refactor(V2): move non-home sync wait into data-short orchestrator

TheLastCicada · TheLastCicada · commit fd141bb09aa9 · 2026-05-28T14:40:51.000-07:00
Remove the curl-based ownership test from v2 remote sync tests (keep
that job focused on sync verification). Move the non-home project
polling wait from the CI shell into data-short.js right before Phase 4
(PUT tests) so POST tests run without delay and governance has maximum
time to sync before the ownership guard tests need the data.
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -482,28 +482,6 @@ jobs:
           echo "########################################################"
           npm run test:v2:live:wallet-health
           echo "########################################################"
-          echo "Waiting for non-home project from governance sync"
-          echo "########################################################"
-          MAX_WAIT=600
-          ELAPSED=0
-          while [ "$ELAPSED" -lt "$MAX_WAIT" ]; do
-            PROJECTS=$(curl -s "http://${TEST_API_HOST:-127.0.0.1}:31310/v2/project?page=1&limit=100" 2>/dev/null || echo "[]")
-            NON_HOME=$(echo "$PROJECTS" | jq '[
-              (if type == "object" then .data else . end)[]
-              | select(.orgUid != null and .orgUid != "'"$(curl -s "http://${TEST_API_HOST:-127.0.0.1}:31310/v2/organizations" 2>/dev/null | jq -r 'to_entries[] | select(.value.isHome == true) | .key')"'")
-            ] | length' 2>/dev/null || echo "0")
-            if [ "$NON_HOME" -gt 0 ] 2>/dev/null; then
-              echo "Found $NON_HOME non-home project(s) after ${ELAPSED}s"
-              break
-            fi
-            echo "No non-home projects yet (${ELAPSED}s / ${MAX_WAIT}s)..."
-            sleep 30
-            ELAPSED=$((ELAPSED + 30))
-          done
-          if [ "$ELAPSED" -ge "$MAX_WAIT" ]; then
-            echo "WARNING: No non-home projects appeared after ${MAX_WAIT}s. Ownership guard tests will fail."
-          fi
-          echo "########################################################"
           echo "Running data tests"
           echo "########################################################"
           npm run test:v2:live:data:short
@@ -4383,68 +4361,6 @@ jobs:
           fi
           echo "All AEF data matches expected values"
 
-      - name: Verify ownership guards block non-home mutations
-        shell: bash
-        run: |
-          echo "########################################################"
-          echo "Verifying ownership guards reject non-home org mutations"
-          echo "########################################################"
-          BASE="http://127.0.0.1:31310/v2"
-          ERRORS=0
-
-          PROJECT=$(curl -s "$BASE/project?page=1&limit=1" | jq '(if type == "object" then .data else . end)[0]')
-          PROJECT_ID=$(echo "$PROJECT" | jq -r '.cadTrustProjectId')
-          echo "Using synced project: $PROJECT_ID"
-
-          echo ""
-          echo "--- PUT update on non-home project (expect 400) ---"
-          PUT_RESP=$(curl -s -w "\n%{http_code}" -X PUT "$BASE/project/$PROJECT_ID" \
-            -H "Content-Type: application/json" \
-            -d "{\"projectName\": \"Should Not Update $(date +%s)\"}")
-          PUT_HTTP=$(echo "$PUT_RESP" | tail -1)
-          PUT_BODY=$(echo "$PUT_RESP" | head -n -1)
-          if [ "$PUT_HTTP" = "400" ]; then
-            echo "  PASS: PUT returned 400"
-            if echo "$PUT_BODY" | jq -r '.error' 2>/dev/null | grep -q "Restricted data"; then
-              echo "  PASS: Error contains 'Restricted data'"
-            else
-              echo "  FAIL: Expected 'Restricted data' in error body"
-              echo "  Body: $PUT_BODY"
-              ERRORS=$((ERRORS + 1))
-            fi
-          else
-            echo "  FAIL: Expected HTTP 400, got $PUT_HTTP"
-            echo "  Body: $PUT_BODY"
-            ERRORS=$((ERRORS + 1))
-          fi
-
-          echo ""
-          echo "--- DELETE on non-home project (expect 400) ---"
-          DEL_RESP=$(curl -s -w "\n%{http_code}" -X DELETE "$BASE/project/$PROJECT_ID")
-          DEL_HTTP=$(echo "$DEL_RESP" | tail -1)
-          DEL_BODY=$(echo "$DEL_RESP" | head -n -1)
-          if [ "$DEL_HTTP" = "400" ]; then
-            echo "  PASS: DELETE returned 400"
-            if echo "$DEL_BODY" | jq -r '.error' 2>/dev/null | grep -q "Restricted data"; then
-              echo "  PASS: Error contains 'Restricted data'"
-            else
-              echo "  FAIL: Expected 'Restricted data' in error body"
-              echo "  Body: $DEL_BODY"
-              ERRORS=$((ERRORS + 1))
-            fi
-          else
-            echo "  FAIL: Expected HTTP 400, got $DEL_HTTP"
-            echo "  Body: $DEL_BODY"
-            ERRORS=$((ERRORS + 1))
-          fi
-
-          echo ""
-          if [ "$ERRORS" -gt 0 ]; then
-            echo "FAILED: $ERRORS ownership guard checks failed"
-            exit 1
-          fi
-          echo "All ownership guard checks passed"
-
       - name: Show CADT logs after tests
         if: always()
         shell: bash
diff --git a/tests/v2/live-api/data-short.js b/tests/v2/live-api/data-short.js
@@ -17,6 +17,7 @@ import {
   verifyMirrorRecordsBatch,
   closeMirrorDbPool,
 } from './helpers/mysql-mirror-helpers.js';
+import { getSharedHomeOrgId } from './helpers/shared-setup.js';
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
@@ -421,6 +422,36 @@ async function main() {
     const xlsxTestFiles = ['xlsx-import-export.live.spec.js'];
     await runMochaTests('Step 1[1-6]a?:', 'XLSX Import/Export', xlsxTestFiles);
 
+    // Wait for governance to sync at least one non-home project before PUT/DELETE
+    // tests that verify ownership guards reject mutations on foreign records.
+    const homeOrgId = getSharedHomeOrgId();
+    if (homeOrgId) {
+      console.log('--- Waiting for non-home project from governance sync ---');
+      const maxWaitMs = 600_000;
+      const pollIntervalMs = 30_000;
+      const startTime = Date.now();
+      let found = false;
+      while (Date.now() - startTime < maxWaitMs) {
+        const elapsed = Math.round((Date.now() - startTime) / 1000);
+        try {
+          const res = await request.get('/v2/project').query({ page: 1, limit: 100 });
+          const data = Array.isArray(res.body) ? res.body : (res.body?.data || []);
+          const nonHome = data.find(r => r.orgUid && r.orgUid !== homeOrgId);
+          if (nonHome) {
+            console.log(`  ✓ Found non-home project after ${elapsed}s (orgUid=${nonHome.orgUid.slice(0, 12)}...)`);
+            found = true;
+            break;
+          }
+        } catch { /* ignore transient errors */ }
+        console.log(`  No non-home projects yet (${elapsed}s / ${maxWaitMs / 1000}s)...`);
+        await new Promise(r => setTimeout(r, pollIntervalMs));
+      }
+      if (!found) {
+        console.log('  ⚠ WARNING: No non-home projects appeared. Ownership guard tests will fail.');
+      }
+      console.log('');
+    }
+
     // Phase 4: PUT tests
     await runMochaTests('Step 7: PUT Request Tests', 'PUT Operations');
     await commitAndWait('PUT');
