fix(notifications): allows alert pages to registered users only

[ygrishajev]

Summary by CodeRabbit

• New Features

  • Added route protection to certain pages, allowing access only for registered users when the relevant feature flag is enabled.
  • Introduced a higher-order component to restrict page access to registered users.
  • Sidebar navigation now conditionally displays the "Alerts" route based on user registration and feature flag status.

• Bug Fixes

  • Improved accuracy of sidebar route updates when user information changes.

• Tests

  • Added comprehensive tests for user-based route protection and feature flag logic.
  • Expanded and reorganized test coverage for feature flag and route protection services.

• Refactor

  • Centralized and streamlined route protection and feature flag evaluation logic for improved maintainability.

[coderabbitai]

Walkthrough

This update introduces a new route protection mechanism that combines feature flag checks with user authentication, enforced both on the server and client. It adds a RegisteredUsersOnly higher-order component (HOC) for client-side protection, a RouteProtectorService for server-side access control, and updates relevant pages and tests to use these new protections.

Changes

File(s)	Change Summary
Sidebar.tsx	Sidebar routes now conditionally include "Alerts" based on feature flag and user ID using useUser.
registered-users-only.hoc.tsx	Added RegisteredUsersOnly HOC to restrict component rendering to registered users.
registered-users-only.hoc.spec.tsx	New test suite for RegisteredUsersOnly HOC, covering rendering, fallback, and displayName logic.
.../alerts/contact-points/index.tsx .../alerts/contact-points/new.tsx .../alerts/index.tsx	Pages now wrapped with RegisteredUsersOnly HOC and use routeProtector.showToRegisteredUserIfEnabled for SSR.
feature-flag.service.ts	Refactored: Extracted flag evaluation logic to isEnabledForCtx; showIfEnabled now delegates to it.
feature-flag.service.spec.ts	Expanded and reorganized tests for FeatureFlagService, including new tests for isEnabledForCtx.
route-protector.service.ts	Added RouteProtectorService for SSR route protection based on feature flag and user session.
route-protector/index.ts	New module exporting a singleton routeProtector using the new service and Auth0 session.
route-protector.service.spec.ts	New tests for RouteProtectorService, verifying feature flag and session-based access control.

Sequence Diagram(s)

sequenceDiagram
    participant Browser
    participant NextPage
    participant RegisteredUsersOnly HOC
    participant useUser
    participant FallbackComponent

    Browser->>NextPage: Request Page
    NextPage->>RegisteredUsersOnly HOC: Render
    RegisteredUsersOnly HOC->>useUser: Get user info
    alt User is registered
        RegisteredUsersOnly HOC->>NextPage: Render original page
    else User not registered
        RegisteredUsersOnly HOC->>FallbackComponent: Render fallback (e.g., 404)
    end

Loading

sequenceDiagram
    participant Browser
    participant Next.js SSR
    participant routeProtector.showToRegisteredUserIfEnabled
    participant featureFlagService.isEnabledForCtx
    participant getSession

    Browser->>Next.js SSR: Request Page
    Next.js SSR->>routeProtector.showToRegisteredUserIfEnabled: Call for SSR props
    routeProtector.showToRegisteredUserIfEnabled->>getSession: Get user session
    routeProtector.showToRegisteredUserIfEnabled->>featureFlagService.isEnabledForCtx: Check feature flag
    alt Feature enabled and user authenticated
        routeProtector.showToRegisteredUserIfEnabled->>Next.js SSR: Return { props: {} }
    else
        routeProtector.showToRegisteredUserIfEnabled->>Next.js SSR: Return { notFound: true }
    end

Loading

Poem

In the warren of code, a new path appears,
Only for bunnies with badges, my dears!
With flags and with checks, the routes now protect,
If you’re not registered, you’ll kindly deflect.
HOC hops in, and SSR guards too—
This rabbit’s delighted to welcome just you!
🐇✨

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

npm warn config production Use --omit=dev instead.
npm error Exit handler never called!
npm error This is an error with npm itself. Please report this error at:
npm error https://github.com/npm/cli/issues
npm error A complete log of this run can be found in: /.npm/_logs/2025-05-28T14_07_04_525Z-debug-0.log

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codecov]

Codecov Report

Attention: Patch coverage is 64.00000% with 18 lines in your changes missing coverage. Please review.

