fix: compress_dynamo_documents breaks permanent environment cache

[SahilJat]

Thanks for submitting a PR! Please check the boxes below:

• [ x ] I have read the Contributing Guide.
• [ x ] I have added information to docs/ if required so people know about the feature.
• [ x ] I have filled in the "Changes" section below.
• [ x ] I have filled in the "How did you test this code" section below.

Changes

Closes #6944

Please describe.
Since V1EnvironmentDocumentResponse is a TypedDict, I implemented an explicit dictionary extraction right before environment_document_cache.set_many(). This guarantees that internal DynamoDB configs (like compress_dynamo_documents) do not leak into the Redis cache consumed by the API.

I also added a mocked unit test to verify the payload is stripped and perfectly validates against the V1EnvironmentDocumentResponse schema.

How did you test this code?

Please describe.
1.Mocked the Cache: Used @mock.patch to intercept the payload right before it hits environment_document_cache.set_many().

2.Forced Persistent Mode: Set CACHE_ENVIRONMENT_DOCUMENT_MODE to PERSISTENT to trigger the exact code path causing the leak.

2.Asserted Data Stripping: Verified that internal configuration fields (like compress_dynamo_documents and use_v2_feature_versioning) are successfully stripped from the payload.

4.Schema Validation: Explicitly proved that the intercepted dictionary perfectly aligns with the V1EnvironmentDocumentResponse TypedDict, guaranteeing that the public API view will not break.

[claude]

⚠️ Code review skipped — your organization's overage spend limit has been reached.

Code review is billed via overage credits. To resume reviews, an organization admin can raise the monthly limit in Settings → Usage.

Once credits are available, reopen this pull request to trigger a review.

[vercel]

@SahilJat is attempting to deploy a commit to the Flagsmith Team on Vercel.

A member of the Team first needs to authorize it.

[cursor]

Cursor Bugbot has reviewed your changes and found 3 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[cursor]

You have used all of your free Bugbot PR reviews.

To receive reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

[SahilJat]

hi @khvn26 all the precommit has been passed the only test failing require authorization , please let me know if its good to go or do i have to make some changes also I noticed that compress_dynamo_documents was temporarily disabled in api/integrations/flagsmith/data/environment.json to mitigate this cache poisoning. Once this PR is merged and deployed, you should be completely safe to flip that flag back to true!

[khvn26]

Hello @SahilJat — happy to approve this, and thanks for the contribution!

[khvn26]

Sorry @SahilJat — the solution looks sound to me but I'd like the failing tests fixed. Can you see to that?

[SahilJat]

hi @khvn26 i made the changes inside the test files ,

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.27%. Comparing base (67fa5fd) to head (c3fabab).
⚠️ Report is 71 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7014      +/-   ##
==========================================
- Coverage   98.31%   98.27%   -0.05%     
==========================================
  Files        1335     1336       +1     
  Lines       49784    50047     +263     
==========================================
+ Hits        48947    49182     +235     
- Misses        837      865      +28     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[khvn26]

👍