wangdl b9be87e805 test(M-AI-05): enforce cross-user Feynman authorization
Scenario 7 E2E fix:
- Asset correct HTTP 403 (was 201 in earlier draft)
- Add before/after zero-side-effect verification (7 tables)
- Add model-call-count = 0 verification (via UsageLog)
- Add stable error structure assertion (no stack/Prisma/DATABASE_URL)
- Add Legacy path behavior documentation (known limitation:
  Legacy does not accept knowledgeItemId, no ownership check)

Real call chain:
  FeynmanExecutionRouter.evaluateFeynman():121
  → FeynmanSnapshotBuilder.build():102-110
  → knowledgeItem.userId !== input.userId → ForbiddenException
  → before AiJobCreationService.createJob():124
  → NestJS → HTTP 403

Co-Authored-By: Claude <noreply@anthropic.com>
2026-06-21 17:46:14 +08:00
..