feat: add X-Permit-Consistent-Update header on facts proxy requests

[omer9564]

Summary

• Adds the X-Permit-Consistent-Update: true header on facts requests that the PDP proxies through forward_request_then_wait_for_update (the wait-for-local-sync flow)
• The backend's opal-interface uses this header to skip sending the control-plane delta update back to PDPs, since the PDP already propagates the update via OPAL Server pubsub after a successful write — removing a duplicate update path
• The fallback proxy route (forward_remaining_requests) does NOT set the header, so generic passthrough requests continue to rely on the standard control-plane delta path

Details

The header is gated behind a new is_consistent_update: bool = False kwarg on FactsClient.build_forward_request and FactsClient.send_forward_request. Only forward_request_then_wait_for_update (called by the explicit consistent-update routes: users, tenants, role_assignments, resource_instances, relationship_tuples) passes True.

Paired with backend changes in permit-backend (branch: omer/per-14392-consistent-updates-duplicated-updates) which:

1. Adds a FastAPI dependency that reads this header on all facts routes
2. Injects is_consistent_update: True into the DB session's AMQP headers
3. Makes opal-interface skip the delta publish when this flag is set

Test plan

• New unit tests for FactsClient.build_forward_request:
  • Verifies header is set when is_consistent_update=True
  • Verifies header is NOT set by default (fallback proxy path)
• All 47 horizon tests pass locally
• Pre-commit clean (ruff, ruff-format)
• Manual end-to-end: with backend change deployed, verify a proxied write results in a single update reaching the PDP (not two)

🤖 Generated with Claude Code

[linear]

PER-14392 Investigate Consistent Updates High latency

[github-actions]

🔍 Vulnerabilities of permitio/pdp-v2:next

📦 Image Reference permitio/pdp-v2:next

digest	sha256:a98c346e98e124f521b798f53ac2646a685c1cd1c2641ce71ffc9cb468899485
vulnerabilities
platform	linux/amd64
size	215 MB
packages	253

📦 Base Image python:3.10-alpine3.22

also known as	3.10.20-alpine3.22 b259d89e26fbe01d956a4834260c0e5a7c7b305ecda39ae3b59e208e5a03a2aa
digest	sha256:a7b85667f5c4e8db146b494344e4a3826e695185c7260bddab7ec9667a2406e3
vulnerabilities

openssl 3.5.5-r0 (apk) pkg:apk/alpine/openssl@3.5.5-r0?os_name=alpine&os_version=3.22 Affected range <3.5.6-r0 Fixed version 3.5.6-r0 EPSS Score 0.018% EPSS Percentile 5th percentile Description Affected range <3.5.6-r0 Fixed version 3.5.6-r0 EPSS Score 0.049% EPSS Percentile 15th percentile Description Affected range <3.5.6-r0 Fixed version 3.5.6-r0 EPSS Score 0.049% EPSS Percentile 15th percentile Description Affected range <3.5.6-r0 Fixed version 3.5.6-r0 EPSS Score 0.023% EPSS Percentile 6th percentile Description Affected range <3.5.6-r0 Fixed version 3.5.6-r0 EPSS Score 0.045% EPSS Percentile 14th percentile Description Affected range <3.5.6-r0 Fixed version 3.5.6-r0 EPSS Score 0.009% EPSS Percentile 1st percentile Description Affected range <3.5.6-r0 Fixed version 3.5.6-r0 EPSS Score 0.017% EPSS Percentile 4th percentile Description

musl 1.2.5-r10 (apk) pkg:apk/alpine/musl@1.2.5-r10?os_name=alpine&os_version=3.22 Affected range <1.2.5-r12 Fixed version 1.2.5-r12 EPSS Score 0.014% EPSS Percentile 2nd percentile Description Affected range <1.2.5-r11 Fixed version 1.2.5-r11 EPSS Score 0.013% EPSS Percentile 2nd percentile Description

go.opentelemetry.io/otel/sdk 1.42.0 (golang) pkg:golang/go.opentelemetry.io/otel/sdk@1.42.0 Untrusted Search Path Affected range >=1.15.0 <=1.42.0 Fixed version 1.43.0 CVSS Score 7.3 CVSS Vector CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N EPSS Score 0.006% EPSS Percentile 0th percentile Description Summary The fix for GHSA-9h8m-3fm2-qjrq (CVE-2026-24051) changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. Root Cause sdk/resource/host_id.go line 42: if result, err := r.execCommand("kenv", "-q", "smbios.system.uuid"); err == nil { Compare with the fixed Darwin path at line 58: result, err := r.execCommand("/usr/sbin/ioreg", "-rd1", "-c", "IOPlatformExpertDevice") The execCommand helper at sdk/resource/host_id_exec.go uses exec.Command(name, arg...) which searches $PATH when the command name contains no path separator. Affected platforms (per build tag in host_id_bsd.go:4): DragonFly BSD, FreeBSD, NetBSD, OpenBSD, Solaris. The kenv path is reached when /etc/hostid does not exist (line 38-40), which is common on FreeBSD systems. Attack Attacker has local access to a system running a Go application that imports go.opentelemetry.io/otel/sdk Attacker places a malicious kenv binary earlier in $PATH Application initializes OpenTelemetry resource detection at startup hostIDReaderBSD.read() calls exec.Command("kenv", ...) which resolves to the malicious binary Arbitrary code executes in the context of the application Same attack vector and impact as CVE-2026-24051. Suggested Fix Use the absolute path: if result, err := r.execCommand("/bin/kenv", "-q", "smbios.system.uuid"); err == nil { On FreeBSD, kenv is located at /bin/kenv.