Project coverage is 36.31%. Comparing base (64914fa) to head (3728fde).
Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...ploy-web/src/pages/alerts/contact-points/index.tsx	0.00%	4 Missing ⚠️
...deploy-web/src/pages/alerts/contact-points/new.tsx	0.00%	4 Missing ⚠️
apps/deploy-web/src/pages/alerts/index.tsx	0.00%	4 Missing ⚠️
...s/deploy-web/src/services/route-protector/index.ts	0.00%	4 Missing ⚠️
apps/deploy-web/src/components/layout/Sidebar.tsx	33.33%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1393      +/-   ##
==========================================
+ Coverage   36.07%   36.31%   +0.24%     
==========================================
  Files         811      814       +3     
  Lines       19569    19602      +33     
  Branches     3615     3619       +4     
==========================================
+ Hits         7059     7119      +60     
+ Misses      11790    11764      -26     
+ Partials      720      719       -1     

Flag	Coverage Δ		*Carryforward flag
api	66.62% <ø> (ø)		Carriedforward from 64914fa
deploy-web	15.37% <64.00%> (+0.45%)	⬆️
notifications	88.46% <ø> (ø)		Carriedforward from 64914fa
provider-proxy	80.09% <ø> (ø)		Carriedforward from 64914fa

*This pull request uses carry forward flags. Click here to find out more.

Files with missing lines	Coverage Δ
...egistered-users-only/registered-users-only.hoc.tsx	100.00% <100.00%> (ø)
.../src/services/feature-flag/feature-flag.service.ts	100.00% <100.00%> (ø)
...ervices/route-protector/route-protector.service.ts	100.00% <100.00%> (ø)
apps/deploy-web/src/components/layout/Sidebar.tsx	40.67% <33.33%> (+0.32%)	⬆️
...ploy-web/src/pages/alerts/contact-points/index.tsx	0.00% <0.00%> (ø)
...deploy-web/src/pages/alerts/contact-points/new.tsx	0.00% <0.00%> (ø)
apps/deploy-web/src/pages/alerts/index.tsx	0.00% <0.00%> (ø)
...s/deploy-web/src/services/route-protector/index.ts	0.00% <0.00%> (ø)

... and 6 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

apps/deploy-web/src/hoc/registered-users-only/registered-users-only.hoc.spec.tsx (1)

58-58: Remove unused parameter from setup function interface.

The fallbackComponent parameter is defined in the interface but never used in the function.

-function setup({ isRegistered = true, props = {} }: { isRegistered?: boolean; props?: Record<string, any>; fallbackComponent?: React.ComponentType }) {
+function setup({ isRegistered = true, props = {} }: { isRegistered?: boolean; props?: Record<string, any> }) {

apps/deploy-web/src/services/route-protector/route-protector.service.ts (1)

12-26: LGTM! Proper implementation of combined feature flag and authentication protection.

The method correctly implements the PR objective by enforcing both feature flag enablement and user authentication. The logic is clear and the return values follow Next.js conventions.

Consider adding error handling for potential exceptions from getSession or isEnabledForCtx:

 showToRegisteredUserIfEnabled(name: string): GetServerSideProps {
   return async context => {
+    try {
       const session = await this.getSession(context.req, context.res);
       const isEnabled = await this.featureFlagService.isEnabledForCtx(name, context);

       if (isEnabled && session?.user) {
         return {
           props: {}
         };
       }

       return { notFound: true };
+    } catch (error) {
+      // Log error and return 404 for security
+      console.error('Route protection error:', error);
+      return { notFound: true };
+    }
   };
 }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 64914fa and 3728fde.

📒 Files selected for processing (11)

• apps/deploy-web/src/components/layout/Sidebar.tsx (4 hunks)
• apps/deploy-web/src/hoc/registered-users-only/registered-users-only.hoc.spec.tsx (1 hunks)
• apps/deploy-web/src/hoc/registered-users-only/registered-users-only.hoc.tsx (1 hunks)
• apps/deploy-web/src/pages/alerts/contact-points/index.tsx (1 hunks)
• apps/deploy-web/src/pages/alerts/contact-points/new.tsx (1 hunks)
• apps/deploy-web/src/pages/alerts/index.tsx (1 hunks)
• apps/deploy-web/src/services/feature-flag/feature-flag.service.spec.ts (2 hunks)
• apps/deploy-web/src/services/feature-flag/feature-flag.service.ts (1 hunks)
• apps/deploy-web/src/services/route-protector/index.ts (1 hunks)
• apps/deploy-web/src/services/route-protector/route-protector.service.spec.ts (1 hunks)
• apps/deploy-web/src/services/route-protector/route-protector.service.ts (1 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (5)

apps/deploy-web/src/components/layout/Sidebar.tsx (1)

apps/deploy-web/src/hooks/useUser.ts (1)

