fix(platform): isolate health check HTTP pool from API client to prevent response cross-contamination

The authenticated health check previously shared the same ApiClient and urllib3
PoolManager as production API calls (e.g. Client().me()). Under xdist parallel
test execution, a health check response body could leak into a subsequent /me
request via the shared connection pool, causing MeReadResponse validation failures.

Fix: use the dedicated Service._http_pool (same as public health check) with a
Bearer token header, and reset Client._api_client_cached between tests.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: olivermeyer

src/aignostics/platform/_service.py

@@ -222,21 +222,27 @@ def _determine_api_public_health(self) -> Health:
         return Health(status=Health.Code.UP)
 
     def _determine_api_authenticated_health(self) -> Health:
-        """Determine healthiness and reachability of Aignostics Platform API via authenticated API client.
+        """Determine healthiness and reachability of Aignostics Platform API via authenticated request.
 
-        - Checks if health endpoint is reachable and returns 200 OK
+        Uses a dedicated HTTP pool (separate from the API client's connection pool) to prevent
+        connection-level cross-contamination between health checks and API calls.
 
         Returns:
-            Health: The healthiness of the Aignostics Platform API when trying to reach via authenticated API client.
+            Health: The healthiness of the Aignostics Platform API when trying to reach via authenticated request.
         """
         try:
-            api_client = Client.get_api_client(cache_token=True).api_client
-            response = api_client.call_api(
-                url=self._settings.api_root + "/api/v1/health",
+            token = get_token(use_cache=True)
+            http = self._get_http_pool()
+            response = http.request(
                 method="GET",
-                header_params={"User-Agent": user_agent()},
-                _request_timeout=self._settings.health_timeout,
+                url=f"{self._settings.api_root}/health",
+                headers={
+                    "User-Agent": user_agent(),
+                    "Authorization": f"Bearer {token}",
+                },
+                timeout=urllib3.Timeout(total=self._settings.health_timeout),
             )
+
             if response.status != HTTPStatus.OK:
                 logger.error("Aignostics Platform API (authenticated) returned '{}'", response.status)
                 return Health(status=Health.Code.DOWN, reason=f"Aignostics Platform API returned '{response.status}'")

tests/aignostics/platform/conftest.py

@@ -7,6 +7,7 @@
 
 from aignostics.platform._client import Client
 from aignostics.platform._operation_cache import _operation_cache
+from aignostics.platform._service import Service
 
 
 @pytest.fixture
@@ -54,12 +55,21 @@ def mock_api_client() -> MagicMock:
 
 
 @pytest.fixture(autouse=True)
-def clear_cache() -> None:
-    """Clear the operation cache before each test.
+def clear_cache() -> t.Generator[None, None, None]:
+    """Clear the operation cache and API client singletons before and after each test.
 
-    This ensures tests don't interfere with each other through shared cache state.
+    This ensures tests don't interfere with each other through shared cache state
+    or shared urllib3 connection pools (which could cause response cross-contamination).
     """
     _operation_cache.clear()
+    Client._api_client_cached = None
+    Client._api_client_uncached = None
+    Service._http_pool = None
+    yield
+    _operation_cache.clear()
+    Client._api_client_cached = None
+    Client._api_client_uncached = None
+    Service._http_pool = None
 
 
 @pytest.fixture

tests/aignostics/platform/service_test.py

@@ -1,10 +1,14 @@
 """Tests for the platform service module."""
 
-from unittest.mock import MagicMock
+from http import HTTPStatus
+from unittest.mock import MagicMock, patch
 
 import pytest
 
 from aignostics.platform._service import Service, UserInfo
+from aignostics.utils import Health
+
+_PATCH_AUTH_GETTER = "aignostics.platform._service.get_token"
 
 
 @pytest.mark.unit
@@ -42,6 +46,117 @@ def test_http_pool_singleton() -> None:
     assert pool_from_service1 is pool_from_service2, "Service instances should share the same HTTP pool"
 