go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp 1.42.0 (golang) pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@1.42.0 Memory Allocation with Excessive Size Value Affected range <1.43.0 Fixed version 1.43.0 CVSS Score 5.3 CVSS Vector CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.016% EPSS Percentile 3rd percentile Description overview: this report shows that the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory bytes.Buffer without a size cap. this is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled (or a network attacker can mitm the exporter connection). severity HIGH not claiming: this is a remote dos against every default deployment. claiming: if the exporter sends traces to an untrusted collector endpoint (or over a network segment where mitm is realistic), that endpoint can crash the process via a large response body. callsite (pinned): exporters/otlp/otlptrace/otlptracehttp/client.go:199 exporters/otlp/otlptrace/otlptracehttp/client.go:230 exporters/otlp/otlpmetric/otlpmetrichttp/client.go:170 exporters/otlp/otlpmetric/otlpmetrichttp/client.go:201 exporters/otlp/otlplog/otlploghttp/client.go:190 exporters/otlp/otlplog/otlploghttp/client.go:221 permalinks (pinned): https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlptrace/otlptracehttp/client.go#L199 https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlptrace/otlptracehttp/client.go#L230 https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlpmetric/otlpmetrichttp/client.go#L170 https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlpmetric/otlpmetrichttp/client.go#L201 https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlplog/otlploghttp/client.go#L190 https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlplog/otlploghttp/client.go#L221 root cause: each exporter client reads resp.Body using io.Copy(&respData, resp.Body) into a bytes.Buffer on both success and error paths, with no upper bound. impact: a malicious collector can force large transient heap allocations during export (peak memory scales with attacker-chosen response size) and can potentially crash the instrumented process (oom). affected component: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp repro (local-only): unzip poc.zip -d poc cd poc make canonical resp_bytes=33554432 chunk_delay_ms=0 expected output contains: [CALLSITE_HIT]: otlptracehttp.UploadTraces::io.Copy(resp.Body) [PROOF_MARKER]: resp_bytes=33554432 peak_alloc_bytes=118050512 control (same env, patched target): unzip poc.zip -d poc cd poc make control resp_bytes=33554432 chunk_delay_ms=0 expected control output contains: [CALLSITE_HIT]: otlptracehttp.UploadTraces::io.Copy(resp.Body) [NC_MARKER]: resp_bytes=33554432 peak_alloc_bytes=512232 attachments: poc.zip (attached) PR_DESCRIPTION.md attack_scenario.md poc.zip Fixed in: open-telemetry/opentelemetry-go#8108

busybox 1.37.0-r20 (apk) pkg:apk/alpine/busybox@1.37.0-r20?os_name=alpine&os_version=3.22 Affected range <=1.37.0-r20 Fixed version Not Fixed EPSS Score 0.043% EPSS Percentile 13th percentile Description

sqlparse 0.5.0 (pypi) pkg:pypi/sqlparse@0.5.0 Allocation of Resources Without Limits or Throttling Affected range <=0.5.3 Fixed version 0.5.4 CVSS Score 6.9 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Description Summary The below gist hangs while attempting to format a long list of tuples. This was found while drafting a regression test for Dja ngo 5.2's composite primary key feature, which allows querying composite fields with tuples.

zlib 1.3.1-r2 (apk) pkg:apk/alpine/zlib@1.3.1-r2?os_name=alpine&os_version=3.22 Affected range <=1.3.1-r2 Fixed version Not Fixed EPSS Score 0.007% EPSS Percentile 1st percentile Description

[github-actions]

🔍 Vulnerabilities of permitio/pdp-v2:next

📦 Image Reference permitio/pdp-v2:next

digest	sha256:a98c346e98e124f521b798f53ac2646a685c1cd1c2641ce71ffc9cb468899485
vulnerabilities
platform	linux/amd64
size	215 MB
packages	253

