Salastil/odysseus
1
0
Fork 0
mirror of https://github.com/pewdiepie-archdaemon/odysseus.git synced 2026-06-28 07:35:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/dev' into feat/llm-self-eval

Browse Source
This commit is contained in:
GeekLuffy
2026-06-24 13:07:10 +05:30
parent 8fa10f9866 5ce2056521
commit 413e628a30
332 changed files with 30741 additions and 5444 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/LAYOUT_INVENTORY.md
+9 -9
View File
@@ -119,7 +119,7 @@ Read-only checks, run from the repo root on this branch. Note the real API is
```bash
# Compute the area_cli set and confirm test_backup_cli_security.py is
# area_security. Expected: 28 files, then "security".
.venv/bin/python - <<'PY'
./venv/bin/python - <<'PY'
from pathlib import Path
from tests._taxonomy import classify_test_path
@@ -138,7 +138,7 @@ rg -n "TestClient|FastAPI|create_app|SessionLocal|sqlite|dependency_overrides" \
tests/test_*cli*.py tests/test_sessions_cli.py
# Hard-coded flat paths to the exact CLI files outside tests/. Expected: no matches.
.venv/bin/python - <<'PY2' > /tmp/area_cli_paths.txt
./venv/bin/python - <<'PY2' > /tmp/area_cli_paths.txt
from pathlib import Path
from tests._taxonomy import classify_test_path
@@ -158,26 +158,26 @@ tokens only (plus the `tests/helpers/` directory rule), so the markers of the
## Validation for the future move PR
Run with the project venv (`.venv/bin/python`); system `python3` may miss
Run with the project venv (`./venv/bin/python`); system `python3` may miss
pinned deps. Before the move, record the baseline; after, compare:
```bash
# Selection must match the 28 files before and after the move.
.venv/bin/python tests/run_focus.py --dry-run --area cli
.venv/bin/python -m pytest -m area_cli -q
./venv/bin/python tests/run_focus.py --dry-run --area cli
./venv/bin/python -m pytest -m area_cli -q
# Moved files pass when targeted directly.
.venv/bin/python -m pytest tests/cli/ -q
./venv/bin/python -m pytest tests/cli/ -q
# Whole-suite collection still succeeds (catches import/path breakage).
.venv/bin/python -m pytest --collect-only -q
./venv/bin/python -m pytest --collect-only -q
# Taxonomy/runner infrastructure is unaffected.
.venv/bin/python -m pytest tests/test_taxonomy.py tests/test_run_focus.py -q
./venv/bin/python -m pytest tests/test_taxonomy.py tests/test_run_focus.py -q
# No stale flat-path references to the moved files. Expected: no matches
# outside tests/cli/ itself.
.venv/bin/python - <<'PY2' > /tmp/area_cli_paths.txt
./venv/bin/python - <<'PY2' > /tmp/area_cli_paths.txt
from pathlib import Path
from tests._taxonomy import classify_test_path
tests/OVERSIZED_TEST_SPLIT_PLAN.md
+326
View File
@@ -0,0 +1,326 @@
# Oversized Test File Split Plan
## Purpose
This document plans future oversized test-file splits using current repo data.
It does not move files, rewrite assertions, extract helpers, or change CI.
## Roadmap context
- Issue: #3983
- Parent tracker: #2523
- Follows #3973 / #3982, the report-only order-sensitivity diagnostics slice.
## Methodology
Metrics were generated from the current test tree using:
- physical line counts for every recursive `test_*.py` file under `tests/`;
- AST counts for `test_*` functions and `Test*` classes;
- one `pytest --collect-only -q tests` run to count collected items per file;
- current taxonomy classification from `tests._taxonomy.classify_test_path`; and
- static setup-signal scans for route/API, DB/session, import-state, security, filesystem, subprocess/script, async/threading, and UI/static indicators.
Static signals are not proof of risk. They are review prompts.
Future split PRs must still inspect each file manually before editing.
## Current summary
- test files scanned: 583
- collected pytest items counted: 3586
- large-file threshold: 300 lines
- large-collected threshold: 20 collected items
Area distribution:
| Value | Files |
|---|---:|
| cli | 28 |
| helpers | 1 |
| js | 39 |
| routes | 23 |
| security | 77 |
| services | 144 |
| uncategorized | 234 |
| unit | 37 |
Sub-area distribution:
| Value | Files |
|---|---:|
| api | 6 |
| atomic | 3 |
| auth | 9 |
| calendar | 10 |
| cli | 28 |
| confinement | 7 |
| cookbook | 13 |
| document | 11 |
| email | 12 |
| embedding | 3 |
| gallery | 5 |
| history | 3 |
| js | 39 |
| llm | 16 |
| mcp | 8 |
| memory | 15 |
| nondict | 7 |
| nonstring | 22 |
| owner | 14 |
| owner_scope | 23 |
| parse | 4 |
| provider | 6 |
| research | 16 |
| route | 6 |
| routes | 9 |
| scheduler | 3 |
| scope | 5 |
| security | 9 |
| session | 16 |
| ssrf | 3 |
| webhook | 3 |
| xss | 5 |
Values below 2 files: 244 values covering 244 files.