• useUser (8-24)

apps/deploy-web/src/pages/alerts/index.tsx (5)

apps/deploy-web/src/hoc/registered-users-only/registered-users-only.hoc.tsx (1)

• RegisteredUsersOnly (6-22)

apps/deploy-web/src/components/alerts/AlertsPage.tsx (1)

• AlertsPage (7-14)

apps/deploy-web/src/pages/alerts/contact-points/new.tsx (1)

• getServerSideProps (7-7)

apps/deploy-web/src/pages/alerts/contact-points/index.tsx (1)

• getServerSideProps (7-7)

apps/deploy-web/src/services/route-protector/index.ts (1)

• routeProtector (6-6)

apps/deploy-web/src/services/route-protector/route-protector.service.ts (2)

apps/deploy-web/src/services/feature-flag/index.ts (1)

• featureFlagService (6-6)

apps/deploy-web/src/services/feature-flag/feature-flag.service.ts (1)

• FeatureFlagService (6-47)

apps/deploy-web/src/services/route-protector/index.ts (2)

apps/deploy-web/src/services/route-protector/route-protector.service.ts (1)

• RouteProtectorService (6-26)

apps/deploy-web/src/services/feature-flag/index.ts (1)

• featureFlagService (6-6)

apps/deploy-web/src/hoc/registered-users-only/registered-users-only.hoc.tsx (1)

apps/deploy-web/src/hooks/useUser.ts (1)

• useUser (8-24)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: test-deploy-web-build

🔇 Additional comments (35)

apps/deploy-web/src/components/layout/Sidebar.tsx (4)

42-42: LGTM: Proper import for user authentication check.

The import of useUser hook is correctly added to support the conditional rendering logic for the alerts route.

---

70-70: LGTM: User hook usage follows established pattern.

The useUser hook is properly called to retrieve the current user state, consistent with how it's used in the RegisteredUsersOnly HOC.

---

108-115: LGTM: Dual-condition check ensures proper access control.

The conditional logic correctly implements the access control requirements by checking both:

1. Feature flag status (isAlertsEnabled)
2. User registration status (user?.userId)

This aligns perfectly with the server-side protection implemented via routeProtector.showToRegisteredUserIfEnabled and the client-side protection via the RegisteredUsersOnly HOC.

---

118-118: LGTM: Dependency array correctly updated.

The addition of user?.userId to the dependency array ensures that the routes are recomputed when the user's registration status changes, which is essential for the conditional alerts route rendering.

apps/deploy-web/src/services/route-protector/index.ts (1)

1-7: LGTM: Clean dependency injection pattern for route protection.

This module follows excellent architectural patterns:

1. Singleton pattern: Appropriate for route protection as it ensures consistent behavior across the application
2. Dependency injection: Properly injects featureFlagService and getSession dependencies, making the service testable and loosely coupled
3. Centralized logic: Consolidates route protection logic in one place, promoting maintainability

The integration with Auth0's getSession and the existing featureFlagService creates a cohesive access control mechanism that combines feature flags with user authentication.

apps/deploy-web/src/hoc/registered-users-only/registered-users-only.hoc.tsx (1)

6-22: LGTM: Well-implemented HOC following React best practices.

This HOC demonstrates excellent implementation patterns:

1. Type safety: Uses generic type P extends object for proper prop forwarding
2. User registration check: Correctly uses !!user?.userId to determine registration status, consistent with the useUser hook's behavior
3. Configurable fallback: Allows custom fallback component while defaulting to 404 page
4. Debug support: Properly sets displayName for better debugging experience
5. Prop forwarding: Correctly spreads props to the wrapped component

The logic aligns perfectly with the server-side protection via routeProtector.showToRegisteredUserIfEnabled, creating a comprehensive access control mechanism.

apps/deploy-web/src/pages/alerts/contact-points/new.tsx (3)

2-3: LGTM: Proper imports for dual-layer protection.

