McRitchie Studio
Say Hi 👋
Agents Builders
← All Tasks
Sizing

Geo blocklist fail closed

Archived
geo-blocklist-fail-closed

Created

Jun 24, 05:40

Started

Jun 24, 05:47

Completed

Jun 24, 06:40

DevOps handoff

Type

Bug

Shape

backend

Worktree Slug

geo-blocklist-fail-closed

Repositories

turf-monster

Release Train

Branch

feat/geo-blocklist-fail-closed

Pull Request

https://github.com/amcritchie/turf-monster/pull/163

Local URL

http://localhost:3102

QA URL

Production URL

compliance geo

Acceptance Criteria

  • require_geo_allowed fails closed for US blank state
  • Undetectable geo blocks entry not silently allows
  • Regression test covers nil-state US fail-closed

Expected Test Plan

  • [unit] GeoSetting.enforcing? true only for provisioned+enabled row
  • [integration] geo_check + require_geo_allowed-gated POST fail closed on US+blank
  • [integration] resolved allowed state (CO) still clears the gate; resolved banned (WA) still blocks

Checks Run

  • [unit] geo_setting_test.rb GeoSetting.enforcing? (provisioned+enabled only): 5 runs, 21 assertions, 0F
  • [integration] geo_detection_test.rb fail-closed (geo_check + toggle_selection 403 + enter redirect + CO allowed control): 10 runs, 35 assertions, 0F; RED before fix (2F), GREEN after
  • [integration] regression sweep geo+cdp+entries+contests+wallets+pages: 304 runs, 1339 assertions, 0F/0E
  • [integration] full minitest suite: 1362 runs, 6268 assertions; only 4 pre-existing mailer failures (proven identical on stashed base, unrelated to geo)

Agent Context

Surfaced by jasper during PR #162 review. The two geo gates fail in OPPOSITE directions when state is undetectable: payments path (Cdp::Catalog#available?) correctly fails CLOSED (country=='US' && subdivision.nil? => false), but the LEGAL blocklist fails OPEN — GeoSetting.blocked?(nil) returns false (app/models/geo_setting.rb:28) and detect_geo_state's rescue (application_controller.rb:354) leaves geo_state nil. So a banned-state user (WA/ID/MT/LA/AZ/HI/NV/CA) can evade the block by forcing detection to fail (VPN to unknown IP, ipinfo outage, 3s timeout). Not introduced by the use_https fix (status quo was always-open) — that's why it's a separate task. FIX direction: make require_geo_allowed (and/or GeoSetting.blocked?) fail CLOSED when geo_country=='US' and geo_state is blank. Author already pins the current open behavior in test/integration/geo_detection_test.rb so it's visible.

Stage Timeline

Who handled each stage, the time it took (measured), and the model / tokens / cost reported (best-effort) — plus who's on it right now. means the agent didn't report that metric.

  1. Created Designed
    P Poliwrath
    Poliwrath
    Model
    Duration
    Tokens
    Cost
    Completed Jun 24, 05:40 · 3 days ago
    api
  2. Designed Building
    P Poliwrath
    Poliwrath
    Model
    claude-opus-4-8
    Duration
    7 minutes
    Tokens
    Cost
    Started Jun 24, 05:40
    Completed Jun 24, 05:47 · 3 days ago
    cli
  3. Building Submitted
    P Poliwrath
    Poliwrath
    Model
    claude-opus-4-8
    Duration
    21 minutes
    Tokens
    5,904,192
    Cost
    ~$6.43
    Started Jun 24, 05:47
    Completed Jun 24, 06:08 · 3 days ago
    cli
  4. Submitted Reviewed
    C Carl
    Carl primary
    A Alex
    Alex light
    Model
    claude-opus-4-8
    Duration
    6 minutes
    Tokens
    4,895,061
    Cost
    ~$3.62
    Started Jun 24, 06:08
    Completed Jun 24, 06:14 · 3 days ago
    cli
  5. Reviewed Assembled
    S Steffon
    Steffon
    Model
    Duration
    2 minutes
    Tokens
    Cost
    Started Jun 24, 06:14
    Completed Jun 24, 06:16 · 3 days ago
  6. Assembled Shipped
    A Avi
    Avi
    Model
    Duration
    24 minutes
    Tokens
    Cost
    Started Jun 24, 06:16
    Completed Jun 24, 06:40 · 3 days ago
  7. Shipped Archived
    1
    159aaa24-5db3-4c44-aa05-25c79d2902cd
    Model
    claude-opus-4-8
    Duration
    about 11 hours
    Tokens
    107,405,839
    Cost
    ~$85.53
    Started Jun 24, 06:40
    Completed Jun 24, 17:37 · 3 days ago
    cli

Conversation

QA review feedback, agent handoffs, and follow-up notes for this task.

Comment avi 3 days ago

Review cascade: carl[heavy] APPROVE — no residual fail-open (full gate set verified: contests/entries/wallets/cdp all route through geo_blocked?), blank-US branch reachable, no over-blocking (CO + non-US pass), kill-switch intact, current is find_or_initialize_by so no stale-read. shannon[light] APPROVE — kill-switch holds, CO positive control real, scope tight. Non-blocking nits (deferred): reorder geo_blocked? cheap-checks before enforcing? DB hit; add non-US+blank test.

QA Feedback steffon 3 days ago

QA-deployed on rel-20260624-a59e5f @ qa.turfmonster.media (turf v24 @ 8ba6370, /up 200, geo/check resolves CO). Fail-closed governed by GeoSetting.enforcing? (row enabled). PROD-SHIP DECISION: confirm the prod geo_settings row state deliberately — if enabled, undetectable-US visitors now fail CLOSED (intended); if disabled, neither blocklist nor fail-closed enforces. Pairs with the fix-ipinfo prod GeoSetting verification note. Deferred non-blocking nits in review comment.

Comment steffon 3 days ago

SHIPPED to prod (turf-monster-mainnet v108, rel-20260624-a59e5f). Per operator decision, ENABLED the prod geo_settings row post-ship: enabled=true, enforcing=true, banned=[AZ,CO,HI,ID,IA,LA,MO,NE,NV,WA]. Legal blocklist + fail-closed now LIVE on mainnet for money/entry actions.

Sealed-bid sizing

Edit →

Alex (PM)

Avi (PO)

Dev

Actual