## Top files by collected pytest items
| File | Lines | Collected tests | Test defs | Test classes | Area | Sub-area | Signals |
|---|---:|---:|---:|---:|---|---|---|
| `tests/test_model_routes.py` | 1778 | 139 | 116 | 10 | routes | routes | route/api, db/session, import-state, async/threading |
| `tests/test_security_regressions.py` | 1224 | 92 | 68 | 0 | security | security | route/api, db/session, import-state, security, filesystem, async/threading, ui/static |
| `tests/test_provider_classification.py` | 188 | 67 | 21 | 4 | services | provider | - |
| `tests/test_cookbook_helpers.py` | 912 | 65 | 65 | 0 | services | cookbook | route/api, filesystem, subprocess/script, async/threading, ui/static |
| `tests/test_shell_routes.py` | 481 | 63 | 48 | 8 | routes | routes | route/api, import-state, filesystem |
| `tests/test_pr_blocker_audit.py` | 964 | 58 | 58 | 0 | uncategorized | pr_blocker_audit | import-state, security, filesystem |
| `tests/test_provider_endpoints.py` | 241 | 58 | 18 | 1 | services | provider | subprocess/script |
| `tests/test_agent_loop.py` | 469 | 52 | 52 | 5 | uncategorized | agent_loop | db/session, import-state |
| `tests/test_service_health.py` | 472 | 47 | 42 | 0 | uncategorized | service_health | async/threading |
| `tests/test_run_focus.py` | 399 | 47 | 44 | 0 | uncategorized | run_focus | security, filesystem, subprocess/script, ui/static |
| `tests/test_llm_core_temperature.py` | 196 | 41 | 17 | 0 | services | llm | - |
| `tests/test_endpoint_probing.py` | 411 | 34 | 30 | 6 | uncategorized | endpoint_probing | route/api, db/session, import-state |
| `tests/test_llm_core_anthropic_temp_omit.py` | 94 | 32 | 6 | 0 | services | llm | db/session |
| `tests/test_chat_helpers.py` | 264 | 31 | 18 | 0 | uncategorized | chat_helpers | route/api |
| `tests/test_provider_detection.py` | 148 | 31 | 31 | 5 | services | provider | - |
| `tests/test_model_context.py` | 251 | 30 | 30 | 4 | uncategorized | model_context | db/session, import-state |
| `tests/test_endpoint_resolver.py` | 148 | 30 | 30 | 6 | uncategorized | endpoint_resolver | - |
| `tests/test_embedding_lanes.py` | 1104 | 29 | 29 | 0 | services | embedding | filesystem |
| `tests/test_upload_limits_centralized.py` | 110 | 29 | 5 | 0 | uncategorized | upload_limits_centralized | import-state, filesystem |
| `tests/test_email_oauth.py` | 580 | 28 | 25 | 0 | services | email | route/api, db/session, security, async/threading |
| `tests/test_review_regressions.py` | 930 | 26 | 26 | 0 | uncategorized | review_regressions | route/api, db/session, import-state, filesystem, async/threading |
| `tests/test_rename_user_owner_sync.py` | 686 | 26 | 26 | 0 | security | owner | route/api, db/session, import-state, filesystem, async/threading |
| `tests/test_helpers_import_state.py` | 426 | 26 | 26 | 0 | helpers | helpers | route/api, db/session, import-state |
| `tests/test_taxonomy.py` | 145 | 26 | 16 | 0 | uncategorized | taxonomy | security, ui/static |
| `tests/test_tool_path_confinement.py` | 282 | 24 | 24 | 0 | security | confinement | import-state, filesystem, async/threading |
| `tests/test_copilot.py` | 170 | 23 | 16 | 0 | uncategorized | copilot | - |
| `tests/test_research_utils.py` | 97 | 23 | 23 | 2 | services | research | - |
| `tests/test_api_chat_security.py` | 401 | 22 | 8 | 0 | security | security | route/api, db/session, import-state, filesystem, async/threading |
| `tests/test_tool_support_heuristic.py` | 166 | 22 | 22 | 3 | uncategorized | tool_support_heuristic | - |
| `tests/test_platform_compat.py` | 318 | 21 | 21 | 0 | uncategorized | platform_compat | import-state, filesystem, subprocess/script |
## Top files by physical line count
| File | Lines | Collected tests | Test defs | Test classes | Area | Sub-area | Signals |
|---|---:|---:|---:|---:|---|---|---|
| `tests/test_model_routes.py` | 1778 | 139 | 116 | 10 | routes | routes | route/api, db/session, import-state, async/threading |
| `tests/test_security_regressions.py` | 1224 | 92 | 68 | 0 | security | security | route/api, db/session, import-state, security, filesystem, async/threading, ui/static |
| `tests/test_embedding_lanes.py` | 1104 | 29 | 29 | 0 | services | embedding | filesystem |
| `tests/test_pr_blocker_audit.py` | 964 | 58 | 58 | 0 | uncategorized | pr_blocker_audit | import-state, security, filesystem |
| `tests/test_review_regressions.py` | 930 | 26 | 26 | 0 | uncategorized | review_regressions | route/api, db/session, import-state, filesystem, async/threading |
| `tests/test_cookbook_helpers.py` | 912 | 65 | 65 | 0 | services | cookbook | route/api, filesystem, subprocess/script, async/threading, ui/static |
| `tests/test_rename_user_owner_sync.py` | 686 | 26 | 26 | 0 | security | owner | route/api, db/session, import-state, filesystem, async/threading |
| `tests/test_email_oauth.py` | 580 | 28 | 25 | 0 | services | email | route/api, db/session, security, async/threading |
| `tests/test_api_token_routes.py` | 578 | 17 | 17 | 0 | routes | api_routes | route/api, db/session, import-state, async/threading |
| `tests/test_shell_routes.py` | 481 | 63 | 48 | 8 | routes | routes | route/api, import-state, filesystem |
| `tests/test_email_owner_scope.py` | 474 | 9 | 9 | 0 | security | owner_scope | route/api, db/session, filesystem, async/threading |
| `tests/test_service_health.py` | 472 | 47 | 42 | 0 | uncategorized | service_health | async/threading |
| `tests/test_agent_loop.py` | 469 | 52 | 52 | 5 | uncategorized | agent_loop | db/session, import-state |
| `tests/test_kv_cache_invalidation_2927.py` | 463 | 8 | 8 | 0 | uncategorized | kv_cache_invalidation_2927 | route/api, db/session, import-state, async/threading |
| `tests/test_helpers_import_state.py` | 426 | 26 | 26 | 0 | helpers | helpers | route/api, db/session, import-state |
| `tests/test_endpoint_owner_scope_followup.py` | 414 | 11 | 11 | 0 | security | owner_scope | route/api, db/session, filesystem |
| `tests/test_endpoint_probing.py` | 411 | 34 | 30 | 6 | uncategorized | endpoint_probing | route/api, db/session, import-state |
| `tests/test_imap_leak_fixes.py` | 404 | 15 | 15 | 0 | uncategorized | imap_leak_fixes | route/api, db/session, security, filesystem |
| `tests/test_companion_readonly.py` | 402 | 17 | 17 | 0 | uncategorized | companion_readonly | db/session, import-state |
| `tests/test_api_chat_security.py` | 401 | 22 | 8 | 0 | security | security | route/api, db/session, import-state, filesystem, async/threading |
| `tests/test_upload_handler_atomicity.py` | 401 | 9 | 9 | 0 | uncategorized | upload_handler_atomicity | filesystem, async/threading |
| `tests/test_run_focus.py` | 399 | 47 | 44 | 0 | uncategorized | run_focus | security, filesystem, subprocess/script, ui/static |
| `tests/test_auth_regressions.py` | 375 | 15 | 15 | 0 | security | auth | route/api, db/session, import-state, async/threading |
| `tests/test_calendar_owner_scope.py` | 345 | 7 | 7 | 0 | security | owner_scope | route/api, db/session, import-state, filesystem, async/threading, ui/static |
| `tests/test_null_owner_gates.py` | 342 | 20 | 20 | 0 | security | owner | route/api, db/session, import-state |
| `tests/test_agent_migration_manifest.py` | 340 | 15 | 15 | 0 | uncategorized | agent_migration_manifest | import-state, filesystem |
| `tests/test_calendar_recurrence.py` | 338 | 19 | 19 | 0 | services | calendar | - |
| `tests/test_tool_policy.py` | 330 | 13 | 13 | 0 | uncategorized | tool_policy | import-state, async/threading |
| `tests/test_workspace_confine.py` | 328 | 18 | 18 | 0 | uncategorized | workspace_confine | route/api, filesystem, subprocess/script, async/threading |
| `tests/test_diffusion_server_security.py` | 325 | 14 | 14 | 0 | security | security | route/api, import-state, security, filesystem, async/threading, ui/static |
## Split planning candidates
This section is generated from metrics, not from manual judgement.
