CCM-14319: Add localid validation to mesh poll (#210)

* CCM-14319: Add localid validation to mesh poll

* CCM-14319: Fix linting issue

* CCM-14319: Remove unused ValidationError

Author: lapenna-bjss

lambdas/mesh-poll/mesh_poll/__tests__/test_handler.py

@@ -1,9 +1,10 @@
 """
 Tests for Lambda handler
 """
-import pytest
 from unittest.mock import Mock, patch, MagicMock
 
+import pytest
+
 
 def setup_mocks():
     """
@@ -39,7 +40,13 @@ class TestHandler:
     @patch('mesh_poll.handler.SenderLookup')
     @patch('mesh_poll.handler.MeshMessageProcessor')
     @patch('mesh_poll.handler.client')
-    def test_handler_success(self, mock_boto_client, mock_processor_class, mock_sender_lookup_class, mock_config_class):
+    def test_handler_success(
+        self,
+        mock_boto_client,
+        mock_processor_class,
+        mock_sender_lookup_class,
+        mock_config_class
+    ):
         """Test successful handler execution"""
         from mesh_poll.handler import handler
 
@@ -75,7 +82,10 @@ def test_handler_success(self, mock_boto_client, mock_processor_class, mock_send
         assert call_kwargs['config'] == mock_config
         assert call_kwargs['sender_lookup'] == mock_sender_lookup
         assert call_kwargs['mesh_client'] == mock_config.mesh_client
-        assert call_kwargs['get_remaining_time_in_millis'] == mock_context.get_remaining_time_in_millis
+        assert (
+            call_kwargs['get_remaining_time_in_millis']
+            == mock_context.get_remaining_time_in_millis
+        )
         assert call_kwargs['polling_metric'] == mock_config.polling_metric
         assert 'log' in call_kwargs
 
@@ -86,7 +96,13 @@ def test_handler_success(self, mock_boto_client, mock_processor_class, mock_send
     @patch('mesh_poll.handler.SenderLookup')
     @patch('mesh_poll.handler.MeshMessageProcessor')
     @patch('mesh_poll.handler.client')
-    def test_handler_config_cleanup_on_exception(self, mock_boto_client, mock_processor_class, mock_sender_lookup_class, mock_config_class):
+    def test_handler_config_cleanup_on_exception(
+        self,
+        mock_boto_client,
+        mock_processor_class,
+        mock_sender_lookup_class,
+        mock_config_class
+    ):
         """Test that Config context manager cleanup is called even on exception"""
         from mesh_poll.handler import handler
 

lambdas/mesh-poll/mesh_poll/__tests__/test_processor.py

@@ -2,7 +2,8 @@
 Tests for mesh-poll MeshMessageProcessor
 Following the pattern from backend comms-mgr mesh-poll tests
 """
-from unittest.mock import Mock, call, patch
+from unittest.mock import Mock, patch
+
 from mesh_client import MeshClient
 from mesh_poll.processor import MeshMessageProcessor
 
@@ -166,10 +167,13 @@ def test_process_message_with_unknown_sender(self, mock_event_publisher_class):
 
         sender_lookup.is_valid_sender.assert_called_once_with(message.sender)
         message.acknowledge.assert_called_once()
-        mock_event_publisher.send_events.assert_not_called()  # No event published for invalid sender
+        mock_event_publisher.send_events.assert_not_called()
 
     def test_process_message_logs_error_on_event_publish_failure(self, mock_event_publisher_class):
-        """Test that processor logs error when event publishing fails and does not acknowledge message"""
+        """
+        Test that processor logs error when event publishing fails
+        and does not acknowledge message
+        """
         (config, sender_lookup, mesh_client, log, polling_metric) = setup_mocks()
         message = setup_message_data("1")
 
