Ratchet egress_addon coverage to >=90% (ADR 0004) #295

Open

didericis-claude wants to merge 1 commits from ratchet-egress-addon-90 into cover-global-90

Author	SHA1	Message	Date
didericis	18059f2a78	test(egress): ratchet egress_addon coverage to >=90% lint / lint (push) Successful in 1m52s Details test / unit (pull_request) Successful in 44s Details test / integration (pull_request) Successful in 16s Details test / coverage (pull_request) Successful in 58s Details First per-module ratchet under ADR 0004. Extend the adapter flow suite to cover the remaining behavioural gaps: - inbound response DLP: injection block (403), warn (logged, forwarded), and LOG_FULL response logging - WebSocket inbound (server->client) scanning: injection kills the connection; warn does not; no-websocket is a no-op - redaction scrubs the token in a header and the request path, not just the body - supervise queue-write OSError fails closed (403) - _token_allow_timeout_from_env: unset/valid/non-numeric/non-positive - SIGHUP handler reloads routes; a reload failure keeps the last good config - LOG_FULL logs the forwarded request egress_addon.py: 76% -> 94%. The remaining misses are the low-value edges (no-SIGHUP platform, hostname-redaction-fails-closed) called out in the egress adapter PR. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01NkwFXLFff9PYPy4wgVBJp9	2026-06-25 21:54:36 -04:00

Author

SHA1

Message

Date

didericis

18059f2a78

test(egress): ratchet egress_addon coverage to >=90%

lint / lint (push) Successful in 1m52s

Details

test / unit (pull_request) Successful in 44s

Details

test / integration (pull_request) Successful in 16s

Details

test / coverage (pull_request) Successful in 58s

Details

First per-module ratchet under ADR 0004. Extend the adapter flow suite
to cover the remaining behavioural gaps:

- inbound response DLP: injection block (403), warn (logged, forwarded),
  and LOG_FULL response logging
- WebSocket inbound (server->client) scanning: injection kills the
  connection; warn does not; no-websocket is a no-op
- redaction scrubs the token in a header and the request path, not just
  the body
- supervise queue-write OSError fails closed (403)
- _token_allow_timeout_from_env: unset/valid/non-numeric/non-positive
- SIGHUP handler reloads routes; a reload failure keeps the last good
  config
- LOG_FULL logs the forwarded request

egress_addon.py: 76% -> 94%. The remaining misses are the low-value
edges (no-SIGHUP platform, hostname-redaction-fails-closed) called out
in the egress adapter PR.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NkwFXLFff9PYPy4wgVBJp9

2026-06-25 21:54:36 -04:00

Ratchet egress_addon coverage to >=90% (ADR 0004) #295

1 Commits