feat(ops/security): add Phase 2.3 test + close ops-security-hardening spec#280
Merged
Merged
Conversation
… spec Phases 1-4 of docs/specs/ops-security-hardening/ all landed across v6.7.1 PRs (#254 + #256) earlier today. This adds the one missing piece — Phase 2.3 regression guard — and closes the spec docs. CODE - tests/unit/ops/test_runner.py: add test_subscriber_queue_does_not_block_fast_subscribers. Regression guard asserting that a slow subscriber doesn't block fast ones — _broadcast is a synchronous per-subscriber put_nowait, so QueueFull on one subscriber must not affect others. Pairs with the existing test_subscriber_queue_drops_slow_subscriber. SPEC - All 4 spec files: status draft -> complete (2026-05-12, pending Phase 5 smoke). Phase 5 = Patrick's manual curl + browser checks; not automatable from a session. - decisions.md: closure entry with the 3-PR table, satisfied resolution criteria, and the "out-of-scope items remain deferred, not regressions" note. - tasks.md: Phase 1-4 boxes ticked. Phase 5-6 remain open (10 items) pending manual verification. Local: tests/unit/ops/ 142 passed in 2.69s (was 141; +1 new test). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
github-actions
Bot
added
documentation
🔒 Security Scan Results✅ Status: PASSED - No blocking issues Summary
Total Findings: 0 🛠️ Need Help?If findings are false positives:
For emergency hotfixes:
Scanner Accuracy: ~82% (Industry-leading!) Powered by Attune AI Security Scanner | Documentation |
![github-code-quality[bot]](https://avatars.githubusercontent.com/u/9919?s=60&v=4){kind=small}
| # _broadcast is synchronous put_nowait per subscriber, so a backed-up | ||
| # queue triggers QueueFull on that subscriber only — the rest still | ||
| # receive the event in the same loop iteration. | ||
| import asyncio |
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes ops-security-hardening. Phases 1-4 already landed via v6.7.1 (PR #254 + PR #256) — this adds the one missing piece (Phase 2.3 regression guard) and closes the spec docs.
What's new
test_subscriber_queue_does_not_block_fast_subscribersin tests/unit/ops/test_runner.py. Regression guard asserting that one slow subscriber doesn't block fast ones — pairs with the existingtest_subscriber_queue_drops_slow_subscriber.Spec closure
draft→complete (2026-05-12, pending Phase 5 smoke)curl+ browser smoke testsWhat's left (not blocking merge)
Phase 5 smoke tests are interactive and stay open until Patrick runs them:
Plus a browser-load check that the dashboard still renders normally.
Test plan
🤖 Generated with Claude Code