@@ -224,5 +228,89 @@ def test_all_messages_are_processed_in_a_single_iteration(self, mock_event_publi
         mesh_client.handshake.assert_called_once()
         assert mesh_client.iterate_all_messages.call_count == 1
         assert sender_lookup.is_valid_sender.call_count == 3
-        assert mock_event_publisher.send_events.call_count == 3  # Events published for all 3 messages
+        assert mock_event_publisher.send_events.call_count == 3
         polling_metric.record.assert_called_once()
+
+    def test_process_message_rejects_missing_local_id(self, mock_event_publisher_class):
+        """Test that processor publishes MESHInboxMessageInvalid event for missing local_id"""
+        (config, sender_lookup, mesh_client, log, polling_metric) = setup_mocks()
+        message = setup_message_data("1")
+        message.local_id = None
+
+        mock_event_publisher = Mock()
+        mock_event_publisher.send_events.return_value = []
+        mock_event_publisher_class.return_value = mock_event_publisher
+
+        sender_lookup.is_valid_sender.return_value = True
+        sender_lookup.get_sender_id.return_value = "test-sender-id"
+
+        processor = MeshMessageProcessor(
+            config=config,
+            sender_lookup=sender_lookup,
+            mesh_client=mesh_client,
+            get_remaining_time_in_millis=get_remaining_time_in_millis,
+            log=log,
+            polling_metric=polling_metric
+        )
+
+        processor.process_message(message)
+
+        message.acknowledge.assert_called_once()
+        mock_event_publisher.send_events.assert_called_once()
+
+    def test_process_message_rejects_empty_local_id(self, mock_event_publisher_class):
+        """Test that processor publishes MESHInboxMessageInvalid event for empty local_id"""
+        (config, sender_lookup, mesh_client, log, polling_metric) = setup_mocks()
+        message = setup_message_data("1")
+        message.local_id = ""
+
+        mock_event_publisher = Mock()
+        mock_event_publisher.send_events.return_value = []  # Success
+        mock_event_publisher_class.return_value = mock_event_publisher
+
+        sender_lookup.is_valid_sender.return_value = True
+        sender_lookup.get_sender_id.return_value = "test-sender-id"
+
+        processor = MeshMessageProcessor(
+            config=config,
+            sender_lookup=sender_lookup,
+            mesh_client=mesh_client,
+            get_remaining_time_in_millis=get_remaining_time_in_millis,
+            log=log,
+            polling_metric=polling_metric
+        )
+
+        processor.process_message(message)
+
+        message.acknowledge.assert_called_once()
+        mock_event_publisher.send_events.assert_called_once()
+
+    def test_process_message_rejects_whitespace_only_local_id(self, mock_event_publisher_class):
+        """
+        Test that processor publishes MESHInboxMessageInvalid event
+        for whitespace-only local_id
+        """
+        (config, sender_lookup, mesh_client, log, polling_metric) = setup_mocks()
+        message = setup_message_data("1")
+        message.local_id = "   "
+
+        mock_event_publisher = Mock()
+        mock_event_publisher.send_events.return_value = []  # Success
+        mock_event_publisher_class.return_value = mock_event_publisher
+
+        sender_lookup.is_valid_sender.return_value = True
+        sender_lookup.get_sender_id.return_value = "test-sender-id"
+
+        processor = MeshMessageProcessor(
+            config=config,
+            sender_lookup=sender_lookup,
+            mesh_client=mesh_client,
+            get_remaining_time_in_millis=get_remaining_time_in_millis,
+            log=log,
+            polling_metric=polling_metric
+        )
+
+        processor.process_message(message)
+
+        message.acknowledge.assert_called_once()
+        mock_event_publisher.send_events.assert_called_once()

lambdas/mesh-poll/mesh_poll/config.py

@@ -3,6 +3,7 @@
 """
 from dl_utils import BaseMeshConfig, Metric, log
 
+__all__ = ['Config', 'log']
 
 _REQUIRED_ENV_VAR_MAP = {
     "ssm_senders_prefix": "SSM_SENDERS_PREFIX",

lambdas/mesh-poll/mesh_poll/processor.py

@@ -6,7 +6,7 @@
 from uuid import uuid4
 
 from dl_utils import EventPublisher
-from digital_letters_events import MESHInboxMessageReceived
+from digital_letters_events import MESHInboxMessageReceived, MESHInboxMessageInvalid
 
 from .errors import AuthorizationError, format_exception
 
@@ -31,7 +31,10 @@ def __init__(self, **kwargs):
         environment = 'development'
         deployment = 'primary'
         plane = 'data-plane'
-        self.__cloud_event_source = f'/nhs/england/notify/{environment}/{deployment}/{plane}/digitalletters/mesh'
+        self.__cloud_event_source = (
+            f'/nhs/england/notify/{environment}/{deployment}/{plane}/'
+            'digitalletters/mesh'
+        )
 
         # Initialize EventPublisher
         self.__event_publisher = EventPublisher(
@@ -97,14 +100,33 @@ def process_message(self, message):
         logger.info(PROCESSING_MESSAGE)
 
         try:
-            # Basic sender validation - only publish events for known senders
+            # Basic sender validation - only process messages from known senders
             if not self.__sender_lookup.is_valid_sender(sender_mailbox_id):
                 raise AuthorizationError(
                     f'Cannot authorize sender with mailbox ID "{sender_mailbox_id}"')
 
             # Get the corresponding sender ID
             sender_id = self.__sender_lookup.get_sender_id(sender_mailbox_id)
 
+            if not message_reference or message_reference.strip() == "":
+                logger.error('Message has missing or empty local_id')
+
+                # Publish MESHInboxMessageInvalid event
+                message_id = message.id()
+                event_detail = {
+                    "data": {
+                        "meshMessageId": message_id,
+                        "senderId": sender_id,
+                        "failureCode": "LID_MESH_0001"
+                    }
+                }
+
+                self._publish_mesh_inbox_message_invalid_event(event_detail)
+
+                message.acknowledge()  # Remove from inbox
+                logger.info(ACKNOWLEDGED_MESSAGE)
+                return
+
             # Publish event for valid sender
             message_id = message.id()
             event_detail = {
@@ -136,14 +158,20 @@ def _publish_mesh_inbox_message_received_event(self, event_detail):
             'id': str(uuid4()),
             'specversion': '1.0',
             'source': self.__cloud_event_source,
-            'subject': f'customer/{event_detail["data"]["senderId"]}/recipient/{event_detail["data"]["messageReference"]}',
+            'subject': (
+                f'customer/{event_detail["data"]["senderId"]}/recipient/'
+                f'{event_detail["data"]["messageReference"]}'
+            ),
             'type': 'uk.nhs.notify.digital.letters.mesh.inbox.message.received.v1',
             'time': now,
             'recordedtime': now,
             'severitynumber': 2,
             'severitytext': 'INFO',
             'traceparent': '00-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-01',
-            'dataschema': 'https://notify.nhs.uk/cloudevents/schemas/digital-letters/2025-10-draft/data/digital-letters-mesh-inbox-message-received-data.schema.json',
+            'dataschema': (
+                'https://notify.nhs.uk/cloudevents/schemas/digital-letters/'
+                '2025-10-draft/data/digital-letters-mesh-inbox-message-received-data.schema.json'
+            ),
             'datacontenttype': 'application/json',
             'data': event_detail.get('data', {}),
         }
@@ -158,3 +186,40 @@ def _publish_mesh_inbox_message_received_event(self, event_detail):
         self.__log.info("Published MESHInboxMessageReceived event",
                         mesh_message_id=event_detail["data"]["meshMessageId"],
                         sender_id=event_detail["data"]["senderId"])
+
+    def _publish_mesh_inbox_message_invalid_event(self, event_detail):
+        """
+        Publishes a MESHInboxMessageInvalid event when a message fails validation.
+        """
+        now = datetime.now(timezone.utc).isoformat()
+
+        cloud_event = {
+            'id': str(uuid4()),
+            'specversion': '1.0',
+            'source': self.__cloud_event_source,
+            'subject': f'customer/{event_detail["data"]["senderId"]}',
+            'type': 'uk.nhs.notify.digital.letters.mesh.inbox.message.invalid.v1',
+            'time': now,
+            'recordedtime': now,
+            'severitynumber': 3,
+            'severitytext': 'WARN',
+            'traceparent': '00-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-01',
+            'dataschema': (
+                'https://notify.nhs.uk/cloudevents/schemas/digital-letters/'
+                '2025-10-draft/data/digital-letters-mesh-inbox-message-invalid-data.schema.json'
+            ),
+            'datacontenttype': 'application/json',
+            'data': event_detail.get('data', {})
+        }
+
+        failed_events = self.__event_publisher.send_events([cloud_event], MESHInboxMessageInvalid)
+
+        if failed_events:
+            error_msg = f"Failed to publish MESHInboxMessageInvalid event: {failed_events}"
+            self.__log.error(error_msg, failed_count=len(failed_events))
+            raise RuntimeError(error_msg)
+
+        self.__log.info("Published MESHInboxMessageInvalid event",
+                        mesh_message_id=event_detail["data"]["meshMessageId"],
+                        sender_id=event_detail["data"]["senderId"],
+                        failure_code=event_detail["data"]["failureCode"])

