Skip to content

test: harden reliable test execution#699

Closed
BigSimmo wants to merge 3 commits into
mainfrom
codex/test-reliability-hardening
Closed

test: harden reliable test execution#699
BigSimmo wants to merge 3 commits into
mainfrom
codex/test-reliability-hardening

Conversation

@BigSimmo

@BigSimmo BigSimmo commented Jul 17, 2026

Copy link
Copy Markdown
Owner

Summary

Verification

  • npm run verify:pr-local

During development, use npm run verify:cheap as the faster iteration gate before the final PR-local preflight.

  • npm run verify:ui when UI, routing, styling, browser behavior, reduced-motion, or forced-colors behavior changed
  • npm run verify:release before release or handoff confidence claims

For retrieval, ranking, selection, chunking, source/citation rendering, or answer-contract changes, verify:pr-local runs eval:rag:offline automatically. Run the offline command directly during iteration before spending a live eval.

  • npm run eval:retrieval:quality (must stay 36/36) when retrieval, ranking, selection, chunking, or scoring behavior changed — CI cannot run it (needs live keys), so run it locally and paste the summary. A metadata/governance-weighting change once buried correct docs (recall 1.0→0.76) and only this eval caught it.
  • npm run eval:rag -- --limit 15 + npm run eval:quality -- --rag-only when answer generation, the synthesis prompt, or answer post-processing changed (grounded-supported must not drop; citation-failure 0)
  • npm run check:production-readiness when clinical workflow, privacy, environment, Supabase, source governance, or deployment behavior changed
  • npm run check:deployment-readiness when deployment startup, hosting, or rollout behavior changed

Clinical Governance Preflight

Complete this section when the change touches ingestion, answer generation, search/ranking, source rendering, document access, privacy, production env, or clinical output.

  • Source-backed claims still require linked source verification before clinical use
  • No patient-identifiable document workflow was introduced or expanded without explicit governance approval
  • Supabase target remains Clinical KB Database (sjrfecxgysukkwxsowpy)
  • Service-role keys and private document access remain server-only
  • Demo/synthetic content remains clearly separated from real clinical sources
  • Source metadata, review status, and outdated/unknown-source behavior remain conservative
  • Deployment classification/TGA SaMD impact was checked when clinical decision-support behavior changed

Notes

Summary by CodeRabbit

  • Bug Fixes

    • Improved UI test stability by switching to more deterministic readiness checks and React-event-driven interactions.
    • Production mockup and admin-only upload access are now enforced more consistently, including in demo/advisory flows.
    • Playwright now runs against isolated production setups and produces clearer failure diagnostics.
  • New Features

    • Added focused, live-provider, advisory UI, and offline RAG validation commands/verification steps.
  • Documentation

    • Expanded testing and CI gate guidance, including safer local verification and updated PR required behavior.

@supabase

supabase Bot commented Jul 17, 2026

Copy link
Copy Markdown

This pull request has been ignored for the connected project sjrfecxgysukkwxsowpy because there are no changes detected in supabase directory. You can change this behaviour in Project Integrations Settings ↗︎.


Preview Branches by Supabase.
Learn more about Supabase Branching ↗︎.

@coderabbitai

coderabbitai Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 2b01f8ea-a9e4-478d-92c0-d728b81d0731

📥 Commits

Reviewing files that changed from the base of the PR and between b518c1d and 6202835.

📒 Files selected for processing (6)
  • .github/workflows/ci-triage.yml
  • docs/codebase-index.md
  • next.config.ts
  • tests/tsx-server-only-runner.test.ts
  • tests/universal-search.test.ts
  • vitest.config.mts
🚧 Files skipped from review as they are similar to previous changes (6)
  • tests/tsx-server-only-runner.test.ts
  • docs/codebase-index.md
  • vitest.config.mts
  • .github/workflows/ci-triage.yml
  • next.config.ts
  • tests/universal-search.test.ts

📝 Walkthrough

Walkthrough

This PR hardens local and CI test execution with serialized heavy-run locks, offline provider safeguards, isolated production Playwright runs, deterministic property-test seeds, exact JUnit-based flake classification, revised CI gates, and expanded verification documentation and tests.

