feat(format): http-api-v1 4-gate PARTIAL discharge#1375
Closed
noahgift wants to merge 2 commits into
Closed
Conversation
Binds FALSIFY-HTTP-001..004 from http-api-v1 at PARTIAL_ALGORITHM_LEVEL
via 4 pure-Rust verdict functions over a fixture HTTP-response struct.
- HTTP-001: 200 has Content-Type=application/json AND parseable body
- HTTP-002: 400 carries `{error: {message, type}}` envelope
- HTTP-003: --no-cors response has zero `access-control-allow-origin`
- HTTP-004: 404 unknown endpoint also uses the JSON error envelope
## Five Whys
1. Why does http-api-v1 list 4 falsification IDs without algorithm-level
discharge? PMAT lints flagged FALSIFY-HTTP-001..004 as unbound at
PARTIAL_ALGORITHM_LEVEL.
2. Why does that block ship? Coverage % cannot move while peripheral
serve-surface contracts have no algorithm-level verdict module.
3. Why bind here vs in aprender-serve crate? Algorithm-level captures
the decision rule (status / content-type / envelope-shape / CORS
header set-membership) independent of any specific serve impl —
the live integration test in the YAML still asserts the
behavioural contract.
4. Why these specific decision predicates? Pinned per contract:
AC_HTTP_JSON_CONTENT_TYPE, AC_HTTP_BAD_REQUEST=400,
AC_HTTP_NOT_FOUND=404, AC_HTTP_CORS_HEADER (lowercased per RFC 7230
header-name case-insensitivity).
5. Why a `BodyParseStatus` enum vs a boolean is_json? The contract
distinguishes "valid JSON without envelope fields" from "valid
JSON with required fields" — collapsing them would let an empty
`{}` body silently pass HTTP-002. The enum forces three-way
classification at the call site.
Adds 27 unit tests including 17-case mutation surveys over status
codes around 200 / 400 / 404. Realistic-healthy walks an `apr serve
--no-cors` healthy run; pre-fix walks a regression where text/plain
500s, missing envelopes, and CORS leakage all coexist.
No runtime % shift; algorithm-level coverage advances by 4 gates.
noahgift
force-pushed
the
feat/http-001-004-partial-discharge
branch
from
8a9056b to
7be6c26
Compare
Contributor
Author
auto-merge was automatically disabled
May 12, 2026 09:21
Pull request was closed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
http-api-v1atPARTIAL_ALGORITHM_LEVELvia 4 verdict functions over a fixture HTTP-response struct.Gates bound
Content-Type: application/jsonAND parseable body{error: {message, type}}envelope--no-corsresponse has zeroaccess-control-allow-originheadersThree-way body classification
BodyParseStatus::{ValidJson, JsonMissingFields, NotJson}forces the call site to distinguish "empty JSON" from "JSON with required envelope fields" — collapsing them would let{}silently pass HTTP-002.Five Whys
See commit message — captures why we use a 3-state enum vs
is_json: booland why CORS header check is case-insensitive.Test plan
cargo test -p aprender-core --lib http_001_004— 27 passed🤖 Generated with Claude Code