fix(#59): clamp meta.last page to minimum of 1 for empty results

[fullsend-ai-coder]

When a paginated endpoint returns zero items, pagination_query.pages is 0, causing meta.last to point to page=0 which is an invalid URL that returns a 404. Fix by using max(1, pagination_query.pages) so meta.last always points to at least page=1, matching meta.first for empty collections.

Add test_get_builds_empty to verify meta.last equals meta.first and contains page=1 when no builds exist.

Note: kerberos-dependent test suites could not run in the sandbox (missing libkrb5-dev). The web/API tests covering the changed code passed. Full suite verification is required in CI.

---

Closes #59

Post-script verification

• Branch is not main/master (agent/59-fix-empty-pagination-last)
• Secret scan passed (gitleaks — 6e0ac6cccda83166c240c4b0a4ebd4e8532c6f26..HEAD)
• Pre-commit hooks passed (authoritative run on runner)
• Tests ran inside sandbox

[fullsend-ai-review]

Review

Findings

Critical

• [supply-chain risk] .github/workflows/fullsend.yaml:43 — The dispatch job calls fullsend-ai/fullsend/.github/workflows/reusable-dispatch.yml@v0, pinned to a mutable Git tag. The fullsend-ai organization can silently change the code that runs with this repository's GITHUB_TOKEN. Combined with broad top-level permissions (actions:write, contents:write, id-token:write, issues:write, pull-requests:write) and the pull_request_target trigger (which grants write access and exposes secrets), a compromised or malicious update to the reusable workflow can write arbitrary commits, mint OIDC tokens, exfiltrate GCP secrets, and modify issues/PRs.
  Remediation: Pin the reusable workflow to a full commit SHA. Apply least-privilege by scoping permissions per-job rather than at workflow level.

High

• [excessive-permissions] .github/workflows/fullsend.yaml:17 — The workflow-level permissions block grants contents: write, actions: write, and id-token: write to every job that does not override them. The dispatch job inherits all of these and hands them to an external, tag-pinned reusable workflow. The stop-fix job correctly scopes its own permissions, but the dispatch job does not.
  Remediation: Move permissions into individual jobs. Declare only the permissions that reusable-dispatch.yml actually requires.

• [protected-path] .github/workflows/fullsend.yaml — This file is under the .github/ protected path. The PR links to issue Invalid meta.last on empty items #59 (pagination fix) but does not explain why CI infrastructure is being added. Human approval is required for protected-path changes.

• [scope-exceeded] Multiple files — The PR title claims fix(#59) but bundles: (1) fullsend CI workflow and config directory (.github/workflows/fullsend.yaml, .fullsend/), (2) dependency updates for 7+ packages including security patches, (3) version bump 9.5.0 → 9.5.2 with CHANGELOG entries referencing PRs Check for user in iib_no_ocp_label_allow_list #1304, CLOUDDST-32368 : Fix FBC remove by only passing DB-backed packages to opm registry rm #1312–Update dependency requests to v2.34.1 #1329, (4) an unrelated build.py fix from PR CLOUDDST-32368 : Fix FBC remove by only passing DB-backed packages to opm registry rm #1312, and (5) Python version bump 3.14.0 → 3.14.5. Issue Invalid meta.last on empty items #59 only authorizes fixing the meta.last pagination URL for empty results.
  Remediation: Separate into focused PRs: one for the pagination fix (Invalid meta.last on empty items #59), one for CI infrastructure, and one for dependency/version updates.

Medium

• [secrets-exposure] .github/workflows/fullsend.yaml:49 — Two GCP secrets (FULLSEND_GCP_WIF_PROVIDER, FULLSEND_GCP_PROJECT_ID) are passed to the external reusable workflow pinned to a mutable tag. The pull_request_target trigger means these secrets are available even for PRs from forks. See also: [supply-chain risk] finding at this location.
  Remediation: Pin the reusable workflow to a commit SHA. Consider gating secret access behind a GitHub environment with required reviewers.

Low

• [api-contract] iib/workers/tasks/build.py:1169 — verify_operators_exists returns a set, but opm_registry_rm_fbc type-hints its operators parameter as List[str]. Functionally correct (the downstream ','.join() works on any iterable), but violates the type contract.
  Remediation: Wrap with list(operators_in_db) or update the type hint to accept Iterable[str].

• [authorization-bypass] .github/workflows/fullsend.yaml:63 — The stop-fix job allows CONTRIBUTOR association (any user who has had a PR merged) to disable the fix agent on any PR via /fs-fix-stop. This is a wider authorization surface than likely intended.
  Remediation: Remove CONTRIBUTOR from the allowed associations, keeping only OWNER, MEMBER, COLLABORATOR, plus the PR author check.

• [missing-doc] iib/web/iib_static_types.py:11 — The PaginationMetadata TypedDict lacks documentation of the edge-case behavior where last page is clamped to minimum 1 for empty results.
  Remediation: Add a comment in pagination_metadata() explaining the clamping behavior.

[fullsend-ai-review]

See the review comment for full details.

[fullsend-ai-review]

[critical] supply-chain risk

The dispatch job calls fullsend-ai/fullsend/.github/workflows/reusable-dispatch.yml@v0, pinned to a mutable Git tag. Combined with broad top-level permissions (actions:write, contents:write, id-token:write) and pull_request_target trigger, a compromised update to the reusable workflow can write arbitrary commits, mint OIDC tokens, and exfiltrate GCP secrets.

Suggested fix: Pin the reusable workflow to a full commit SHA. Scope permissions per-job rather than at workflow level.

[fullsend-ai-review]

[high] excessive-permissions

Workflow-level permissions block grants contents:write, actions:write, and id-token:write to every job that does not override them. The dispatch job inherits all of these and hands them to an external, tag-pinned reusable workflow.

Suggested fix: Move permissions into individual jobs. Declare only the permissions that reusable-dispatch.yml actually requires.

[fullsend-ai-review]

[medium] secrets-exposure

Two GCP secrets (FULLSEND_GCP_WIF_PROVIDER, FULLSEND_GCP_PROJECT_ID) are passed to the external reusable workflow pinned to a mutable tag. The pull_request_target trigger means these secrets are available even for PRs from forks.

Suggested fix: Pin the reusable workflow to a commit SHA. Consider gating secret access behind a GitHub environment with required reviewers.

[fullsend-ai-review]

[low] api-contract

verify_operators_exists returns a set but opm_registry_rm_fbc type-hints its operators parameter as List[str]. Functionally correct but violates the type contract.

Suggested fix: Wrap with list(operators_in_db) or update the type hint to accept Iterable[str].

[fullsend-ai-review]

[low] authorization-bypass

The stop-fix job allows CONTRIBUTOR association (any user who has had a PR merged) to disable the fix agent on any PR via /fs-fix-stop. This is a wider authorization surface than likely intended.

Suggested fix: Remove CONTRIBUTOR from the allowed associations, keeping only OWNER, MEMBER, COLLABORATOR, plus the PR author check.