Changes

Test execution and runner safety

Layer / File(s) Summary
Serialized and offline test execution
package.json, scripts/*, tests/property-*, vitest.config.mts, tests/test-runner-safety.test.ts
Heavy commands now share a repository lock, default tests scrub provider credentials, live tests require explicit permission, focused tests fail closed for unsafe selections, and property tests use FAST_CHECK_SEED.
Isolated production Playwright execution
next.config.ts, playwright*.config.ts, scripts/run-playwright.mjs, src/instrumentation.ts, src/proxy.ts, tests/ui-*.spec.ts
Playwright builds and serves isolated production output, applies offline boot guards and mockup boundaries, emits CI reports without retries, and uses event- and response-based UI synchronization.
CI gates and exact failure classification
.github/workflows/*, scripts/flake-ledger.mjs, scripts/classify-playwright-failures.mjs, scripts/check-rag-fixtures.mjs, scripts/verify-pr-local.mjs
CI separates required production UI checks from advisory journeys, validates RAG fixtures, classifies failures by exact spec/title identities, and enforces strict flake-ledger metadata and expiry rules.
Verification documentation and test contracts
AGENTS.md, README.md, docs/*, tests/*
Verification guidance, CI topology, testing policy, module isolation, architecture checks, script wiring, and live-test failure handling are updated to match the new execution model.

Estimated code review effort: 5 (Critical) | ~120 minutes

Possibly related PRs

Sequence Diagram(s)

sequenceDiagram
  participant CI
  participant PlaywrightRunner
  participant NextServer
  participant JUnitReport
  participant FlakeLedger
  CI->>PlaywrightRunner: start production UI job
  PlaywrightRunner->>NextServer: build and start isolated production app
  NextServer-->>PlaywrightRunner: report identity and route readiness
  PlaywrightRunner->>JUnitReport: run journeys and write failure identities
  CI->>JUnitReport: read failed testcases
  JUnitReport->>FlakeLedger: match exact spec and title
  FlakeLedger-->>CI: classify quarantine or investigation
Loading
🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 8.75% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
Description check ❓ Inconclusive The template structure is present, but the Summary and Notes sections are left as placeholders and no verification was completed. Add a concise implementation summary and any relevant notes or verification outcomes instead of placeholder dashes.
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title matches the main focus of the PR: hardening test execution and reliability.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/test-reliability-hardening

Comment @coderabbitai help to get the list of available commands.

@BigSimmo

Copy link
Copy Markdown
Owner Author

@copilot resolve the merge conflicts in this pull request

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b518c1de90

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

const isWindows = process.platform === "win32";
const baseScripts = ["check:runtime", "format:check", "lint", "typecheck", "test"];
const projectRoot = path.resolve(path.dirname(fileURLToPath(import.meta.url)), "..");
const baseScripts = ["check:runtime", "format:changed", "lint", "typecheck", "test"];

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Forward explicit file selection to the formatter

When verify:pr-local is invoked with its documented --files option, readScope() correctly classifies that list, but this unconditional format:changed entry re-runs ci-change-scope without the list. For example, --files scripts/run-playwright.mjs selects one path while the formatter sees all 59 branch changes, so unrelated formatting can fail a scoped preflight; conversely, on a clean checkout it may check no supplied path at all. Pass the explicit selection through to the formatting command (or make the formatter consume it) so the selected verification plan is consistent.

Useful? React with 👍 / 👎.

auto-merge was automatically disabled July 17, 2026 05:50

Head branch was pushed to by a user without write access

Copilot AI commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

@copilot resolve the merge conflicts in this pull request

Resolved and pushed in commit 6202835a.

I merged origin/main into this branch, resolved all conflict files, and re-ran focused checks (npm run check:ci-scope and focused Vitest on conflict-related tests) to confirm the branch is mergeable.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 8

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
scripts/run-playwright.mjs (1)

161-192: 🩺 Stability & Availability | 🟠 Major | 🏗️ Heavy lift

Wait for the owned server to exit before releasing the lock.

On non-Windows systems, SIGTERM is asynchronous, but cleanup immediately deletes the output and releases the shared lock. Another heavy run can start while the previous Next process is still alive. Await process exit with a bounded escalation path before removing output and releasing the lock.

As per coding guidelines, “Run only one heavy database command at a time across worktrees.”

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/run-playwright.mjs` around lines 161 - 192, Update cleanup() and the
owned-server shutdown flow around stopOwnedProcessTree() to wait for the server
process and its tree to exit before deleting absoluteRunRoot and releasing lock.
Make shutdown asynchronous, add a bounded wait with escalation if SIGTERM does
not finish promptly, and preserve the existing Windows taskkill behavior and
cleanup warning handling.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@scripts/ci-change-scope.mjs`:
- Line 149: Update the coveragePatterns regular expression to include
run-playwright.mjs as an independently coverage-sensitive runner. Ensure the
coverage classification works when run-playwright is the only changed runner,
without relying on run-vitest or changing the existing runner matching.

