fix(api): bug-bash batch — free TTL, brevo non-clobber, dedup expiry, 404 leak, Team dedicated#218
Merged
Merged
Conversation
… 404 leak, Team dedicated Five confirmed bugs from the 2026-06-02 platform bug bash: - #4 (P1) free-tier resources never expired: authenticated provisions hardcoded ExpiresAt=nil even for free/anonymous tiers. Add resourceExpiryForTier (24h for ephemeral tiers, nil for paid) and apply it at all 10 authenticated CreateResource sites. Per product decision: enforce plans.yaml's documented 24h TTL for claimed-unpaid resources. - #6 (P1) Brevo 'delivered' webhook clobbered a terminal bounce/complaint on out-of-order delivery, corrupting the email truth surface (rule 12). Guard the UPDATE against terminal classes; distinguish terminal-kept from unknown. - #17/#20 (P2) fingerprint dedup-return handed back credentials for active-but-expired anonymous resources: add the expires_at filter to both GetActiveResourceByFingerprint[Type], matching GetAllActiveResourcesByFingerprint. - #22 (P3) deploy CancelDelete returned 403 cross-tenant (leaking existence); now 404 like the other deploy endpoints. - #12 (P2) Team tier gets dedicated infra: add dedicated:true to team + team_yearly in plans.yaml (pairs with common defaultYAML). Per product decision 2026-06-02. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…mocks The delivered UPDATE now carries the terminal-class guard (8 args) and a 0-row result triggers an existence probe. Update expectDeliveredUpdate to the new arg list, add the SELECT mock to the unknown-message test, and add a terminal-kept regression (delivered-after-bounce → matched:true, class preserved). Closes the batch-1 patch-coverage gap on brevo_webhook.go. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
CI (full real-DB suite) caught three existing tests that encoded the pre-fix behavior batch-1 deliberately changed: - TestPlansRegistry_IsDedicatedTier: team is now dedicated (#12). - TestDeployCancelDelete_CrossTeam: cross-tenant now 404 not 403 (#22). - TestBrevo_Receive_UnknownMessageID (billing_coverage): delivered UPDATE now carries the terminal-class guard (8 args) + an existence-probe SELECT (#6). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…coverage) diff-cover flagged brevo_webhook.go:530-531 — the `if qErr != nil` arm of the delivered handler's existence probe (bug bash #6). When the terminal-class- guarded UPDATE affects 0 rows, a follow-up SELECT distinguishes terminal-kept from genuinely-unknown; a non-ErrNoRows fault on that probe must surface as an error (→ 500) so Brevo retries rather than the message being mislabeled. Adds TestBrevo_Receive_Delivered_ProbeError (sqlmock, hermetic): UPDATE → 0 rows, SELECT probe → generic error, asserts 500. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Five confirmed bugs from the 2026-06-02 bug bash (product decisions applied for #4 and #12).
ExpiresAt=nil). NewresourceExpiryForTierapplied at all 10 provision sites — 24h for ephemeral tiers, nil for paid. Enforces plans.yaml's documented 24h TTL.deliveredclobbered a terminal bounce/complaint on out-of-order delivery (corrupted the rule-12 truth surface). Guarded against terminal classes.expires_atfilter.dedicated:truein plans.yaml (pairs with common obs: buildinfo package + Dockerfile ldflags for commit_sha (track 1/8) #39).Note: api handler/coverage tests are DB/redis-backed (not runnable locally); relying on CI for the brevo/deploy/provision coverage. 🤖 Generated with Claude Code