Files are included when they meet at least one threshold:
- at least 300 physical lines; or
- at least 20 collected pytest items.
These are planning candidates only. A later split PR still needs a focused manual review of each file before moving tests.
| File | Why included | Setup/risk signals | Suggested handling |
|---|---|---|---|
| `tests/test_model_routes.py` | 1778 lines, 139 collected tests | route/api, db/session, import-state, async/threading | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_security_regressions.py` | 1224 lines, 92 collected tests | route/api, db/session, import-state, security, filesystem, async/threading, ui/static | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_provider_classification.py` | 67 collected tests | No obvious setup signals from static scan. | Good first manual-review candidate if test themes are cohesive. |
| `tests/test_cookbook_helpers.py` | 912 lines, 65 collected tests | route/api, filesystem, subprocess/script, async/threading, ui/static | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_shell_routes.py` | 481 lines, 63 collected tests | route/api, import-state, filesystem | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_pr_blocker_audit.py` | 964 lines, 58 collected tests | import-state, security, filesystem | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_provider_endpoints.py` | 58 collected tests | subprocess/script | Good first manual-review candidate if test themes are cohesive. |
| `tests/test_agent_loop.py` | 469 lines, 52 collected tests | db/session, import-state | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_service_health.py` | 472 lines, 47 collected tests | async/threading | Good first manual-review candidate if test themes are cohesive. |
| `tests/test_run_focus.py` | 399 lines, 47 collected tests | security, filesystem, subprocess/script, ui/static | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_llm_core_temperature.py` | 41 collected tests | No obvious setup signals from static scan. | Good first manual-review candidate if test themes are cohesive. |
| `tests/test_endpoint_probing.py` | 411 lines, 34 collected tests | route/api, db/session, import-state | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_llm_core_anthropic_temp_omit.py` | 32 collected tests | db/session | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_chat_helpers.py` | 31 collected tests | route/api | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_provider_detection.py` | 31 collected tests | No obvious setup signals from static scan. | Good first manual-review candidate if test themes are cohesive. |
| `tests/test_model_context.py` | 30 collected tests | db/session, import-state | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_endpoint_resolver.py` | 30 collected tests | No obvious setup signals from static scan. | Good first manual-review candidate if test themes are cohesive. |
| `tests/test_embedding_lanes.py` | 1104 lines, 29 collected tests | filesystem | Good first manual-review candidate if test themes are cohesive. |
| `tests/test_upload_limits_centralized.py` | 29 collected tests | import-state, filesystem | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_email_oauth.py` | 580 lines, 28 collected tests | route/api, db/session, security, async/threading | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_review_regressions.py` | 930 lines, 26 collected tests | route/api, db/session, import-state, filesystem, async/threading | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_rename_user_owner_sync.py` | 686 lines, 26 collected tests | route/api, db/session, import-state, filesystem, async/threading | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_helpers_import_state.py` | 426 lines, 26 collected tests | route/api, db/session, import-state | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_taxonomy.py` | 26 collected tests | security, ui/static | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_tool_path_confinement.py` | 24 collected tests | import-state, filesystem, async/threading | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_copilot.py` | 23 collected tests | No obvious setup signals from static scan. | Good first manual-review candidate if test themes are cohesive. |
| `tests/test_research_utils.py` | 23 collected tests | No obvious setup signals from static scan. | Good first manual-review candidate if test themes are cohesive. |
| `tests/test_api_chat_security.py` | 401 lines, 22 collected tests | route/api, db/session, import-state, filesystem, async/threading | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_tool_support_heuristic.py` | 22 collected tests | No obvious setup signals from static scan. | Good first manual-review candidate if test themes are cohesive. |
| `tests/test_platform_compat.py` | 318 lines, 21 collected tests | import-state, filesystem, subprocess/script | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_context_compactor.py` | 21 collected tests | db/session, import-state, async/threading | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_prompt_security.py` | 21 collected tests | No obvious setup signals from static scan. | Good first manual-review candidate if test themes are cohesive. |
| `tests/test_null_owner_gates.py` | 342 lines, 20 collected tests | route/api, db/session, import-state | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_youtube_handler_consolidation.py` | 20 collected tests | route/api, import-state | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_calendar_recurrence.py` | 338 lines | No obvious setup signals from static scan. | Plan split boundaries before editing. |
| `tests/test_workspace_confine.py` | 328 lines | route/api, filesystem, subprocess/script, async/threading | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_api_token_routes.py` | 578 lines | route/api, db/session, import-state, async/threading | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_companion_readonly.py` | 402 lines | db/session, import-state | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_set_admin.py` | 317 lines | route/api, import-state, filesystem, async/threading | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_imap_leak_fixes.py` | 404 lines | route/api, db/session, security, filesystem | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_auth_regressions.py` | 375 lines | route/api, db/session, import-state, async/threading | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_agent_migration_manifest.py` | 340 lines | import-state, filesystem | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_diffusion_server_security.py` | 325 lines | route/api, import-state, security, filesystem, async/threading, ui/static | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_tool_policy.py` | 330 lines | import-state, async/threading | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_endpoint_owner_scope_followup.py` | 414 lines | route/api, db/session, filesystem | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_upload_routes_owner_scope.py` | 315 lines | route/api, filesystem, async/threading | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_email_owner_scope.py` | 474 lines | route/api, db/session, filesystem, async/threading | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_upload_handler_atomicity.py` | 401 lines | filesystem, async/threading | Plan split boundaries before editing. |
| `tests/test_kv_cache_invalidation_2927.py` | 463 lines | route/api, db/session, import-state, async/threading | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_calendar_owner_scope.py` | 345 lines | route/api, db/session, import-state, filesystem, async/threading, ui/static | Defer mechanical split until setup/risk boundaries are mapped. |
| `tests/test_skills_manager_owner_isolation.py` | 306 lines | import-state, filesystem | Defer mechanical split until setup/risk boundaries are mapped. |
## Taxonomy coverage gaps among split candidates
`uncategorized` is a current taxonomy area, not a builder failure.
This plan does not reclassify tests because taxonomy changes should be reviewed separately from oversized-file split planning.
