feat(fuzz): combinações de parâmetros críticos e execução paralela por Edge Functions

[adm01-debug]

Motivation

• Gerar combinações de parâmetros focadas em campos críticos e regras de negócio para aumentar a cobertura de fuzz nas Edge Functions.
• Executar os testes em lotes paralelos para reduzir tempo total e isolar falhas por função.
• Produzir um relatório agregado de falhas por função para priorizar correções de estabilidade e vazamentos de stack.

Description

• Adiciona novas configurações FUZZ_FUNCTION_CONCURRENCY e FUZZ_MAX_COMBINATIONS e aumenta o FUZZ_CONCURRENCY padrão para melhorar paralelismo e controle de combinações por função.
• Introduz helpers pick e combine e altera geradores para produzir combinações direcionadas (ex.: generateCnpjLookupPayloads e generateProductWebhookPayloads) com limite configurável por função.
• Implementa execução em dois níveis com runFunctionSpec e execução paralela de chunks de funções controlada por FUNCTION_CONCURRENCY, mantendo paralelismo por batch de payloads (CONCURRENCY).
• Adiciona coleta allIssues e impressão de um resumo agregado de falhas por função ao final do relatório mantendo o comportamento dry-run quando não há credenciais.

Testing

• Executado node scripts/fuzz-testing.mjs em modo DRY-RUN e a execução completou com sucesso sem crashes, timeouts ou stack leaks.
• O script relatou Payloads gerados: 262 e Requests enviados: 0 no modo dry-run confirmando a geração e validação estrutural dos payloads.
• Verificado que o comportamento de dry-run permanece intacto quando SUPABASE_URL/SERVICE_ROLE_KEY não estão presentes.

---

Codex Task

---

Summary by cubic

Adds targeted parameter combinations and per-function parallel execution in the fuzz tester to raise coverage and cut runtime. Includes aggregated failure reporting and new env controls.

• New Features
  • New env vars: FUZZ_FUNCTION_CONCURRENCY, FUZZ_MAX_COMBINATIONS; default FUZZ_CONCURRENCY increased to 6.
  • Helpers pick and combine; generators updated (e.g., generateCnpjLookupPayloads, generateProductWebhookPayloads) to focus on critical fields with per-function limits.
  • Two-level parallelism: function-level chunks controlled by FUZZ_FUNCTION_CONCURRENCY, batch payloads by FUZZ_CONCURRENCY.
  • Aggregated failure summary by function; preserves dry-run when Supabase creds are missing.

^{Written for commit bea7f64. Summary will update on new commits. Review in cubic}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
we-dream-big	Error		May 26, 2026 12:23am

[coderabbitai]

Warning

Review limit reached

@adm01-debug, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 37 minutes and 17 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: d246e451-4c00-4235-8bd2-aa91d52102b9

📥 Commits

Reviewing files that changed from the base of the PR and between 403fbb3 and bea7f64.

📒 Files selected for processing (1)

• scripts/fuzz-testing.mjs

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/generate-parameter-combinations-for-edge-function

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[supabase]

This pull request has been ignored for the connected project doufsxqlfjyuvxuezpln because there are no changes detected in supabase directory. You can change this behaviour in Project Integrations Settings ↗︎.

---

Preview Branches by Supabase.
Learn more about Supabase Branching ↗︎.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: bea7f64c01

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Guard function chunk size against non-positive values

If FUZZ_FUNCTION_CONCURRENCY is set to a negative number, FUNCTION_CONCURRENCY keeps that value (Number(env) || 3 treats negatives as truthy) and this loop never terminates because i decreases on each iteration. In CI or scripted runs with a bad env value, the fuzz job will hang indefinitely before producing a final report; clamp this setting to >= 1 (or fall back to default when invalid).

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Avoid retaining full failing payloads in issue accumulator

The new aggregation path stores each failing payload object (fnIssues.push({ payload: batch[j], issues })) but only uses per-function counts at the end, so large fuzz inputs (e.g., 10k/100k strings and 500-item arrays generated in this script) are kept in memory unnecessarily for the whole run. When many requests fail—as is common during fuzzing—this can sharply increase memory usage and destabilize long test runs without adding reporting value.

Useful? React with 👍 / 👎.