test(golden): complete golden parity coverage for all 54 REST operationIds + coverage guard#234
Merged
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What & why
The golden set was being treated as a proxy for contract completeness, but the oracle only covered ~20 of the 54
openapi.yamloperationIds — parity was generalized from a subset. This closes that gap: every REST operationId is now either goldened against the canonical TS backend or carries an explicit, reasoned exclusion, and a new guard makes the gap impossible to reopen silently.Goldens are authored on a branch off
develop(the TS reference the Go rewrite replays) — not Go handlers.Coverage guard (the point of the exercise)
golden-coverage.ts— committed manifest mapping all 54 operationIds → fixture(s) or{ excluded: <reason> }.golden-coverage.test.ts— fails CI on any operation that is neither goldened nor deliberately excluded, on stale manifest entries, and on mapped fixtures missing from disk.This is the golden-side analog of the mounted-route/operationId parity check: adding or renaming an operation in
openapi.yamlforces a matching golden (or a documented exclusion) in the same change.What's captured
startTestAppgains opt-indb/accountRepo/keyRepooverrides (same pattern as the existing audit/actions/push repos), unblocking capture of account/admin/credential bodies against a real in-memory DB.golden-account(account read/update, admin accounts+delete+export-seed, keys,/api/version,/config.js, endpoint update/delete),golden-session(create→list→tail→close success bodies),golden-credentials(list/label/confirm/revoke with real step-up tokens + invite reads),golden-hydra(authorized-clients list/revoke, mediated DCR, consent-approve),golden-actions-push(pending-action get/resolve/deny, Web Push subscribe/unsubscribe).client_id_issued_at(RFC 7591 epoch-seconds) to the shared TS-fold keys.Deliberate exclusions (documented in the manifest, not silent)
/optionsendpoints — non-deterministic@simplewebauthnchallenge passthroughs (same rationale already applied tostartHydraLogin).finishHydraConsent— its{ redirectTo }envelope is identical tofinishHydraLogin(goldened aswebauthn-login-verify); a true success capture needs a full DB-enrolled assertion ceremony. Deferred, documented.Verification
test:golden— 61/61 green, guard at 54/54.test:integration— 216/216 green (shared harness/normalizer changes, no regressions).typecheck,lint,spdx:check— all clean.For the Go side (
go-backend, when picked up)The replay harness must mirror three normalization details: the new
client_id_issued_atTS-fold key, the manual<ID>/<OUTPUT>folds (pending-action ids, terminal tail bytes), and thecontentTypefield on the/config.jsgolden envelope.