Description
tests/index.py is a 452-line copy of api/index.py (453 lines) with divergent logic. Key differences:
- The
public_access decorator has inverted logic compared to the production version — it denies access when CODE_GRAPH_PUBLIC != "1" instead of bypassing token_required.
- Different imports (uses
from api import * wildcard).
- Missing docstrings and comments that exist in production.
Tests using this file may pass but don't reflect production behavior.
Impact
- Tests give false confidence — they exercise different auth logic than production
- Two copies of the same code must be kept in sync manually, which is error-prone
Suggested Fix
Delete tests/index.py and import the actual production app for testing:
from api.index import app
Or use a test fixture that configures the real app for testing.
Context
Found during code review of PR #522.
Description
tests/index.pyis a 452-line copy ofapi/index.py(453 lines) with divergent logic. Key differences:public_accessdecorator has inverted logic compared to the production version — it denies access whenCODE_GRAPH_PUBLIC != "1"instead of bypassingtoken_required.from api import *wildcard).Tests using this file may pass but don't reflect production behavior.
Impact
Suggested Fix
Delete
tests/index.pyand import the actual production app for testing:Or use a test fixture that configures the real app for testing.
Context
Found during code review of PR #522.