fix: address adversarial review findings in resilience tests

Chris0Jeky · Chris0Jeky · commit 9ae405f1cb5a · 2026-04-13T02:01:55.000+01:00
- Remove unused authApi import that breaks ESLint/CI
- Fix unhandled promise rejections: attach rejection handlers before
  advancing fake timers in boardStore and captureStore slow-API tests
- Rename misleading test name ReturnsDegradedResult -&gt; PropagatesException
  for the OpenAI timeout test (it asserts ThrowAsync, not a degraded result)
- Fix contradictory comment in timeout test to match actual behavior
- Fix misleading comment about "structurally valid JWT" when the test
  uses a structurally invalid token string
diff --git a/backend/tests/Taskdeck.Application.Tests/Services/LlmProviderResilienceTests.cs b/backend/tests/Taskdeck.Application.Tests/Services/LlmProviderResilienceTests.cs
@@ -141,7 +141,7 @@ await act.Should().NotThrowAsync(
     // ── OpenAI: Network Timeout ─────────────────────────────────────
 
     [Fact]
-    public async Task OpenAi_CompleteAsync_HttpClientThrowsTimeout_ReturnsDegradedResult()
+    public async Task OpenAi_CompleteAsync_HttpClientThrowsTimeout_PropagatesException()
     {
         var settings = BuildOpenAiSettings();
         var handler = new StubHttpMessageHandler((_, _) =>
@@ -150,16 +150,12 @@ public async Task OpenAi_CompleteAsync_HttpClientThrowsTimeout_ReturnsDegradedRe
         var provider = new OpenAiLlmProvider(
             new HttpClient(handler), settings, logger);
 
-        // TaskCanceledException from HttpClient timeout is NOT OperationCanceledException
-        // from a caller's CancellationToken — the provider should catch it and return degraded.
-        // However, OperationCanceledException is re-thrown by the provider.
-        // TaskCanceledException IS an OperationCanceledException, so the provider re-throws.
-        // This is correct behavior — callers handle it at the HTTP/controller layer.
+        // TaskCanceledException from HttpClient timeout is an OperationCanceledException.
+        // The provider intentionally re-throws this exception so that the caller (e.g., the
+        // controller) can handle the timeout appropriately (e.g., by returning 504 Gateway Timeout).
         var act = async () => await provider.CompleteAsync(new ChatCompletionRequest(
             [new ChatCompletionMessage("User", "create a card")]));
 
-        // The provider re-throws OperationCanceledException (parent of TaskCanceledException).
-        // This is intentional — the controller layer catches it and returns an appropriate response.
         await act.Should().ThrowAsync<OperationCanceledException>(
             "timeout exceptions should propagate so the controller layer can handle them");
     }
diff --git a/frontend/taskdeck-web/src/tests/resilience/slowApiAndStorage.spec.ts b/frontend/taskdeck-web/src/tests/resilience/slowApiAndStorage.spec.ts
@@ -11,7 +11,6 @@ import { useCaptureStore } from '../../store/captureStore'
 import { useSessionStore } from '../../store/sessionStore'
 import { boardsApi } from '../../api/boardsApi'
 import { captureApi } from '../../api/captureApi'
-import { authApi } from '../../api/authApi'
 import * as tokenStorage from '../../utils/tokenStorage'
 
 // ─── global mocks ────────────────────────────────────────────────────────────
@@ -201,9 +200,12 @@ describe('boardStore — slow API response handling', () => {
     const fetchPromise = store.fetchBoards()
     expect(store.loading).toBe(true)
 
-    await vi.advanceTimersByTimeAsync(5000)
+    // Attach rejection handler BEFORE advancing timers to avoid
+    // unhandled promise rejection when the timer fires the throw.
+    const rejectExpectation = expect(fetchPromise).rejects.toThrow()
 
-    await expect(fetchPromise).rejects.toThrow()
+    await vi.advanceTimersByTimeAsync(5000)
+    await rejectExpectation
 
     expect(store.loading).toBe(false)
     expect(store.error).toBeTruthy()
@@ -233,13 +235,14 @@ describe('captureStore — slow API response handling', () => {
     const store = useCaptureStore()
     const createPromise = store.createItem({ text: 'Slow capture', boardId: null })
 
-    await vi.advanceTimersByTimeAsync(6000)
+    // Attach rejection handler BEFORE advancing timers to avoid
+    // unhandled promise rejection when the timer fires the throw.
+    const settled = createPromise.catch(() => {
+      // Expected failure -- handled here to prevent unhandled rejection
+    })
 
-    try {
-      await createPromise
-    } catch {
-      // Expected failure
-    }
+    await vi.advanceTimersByTimeAsync(6000)
+    await settled
 
     expect(toastMocks.error).toHaveBeenCalled()
   })
@@ -262,7 +265,7 @@ describe('sessionStore — localStorage corruption mid-session', () => {
     // test restoreSession which is the path that runs on app init.
 
     // First, seed localStorage with a previously valid session.
-    // Use a structurally valid but expired-like JWT.
+    // Use a structurally INVALID token (not 3 base64url segments) to test cleanup.
     localStorage.setItem('taskdeck_token', 'not-a-valid-jwt')
     localStorage.setItem('taskdeck_session', JSON.stringify({
       userId: 'u1',
