Fix adversarial review findings in SignalR hub tests

- Replace generic Exception assertions with HttpRequestException + 401
  check in auth tests (prevents false positives from config errors)
- WaitForEventsAsync now throws TimeoutException when expected events
  do not arrive, making timeout failures immediately diagnosable
- Use DateTimeOffset.UtcNow instead of DateTime.UtcNow for consistency
- Add missing status code assertions on column/card creation in
  ClearEditingCard test
- Fix XML doc to not claim boardMutation coverage that does not exist
- Use await using for conn2 in DisconnectOne test to prevent resource
  leak on assertion failure

Author: Chris0Jeky

backend/tests/Taskdeck.Api.Tests/BoardsHubIntegrationTests.cs

@@ -13,7 +13,7 @@ namespace Taskdeck.Api.Tests;
 
 /// <summary>
 /// Integration tests for the BoardsHub SignalR hub covering presence lifecycle,
-/// authentication enforcement, board mutation event delivery, and edge cases.
+/// authentication enforcement, and edge cases.
 /// Uses WebApplicationFactory with the real SignalR pipeline (in-memory transport).
 /// </summary>
 public class BoardsHubIntegrationTests : IClassFixture<TestWebApplicationFactory>
@@ -35,7 +35,9 @@ public async Task Unauthenticated_Connection_ShouldFailToStart()
         await using var connection = SignalRTestHelper.CreateBoardsHubConnection(_factory, accessToken: null);
 
         var act = () => connection.StartAsync();
-        await act.Should().ThrowAsync<Exception>();
+        // SignalR negotiate returns 401; the client wraps this in HttpRequestException
+        await act.Should().ThrowAsync<HttpRequestException>()
+            .Where(ex => ex.Message.Contains("401") || ex.StatusCode == HttpStatusCode.Unauthorized);
     }
 
     [Fact]
@@ -56,7 +58,9 @@ public async Task InvalidToken_Connection_ShouldFailToStart()
         await using var connection = SignalRTestHelper.CreateBoardsHubConnection(_factory, "not-a-valid-jwt");
 
         var act = () => connection.StartAsync();
-        await act.Should().ThrowAsync<Exception>();
+        // Invalid JWT causes 401 on the negotiate endpoint
+        await act.Should().ThrowAsync<HttpRequestException>()
+            .Where(ex => ex.Message.Contains("401") || ex.StatusCode == HttpStatusCode.Unauthorized);
     }
 
     // ────────────────────────────────────────────────────────────────
@@ -131,10 +135,12 @@ public async Task ClearEditingCard_ShouldBroadcastPresenceWithNullEditingState()
         var colResponse = await client.PostAsJsonAsync(
             $"/api/boards/{board.Id}/columns",
             new CreateColumnDto(board.Id, "Backlog", null, null));
+        colResponse.StatusCode.Should().Be(HttpStatusCode.Created);
         var column = await colResponse.Content.ReadFromJsonAsync<ColumnDto>();
         var cardResponse = await client.PostAsJsonAsync(
             $"/api/boards/{board.Id}/cards",
             new CreateCardDto(board.Id, column!.Id, "Test Card", null, null, null));
+        cardResponse.StatusCode.Should().Be(HttpStatusCode.Created);
         var card = await cardResponse.Content.ReadFromJsonAsync<CardDto>();
 
         var events = new EventCollector<BoardPresenceSnapshot>();
@@ -412,13 +418,13 @@ public async Task SameUser_TwoConnections_DisconnectOne_ShouldNotRemovePresence(
         await conn1.InvokeAsync("JoinBoard", board.Id);
         await SignalRTestHelper.WaitForEventsAsync(events1, 1);
 
-        var conn2 = SignalRTestHelper.CreateBoardsHubConnection(_factory, user.Token);
+        await using var conn2 = SignalRTestHelper.CreateBoardsHubConnection(_factory, user.Token);
         conn2.On<BoardPresenceSnapshot>("boardPresence", _ => { });
         await conn2.StartAsync();
         await conn2.InvokeAsync("JoinBoard", board.Id);
         await SignalRTestHelper.WaitForEventsAsync(events1, 2);
 
-        // Disconnect conn2
+        // Disconnect conn2 (DisposeAsync is idempotent; await using provides safety net)
         events1.Clear();
         await conn2.DisposeAsync();
 

backend/tests/Taskdeck.Api.Tests/Support/SignalRTestHelper.cs

@@ -42,13 +42,21 @@ public static async Task<IReadOnlyList<T>> WaitForEventsAsync<T>(
         int expectedCount,
         TimeSpan? timeout = null)
     {
-        var deadline = DateTime.UtcNow + (timeout ?? TimeSpan.FromSeconds(5));
-        while (collector.Count < expectedCount && DateTime.UtcNow < deadline)
+        var effectiveTimeout = timeout ?? TimeSpan.FromSeconds(5);
+        var deadline = DateTimeOffset.UtcNow + effectiveTimeout;
+        while (collector.Count < expectedCount && DateTimeOffset.UtcNow < deadline)
         {
             await Task.Delay(50);
         }
 
-        return collector.ToList();
+        var result = collector.ToList();
+        if (result.Count < expectedCount)
+        {
+            throw new TimeoutException(
+                $"Expected {expectedCount} event(s) but received {result.Count} within {effectiveTimeout.TotalSeconds}s.");
+        }
+
+        return result;
     }
 }