The imports correctly bring in both the client-side (RegisteredUsersOnly HOC) and server-side (routeProtector) protection mechanisms.

---

5-5: LGTM: Client-side protection properly implemented.

The RegisteredUsersOnly HOC wrapper ensures that even if server-side protection is bypassed, the component will only render for registered users on the client side.

---

7-7: LGTM: Server-side protection with combined checks.

The routeProtector.showToRegisteredUserIfEnabled("alerts") method provides server-side protection by checking both:

1. The "alerts" feature flag status
2. User session/registration status

This creates a robust defense-in-depth approach when combined with the client-side HOC protection.

apps/deploy-web/src/hoc/registered-users-only/registered-users-only.hoc.spec.tsx (6)

10-18: LGTM! Good test coverage for the registered user scenario.

The test correctly verifies that the wrapped component renders when the user is registered and the fallback component doesn't render.

---

20-26: LGTM! Proper test coverage for the unregistered user scenario.

The test correctly verifies the inverse behavior - fallback renders when user is not registered.

---

28-39: Excellent test for prop forwarding behavior.

This test ensures the HOC correctly passes through props to the wrapped component, which is crucial for HOC functionality.

---

41-45: Good test for displayName behavior.

Testing the displayName is important for debugging React components, especially when using HOCs.

---

47-56: Excellent edge case handling for anonymous components.

This test ensures the HOC gracefully handles components without displayName or name properties, which is a common edge case.

---

69-76:

Details

❌ Incorrect review comment

Consider using more realistic user data structure.

The mock user profile structure should match what the actual useUser hook returns from Auth0. Consider verifying the expected structure.

---

🏁 Script executed:

#!/bin/bash
# Search for the actual useUser hook usage to verify the expected user structure
rg -A 10 "useUser.*from.*auth0" --type tsx --type ts

Length of output: 82

---

I’ll retry searching for all useUser occurrences across both .ts and .tsx files using glob patterns:

---

🏁 Script executed:

#!/bin/bash
rg -A10 "useUser" -g "*.ts*"

Length of output: 37628

---

Gathering the HOC implementation, its test, and the CustomUserProfile shape for verification:

#!/bin/bash

echo "=== HOC implementation ==="
rg -n "RegisteredUsersOnly" -A20 apps/deploy-web/src/hoc/registered-users-only/registered-users-only.hoc.tsx || true

echo
echo "=== Test file ==="
cat apps/deploy-web/src/hoc/registered-users-only/registered-users-only.hoc.spec.tsx

echo
echo "=== CustomUserProfile type ==="
rg -n "export type CustomUserProfile" -A20 apps/deploy-web/src/types/user.ts || true

---

I need to inspect the HOC’s test and the exact shape of CustomUserProfile to ensure our mock aligns. Running:

---

🏁 Script executed:

#!/bin/bash

echo "=== registered-users-only.hoc.spec.tsx (first 200 lines) ==="
sed -n '1,200p' apps/deploy-web/src/hoc/registered-users-only/registered-users-only.hoc.spec.tsx || true

echo
echo "=== Locate CustomUserProfile in types ==="
rg -n "CustomUserProfile" -g "apps/deploy-web/src/types/*.ts" || true

echo
echo "=== CustomUserProfile definition (first 200 lines) ==="
sed -n '1,200p' apps/deploy-web/src/types/user.ts || true

Length of output: 4432

---

Suggestion Unnecessary: Current Mock Covers Required Fields

The RegisteredUsersOnly HOC only uses userId to determine registration, so your mock returning { userId, email } is sufficient for this test. There’s no need to mirror the entire Auth0 UserProfile shape here.

Likely an incorrect or invalid review comment.

apps/deploy-web/src/pages/alerts/index.tsx (3)

2-3: LGTM! Proper imports for the new protection mechanism.

The imports correctly bring in both the client-side HOC and server-side route protector.

---

5-5: LGTM! Clean implementation of client-side protection.

The default export is properly wrapped with the RegisteredUsersOnly HOC, which will handle client-side access control.

---

7-7: LGTM! Consistent server-side protection implementation.

The getServerSideProps correctly uses the route protector's showToRegisteredUserIfEnabled method, providing server-side access control that matches the client-side protection.

apps/deploy-web/src/pages/alerts/contact-points/index.tsx (3)

2-3: LGTM! Consistent import pattern across alert pages.

