(..., message=public_error_message)
    MarketplaceRouter-->>WebClient: SSE failed {state=failed, message=public_error_message}
    MarketplaceRouter-->>WebClient: SSE progress {step=failed, message=public_error_message}

    WebClient-->>User: Show_popup state=failed, message=public_error_message

Loading

Class diagram for updated orchestration progress store and auth secret resolution

classDiagram

class OrchestratorProgressStore {
  +Dict~str, Dict~str, Any~ _ORCHESTRATION_PROGRESS_STORE
  +Lock _ORCHESTRATION_PROGRESS_FILE_LOCK
  +Path _runtime_progress_root()
  +Path _orchestration_progress_store_path()
  +Dict~str, Any~ _save_orchestration_progress(run_id, payload)
  +Dict~str, Any~ _load_orchestration_progress(run_id)
}

class AuthSecretResolver {
  +str SECRET_KEY
  +bool SECRET_KEY_IS_RUNTIME_FALLBACK
  +tuple~str, bool~ _resolve_secret_key()
}

class MarketplaceFeatureOrchestrator {
  +_persist_progress(percent, step, state, message)
  +_set_feature_metadata(stage_run, metadata)
  +_apply_feature_popup_state(stage_run, popup_state, message)
  +_build_feature_sse_event(event_type, payload)
}

class RuntimeHealthStatus {
  +Dict~str, Any~ _runtime_health_payload()
}

class GpuLlmServer {
  +Any model
  +Any tokenizer
  +str model_load_error
  +load_model()
}

OrchestratorProgressStore --> MarketplaceFeatureOrchestrator : uses
AuthSecretResolver --> AuthSecretResolver : initializes SECRET_KEY
RuntimeHealthStatus --> MarketplaceFeatureOrchestrator : shares logging patterns
GpuLlmServer --> RuntimeHealthStatus : aligned_error_sanitization

Loading

File-Level Changes

Change	Details	Files
Consolidate orchestration progress persistence into a shared, lock-protected store keyed by run_id instead of per-run files.	Introduce a global threading.Lock to guard progress file access. Replace per-run JSON progress files with a single progress_store.json file under the runtime progress root. On save, merge the in-memory normalized progress payload into the existing on-disk dict keyed by run_id, with best-effort read and warning logs on failures. On load, read the shared store, select the dict for the given run_id, populate the in-memory cache, and emit structured error logs when loading fails.	backend/llm/orchestrator.py
Harden JWT secret resolution to avoid generating and persisting secrets to disk, preferring configured values and using ephemeral runtime fallbacks with logging.	Return a configured SECRET_KEY from the environment if present. If SECRET_KEY_FILE is configured, read and return its contents if the file exists and is non-empty, swallowing read errors. Remove logic that created a default temp-file-backed secret and wrote newly generated secrets to disk. Log an error when neither SECRET_KEY nor SECRET_KEY_FILE yields a value, then generate and return an ephemeral in-memory secret flagged as a runtime fallback. Move logger initialization to module top and reuse it in secret resolution.	backend/auth.py
Reduce exposure of raw exception details to clients in marketplace orchestration, health checks, and GPU model loading while preserving detailed server logs.	In marketplace feature orchestration, catch exceptions, log them with logger.exception, and replace user-facing error strings in metadata, progress, popup state, and SSE events with a generic localized public error message. In runtime health payload generation, catch failures when loading ad queue status, log them with logger.exception, and replace raw exception text in the health structure with a stable error code string while keeping user-facing notes. In GPU LLM custom server, replace the stored model_load_error string derived from the exception with a generic code ('model_load_failed') while logging the detailed error separately.	backend/marketplace/router.py backend/main.py gpu-llm-server/custom-server/server.py
Simplify frontend feature metadata handling by removing a no-op string replacement on popup titles.	Use meta.popupKicker directly for the default catalog item title instead of calling replace('AI ', 'AI '). Leave the rest of the feature orchestrator hook behavior unchanged.	frontend/frontend/hooks/use-feature-orchestrator.ts

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[parkcheolhong]

수정 감사합니다

[sourcery-ai]

Hey - I've found 2 issues, and left some high level feedback:

• The new shared progress_store.json can grow without bound and is rewritten wholesale on each save; consider adding pruning/TTL for old run_ids and/or a more incremental or append-based format to avoid unbounded size and write amplification.
• On failures reading progress_store.json in _save_orchestration_progress you reset persisted_payload to {} and then overwrite the file, which can drop all existing progress silently; consider a safer write pattern (e.g. write to a temp file and rename, or skip writing when read/parse fails) to reduce the chance of losing all stored runs.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The new shared `progress_store.json` can grow without bound and is rewritten wholesale on each save; consider adding pruning/TTL for old run_ids and/or a more incremental or append-based format to avoid unbounded size and write amplification.
- On failures reading `progress_store.json` in `_save_orchestration_progress` you reset `persisted_payload` to `{}` and then overwrite the file, which can drop all existing progress silently; consider a safer write pattern (e.g. write to a temp file and rename, or skip writing when read/parse fails) to reduce the chance of losing all stored runs.

## Individual Comments

### Comment 1
<location path="backend/llm/orchestrator.py" line_range="2687-2690" />
<code_context>


 _ORCHESTRATION_PROGRESS_STORE: Dict[str, Dict[str, Any]] = {}
+_ORCHESTRATION_PROGRESS_FILE_LOCK = threading.Lock()


</code_context>
<issue_to_address>
**issue (bug_risk):** Process-local lock does not protect against concurrent writers across multiple processes or workers.

This means concurrent workers (e.g., multiple gunicorn/uvicorn processes or containers sharing the same volume) can still interleave writes and corrupt the JSON file. If the file is shared across processes, use an inter-process–safe mechanism instead (e.g., OS-level file locking like `fcntl`/`msvcrt`, a small DB/Redis store, or per-run files rather than a single shared JSON).
</issue_to_address>

### Comment 2
<location path="backend/auth.py" line_range="29-30" />
<code_context>
+                cached_secret = fallback_path.read_text(encoding="utf-8").strip()
+                if cached_secret:
+                    return cached_secret, True
+        except Exception:
+            pass
+
+    logger.error(
</code_context>
<issue_to_address>
**issue (bug_risk):** Swallowing all exceptions when reading SECRET_KEY_FILE makes misconfigurations hard to diagnose.

If `SECRET_KEY_FILE` exists but is unreadable (permissions, encoding, etc.), this `except Exception` will silently fall back to the "not configured" path, masking the real problem. Instead, log the exception (e.g. `logger.exception("Failed to read SECRET_KEY_FILE: %s", configured_file)`) before falling back so file-related issues are visible in logs.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue (bug_risk): Process-local lock does not protect against concurrent writers across multiple processes or workers.

This means concurrent workers (e.g., multiple gunicorn/uvicorn processes or containers sharing the same volume) can still interleave writes and corrupt the JSON file. If the file is shared across processes, use an inter-process–safe mechanism instead (e.g., OS-level file locking like fcntl/msvcrt, a small DB/Redis store, or per-run files rather than a single shared JSON).

[sourcery-ai]

issue (bug_risk): Swallowing all exceptions when reading SECRET_KEY_FILE makes misconfigurations hard to diagnose.

If SECRET_KEY_FILE exists but is unreadable (permissions, encoding, etc.), this except Exception will silently fall back to the "not configured" path, masking the real problem. Instead, log the exception (e.g. logger.exception("Failed to read SECRET_KEY_FILE: %s", configured_file)) before falling back so file-related issues are visible in logs.

[Copilot]

Pull request overview

This PR hardens several security/error-reporting surfaces to address CodeQL findings by reducing untrusted-path usage, avoiding secret persistence, and preventing raw exception details from being returned to clients.

Changes:

• Consolidates orchestration progress persistence into a shared store file with in-process locking and keyed records by run_id.
• Stops persisting generated JWT secrets to disk, falling back to an ephemeral runtime secret when not configured.
• Replaces client-visible raw exception strings with sanitized messages/codes across backend endpoints and GPU server health, plus a small frontend cleanup of a no-op replace().

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
gpu-llm-server/custom-server/server.py	Sanitizes model load error surface returned by /health.
frontend/frontend/hooks/use-feature-orchestrator.ts	Removes CodeQL-flagged no-op string replacement.
backend/marketplace/router.py	Replaces SSE failure payloads/metadata from raw exception text to a public message; logs exception server-side.
backend/main.py	Sanitizes health payload error field while logging exception details server-side.
backend/llm/orchestrator.py	Reworks progress persistence to a shared JSON store with locking and safe failure logging.
backend/auth.py	Removes cleartext JWT secret persistence; prefers configured env/file, else generates ephemeral runtime secret with logging.