fix: validate cluster-info and health response shape with ServerError

durable-workflow-ops · claude · durable-workflow-ops · commit 551cb98062c3 · 2026-04-17T09:16:14.000Z
assert isinstance(...) silently disappeared under python -O and
produced a bare AssertionError otherwise, so a malformed cluster-info
manifest would either crash without context or let the worker proceed
with an unchecked non-dict response. Both get_cluster_info() and
health() now raise ServerError with a stable reason
(invalid_cluster_info / invalid_health_response) when the wire shape
isn't a JSON object.

Closes TD-P010.

Co-Authored-By: Claude Opus 4.7 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/src/durable_workflow/client.py b/src/durable_workflow/client.py
@@ -10,6 +10,7 @@
 
 from . import serializer
 from .errors import (
+    ServerError,
     WorkflowCancelled,
     WorkflowFailed,
     WorkflowTerminated,
@@ -314,7 +315,11 @@ async def _do_request() -> httpx.Response:
     async def get_cluster_info(self) -> dict[str, Any]:
         """Fetch server version and capabilities from /api/cluster/info."""
         result = await self._request("GET", "/cluster/info", worker=False, context="get_cluster_info")
-        assert isinstance(result, dict)
+        if not isinstance(result, dict):
+            raise ServerError(
+                200,
+                {"reason": "invalid_cluster_info", "message": f"expected JSON object, got {type(result).__name__}"},
+            )
         return result
 
     def get_workflow_handle(
@@ -325,7 +330,11 @@ def get_workflow_handle(
     # ── Health ─────────────────────────────────────────────────────────
     async def health(self) -> dict[str, Any]:
         result = await self._request("GET", "/health")
-        assert isinstance(result, dict)
+        if not isinstance(result, dict):
+            raise ServerError(
+                200,
+                {"reason": "invalid_health_response", "message": f"expected JSON object, got {type(result).__name__}"},
+            )
         return result
 
     # ── Workflows ──────────────────────────────────────────────────────
diff --git a/tests/test_client.py b/tests/test_client.py
@@ -373,3 +373,55 @@ async def test_register_honors_explicit_sdk_version_override(self, client: Clien
             )
             body = mock.call_args.kwargs.get("json") or mock.call_args[1].get("json")
             assert body["sdk_version"] == "custom-runtime/9.9.9"
+
+
+class TestGetClusterInfo:
+    @pytest.mark.asyncio
+    async def test_returns_dict_payload(self, client: Client) -> None:
+        payload = {"version": "2.0.0", "capabilities": {"workflow": True}}
+        resp = _mock_response(200, payload)
+        with patch.object(client._http, "request", new_callable=AsyncMock, return_value=resp):
+            info = await client.get_cluster_info()
+            assert info == payload
+
+    @pytest.mark.asyncio
+    async def test_accepts_empty_dict(self, client: Client) -> None:
+        resp = _mock_response(200, {})
+        with patch.object(client._http, "request", new_callable=AsyncMock, return_value=resp):
+            info = await client.get_cluster_info()
+            assert info == {}
+
+    @pytest.mark.asyncio
+    async def test_rejects_list_payload(self, client: Client) -> None:
+        resp = httpx.Response(200, content=b"[]", headers={"content-type": "application/json"},
+                              request=httpx.Request("GET", "http://test"))
+        with patch.object(client._http, "request", new_callable=AsyncMock, return_value=resp):
+            with pytest.raises(ServerError) as exc:
+                await client.get_cluster_info()
+            assert exc.value.reason() == "invalid_cluster_info"
+
+    @pytest.mark.asyncio
+    async def test_rejects_string_payload(self, client: Client) -> None:
+        resp = httpx.Response(200, content=b'"oops"', headers={"content-type": "application/json"},
+                              request=httpx.Request("GET", "http://test"))
+        with patch.object(client._http, "request", new_callable=AsyncMock, return_value=resp):
+            with pytest.raises(ServerError) as exc:
+                await client.get_cluster_info()
+            assert exc.value.reason() == "invalid_cluster_info"
+
+
+class TestHealth:
+    @pytest.mark.asyncio
+    async def test_returns_dict_payload(self, client: Client) -> None:
+        resp = _mock_response(200, {"status": "ok"})
+        with patch.object(client._http, "request", new_callable=AsyncMock, return_value=resp):
+            assert await client.health() == {"status": "ok"}
+
+    @pytest.mark.asyncio
+    async def test_rejects_non_dict(self, client: Client) -> None:
+        resp = httpx.Response(200, content=b"true", headers={"content-type": "application/json"},
+                              request=httpx.Request("GET", "http://test"))
+        with patch.object(client._http, "request", new_callable=AsyncMock, return_value=resp):
+            with pytest.raises(ServerError) as exc:
+                await client.health()
+            assert exc.value.reason() == "invalid_health_response"
