fix: use strict key access in GitHub API shape validation

LaphoqueRC · LaphoqueRC · commit 6db6de41320a · 2026-03-23T16:16:34.000Z
Replace data.get('resources', {}).get('core', {}) with direct key access
data['resources']['core'] inside the try/except block so that a missing key
raises KeyError and is caught as malformed_response — matching the comment.
Add test_missing_resources_key to cover this path.

Addresses CodeRabbit review feedback (round 3).
diff --git a/backend/app/api/health.py b/backend/app/api/health.py
@@ -169,8 +169,8 @@ async def _check_github_api() -> dict:
                 data = resp.json()
                 if not isinstance(data, dict):
                     raise ValueError(f"unexpected response type: {type(data)}")
-                # Validate expected shape; missing keys return empty dicts
-                _ = data.get("resources", {}).get("core", {})
+                # Validate expected shape; KeyError raised here if keys missing.
+                _ = data["resources"]["core"]
             except Exception as exc:
                 logger.warning("GitHub API malformed response: %s", exc)
                 latency_ms = round((time.monotonic() - start) * 1000)
@@ -283,3 +283,4 @@ async def health_check() -> dict:
         "timestamp": datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ"),
         "services": services,
     }
+
diff --git a/backend/tests/test_health.py b/backend/tests/test_health.py
@@ -449,6 +449,23 @@ def test_malformed_response(self):
         assert result["status"] == "degraded"
         assert result["error"] == "malformed_response"
 
+    def test_missing_resources_key(self):
+        """Response missing 'resources' key should return degraded with malformed_response."""
+        mock_resp = MagicMock(spec=Response)
+        mock_resp.status_code = 200
+        mock_resp.raise_for_status = MagicMock()
+        mock_resp.json.return_value = {"unexpected": "shape"}
+
+        mock_client = AsyncMock()
+        mock_client.__aenter__ = AsyncMock(return_value=mock_client)
+        mock_client.__aexit__ = AsyncMock(return_value=False)
+        mock_client.get = AsyncMock(return_value=mock_resp)
+
+        with patch("app.api.health.httpx.AsyncClient", return_value=mock_client):
+            result = run_async(_check_github_api())
+        assert result["status"] == "degraded"
+        assert result["error"] == "malformed_response"
+
     def test_http_status_error(self):
         """Non-2xx GitHub responses (e.g. 403, 500) return degraded with http_<code> error."""
         from httpx import HTTPStatusError, Request as HttpxRequest