The imports match the pattern used in the alerts index page, maintaining consistency.

---

5-5: LGTM! Consistent HOC usage pattern.

The ContactPointsPage is properly wrapped with the RegisteredUsersOnly HOC, following the same pattern as other alert pages.

---

7-7: LGTM! Consistent server-side protection.

The getServerSideProps implementation matches the pattern used across other alert pages, ensuring consistent access control.

apps/deploy-web/src/services/route-protector/route-protector.service.spec.ts (6)

10-20: LGTM! Comprehensive happy path test.

The test correctly verifies that when both conditions are met (feature enabled + user logged in), the service returns props for rendering.

---

22-32: Excellent coverage of all failure scenarios.

These tests thoroughly cover all combinations where access should be denied, ensuring the service correctly returns { notFound: true } in each case.

Also applies to: 34-44, 46-56

---

58-68: Good integration test for feature flag service.

This test ensures the feature flag service is called with the correct parameters, verifying proper integration.

---

70-80: Good integration test for session service.

This test verifies that the session service is called with the correct request/response objects from the context.

---

102-114: Well-structured mock context.

The GetServerSidePropsContext mock includes the essential properties needed for testing, with realistic faker-generated data.

---

87-98:

Details

❓ Verification inconclusive

Consider verifying the session structure matches Auth0's actual session format.

The mock session structure should align with what Auth0's getSession actually returns to ensure test accuracy.

---

🏁 Script executed:

#!/bin/bash
# Search for Auth0 session usage patterns to verify the expected structure
rg -A 15 "getSession.*from.*auth0" --type ts --type tsx

Length of output: 85

---

🏁 Script executed:

#!/bin/bash
# Locate the route protector service and inspect how getSession is used
echo "Finding service file:"
fd route-protector.service.ts || echo "File not found with fd; listing matching files:"
rg "route-protector.service" --files

echo -e "\nSearching for getSession usage in the repo:"
rg "getSession" -n

Length of output: 67312

---

Verify Auth0 getSession return shape
The test currently stubs getSession to return only:

{ user: { sub, email, name, picture } }

Auth0’s getSession actually returns a fuller Session object—including fields like accessToken, idToken, expiresIn, etc.—in addition to user.
• If your route-protector service only reads session.user.sub, this mock is sufficient.
• Otherwise, extend the stub to include any additional properties your code uses.

apps/deploy-web/src/services/feature-flag/feature-flag.service.ts (2)

33-39: LGTM! Good separation of concerns with the new isEnabledForCtx method.

The extraction of feature flag evaluation logic into a dedicated method improves modularity and enables reuse by other services like the RouteProtectorService. The method correctly handles both the global enable-all flag and context-specific evaluation.

---

41-46: LGTM! Clean refactoring of showIfEnabled method.

The refactored method properly delegates to isEnabledForCtx and maintains the same behavior while improving code reusability. The logic is clear and concise.

apps/deploy-web/src/services/route-protector/route-protector.service.ts (1)

6-11: LGTM! Well-designed service with clear dependencies.

The constructor properly injects the required dependencies for feature flag evaluation and user session management. The dependency injection pattern makes the service testable and follows good architectural practices.

apps/deploy-web/src/services/feature-flag/feature-flag.service.spec.ts (5)

11-30: LGTM! Well-structured tests for getFlag method with good coverage.

The tests are properly organized and cover both the enable-all configuration scenario and the normal flag evaluation flow. The mocking strategy is appropriate and the assertions verify the expected behavior.

---

32-44: LGTM! Comprehensive tests for extractSessionId method.

The tests cover both the successful session ID extraction and the case where no session ID is present. This ensures the cookie parsing logic works correctly in various scenarios.

---

46-64: LGTM! Thorough tests for the new isEnabledForCtx method.

The tests properly verify both the enable-all configuration path and the normal evaluation flow, including the interaction with extractSessionId and getFlag. The use of spies ensures the method calls are verified correctly.

---

66-86: LGTM! Complete test coverage for showIfEnabled method.

The tests verify both the enabled and disabled scenarios, ensuring the method returns the correct server-side props structure. The mocking of isEnabledForCtx properly isolates the testing of this method's specific logic.

---

88-109: LGTM! Simplified and improved setup function.

The removal of the getFlagResult parameter and the addition of the spy on extractSessionId makes the setup function more focused and easier to use across different test scenarios.