In `@scripts/flake-ledger.mjs`:
- Around line 22-26: Update dateValue to validate that the parsed date preserves
the input year, month, and day, rejecting impossible calendar dates such as
February 31 before returning the timestamp. Keep the existing YYYY-MM-DD format
validation and error behavior for invalid dates.
- Around line 57-60: Update loadFlakeLedger to reject parsed ledger data when
raw.flakes is missing or is not an array, rather than substituting an empty
array. Preserve validation through validateFlakeLedgerEntries for valid arrays,
and surface a clear failure for malformed ledger structure.

In `@scripts/test-environment.mjs`:
- Around line 46-51: Update the environment construction in the test-environment
helper so overrides are applied before the final fail-closed scrubbing. Ensure
protected provider-access settings, including OPENAI_API_KEY,
ALLOW_PROVIDER_TESTS, and RAG_PROVIDER_MODE, cannot be restored or replaced by
overrides while preserving the required offline/demo values.

In `@scripts/test-focused.mjs`:
- Around line 9-10: Update unsafeSelectionPattern to match Playwright
configuration files, including playwright.config.ts and
playwright.visual.config.ts, so changes to Playwright test infrastructure fail
closed and require the full suite while preserving existing unsafe-path matches.

In `@tests/flake-ledger.test.ts`:
- Around line 14-15: Update the isoDate helper and related expiry assertions in
the flake-ledger tests to use one fixed timestamp rather than Date.now(). Pass
that same timestamp through the validator’s now option so date offsets remain
stable across UTC midnight and preserve the intended acceptance and rejection
cases.
- Around line 69-75: Add a substring-only case to the test around
validateFlakeLedgerEntries: make the referenced spec contain a longer title or
comment that includes the ledger title but not as an exact test identity, then
assert validation throws the existing “exact title is not present” error.
Preserve the existing exact-title success case and missing-title failure case.

In `@tests/property-seed.ts`:
- Around line 3-8: Update the FAST_CHECK_SEED validation around parsedSeed to
reject partially numeric values such as “123abc”. Validate that the complete
environment string represents a valid integer before converting it, while
preserving the defaultPropertySeed fallback and existing propertySeed
normalization for valid inputs.

---

Outside diff comments:
In `@scripts/run-playwright.mjs`:
- Around line 161-192: Update cleanup() and the owned-server shutdown flow
around stopOwnedProcessTree() to wait for the server process and its tree to
exit before deleting absoluteRunRoot and releasing lock. Make shutdown
asynchronous, add a bounded wait with escalation if SIGTERM does not finish
promptly, and preserve the existing Windows taskkill behavior and cleanup
warning handling.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 06a94b5c-c322-42a0-99b1-84cd536550b9

📥 Commits

Reviewing files that changed from the base of the PR and between 8b1a415 and b518c1d.

📒 Files selected for processing (58)
  • .github/workflows/ci-triage.yml
  • .github/workflows/ci.yml
  • .gitignore
  • AGENTS.md
  • README.md
  • docs/branch-review-ledger.md
  • docs/codebase-index.md
  • docs/process-hardening.md
  • docs/testing.md
  • next.config.ts
  • package.json
  • playwright.config.ts
  • playwright.visual.config.ts
  • scripts/check-format-changed.mjs
  • scripts/check-rag-fixtures.mjs
  • scripts/child-process-result.mjs
  • scripts/ci-change-scope.mjs
  • scripts/classify-playwright-failures.mjs
  • scripts/eval-rag-offline.mjs
  • scripts/flake-ledger.mjs
  • scripts/playwright-base-url.ts
  • scripts/run-heavy.mjs
  • scripts/run-live-tests.mjs
  • scripts/run-playwright.mjs
  • scripts/run-vitest.mjs
  • scripts/test-environment.mjs
  • scripts/test-focused.mjs
  • scripts/test-rag-offline.mjs
  • scripts/test-run-lock.mjs
  • scripts/verify-pr-local.mjs
  • src/instrumentation.ts
  • src/proxy.ts
  • tests/architecture-boundaries.test.ts
  • tests/client-secret-surface.test.ts
  • tests/demo-data.test.ts
  • tests/flake-ledger.json
  • tests/flake-ledger.test.ts
  • tests/instrumentation.test.ts
  • tests/property-accessible-table.test.ts
  • tests/property-chunking.test.ts
  • tests/property-numeric-token-preservation.test.ts
  • tests/property-seed.ts
  • tests/proxy.test.ts
  • tests/rag-answer-fallback.test.ts
  • tests/test-runner-safety.test.ts
  • tests/tsx-server-only-runner.test.ts
  • tests/ui-accessibility.spec.ts
  • tests/ui-formulation.spec.ts
  • tests/ui-smoke.spec.ts
  • tests/ui-stress.spec.ts
  • tests/ui-tools-collapse.spec.ts
  • tests/ui-tools-task-directory.spec.ts
  • tests/ui-tools.spec.ts
  • tests/ui-visual-artifacts.spec.ts
  • tests/universal-search-owner.live.test.ts
  • tests/universal-search.test.ts
  • tests/verify-pr-local.test.ts
  • vitest.config.mts
💤 Files with no reviewable changes (1)
  • tests/ui-visual-artifacts.spec.ts

"tests",
"package.json",
"vitest.config.mts",
/^scripts\/(?:child-process-result|run-heavy|run-live-tests|run-vitest|test-environment|test-focused|test-run-lock)\.mjs$/,

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Classify run-playwright.mjs independently as coverage-sensitive.

Line 149 omits run-playwright from coveragePatterns. The test at Lines 385-389 passes both runners together, so run-vitest masks the omission. A Playwright-runner-only PR therefore skips the coverage job despite the asserted contract.

Also applies to: 385-389

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/ci-change-scope.mjs` at line 149, Update the coveragePatterns regular
expression to include run-playwright.mjs as an independently coverage-sensitive
runner. Ensure the coverage classification works when run-playwright is the only
changed runner, without relying on run-vitest or changing the existing runner
matching.

Comment thread scripts/flake-ledger.mjs
Comment on lines +22 to +26
function dateValue(value, field, id) {
if (!/^\d{4}-\d{2}-\d{2}$/.test(value)) throw new Error(`${id}: ${field} must be YYYY-MM-DD`);
const parsed = Date.parse(`${value}T23:59:59Z`);
if (!Number.isFinite(parsed)) throw new Error(`${id}: ${field} is not a valid date`);
return parsed;

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Reject impossible calendar dates instead of relying on Date.parse.

Date.parse("2026-02-31T23:59:59Z") normalizes the value rather than returning NaN, so malformed ledger dates can pass validation and distort ordering or expiry checks.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/flake-ledger.mjs` around lines 22 - 26, Update dateValue to validate
that the parsed date preserves the input year, month, and day, rejecting
impossible calendar dates such as February 31 before returning the timestamp.
Keep the existing YYYY-MM-DD format validation and error behavior for invalid
dates.

Comment thread scripts/flake-ledger.mjs
Comment on lines +57 to +60
export function loadFlakeLedger(sourcePath = ledgerPath) {
const raw = JSON.parse(readFileSync(sourcePath, "utf8"));
return validateFlakeLedgerEntries(Array.isArray(raw.flakes) ? raw.flakes : []);
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Fail when the ledger’s flakes field is missing or not an array.

The current fallback validates [], allowing malformed JSON such as {} to pass self-test and silently disable all known-flake classifications.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/flake-ledger.mjs` around lines 57 - 60, Update loadFlakeLedger to
reject parsed ledger data when raw.flakes is missing or is not an array, rather
than substituting an empty array. Preserve validation through
validateFlakeLedgerEntries for valid arrays, and surface a clear failure for
malformed ledger structure.

Comment on lines +46 to +51
return {
...environment,
RAG_PROVIDER_MODE: "offline",
NEXT_PUBLIC_DEMO_MODE: "true",
...overrides,
};

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Prevent overrides from restoring provider access.

Because overrides is spread last, callers can restore OPENAI_API_KEY, set ALLOW_PROVIDER_TESTS=true, or replace RAG_PROVIDER_MODE. Apply overrides before scrubbing, or reject protected override keys, so this helper remains fail-closed.

As per coding guidelines, “Do not use external APIs, paid services, credentials, secrets, live Supabase projects, or OpenAI provider calls unless explicitly authorized.”

