Skip to content

fix: resolve spec-drift audit findings (code + specs)#148

Merged
themightychris merged 2 commits into
developfrom
chore/spec-drift-fixes
Jun 30, 2026
Merged

fix: resolve spec-drift audit findings (code + specs)#148
themightychris merged 2 commits into
developfrom
chore/spec-drift-fixes

Conversation

@themightychris

Copy link
Copy Markdown
Member

Resolves the real findings from a spec-drift audit (two scoped spec-drift-auditor passes), and records the false positives that were verified away rather than blindly 'fixed'.

Code (apps/api)

  • Removed the legacy DELETE /api/people/:slug route + softDelete — an undocumented admin-only soft-delete parallel to the canonical self|staff POST /deactivate (diverging authz). Superseded by deactivate/reactivate/purge.
  • commit-meta: emit the Response-Message trailer that storage.md requires (only Response-Code was written).
  • PATCH /api/people/:slug: additionalProperties: false + enumerated fields — privileged fields (accountLevel) are now rejected (422), not silently ignored.

Specs/docs

  • storage.md public/private contradiction — ground-truthed: codeforphilly-data is private on GitHub today, holding public-by-design content. Corrected the table claim it "contains emails, real names, IPs" (contradicted the redaction section). Fixed "publicly cloneable", the scrub-data.ts path, and the moot request-body redaction note.
  • people.md — documented slackHandle + deletedAt in the Person response shape (deletedAt gated to self/staff); clarified ?accountLevel= → empty 200 for non-staff; PATCH note points at the dedicated endpoint.
  • legacy-id-mapping.md — tightened the byLegacyId claim (runtime indices only for people/projects/blog-posts).
  • conventions.md — Idempotency-Key marked built-but-not-yet-wired.

Verified false positives (NOT changed)

  • reloadInMemoryState vs swapPublic — the hot-reload path does call swapPublic (reload.ts:76); spec was right.
  • perPage out-of-range "returns 400" — this app remaps validation → 422 (errors.ts:179).
  • account-level Previous-Account-Level: unknown "race" — 404 aborts the commit before any trailer persists.

Validation

type-check + lint clean; people + write-api suites 52/52.

🤖 Generated with Claude Code

themightychris and others added 2 commits June 29, 2026 21:04
From the spec-drift audit:

- Remove the legacy DELETE /api/people/:slug route + softDelete service
  method — an undocumented admin-only soft-delete running parallel to the
  canonical self|staff POST /deactivate (diverging authz). Superseded by
  deactivate/reactivate/purge.
- commit-meta: emit the Response-Message trailer (HTTP reason phrase) that
  specs/behaviors/storage.md#commit-message-shape requires; only
  Response-Code was being written.
- PATCH /api/people/:slug: enumerate editable fields + additionalProperties:
  false so privileged fields (accountLevel) are rejected (422) instead of
  silently ignored — hardens the dedicated-endpoint rule.

type-check + lint clean; people + write-api suites 52/52.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- storage.md: resolve the public/private contradiction. Ground truth:
  codeforphilly-data is a PRIVATE GitHub repo today holding public-by-design
  content. Corrected the table claim that it "contains emails, real names,
  IPs" (which contradicted the redaction section — PII lives in the private
  store). Fixed "publicly cloneable" framing, the scrub-data.ts path, and
  clarified commit bodies carry only the caller summary (request-body
  redaction is moot).
- people.md: document slackHandle + deletedAt in the Person response shape
  (deletedAt gated to self/staff); clarify ?accountLevel= returns empty 200
  to non-staff; point the PATCH note at the dedicated account-level endpoint.
- legacy-id-mapping.md: tighten the byLegacyId claim — runtime indices exist
  only for people/projects/blog-posts; the other sheets carry legacyId for
  import idempotence only.
- conventions.md: mark Idempotency-Key as built-but-not-yet-wired (status).

plans/spec-drift-fixes.md records real findings, fixes, and the verified
false positives (swapPublic, perPage 400-vs-422, the account-level trailer
"race") that were checked rather than blindly "fixed".

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@themightychris themightychris merged commit ca3bcb3 into develop Jun 30, 2026
1 check passed
@themightychris themightychris deleted the chore/spec-drift-fixes branch June 30, 2026 01:07
@themightychris themightychris mentioned this pull request Jun 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant