codeflash-internal/tiles/codeflash-internal-docs/evals/scenario-4/task.md

Task: Write an Express Route Registration Module with Correct Middleware Ordering

Context

The codeflash-internal cf-api is an Express server where route registration order is critical. Webhook routes must be registered before the JSON body parser because they need raw body access for signature verification. Protected routes require API key authentication via middleware.

You are adding a new set of routes for a "deployment" feature and need to integrate them into the existing route registration order.

Task

1. Write a TypeScript route registration module routes/index.ts that demonstrates the correct ordering:

   • Phase 1: Webhook routes (before body parser) -- include GitHub and Stripe webhook handlers
   • Phase 2: Body parser with express.json({ limit: JSON_BODY_LIMIT })
   • Phase 3: Public routes (no auth)
   • Phase 4: Protected routes with checkForValidAPIKey middleware

2. Write a new deployment.routes.ts module that:

   • Has POST /deploy/trigger -- triggers a deployment
   • Has POST /deploy/status -- checks deployment status
   • Has POST /deploy/rollback -- rolls back a deployment
   • All routes are protected (require API key)
   • Uses trackEndpointCalls middleware for PostHog tracking
   • Uses trackUsage middleware for usage tracking

3. Explain in a code comment why the webhook routes must come before express.json() and what would break if they didn't.

Expected Outputs

• A routes/index.ts showing the 4-phase registration with the new deployment routes in the correct phase
• A deployment.routes.ts with the three endpoints and proper middleware
• A comment explaining the webhook ordering requirement