pub struct Overrides {Show 22 fields
pub degrade_health: bool,
pub health_503: bool,
pub force_unauthorized: bool,
pub force_not_found: bool,
pub force_server_error: bool,
pub force_empty_evaluation: bool,
pub force_empty_regime: bool,
pub force_regime_error_envelope: bool,
pub force_approaching_not_found: bool,
pub force_stale_risk_equity: bool,
pub transient_fail_count: u32,
pub rate_limit_count: u32,
pub rate_limit_retry_after: Option<String>,
pub version: Option<String>,
pub ws_drop_once: bool,
pub operator_label: Option<String>,
pub operator_version: u64,
pub auto_toggle_echo_state: Option<bool>,
pub auto_toggle_reason: Option<String>,
pub force_simulated: bool,
pub post_transient_fail: bool,
pub post_server_error: bool,
}Expand description
Overrides the test can inject to simulate engine states.
Fields§
§degrade_health: boolForce /health status to "degraded" with a custom component.
health_503: boolReturn 503 on /health (simulate overloaded engine).
Return 401 on every typed GET endpoint other than / and
/health. Exercises [HttpClient]’s auth-error mapping
path (HttpError::Unauthorized). The version probe and
health surface stay open because the CLI uses them during
doctor runs before auth is wired.
force_not_found: boolReturn 404 on every typed GET endpoint (same scope as
Self::force_unauthorized). Tests [HttpError::NotFound]
mapping and the client’s missing-endpoint log behavior.
force_server_error: boolReturn 500 on every typed GET endpoint. Non-retryable —
asserts that the client does not double-call on a
server error that isn’t 502/503/504.
force_empty_evaluation: boolReturn a degenerate-but-valid 200 on /evaluate/{coin}
— the JSON decodes, but layers is empty and direction
is absent. Exercises the dispatcher’s empty-verdict guard
(evaluate_cmd must emit an alert + dismiss stale overlays
instead of opening an empty verdict card). Does not affect
any other endpoint.
force_empty_regime: boolReturn {} (HTTP 200) on /regime. Matches a real
production failure mode where the engine exposes the
endpoint but never populates a payload. The dispatcher
must alert the operator instead of rendering a row of
em-dashes that looks like data.
force_regime_error_envelope: boolReturn {"error": "<msg>"} (HTTP 200) on /regime. Matches
the engine’s “coin not found” envelope on ?coin=....
The dispatcher must surface the embedded error as an alert.
force_approaching_not_found: boolReturn 404 on /approaching. Matches older engine builds
that predate the endpoint. The dispatcher must detect the
NotFound and emit an explanatory alert instead of the
raw "not found: /approaching" error-display.
force_stale_risk_equity: boolReturn a /risk payload where account_value > peak_equity
(mathematically impossible by definition — peak is monotonic
max of equity). Mirrors a real production drift where the
engine kept writing risk.json with a stale equity number
that no live code path refreshed while the portfolio snapshot
was fresh. The dispatcher must surface the contradiction
instead of rendering a confident (but wrong) drawdown percent.
transient_fail_count: u32How many further requests should respond with a transient
503 before the real handler runs. Decremented atomically
per matched request. Used to verify the retry-once policy
(HttpClient::get_json) recovers when the first attempt
fails with 503 and the second succeeds. Setting this to
>= 2 lets the test observe the retry limit: after one
retry, the second failure surfaces as HttpError::Status.
rate_limit_count: u32How many further requests should respond with a 429 Too Many
Requests before the real handler runs. Sister field to
Self::transient_fail_count; separated so a test can
pin engine-429 behavior without also exercising the
transient-retry code path.
When this fires, the response body is empty and the
Retry-After header carries Self::rate_limit_retry_after
(or a sensible default when unset). The CLI’s HttpClient
parses the header, refunds the local bucket, and surfaces
HttpError::RateBudgetExhausted { origin: Engine429, .. }.
rate_limit_retry_after: Option<String>Value placed in the Retry-After header on every injected
429. Accepts any string the real engine might emit — plain
integer seconds ("30") or an RFC-7231 IMF-fixdate
("Fri, 31 Dec 1999 23:59:59 GMT"). When None (default),
the header carries "1" so tests inspecting the client’s
parsed duration see an unambiguous 1 s rather than having
to reason about a missing header’s fallback.
version: Option<String>Custom version string for GET /.
ws_drop_once: boolCause the /ws handler to immediately close the connection
after accepting the upgrade, exercising the subscriber’s
reconnect path. Resets to false automatically after one
drop so a test can: set → wait for drop → unset → verify
reconnect succeeds.
operator_label: Option<String>Operator-state label the /operator/state endpoint reports.
Defaults to "steady" when unset. Valid values match
zero_operator_state::Label snake-case: fresh, steady,
elevated, tilt, fatigued, recovery.
operator_version: u64Monotonic version bumped on each change to operator_label
in tests that want to exercise the widget’s version-skip
logic. Auto-increments when tests flip the label via
with_overrides.
auto_toggle_echo_state: Option<bool>Engine-side /auto/toggle state the mock echoes back to the
next POST /auto/toggle caller. Tests asserting the “engine
refuses the flip” path pre-set this to a value that differs
from the request, so the response state reflects the
engine’s truth rather than the caller’s wish. None means
“mirror the request” (happy path).
auto_toggle_reason: Option<String>Optional reason string the mock returns alongside
auto_toggle_echo_state — used to pin the refusal path
(e.g. "operator state is TILT"). Emitted verbatim.
force_simulated: boolWhen set, every POST /execute and POST /auto/toggle
response carries "simulated": true regardless of the
X-Zero-Mode header the client sent. Used by tests that
want to assert the client surfaces the engine’s truth
rather than locally inferring paper from its own --paper
flag. In production the engine flips this based on the
inbound header; the mock lets tests drive either path.
post_transient_fail: boolWhen set, POST /execute and POST /auto/toggle return
a single 503. Verifies that no silent retry fires on the
no-retry POST surface — the caller sees exactly one
upstream request with a typed HttpError::Status back.
post_server_error: boolWhen set, POST /execute returns 500. Same intent as
Self::post_transient_fail but for a non-retryable
status; belt-and-suspenders against any future change to
is_retryable accidentally catching the 500 family.