test(matrix): W4 deploy-approval block integration suite (move exempt→mapped)#254
Merged
mastermanas805 merged 1 commit intoJun 5, 2026
Merged
Conversation
…→mapped)
Covers the public email-link approval landing GET /approve/:token
(USER-FLOW-INVENTORY §W4), which was in routeCoverageExemptions with no
mapped test. New DB-backed handler-integration suite in package
handlers_test drives the route through the production wiring
(approveBlockApp mirrors router.go's
app.Get("/approve/:token", NewPromoteApprovalHandler(db, rdb).Approve))
against a real migrated Postgres + miniredis, asserting the real contract
(read from promote_approval.go):
- valid pending token → 302 to dashboard ?approved=1 + row PERSISTED
'approved' (source-of-truth state change)
- single-use: second click on an approved token → 410 already-used
- already-resolved (approved/rejected/executed) → 410, no state change
- past-expiry pending token → 410 + row flipped to 'expired'
- unknown token → 404 invalid (no probing oracle)
- per-IP/sec rate-limit burst → 429
The route is public — the 32-byte token IS the credential, no auth chain
(matches router.go wiring above the /api/v1 RequireAuth group), so the
suite tests the token paths, not a session JWT.
Done-bar guard: GET /approve/:token moves routeCoverageExemptions →
routeTestMap (TestApproveBlock_ValidPendingToken). Both done-bar guards
stay green (route mapped, test name resolves via AST scan, no stale rows).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Closes the deploy-approval route on the done-bar route-coverage tail (USER-FLOW-INVENTORY §W4).
GET /approve/:tokenwas inrouteCoverageExemptionswith no mapped test; this adds a DB-backed handler-integration suite and moves itrouteCoverageExemptions → routeTestMap.The route + contract (read from
internal/handlers/promote_approval.go)GET /approve/:tokenis the public email-link approval landing for non-dev env promotes. The 32-byte random token IS the credential — no auth chain (wired inrouter.goabove the/api/v1RequireAuth group), so the email URL works for an anonymous click. The handler renders HTML / redirects across four token branches + a per-IP rate limit.Tests (
internal/handlers/approve_block_{helpers,routes}_test.go, packagehandlers_test)approveBlockAppmirrors the production wiring (app.Get("/approve/:token", NewPromoteApprovalHandler(db, rdb).Approve)) against a real migrated Postgres (testhelpers.SetupTestDB) + miniredis. Coverage:TestApproveBlock_ValidPendingToken— valid pending token → 302 todashboard/<id>?approved=1and the row is PERSISTED asapproved(source-of-truth state change); single-use second click → 410 already-used.TestApproveBlock_NonPendingToken— approved/rejected/executed token → 410 already-used, no state change.TestApproveBlock_ExpiredToken— past-expiry pending token → 410 + row flipped toexpired.TestApproveBlock_InvalidToken— unknown token → 404 invalid (no probing oracle).TestApproveBlock_RateLimit— per-IP/sec burst → 429.All helpers reuse existing seams (
miniRedis,models.CreatePromoteApproval,testhelpers.SetupTestDB) — no redefinitions. All changes are_test.gofiles (no production code).Done-bar
Both guards green: route mapped to
TestApproveBlock_ValidPendingToken, test name resolves via the AST scan, no stale rows. Rebased on origin/master (#253 deploy↔GitHub-link merge) — both sets of moves kept.Gate
internal/router+ the newTestApproveBlock_*suite green. Full./...reds only on the documented pre-existing local flakes (internal/modelsTestGetExpiredDeployments/TestLinkGitHubID;internal/handlersTestQueue_*NATS-dependent 503) — verified identical on clean origin/master with files stashed. CI authoritative.🤖 Generated with Claude Code