wangdl
b9be87e805
test(M-AI-05): enforce cross-user Feynman authorization
Scenario 7 E2E fix:
- Asset correct HTTP 403 (was 201 in earlier draft)
- Add before/after zero-side-effect verification (7 tables)
- Add model-call-count = 0 verification (via UsageLog)
- Add stable error structure assertion (no stack/Prisma/DATABASE_URL)
- Add Legacy path behavior documentation (known limitation:
Legacy does not accept knowledgeItemId, no ownership check)
Real call chain:
FeynmanExecutionRouter.evaluateFeynman():121
→ FeynmanSnapshotBuilder.build():102-110
→ knowledgeItem.userId !== input.userId → ForbiddenException
→ before AiJobCreationService.createJob():124
→ NestJS → HTTP 403
Co-Authored-By: Claude <noreply@anthropic.com>
2026-06-21 17:46:14 +08:00
..
2026-06-19 22:51:28 +08:00
2026-05-25 16:55:04 +08:00
2026-06-19 23:03:31 +08:00
2026-05-24 10:18:07 +08:00
2026-05-25 16:55:04 +08:00
2026-05-24 10:18:07 +08:00
2026-05-24 10:18:07 +08:00
2026-05-24 10:18:07 +08:00
2026-06-21 14:55:33 +08:00
2026-06-19 22:06:52 +08:00
2026-05-24 10:18:07 +08:00
2026-05-24 11:03:52 +08:00
2026-05-24 13:43:23 +08:00
2026-05-24 16:01:34 +08:00
2026-06-19 21:38:12 +08:00
2026-06-21 11:03:52 +08:00
2026-06-21 15:29:33 +08:00
2026-06-21 14:55:33 +08:00
2026-06-21 17:46:14 +08:00
2026-06-21 15:09:05 +08:00
2026-05-24 10:18:07 +08:00
2026-06-19 23:03:31 +08:00