📦 Base Image python:3.10-alpine3.22

also known as	3.10.20-alpine3.22 b259d89e26fbe01d956a4834260c0e5a7c7b305ecda39ae3b59e208e5a03a2aa
digest	sha256:a7b85667f5c4e8db146b494344e4a3826e695185c7260bddab7ec9667a2406e3
vulnerabilities

openssl 3.5.5-r0 (apk) pkg:apk/alpine/openssl@3.5.5-r0?os_name=alpine&os_version=3.22 Affected range <3.5.6-r0 Fixed version 3.5.6-r0 EPSS Score 0.018% EPSS Percentile 5th percentile Description Affected range <3.5.6-r0 Fixed version 3.5.6-r0 EPSS Score 0.049% EPSS Percentile 15th percentile Description Affected range <3.5.6-r0 Fixed version 3.5.6-r0 EPSS Score 0.049% EPSS Percentile 15th percentile Description Affected range <3.5.6-r0 Fixed version 3.5.6-r0 EPSS Score 0.023% EPSS Percentile 6th percentile Description Affected range <3.5.6-r0 Fixed version 3.5.6-r0 EPSS Score 0.045% EPSS Percentile 14th percentile Description

musl 1.2.5-r10 (apk) pkg:apk/alpine/musl@1.2.5-r10?os_name=alpine&os_version=3.22 Affected range <1.2.5-r12 Fixed version 1.2.5-r12 EPSS Score 0.014% EPSS Percentile 2nd percentile Description

go.opentelemetry.io/otel/sdk 1.42.0 (golang) pkg:golang/go.opentelemetry.io/otel/sdk@1.42.0 Untrusted Search Path Affected range >=1.15.0 <=1.42.0 Fixed version 1.43.0 CVSS Score 7.3 CVSS Vector CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N EPSS Score 0.006% EPSS Percentile 0th percentile Description Summary The fix for GHSA-9h8m-3fm2-qjrq (CVE-2026-24051) changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. Root Cause sdk/resource/host_id.go line 42: if result, err := r.execCommand("kenv", "-q", "smbios.system.uuid"); err == nil { Compare with the fixed Darwin path at line 58: result, err := r.execCommand("/usr/sbin/ioreg", "-rd1", "-c", "IOPlatformExpertDevice") The execCommand helper at sdk/resource/host_id_exec.go uses exec.Command(name, arg...) which searches $PATH when the command name contains no path separator. Affected platforms (per build tag in host_id_bsd.go:4): DragonFly BSD, FreeBSD, NetBSD, OpenBSD, Solaris. The kenv path is reached when /etc/hostid does not exist (line 38-40), which is common on FreeBSD systems. Attack Attacker has local access to a system running a Go application that imports go.opentelemetry.io/otel/sdk Attacker places a malicious kenv binary earlier in $PATH Application initializes OpenTelemetry resource detection at startup hostIDReaderBSD.read() calls exec.Command("kenv", ...) which resolves to the malicious binary Arbitrary code executes in the context of the application Same attack vector and impact as CVE-2026-24051. Suggested Fix Use the absolute path: if result, err := r.execCommand("/bin/kenv", "-q", "smbios.system.uuid"); err == nil { On FreeBSD, kenv is located at /bin/kenv.

[Copilot]

Pull request overview

Adds an opt-in request header to facts-service proxy calls made via the “wait-for-local-sync” path, allowing the backend to skip emitting a redundant control-plane delta update when the PDP is already publishing an OPAL pubsub update.

Changes:

• Introduce CONSISTENT_UPDATE_HEADER and an is_consistent_update kwarg on FactsClient.build_forward_request() / send_forward_request(), adding X-Permit-Consistent-Update: true when enabled.
• Set is_consistent_update=True for the consistent-update proxy flow (forward_request_then_wait_for_update).
• Add unit tests asserting the header is present when requested and absent by default.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
horizon/facts/client.py	Adds the consistent-update header constant and gating logic in forwarded request construction/sending.
horizon/facts/router.py	Enables the consistent-update header for the wait-for-local-sync proxy flow.
horizon/tests/test_facts_client.py	Adds tests covering header inclusion/exclusion behavior.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Setting is_consistent_update=True here will cause the backend (per PR description) to skip the control-plane delta publish for all these proxied writes, even when the local pubsub propagation fails or times out. In this codepath publish_and_wait() can return False (publish failure or wait timeout) and with TimeoutPolicy.IGNORE (the default via config) the request still returns success; after this change there would be no fallback update path, which can leave the PDP stale. Consider gating is_consistent_update behind a stricter policy (e.g., only when timeout_policy==FAIL / when you will fail the request on local propagation failure) or otherwise ensuring a reliable fallback when local publish/wait does not succeed.

Suggested change

	response = await client.send_forward_request(request, path, query_params=query_params, is_consistent_update=True)
	is_consistent_update = timeout_policy == TimeoutPolicy.FAIL
	response = await client.send_forward_request(
	request,
	path,
	query_params=query_params,
	is_consistent_update=is_consistent_update,
	)