[pitboss/grind] cleanup session-0004 (20260522T043516Z-29b8)

2026-06-09 19:45:13 +02:00 · 2026-05-22 01:15:08 -05:00 · 2026-05-22 01:15:08 -05:00 · d6e570ec51
commit d6e570ec51
parent 987fc1d89f
2 changed files with 18 additions and 37 deletions
--- a/docs/auth.md
+++ b/docs/auth.md
@ -116,7 +116,7 @@ Matched as last-segment + case-insensitive `starts_with` (so a single entry `"Gu

 ### Recognised actor names

-Recognised by default: `user.id`, `user.user_id`, `user.uid`, `session.user_id`, `current_user.id`, plus typed extractor parameters with `CurrentUser`, `SessionUser`, `AuthUser`, `Extension<...>` shapes. To add a custom binding pattern, file an issue or add a fixture; the heuristic is in [`src/auth_analysis/checks.rs`](https://github.com/elicpeter/nyx/blob/master/src/auth_analysis/checks.rs) under `extract_validation_target` and friends.
+Recognised by default: `user.id`, `user.user_id`, `user.uid`, `session.user_id`, `current_user.id`, plus typed extractor parameters with `CurrentUser`, `SessionUser`, `AuthUser`, `Extension<...>` shapes. To add a custom binding pattern, file an issue or add a fixture; the heuristic lives in [`src/auth_analysis/extract/common.rs`](https://github.com/elicpeter/nyx/blob/master/src/auth_analysis/extract/common.rs) under the `*self_actor*` helpers (`collect_self_actor_binding`, `collect_typed_extractor_self_actor`, `is_self_actor_type_text`).

 ### Suppress

--- a/src/ssa/lower.rs
+++ b/src/ssa/lower.rs
@ -355,46 +355,27 @@ fn check_catch_block_reachability_gated(body: &SsaBody) {
    if let Err(err) = result {
        #[cfg(debug_assertions)]
        {
-            if !catch_invariant_do_not_panic() {
-                panic!(
-                    "SSA catch-block reachability invariant violated:\n{}",
-                    err.joined()
-                );
-            }
+            panic!(
+                "SSA catch-block reachability invariant violated:\n{}",
+                err.joined()
+            );
+        }
+        #[cfg(not(debug_assertions))]
+        {
+            tracing::warn!(
+                violations = %err.joined(),
+                "SSA catch-block reachability invariant violated; proceeding with \
+                 conservative orphan fallback"
+            );
+            crate::taint::ssa_transfer::record_engine_note(
+                crate::engine_notes::EngineNote::SsaLoweringBailed {
+                    reason: format!("catch_block_orphan: {}", err.joined()),
+                },
+            );
        }
-        tracing::warn!(
-            violations = %err.joined(),
-            "SSA catch-block reachability invariant violated; proceeding with \
-             conservative orphan fallback"
-        );
-        crate::taint::ssa_transfer::record_engine_note(
-            crate::engine_notes::EngineNote::SsaLoweringBailed {
-                reason: format!("catch_block_orphan: {}", err.joined()),
-            },
-        );
    }
 }

-// Test-only escape hatch: when set, `check_catch_block_reachability_gated`
-// takes the release-build path (warn + engine note, no panic) even under
-// `debug_assertions`. Used by the invariant test that constructs a
-// synthetic orphan catch body.
-#[cfg(debug_assertions)]
-thread_local! {
-    static CATCH_INVARIANT_DO_NOT_PANIC: std::cell::Cell<bool> = const { std::cell::Cell::new(false) };
-}
-
-#[cfg(debug_assertions)]
-#[allow(dead_code)]
-pub(crate) fn set_catch_invariant_do_not_panic(on: bool) {
-    CATCH_INVARIANT_DO_NOT_PANIC.with(|c| c.set(on));
-}
-
-#[cfg(debug_assertions)]
-fn catch_invariant_do_not_panic() -> bool {
-    CATCH_INVARIANT_DO_NOT_PANIC.with(|c| c.get())
-}
-
 /// Collect reachable nodes (BFS from entry), filtering by scope and stripping exception edges.
 /// Returns (reachable set, filtered edges, exception edges as (src_node, catch_node)).
 fn collect_reachable(