Memex Admin
Dashboard
API Keys
Policies
Python Service: OAuth Metadata Contract Tests
Repository: mem-labs/mem
Back to Policies
Cancel
active
Updated Feb 19, 2026, 8:25 PM
Name
Status
active
inactive
Markdown
OAuth/OIDC metadata endpoints require contract tests. Rationale: - Well-known metadata endpoints are client contracts; regressions break integrations quickly. Scope: - PR review policy for Python service changes to OAuth/OIDC discovery metadata endpoints or their payload configuration. Trigger: - A PR adds or changes `/.well-known/*` OAuth/OIDC metadata behavior, route aliases, or metadata config fields. Approval checks: 1) Tests assert required contract fields for exposed metadata endpoints (for example issuer/auth/token/resource/jwks fields, as applicable to the endpoint). 2) If multiple alias routes are exposed for the same metadata contract, tests cover those aliases. 3) If response caching headers are intentionally set by implementation, tests assert expected cache behavior. Evidence: - Tests in diff show field-level contract assertions and status checks. - Alias coverage and cache-header assertions are present when relevant. Exception path: - Allow deviation only when all are true: 1) PR description includes `Policy Exception: python-oauth-metadata-contract-tests`. 2) PR explains why the change is not client-contract-impacting. 3) PR documents equivalent validation path. Decision: - Return NOT APPROVED when trigger is met and contract assurance is missing without a valid exception.
Cancel
Save Policy