You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Who was affected: Any API caller providing zip_code but not three_digit_zip_code for an LA County household got aca_ptc = 0 instead of the correct value (~$5,055 for Paul's test case)
Production household API: Still on v1.587.1 (the last working version). The weekly update bot created PRs to bump to broken versions (OR integration test #1433–Texas TANF #1442) but none were merged. Production users were NOT affected.
Local/pip users: Anyone installing policyengine-us >= 1.588 from pip (like Amplifi) got the broken behavior.
Root cause
PR #7695 correctly identified that ZIP_CODE_DATASET was dead infrastructure (loaded from a file that never existed). The cleanup removed the zip_code formula (which did depend on the dataset) and the three_digit_zip_code formula (which did NOT — it was pure arithmetic: zip_code // 100).
The three_digit_zip_code formula got swept up because it lived in the same zip_code/ directory, and the PR treated both formulas as equivalent. The commit message says it "removes formulas from zip_code and three_digit_zip_code (kept as input-only variables)."
Why review didn't catch it
Pavel's review (generated by Claude Code agents) was thorough — it validated:
Dead code removal was complete with no dangling references
New guard logic in slcsp_age_0 and slcsp_rating_area_la_county was correct
Test coverage for new guard paths
Cosmetic issues
But it never questioned whether three_digit_zip_code's formula should have been removed. The review validated the implementation without challenging the scope.
The review's S2 finding was inches away from catching it — it analyzed what happens when three_digit_zip_code is empty — but didn't connect the dots: removing the formula is what makes it empty for normal API users.
Why tests didn't catch it
All 132 ACA YAML tests pass because they provide slcsp or intermediate values directly
The 17 Medicaid tests provide three_digit_zip_code as direct input
No test exercised the full derivation chain: zip_code → three_digit_zip_code → slcsp_rating_area_la_county → slcsp → aca_ptc
How we fixed it (TDD)
Wrote 3 failing tests:
90019 → "900" (unit test)
01234 → "012" (leading zero, unit test)
LA County zip 90019 with eligible individual → nonzero aca_ptc (integration test)
Confirmed all 3 fail on the current codebase
Restored the formula (with a minor improvement: // 100 instead of // 1e2 to avoid unnecessary float promotion)
BEFORE DELETING ANY CODE, VERIFY IT IS ACTUALLY UNUSED
Grep for all callers
Code that lives near dead code is not necessarily dead — verify each piece independently
Existing tests may bypass the code being removed — passing tests ≠ safe to delete
Added to policyengine-claude review patterns skill:
Code Removal / Cleanup PRs — Deletions are the highest-risk changes to review
Verify each deletion independently
Grep for downstream callers
Existing tests may not protect you
Question scope, not just correctness
General lessons
Proximity ≠ dependency — code co-located with dead code is not necessarily dead. Verify each piece independently.
Passing tests ≠ safe to delete — tests that provide intermediate values as direct input bypass derivation logic entirely.
Review scope, not just correctness — "Is the cleanup done correctly?" is the wrong question. "Does each removed piece actually belong in scope?" is the right one.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Postmortem:
three_digit_zip_codeformula removal breaks ACA PTC (PR #7695)Timeline
ZIP_CODE_DATASETinfrastructurethree_digit_zip_codeformula removed as collateral damageImpact
zip_codebut notthree_digit_zip_codefor an LA County household gotaca_ptc = 0instead of the correct value (~$5,055 for Paul's test case)Root cause
PR #7695 correctly identified that
ZIP_CODE_DATASETwas dead infrastructure (loaded from a file that never existed). The cleanup removed thezip_codeformula (which did depend on the dataset) and thethree_digit_zip_codeformula (which did NOT — it was pure arithmetic:zip_code // 100).The
three_digit_zip_codeformula got swept up because it lived in the samezip_code/directory, and the PR treated both formulas as equivalent. The commit message says it "removes formulas from zip_code and three_digit_zip_code (kept as input-only variables)."Why review didn't catch it
Pavel's review (generated by Claude Code agents) was thorough — it validated:
slcsp_age_0andslcsp_rating_area_la_countywas correctBut it never questioned whether
three_digit_zip_code's formula should have been removed. The review validated the implementation without challenging the scope.The review's S2 finding was inches away from catching it — it analyzed what happens when
three_digit_zip_codeis empty — but didn't connect the dots: removing the formula is what makes it empty for normal API users.Why tests didn't catch it
slcspor intermediate values directlythree_digit_zip_codeas direct inputzip_code→three_digit_zip_code→slcsp_rating_area_la_county→slcsp→aca_ptcHow we fixed it (TDD)
90019→"900"(unit test)01234→"012"(leading zero, unit test)aca_ptc(integration test)// 100instead of// 1e2to avoid unnecessary float promotion)PR: #7774
Systemic fixes
Added to
CLAUDE.md:Added to policyengine-claude review patterns skill:
General lessons
Beta Was this translation helpful? Give feedback.
All reactions