Stabilize backend foundation and clarify boundaries#686
Open
therobbiedavis wants to merge 96 commits into
Open
Stabilize backend foundation and clarify boundaries#686therobbiedavis wants to merge 96 commits into
therobbiedavis wants to merge 96 commits into
Conversation
Enable deterministic NuGet restores for backend projects by turning on package lock files and CI locked restore mode. Add generated NuGet lock files so local and CI test runs resolve the same dependency graph before `dotnet test --no-restore`. Pull in the dependency updates from `chore/dependency-update`, including the Node engine update to `^24.15.0` and refreshed root/frontend npm lockfiles. Clean up frontend build warnings introduced during dependency validation by removing the auth store's dynamic router import and moving router instance access into a small shared service. Add a narrow Vite/Rolldown warning filter for known upstream `@vueuse/core` pure annotation noise. Validated with: - `dotnet restore listenarr.slnx /p:CI=true` - `dotnet test listenarr.slnx --no-restore` - `npm install` - `cd fe && npm install` - `cd fe && npm run test:unit` - `cd fe && npm run build` - `cd fe && npm run lint:check` - `git diff --check`
therobbiedavis
added
the
patch
This was referenced Jun 12, 2026
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a2700aa2f7
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
# Conflicts: # listenarr.application/Search/SearchService.cs # tests/Features/Api/Services/SearchServiceSortingTests.cs
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
- Move author catalog keying, matching, language normalization, and cache DTO mapping into a focused helper - Keep author catalog lookup and persistence orchestration in the service - Preserve focused author and metadata test coverage
- Move compatibility indexer response shaping into a focused builder - Preserve read versus save API-key response behavior - Remove the stale private field DTO from the controller
- Move final ASIN disposition auditing out of SearchService - Preserve candidate drop reason mutation and diagnostic logging - Register the helper in API and infrastructure service setup
- Move torrent bencode rewrite and announce parsing logic into a focused helper - Keep MyAnonamouseHelper public methods as compatibility delegates - Preserve MAM and torrent-focused test coverage
- Move platform-specific ffprobe download URL and checksum defaults into a focused helper - Keep installation orchestration and provider override behavior unchanged - Preserve ffmpeg-focused test coverage
- Move title search ASIN lookup and Discord response shaping into a focused workflow - Keep route status codes and response payloads unchanged - Register the workflow through API startup
- Move validated notification HTTP sending and redirect checks into a focused helper - Preserve request-context private target rules and existing HttpClient behavior - Keep provider-specific notification dispatch unchanged
- Replace inline search result image cache handling with SearchResponseMapper - Remove the now-unused controller image path wrapper - Preserve search-controller focused test coverage
- Move MyAnonamouse torrent download URL construction into a focused helper - Preserve mam_id decode and encode behavior - Keep parser mapping behavior unchanged
- Move SABnzbd queue/history merge behavior into a focused workflow - Move SABnzbd import item resolution into a dedicated resolver - Keep adapter interface and request/response semantics unchanged
- Move NZBGet add orchestration into a focused workflow - Move NZBGet import item history resolution into a dedicated resolver - Keep adapter interface and XML-RPC behavior unchanged
- Move MyAnonamouse debug-search orchestration into a focused workflow - Keep route, response payloads, and local parsed-search behavior unchanged
- Move existing-quality cutoff evaluation into a focused helper - Move automatic download-client selection into a dedicated selector - Keep search scheduling, scoring, and download queuing behavior unchanged
- Move qBittorrent import path resolution into a focused resolver - Keep queue-item and download-client-item import behavior unchanged
- Move Transmission import path resolution into a focused resolver - Keep RPC lookup, content path, and source-file behavior unchanged
- Move ffprobe archive expansion and traversal checks into a focused helper - Keep install discovery, checksum validation, and binary promotion behavior unchanged
- Add shared worker cycle and processor interfaces - Wire hosted workers through processor contracts - Add ownership and import handoff guard tests
![github-code-quality[bot]](https://avatars.githubusercontent.com/u/9919?s=60&v=4){kind=small}
- Move scan and move orchestration into processor services - Keep hosted services as queue adapters - Add processor tests and worker metrics
- Extract hosted worker logic into explicit processors - Document ownership, retry, idempotency, and handoffs - Add processor boundary and worker metric tests - Rename moved-download cleanup hosted adapter
- Add shared containment and final-target validation for filesystem mutations - Harden imports, moves, deletes, cache writes, archive extraction, remote mappings, and ffprobe paths - Add temp-directory coverage for traversal, idempotent imports, mapping boundaries, and cache safety
- Cover archive extraction traversal blocking with real temp directories - Cover file storage write/delete containment around allowed roots
- Split API startup into focused registration and pipeline modules - Move security setup and middleware ordering into one startup module - Add end-to-end coverage for auth, CSRF, SignalR, and proxy headers
- Use epsilon checks for metadata duration updates - Align remote path mapping test with exact-root behavior
- Use epsilon checks for metadata duration updates - Align remote path mapping test with exact-root behavior
…Listenarrs/Listenarr into 677-backend-foundation-combined
- Expect exact remote path mappings to preserve directory root separators
- Remove trailing spaces from license header blank lines - Restore clean git diff whitespace validation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR completes the backend foundation roadmap from #677 by combining the dependency/test-loop stabilization from #679 with the backend boundary, workflow, worker, filesystem-safety, and startup cleanup from #685.
It makes backend validation deterministic, documents the intended architecture boundaries, moves implementation-shaped concerns out of
listenarr.application, breaks large controllers/services into focused workflows, clarifies background-worker ownership, hardens file/import mutation paths, and simplifies API startup/security composition.Closes #677. Supersedes #679 and #685.
Changes
Added
BACKEND_ARCHITECTURE.mdwith layer ownership, startup composition, worker ownership, retry/idempotency, and migration guidance.Changed
--no-restore.Fixed
Testing
dotnet build listenarr.slnx --no-restore- 0 warnings, 0 errorsdotnet test listenarr.slnx --no-build- 696 passed before the later worker/filesystem/security additionsdotnet test listenarr.slnx -c Release --filter "FullyQualifiedName~RemotePathMappingServiceTests.TranslatePathAsync_HappyPath"- 6 passeddotnet test listenarr.slnx -c Release --no-build --filter "FullyQualifiedName~SecurityPipelineEndToEndTests|FullyQualifiedName~ArchiveExtractorSafetyTests|FullyQualifiedName~FileStorageSafetyTests|FullyQualifiedName~WorkerProcessorBoundaryTests|FullyQualifiedName~WorkerCycleRunnerTests"- 28 passedcd fe && npm run test:unit -- --run- 378 passed, 1 skipped test filecd fe && npm run buildcd fe && npm run lint:checkgit diff --check origin/canary...HEADNotes
This intentionally replaces the separate dependency and architecture PRs so the backend foundation lands as one coherent review: first make validation deterministic, then clarify architecture boundaries, then harden the highest-trust runtime paths before more feature work builds on top.