- Add proxy-body-size annotation to allow unlimited uploads via nginx
- Add requires_direct_s3 marker for tests needing direct MinIO access
- Exclude requires_direct_s3 tests from CI (can't access MinIO from outside K8s)
- Add auto-migration for tag ref_count triggers to ensure they exist
- Add auth_client fixture (function-scoped) for authentication tests
- Update all tests in test_auth_api.py to use auth_client
- Prevents auth tests from polluting the shared integration_client session
- Each auth test gets a fresh client, avoiding state leakage
- Add auth_intensive marker for tests that make many login requests
- Mark all tests in test_auth_api.py with auth_intensive
- Exclude auth_intensive tests from CI integration runs against deployed
environments (they trigger 429 rate limiting)
- Remove duplicate TestSecurityEdgeCases class definition
- Register auth_intensive, integration, large, slow markers in conftest.py
- Make integration_client fixture session-scoped (single login per test run)
- Add configurable credentials via ORCHARD_TEST_USERNAME/PASSWORD env vars
- Fail fast with clear error message if authentication fails
- Add cookie verification after login
- Remove silent failure mode that hid auth issues
