Output bucket id

[giurgiur99]

Fixes #1339

Changes proposed in this PR:

• Adds optional outputBucketId to compute start (paid + free) — write job results straight into a persistent-storage bucket instead of outputs.tar
• Docker C2D engine bind-mounts the bucket read-write at /data/outputs; results land as individual files (no archiving/upload step)
• outputBucketId is a top-level plain string, mutually exclusive with output (the encrypted remote-storage path)
• New validateOutputBucket: rejects when both are set (400), storage disabled (400), bad bucket id (400), or consumer not allowed on the bucket (403)
• getDockerOutputMountObject added to the persistent-storage interface — implemented for LocalFS, throws "not implemented" for S3
• Threaded through types, DB persistence (sqliteCompute), and both HTTP routes (/compute, /freeCompute)
• Refactor: extracted failJobDataProvisioning to dedupe the fail-and-cleanup path
• Docs updated (API.md, Storage.md, persistentStorage.md); integration tests cover bucket output + chaining/overwrite

[giurgiur99]

/run-security-scan

[alexcos20]

AI automated code review (Gemini 3).

Overall risk: low

Summary:
The PR successfully introduces the outputBucketId parameter to allow C2D jobs to write their results directly into a persistent storage bucket instead of an outputs.tar file. The changes are well-structured, include necessary updates to documentation and tests, and effectively integrate with the persistent storage factory. A minor security concern regarding world-writable permissions on the host filesystem is noted.

Comments:
• [WARNING][security] Changing the directory permission to 0o777 makes it globally readable, writable, and executable by any user on the host OS. While this is a common workaround for Docker volume mount permission issues, it introduces a security risk in shared hosting environments. Consider configuring the container to run with the host user's UID/GID, or use more restrictive permissions like 0o755 or 0o770 combined with proper group ownership.

-    await fsp.chmod(source, 0o777)
+    await fsp.chmod(source, 0o755) // Or handle ownership via chown

• [INFO][style] Excellent refactoring here. Extracting the repeated job failure and cleanup logic into the failJobDataProvisioning helper greatly improves maintainability and keeps the code DRY.
• [INFO][security] Good use of explicit access control checks (assertConsumerAllowedForBucket) to ensure that only authorized consumers can write to the specified output bucket. Returning an explicit HTTP 403 on failure is the correct behavior here.

[giurgiur99]

AI automated code review (Gemini 3).

Overall risk: low

Summary: The PR successfully introduces the outputBucketId parameter to allow C2D jobs to write their results directly into a persistent storage bucket instead of an outputs.tar file. The changes are well-structured, include necessary updates to documentation and tests, and effectively integrate with the persistent storage factory. A minor security concern regarding world-writable permissions on the host filesystem is noted.

Comments: • [WARNING][security] Changing the directory permission to 0o777 makes it globally readable, writable, and executable by any user on the host OS. While this is a common workaround for Docker volume mount permission issues, it introduces a security risk in shared hosting environments. Consider configuring the container to run with the host user's UID/GID, or use more restrictive permissions like 0o755 or 0o770 combined with proper group ownership.

-    await fsp.chmod(source, 0o777)
+    await fsp.chmod(source, 0o755) // Or handle ownership via chown

• [INFO][style] Excellent refactoring here. Extracting the repeated job failure and cleanup logic into the failJobDataProvisioning helper greatly improves maintainability and keeps the code DRY. • [INFO][security] Good use of explicit access control checks (assertConsumerAllowedForBucket) to ensure that only authorized consumers can write to the specified output bucket. Returning an explicit HTTP 403 on failure is the correct behavior here.

source is already path-restricted, so we only give access to that particular bucket

[greptile-apps]

Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.