Tables like invites/user_tenants only exist on saas-tiers branch.
Query pg_tables to skip missing tables in TRUNCATE.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- TRUNCATE CASCADE reliably cleans all test data regardless of FK order
- Remove docs/superpowers/ from git tracking (already in .gitignore)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Prevents stale data from prior tests/runs from causing false failures
like test_list_devices_empty finding leftover devices.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace savepoint/shared-connection approach with real commits and
table cleanup in teardown. This ensures test data is visible to API
endpoint sessions without connection sharing deadlocks.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Both admin_session and test_app now bind to the same connection
(admin_conn), ensuring test-created data is visible to API endpoints.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
API dependency overrides now use the same connection as admin_session,
so test-created data (tenants, users) is visible to endpoints under
the same transaction. Fixes FK violations in CI tests.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The test admin_session uses savepoint transactions invisible to the
login endpoint's own DB session. Mint tokens directly instead of
going through /api/auth/login.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- alembic.ini: change fallback DB to tod_test (CI creates tod_test, not tod)
- ci.yml: upgrade Go to 1.25 (matches go.mod)
- ci.yml: upgrade Node to 20 (fixes ESM require() error in Vitest)
- conftest.py: ruff format
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- alembic/env.py: strengthen the URL override to fall back to
TEST_DATABASE_URL when DATABASE_URL is absent, so alembic never
falls back to the hardcoded 'tod' URL in alembic.ini regardless
of which env var a test runner sets.
- tests/integration/conftest.py: add explanatory comments on why
DATABASE_URL is forced into the subprocess env, and use
env.setdefault() to supply CREDENTIAL_ENCRYPTION_KEY if the
calling environment omits it — migration 029 (VPN tenant
isolation) requires it to encrypt the WireGuard server private key.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
sync_wireguard_config opens its own AdminAsyncSessionLocal connection
which cannot see uncommitted data from the caller's transaction. Add
_commit_and_sync helper that commits first, then regenerates wg0.conf.
Also removes the unused db parameter from sync_wireguard_config.
Tests subnet allocation (gap-filling, duplicate rejection), global
server key sharing, peer isolation across tenant subnets, allowed-IPs
overlap validation, RouterOS command generation, and CASCADE cleanup
on tenant deletion. sync_wireguard_config is patched to a no-op since
it opens its own DB session outside the test transaction.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
