fix(e2e): A10 uses disposable session; queue stays anon (prod green pt2)#177
Merged
Conversation
Run 26998139097 (the #176 fix) got most legs green but 3 still red: 1. A10 logout-revocation (live-auth.spec.ts) revoked the WORKFLOW-MINTED E2E_SESSION_JWT. That assumption ("A10 is the last authed leg") broke once #176 made live-claim-deploy (deploy leg) and live-provision-smoke also provision/reap AS that minted session — they run AFTER live-auth, so the deploy POST got 401 revoked_session and smoke's /db fell through to the anon path (tier=anonymous, then 402/401-on-reap). Fix: A10 now ALWAYS revokes a DISPOSABLE bearer it owns — provisionAndClaim now returns the claim's real session_token (onboarding.go:537), and A10 revokes THAT throwaway team's session, reaping its resource BEFORE the logout (the logout kills the only bearer that authorizes the DELETE). Never touches E2E_SESSION_JWT. 2. Authed (pro) /queue/new HANGS on prod (90s timeout) — the isolated per-tenant NATS path blocks until the operator seeds NATS NKeys (CLAUDE.md P1 gap). Fix: provisionIdentity(extra, forceAnon) pins the queue flow to the anonymous path (fast, returns auth_mode=legacy_open). The anon resource is TTL-reaped (no authed DELETE for anon resources); the anon-provision spec's reap is best-effort for no-bearer resources (asserts only 401/403 — the expected "no unauthed delete" outcome — so a different failure still reds). 3. Smoke tier=anonymous + 402 was a downstream symptom of (1); fixed by it. npm run gate green (1115 passed, 3 skipped). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
size-limit report 📦
|
mastermanas805
added a commit
that referenced
this pull request
Jun 5, 2026
…178) Run 26998759093 (the #177 fix) closed queue + A10; 2 legs still red: 1. Deploy-lifecycle inline reap got 409 deletion_already_pending — the test's own DELETE step starts the soft-delete/email flow, then the reap's second DELETE races it. And the final out-of-process reap:live got 503 team_lookup_failed because the workflow reaps the minted ACCOUNT (cascading away its resources) BEFORE the ledger sweep runs. Both mean "already being torn down / gone with the account", not a leak. Fix: reapEntities now counts 409 deletion_already_pending and 503 team_lookup_failed as alreadyGone. 2. live-provision-smoke /db/new hung 90s (test timeout) on the AUTHED (pro) path — authed /db/new provisions a DEDICATED database, slower than the timeout; the anon path uses the fast hot-pool. (Authed vector/cache/nosql in live-anon-provision still cover the minted-pro provision path.) Fix: smoke pins forceAnon (fast hot-pool, fingerprint bypass), with the same best-effort no-bearer reap (anon resources are TTL-reaped; assert only 401/403 so an unexpected failure still reds). npm run gate green (1115 passed, 3 skipped). Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
mastermanas805
added a commit
that referenced
this pull request
Jun 5, 2026
…ut flake (#180) nosql was the LAST dedicated-backing-DB service still on the slow authed (minted-pro) provision path. The authed /nosql/new path provisions a DEDICATED MongoDB per team — cold-provision > 90s on prod — which timed out the LIVE suite at the per-test limit (flaky run 27000380873 failed on /nosql/new; an earlier run failed on /vector/new). Prior PRs pinned db (#178) + queue (#177) + vector (#179) to the fast anon hot-pool; this completes the set. Systemic fix: EVERY service whose authed path provisions a dedicated backing DB (db/vector/nosql) now uses forceAnon (anon hot-pool, TTL-reaped), so none can hit the slow authed-dedicated-provision timeout. The fast, no-dedicated-DB services (cache/storage/webhook) stay on the authed/minted-account + authed-reap path, and the auth specs + claim flow + minted-account lifecycle keep exercising the on-the-fly minted account — "test accounts on the fly" coverage is retained. Adds a per-service path table (dedicated-DB? + fast-authed vs anon-hot-pool + why) to live-anon-provision.spec.ts and syncs the cohort.ts/smoke-spec comments. Secondary guard: bump playwright.live.config.ts per-test timeout 90s → 120s for extra cold-hot-pool/network headroom (the forceAnon pinning is the primary fix). Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix-forward on #176. Run 26998139097 went from 5 red to 3 red; this closes the remaining 3.
Root causes
E2E_SESSION_JWT. Its premise ("A10 is the last authed leg, so revoking the minted bearer is safe") broke once fix(e2e): green prod LIVE suite — provision+reap as minted pro account #176 madelive-claim-deploy(deploy leg) andlive-provision-smokeprovision/reap as the minted session. Those specs run afterlive-auth(serial, alphabetical), so the deployPOST /deploy/newgot401 revoked_sessionand smoke's/db/newfell through to the anon path (tier=anonymous, then 402/401-on-reap).provisionAndClaimnow returns the claim's realsession_token; A10 revokes that throwaway team's session (reaping its resource before logout, since logout kills the bearer).E2E_SESSION_JWTis never revoked./queue/newhangs on prod (90s timeout). The isolated per-tenant NATS path blocks until the operator seeds NATS NKeys (CLAUDE.md P1 gap).provisionIdentity(extra, forceAnon)pins the queue flow to the anonymous path (fast,auth_mode=legacy_open). The anon resource is TTL-reaped; the spec's reap is best-effort for no-bearer resources (asserts only 401/403, so an unexpected failure still reds).tier=anonymous+402 was a downstream symptom of (1).Verification
npm run gategreen (1115 passed, 3 skipped). The e2e-prod run is the live gate.🤖 Generated with Claude Code