[codex] Fix integration discovery for Direct resources#113
Conversation
Update README: add credential resolution priority table (English and Russian), examples for profile-specific env vars and OAuth/profile commands, and clarify .env loading and profile fallback behavior (prevents mixing profile tokens with base login). Also document the --profile option. Bump project version in pyproject.toml from 0.2.10 to 0.2.11 for this change.
Introduce run_agencyclients_sandbox_get and is_agency_access_denied helpers in scripts/test_safe_commands.sh to exercise `agencyclients get --sandbox` when agency credentials are available. The new logic detects a dedicated YANDEX_DIRECT_AGENCY_TOKEN (and optional login), runs the API call, marks pass/fail, and skips with a clear message when no token is present and access is denied—removing the previous BUG #73 skip. Update tests/test_smoke_matrix.py with a unit test that ensures the script contains the agencyclients call, uses --sandbox and YANDEX_DIRECT_AGENCY_TOKEN, and no longer contains the BUG #73 marker.
|
@claude review. Focus on critical issues: bugs, security vulnerabilities, logical errors, data loss risks, performance problems. Do NOT nitpick style, naming conventions, minor formatting, or subjective preferences — only flag issues that could break functionality or cause real harm in production. |
|
Claude finished @axisrow's task in 2m 21s —— View job Code Review — PR #113
Findings1.
|
| # | Severity | Location | Issue |
|---|---|---|---|
| 1 | Medium | agencyclients.py:28,32 |
None flags silently mapped to "NO", unintentional client opt-out |
| 2 | Low | test_integration.py:108-109 |
Leads integration test can pass vacuously with probe ID 0 |
| 3 | Low | test_integration.py:196 |
"403" substring match — could false-positive on unrelated output |
| 4 | Low | agencyclients.py:44 |
--ids removed without deprecation; silent breakage for existing users |
Issue #1 is the one actionable bug that could affect production behavior (unintended opt-out of email notifications for new clients). The rest are test robustness or UX polish.
…on flags _build_notification used to emit "Value": "NO" for both EmailSubscriptions options when --send-account-news / --send-warnings were not passed, which silently opted new clients out of notifications. Restore per-option guards so an omitted flag leaves the field absent (server default) while an explicit --no-send-* still sends "NO". Also tighten get_first_leads_turbopage_id: an empty list response from the zero-id probe no longer counts as a usable id. Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
|
Triage по ревью bot'а: #1 (None vs False conflation) — FIXED в #2 (vacuous probe pass for leads) — FIXED в #3 ( #4 ( |
|
@claude review. Focus on critical issues: bugs, security vulnerabilities, logical errors, data loss risks, performance problems. Do NOT nitpick style, naming conventions, minor formatting, or subjective preferences — only flag issues that could break functionality or cause real harm in production. |
|
Claude finished @axisrow's task in 2m 14s —— View job Code Review — PR #113
Findings (current branch, including
|
| # | Severity | Location | Issue |
|---|---|---|---|
| 1 | Medium | test_integration.py:197 |
advideos probe still uses is not None instead of isinstance(data, list) and data — same vacuous-pass pattern fixed for leads in af74344 but missed here |
| 2 | Low | agencyclients.py:136–148 |
Empty Notification: {} always included in add payload; untested against live API for rejection |
| 3 | Informational | agencyclients.py:76 |
SelectionCriteria now always sent; existing scripts relying on "no criteria = all clients" will silently exclude archived clients |
Issue #1 is the only actionable gap from this review. The None vs False bug (#1 from the last review) is correctly fixed, and the leads probe fix (#2 from the last review) is correctly applied — it just wasn't replicated to the advideo probe.
Mirrors the leads probe fix in af74344. parse_json_output returns [] (not None) for an empty JSON array, so the previous guard accepted a zero-result probe as a usable candidate, allowing a downstream test to pass vacuously. Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
|
Triage второго ревью bot'а: #1 (advideo probe — same vacuous-pass pattern) — FIXED в #2 (empty Notification: {} в add) — SKIP. Это pre-existing поведение, явно покрыто тестом #3 (SelectionCriteria теперь всегда отправляется) — SKIP. Сам бот пометил это как Informational и не настаивает; это намеренное приведение в соответствие с WSDL-контрактом, README обновлён, дефолт |
|
@claude review. Focus on critical issues: bugs, security vulnerabilities, logical errors, data loss risks, performance problems. Do NOT nitpick style, naming conventions, minor formatting, or subjective preferences — only flag issues that could break functionality or cause real harm in production. |
|
Claude finished @axisrow's task in 3m 6s —— View job Code Review — PR #113
Findings (current branch, post
|
| # | Severity | Location | Issue |
|---|---|---|---|
| 1 | Low | test_integration.py:94–96 |
Leads primary discovery path skips non-empty guard — vacuous pass possible if account has turbo pages but no leads |
No new medium or high severity issues. All previous critical findings are correctly resolved.
|
Triage третьего ревью bot'а: #1 (primary turbo-page discovery without leads probe) — SKIP. Бот сам отмечает это как Low с явной оговоркой "doesn't block the PR". Принципиальное отличие от предыдущих: основной путь возвращает ID реально существующей turbo page, и API-запрос идёт корректно. Отсутствие leads у этой страницы — валидное состояние аккаунта; делать pre-flight probe тут означает превратить "тест на сетевую совместимость с реальным аккаунтом" в "тест зависит от состояния продакшен-данных", что хуже текущего поведения. Vacuous-pass паттерн в probe-fallback'ах был критичен, потому что они подавали заведомо несуществующий ID 0; primary path этим не страдает. |
Summary
agencyclients getto use WSDL-backedLogins/Archivedselection criteria instead of non-existent client ID criteria.EmailSubscriptions, matching the live API requirement.Root Cause
The read-only integration tests relied on magic IDs or adjacent-resource IDs, so missing fixtures could be hidden by permissive API responses. Separately,
agencyclientshad payload and selector drift from the WSDL/live API: nested imported fields were not covered deeply enough, and runtime validation rejected the old notification shape.Validation
python3 -m pytest tests/test_dry_run.py -k agencyclients -qpython3 -m pytest tests/test_integration.py -k "leads or businesses or advideos or agencyclients" -vpython3 -m pytest tests/test_integration.py::TestReadOnlyAgencyClients::test_get_agencyclients -vTracked follow-up audit: #112