recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
076fa31552d0b2a76907eb17d09ed202a04cbcdd
cc-ci/tests/bluesky-pds/PARITY.md
autonomic-bot 6115d2eccf feat(2): Q4.3 — bluesky-pds Phase-2 enrollment + 3 tests cold green 
- tests/bluesky-pds/recipe_meta.py: HEALTH_PATH=/xrpc/_health, 600s timeouts.
- tests/bluesky-pds/install_steps.sh: recipe needs pds_plc_rotation_key (32-byte secp256k1
  hex, marked generate=false). Hook generates via cc-ci-run python (secrets.token_bytes(32);
  random 32-byte value is almost-always a valid secp256k1 private key, ~2^-128 fail rate).
  Inserted via 'abra app secret insert' under TTY-wrap. Per-run class-B; destroyed at teardown.
- tests/bluesky-pds/PARITY.md: no health_check.py in the recipe-maintainer corpus -> Phase-2
  health_check aligned with parity convention. goat_account.py parity deferred (needs goat CLI
  in container; operational complexity).
- 3 functional tests:
  - test_health_check.py: GET /xrpc/_health -> 200, {version: ...}.
  - test_describe_server.py: GET /xrpc/com.atproto.server.describeServer -> 200, JSON with
    atproto config keys (availableUserDomains/inviteCodeRequired/links/did).
  - test_session_auth.py: GET /xrpc/com.atproto.server.getSession (no auth) -> 401 + JSON
    XRPC error envelope. (Replaced test_well_known_did — /.well-known/atproto-did isn't
    auto-published by the recipe.)

Cold-verifiable: ssh cc-ci 'RECIPE=bluesky-pds STAGES=install,custom cc-ci-run runner/run_recipe_ci.py'
  install + 3 custom tests all PASS, deploy-count=1.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-28 16:05:51 +01:00

34 lines
2.8 KiB
Markdown
Raw Blame History

# Parity — bluesky-pds
Phase-2 P2 mapping table.
| recipe-maintainer file | cc-ci file | what's verified | status |
|---|---|---|---|
| (no health_check.py in the recipe-maintainer corpus) | `tests/bluesky-pds/functional/test_health_check.py` | GETs `/xrpc/_health` (the PDS health endpoint); asserts 200 + JSON with `version` field. Phase-2 health_check aligned with the parity-port convention. | **Phase-2 health_check** |
| `recipe-info/bluesky-pds/tests/goat_account.py` | (deferred to Q4.3 follow-up — needs `goat` CLI in container) | The original creates a test admin account via `abra app run app -- goat pds admin account create ...`. Doable in cc-ci via `lifecycle.exec_in_app` calling the `goat` CLI inside the PDS container, but adds operational complexity (account state cleanup across runs). Deferred to follow-up. | **deferred** |
## Recipe-specific tests (Phase-2 P3, ≥2 beyond parity)
bluesky-pds is an **atproto Personal Data Server** — its characteristic behavior is the
public XRPC API + the well-known `atproto-did` server identifier. Two new functional tests:
| cc-ci file | what's verified | rationale |
|---|---|---|
| `tests/bluesky-pds/functional/test_describe_server.py` | GETs `/xrpc/com.atproto.server.describeServer` (the public atproto endpoint that advertises the PDS's available account creation policy); asserts 200 + JSON envelope with at least `availableUserDomains` (array; the PDS's hosting domains) or `inviteCodeRequired` (bool). | Proves the atproto XRPC API is alive AND the PDS-specific configuration is being served (not just a generic 200). Non-vacuous: a PDS that boots but can't serve its server description is broken. |
| `tests/bluesky-pds/functional/test_session_auth.py` | GETs `/xrpc/com.atproto.server.getSession` (no auth); asserts **401** + a JSON XRPC error envelope with an `error` field. | Proves the PDS's atproto auth contract is enforced. Non-vacuous: 200 = anonymous leak (security bug); 404 = route missing; 5xx = backend broken — only 401 + a proper XRPC error envelope indicates a correctly-wired PDS. (An earlier draft tried `/.well-known/atproto-did` but that endpoint is only published when the bare DOMAIN is registered as a server-DID, which the recipe doesn't auto-configure.) |
Two specific tests + parity health_check = ≥2 floor met. Backup data-integrity is N/A unless the
recipe declares `backupbot.backup=true` labels (Phase-1d auto-detect handles the skip).
## Playwright (P6)
bluesky-pds has **no first-party browser UI** — the recipe is an atproto PDS that other apps
(bsky.app, atproto clients) consume. So P6 is N/A; HTTP/XRPC functional tests are the canonical
surface.
## Non-ports
`goat_account.py` is deferred (operational complexity; needs goat CLI + account state cleanup
across runs). Logged here per §7.1; will lift if/when the goat-CLI path is wrapped into the
harness.
Reference in New Issue View Git Blame Copy Permalink