fix(pilot): persist Apply — stamp applied_at on click

Issue #2 from phase-8-review-issues.md. Apply was client-side-only via a bannerApplied flag. Refresh / chat reselect / multi-tab would drop Verifying state back to Proposed. - New POST /ai-sessions/{sid}/suggested-fixes/{fid}/apply stamps applied_at without changing status (still 'proposed'). Idempotent if already stamped; 409 if fix is past proposed (a terminal outcome was already recorded). - Bumps state_version so resolve/escalate preview bundles reflect that the fix has entered verifying. - Frontend handleApplyFix calls the endpoint and uses the returned applied_at directly. bannerApplied client flag is removed. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 22:10:52 -04:00
parent 362c7b1d79
commit de2bef3175
4 changed files with 209 additions and 22 deletions
--- a/backend/app/api/endpoints/session_suggested_fixes.py
+++ b/backend/app/api/endpoints/session_suggested_fixes.py
@@ -217,6 +217,68 @@ async def record_decision(
    )


+# ── Suggested fix: apply (stamp applied_at) ──────────────────────────────
+
+@router.post(
+    "/suggested-fixes/{fix_id}/apply",
+    response_model=SessionSuggestedFixResponse,
+)
+async def apply_suggested_fix(
+    session_id: UUID,
+    fix_id: UUID,
+    current_user: Annotated[User, Depends(get_current_active_user)],
+    db: Annotated[AsyncSession, Depends(get_db)],
+    _: None = Depends(require_engineer_or_admin),
+) -> SessionSuggestedFixResponse:
+    """Stamp applied_at when the engineer clicks Apply in the ProposalBanner.
+
+    This does NOT change status (fix remains 'proposed'). Status only flips
+    when the engineer records an outcome via PATCH /outcome.
+
+    Rules:
+    - Fix must be in 'proposed' status; any other status → 409.
+    - Idempotent: if applied_at is already set, returns 200 with the unchanged row.
+    - Bumps ai_sessions.state_version so resolve/escalate preview generators
+      know the fix has entered the verifying phase.
+    """
+    await _load_session_or_404(db, session_id)
+
+    result = await db.execute(
+        select(SessionSuggestedFix).where(
+            SessionSuggestedFix.id == fix_id,
+            SessionSuggestedFix.session_id == session_id,
+        )
+    )
+    fix = result.scalar_one_or_none()
+    if fix is None:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND, detail="Suggested fix not found"
+        )
+
+    if fix.status != "proposed":
+        raise HTTPException(
+            status_code=status.HTTP_409_CONFLICT,
+            detail=f"Apply is only valid from 'proposed'; fix is already '{fix.status}'",
+        )
+
+    # Idempotent: already stamped → return as-is without bumping state_version again.
+    if fix.applied_at is not None:
+        return SessionSuggestedFixResponse.model_validate(fix)
+
+    fix.applied_at = datetime.now(timezone.utc)
+
+    # Bump state_version so preview generators see the verifying-phase signal.
+    await db.execute(
+        update(AISession)
+        .where(AISession.id == session_id)
+        .values(state_version=AISession.state_version + 1)
+    )
+
+    await db.commit()
+    await db.refresh(fix)
+    return SessionSuggestedFixResponse.model_validate(fix)
+
+
 # ── Suggested fix: outcome ────────────────────────────────────────────────

