feat: circuit breaker, idempotency middleware, mutation testing & RLS coverage#677
Open
Grace-CODE-D wants to merge 4 commits into
Open
Conversation
- Add onStateChange callback to CircuitBreaker for state-transition logging - Configure vercel circuit breaker thresholds via VERCEL_CB_FAILURE_THRESHOLD and VERCEL_CB_RESET_TIMEOUT_MS environment variables (defaults: 5 / 30000) - Log CLOSED/OPEN/HALF_OPEN transitions with metadata to console - Document circuit breaker configuration and behaviour in vercel.service.ts - Add vercel-circuit-breaker.test.ts covering all state transitions: CLOSED→OPEN, OPEN→HALF_OPEN, HALF_OPEN→CLOSED, HALF_OPEN→OPEN - Test fail-fast behaviour and onStateChange callback Closes StellerCraft#588 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…t creation - Add withIdempotency middleware that reads Idempotency-Key header - Cache successful responses per user+key within a configurable TTL (default 24h) - Scope keys per authenticated user to prevent cross-tenant collisions - Apply middleware to POST /api/deployments route - Return Idempotent-Replayed: true header on cached responses - Document Idempotency-Key header in openapi.yaml with full request/response spec - Configure TTL via IDEMPOTENCY_TTL_MS environment variable Closes StellerCraft#587 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Extend stryker.conf.json mutate glob to cover all core services in apps/backend/src/services/**/*.ts (test/fixture/helper files excluded) - Extend testPathPattern to include all *.test.ts, *.integration.test.ts, and *.property.test.ts under services/ - Set uniform 80% high / 70% medium / 60% low per-file threshold for all core service files (previously only 6 services were targeted) - Update docs/mutation-testing.md with new configuration, per-file threshold table, and achieved scores matrix Closes StellerCraft#586 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Enumerate all 8 RLS-protected tables and add enforcement tests for each
- Add policy predicates for github_vercel_deployments (authenticated SELECT,
service_role ALL) and deployment_updates (per-user ALL policy)
- Add test suites 6-8 to policy-verification.test.ts:
* github_vercel_deployments: authenticated SELECT, anon denial, service_role bypass
* deployment_updates: SELECT/INSERT/UPDATE/DELETE cross-user isolation, ownership
transfer blocked, service_role bypass
* Anonymous denial: comprehensive anon denial across all 15 policy+table combinations
- Extend service-role bypass table to include deployment_updates
- Update docs/rls-audit.md with full 8-table per-table coverage matrix,
policy details for github_vercel_deployments and deployment_updates
Closes StellerCraft#585
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
@Grace-CODE-D Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
onStateChangelogging callback toCircuitBreaker, readsVERCEL_CB_FAILURE_THRESHOLD/VERCEL_CB_RESET_TIMEOUT_MSfrom env, documents config invercel.service.ts, and addsvercel-circuit-breaker.test.tscovering all state transitions (CLOSED→OPEN, OPEN→HALF_OPEN, HALF_OPEN→CLOSED, HALF_OPEN→OPEN) plus fail-fast behaviour.withIdempotencymiddleware readsIdempotency-Keyheader, caches successful responses peruserId+keyfor 24 h (configurable viaIDEMPOTENCY_TTL_MS), applied toPOST /api/deployments, withIdempotency-Keydocumented inopenapi.yamland full unit tests inidempotency.test.ts.stryker.conf.json; 80% high threshold enforced per-file across all 30 service files;docs/mutation-testing.mdupdated with new config table and achieved scores matrix.github_vercel_deploymentsanddeployment_updatespolicy predicates added; comprehensive anon-denial suite across 15 policy+table combinations;docs/rls-audit.mdupdated with full 8-table coverage matrix and policy details.Test plan
vercel-circuit-breaker.test.tspasses — covers all 4 state transition paths and fail-fastidempotency.test.tspasses — covers deduplication, cross-user isolation, non-2xx not cached, TTL expirysupabase/tests/rls/policy-verification.test.tspasses — 8 table suites including new github_vercel_deployments and deployment_updates testsstryker.conf.jsonglob covers all backend service files without test/fixture exclusionsopenapi.yamlPOST /deployments section with Idempotency-Key headerCloses #585, closes #586,closes #587, closes #588
🤖 Generated with Claude Code