 
+@pytest.mark.unit
+def test_determine_api_authenticated_health_success() -> None:
+    """Health.UP returned when the dedicated pool responds 200 with auth token."""
+    mock_response = MagicMock()
+    mock_response.status = HTTPStatus.OK
+
+    mock_pool = MagicMock()
+    mock_pool.request.return_value = mock_response
+
+    with (
+        patch.object(Service, "_get_http_pool", return_value=mock_pool),
+        patch(_PATCH_AUTH_GETTER, return_value="test-token"),
+    ):
+        result = Service()._determine_api_authenticated_health()
+
+    assert result.status == Health.Code.UP
+
+
+@pytest.mark.unit
+def test_determine_api_authenticated_health_non_200() -> None:
+    """Health.DOWN returned when the dedicated pool responds with non-200."""
+    mock_response = MagicMock()
+    mock_response.status = HTTPStatus.SERVICE_UNAVAILABLE
+
+    mock_pool = MagicMock()
+    mock_pool.request.return_value = mock_response
+
+    with (
+        patch.object(Service, "_get_http_pool", return_value=mock_pool),
+        patch(_PATCH_AUTH_GETTER, return_value="test-token"),
+    ):
+        result = Service()._determine_api_authenticated_health()
+
+    assert result.status == Health.Code.DOWN
+    assert result.reason is not None
+
+
+@pytest.mark.unit
+def test_determine_api_authenticated_health_handles_exception() -> None:
+    """Health.DOWN with reason when get_token raises."""
+    with patch(_PATCH_AUTH_GETTER, side_effect=RuntimeError("no auth")):
+        result = Service()._determine_api_authenticated_health()
+
+    assert result.status == Health.Code.DOWN
+    assert result.reason is not None
+
+
+@pytest.mark.unit
+def test_determine_api_public_health_success() -> None:
+    """Health.UP returned when the public pool responds 200."""
+    mock_response = MagicMock()
+    mock_response.status = HTTPStatus.OK
+
+    mock_pool = MagicMock()
+    mock_pool.request.return_value = mock_response
+
+    with patch.object(Service, "_get_http_pool", return_value=mock_pool):
+        result = Service()._determine_api_public_health()
+
+    assert result.status == Health.Code.UP
+
+
+@pytest.mark.unit
+def test_determine_api_public_health_non_200() -> None:
+    """Health.DOWN returned when the public pool responds with non-200."""
+    mock_response = MagicMock()
+    mock_response.status = HTTPStatus.SERVICE_UNAVAILABLE
+
+    mock_pool = MagicMock()
+    mock_pool.request.return_value = mock_response
+
+    with patch.object(Service, "_get_http_pool", return_value=mock_pool):
+        result = Service()._determine_api_public_health()
+
+    assert result.status == Health.Code.DOWN
+    assert result.reason is not None
+
+
+@pytest.mark.unit
+def test_determine_api_public_health_handles_exception() -> None:
+    """Health.DOWN returned when the public pool raises."""
+    mock_pool = MagicMock()
+    mock_pool.request.side_effect = ConnectionError("unreachable")
+
+    with patch.object(Service, "_get_http_pool", return_value=mock_pool):
+        result = Service()._determine_api_public_health()
+
+    assert result.status == Health.Code.DOWN
+    assert result.reason is not None
+
+
+@pytest.mark.unit
+def test_health_returns_both_components() -> None:
+    """health() aggregates api_public and api_authenticated component keys."""
+    public_health = Health(status=Health.Code.UP)
+    auth_health = Health(status=Health.Code.UP)
+
+    service = Service()
+    with (
+        patch.object(service, "_determine_api_public_health", return_value=public_health),
+        patch.object(service, "_determine_api_authenticated_health", return_value=auth_health),
+    ):
+        result = service.health()
+
+    assert result.components is not None
+    assert "api_public" in result.components
+    assert "api_authenticated" in result.components
+    assert result.components["api_public"] is public_health
+    assert result.components["api_authenticated"] is auth_health
+
+
 @pytest.mark.unit
 @pytest.mark.parametrize(
     ("organization_name", "is_internal"),