Check blob backend before API startup#388
Merged
TheSilkky merged 1 commit intoJul 12, 2026
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #381
Target base branch
developissue-381-check-blob-backend-before-api-startupSummary
blob_store_openstartup stage when storage is unavailable.Root cause and impact
The API constructed the selected blob store but did not call its existing
Checkmethod before starting its listeners. An unavailable configured evidence backend could therefore remain undiscovered until a later storage operation. Startup now verifies the selected backend first while preserving the existing listener split and ciphertext-only storage behavior.Validation
gofmt -w ./cmd ./internal ./migrationsgo test ./...go vet ./...go test -race ./cmd/api ./internal/storagescripts/check-markdown-links.pyCOMPOSE_PROJECT_NAME=proofline-issue381 compose/smoke-test.sh fullgit diff --checkThe disposable full-stack smoke covered PostgreSQL, MinIO/S3-compatible storage, Valkey, authenticated upload, idempotent replay, stream completion, bundle download, and local decrypt verification.
Documentation
Updated the changelog, README, documentation index, configuration reference, cluster scope, backup/failure runbook, and threat model. The website governance and README-baseline documents were not in scope because this PR changes only a server-specific runtime behavior fact, not project-wide governance, public voice, README structure, or source-of-truth mapping.
Scope and revalidation
Issue #381 originated from the technical review of
upgrade-codex-reports-and-repo-full-validation-security-reviewate609ff8. The finding was revalidated againstdevelopata267f48, which is the base commit for this branch. No public/private route, runtime health route, or listener assignment changed.Key custody and decryption assumptions are unchanged. The backend remains ciphertext-only and this PR adds no backend decryption, raw server-held keys, key escrow, browser decryption, or key-sharing behavior.
Follow-up
No follow-up work is required for the issue scope. A deeper
run-level negative listener test could add another defense-in-depth signal later; the current change is covered by fake-backed failure propagation, source-order review, redaction tests, and the disposable S3-compatible success smoke.