Before using any of these files as a split target, first decide whether the taxonomy should be refined in a separate focused issue/PR.
| File | Lines | Collected tests | Sub-area | Signals | Suggested follow-up |
|---|---:|---:|---|---|---|
| `tests/test_pr_blocker_audit.py` | 964 | 58 | pr_blocker_audit | import-state, security, filesystem | Review taxonomy and setup/risk boundaries before any split. |
| `tests/test_agent_loop.py` | 469 | 52 | agent_loop | db/session, import-state | Review taxonomy and setup/risk boundaries before any split. |
| `tests/test_service_health.py` | 472 | 47 | service_health | async/threading | Review taxonomy mapping before using as a split target. |
| `tests/test_run_focus.py` | 399 | 47 | run_focus | security, filesystem, subprocess/script, ui/static | Review taxonomy and setup/risk boundaries before any split. |
| `tests/test_endpoint_probing.py` | 411 | 34 | endpoint_probing | route/api, db/session, import-state | Review taxonomy and setup/risk boundaries before any split. |
| `tests/test_chat_helpers.py` | 264 | 31 | chat_helpers | route/api | Review taxonomy and setup/risk boundaries before any split. |
| `tests/test_model_context.py` | 251 | 30 | model_context | db/session, import-state | Review taxonomy and setup/risk boundaries before any split. |
| `tests/test_endpoint_resolver.py` | 148 | 30 | endpoint_resolver | - | Review taxonomy mapping before using as a split target. |
| `tests/test_upload_limits_centralized.py` | 110 | 29 | upload_limits_centralized | import-state, filesystem | Review taxonomy and setup/risk boundaries before any split. |
| `tests/test_review_regressions.py` | 930 | 26 | review_regressions | route/api, db/session, import-state, filesystem, async/threading | Review taxonomy and setup/risk boundaries before any split. |
| `tests/test_taxonomy.py` | 145 | 26 | taxonomy | security, ui/static | Review taxonomy and setup/risk boundaries before any split. |
| `tests/test_copilot.py` | 170 | 23 | copilot | - | Review taxonomy mapping before using as a split target. |
| `tests/test_tool_support_heuristic.py` | 166 | 22 | tool_support_heuristic | - | Review taxonomy mapping before using as a split target. |
| `tests/test_platform_compat.py` | 318 | 21 | platform_compat | import-state, filesystem, subprocess/script | Review taxonomy and setup/risk boundaries before any split. |
| `tests/test_context_compactor.py` | 233 | 21 | context_compactor | db/session, import-state, async/threading | Review taxonomy and setup/risk boundaries before any split. |
| `tests/test_youtube_handler_consolidation.py` | 104 | 20 | youtube_handler_consolidation | route/api, import-state | Review taxonomy and setup/risk boundaries before any split. |
| `tests/test_workspace_confine.py` | 328 | 18 | workspace_confine | route/api, filesystem, subprocess/script, async/threading | Review taxonomy and setup/risk boundaries before any split. |
| `tests/test_companion_readonly.py` | 402 | 17 | companion_readonly | db/session, import-state | Review taxonomy and setup/risk boundaries before any split. |
| `tests/test_set_admin.py` | 317 | 17 | set_admin | route/api, import-state, filesystem, async/threading | Review taxonomy and setup/risk boundaries before any split. |
| `tests/test_imap_leak_fixes.py` | 404 | 15 | imap_leak_fixes | route/api, db/session, security, filesystem | Review taxonomy and setup/risk boundaries before any split. |
| `tests/test_agent_migration_manifest.py` | 340 | 15 | agent_migration_manifest | import-state, filesystem | Review taxonomy and setup/risk boundaries before any split. |
| `tests/test_tool_policy.py` | 330 | 13 | tool_policy | import-state, async/threading | Review taxonomy and setup/risk boundaries before any split. |
| `tests/test_upload_handler_atomicity.py` | 401 | 9 | upload_handler_atomicity | filesystem, async/threading | Review taxonomy mapping before using as a split target. |
| `tests/test_kv_cache_invalidation_2927.py` | 463 | 8 | kv_cache_invalidation_2927 | route/api, db/session, import-state, async/threading | Review taxonomy and setup/risk boundaries before any split. |
## Suggested first manual-review candidates
These are not automatic split approvals. They are categorized candidates with enough size/collection value and no route/API, DB/session, import-state, or security signal from the static scan.
Files still in the `uncategorized` taxonomy area are listed separately below so taxonomy review does not get mixed into the first split decision.
| File | Lines | Collected tests | Area | Sub-area | Signals | Why this is a candidate |
|---|---:|---:|---|---|---|---|
| `tests/test_provider_classification.py` | 188 | 67 | services | provider | - | 67 collected tests |
| `tests/test_provider_endpoints.py` | 241 | 58 | services | provider | subprocess/script | 58 collected tests |
| `tests/test_llm_core_temperature.py` | 196 | 41 | services | llm | - | 41 collected tests |
| `tests/test_provider_detection.py` | 148 | 31 | services | provider | - | 31 collected tests |
| `tests/test_embedding_lanes.py` | 1104 | 29 | services | embedding | filesystem | 1104 lines, 29 collected tests |
| `tests/test_research_utils.py` | 97 | 23 | services | research | - | 23 collected tests |
| `tests/test_prompt_security.py` | 203 | 21 | security | security | - | 21 collected tests |
| `tests/test_calendar_recurrence.py` | 338 | 19 | services | calendar | - | 338 lines |
## High-risk candidates to defer first
These files may still be split later, but not as the first implementation slice without a separate manual boundary review.
| File | Lines | Collected tests | High-risk signals |
|---|---:|---:|---|
| `tests/test_model_routes.py` | 1778 | 139 | db/session, import-state, route/api |
| `tests/test_security_regressions.py` | 1224 | 92 | db/session, import-state, route/api, security |
| `tests/test_cookbook_helpers.py` | 912 | 65 | route/api |
| `tests/test_shell_routes.py` | 481 | 63 | import-state, route/api |
| `tests/test_pr_blocker_audit.py` | 964 | 58 | import-state, security |
| `tests/test_agent_loop.py` | 469 | 52 | db/session, import-state |
| `tests/test_run_focus.py` | 399 | 47 | security |
| `tests/test_endpoint_probing.py` | 411 | 34 | db/session, import-state, route/api |
| `tests/test_llm_core_anthropic_temp_omit.py` | 94 | 32 | db/session |
| `tests/test_chat_helpers.py` | 264 | 31 | route/api |
| `tests/test_model_context.py` | 251 | 30 | db/session, import-state |
| `tests/test_upload_limits_centralized.py` | 110 | 29 | import-state |
| `tests/test_email_oauth.py` | 580 | 28 | db/session, route/api, security |
| `tests/test_review_regressions.py` | 930 | 26 | db/session, import-state, route/api |
| `tests/test_rename_user_owner_sync.py` | 686 | 26 | db/session, import-state, route/api |
## Rules for future split PRs
- One file or one coherent file-family per PR.
