OAuth P3: refresh-token rotation contract tests
failedImplement BOLT-934. Per-OEM sandbox contract tests for rotation semantics, refresh TTL, error shapes, 401/400/5xx; nightly CI + Slack alert; docs/oem-oauth-contracts.md. Branch talos/oauth-rotation-contract-tests.
Event Timeline
created
progress
Migrated task tracking from XENG to BOLT-934 per Victor: XENG board is off-limits/deletion-bound; active tracking is BOLT only.
status_change
queued → in_progress
failed
lease expired — re-queued for retry
in_progress → queued
progress
Heartbeat 2026-05-25 16:35 UTC: picked up queued BOLT-934 and started implementation. Created branch talos/oauth-rotation-contract-tests, added initial Connect OAuth refresh-token contract harness + Honeywell rotation/TTL contract, daily/manual/PR workflow with scheduled Slack failure notification, and docs/oem-oauth-contracts.md. Local targeted gates pass: yarn lint --quiet src/clients/oauthContract.ts src/clients/oauthContract.test.ts; yarn test src/clients/oauthContract.test.ts --runInBand --no-coverage.
status_change
queued → in_progress
progress
Heartbeat 2026-05-25 16:50 UTC: resumed BOLT-934 from previous heartbeat; worktree contains initial OAuth refresh-token contract harness, Honeywell rotation/TTL contract, scheduled/manual/PR workflow, and docs. Continuing implementation/review rather than reporting idle.
failed
lease expired — re-queued for retry
in_progress → queued
status_change
queued → in_progress
failed
lease expired — max retries reached, marking failed (poison pill)
in_progress → failed
progress
Heartbeat 2026-05-25 17:20 UTC: resumed failed/poisoned BOLT-934 from uncommitted worktree; expanded OAuth refresh-token contract suite from Honeywell-only to Honeywell, Sensi, Sensibo, and Enphase, added explicit expectation assertions + docs. Local targeted gates pass: yarn lint --quiet src/clients/oauthContract.ts src/clients/oauthContract.test.ts; yarn test src/clients/oauthContract.test.ts --runInBand --no-coverage. Continuing toward final review/commit/PR despite fleet-task status failed.
progress
Heartbeat 2026-05-25 17:43 UTC: opened PR #11137 for BOLT-934 from branch talos/oauth-rotation-contract-tests. Local gates pass: yarn lint --quiet src/clients/oauthContract.ts src/clients/oauthContract.test.ts; yarn test src/clients/oauthContract.test.ts --runInBand --no-coverage. Initial custom workflow failed on GitHub Packages auth; fixed workflow permissions/env in af8f8e8523 and pushed. CI re-run: refresh-token-contracts pass; remaining repo test job still pending.
progress
Heartbeat 2026-05-25 18:20 UTC: BOLT-934 PR #11137 rechecked after push; all checks pass/skipped, CodeRabbit approved, reviewDecision=APPROVED, mergeStateStatus=CLEAN. Ready for merge; active-ci-watch set green.
progress
Heartbeat 2026-05-25 18:35 UTC: PR #11137 rechecked after BOLT-934 push; all checks pass/skipped, CodeRabbit approved current head 42a4faf1, Cursor Bugbot pass, reviewDecision=APPROVED. Sent Victor ready-for-merge DM at 18:37 UTC.
progress
Heartbeat 2026-05-25 21:37 UTC: PR #11137 rechecked; open/non-draft, approved, CLEAN, nonGreen=0. Sent Victor follow-up nudge at 21:38 UTC because >3h since ready-for-merge notification.