@router.patch(
--- a/backend/tests/test_fix_outcome_endpoint.py
+++ b/backend/tests/test_fix_outcome_endpoint.py
@@ -327,3 +327,113 @@ async def test_resolution_note_preview_reflects_outcome_after_patch(
    assert distinct_failure_reason in bundle_b, (
        "Bundle for second preview should include the failure_reason text"
    )
+
+
+# ── Apply endpoint ─────────────────────────────────────────────────────────
+
+@pytest.mark.asyncio
+async def test_apply_stamps_applied_at(
+    client: AsyncClient, test_user, auth_headers, test_db
+):
+    """POST /apply stamps applied_at and bumps state_version."""
+    from uuid import UUID
+    session_id, fix_id = await _make_session_with_fix(test_db, test_user)
+
+    result = await test_db.execute(
+        select(AISession).where(AISession.id == UUID(session_id))
+    )
+    session_obj = result.scalar_one()
+    initial_version = session_obj.state_version
+
+    r = await client.post(
+        f"/api/v1/ai-sessions/{session_id}/suggested-fixes/{fix_id}/apply",
+        headers=auth_headers,
+    )
+    assert r.status_code == 200, r.text
+    body = r.json()
+    assert body["applied_at"] is not None, "applied_at must be set after /apply"
+    assert body["status"] == "proposed", "status must remain 'proposed' after /apply"
+
+    await test_db.refresh(session_obj)
+    assert session_obj.state_version == initial_version + 1, (
+        "/apply must bump state_version so preview cache is invalidated"
+    )
+
+
+@pytest.mark.asyncio
+async def test_apply_is_idempotent(
+    client: AsyncClient, test_user, auth_headers, test_db
+):
+    """Second POST /apply returns 200 with applied_at unchanged (no double-bump)."""
+    from uuid import UUID
+    session_id, fix_id = await _make_session_with_fix(test_db, test_user)
+
+    r1 = await client.post(
+        f"/api/v1/ai-sessions/{session_id}/suggested-fixes/{fix_id}/apply",
+        headers=auth_headers,
+    )
+    assert r1.status_code == 200, r1.text
+    applied_at_first = r1.json()["applied_at"]
+
+    result = await test_db.execute(
+        select(AISession).where(AISession.id == UUID(session_id))
+    )
+    session_obj = result.scalar_one()
+    version_after_first = session_obj.state_version
+
+    r2 = await client.post(
+        f"/api/v1/ai-sessions/{session_id}/suggested-fixes/{fix_id}/apply",
+        headers=auth_headers,
+    )
+    assert r2.status_code == 200, r2.text
+    assert r2.json()["applied_at"] == applied_at_first, (
+        "applied_at must not change on second /apply call"
+    )
+
+    await test_db.refresh(session_obj)
+    assert session_obj.state_version == version_after_first, (
+        "state_version must not be bumped a second time on idempotent /apply"
+    )
+
+
+@pytest.mark.asyncio
+async def test_apply_rejects_non_proposed(
+    client: AsyncClient, test_user, auth_headers, test_db
+):
+    """POST /apply returns 409 when fix status is 'applied_success'."""
+    session_id, fix_id = await _make_session_with_fix(test_db, test_user)
+
+    # Advance the fix to a terminal status via the outcome endpoint.
+    r_outcome = await client.patch(
+        f"/api/v1/ai-sessions/{session_id}/suggested-fixes/{fix_id}/outcome",
+        headers=auth_headers,
+        json={"outcome": "applied_success"},
+    )
+    assert r_outcome.status_code == 200
+
+    r = await client.post(
+        f"/api/v1/ai-sessions/{session_id}/suggested-fixes/{fix_id}/apply",
+        headers=auth_headers,
+    )
+    assert r.status_code == 409, r.text
+
+
+@pytest.mark.asyncio
+async def test_apply_rejects_dismissed(
+    client: AsyncClient, test_user, auth_headers, test_db
+):
+    """POST /apply returns 409 when fix status is 'dismissed'."""
+    session_id, fix_id = await _make_session_with_fix(test_db, test_user)
+
+    r_outcome = await client.patch(
+        f"/api/v1/ai-sessions/{session_id}/suggested-fixes/{fix_id}/outcome",
+        headers=auth_headers,
+        json={"outcome": "dismissed"},
+    )
+    assert r_outcome.status_code == 200
+
+    r = await client.post(
+        f"/api/v1/ai-sessions/{session_id}/suggested-fixes/{fix_id}/apply",
+        headers=auth_headers,
+    )
+    assert r.status_code == 409, r.text