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/test-environment.mjs` around lines 46 - 51, Update the environment
construction in the test-environment helper so overrides are applied before the
final fail-closed scrubbing. Ensure protected provider-access settings,
including OPENAI_API_KEY, ALLOW_PROVIDER_TESTS, and RAG_PROVIDER_MODE, cannot be
restored or replaced by overrides while preserving the required offline/demo
values.

Source: Coding guidelines

Comment thread scripts/test-focused.mjs
Comment on lines +9 to +10
const unsafeSelectionPattern =
/^(?:tests\/|scripts\/|\.github\/|package(?:-lock)?\.json$|tsconfig|vitest\.config|next\.config|eslint)/i;

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Treat Playwright configuration as unsafe focused-test input.

The pattern misses playwright.config.ts and playwright.visual.config.ts. Those test-infrastructure changes can therefore run vitest related instead of failing closed and requiring the full suite.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/test-focused.mjs` around lines 9 - 10, Update unsafeSelectionPattern
to match Playwright configuration files, including playwright.config.ts and
playwright.visual.config.ts, so changes to Playwright test infrastructure fail
closed and require the full suite while preserving existing unsafe-path matches.

Comment on lines +14 to +15
function isoDate(offsetDays: number) {
return new Date(Date.now() + offsetDays * 24 * 60 * 60 * 1000).toISOString().slice(0, 10);

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Freeze now instead of deriving expiry cases from the wall clock.

If these calls straddle UTC midnight, isoDate(31) becomes only 30 days ahead when validation runs and the rejection assertion can fail intermittently. Use one fixed timestamp and pass it through the validator’s now option.

Also applies to: 60-66

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/flake-ledger.test.ts` around lines 14 - 15, Update the isoDate helper
and related expiry assertions in the flake-ledger tests to use one fixed
timestamp rather than Date.now(). Pass that same timestamp through the
validator’s now option so date offsets remain stable across UTC midnight and
preserve the intended acceptance and rejection cases.

Comment on lines +69 to +75
it("requires the exact title to exist in the referenced spec", () => {
const entry = validEntry();
const root = temporarySpec(`test(${JSON.stringify(entry.title)}, () => {});`);
expect(validateFlakeLedgerEntries([entry], { root })).toHaveLength(1);
expect(() => validateFlakeLedgerEntries([validEntry({ title: "missing @quarantine" })], { root })).toThrow(
/exact title is not present/,
);

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | 🏗️ Heavy lift

Exercise a substring title to enforce the claimed exact-match contract.

The current implementation validates with spec.includes(flake.title), so a ledger title appearing only inside a longer test title or comment passes this test. That permits validated ledger entries which can never exactly match the JUnit identity.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/flake-ledger.test.ts` around lines 69 - 75, Add a substring-only case
to the test around validateFlakeLedgerEntries: make the referenced spec contain
a longer title or comment that includes the ledger title but not as an exact
test identity, then assert validation throws the existing “exact title is not
present” error. Preserve the existing exact-title success case and missing-title
failure case.

Comment thread tests/property-seed.ts
Comment on lines +3 to +8
const defaultPropertySeed = 424_242;
const parsedSeed = Number.parseInt(process.env.FAST_CHECK_SEED ?? `${defaultPropertySeed}`, 10);
if (!Number.isSafeInteger(parsedSeed)) {
throw new Error(`FAST_CHECK_SEED must be a safe integer; received ${process.env.FAST_CHECK_SEED}.`);
}
const propertySeed = ((parsedSeed % 2_147_483_647) + 2_147_483_647) % 2_147_483_647 || defaultPropertySeed;

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Reject partially numeric seed values.

Number.parseInt("123abc", 10) silently produces 123, so malformed FAST_CHECK_SEED values do not trigger the promised validation. Validate the complete string before conversion to preserve deterministic replay semantics.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/property-seed.ts` around lines 3 - 8, Update the FAST_CHECK_SEED
validation around parsedSeed to reject partially numeric values such as
“123abc”. Validate that the complete environment string represents a valid
integer before converting it, while preserving the defaultPropertySeed fallback
and existing propertySeed normalization for valid inputs.

@BigSimmo

Copy link
Copy Markdown
Owner Author

Superseded by merged PR #705 (e5caaa46c). Cherry-pick-aware range comparison maps this branch's implementation commit to #705's initial integration commit; #705 then adds seven focused fixes for complete CI coverage, exact flake classification, image-build lock support, and remaining runner/UI reliability gaps. The merge-only head on this PR contributes no unique relevant patch. Closing this obsolete predecessor before deleting its exact-SHA refs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants