fix: improve attachment validation and testing stability with delay

[KoblerS]

Fix: Improve Attachment Validation and Testing Stability with Delay

Bug Fix

🐛 Addresses two issues: a missing await on a cds.tx() call in attachment scan expiry handling, and test instability caused by background operations (malware scan status updates) not completing before test teardown.

Additionally, a redundant cds.spawn block for emitting AttachmentSizeExceeded events was removed, as the event emission was already handled in an earlier block.

Changes

• lib/generic-handlers.js:

  • Added missing await before cds.tx() when updating attachment scan status to "Scanning", ensuring the transaction completes before proceeding.
  • Removed a duplicate cds.spawn block that was emitting AttachmentSizeExceeded events (the event is already emitted in a prior code block).

• tests/integration/attachments-non-draft.test.js:

  • Imported the delay utility from testUtils.
  • Added an afterAll(() => delay(2000)) hook to allow background operations (malware scan status updates) to finish before test teardown, improving test stability.

• tests/unit/validateAttachmentMimeType.test.js:

  • Imported the delay utility from testUtils.
  • Added an afterAll(() => delay(2000)) hook for the same reason — preventing flaky test failures caused by incomplete background operations at teardown.

• 🔄 Regenerate and Update Summary

---

📬 Subscribe to the Hyperspace PR Bot DL to get the latest announcements and pilot features!

PR Bot Information

Version: 1.20.0 | 📖 Documentation | 🚨 Create Incident | 💬 Feedback

• LLM: anthropic--claude-4.6-sonnet
• Output Template: Default Template
• File Content Strategy: Full file content
• Correlation ID: 7feae410-2e8e-11f1-8442-1562ace104f5
• Event Trigger: pull_request.opened
• Summary Prompt: Default Prompt

[hyperspace-insights]

The PR contains two meaningful changes: a genuine correctness fix (await cds.tx(...) ensuring the "Scanning" status is committed before the scan is triggered) and the removal of a duplicate/misplaced cds.spawn block. The main concern is the afterAll(() => delay(2000)) teardown strategy added to two test files — it replaces race conditions with a hardcoded sleep, which is fragile and should be replaced with deterministic event-based waiting using the existing waitForScanStatus utility.

PR Bot Information

Version: 1.20.0 | 📖 Documentation | 🚨 Create Incident | 💬 Feedback

• LLM: anthropic--claude-4.6-sonnet
• File Content Strategy: Full file content
• Correlation ID: 7feae410-2e8e-11f1-8442-1562ace104f5
• Event Trigger: pull_request.opened

[hyperspace-insights]

Best Practices: Hardcoded delay(2000) is a fragile teardown strategy

Using a fixed 2-second sleep to wait for background operations (malware scan status updates) is non-deterministic: it will silently pass on fast machines and silently fail on slow ones or under load. The codebase already has a purpose-built waitForScanStatus utility that properly awaits the actual completion event with a timeout.

Consider replacing the blind delay with a proper awaitable hook that tracks pending background operations, or at minimum document what specific operations are expected to complete and the rationale for the chosen timeout value. If this test suite consistently triggers a scan, waitForScanStatus from testUtils should be used instead.

---

Please provide feedback on the review comment by checking the appropriate box:

• 🌟 Awesome comment, a human might have missed that.
• ✅ Helpful comment
• 🤷 Neutral
• ❌ This comment is not helpful

[hyperspace-insights]

Best Practices: Hardcoded delay(2000) is a fragile teardown strategy

Same issue as in the integration test: a fixed 2-second sleep is non-deterministic and could either waste time or still race on heavily loaded CI runners. If the background operations being awaited are detectable events (e.g., AttachmentUploadRejected emissions from cds.spawn), the teardown should await those events explicitly rather than sleeping for an arbitrary duration.

---

Please provide feedback on the review comment by checking the appropriate box:

• 🌟 Awesome comment, a human might have missed that.
• ✅ Helpful comment
• 🤷 Neutral
• ❌ This comment is not helpful