+1

docs/TEST_AUDIT.md

reviewed

··· 80 80 - `com.atproto.sync.getBlob` needs two distinct not-found branches to stay reference-compatible: missing repos still report `400 RepoNotFound`, but blobs that are merely unreferenced for that repo report `400 InvalidRequest` / `Blob not found`, while moderation takedowns still hide them behind the moderation-layer `404 BlobNotFound` path. 81 81 - Blob sync visibility is now pinned in three phases instead of one: prereference uploader reads fail with `400 InvalidRequest`, referenced same-repo reads succeed with blob bytes and hardening headers, and deduplicated uploads on another repo still fail until that repo actually references the blob. 82 82 - `com.atproto.sync.getRecord` deleted-record proofs are now executable-reference-covered too: existing repos keep returning a CAR rooted at the latest commit, with tree blocks present but the deleted record block omitted. 83 83 + - `com.atproto.sync.getBlocks` now has executable-reference coverage for both invalid-input branches too: missing `cids` must fail with `400 InvalidRequest` / `At least one CID is required`, and unknown CIDs must fail with `400 InvalidRequest` / `Could not find cids: ...`. 83 84 - `com.atproto.repo.getRecord` must honor `cid` when present, and `putRecord` / `deleteRecord` must actually enforce `swapRecord`; those negative edges are now covered directly. 84 85 - `com.atproto.repo.createRecord` follows the reference runtime by ignoring a stray `swapRecord` field, and direct reference coverage now pins `putRecord` / `deleteRecord` `swapCommit` and `swapRecord` mismatch semantics explicitly. 85 86 - App-password sessions follow the official runtime more closely than the older local assumptions did: access-token scopes use the `com.atproto.appPass` / `com.atproto.appPassPrivileged` names, standard app-password sessions may list app passwords, privileged-only `getServiceAuth` failures report `InvalidRequest`, and revoked refresh tokens on `refreshSession` fail with `400 ExpiredToken`.

+5 -2

script/differential-validate

reviewed

··· 2078 2078 check($res->is_success, "$name getBlocks succeeds"); 2079 2079 my $car = $res->is_success ? read_car($res->body // q()) : undef; 2080 2080 2081 2081 + my $no_cids = get_form($server{$name}{origin}, 'com.atproto.sync.getBlocks', { 2082 2082 + did => $server{$name}{did}, 2083 2083 + }); 2081 2084 my $missing = get_form($server{$name}{origin}, 'com.atproto.sync.getBlocks', { 2082 2085 did => $server{$name}{did}, 2083 2086 cids => 'bafyreifakecidmismatch', ··· 2096 2099 car_type => (($res->headers->content_type // q()) =~ m{application/vnd\.ipld\.car}) ? 1 : 0, 2097 2100 roots_empty => ($car && !@{ $car->{roots} || [] }) ? 1 : 0, 2098 2101 has_requested_cid => ($car && scalar(grep { $_->{cid}->to_string eq $requested_cid } @{ $car->{blocks} || [] })) ? 1 : 0, 2099 2099 - missing_status => $missing->code, 2100 2100 - missing_error => ($missing->json || {})->{error}, 2102 2102 + no_cids => normalize_xrpc_error($no_cids), 2103 2103 + missing => normalize_xrpc_error($missing), 2101 2104 missing_repo => normalize_xrpc_error($missing_repo), 2102 2105 wrong_repo => normalize_xrpc_error($wrong_repo), 2103 2106 };

+10

t/blob-sync-surfaces.t

reviewed

··· 89 89 ->status_is(200); 90 90 like($t->tx->res->headers->content_type // '', qr{application/vnd\.ipld\.car}, 'block export is a CAR'); 91 91 92 92 + $t->get_ok('/xrpc/com.atproto.sync.getBlocks?did=' . $did) 93 93 + ->status_is(400) 94 94 + ->json_is('/error', 'InvalidRequest') 95 95 + ->json_is('/message', 'At least one CID is required'); 96 96 + 97 97 + $t->get_ok('/xrpc/com.atproto.sync.getBlocks?did=' . $did . '&cids=bafyreifakecidmismatch') 98 98 + ->status_is(400) 99 99 + ->json_is('/error', 'InvalidRequest') 100 100 + ->json_is('/message', 'Could not find cids: bafyreifakecidmismatch'); 101 101 + 92 102 $t->get_ok('/xrpc/com.atproto.sync.listBlobs?did=did:web:missing.test') 93 103 ->status_is(400) 94 104 ->json_is('/error', 'RepoNotFound');