diff --git a/apps/api/src/services/awooop_ansible_check_mode_service.py b/apps/api/src/services/awooop_ansible_check_mode_service.py index 43ea7d27..859d8c85 100644 --- a/apps/api/src/services/awooop_ansible_check_mode_service.py +++ b/apps/api/src/services/awooop_ansible_check_mode_service.py @@ -421,11 +421,11 @@ async def recent_ansible_transport_blockers( FROM automation_operation_log WHERE operation_type = 'ansible_check_mode_executed' AND status = 'failed' - AND created_at >= NOW() - CAST(:cooldown AS interval) + AND created_at >= NOW() - (:cooldown_seconds * INTERVAL '1 second') ORDER BY created_at DESC LIMIT 20 """), - {"cooldown": f"{max(60, cooldown)} seconds"}, + {"cooldown_seconds": max(60, cooldown)}, ) blockers: set[str] = set() for row in result.mappings().all(): diff --git a/apps/api/tests/test_awooop_truth_chain_service.py b/apps/api/tests/test_awooop_truth_chain_service.py index a63b9433..95709b13 100644 --- a/apps/api/tests/test_awooop_truth_chain_service.py +++ b/apps/api/tests/test_awooop_truth_chain_service.py @@ -15,6 +15,7 @@ from src.services.awooop_ansible_check_mode_service import ( build_ansible_check_mode_command, claim_pending_check_modes, detect_ansible_transport_blockers, + recent_ansible_transport_blockers, ) from src.services.awooop_truth_chain_service import ( _ansible_playbook_roots, @@ -90,6 +91,13 @@ def test_ansible_audit_writes_incident_id_column_for_truth_chain_join() -> None: assert "NULLIF(:incident_id, '')" in claim_source +def test_ansible_transport_cooldown_uses_asyncpg_safe_interval_parameter() -> None: + source = inspect.getsource(recent_ansible_transport_blockers) + + assert ":cooldown_seconds * INTERVAL '1 second'" in source + assert "CAST(:cooldown AS interval)" not in source + + def test_fetch_truth_chain_returns_inbound_redacted_envelope_fields() -> None: source = inspect.getsource(fetch_truth_chain)