tests/playwright/digital-letters-component-tests/mesh-poll-download.component.spec.ts

@@ -179,4 +179,55 @@ test.describe('Digital Letters - MESH Poll and Download', () => {
       await expectMeshInboxMessageReceivedEvent(msg.meshMessageId);
     }
   });
+
+  test('should publish MESHInboxMessageInvalid event when local_id is missing', async () => {
+    const meshMessageId = `${Date.now()}_INVALID_${uuidv4().slice(0, 8)}`;
+    const messageContent = JSON.stringify({
+      senderId,
+      testData: 'This message has no local_id',
+      timestamp: new Date().toISOString(),
+    });
+
+    await uploadMeshMessage(meshMessageId, '', messageContent, {
+      local_id: '',
+    });
+
+    await invokeLambda(MESH_POLL_LAMBDA_NAME);
+
+    await expectToPassEventually(async () => {
+      const eventLogEntry = await getLogsFromCloudwatch(
+        `/aws/vendedlogs/events/event-bus/nhs-${ENV}-dl`,
+        [
+          '$.message_type = "EVENT_RECEIPT"',
+          '$.details.detail_type = "uk.nhs.notify.digital.letters.mesh.inbox.message.invalid.v1"',
+          String.raw`$.details.event_detail = "*\"meshMessageId\":\"${meshMessageId}\"*"`,
+          String.raw`$.details.event_detail = "*\"senderId\":\"${senderId}\"*"`,
+          String.raw`$.details.event_detail = "*\"failureCode\":\"LID_MESH_0001\"*"`,
+        ],
+      );
+
+      expect(eventLogEntry.length).toBeGreaterThanOrEqual(1);
+    }, 120_000);
+
+    await expectToPassEventually(async () => {
+      await expect(async () => {
+        await downloadFromS3(
+          NON_PII_S3_BUCKET_NAME,
+          `mock-mesh/${meshMailboxId}/in/${meshMessageId}`,
+        );
+      }).rejects.toThrow('No objects found');
+    }, 60_000);
+
+    await expectToPassEventually(async () => {
+      const receivedEvents = await getLogsFromCloudwatch(
+        `/aws/vendedlogs/events/event-bus/nhs-${ENV}-dl`,
+        [
+          '$.message_type = "EVENT_RECEIPT"',
+          '$.details.detail_type = "uk.nhs.notify.digital.letters.mesh.inbox.message.received.v1"',
+          `$.details.event_detail = "*\\"meshMessageId\\":\\"${meshMessageId}\\"*"`,
+        ],
+      );
+      expect(receivedEvents.length).toBe(0);
+    }, 15_000);
+  });
 });