#
# Separately, this extension also adds a 'golookup' command that
# returns the hash of a specific reference, like 'default' or a tag.
# And golookup of a hash confirms that it still exists on the server.
# We can use that to revalidate that specific versions still exist and
# have the same meaning they did the last time we checked.
#
# Usage:
#
#	hg --config "extensions.goreposum=$GOROOT/lib/hg/goreposum.py" goreposum REPOURL

Hiding your documentation user interfaces in production *shouldn't* be the way to protect your API.

That doesn't add any extra security to your API, the *path operations* will still be available where they are.

If there's a security flaw in your code, it will still exist.

        example: Annotated[
            Optional[Any],
            deprecated(
                "Deprecated in OpenAPI 3.1.0 that now uses JSON Schema 2020-12, "
                "although still supported. Use examples instead."
            ),
        ] = _Unset,
        openapi_examples: Optional[dict[str, Example]] = None,
        deprecated: Union[deprecated, str, bool, None] = None,

app = FastAPI(
    servers=[
        {"url": "/", "description": "Default, relative server"},
        {
            "url": "http://staging.localhost.tiangolo.com:8000",
            "description": "Staging but actually localhost still",
        },
        {"url": "https://prod.example.com"},
    ]
)


@app.get("/foo")
def foo():
    return {"message": "Hello World"}


client = TestClient(app)


def test_app():

            assertTrue(successfulThreads.get() > 0, "At least some threads should complete successfully");

            // The rate limiter should still be functional after concurrent access
            assertTrue(concurrentLimiter.checkAttempt("finaluser", "192.168.3.1"),
                    "Rate limiter should still be functional after concurrent operations");

            // Verify that the rate limiter tracked some activity

   * response body is [closed][ResponseBody]. The recipient of the callback may consume the response
   * body on another thread.
   *
   * Note that transport-layer success (receiving a HTTP response code, headers and body) does not
   * necessarily indicate application-layer success: `response` may still indicate an unhappy HTTP
   * response code like 404 or 500.
   */

When you return a `Response` directly its data is not validated, converted (serialized), or documented automatically.

But you can still document it as described in [Additional Responses in OpenAPI](additional-responses.md){.internal-link target=_blank}.

    assertEquals(
        "next() should still return first element after peeking", "A", peekingIterator.next());

    assertEquals("Should be able to peek() at middle element", "B", peekingIterator.peek());
    assertEquals(
        "Should be able to peek() middle element multiple times", "B", peekingIterator.peek());
    assertEquals(
        "next() should still return middle element after peeking", "B", peekingIterator.next());

            // Refresh should not break anything
            orig.refresh();
            copy.refresh();

            // Both should still return null
            assertNull(orig.getSubject(), "Original should still return null after refresh");
            assertNull(copy.getSubject(), "Clone should still return null after refresh");
        }
    }

    @Test
    @DisplayName("renew: invokes getSubject and returns self")

        auth.resetAuthenticationTimestamp();
        long afterReset = System.currentTimeMillis();

        // Should still not be expired
        assertFalse(auth.isExpired());

        // Wait for original TTL to pass
        Thread.sleep(600);

        // Should still not be expired because we reset
        assertFalse(auth.isExpired());

        // Wait for the full TTL since reset