github robintra/perf-sentinel v0.2.2

latest releases: chart-v0.9.7, v0.9.7, chart-v0.9.6...
3 months ago

perf-sentinel v0.2.2

Hardening release with input validation, test coverage expansion, architecture diagrams, and documentation improvements.

Bug Fixes

  • SQL normalizer UTF-8 fix: replaced byte-to-char casting with &str slice extraction, fixing corruption for multi-byte characters in string literals and dollar-quoted strings
  • Timestamp parsing fix: parse_timestamp_ms now computes milliseconds since Unix epoch (not midnight) using days_from_civil algorithm, fixing false negatives for traces spanning midnight
  • Fractional timestamp panic: frac[..3] replaced with frac.get(..3) to prevent panic on non-ASCII input

Input Validation & Safeguards

  • SQL normalizer: queries exceeding 64 KB truncated at char boundary before normalization
  • HTTP normalizer: query parameters capped at 100 to prevent unbounded allocation
  • OTLP ingestion: span index capped at 100k spans per resource
  • pg_stat ingestion: CSV and JSON parsing hard limit at 1,000,000 entries
  • Config validation: listen_port_http and listen_port_grpc validated in range 1-65535; trace_ttl_ms bounded to 100ms-1h
  • Unix socket: permission enforcement is now fatal, daemon refuses to start if 0o600 cannot be set
  • Metrics: lock poisoning handled gracefully via PoisonError::into_inner; render() returns fallback instead of panicking

Improvements

  • DetectConfig: impl From<&Config> eliminates 4 duplicated construction sites
  • OTLP: build_span_index() extracted to reduce cognitive complexity (SonarCloud S3776 fix)
  • Report header: parameterized title, "report" for analyze, "demo" for demo
  • TopOffender: removed redundant io_ops_per_request field
  • SQL tokenizer: simplified step_in_double_quote, pre-allocated params Vec

Test Coverage

  • 55 new edge-case tests across 7 modules (421 → 476 tests):
    • Jaeger/Zipkin: malformed payloads, missing fields, null values, empty arrays
    • SQL normalizer: comments, unterminated quotes, dollar quotes, truncation, UTF-8
    • HTTP normalizer: fragments, URL-encoded segments, double slashes, param cap
    • OTLP: empty IDs, missing service.name, no resource
    • Slow detection: exact threshold boundaries, 5x severity boundary, min_occurrences=1
    • Config: port validation edges, TTL bounds, sampling rate 0.0/1.0
    • SARIF: empty findings, special characters, missing green_impact

Documentation & Diagrams

  • 6 Mermaid architecture diagrams (.mmd sources + rendered SVGs):
    • Pipeline batch architecture, daemon streaming architecture
    • Auto-format detection flow, detection orchestration
    • OTLP two-pass conversion, CLI commands overview
  • Diagrams integrated into ARCHITECTURE, CONFIGURATION, INTEGRATION docs (EN + FR)
  • Phase 5 roadmap and enhanced comparison table in README
  • Corrected port 4317→4318 in INTEGRATION.md sidecar example
  • Bug report and feature request issue templates
  • CODEOWNERS file

Install

# Prebuilt binaries (Linux amd64/arm64, macOS arm64, Windows amd64)
curl -LO https://github.com/robintra/perf-sentinel/releases/download/v0.2.2/perf-sentinel-linux-amd64
chmod +x perf-sentinel-linux-amd64
sudo mv perf-sentinel-linux-amd64 /usr/local/bin/perf-sentinel
# From crates.io
cargo install perf-sentinel
# Docker
docker pull robintrassard/perf-sentinel:0.2.2

Also available on GHCR: ghcr.io/robintra/perf-sentinel:0.2.2

Don't miss a new perf-sentinel release

NewReleases is sending notifications on new releases.