- No assertion rewrites mixed with file moves.
- No helper extraction mixed with file moves.
- No production code changes.
- No CI workflow changes.
- Preserve existing markers and taxonomy unless the split issue explicitly says otherwise.
- Validate the original file's collected tests before and after the split.
- Validate any neighboring taxonomy/focused-runner behavior if paths change.
- Treat files with route/API, DB/session, import-state, or security signals as higher-risk until manually reviewed.
## Suggested next step
Use this plan to choose the first actual oversized-file split issue.
The first split should prefer a file with high review value and low setup risk.
Do not start a split PR from this planning issue alone if the file's boundaries are still ambiguous.
## Reproduction command
This document was generated with:
```bash
.venv/bin/python tests/tools/build_oversized_test_split_plan.py
```
## Freshness check
After editing the builder or rebasing the branch, regenerate the plan and confirm no unexpected plan drift:
```bash
.venv/bin/python tests/tools/build_oversized_test_split_plan.py
git diff --exit-code -- tests/OVERSIZED_TEST_SPLIT_PLAN.md
```
tests/README.md
+26 -26
View File
@@ -22,8 +22,8 @@ markers only - it moves no files and changes no test behavior. Use them to run a
focused slice:
```bash
python3 -m pytest -m area_security
python3 -m pytest -m "area_services and sub_cookbook"
./venv/bin/python -m pytest -m area_security
./venv/bin/python -m pytest -m "area_services and sub_cookbook"
```
Areas are `security`, `routes`, `services`, `cli`, `js`, `helpers`, `unit`, and
@@ -38,13 +38,13 @@ sub-area names, accepts sub-areas with or without the `sub_` prefix, and passes
extra pytest arguments after `--`:
```bash
python3 tests/run_focus.py --area security
python3 tests/run_focus.py --area services --sub-area cookbook
python3 tests/run_focus.py --sub-area sub_cookbook
python3 tests/run_focus.py --keyword taxonomy
python3 tests/run_focus.py --last-failed
python3 tests/run_focus.py --dry-run --area services --sub-area cookbook
python3 tests/run_focus.py --area services -- --maxfail=1 -q
./venv/bin/python tests/run_focus.py --area security
./venv/bin/python tests/run_focus.py --area services --sub-area cookbook
./venv/bin/python tests/run_focus.py --sub-area sub_cookbook
./venv/bin/python tests/run_focus.py --keyword taxonomy
./venv/bin/python tests/run_focus.py --last-failed
./venv/bin/python tests/run_focus.py --dry-run --area services --sub-area cookbook
./venv/bin/python tests/run_focus.py --area services -- --maxfail=1 -q
```
### Fast lane and duration visibility
@@ -61,15 +61,15 @@ so you can see where time goes. They are reporting only and do not count as a
focus selector, so `--durations` must be combined with a real selector
(`--area`, `--sub-area`, `--keyword`, `--last-failed`, or `--fast`).
Activate or otherwise use the project Python environment before running these
commands. The examples use `python3` intentionally to avoid hard-coding a local
venv path.
Use the project Python environment before running these commands. The examples
use the repo's documented `./venv/bin/python` path so they do not accidentally
fall back to system Python.
```bash
python3 tests/run_focus.py --fast
python3 tests/run_focus.py --area services --fast
python3 tests/run_focus.py --area services --durations 25
python3 tests/run_focus.py --area services --fast --durations 25 --durations-min 0.05
./venv/bin/python tests/run_focus.py --fast
./venv/bin/python tests/run_focus.py --area services --fast
./venv/bin/python tests/run_focus.py --area services --durations 25
./venv/bin/python tests/run_focus.py --area services --fast --durations 25 --durations-min 0.05
```
The `slow` marker is opt-in. Mark a test `slow` only with duration evidence
@@ -79,8 +79,8 @@ replace the full suite before merge. A `slow` mark only excludes a test from the
fast lane; the test stays runnable directly, e.g.:
```bash
python3 -m pytest tests/test_auth_config_lock_concurrency.py
python3 -m pytest -m slow
./venv/bin/python -m pytest tests/test_auth_config_lock_concurrency.py
./venv/bin/python -m pytest -m slow
```
## Order-sensitivity reporting (report-only)
@@ -93,8 +93,8 @@ ordering - the shuffle exists only inside this runner. The seed is always
printed, and pytest targets/options go after a literal `--`:
```bash
python3 tests/run_order_report.py --seed 123 -- tests/cli/ -q
python3 tests/run_order_report.py -- tests/cli/ -q # generates and prints a seed
./venv/bin/python tests/run_order_report.py --seed 123 -- tests/cli/ -q
./venv/bin/python tests/run_order_report.py -- tests/cli/ -q # generates and prints a seed
```
The same seed reproduces the same order when the reported working directory,
@@ -108,7 +108,7 @@ A generated-seed run starts with output like:
[order-report] working directory: /path/to/odysseus
[order-report] shuffling test order with seed 284734921
[order-report] reproduce from this working directory with the same test environment:
[order-report] reproduce with: /path/to/odysseus/.venv/bin/python /path/to/odysseus/tests/run_order_report.py --seed 284734921 -- tests/cli/ -q
[order-report] reproduce with: /path/to/odysseus/venv/bin/python /path/to/odysseus/tests/run_order_report.py --seed 284734921 -- tests/cli/ -q
```
Run the printed command from the reported working directory to reproduce the
@@ -118,7 +118,7 @@ same fixed-seed order:
[order-report] working directory: /path/to/odysseus
[order-report] shuffling test order with seed 284734921
[order-report] reproduce from this working directory with the same test environment:
[order-report] reproduce with: /path/to/odysseus/.venv/bin/python /path/to/odysseus/tests/run_order_report.py --seed 284734921 -- tests/cli/ -q
[order-report] reproduce with: /path/to/odysseus/venv/bin/python /path/to/odysseus/tests/run_order_report.py --seed 284734921 -- tests/cli/ -q
```
Pytest output remains visible between the report header and footer. A failing
@@ -237,10 +237,10 @@ helpers:
Run validation locally before opening or approving a PR. Practical checks:
- `git diff --check` - catch whitespace and conflict-marker errors.
- `python3 -m py_compile <changed files>` - confirm changed files compile.
- Focused `pytest` on the changed test files.
- `pytest` on neighboring or order-sensitive test groups that share import
state with the changed files.
- `./venv/bin/python -m py_compile <changed files>` - confirm changed files compile.
- Focused `./venv/bin/python -m pytest` on the changed test files.
- `./venv/bin/python -m pytest` on neighboring or order-sensitive test groups
that share import state with the changed files.
- `grep` for the old boilerplate when replacing it, to confirm no stragglers
remain.
