fix(go): correct Permissions serialization and add unit tests

[saie-ch]

Bugs Fixed:

Permissions.MarshalBinary() - Fixed missing continuation flags between stream/topic entries. The serializer wasn't writing 1-byte flags
(1=has_next, 0=no_next) after each entry, causing the server to incorrectly parse permission data and potentially grant wrong permissions. Also
added len() > 0 checks to match Rust SDK's behavior of skipping empty maps.

Note: Does NOT fix #2980, #2981, #2982 (missing 4-byte permissions_len field before permissions data - those are separate issues found during the review of #2973).

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 71.95%. Comparing base (5cc7c37) to head (0fe9765).
⚠️ Report is 16 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff              @@
##             master    #3015      +/-   ##
============================================
+ Coverage     71.88%   71.95%   +0.06%     
  Complexity      930      930              
============================================
  Files          1118     1120       +2     
  Lines         92992    93179     +187     
  Branches      70513    70513              
============================================
+ Hits          66851    67043     +192     
+ Misses        23582    23578       -4     
+ Partials       2559     2558       -1     

Flag	Coverage Δ
go	38.97% <100.00%> (+2.58%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
foreign/go/contracts/users.go	100.00% <100.00%> (+7.57%)	⬆️

... and 3 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[saie-ch]

@chengxilo could you please check this?

[hubcio]

PR description is not good enough. please make it more meaningful: what bug was that, how did it manifest and how was it fixed. prefer on describing why instead of what.

[ryankert01]

I think it's better to add a test to prevent regression

[saie-ch]

I think it's better to add a test to prevent regression

we are adding tests in #2973

[hubcio]

@saie-ch so why these tests passed? do those commits overlap?

[saie-ch]

@saie-ch so why these tests passed? do those commits overlap?

@hubcio Thanks for the question! Could you clarify which tests you're referring to?
For context: The tests passed in #2973 because the bugs were already fixed in that same PR As per @chengxilo review comment, we separated the bug fixes into this PR first

[chengxilo]

I think it's better to add a test to prevent regression

we are adding tests in #2973

In this PR, you better only address the problem of Permissions

Permissions.MarshalBinary() - Fixed missing continuation flags between stream/topic entries. The serializer wasn't writing 1-byte flags (1=has_next, 0=no_next) after each entry, causing the server to incorrectly parse permission data and potentially grant wrong permissions. Also added len() > 0 checks to match Rust SDK's behavior of skipping empty maps.

For the following changes related to commands, it would be better to address them in #2973, since they were discovered while you implementing command tests(and more importantly, they are logic of commands):

CreateUser - Fixed capacity calculation that didn't account for individual length prefix bytes. Was allocating 4 + len(username) + len(password) but needed 1 + len(username) + 1 + len(password) + 1 + 1 for proper byte accounting. Also removed double-counted permissions flag byte.

UpdatePermissions - Fixed panic when writing has_permissions flag. Buffer was allocated as len(userIdBytes) without the required 1-byte flag, causing index-out-of-bounds when accessing bytes[position]. Now allocates len(userIdBytes) + 1.

UpdateUser - Fixed panic from insufficient buffer allocation (missing flag bytes) and removed input mutation side effect. Method was modifying caller's struct by allocating new(string) when Username was nil. Now uses read-only access with proper buffer sizing: len(userIdBytes) + 2 for both flags.

Regarding this part

Note: Does NOT fix #2980, #2981, #2982 (missing 4-byte permissions_len field before permissions data - those are separate issues found during the review of #2973).

I’m still a bit confused why we tend to separate bug fixes and tests into different PRs. In many cases, writing tests alongside the fix makes it easier to validate the implementation immediately ^v^.

[chengxilo]

@saie-ch so why these tests passed? do those commits overlap?

@hubcio Thanks for the question! Could you clarify which tests you're referring to? For context: The tests passed in #2973 because the bugs were already fixed in that same PR As per @chengxilo review comment, we separated the bug fixes into this PR first

Sorry for making you confused, actually you just need to use a seperate PR to solve the problem of iggon.Permissions since it's not in the scope of that PR. 😢

[chengxilo]

@saie-ch so why these tests passed? do those commits overlap?

@hubcio Thanks for the question! Could you clarify which tests you're referring to? For context: The tests passed in #2973 because the bugs were already fixed in that same PR As per @chengxilo review comment, we separated the bug fixes into this PR first

Also I think the tests @hubcio refering to is the tests you implemented for command. As those tests passed it bascially means they didn't detect the bug in iggon.Permission , that's why @hubcio and @ryankert01 are requesting you to add a test, because we don't have a proper test for the iggon.Permission.

[saie-ch]

@chengxilo I misunderstood the original review feedback and thought the suggestion was to separate ALL bug fixes from the tests.

Now:
Permissions fix -> Should be in a separate PR (this one).
Command fixes -> Should stay in #2973
I'll add a unit test for permissions in this PR too.

[chengxilo]

Ohter part looks good to me

[chengxilo]

@saie-ch The test should verify that each attribute of Permissions is encoded correctly. Right now, those checks are being skipped. This only validates the basic frame structure (e.g., continuation flags and the size of each part). It would be better to also read back the encoded content and confirm that it matches the values you originally provided.

[ryankert01]

+1

[chengxilo]

Btw would you mind to update the PR title, maybe fix(go): correct Permissions serialization and add unit tests? It would better reflect what you’re currently working on.

[chengxilo]

I'm sorry that I keep asking you to modify your code.

However, your changes actually doesn't address the problem. If in the future I swaped the position of ManageServers and ManageUsers when encoding, this test won't know I am wrong.

To better desribe the problem, consider you have this struct.

Foo {
    A bool,
    B bool,
    C bool,
}

You wrot a function to encode it.

func (f Foo) MarshalBinary() ([]byte, error) {
    return []byte{
        boolToByte(f.A), 
        boolToByte(f.B), 
        boolToByte(f.C),
    }
}

You wrote a test and here is your test case:

input: Foo {
    A: true,
    B: false,
    C: true
}
want: []byte {1, 0, 1}

And you can get a []byte {1, 0, 1}, you are 100% correct.

However, if I write the function like this:

func (f Foo) MarshalBinary() ([]byte, error) {
    return []byte{
        boolToByte(f.C), 
        boolToByte(f.B), 
        boolToByte(f.A),
    }
}

I will still get []byte {1, 0, 1}, I can still pass the test, but actually it's wrong.

So you probably want to make sure every single field are correctly encoded.

Consider make a bigger test case:

{ 
    input: Foo {
        A: true
    },
    want: []byte{1,0,0}
},
{
    input: Foo {
        B: true
    },
    want: []byte{0,1,0}
},
{
    input: Foo {
        C: true
    },
    want: []byte{0,0,1}
}

[saie-ch]

No problem @chengxilo, happy to modify until it's correct. Can you check now?

[chengxilo]

same here

[hubcio]

@saie-ch please use precommit hooks via prek. See CONTRIBUTING.md in the root of this repository.

[chengxilo]

lgtm now