AntFleet

Disagreement · 0982a39f-anthropic-1

Middleware test shares a single response across all `it` blocks, defeating per-test isolation

mismatch
repo e24ef98c·PR #6·reviewed 2 weeks ago

Primary finding

Middleware test shares a single response across all `it` blocks, defeating per-test isolation

lowtest-gaphigh
  • apps/web/middleware.test.ts:19-22
`const res = middleware(makeReq())` runs once at describe-time. If a future change makes middleware stateful (e.g., mutating headers based on request URL or cloning a shared Response), tests would silently share state. The current implementation is stateless so there is no functional bug, but the pattern invites future flakes.

Recommendation

Move `const res = middleware(makeReq())` into a `beforeEach` or call it inside each `it`, so each assertion uses a fresh response.

Counterpart finding

Test comment is misleading: claims SECURITY_HEADERS is imported via re-export, but test actually instantiates middleware

lowdocs-gaphigh
  • apps/web/middleware.test.ts:8-10
  • apps/web/middleware.test.ts:12
  • apps/web/middleware.test.ts:19-21
The comment explicitly states the test imports SECURITY_HEADERS via re-export and avoids instantiating middleware, but the code imports and executes middleware to obtain a response and read headers. This discrepancy can confuse maintainers and future readers.

Recommendation

Update the comment to reflect the actual approach (calling middleware and asserting on its response headers), or refactor the test to actually import and assert the SECURITY_HEADERS map if that is the intended strategy.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

← back to all disagreementsview public receiptssee unanimous findings + anatomies →
Tweet ↗