Skip to content

fix(constructs): make SSL/traceroute assertion builders emit backend-valid payloads [SIM-287]#1387

Closed
danielpaulus wants to merge 1 commit into
feat/cli-pertype-result-renderingfrom
daniel/sim-287-assertion-builder-contracts
Closed

fix(constructs): make SSL/traceroute assertion builders emit backend-valid payloads [SIM-287]#1387
danielpaulus wants to merge 1 commit into
feat/cli-pertype-result-renderingfrom
daniel/sim-287-assertion-builder-contracts

Conversation

@danielpaulus

Copy link
Copy Markdown
Contributor

SIM-287

Fixes CLI assertion builders that generated payloads the backend rejects, or couldn't express supported checks. Targets feat/cli-pertype-result-rendering (#1362).

  • Traceroute responseTime() was unusable — it synthesized property:'', but the backend requires property ∈ {avg,min,max,stdDev} → 400. Now defaults to avg and adds .avg()/.min()/.max()/.stdDev() selectors; codegen preserves the property on round-trip (was silently collapsing to avg).
  • SSL baseline severity 'warn''degrade' to match the backend enum (['fail','degrade','ignore']).
  • Missing operators — added greaterThanOrEqual (→ GREATER_THAN_OR_EQUAL, needed for KEY_SIZE_BITS/TLS_VERSION) and matches (→ MATCHES, for CIPHER_SUITE/ISSUER_CN); wired both into codegen.
  • Missing SSL sources — added OCSP_STAPLED, HANDSHAKE_TIME_MS, SAN_CONTAINS (builders + codegen).
  • degraded ≤ max validation — added once in the shared validateResponseTimes; also guards the case where maxResponseTime is omitted (compares against the per-type default).

Codegen (checkly import) was updated alongside so the new sources/operators/selectors round-trip instead of throwing or corrupting.

Tests

New ssl-assertion-codegen.spec.ts and traceroute-assertion-codegen.spec.ts round-trip the new sources/operators and traceroute property preservation; ssl-monitor/traceroute-monitor specs cover the new severity, selectors, and the degraded>max diagnostic.

Verified live

TracerouteAssertionBuilder.responseTime().max().lessThan(…) now round-trips as max and evaluates: response time property "max" is less than target … Received: 6.8.

Note

The degraded ≤ max check now applies to all monitor types (was SSL-only inline) — a small, intentional broadening.

🤖 Generated with Claude Code

https://claude.ai/code/session_01NC9pESYE5wGqy5TKRzufyc

…valid payloads [SIM-287]

Several assertion builders synthesized payloads the backend rejects or could
not express supported checks:

- TracerouteAssertionBuilder.responseTime() emitted property:'' but the backend
  requires avg|min|max|stdDev; now defaults to 'avg' and adds avg/min/max/stdDev
  selectors (+ codegen preserves the property on round-trip).
- SslBaselineSeverity 'warn' -> 'degrade' to match the backend enum.
- Add greaterThanOrEqual and matches builders (backend needs GREATER_THAN_OR_EQUAL
  for KEY_SIZE_BITS/TLS_VERSION and MATCHES for CIPHER_SUITE/ISSUER_CN); wire both
  into codegen.
- Add missing SSL sources OCSP_STAPLED, HANDSHAKE_TIME_MS, SAN_CONTAINS (+ codegen).
- Add degraded<=max cross-field validation in the shared validateResponseTimes
  helper (accounts for the per-type default max when maxResponseTime is omitted).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NC9pESYE5wGqy5TKRzufyc
@danielpaulus

Copy link
Copy Markdown
Contributor Author

Superseded by #1391 (SIM-286 + SIM-287 combined into one PR).

@danielpaulus danielpaulus deleted the daniel/sim-287-assertion-builder-contracts branch July 7, 2026 14:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant