fix: gate the token encoding with a dynamic config for mixed brain scenarios (#10685)#10691
Open
lilydoar wants to merge 1 commit into
Open
fix: gate the token encoding with a dynamic config for mixed brain scenarios (#10685)#10691lilydoar wants to merge 1 commit into
lilydoar wants to merge 1 commit into
Conversation
yiminc
approved these changes
Jun 13, 2026
…enarios (#10685) In #10605 a request ID was added to the encoded callback token to fix a bug with CaN callbacks not being find-able by schedules. This change will put this migration behind a dynamic config because the change is not backwards compatible. scenario - [ ] built - [ ] run locally and tested manually - [ ] covered by existing tests - [ ] added new unit test(s) - [X] added new functional test(s) Adding the dynamic config gating should reduce the risks, there is a functional test to validate turning this on will still have the callback trigger as expected
07dc72e to
4399d0d
Compare
spkane31
approved these changes
Jun 13, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What changed?
Backport of #10685 onto the
cloud/v1.32.0-156release branch.Gates the CHASM Nexus completion callback token encoding behind a new
per-namespace dynamic config
callback.encodeInternalTokenWithEnvelope(
EncodeInternalTokenWithEnvelope, default false). When enabled the tokenis the
NexusOperationCompletionenvelope (carrying the request ID); whendisabled it is the legacy bare base64-encoded
ChasmComponentRef. Either formis always decodable by
UnpackNexusCallbackToken.Why?
#10605 (present on this release branch) added a request ID to the encoded
callback token. That change is not backwards compatible and can cause
callbacks to fail to deliver in a split-brain / mixed-version fleet. Gating the
envelope encoding lets the new format stay off the wire until every server in
the fleet can read it, then it can be enabled per-namespace.
Scope of this backport — production code only
This is a production-source-only cherry-pick of
09e706e10. The testchanges from #10685 were intentionally omitted:
mainand uses an older testarchitecture:
scheduleCommonOpts()takes no*testing.T,CallbacksSuiteuses plain-testify
TestXxx()methods (not the parametrizedTestXxx(opts []testcore.TestOption)form), and thechasmContextFactoryhelper does not exist here.
mechanically. Backporting the infrastructure would substantially widen the
patch and raise risk.
main.Prerequisite #10605 (
bc93fd9c5) is present on this branch, so the gate ismeaningful.
Files
chasm/nexus_completion.go—GenerateNexusCallbackgains anencodeToken boolchasm/lib/callback/config.go— newEncodeInternalTokenWithEnvelopedynamic configchasm/lib/callback/invocable_internal.go— whitespacechasm/lib/scheduler/config.go— wire the gate intoConfigchasm/lib/scheduler/{invoker_tasks,scheduler_tasks}.go— pass the gate per namespaceHow did you test it?
go build ./chasm/...go vet ./chasm/...testspackage compilesDefault (false) preserves the existing legacy behavior on this release branch.
Potential risks
Low. Default-off dynamic config; no behavior change until explicitly enabled
per-namespace. Both token formats remain decodable.
Patch process
Self-service patch. Requires Manager+ approval covering patch justification,
customer impact, risk, and test plan, plus recording in the Cloud Releases
patch table before merge.