Summary
The backend integration test suite has 22 failing tests across 5 files, all failing the same way: an authenticated request receives 401 Unauthorized where the test expects a downstream status (200/403/404/409). The auth middleware appears to reject the Authorization header the tests send, so requests never reach the route logic being tested.
This was masked on main because CI died earlier at npm ci (a broken root package-lock.json). Once the lockfile is repaired (see #550 / PR #607), npm ci succeeds and these pre-existing failures surface in the Backend CI and Backend npm test jobs.
Affected test files
tests/integration/streams/cancel.test.tstests/integration/streams/withdraw.test.tstests/integration/streams.test.tstests/integration/top-up.test.tstests/stream.test.ts
Result: Test Files 5 failed | 31 passed (36) · Tests 22 failed | 162 passed (184).
Example
AssertionError: expected 401 to be 403 // Object.is equality
- Expected: 403
+ Received: 401
❯ tests/integration/streams/cancel.test.ts:102:24
100| .set('Authorization', '<token>');
101|
102| expect(res.status).toBe(403);
Every failure is this shape — the request is rejected at authentication (401) before the route's own authorization/validation/business logic runs.
Likely cause (to investigate)
The JWT/auth setup used by the integration tests is not accepted by the auth middleware in CI — e.g. a missing/mismatched JWT_SECRET (or equivalent) between the test token signer and the middleware verifier, an expired/malformed test token, or auth env vars not set in the CI job. The recurring YAMLSemanticError: Nested mappings are not allowed in compact mappings log lines during these runs may or may not be related and are worth a look.
Acceptance criteria
Notes
Summary
The backend integration test suite has 22 failing tests across 5 files, all failing the same way: an authenticated request receives
401 Unauthorizedwhere the test expects a downstream status (200/403/404/409). The auth middleware appears to reject theAuthorizationheader the tests send, so requests never reach the route logic being tested.This was masked on
mainbecause CI died earlier atnpm ci(a broken rootpackage-lock.json). Once the lockfile is repaired (see #550 / PR #607),npm cisucceeds and these pre-existing failures surface in theBackend CIandBackend npm testjobs.Affected test files
tests/integration/streams/cancel.test.tstests/integration/streams/withdraw.test.tstests/integration/streams.test.tstests/integration/top-up.test.tstests/stream.test.tsResult:
Test Files 5 failed | 31 passed (36)·Tests 22 failed | 162 passed (184).Example
Every failure is this shape — the request is rejected at authentication (
401) before the route's own authorization/validation/business logic runs.Likely cause (to investigate)
The JWT/auth setup used by the integration tests is not accepted by the auth middleware in CI — e.g. a missing/mismatched
JWT_SECRET(or equivalent) between the test token signer and the middleware verifier, an expired/malformed test token, or auth env vars not set in the CI job. The recurringYAMLSemanticError: Nested mappings are not allowed in compact mappingslog lines during these runs may or may not be related and are worth a look.Acceptance criteria
Backend CIandBackend npm testpass (all integration tests reach their intended assertions rather than 401)401documented (auth secret/env/token signing)Notes
npm ciis what made these visible.