reviewflow 3.36.1 → 3.37.1

package/dist/tests/acceptance/200-webhook-event-idempotency.acceptance.test.js

@@ -0,0 +1,244 @@
+import { vi } from 'vitest';
+const mockConfig = {
+    server: { port: 3000 },
+    user: { gitlabUsername: 'claude-bot', githubUsername: 'claude-bot' },
+    queue: { maxConcurrent: 1, deduplicationWindowMs: 60000 },
+    repositories: [],
+};
+const mockRepoConfig = {
+    name: 'test-project',
+    platform: 'gitlab',
+    localPath: '/home/user/projects/test-project',
+    remoteUrl: 'https://gitlab.com/test-org/test-project.git',
+    skill: 'review-front',
+    enabled: true,
+};
+vi.mock('@/config/loader.js', () => ({
+    loadConfig: vi.fn(() => mockConfig),
+    findRepositoryByProjectPath: vi.fn(() => mockRepoConfig),
+}));
+vi.mock('@/security/verifier.js', () => ({
+    verifyGitLabSignature: vi.fn(() => ({ valid: true })),
+    getGitLabEventType: vi.fn(() => 'Merge Request Hook'),
+    getGitLabEventUuid: vi.fn((request) => request.headers['x-gitlab-event-uuid']),
+}));
+vi.mock('@/frameworks/queue/pQueueAdapter.js', () => ({
+    createJobId: vi.fn(() => 'gitlab-test-org/test-project-42'),
+    enqueueReview: vi.fn(() => Promise.resolve(true)),
+    updateJobProgress: vi.fn(),
+    cancelJob: vi.fn(),
+}));
+vi.mock('@/claude/invoker.js', () => ({
+    invokeClaudeReview: vi.fn(),
+    sendNotification: vi.fn(),
+}));
+vi.mock('@/main/websocket.js', () => ({
+    startWatchingReviewContext: vi.fn(),
+    stopWatchingReviewContext: vi.fn(),
+}));
+vi.mock('@/config/projectConfig.js', () => ({
+    loadProjectConfig: vi.fn(() => null),
+    getProjectAgents: vi.fn(() => null),
+    getProjectAgentsOrFocusDefaults: vi.fn(() => null),
+    getFollowupAgents: vi.fn(() => null),
+    getProjectLanguage: vi.fn(() => 'en'),
+}));
+import { describe, it, expect, beforeEach } from 'vitest';
+import { handleGitLabWebhook } from '../../modules/platform-integration/interface-adapters/controllers/webhook/gitlab.controller.js';
+import { InMemoryIdempotencyStore } from '../../modules/platform-integration/interface-adapters/gateways/inMemoryIdempotencyStore.gateway.js';
+import { CheckFollowupNeededUseCase } from '../../modules/tracking/usecases/tracking/checkFollowupNeeded.usecase.js';
+import { HandlePlatformApprovalUseCase } from '../../modules/tracking/usecases/tracking/handlePlatformApproval.usecase.js';
+import { RecordBypassUseCase } from '../../modules/tracking/usecases/tracking/recordBypass.usecase.js';
+import { RecordPushUseCase } from '../../modules/tracking/usecases/tracking/recordPush.usecase.js';
+import { RecordReviewCompletionUseCase } from '../../modules/tracking/usecases/tracking/recordReviewCompletion.usecase.js';
+import { SyncThreadsUseCase } from '../../modules/tracking/usecases/tracking/syncThreads.usecase.js';
+import { TrackAssignmentUseCase } from '../../modules/tracking/usecases/tracking/trackAssignment.usecase.js';
+import { TransitionStateUseCase } from '../../modules/tracking/usecases/tracking/transitionState.usecase.js';
+import { GitLabEventFactory } from '../../tests/factories/gitLabEvent.factory.js';
+import { TrackedMrFactory } from '../../tests/factories/trackedMr.factory.js';
+import { StubApprovalRevocationGateway } from '../../tests/stubs/approvalRevocation.stub.js';
+import { StubIdempotencyStore } from '../../tests/stubs/idempotencyStore.stub.js';
+import { createStubLogger } from '../../tests/stubs/logger.stub.js';
+import { StubNoteCommentPostGateway } from '../../tests/stubs/noteCommentPost.stub.js';
+class StubGateClaudeInvocation {
+    invocationCount = 0;
+    result;
+    constructor(result = {
+        status: 'enqueued',
+        jobId: 'gitlab-test-org/test-project-42',
+    }) {
+        this.result = result;
+    }
+    async execute(_input) {
+        this.invocationCount += 1;
+        return this.result;
+    }
+}
+function createMockTrackingGateway() {
+    const basicMr = TrackedMrFactory.create({
+        id: 'gitlab-test-org/test-project-42',
+        mrNumber: 42,
+        platform: 'gitlab',
+        project: 'test-org/test-project',
+    });
+    return {
+        getById: vi.fn(() => basicMr),
+        getByNumber: vi.fn(() => null),
+        create: vi.fn(),
+        update: vi.fn(),
+        getByState: vi.fn(() => []),
+        getActiveMrs: vi.fn(() => []),
+        remove: vi.fn(() => true),
+        archive: vi.fn(() => true),
+        recordReviewEvent: vi.fn(),
+        recordPush: vi.fn(() => null),
+        loadTracking: vi.fn(() => null),
+        saveTracking: vi.fn(),
+    };
+}
+function createStubContextGateway() {
+    return {
+        create: vi.fn(() => ({ success: true, filePath: '' })),
+        read: vi.fn(() => null),
+        delete: vi.fn(() => ({ success: true, deleted: true })),
+        exists: vi.fn(() => false),
+        getFilePath: vi.fn(() => ''),
+        appendAction: vi.fn(() => ({ success: true })),
+        updateProgress: vi.fn(() => ({ success: true })),
+        setResult: vi.fn(() => ({ success: true })),
+        listAll: vi.fn(() => []),
+    };
+}
+function createAcceptAllEnforceBudget() {
+    return {
+        execute: vi.fn(async () => ({
+            accepted: true,
+            status: {
+                limitUsd: 200,
+                consumedUsd: 0,
+                remainingUsd: 200,
+                percentUsed: 0,
+                exceeded: false,
+                periodStart: '2026-05-01T00:00:00.000Z',
+            },
+        })),
+    };
+}
+function createDeps(trackingGateway, overrides = {}) {
+    const threadFetchGateway = { fetchThreads: vi.fn(() => []) };
+    return {
+        reviewContextGateway: createStubContextGateway(),
+        threadFetchGateway,
+        diffMetadataFetchGateway: {
+            fetchDiffMetadata: vi.fn(() => ({ baseSha: 'abc', headSha: 'def', startSha: 'ghi' })),
+        },
+        diffStatsFetchGateway: { fetchDiffStats: vi.fn(() => null) },
+        trackAssignment: new TrackAssignmentUseCase(trackingGateway),
+        recordCompletion: new RecordReviewCompletionUseCase(trackingGateway),
+        recordPush: new RecordPushUseCase(trackingGateway),
+        transitionState: new TransitionStateUseCase(trackingGateway),
+        checkFollowupNeeded: new CheckFollowupNeededUseCase(trackingGateway),
+        syncThreads: new SyncThreadsUseCase(trackingGateway, threadFetchGateway),
+        enforceBudget: createAcceptAllEnforceBudget(),
+        broadcastBudgetExceeded: vi.fn(),
+        getRepositories: vi.fn(() => []),
+        removeWorktree: vi.fn(async () => ({ status: 'removed' })),
+        recordBypass: new RecordBypassUseCase(trackingGateway),
+        noteCommentPostGateway: new StubNoteCommentPostGateway(),
+        handlePlatformApproval: new HandlePlatformApprovalUseCase(trackingGateway),
+        approvalRevocationGateway: new StubApprovalRevocationGateway(),
+        getQualityThreshold: () => null,
+        now: () => '2026-05-26T12:00:00.000Z',
+        ...overrides,
+    };
+}
+function requestWith(uuid) {
+    const headers = {};
+    if (uuid !== undefined) {
+        headers['x-gitlab-event-uuid'] = uuid;
+    }
+    return {
+        body: GitLabEventFactory.createWithReviewerAdded('claude-bot'),
+        headers,
+    };
+}
+describe('Acceptance — SPEC-200: Webhook event idempotency and replay protection', () => {
+    let mockReply;
+    let mockGateway;
+    const logger = createStubLogger();
+    beforeEach(() => {
+        vi.clearAllMocks();
+        mockReply = {
+            status: vi.fn().mockReturnThis(),
+            send: vi.fn().mockReturnThis(),
+        };
+        mockGateway = createMockTrackingGateway();
+        mockGateway.getById.mockReturnValue(null);
+    });
+    describe('Rule: a redelivered event is acted upon at most once within the TTL window', () => {
+        it('answers the duplicate with HTTP 200 no-op, a single invocation and pristine output gateways', async () => {
+            const idempotencyStore = new InMemoryIdempotencyStore({ ttlMs: 60_000, clock: () => 0 });
+            const gateClaudeInvocation = new StubGateClaudeInvocation();
+            const noteCommentPostGateway = new StubNoteCommentPostGateway();
+            const approvalRevocationGateway = new StubApprovalRevocationGateway();
+            const trackAssignment = new TrackAssignmentUseCase(mockGateway);
+            const trackSpy = vi.spyOn(trackAssignment, 'execute');
+            const deps = createDeps(mockGateway, {
+                idempotencyStore,
+                gateClaudeInvocation,
+                noteCommentPostGateway,
+                approvalRevocationGateway,
+                trackAssignment,
+            });
+            await handleGitLabWebhook(requestWith('event-uuid-A'), mockReply, logger, mockGateway, deps);
+            const trackCallsAfterFirst = trackSpy.mock.calls.length;
+            await handleGitLabWebhook(requestWith('event-uuid-A'), mockReply, logger, mockGateway, deps);
+            expect(gateClaudeInvocation.invocationCount).toBe(1);
+            expect(trackSpy.mock.calls.length).toBe(trackCallsAfterFirst);
+            expect(noteCommentPostGateway.calls).toHaveLength(0);
+            expect(approvalRevocationGateway.calls).toHaveLength(0);
+            expect(mockReply.status).toHaveBeenLastCalledWith(200);
+        });
+    });
+    describe('Rule: distinct events are independent', () => {
+        it('lets two different UUIDs each reach the invocation chokepoint', async () => {
+            const idempotencyStore = new InMemoryIdempotencyStore({ ttlMs: 60_000, clock: () => 0 });
+            const gateClaudeInvocation = new StubGateClaudeInvocation();
+            const deps = createDeps(mockGateway, { idempotencyStore, gateClaudeInvocation });
+            await handleGitLabWebhook(requestWith('event-uuid-A'), mockReply, logger, mockGateway, deps);
+            await handleGitLabWebhook(requestWith('event-uuid-B'), mockReply, logger, mockGateway, deps);
+            expect(gateClaudeInvocation.invocationCount).toBe(2);
+        });
+    });
+    describe('Rule: a missing event UUID degrades to gated, never hard-rejects', () => {
+        it('reaches the chokepoint once, records no dedup entry and exposes no rejection branch', async () => {
+            const idempotencyStore = new StubIdempotencyStore();
+            const gateClaudeInvocation = new StubGateClaudeInvocation();
+            const deps = createDeps(mockGateway, { idempotencyStore, gateClaudeInvocation });
+            await handleGitLabWebhook(requestWith(undefined), mockReply, logger, mockGateway, deps);
+            expect(gateClaudeInvocation.invocationCount).toBe(1);
+            expect(idempotencyStore.recordedKeys).toHaveLength(0);
+            expect(idempotencyStore.entryCount).toBe(0);
+            expect(mockReply.status).not.toHaveBeenCalledWith(400);
+            expect(mockReply.status).not.toHaveBeenCalledWith(409);
+        });
+    });
+    describe('Rule: an event redelivered after the TTL window is reprocessed', () => {
+        it('re-accepts the same UUID once the clock advances beyond the TTL', async () => {
+            let currentTimeMs = 0;
+            const idempotencyStore = new InMemoryIdempotencyStore({
+                ttlMs: 60_000,
+                clock: () => currentTimeMs,
+            });
+            const gateClaudeInvocation = new StubGateClaudeInvocation();
+            const deps = createDeps(mockGateway, { idempotencyStore, gateClaudeInvocation });
+            await handleGitLabWebhook(requestWith('event-uuid-A'), mockReply, logger, mockGateway, deps);
+            await handleGitLabWebhook(requestWith('event-uuid-A'), mockReply, logger, mockGateway, deps);
+            expect(gateClaudeInvocation.invocationCount).toBe(1);
+            currentTimeMs = 60_001;
+            await handleGitLabWebhook(requestWith('event-uuid-A'), mockReply, logger, mockGateway, deps);
+            expect(gateClaudeInvocation.invocationCount).toBe(2);
+        });
+    });
+});
+//# sourceMappingURL=200-webhook-event-idempotency.acceptance.test.js.map

package/dist/tests/acceptance/200-webhook-event-idempotency.acceptance.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"200-webhook-event-idempotency.acceptance.test.js","sourceRoot":"","sources":["../../../src/tests/acceptance/200-webhook-event-idempotency.acceptance.test.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAI5B,MAAM,UAAU,GAAG;IACjB,MAAM,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;IACtB,IAAI,EAAE,EAAE,cAAc,EAAE,YAAY,EAAE,cAAc,EAAE,YAAY,EAAE;IACpE,KAAK,EAAE,EAAE,aAAa,EAAE,CAAC,EAAE,qBAAqB,EAAE,KAAK,EAAE;IACzD,YAAY,EAAE,EAAE;CACjB,CAAC;AAEF,MAAM,cAAc,GAAqB;IACvC,IAAI,EAAE,cAAc;IACpB,QAAQ,EAAE,QAAQ;IAClB,SAAS,EAAE,kCAAkC;IAC7C,SAAS,EAAE,8CAA8C;IACzD,KAAK,EAAE,cAAc;IACrB,OAAO,EAAE,IAAI;CACd,CAAC;AAEF,EAAE,CAAC,IAAI,CAAC,oBAAoB,EAAE,GAAG,EAAE,CAAC,CAAC;IACnC,UAAU,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC;IACnC,2BAA2B,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,cAAc,CAAC;CACzD,CAAC,CAAC,CAAC;AAEJ,EAAE,CAAC,IAAI,CAAC,wBAAwB,EAAE,GAAG,EAAE,CAAC,CAAC;IACvC,qBAAqB,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACrD,kBAAkB,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,oBAAoB,CAAC;IACrD,kBAAkB,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,OAAuB,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC;CAC/F,CAAC,CAAC,CAAC;AAEJ,EAAE,CAAC,IAAI,CAAC,qCAAqC,EAAE,GAAG,EAAE,CAAC,CAAC;IACpD,WAAW,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,iCAAiC,CAAC;IAC3D,aAAa,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACjD,iBAAiB,EAAE,EAAE,CAAC,EAAE,EAAE;IAC1B,SAAS,EAAE,EAAE,CAAC,EAAE,EAAE;CACnB,CAAC,CAAC,CAAC;AAEJ,EAAE,CAAC,IAAI,CAAC,qBAAqB,EAAE,GAAG,EAAE,CAAC,CAAC;IACpC,kBAAkB,EAAE,EAAE,CAAC,EAAE,EAAE;IAC3B,gBAAgB,EAAE,EAAE,CAAC,EAAE,EAAE;CAC1B,CAAC,CAAC,CAAC;AAEJ,EAAE,CAAC,IAAI,CAAC,qBAAqB,EAAE,GAAG,EAAE,CAAC,CAAC;IACpC,0BAA0B,EAAE,EAAE,CAAC,EAAE,EAAE;IACnC,yBAAyB,EAAE,EAAE,CAAC,EAAE,EAAE;CACnC,CAAC,CAAC,CAAC;AAEJ,EAAE,CAAC,IAAI,CAAC,2BAA2B,EAAE,GAAG,EAAE,CAAC,CAAC;IAC1C,iBAAiB,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC;IACpC,gBAAgB,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC;IACnC,+BAA+B,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC;IAClD,iBAAiB,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC;IACpC,kBAAkB,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC;CACtC,CAAC,CAAC,CAAC;AAEJ,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAE1D,OAAO,EAAE,mBAAmB,EAAE,MAAM,4FAA4F,CAAC;AACjI,OAAO,EAAE,wBAAwB,EAAE,MAAM,gGAAgG,CAAC;AAM1I,OAAO,EAAE,0BAA0B,EAAE,MAAM,qEAAqE,CAAC;AACjH,OAAO,EAAE,6BAA6B,EAAE,MAAM,wEAAwE,CAAC;AACvH,OAAO,EAAE,mBAAmB,EAAE,MAAM,8DAA8D,CAAC;AACnG,OAAO,EAAE,iBAAiB,EAAE,MAAM,4DAA4D,CAAC;AAC/F,OAAO,EAAE,6BAA6B,EAAE,MAAM,wEAAwE,CAAC;AACvH,OAAO,EAAE,kBAAkB,EAAE,MAAM,6DAA6D,CAAC;AACjG,OAAO,EAAE,sBAAsB,EAAE,MAAM,iEAAiE,CAAC;AACzG,OAAO,EAAE,sBAAsB,EAAE,MAAM,iEAAiE,CAAC;AACzG,OAAO,EAAE,kBAAkB,EAAE,MAAM,0CAA0C,CAAC;AAC9E,OAAO,EAAE,gBAAgB,EAAE,MAAM,wCAAwC,CAAC;AAC1E,OAAO,EAAE,6BAA6B,EAAE,MAAM,0CAA0C,CAAC;AACzF,OAAO,EAAE,oBAAoB,EAAE,MAAM,wCAAwC,CAAC;AAC9E,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,0BAA0B,EAAE,MAAM,uCAAuC,CAAC;AAEnF,MAAM,wBAAwB;IAC5B,eAAe,GAAG,CAAC,CAAC;IACH,MAAM,CAA6B;IAEpD,YACE,SAAqC;QACnC,MAAM,EAAE,UAAU;QAClB,KAAK,EAAE,iCAAiC;KACzC;QAED,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,MAAiC;QAC7C,IAAI,CAAC,eAAe,IAAI,CAAC,CAAC;QAC1B,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;CACF;AAED,SAAS,yBAAyB;IAChC,MAAM,OAAO,GAAG,gBAAgB,CAAC,MAAM,CAAC;QACtC,EAAE,EAAE,iCAAiC;QACrC,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,uBAAuB;KACjC,CAAC,CAAC;IAEH,OAAO;QACL,OAAO,EAAE,EAAE,CAAC,EAAE,CAAC,GAAqB,EAAE,CAAC,OAAO,CAAC;QAC/C,WAAW,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC;QAC9B,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE;QACf,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE;QACf,UAAU,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC;QAC3B,YAAY,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC;QAC7B,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC;QACzB,OAAO,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC;QAC1B,iBAAiB,EAAE,EAAE,CAAC,EAAE,EAAE;QAC1B,UAAU,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC;QAC7B,YAAY,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC;QAC/B,YAAY,EAAE,EAAE,CAAC,EAAE,EAAE;KACtB,CAAC;AACJ,CAAC;AAED,SAAS,wBAAwB;IAC/B,OAAO;QACL,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;QACtD,IAAI,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC;QACvB,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QACvD,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC;QAC1B,WAAW,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC;QAC5B,YAAY,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,cAAc,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAChD,SAAS,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3C,OAAO,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC;KACzB,CAAC;AACJ,CAAC;AAED,SAAS,4BAA4B;IACnC,OAAO;QACL,OAAO,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;YAC1B,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE;gBACN,QAAQ,EAAE,GAAG;gBACb,WAAW,EAAE,CAAC;gBACd,YAAY,EAAE,GAAG;gBACjB,WAAW,EAAE,CAAC;gBACd,QAAQ,EAAE,KAAK;gBACf,WAAW,EAAE,0BAA0B;aACxC;SACF,CAAC,CAAC;KACJ,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CACjB,eAA6D,EAC7D,YAAqC,EAAE;IAEvC,MAAM,kBAAkB,GAAG,EAAE,YAAY,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;IAC7D,OAAO;QACL,oBAAoB,EAAE,wBAAwB,EAAE;QAChD,kBAAkB;QAClB,wBAAwB,EAAE;YACxB,iBAAiB,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;SACtF;QACD,qBAAqB,EAAE,EAAE,cAAc,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE;QAC5D,eAAe,EAAE,IAAI,sBAAsB,CAAC,eAAe,CAAC;QAC5D,gBAAgB,EAAE,IAAI,6BAA6B,CAAC,eAAe,CAAC;QACpE,UAAU,EAAE,IAAI,iBAAiB,CAAC,eAAe,CAAC;QAClD,eAAe,EAAE,IAAI,sBAAsB,CAAC,eAAe,CAAC;QAC5D,mBAAmB,EAAE,IAAI,0BAA0B,CAAC,eAAe,CAAC;QACpE,WAAW,EAAE,IAAI,kBAAkB,CAAC,eAAe,EAAE,kBAAkB,CAAC;QACxE,aAAa,EAAE,4BAA4B,EAAE;QAC7C,uBAAuB,EAAE,EAAE,CAAC,EAAE,EAAE;QAChC,eAAe,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC;QAChC,cAAc,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,SAAkB,EAAE,CAAC,CAAC;QACnE,YAAY,EAAE,IAAI,mBAAmB,CAAC,eAAe,CAAC;QACtD,sBAAsB,EAAE,IAAI,0BAA0B,EAAE;QACxD,sBAAsB,EAAE,IAAI,6BAA6B,CAAC,eAAe,CAAC;QAC1E,yBAAyB,EAAE,IAAI,6BAA6B,EAAE;QAC9D,mBAAmB,EAAE,GAAkB,EAAE,CAAC,IAAI;QAC9C,GAAG,EAAE,GAAW,EAAE,CAAC,0BAA0B;QAC7C,GAAG,SAAS;KACb,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,IAAwB;IAC3C,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,OAAO,CAAC,qBAAqB,CAAC,GAAG,IAAI,CAAC;IACxC,CAAC;IACD,OAAO;QACL,IAAI,EAAE,kBAAkB,CAAC,uBAAuB,CAAC,YAAY,CAAC;QAC9D,OAAO;KACqB,CAAC;AACjC,CAAC;AAED,QAAQ,CAAC,wEAAwE,EAAE,GAAG,EAAE;IACtF,IAAI,SAAuB,CAAC;IAC5B,IAAI,WAAyD,CAAC;IAC9D,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;IAElC,UAAU,CAAC,GAAG,EAAE;QACd,EAAE,CAAC,aAAa,EAAE,CAAC;QACnB,SAAS,GAAG;YACV,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,cAAc,EAAE;YAChC,IAAI,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,cAAc,EAAE;SACJ,CAAC;QAC7B,WAAW,GAAG,yBAAyB,EAAE,CAAC;QAC1C,WAAW,CAAC,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,4EAA4E,EAAE,GAAG,EAAE;QAC1F,EAAE,CAAC,6FAA6F,EAAE,KAAK,IAAI,EAAE;YAC3G,MAAM,gBAAgB,GAAG,IAAI,wBAAwB,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;YACzF,MAAM,oBAAoB,GAAG,IAAI,wBAAwB,EAAE,CAAC;YAC5D,MAAM,sBAAsB,GAAG,IAAI,0BAA0B,EAAE,CAAC;YAChE,MAAM,yBAAyB,GAAG,IAAI,6BAA6B,EAAE,CAAC;YACtE,MAAM,eAAe,GAAG,IAAI,sBAAsB,CAAC,WAAW,CAAC,CAAC;YAChE,MAAM,QAAQ,GAAG,EAAE,CAAC,KAAK,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC;YACtD,MAAM,IAAI,GAAG,UAAU,CAAC,WAAW,EAAE;gBACnC,gBAAgB;gBAChB,oBAAoB;gBACpB,sBAAsB;gBACtB,yBAAyB;gBACzB,eAAe;aAChB,CAAC,CAAC;YAEH,MAAM,mBAAmB,CAAC,WAAW,CAAC,cAAc,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;YAC7F,MAAM,oBAAoB,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;YAExD,MAAM,mBAAmB,CAAC,WAAW,CAAC,cAAc,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;YAE7F,MAAM,CAAC,oBAAoB,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACrD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;YAC9D,MAAM,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACrD,MAAM,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACxD,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,wBAAwB,CAAC,GAAG,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,uCAAuC,EAAE,GAAG,EAAE;QACrD,EAAE,CAAC,+DAA+D,EAAE,KAAK,IAAI,EAAE;YAC7E,MAAM,gBAAgB,GAAG,IAAI,wBAAwB,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;YACzF,MAAM,oBAAoB,GAAG,IAAI,wBAAwB,EAAE,CAAC;YAC5D,MAAM,IAAI,GAAG,UAAU,CAAC,WAAW,EAAE,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,CAAC,CAAC;YAEjF,MAAM,mBAAmB,CAAC,WAAW,CAAC,cAAc,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;YAC7F,MAAM,mBAAmB,CAAC,WAAW,CAAC,cAAc,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;YAE7F,MAAM,CAAC,oBAAoB,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACvD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,kEAAkE,EAAE,GAAG,EAAE;QAChF,EAAE,CAAC,qFAAqF,EAAE,KAAK,IAAI,EAAE;YACnG,MAAM,gBAAgB,GAAG,IAAI,oBAAoB,EAAE,CAAC;YACpD,MAAM,oBAAoB,GAAG,IAAI,wBAAwB,EAAE,CAAC;YAC5D,MAAM,IAAI,GAAG,UAAU,CAAC,WAAW,EAAE,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,CAAC,CAAC;YAEjF,MAAM,mBAAmB,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;YAExF,MAAM,CAAC,oBAAoB,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACrD,MAAM,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACtD,MAAM,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC5C,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;YACvD,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,gEAAgE,EAAE,GAAG,EAAE;QAC9E,EAAE,CAAC,iEAAiE,EAAE,KAAK,IAAI,EAAE;YAC/E,IAAI,aAAa,GAAG,CAAC,CAAC;YACtB,MAAM,gBAAgB,GAAG,IAAI,wBAAwB,CAAC;gBACpD,KAAK,EAAE,MAAM;gBACb,KAAK,EAAE,GAAG,EAAE,CAAC,aAAa;aAC3B,CAAC,CAAC;YACH,MAAM,oBAAoB,GAAG,IAAI,wBAAwB,EAAE,CAAC;YAC5D,MAAM,IAAI,GAAG,UAAU,CAAC,WAAW,EAAE,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,CAAC,CAAC;YAEjF,MAAM,mBAAmB,CAAC,WAAW,CAAC,cAAc,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;YAC7F,MAAM,mBAAmB,CAAC,WAAW,CAAC,cAAc,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;YAE7F,MAAM,CAAC,oBAAoB,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAErD,aAAa,GAAG,MAAM,CAAC;YACvB,MAAM,mBAAmB,CAAC,WAAW,CAAC,cAAc,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;YAE7F,MAAM,CAAC,oBAAoB,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACvD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/tests/acceptance/201-transport-provenance-hardening.acceptance.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=201-transport-provenance-hardening.acceptance.test.d.ts.map

package/dist/tests/acceptance/201-transport-provenance-hardening.acceptance.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"201-transport-provenance-hardening.acceptance.test.d.ts","sourceRoot":"","sources":["../../../src/tests/acceptance/201-transport-provenance-hardening.acceptance.test.ts"],"names":[],"mappings":""}

package/dist/tests/acceptance/201-transport-provenance-hardening.acceptance.test.js

@@ -0,0 +1,72 @@
+import { describe, it, expect } from 'vitest';
+import { transportGuardMiddleware } from '../../modules/platform-integration/interface-adapters/controllers/webhook/transportGuard.middleware.js';
+import { ForwardedForClientIpResolver } from '../../modules/platform-integration/interface-adapters/gateways/transport/clientIpResolver.forwardedFor.gateway.js';
+const TRUSTED_HOP = '127.0.0.1';
+const config = {
+    trustedHopAddress: TRUSTED_HOP,
+    allowedCidrRanges: ['10.20.30.0/24'],
+};
+class FakeResponse {
+    statusCode = null;
+    sent = false;
+    code(status) {
+        this.statusCode = status;
+        return this;
+    }
+    send() {
+        this.sent = true;
+        return this;
+    }
+}
+function buildRequest(overrides = {}) {
+    return {
+        socket: { remoteAddress: overrides.remoteAddress ?? TRUSTED_HOP },
+        headers: {
+            'x-forwarded-proto': overrides.proto ?? 'https',
+            'x-forwarded-for': overrides.forwardedFor ?? '10.20.30.40, 127.0.0.1',
+        },
+    };
+}
+function runGuard(request) {
+    let nextCalled = false;
+    const reply = new FakeResponse();
+    transportGuardMiddleware({
+        request,
+        reply,
+        next: () => {
+            nextCalled = true;
+        },
+        resolver: new ForwardedForClientIpResolver(),
+    }, config);
+    return { nextCalled, statusCode: reply.statusCode, sent: reply.sent };
+}
+describe('SPEC-201 transport provenance hardening (acceptance — full chokepoint transportGuardMiddleware)', () => {
+    it('AC3 + AC5: allowlisted, https, hop-trusted request reaches the handler via next() with no rejection', () => {
+        const outcome = runGuard(buildRequest());
+        expect(outcome.nextCalled).toBe(true);
+        expect(outcome.statusCode).toBeNull();
+        expect(outcome.sent).toBe(false);
+    });
+    it('AC1 + AC5: untrusted direct socket is rejected with 403 and the handler is never reached', () => {
+        const outcome = runGuard(buildRequest({ remoteAddress: '203.0.113.7' }));
+        expect(outcome.nextCalled).toBe(false);
+        expect(outcome.statusCode).toBe(403);
+        expect(outcome.sent).toBe(true);
+    });
+    it('AC2: a hop-trusted request whose forwarded protocol is not https is rejected with 403', () => {
+        const outcome = runGuard(buildRequest({ proto: 'http' }));
+        expect(outcome.nextCalled).toBe(false);
+        expect(outcome.statusCode).toBe(403);
+    });
+    it('AC4: a request whose resolved client ip is outside every configured cidr range is rejected with 403', () => {
+        const outcome = runGuard(buildRequest({ forwardedFor: '192.168.1.1' }));
+        expect(outcome.nextCalled).toBe(false);
+        expect(outcome.statusCode).toBe(403);
+    });
+    it('AC1 + AC6: a spoofed X-Forwarded-For cannot rescue an untrusted socket — header is ignored, request still rejected', () => {
+        const outcome = runGuard(buildRequest({ remoteAddress: '203.0.113.7', forwardedFor: '10.20.30.40' }));
+        expect(outcome.nextCalled).toBe(false);
+        expect(outcome.statusCode).toBe(403);
+    });
+});
+//# sourceMappingURL=201-transport-provenance-hardening.acceptance.test.js.map

package/dist/tests/acceptance/201-transport-provenance-hardening.acceptance.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"201-transport-provenance-hardening.acceptance.test.js","sourceRoot":"","sources":["../../../src/tests/acceptance/201-transport-provenance-hardening.acceptance.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAE9C,OAAO,EAAE,wBAAwB,EAAE,MAAM,oGAAoG,CAAC;AAE9I,OAAO,EAAE,4BAA4B,EAAE,MAAM,+GAA+G,CAAC;AAE7J,MAAM,WAAW,GAAG,WAAW,CAAC;AAEhC,MAAM,MAAM,GAAyB;IACnC,iBAAiB,EAAE,WAAW;IAC9B,iBAAiB,EAAE,CAAC,eAAe,CAAC;CACrC,CAAC;AAOF,MAAM,YAAY;IAChB,UAAU,GAAkB,IAAI,CAAC;IACjC,IAAI,GAAG,KAAK,CAAC;IAEb,IAAI,CAAC,MAAc;QACjB,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI;QACF,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED,SAAS,YAAY,CACnB,YAAqF,EAAE;IAEvF,OAAO;QACL,MAAM,EAAE,EAAE,aAAa,EAAE,SAAS,CAAC,aAAa,IAAI,WAAW,EAAE;QACjE,OAAO,EAAE;YACP,mBAAmB,EAAE,SAAS,CAAC,KAAK,IAAI,OAAO;YAC/C,iBAAiB,EAAE,SAAS,CAAC,YAAY,IAAI,wBAAwB;SACtE;KACF,CAAC;AACJ,CAAC;AAQD,SAAS,QAAQ,CAAC,OAAoB;IACpC,IAAI,UAAU,GAAG,KAAK,CAAC;IACvB,MAAM,KAAK,GAAG,IAAI,YAAY,EAAE,CAAC;IAEjC,wBAAwB,CACtB;QACE,OAAO;QACP,KAAK;QACL,IAAI,EAAE,GAAG,EAAE;YACT,UAAU,GAAG,IAAI,CAAC;QACpB,CAAC;QACD,QAAQ,EAAE,IAAI,4BAA4B,EAAE;KAC7C,EACD,MAAM,CACP,CAAC;IAEF,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,KAAK,CAAC,UAAU,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC;AACxE,CAAC;AAED,QAAQ,CAAC,iGAAiG,EAAE,GAAG,EAAE;IAC/G,EAAE,CAAC,qGAAqG,EAAE,GAAG,EAAE;QAC7G,MAAM,OAAO,GAAG,QAAQ,CAAC,YAAY,EAAE,CAAC,CAAC;QAEzC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,EAAE,CAAC;QACtC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0FAA0F,EAAE,GAAG,EAAE;QAClG,MAAM,OAAO,GAAG,QAAQ,CAAC,YAAY,CAAC,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC;QAEzE,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACvC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACrC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uFAAuF,EAAE,GAAG,EAAE;QAC/F,MAAM,OAAO,GAAG,QAAQ,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QAE1D,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACvC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qGAAqG,EAAE,GAAG,EAAE;QAC7G,MAAM,OAAO,GAAG,QAAQ,CAAC,YAAY,CAAC,EAAE,YAAY,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC;QAExE,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACvC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oHAAoH,EAAE,GAAG,EAAE;QAC5H,MAAM,OAAO,GAAG,QAAQ,CACtB,YAAY,CAAC,EAAE,aAAa,EAAE,aAAa,EAAE,YAAY,EAAE,aAAa,EAAE,CAAC,CAC5E,CAAC;QAEF,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACvC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/tests/units/interface-adapters/controllers/webhook/gitlab.controller.test.js

@@ -522,6 +522,47 @@ describe('handleGitLabWebhook', () => {
             });
         });
         describe('AC4 - fail-closed membership resolution', () => {
+            function buildFollowupMr() {
+                return TrackedMrFactory.create({
+                    id: 'gitlab-test-org/test-project-42',
+                    mrNumber: 42,
+                    platform: 'gitlab',
+                    project: 'test-org/test-project',
+                    state: 'pending-review',
+                    openThreads: 3,
+                    autoFollowup: true,
+                    lastPushAt: '2026-05-26T12:00:00.000Z',
+                    lastReviewAt: '2026-05-25T12:00:00.000Z',
+                });
+            }
+            function buildNoteEvent(note) {
+                return {
+                    object_kind: 'note',
+                    event_type: 'note',
+                    user: { username: 'note-author', name: 'Note Author' },
+                    project: {
+                        id: 1,
+                        name: 'test-project',
+                        path_with_namespace: 'test-org/test-project',
+                        web_url: 'https://gitlab.com/test-org/test-project',
+                        git_http_url: 'https://gitlab.com/test-org/test-project.git',
+                    },
+                    object_attributes: {
+                        id: 7,
+                        note,
+                        noteable_type: 'MergeRequest',
+                        noteable_id: 99,
+                    },
+                    merge_request: {
+                        iid: 42,
+                        title: 'Test MR',
+                        state: 'opened',
+                        source_branch: 'feature/test',
+                        target_branch: 'main',
+                        url: 'https://gitlab.com/test-org/test-project/-/merge_requests/42',
+                    },
+                };
+            }
             it('parks a reviewer-added trigger when membership resolution throws', async () => {
                 mockGateway.getById.mockReturnValue(null);
                 const memberAccess = new StubMemberAccessGateway();
@@ -535,6 +576,37 @@ describe('handleGitLabWebhook', () => {
                 expect(enqueueReview).not.toHaveBeenCalled();
                 expect(pendingGateway.saveCount).toBe(1);
             });
+            it('parks a followup trigger when membership resolution throws', async () => {
+                const followupMr = buildFollowupMr();
+                mockGateway.getById.mockImplementation(() => followupMr);
+                mockGateway.getByNumber.mockImplementation(() => followupMr);
+                mockGateway.recordPush.mockImplementation(() => followupMr);
+                const memberAccess = new StubMemberAccessGateway();
+                memberAccess.setShouldFail(true);
+                const pendingGateway = new StubPendingReviewRequestGateway();
+                const deps = buildGatedDeps(memberAccess, pendingGateway);
+                const event = GitLabEventFactory.createMrUpdate();
+                event.user = { username: 'dev-actor', name: 'Dev Actor' };
+                const request = { body: event, headers: {} };
+                await handleGitLabWebhook(request, mockReply, logger, mockGateway, deps);
+                expect(enqueueReview).not.toHaveBeenCalled();
+                expect(pendingGateway.saveCount).toBe(1);
+            });
+            it('parks a note trigger when membership resolution throws', async () => {
+                vi.mocked(getGitLabEventType).mockReturnValueOnce('Note Hook');
+                const memberAccess = new StubMemberAccessGateway();
+                memberAccess.setShouldFail(true);
+                const pendingGateway = new StubPendingReviewRequestGateway();
+                const deps = buildGatedDeps(memberAccess, pendingGateway);
+                const request = {
+                    body: buildNoteEvent('/bypass-quality "reason here"'),
+                    headers: {},
+                };
+                await handleGitLabWebhook(request, mockReply, logger, mockGateway, deps);
+                expect(mockReply.status).toHaveBeenCalledWith(202);
+                expect(mockReply.send).toHaveBeenCalledWith(expect.objectContaining({ status: 'pending-confirmation', reason: 'untrusted-actor' }));
+                expect(mockGateway.update).not.toHaveBeenCalled();
+            });
         });
     });
     describe('extractBaseUrl', () => {
@@ -561,6 +633,18 @@ describe('handleGitLabWebhook', () => {
             expect(mockReply.send).toHaveBeenCalledWith({ error: 'bad-token' });
             expect(enqueueReview).not.toHaveBeenCalled();
         });
+        it('never queries the membership gateway when the token is invalid (SPEC-197 AC6)', async () => {
+            vi.mocked(verifyGitLabSignature).mockReturnValueOnce({ valid: false, error: 'bad-token' });
+            const memberAccess = new StubMemberAccessGateway();
+            memberAccess.setAccess('dev-actor', MEMBER_ACCESS_LEVELS.developer);
+            const deps = { ...defaultDeps, isTrustedActor: new IsTrustedActorUseCase(memberAccess) };
+            const event = GitLabEventFactory.createWithReviewerAdded('claude-bot');
+            event.user = { username: 'dev-actor', name: 'Dev Actor' };
+            const request = { body: event, headers: {} };
+            await handleGitLabWebhook(request, mockReply, logger, mockGateway, deps);
+            expect(mockReply.status).toHaveBeenCalledWith(401);
+            expect(memberAccess.calls.length).toBe(0);
+        });
         it('ignores events that are neither Note Hook nor Merge Request Hook', async () => {
             vi.mocked(getGitLabEventType).mockReturnValueOnce('Pipeline Hook');
             const event = GitLabEventFactory.createWithReviewerAdded('claude-bot');
@@ -683,6 +767,18 @@ describe('handleGitLabWebhook', () => {
             expect(mockReply.send).toHaveBeenCalledWith(expect.objectContaining({ status: 'pending-confirmation', reason: 'untrusted-actor' }));
             expect(mockGateway.update).not.toHaveBeenCalled();
         });
+        it('lets a note trigger from a Developer actor proceed past the provenance gate (AC3 positive)', async () => {
+            const memberAccess = new StubMemberAccessGateway();
+            memberAccess.setAccess('note-author', MEMBER_ACCESS_LEVELS.developer);
+            const deps = { ...defaultDeps, isTrustedActor: new IsTrustedActorUseCase(memberAccess) };
+            const request = {
+                body: buildNoteEvent('/bypass-quality "reason here"'),
+                headers: {},
+            };
+            await handleGitLabWebhook(request, mockReply, logger, mockGateway, deps);
+            expect(mockReply.status).not.toHaveBeenCalledWith(202);
+            expect(mockReply.send).toHaveBeenCalledWith(expect.objectContaining({ status: 'bypass-recorded' }));
+        });
     });
     describe('closed MR with unconfigured repository', () => {
         it('acknowledges without cleanup when the repo is not configured', async () => {