Skip to content

fix(cloud): fail closed payout availability in prod#10642

Merged
lalalune merged 2 commits into
developfrom
fix/10621-prod-readiness
Jul 1, 2026
Merged

fix(cloud): fail closed payout availability in prod#10642
lalalune merged 2 commits into
developfrom
fix/10621-prod-readiness

Conversation

@lalalune

@lalalune lalalune commented Jul 1, 2026

Copy link
Copy Markdown
Member

Summary

  • Add a production deployment guard for PAYOUT_STATUS_ASSUME_OPERATIONAL=1.
  • Make payout status and secure redemption token-availability checks fail closed in production instead of accepting assumed hot-wallet readiness.
  • Add focused tests and evidence for the production guard.

Verification

  • bun install
  • bun test --coverage-reporter=lcov --coverage-dir=.tmp/coverage-10621-final packages/cloud/shared/src/lib/config/deployment-environment.test.ts packages/cloud/shared/src/lib/services/__tests__/payout-status-resilience.test.ts (11 pass, 0 fail, 30 expect() calls)
  • bun x biome check packages/cloud/shared/src/lib/config/deployment-environment.ts packages/cloud/shared/src/lib/config/deployment-environment.test.ts packages/cloud/shared/src/lib/services/payout-status.ts packages/cloud/shared/src/lib/services/token-redemption-secure.ts packages/cloud/shared/src/lib/services/__tests__/payout-status-resilience.test.ts .github/issue-evidence/10621-payout-assume-operational-guard.md
  • bun run --cwd packages/cloud/shared typecheck
  • bun run verify passed before the final app-smoke-only rebase: Turbo 474 successful, 474 total; root audits passed; typecheck:dist checked 28 configs. After rebasing onto 2f9f76fcc98, reran bun install plus the focused cloud checks above.

Evidence: .github/issue-evidence/10621-payout-assume-operational-guard.md

Refs #10621

Money-path note: please do not self-merge; this should get reviewer/operator eyes before merge.

@greptile-apps greptile-apps Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Your trial has ended. Reactivate Greptile to resume code reviews.

@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f43bf907-ca25-4052-9b13-047582a727b8

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/10621-prod-readiness

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@NubsCarson

Copy link
Copy Markdown
Member

Validated the production fail-closed payout availability guard locally on top of current develop.

What I checked:

  • git diff --check origin/develop...HEAD
  • git diff --check
  • bunx @biomejs/biome check packages/cloud/shared/src/lib/config/deployment-environment.ts packages/cloud/shared/src/lib/config/deployment-environment.test.ts packages/cloud/shared/src/lib/services/payout-status.ts packages/cloud/shared/src/lib/services/token-redemption-secure.ts packages/cloud/shared/src/lib/services/__tests__/payout-status-resilience.test.ts .github/issue-evidence/10621-payout-assume-operational-guard.md
  • bun run --cwd packages/core prebuild && bun run --cwd packages/core build:node && bun run --cwd packages/security build && bun run --cwd plugins/plugin-sql build
  • bun test --coverage-reporter=lcov --coverage-dir=.tmp/coverage-10621-final packages/cloud/shared/src/lib/config/deployment-environment.test.ts packages/cloud/shared/src/lib/services/__tests__/payout-status-resilience.test.ts -> 11 pass / 0 fail
  • bun run --cwd packages/cloud/shared typecheck

Result: clean from my side. The production guard is narrow and fail-closed: PAYOUT_STATUS_ASSUME_OPERATIONAL=1 is rejected only for production deployments, while non-prod behavior remains covered by the focused tests.

@lalalune

lalalune commented Jul 1, 2026

Copy link
Copy Markdown
Member Author

Reviewed this PR against its linked issue and reran focused validation in an isolated worktree after a branch-local bun install --frozen-lockfile.

Validation:

  • git diff --check origin/develop...HEAD passed.
  • `bun test --coverage-reporter=lcov --coverage-dir=.tmp/coverage-10621 packages/cloud/shared/src/lib/config/deployment-environment.test.ts packages/cloud/shared/src/lib/services/tests/payout-status-resilience.test.ts` passed: 11 tests, 30 expectations.
  • `bun x biome check packages/cloud/shared/src/lib/config/deployment-environment.ts packages/cloud/shared/src/lib/config/deployment-environment.test.ts packages/cloud/shared/src/lib/services/payout-status.ts packages/cloud/shared/src/lib/services/token-redemption-secure.ts packages/cloud/shared/src/lib/services/tests/payout-status-resilience.test.ts` passed.
  • `bun run --cwd packages/cloud/shared typecheck` passed.

No code changes from me on this PR. It is still waiting on GitHub checks before merge.

@lalalune

lalalune commented Jul 1, 2026

Copy link
Copy Markdown
Member Author

Review (8-agent PR sweep): CODE CORRECT + fund-safe — MERGE-AFTER-OPS-SIGN-OFF (money path).

shouldBlockPayoutAssumeOperational(env) = PAYOUT_STATUS_ASSUME_OPERATIONAL==="1" && isProductionDeployment(env), applied at both entry points (payout-status.ts status report + token-redemption-secure.ts checkTokenAvailability). This correctly closes the "dev flag leaks to prod → status reports operational without a balance check → charge-but-don't-deliver" hole. It's flag-specific: unset ⇒ payouts proceed normally, so no DoS on legitimate payouts; staging/local still allowed. Production detection matches the existing shouldBlockRegistrarStub pattern (ENVIRONMENT then NODE_ENV). Tests cover prod-block (both env vars), staging-allow, exact-"1" match, and the integration case. No fixes needed; leaving the merge for ops sign-off + a monitor/alert if the guard ever activates in prod.

@greptile-apps greptile-apps Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Your trial has ended. Reactivate Greptile to resume code reviews.

@NubsCarson

Copy link
Copy Markdown
Member

Refresh/validation update after current develop moved.

I merged current origin/develop (0a3fd649de) into this branch; conflict-free. New head is a840893f6c.

Focused validation on the refreshed head:

  • git diff --check origin/develop...HEAD
  • branch-specific diff remains scoped to payout availability guard files:
    • .github/issue-evidence/10621-payout-assume-operational-guard.md
    • packages/cloud/shared/src/lib/config/deployment-environment.ts
    • packages/cloud/shared/src/lib/config/deployment-environment.test.ts
    • packages/cloud/shared/src/lib/services/payout-status.ts
    • packages/cloud/shared/src/lib/services/token-redemption-secure.ts
    • packages/cloud/shared/src/lib/services/__tests__/payout-status-resilience.test.ts
  • bunx @biomejs/biome check packages/cloud/shared/src/lib/config/deployment-environment.ts packages/cloud/shared/src/lib/config/deployment-environment.test.ts packages/cloud/shared/src/lib/services/payout-status.ts packages/cloud/shared/src/lib/services/token-redemption-secure.ts packages/cloud/shared/src/lib/services/__tests__/payout-status-resilience.test.ts
  • bun run --cwd packages/cloud/shared typecheck
  • bun test --coverage-reporter=lcov --coverage-dir=.tmp/coverage-10621-refresh packages/cloud/shared/src/lib/config/deployment-environment.test.ts packages/cloud/shared/src/lib/services/__tests__/payout-status-resilience.test.ts ✅ 11 pass / 30 expects

No code-behavior changes beyond the merge refresh; this still looks like a money-path PR that should wait for ops sign-off before merge.

@lalalune lalalune merged commit 94ff6e1 into develop Jul 1, 2026
14 of 44 checks passed
@lalalune lalalune deleted the fix/10621-prod-readiness branch July 1, 2026 04:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants