feat: add file permission checking to dynamo_check.py

[keivenchang]

Overview:

Add file permission checking functionality to the dynamo_check.py diagnostic tool. The new feature validates writability of critical development directories and files needed for Dynamo development workflows.

Details:

• Example output 1:

├─ File Permissions
│  ├─ ✅ Dynamo workspace ($HOME/dynamo) writable
│  ├─ ✅ Dynamo .git directory writable
│  ├─ ✅ Rustup home ($HOME/.rustup) writable
│  ├─ ✅ Cargo home ($HOME/.cargo) writable
│  ├─ ✅ Cargo target ($HOME/dynamo/.build/target) writable
│  └─ ✅ Python site-packages ($HOME/dynamo/venv/lib/python3.12/site-packages) writable

• Example output 2 (using the --thorough flag, which is slower)

├─ File Permissions
│  ├─ ✅ Dynamo workspace ($HOME/dynamo) writable
│  ├─ ⚠️  Dynamo .git directory not available
│  ├─ ⚠️  Rustup home ($HOME/.rustup) directory does not exist
│  ├─ ⚠️  Cargo home ($HOME/.cargo) directory does not exist
│  ├─ ❌ Cargo target ($HOME/dynamo/.build/target) Path does not exist
│  └─ ❌ Python site-packages ($HOME/dynamo/venv/lib/python3.12/site-packages) Permission check failed: [Errno 2] No such file or directory

• Add FilePermissionsInfo class with unified permission checking function
• Check writability of dynamo root, .git, RUSTUP_HOME, CARGO_HOME, cargo target, and site-packages directories
• Implement ownership-aware permission logic (files owned by user or root are considered writable)
• Support directory-only checking (default) and recursive file checking (--thorough-check flag)
• Replace --fast flag with --thorough-check for more explicit behavior
• Skip symbolic links during file permission analysis
• Update documentation and example output to reflect new functionality

Where should the reviewer start?

deploy/dynamo_check.py - Focus on the FilePermissionsInfo class (lines ~592-950).

[coderabbitai]

Walkthrough

Refactors deploy/dynamo_check.py to replace fast_mode with a thorough_check flag, adds FilePermissionsInfo, propagates the flag through SystemInfo, CargoInfo, DynamoRuntimeInfo, DynamoFrameworkInfo, and DynamoInfo, adjusts cargo target discovery and size reporting, and updates CLI/help and example outputs accordingly.

Changes

Cohort / File(s)	Summary of changes
Flag refactor and propagation deploy/dynamo_check.py	Replaces fast_mode with thorough_check across SystemInfo, CargoInfo, DynamoRuntimeInfo, DynamoFrameworkInfo, DynamoInfo; updates constructors and internal logic to gate heavy checks.
New permissions auditing deploy/dynamo_check.py	Adds FilePermissionsInfo to audit writability of key directories; supports non-recursive and recursive checks controlled by thorough_check; integrated into SystemInfo.
Cargo target discovery and sizing deploy/dynamo_check.py	Implements discovery via cargo metadata, CARGO_TARGET_DIR, default ~/.cargo/target; size calculations and per-file reporting performed only when thorough_check is True; handles missing paths with warnings.
Reporting and CLI help updates deploy/dynamo_check.py	Updates usage/help to introduce --thorough-check; modifies example output; adds top-level File Permissions section; adjusts status reporting to new flag semantics.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant CLI as CLI (dynamo_check)
  participant Sys as SystemInfo
  participant Perm as FilePermissionsInfo
  participant Cg as CargoInfo
  participant Run as DynamoRuntimeInfo
  participant Fr as DynamoFrameworkInfo

