Harden NoActor check with runtime environment guard

Add Mix.env() check to match?/3 for defense in depth. Document NoActor pattern in CODE_GUIDELINES.md.
2026-01-22 21:36:09 +01:00 · 2026-01-22 21:36:09 +01:00 · 93216f3ee6
commit 93216f3ee6
parent 5506b5b2dc
3 changed files with 128 additions and 1 deletions
--- a/lib/mv/authorization/checks/no_actor.ex
+++ b/lib/mv/authorization/checks/no_actor.ex
@ -58,7 +58,8 @@ defmodule Mv.Authorization.Checks.NoActor do
  @impl true
  def match?(nil, _context, _opts) do
    # Actor is nil
-    if @allow_no_actor_bypass do
+    # Double-check: compile-time AND runtime environment
+    if @allow_no_actor_bypass and Mix.env() == :test do
      # Test environment: Allow all operations
      true
    else