Skip to content

Cache the generateCipherKey function and add profiling support to lint#18

Merged
mangelajo merged 1 commit intomainfrom
speedup-generate-cipher-key
Sep 5, 2025
Merged

Cache the generateCipherKey function and add profiling support to lint#18
mangelajo merged 1 commit intomainfrom
speedup-generate-cipher-key

Conversation

@mangelajo
Copy link
Member

@mangelajo mangelajo commented Sep 5, 2025
edited by coderabbitai bot
Loading

The lint/apply/dry-run had become slow, and profiling showed up that we were calling generateCipherKey many times as the yaml base grows.

This patch adds caching to the generateCipherKey function avoiding the regeneration for the same password/salt. This reduces our lint run time from 17s to 0.4s

Summary by CodeRabbit

  • New Features

    • Added optional CPU profiling to the lint command via a --cpu-profile flag.
    • Lint now displays how long validation takes.

  • Performance Improvements

    • Faster, thread-safe decryption of Vault secrets through cached key derivation.

  • Reliability

    • Improved lint error handling to surface failures without abrupt termination, providing clearer feedback.

@mangelajo
Cache the generateCipherKey function and add profiling support to lint
9d53e09 
The lint/apply/dry-run had become slow, and profiling showed up that we were
calling generateCipherKey many times as the yaml base grows.

This patch adds caching to the generateCipherKey function avoiding
the regeneration for the same password/salt. This reduces our lint run time
from 17s to 0.4s
@mangelajo mangelajo merged commit e7d3ae4 into main Sep 5, 2025
3 of 4 checks passed
@coderabbitai
Copy link

coderabbitai bot commented Sep 5, 2025
edited
Loading

Caution

Review failed

The pull request is closed.

Walkthrough

Adds optional CPU profiling and timing to the lint command, switches to an error-returning validation path, and expands linting to include template rendering checks. Introduces error-map merging utilities. Implements a thread-safe cached key-derivation mechanism in VaultDecryptor and updates decryption to use it.

Changes

Cohort / File(s) Summary
CLI lint profiling and timing
cmd/lint.go		 Adds --cpu-profile flag, starts/stops runtime/pprof CPU profiling when provided, prints validation duration, and uses config_lint.ValidateWithError(cfg) to propagate errors.
Config lint pipeline and API
internal/config_lint/lint.go		 Adds ValidateWithError(cfg) returning error; expands Lint to merge reference and template validation errors; introduces mergeErrors and validateTemplates; retains existing Validate with os.Exit on failure.
Vault decryptor cached key derivation
internal/vars/vault.go		 Extends VaultDecryptor with cache and RWMutex; converts generateCipherKey to a method that caches PBKDF2-derived keys by salt; updates Decrypt to use vd.generateCipherKey(salt); initializes cache in constructor.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant U as User
  participant CLI as cmd/lint
  participant L as config_lint
  participant P as pprof

  U->>CLI: run lint [--cpu-profile=file]
  alt cpu profiling enabled
    CLI->>P: pprof.StartCPUProfile(file)
    Note over CLI,P: Profiling active
  end
  CLI->>L: ValidateWithError(cfg)
  L->>L: Lint(cfg) = validateReferences + validateTemplates
  L-->>CLI: error or nil
  CLI->>CLI: record duration and print
  alt profiling active
    CLI->>P: pprof.StopCPUProfile()
  end
  CLI-->>U: exit with code (0/1)
Loading 
sequenceDiagram
  autonumber
  participant C as Caller
  participant VD as VaultDecryptor
  participant Cache as vd.cache
  participant KDF as PBKDF2

  C->>VD: Decrypt(vaultData)
  VD->>VD: parse salt from vaultData
  VD->>Cache: lookup key by salt-hex (RLock)
  alt cache hit
    Cache-->>VD: CipherKey
  else cache miss
    VD->>KDF: derive from vd.password + salt
    KDF-->>VD: CipherKey
    VD->>Cache: store (Lock)
  end
  VD-->>C: plaintext or error
Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

I thump my paw on terminal ground,
Profilers hum, new timings found.
Templates checked, errors merge and rhyme,
Vault keys cached to save some time.
With whiskers twitching, I lint and leap—
Bugs beware, this bunny’s deep. 🐇✨

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

  • MCP integration is disabled by default for public repositories
  • Jira integration is disabled by default for public repositories
  • Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between d6b4bd4 and 9d53e09.

📒 Files selected for processing (3)
  • cmd/lint.go (4 hunks)
  • internal/config_lint/lint.go (1 hunks)
  • internal/vars/vault.go (5 hunks)
✨ Finishing Touches
  • 📝 Generate Docstrings
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch speedup-generate-cipher-key

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

  • Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

  • Visit our Status Page to check the current availability of CodeRabbit.
  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@mangelajo mangelajo deleted the speedup-generate-cipher-key branch September 5, 2025 13:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mangelajo