  User->>CLI: Invoke (optional --thorough-check)
  CLI->>Sys: new SystemInfo(thorough_check)
  Sys->>Perm: new FilePermissionsInfo(thorough_check)
  Sys->>Cg: new CargoInfo(thorough_check)
  Sys->>Run: new DynamoRuntimeInfo(workspace, thorough_check)
  Sys->>Fr: new DynamoFrameworkInfo(workspace, thorough_check)

  alt thorough_check = False
    Perm->>Sys: Directory-level writability results
    Cg->>Cg: Discover target path (metadata/env/default)
    Cg-->>Sys: Basic status (no sizes)
    Run-->>Sys: Lightweight runtime status
    Fr-->>Sys: Lightweight framework status
  else thorough_check = True
    Perm->>Perm: Recursive per-file permissions audit
    Cg->>Cg: Discover target path
    Cg->>Cg: Compute target size and per-file details
    Cg-->>Sys: Detailed cargo target report
    Run->>Run: Deep runtime validations
    Fr->>Fr: Deep framework validations
    Run-->>Sys: Detailed runtime report
    Fr-->>Sys: Detailed framework report
  end

  Sys-->>CLI: Composed system report (includes File Permissions)
  CLI-->>User: Rendered output

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• feat: add dynamo environment checker script #2419 — Introduces the initial environment checker and reporting in deploy/dynamo_check.py, which this PR refactors to use thorough_check and adds FilePermissionsInfo.
• refactor: refactor to be tree-based code + feat: framework check #2799 — Reshapes the diagnostic classes (SystemInfo, DynamoInfo, CargoInfo, etc.) that this PR further modifies to propagate thorough_check and adjust checks.

Poem

A rabbit taps keys with a nimble check,
Fast became thorough—no stone to neglect.
Permissions inspected, targets unveiled,
Paths well-discovered, sizes detailed.
With whiskers a-twitch and reports in sync,
Hop, hop—ship it! Thump-thump—no blink. 🐇✨

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

deploy/dynamo_check.py (3)

1512-1513: Verify parameter propagation through DynamoRuntimeInfo

The thorough_check parameter is added but never used within DynamoRuntimeInfo. While this maintains API consistency for potential future use, it could be removed if not needed.

If the parameter won't be used in this class, consider documenting why it's included for API consistency, or remove it:

-    def __init__(self, workspace_dir: str, thorough_check: bool = False):
-        self.thorough_check = thorough_check
+    def __init__(self, workspace_dir: str, thorough_check: bool = False):
+        # thorough_check parameter maintained for API consistency but not used
+        self.thorough_check = thorough_check

---

1691-1692: Same unused parameter pattern in DynamoFrameworkInfo

Similar to DynamoRuntimeInfo, the thorough_check parameter is stored but never used.

Consider the same approach - either document the parameter or remove if truly unnecessary:

-    def __init__(self, workspace_dir: str, thorough_check: bool = False):
-        self.thorough_check = thorough_check
+    def __init__(self, workspace_dir: str, thorough_check: bool = False):
+        # thorough_check parameter maintained for API consistency but not used
+        self.thorough_check = thorough_check

---

775-821: Consider limiting directory traversal depth for performance

The _count_writable_files method recursively walks the entire directory tree, which could be slow for very large directories. Consider adding a max depth limit or file count limit.

Add depth limiting to prevent excessive traversal:

 def _count_writable_files(
     self,
     directory: str,
     recursive: bool = False,
     exclude_files: Optional[List[str]] = None,
+    max_depth: int = 5,
+    max_files: int = 10000,
 ) -> Tuple[int, int, List[str]]:
     """Count total files and non-writable files in directory
 
     Returns:
         Tuple of (total_files, non_writable_files, non_writable_list)
     """
     exclude_files = exclude_files or []
     total_files = 0
     non_writable_files = 0
     non_writable_list = []
 
     if recursive:
         # Walk through all files in the directory tree recursively
         for root, dirs, files in os.walk(directory):
+            # Check depth limit
+            depth = root[len(directory):].count(os.sep)
+            if depth >= max_depth:
+                dirs[:] = []  # Don't recurse deeper
+                continue
+            
             for file in files:
+                # Check file count limit
+                if total_files >= max_files:
+                    return total_files, non_writable_files, non_writable_list
+                
                 file_path = os.path.join(root, file)
                 # Skip symbolic links
                 if os.path.islink(file_path):
                     continue

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between b6b3a76 and 8ad4bde.

📒 Files selected for processing (1)

• deploy/dynamo_check.py (16 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-08-15T02:01:01.238Z

Learnt from: keivenchang
PR: ai-dynamo/dynamo#2453
File: deploy/dynamo_check.py:739-741
Timestamp: 2025-08-15T02:01:01.238Z
Learning: In the dynamo project, missing cargo should be treated as a fatal error in dynamo_check.py because developers need cargo to build the Rust components. The tool is designed to validate the complete development environment, not just import functionality.

Applied to files:

• deploy/dynamo_check.py

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Build and Test - vllm
• GitHub Check: Build and Test - dynamo

🔇 Additional comments (13)

deploy/dynamo_check.py (13)

234-235: Verify consistency: thorough_check is expected to be boolean but inconsistent handling

The thorough_check parameter is declared as bool in the type hint, but throughout the file it's consistently passed as a boolean via args.thorough_check which comes from action="store_true" in argparse. The implementation is correct.

---

597-608: Well-structured class with clear documentation

The FilePermissionsInfo class has excellent documentation explaining its purpose, the directories it checks, and the behavior differences between default and thorough modes. The structure follows the established pattern in the file.

---

625-746: Robust unified permission checking with good error handling

The _check_permissions_unified method provides a well-designed abstraction for permission checking that:

• Handles multiple candidate paths gracefully
• Provides clear error messages for different failure scenarios
• Supports both directory-only and recursive file checking modes
• Has comprehensive error handling

---

747-773: Security-aware permission checking logic

The _is_effectively_writable method correctly handles three scenarios for determining writability:

1. Direct write access
2. Root user (can override permissions)
3. File ownership (can chmod)

This is a more accurate approach than simple os.access checks.

---

796-797: Good practice: Skip symbolic links during permission checks

Skipping symbolic links prevents following potentially circular references and avoids permission issues with link targets outside the workspace.

---

836-865: Comprehensive cargo target path discovery

The _get_cargo_target_path_candidates method uses multiple strategies to find the cargo target directory:

1. Most accurate: cargo metadata command
2. Environment variable: CARGO_TARGET_DIR
3. Fallback: default location ~/.cargo/target

This ensures the tool works in various development setups.

---

867-908: Proper reuse of existing workspace detection logic

The method correctly reuses DynamoInfo.find_workspace() and DynamoInfo.is_dynamo_workspace() static methods rather than duplicating the logic, maintaining DRY principles.

---

939-964: Handle non-existent cargo target gracefully

The cargo target permission check correctly shows a warning (not error) when the path doesn't exist, which is appropriate since the target directory might not exist in a fresh checkout before the first build.

---

999-1000: Consistent parameter propagation

The thorough_check parameter is correctly passed through the class hierarchy from SystemInfo → CargoInfo → directory size calculations.

---

1055-1061: Performance-aware size calculation

Directory size calculation is correctly gated by the thorough_check flag, avoiding expensive du operations in default mode.

---

1832-1833: Proper parameter propagation to child components

The DynamoInfo class correctly propagates thorough_check to both DynamoRuntimeInfo and DynamoFrameworkInfo, maintaining consistency even though those classes don't currently use it.

---

2057-2060: Clear and consistent command-line interface

The --thorough-check flag is well-documented and follows common CLI patterns. The help text clearly explains what additional checks are performed.

---

910-937: Verify venv site-packages inclusion
Sandbox lacks python3-venv, so we couldn’t confirm if site.getsitepackages() returns the active virtual environment’s path. Activate a real venv locally and run:

import site
print(site.getsitepackages())

to verify; if it doesn’t include the venv’s site-packages, add its path via sys.prefix before permission checks.