- A fresh audit worktree when changing the helpers themselves, so stale
tests/TESTING_STANDARD.md
+5 -5
View File
@@ -24,7 +24,7 @@ The goal is not only to reorganize `tests/`. The goal is for the suite to be a
reliable foundation for future development: deterministic, modular, informative,
behavior-focused, and complete enough to replace manual QA wherever practical.
Run tests with the project virtualenv interpreter (`.venv/bin/python -m pytest`).
Run tests with the project virtualenv interpreter (`./venv/bin/python -m pytest`).
The system `python3` may be missing pinned dependencies (e.g. `nh3`), which
shows up as import/collection errors that are environmental, not real failures.
@@ -172,10 +172,10 @@ Prefer tests that exercise real behavior over tests that inspect source code.
Run locally before opening or approving a refactor PR:
- `git diff --check` - whitespace and conflict-marker errors.
- `python3 -m py_compile <changed .py files>` - changed files compile.
- Focused `pytest` on the changed files (use `.venv/bin/python -m pytest`).
- `pytest` on neighboring / order-sensitive groups that share import state with
the changed files.
- `./venv/bin/python -m py_compile <changed .py files>` - changed files compile.
- Focused `./venv/bin/python -m pytest` on the changed files.
- `./venv/bin/python -m pytest` on neighboring / order-sensitive groups that
share import state with the changed files.
- When replacing boilerplate, `grep` for the old pattern to confirm no stragglers.
- When changing a helper itself, validate in a fresh worktree so stale
`__pycache__` or import state cannot mask a regression.
tests/test_admin_tools_registry.py
+69
View File
@@ -0,0 +1,69 @@
"""Registry wiring for the config/integration admin tools (#3629).
manage_endpoints/mcp/webhooks/tokens/settings moved from tool_implementations
into agent_tools.admin_tools. These pin the registration + the single
owner-threading adapter factory, without touching the DB (the do_* impls
themselves are exercised by their own suites).
"""
import asyncio
from src.agent_tools import TOOL_HANDLERS
from src.agent_tools.admin_tools import (
ADMIN_TOOL_HANDLERS, _owner_adapter,
do_manage_endpoints, do_manage_mcp, do_manage_webhooks,
do_manage_tokens, do_manage_settings,
)
_NAMES = ["manage_endpoints", "manage_mcp", "manage_webhooks", "manage_tokens", "manage_settings"]
def test_all_registered_in_tool_handlers():
for n in _NAMES:
assert n in TOOL_HANDLERS, f"{n} missing from TOOL_HANDLERS"
assert n in ADMIN_TOOL_HANDLERS
def test_re_exported_from_agent_tools():
# Back-compat: importers that used `from src.agent_tools import do_manage_*`
# keep working after the move.
from src.agent_tools import ( # noqa: F401
do_manage_endpoints, do_manage_mcp, do_manage_webhooks,
do_manage_tokens, do_manage_settings,
)
def test_owner_adapter_threads_owner_from_ctx():
seen = {}
async def _spy(content, owner):
seen["content"] = content
seen["owner"] = owner
return {"response": "ok", "exit_code": 0}
handler = _owner_adapter(_spy)
res = asyncio.run(handler('{"action":"list"}', {"owner": "alice", "session_id": "s1"}))
assert res["exit_code"] == 0
assert seen == {"content": '{"action":"list"}', "owner": "alice"}
def test_owner_adapter_defaults_owner_to_none():
captured = {}
async def _spy(content, owner):
captured["owner"] = owner
return {"exit_code": 0}
asyncio.run(_owner_adapter(_spy)("{}", {})) # ctx without owner
assert captured["owner"] is None
def test_parse_tool_args_lives_in_tool_utils_single_source():
# The helper was de-duplicated into tool_utils; admin_tools imports it
# from there rather than carrying its own copy.
from src.tool_utils import _parse_tool_args
from src.agent_tools import admin_tools, document_tools
assert admin_tools._parse_tool_args is _parse_tool_args
assert document_tools._parse_tool_args is _parse_tool_args
assert _parse_tool_args('{"action":"add"}') == {"action": "add"}
# body-envelope unwrap still works
assert _parse_tool_args('{"body":{"action":"x"}}') == {"action": "x"}
tests/test_ai_image_url_safety.py
+104
View File
@@ -0,0 +1,104 @@
from src import ai_interaction
class _GenerationResponse:
status_code = 200
text = ""
def __init__(self, image_url):
self._image_url = image_url
def json(self):
return {"data": [{"url": self._image_url}]}
class _DownloadResponse:
status_code = 503
content = b""
def _patch_generation(monkeypatch, image_url):
async def _post(self, url, json, headers):
return _GenerationResponse(image_url)
class _AsyncClient:
def __init__(self, *args, **kwargs):
pass
async def __aenter__(self):
return self
async def __aexit__(self, *exc):
return False
post = _post
import httpx
import src.settings as settings
monkeypatch.setattr(settings, "load_settings", lambda: {})
monkeypatch.setattr(httpx, "AsyncClient", _AsyncClient)
monkeypatch.setattr(
ai_interaction,
"_resolve_model",
lambda model_spec, owner=None: (
"https://api.openai.example/v1/chat/completions",
"dall-e-3",
{"Authorization": "Bearer test"},
),
)
async def test_generate_image_validates_provider_url_before_download(monkeypatch):
import httpx
import src.url_safety as url_safety
provider_url = "https://images.example.com/generated.png?sig=abc"
events = []
_patch_generation(monkeypatch, provider_url)
def _check_outbound_url(url, *, block_private=False):
events.append(("check", url, block_private))
return True, "ok"
def _get(url, *, timeout):
events.append(("get", url, timeout))
return _DownloadResponse()
monkeypatch.setattr(url_safety, "check_outbound_url", _check_outbound_url)
monkeypatch.setattr(httpx, "get", _get)
result = await ai_interaction.do_generate_image("draw a chair\ndall-e-3")
assert result["image_url"] == provider_url
assert events == [
("check", provider_url, False),
("get", provider_url, 60),
]
async def test_generate_image_rejects_unsafe_provider_url_without_download(monkeypatch):
import httpx
import src.url_safety as url_safety
unsafe_url = "http://169.254.169.254/latest/meta-data"
events = []
_patch_generation(monkeypatch, unsafe_url)
def _check_outbound_url(url, *, block_private=False):
events.append(("check", url, block_private))
return False, "link-local address blocked (SSRF metadata risk): 169.254.169.254"
def _get(url, *, timeout):
raise AssertionError("unsafe provider image URL must not be downloaded")
monkeypatch.setattr(url_safety, "check_outbound_url", _check_outbound_url)
monkeypatch.setattr(httpx, "get", _get)
result = await ai_interaction.do_generate_image("draw a chair\ndall-e-3")
assert result["error"] == (
"Image API returned unsafe image URL: "
"link-local address blocked (SSRF metadata risk): 169.254.169.254"
)
assert events == [("check", unsafe_url, False)]
tests/test_ai_interaction_owner_scope.py
+7 -19
View File
@@ -3,6 +3,7 @@ import inspect
import pytest
from src import ai_interaction
from src.agent_tools import model_interaction_tools
def _source(fn) -> str:
@@ -18,7 +19,8 @@ def test_model_resolver_applies_owner_filter():
def test_model_listing_and_image_fallback_are_owner_scoped():
list_body = _source(ai_interaction.do_list_models)
