Skip to content

fix(gate): typed search response + correct PIN-throttle doc#1068

Merged
peterdrier merged 1 commit into
mainfrom
fix/gate-review-followups
Jun 30, 2026
Merged

fix(gate): typed search response + correct PIN-throttle doc#1068
peterdrier merged 1 commit into
mainfrom
fix/gate-review-followups

Conversation

@peterdrier

Copy link
Copy Markdown
Owner

Follow-up to the Gate admissions feature (#1066), addressing two valid automated-review findings raised on the production promotion PR nobodies-collective#903.

Fixes

  • /Gate/Search returned anonymous objects → violates memory/code/search-endpoint-response-shape.md ("search JSON endpoints use stable typed records; reuse shared models across endpoints feeding the same client"). Now returns the existing HumanLookupSearchResult record — the exact shape /api/profiles/search already feeds the human-search picker (Detail omitted; the kiosk search is name-only).
  • GatePinThrottle summary was stale → it still described the removed dual-key (user-id + device/IP) throttle. Updated to the current per-target-user-only contract and the reason the device key was dropped (shared reverse-proxy IP would freeze the whole terminal — gate-wide DoS).

Not changed (deliberately)

  • The Codex "throttle by source as well as user" suggestion was not applied: re-adding the device key reintroduces the gate-wide DoS the per-user design fixed; per-account brute force is already capped at 5/15 min. (The in-house reviewer's finding above endorses the removal.)
  • A separate finding — auto-STOP/AMBER scans not persisted to gate_scan_events — is a pre-existing design judgment (record-decisions vs record-every-scan) and is being tracked as a design question, not bundled here.

Verification

  • dotnet build clean; dotnet format --verify-no-changes clean.
  • GateControllerClaimTests green (the search test now asserts the typed result directly).

🤖 Generated with Claude Code

Addresses two review findings on the Gate admissions PRs (#1066,
promoted in nobodies-collective#903):

- /Gate/Search returned anonymous objects, violating
  memory/code/search-endpoint-response-shape.md. Return the existing typed
  HumanLookupSearchResult record — the same shape /api/profiles/search already
  feeds this picker (Detail omitted; the kiosk search is name-only).
- GatePinThrottle's class summary still described the removed dual-key
  (user-id + device/IP) contract. Updated to the current per-target-user-only
  design and the reason the device key was dropped (shared reverse-proxy IP →
  gate-wide DoS lockout).

GateControllerClaimTests.Search now asserts the typed result directly instead of
re-serializing with default (PascalCase) options that don't match the MVC pipeline.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@claude

claude Bot commented Jun 30, 2026

Copy link
Copy Markdown

Reviewed commit a38fc4e — no issues found.

@peterdrier peterdrier merged commit 7e63613 into main Jun 30, 2026
10 checks passed
@peterdrier peterdrier deleted the fix/gate-review-followups branch June 30, 2026 10:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant