Scope a test-coverage pass — auth, cache middleware, cache-invalidation goroutine

[SyniRon]

The repo has zero _test.go files. The auth interceptors (gRPC + HTTP),
CacheMiddleware, and the cache-invalidation goroutine all run without
tests. There's no safety net for changes to any of those.

This task is the scoping investigation, not the build. Output is a
phased plan — auth-first, then middleware, then datastore via a fake /
sqlmock harness — that can be split into its own tracking issue(s) when
picked up.

Related: ADR 0004 calls out that handler-level fault-injection smokes
short to 401 because auth shares a backend with the data path; a real
test harness is the cleanest path to verifying handler error mapping.

[SyniRon]

This was generated by AI during triage.

Triage Notes

What we've established so far:

The premise "the repo has zero _test.go files" is out of date. There are now 7 test files (~1170 LOC), and some of the auth-first work this ticket envisioned has effectively already landed:

Surface	Status	Where
Auth backend (ValidateApiKey, bearer parse)	Covered	datastores/auth_test.go (106 LOC)
gRPC auth interceptor	Covered	servers/grpc/auth_test.go (58 LOC)
Fake-datastore harness (the shape this issue proposed)	Exists	servers/grpc/fake_datastore_test.go (107 LOC)
gRPC handlers (milpacs + tickets) using fake	Covered	servers/grpc/{milpacs,tickets}_test.go (~400 LOC)
Reference cache	Covered	referencecache/cache_test.go (90 LOC)
Datastore tickets queries	Covered	datastores/tickets_test.go (404 LOC)

The fake-datastore pattern in servers/grpc/ also solves the ADR-0004 "fault-injection shorts to 401" problem for gRPC handlers — auth and data backends are independently controllable in tests there.

Genuinely-still-untested surfaces from the original wishlist:

• servers/gateway/ — no _test.go at all. The HTTP authMiddleware, the compression middleware, and gateway wiring are uncovered. The ADR-0004 fault-injection problem is not solved for the HTTP gateway path because no equivalent fake-datastore harness exists there.
• middleware/cache.go — no _test.go. The response-cache middleware sits inside auth and is the largest behavioral-risk surface for any change to caching semantics. Uncovered.
• cache/manager.go — no _test.go. The 10-minute information_schema.tables polling + FlushAll invalidation goroutine has no safety net.

Also flagging: CLAUDE.md still says "No test suite exists (zero _test.go files)" in two places. That should be updated alongside whichever follow-up issues come out of this scoping pass.

What we still need from you (@SyniRon):

• Re-anchor: does the new baseline change the priority? Of the three remaining untested surfaces (gateway, cache middleware, cache-invalidation goroutine), which carries the most behavioral risk to your eye?
• Should we lift the gRPC-side fake-datastore pattern into a shared harness so the HTTP gateway path gets the same fault-injection capability, or treat the gateway as a thin pass-through and test only at the gRPC layer it dials?
• Is sqlmock still wanted for low-level datastore tests, or does the existing datastores/tickets_test.go pattern (real GORM against a real schema, presumably) make sqlmock redundant?
• Should the deliverable here be (a) a single phased plan as a comment, or (b) split into one tracking issue per remaining surface (gateway / cache middleware / invalidation goroutine)?

Once those land this either becomes a ready-for-human planning ticket or gets split into three smaller agent-tractable tickets.