# list_models moved to agent_tools.model_interaction_tools (#3629).
list_body = _source(model_interaction_tools.list_models)
image_body = _source(ai_interaction.do_generate_image)
assert "owner: Optional[str] = None" in list_body
@@ -28,12 +30,13 @@ def test_model_listing_and_image_fallback_are_owner_scoped():
assert "_resolve_model(model_spec, owner=owner)" in image_body
# chat_with_model, list_models and ask_teacher moved to the registry (#3629)
# and no longer route through dispatch_ai_tool; their owner threading is covered
# by tests/test_model_interaction_registry.py. The remaining model-ish tools
# still dispatched here:
@pytest.mark.parametrize("tool,content", [
("chat_with_model", "gpt-test\nhello"),
("pipeline", "gpt-test | summarize this"),
("list_models", ""),
("ui_control", "switch_model gpt-test"),
("ask_teacher", "gpt-test\nhelp me"),
])
async def test_dispatch_passes_owner_to_model_tools(monkeypatch, tool, content):
seen = {}
@@ -42,31 +45,16 @@ async def test_dispatch_passes_owner_to_model_tools(monkeypatch, tool, content):
seen[name] = {"content": content, "session_id": session_id, "owner": owner}
return {"ok": True}
monkeypatch.setattr(
ai_interaction,
"do_chat_with_model",
lambda content, session_id=None, owner=None: capture("chat_with_model", content, session_id, owner),
)
monkeypatch.setattr(
ai_interaction,
"do_pipeline",
lambda content, session_id=None, owner=None: capture("pipeline", content, session_id, owner),
)
monkeypatch.setattr(
ai_interaction,
"do_list_models",
lambda content, session_id=None, owner=None: capture("list_models", content, session_id, owner),
)
monkeypatch.setattr(
ai_interaction,
"do_ui_control",
lambda content, session_id=None, owner=None: capture("ui_control", content, session_id, owner),
)
monkeypatch.setattr(
ai_interaction,
"do_ask_teacher",
lambda content, session_id=None, owner=None: capture("ask_teacher", content, session_id, owner),
)
_desc, result = await ai_interaction.dispatch_ai_tool(tool, content, session_id="sid1", owner="alice")
tests/test_api_call_integration_routing.py
+78
View File
@@ -0,0 +1,78 @@
"""Regression: api_call reaches the model for API-integration intent (#3794).
The repro prompt — "Use the api_call tool to call Home Assistant GET
/api/states" — matched no domain in ``_classify_agent_request``, so it was
treated as low-signal. The agent loop then skipped retrieval and the function
schema filter sent only the always-available tools (manage_memory / ask_user /
update_plan); ``api_call`` was never advertised to the model even though the
ToolIndex description existed. Adding the registry description alone did not fix
runtime selection.
These tests drive the real path the agent uses — classifier -> domain tool map
(relevant tools) -> FUNCTION_TOOL_SCHEMAS filter — using the actual functions and
constants, so they would fail on the pre-fix code (empty domains -> low-signal ->
no api_call). They skip locally when the agent's heavy deps (httpx/embeddings)
are absent, and run in CI where they are installed.
"""
import pytest
agent_loop = pytest.importorskip("src.agent_loop")
REPRO = "Use the api_call tool to call Home Assistant GET /api/states"
def _selected_tools(domains):
"""Mirror agent_loop's deterministic domain seeding (see the loop over
`_intent['domains']` that updates `_relevant_tools` from `_DOMAIN_TOOL_MAP`)."""
tools = set()
for domain in domains:
tools |= agent_loop._DOMAIN_TOOL_MAP.get(domain, set())
return tools
def _schema_names_sent(tools):
"""Mirror the api-model schema filter that keeps only selected tools."""
return {
s.get("function", {}).get("name")
for s in agent_loop.FUNCTION_TOOL_SCHEMAS
if s.get("function", {}).get("name") in tools
}
@pytest.mark.parametrize(
"prompt",
[
REPRO,
"check my home assistant lights",
"fetch the latest unread from miniflux via the api_call tool",
"call my gitea integration to list repos",
],
)
def test_integration_prompts_are_not_low_signal(prompt):
intent = agent_loop._classify_agent_request([], prompt)
assert intent["low_signal"] is False, intent
assert "integrations" in intent["domains"], intent
def test_repro_selects_and_sends_api_call_schema():
intent = agent_loop._classify_agent_request([], REPRO)
selected = _selected_tools(intent["domains"])
assert "api_call" in selected, selected
# The schema filter must actually advertise api_call to the model.
assert "api_call" in _schema_names_sent(selected), "api_call schema must reach the model"
def test_integrations_domain_has_a_rule_pack():
# _domain_rules_for_tools indexes _DOMAIN_RULES[domain] directly, so a domain
# present in _DOMAIN_TOOL_MAP without a _DOMAIN_RULES entry would KeyError the
# moment api_call is selected.
rules = agent_loop._domain_rules_for_tools({"api_call"})
assert any("api_call" in r for r in rules), rules
def test_plain_greeting_does_not_pull_api_call():
# Guard against over-matching: an unrelated message stays low-signal and must
# not drag the integration tool into context.
intent = agent_loop._classify_agent_request([], "hey there, how are you")
assert "integrations" not in intent["domains"], intent
assert "api_call" not in _selected_tools(intent["domains"])
tests/test_api_chat_security.py
+3
View File
@@ -219,6 +219,9 @@ class _WebhookManager:
async def fire(self, event, payload):
return None
def fire_and_forget(self, event, payload):
return None
def _install_sync_chat_stubs(monkeypatch):
# FastAPI checks for python_multipart at import time when Form is used;
tests/test_api_key_manager_atomic_save.py
+79
View File
@@ -0,0 +1,79 @@
"""Test that APIKeyManager.save() uses atomic write to prevent data loss."""
import os
import json
import pytest
from unittest.mock import patch, mock_open
from src.api_key_manager import APIKeyManager
def test_save_creates_atomic_tmp_file(tmp_path):
"""Verify save() writes to a temp file and replaces atomically."""
