Follow-up coverage: intent-paywall + machine_id race; cookie/compose caveats#22
Merged
Merged
Conversation
…caveats Follow-up to the fleet batch (already on main at 16585ed). Adds ONLY the coverage the fleet did not already provide — its 16585ed _park_first_hash login-race tests and test_online_only_enforcement cache-race test already supersede the login/cache drafts, so those are intentionally dropped as duplicative. - tests/test_intent_paywall.py (new): _paid(team) 402 gate on /api/intent/remember and /api/intent/link, plus the licensed 200 path. No test referenced these routes (5a31389 gated both but tested neither). - tests/test_machine_id_concurrency.py (new): 16 threads racing a fresh device id converge on ONE id (7b62157 _machine_id_lock + O_EXCL). main only used machine_id for setup, never tested the first-run race. - v2_team._cookie_secure: document the non-proxied-HTTP X-Forwarded-Proto caveat. Behavior intentionally unchanged — gating XFP behind the empty-default ENGRAPHIS_FORWARDED_ALLOW_IPS would drop Secure on proxied deploys; XFP can only ADD Secure, never downgrade. - docker-compose.yml: note the optional-.env object form needs Compose v2.24+ and give the older-version fallback.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Follow-up to the fleet batch (already merged to main at 16585ed). Adds ONLY the coverage
the fleet did not already provide.
The fleet's 16585ed independently added
_park_first_hash+ login-race tests and alicense-cache concurrency test (
test_online_only_enforcement.py), so the login-lock andcache-race drafts from my earlier working branch are intentionally DROPPED here as duplicative.
Still-missing coverage landed here:
_paid(team)402 gate on/api/intent/rememberand/api/intent/link(5a31389 gated both routes but testedneither; no test referenced these paths) + the licensed-200 path.
converge on ONE id (7b62157
_machine_id_lock+O_EXCL) — main only usedmachine_idfor setup, never tested the first-run race.
_cookie_secure: document the non-proxied-HTTPX-Forwarded-Protocaveat. Behavior unchanged (gating XFP behind the empty-defaultENGRAPHIS_FORWARDED_ALLOW_IPSwould drop Secure on proxied deploys; XFP can only ADDSecure, never downgrade).
.envobject form needs Compose v2.24+, withthe older-version fallback.
Verified locally: ruff clean, both new test files green.