bretton.dev
code
Clone this repository
https://tangled.org/bretton.dev/coves
git@knot.bretton.dev:bretton.dev/coves
For self-hosted knots, clone URLs may differ based on your setup.
Implemented all 6 critical E2E test suites required for Alpha launch:
1. **User Journey E2E Test** (user_journey_e2e_test.go)
- Tests complete user flow: signup → create community → post → comment → vote
- Uses real PDS accounts and Jetstream WebSocket subscription
- Validates full atProto write-forward architecture
- Fixed silent fallback: now fails by default if Jetstream times out
- Use ALLOW_SIMULATION_FALLBACK=true env var to enable fallback in CI
2. **Blob Upload E2E Test** (blob_upload_e2e_test.go)
- Tests image upload to PDS via com.atproto.repo.uploadBlob
- Fixed to use REAL PDS credentials instead of fake tokens
- Tests PNG, JPEG, and WebP (MIME only) format validation
- Validates blob references in post records
- Tests multiple images and external embed thumbnails
3. **Concurrent Scenarios Test** (concurrent_scenarios_test.go)
- Tests race conditions with 20-30 simultaneous users
- Added database record verification to detect duplicates/lost records
- Uses COUNT(*) and COUNT(DISTINCT) queries to catch race conditions
- Tests concurrent: voting, mixed voting, commenting, subscriptions
4. **Multi-Community Timeline Test** (timeline_test.go)
- Tests feed aggregation across multiple communities
- Validates sorting (hot, new, top) and pagination
- Tests cross-community post interleaving
5. **Rate Limiting E2E Test** (ratelimit_e2e_test.go)
- Tests 100 req/min general limit
- Tests 20 req/min comment endpoint limit
- Tests 10 posts/hour aggregator limit
- Removed fake summary test, converted to documentation
6. **Error Recovery Test** (error_recovery_test.go)
- Tests Jetstream connection retry logic
- Tests PDS unavailability handling
- Tests malformed event handling
- Renamed reconnection test to be honest about scope
- Improved SQL cleanup patterns to be more specific
**Architecture Validated:**
- atProto write-forward: writes to PDS, AppView indexes from Jetstream
- Real Docker infrastructure: PDS (port 3001), Jetstream (6008), PostgreSQL (5434)
- Graceful degradation: tests skip if infrastructure unavailable (CI-friendly)
**Security Tested:**
- Input validation at handler level
- Parameterized queries (no SQL injection)
- Authorization checks before operations
- Rate limiting enforcement
**Time Saved:** ~7-12 hours through parallel sub-agent implementation
**Test Quality:** Enhanced with database verification to catch race conditions
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add comprehensive Alpha launch readiness documentation and production
JWT verification testing infrastructure.
**Alpha Go-Live PRD** (docs/PRD_ALPHA_GO_LIVE.md):
- Track remaining work for alpha launch with real users
- P0 blockers: DPoP architecture fix, JWT verification (2 items)
- ✅ Validated handle resolution already implemented
- ✅ Validated comment_count reconciliation already implemented
- P1 infrastructure: Monitoring, logging, backups, load testing
- E2E testing recommendations (7 critical gaps identified)
- Timeline: 65-80 hours (~2-3 weeks)
- Go/no-go decision criteria and risk assessment
**JWT Verification Test** (tests/integration/jwt_verification_test.go):
- E2E test for JWT signature verification with real PDS
- Tests JWT parsing, JWKS fetching, and auth middleware
- Validates AUTH_SKIP_VERIFY=false production mode
- Handles both dev PDS (symmetric) and production PDS (JWKS)
- Tests tampered token rejection
Changes support alpha launch planning and production security validation.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixes two backlog issues:
1. Post comment_count reconciliation - Added tests proving it works
2. Handle resolution for block/unblock endpoints - Full implementation
Changes include:
- 15 new integration tests (all passing)
- Handle resolution with proper error handling (400/404/500)
- Updated documentation in PRD_BACKLOG.md
- Code formatting compliance with gofumpt
Auto-formatting comment blocks to comply with gofumpt standards.
No functional changes.
Mark the following backlog items as complete:
1. Post comment_count reconciliation (2025-11-16)
- Added comprehensive test coverage (4 test cases)
- Updated misleading FIXME comment to accurate documentation
- Verified existing reconciliation logic works correctly
2. Handle resolution for block endpoints (2025-11-16)
- Phase 3: Block/unblock endpoints now accept handles
- Added 11 test cases covering all identifier formats
- Proper error handling (400 for validation, 404 for not found)
- Phase 1 (post creation) was already complete
Both issues estimated at 2-3 hours each, completed with full test
coverage and documentation updates.
Update block and unblock handlers to accept at-identifiers (handles)
in addition to DIDs, resolving them via ResolveCommunityIdentifier().
Changes:
- Remove DID-only validation in HandleBlock and HandleUnblock
- Add ResolveCommunityIdentifier() call with proper error handling
- Map validation errors (malformed identifiers) to 400 Bad Request
- Map not-found errors to 404
- Map other errors to 500 Internal Server Error
Supported formats:
- DIDs: did:plc:xxx, did:web:xxx
- Canonical handles: gaming.community.coves.social
- @-prefixed handles: @gaming.community.coves.social
- Scoped format: !gaming@coves.social
Test coverage (11 test cases):
- Block with canonical handle
- Block with @-prefixed handle
- Block with scoped format
- Block with DID (backwards compatibility)
- Block with malformed identifiers (4 cases - returns 400)
- Block with invalid/nonexistent handle (returns 404)
- Unblock with handle
- Unblock with invalid handle
Addresses PR feedback: Validation errors now return 400 instead of 500
Fixes issue: Handle Resolution Missing
Affected: Post creation, blocking endpoints
Add comprehensive integration tests verifying that post comment_count
is correctly reconciled when comments arrive before their parent post
due to out-of-order Jetstream event delivery.
Test coverage:
- Single comment arrives before post - count reconciled to 1
- Multiple comments arrive before post - count reconciled correctly
- Mixed ordering (comments before and after post) - count accurate
- Idempotent post indexing preserves comment_count
Also update misleading FIXME comment in comment_consumer.go to accurate
NOTE explaining that reconciliation IS implemented in post_consumer.go
at lines 210-226.
Fixes issue: Post comment_count Never Reconciles
File: internal/atproto/jetstream/comment_consumer.go:362