mgr = APIKeyManager(str(tmp_path))
mgr.save("openai", "sk-test")
# The final file should exist with the correct content
assert os.path.exists(mgr.api_keys_file)
with open(mgr.api_keys_file, "r", encoding="utf-8") as f:
keys = json.load(f)
assert "openai" in keys
# The temp file should NOT remain after successful save
tmp_file = mgr.api_keys_file + ".tmp"
assert not os.path.exists(tmp_file)
def test_save_preserves_existing_keys_atomically(tmp_path):
"""Verify atomic save doesn't corrupt other providers' keys."""
mgr = APIKeyManager(str(tmp_path))
mgr.save("openai", "sk-openai")
mgr.save("anthropic", "sk-anthropic")
loaded = mgr.load()
assert loaded["openai"] == "sk-openai"
assert loaded["anthropic"] == "sk-anthropic"
def test_save_preserves_original_on_write_failure(tmp_path):
"""If the temp file write fails, the original keys file must survive intact."""
mgr = APIKeyManager(str(tmp_path))
mgr.save("openai", "sk-original")
# Now attempt a save that will fail during json.dump
with patch("builtins.open", side_effect=OSError("disk full")):
with pytest.raises(OSError, match="disk full"):
mgr.save("anthropic", "sk-new")
# Original file must still be intact with the original key
loaded = mgr.load()
assert loaded == {"openai": "sk-original"}
assert "anthropic" not in loaded
def test_save_cleans_up_tmp_on_failure(tmp_path):
"""Temp file should be removed if the write fails."""
mgr = APIKeyManager(str(tmp_path))
mgr.save("openai", "sk-original")
tmp_file = mgr.api_keys_file + ".tmp"
# Force a failure after the temp file is opened
original_open = open
def failing_open(*args, **kwargs):
f = original_open(*args, **kwargs)
if args and isinstance(args[0], str) and args[0].endswith(".tmp"):
# Close the file then raise
f.close()
raise OSError("simulated write failure")
return f
with patch("builtins.open", side_effect=failing_open):
with pytest.raises(OSError):
mgr.save("anthropic", "sk-new")
# Temp file should be cleaned up
assert not os.path.exists(tmp_file)
# Original should be intact
loaded = mgr.load()
assert loaded == {"openai": "sk-original"}
tests/test_api_token_routes.py
+74
View File
@@ -502,3 +502,77 @@ def test_delete_token_owner_check_skipped_when_auth_disabled(monkeypatch, token_
resp = delete_token(request=req, token_id="tok123")
assert resp == {"status": "deleted"}
fake_session.delete.assert_called_once_with(fake_token)
# ---------------------------------------------------------------------------
# 7. PATCH /api/tokens/{id} — non-object JSON bodies must not 500
# ---------------------------------------------------------------------------
def test_update_token_with_array_body_does_not_500(monkeypatch, token_routes_mod):
"""PATCH body of [] must be normalised to {} and not raise."""
monkeypatch.setenv("AUTH_ENABLED", "true")
mod = token_routes_mod
token = SimpleNamespace(
id="tok123", name="original", owner="alice",
token_prefix="ody_orig", scopes="email:read", is_active=True,
)
fake_session = MagicMock()
fake_session.query.return_value.filter.return_value.first.return_value = token
monkeypatch.setattr(mod, "get_db_session", lambda: _db_ctx(fake_session))
invalidator = MagicMock()
req = _patch_request(invalidator, [])
update_token = _get_handler(mod, "PATCH", "/tokens/{token_id}")
resp = asyncio.run(update_token(request=req, token_id="tok123"))
# Name and scopes must be unchanged — payload was normalised to {}
assert token.name == "original"
assert token.scopes == "email:read"
assert resp["name"] == "original"
def test_update_token_with_null_body_does_not_500(monkeypatch, token_routes_mod):
"""PATCH body of null must be normalised to {} and not raise."""
monkeypatch.setenv("AUTH_ENABLED", "true")
mod = token_routes_mod
token = SimpleNamespace(
id="tok123", name="original", owner="alice",
token_prefix="ody_orig", scopes="chat", is_active=True,
)
fake_session = MagicMock()
fake_session.query.return_value.filter.return_value.first.return_value = token
monkeypatch.setattr(mod, "get_db_session", lambda: _db_ctx(fake_session))
invalidator = MagicMock()
req = _patch_request(invalidator, None)
update_token = _get_handler(mod, "PATCH", "/tokens/{token_id}")
resp = asyncio.run(update_token(request=req, token_id="tok123"))
assert token.name == "original"
assert token.scopes == "chat"
def test_update_token_normal_object_still_works(monkeypatch, token_routes_mod):
"""Normal dict payload continues to update fields as before."""
monkeypatch.setenv("AUTH_ENABLED", "true")
mod = token_routes_mod
token = SimpleNamespace(
id="tok123", name="original", owner="alice",
token_prefix="ody_orig", scopes="email:read", is_active=True,
)
fake_session = MagicMock()
fake_session.query.return_value.filter.return_value.first.return_value = token
monkeypatch.setattr(mod, "get_db_session", lambda: _db_ctx(fake_session))
invalidator = MagicMock()
req = _patch_request(invalidator, {"name": "updated"})
update_token = _get_handler(mod, "PATCH", "/tokens/{token_id}")
resp = asyncio.run(update_token(request=req, token_id="tok123"))
assert token.name == "updated"
assert resp["name"] == "updated"
invalidator.assert_called_once()
tests/test_ask_user_persistence.py
+97
View File
@@ -0,0 +1,97 @@
"""Regression coverage for durable ``ask_user`` choice cards.
The live event must arrive after ``tool_output`` so the settled tool trace
cannot cover/push away the card. The same payload must be persisted inside
``tool_events`` so chat history can reconstruct it after a reload.
"""
import asyncio
import json
from pathlib import Path
import src.agent_loop as agent_loop
ROOT = Path(__file__).resolve().parents[1]
def _collect(gen):
async def _run():
return [chunk async for chunk in gen]
return asyncio.run(_run())
def _events(chunks):
events = []
for chunk in chunks:
if chunk.startswith("data: ") and not chunk.startswith("data: [DONE]"):
events.append(json.loads(chunk[6:]))
return events
def test_ask_user_is_emitted_last_and_persisted(monkeypatch):
payload = {
"question": "¿Qué proyecto prefieres?",
"options": [
{"label": "Análisis de reseñas"},
{"label": "Clasificación temática"},
],
"multi": False,
}
monkeypatch.setattr(agent_loop, "get_setting", lambda key, default=None: default, raising=False)
monkeypatch.setattr(agent_loop, "get_mcp_manager", lambda: None, raising=False)
monkeypatch.setattr(agent_loop, "estimate_tokens", lambda *args, **kwargs: 10, raising=False)
async def fake_stream(_candidates, messages, **kwargs):
call = {"name": "ask_user", "arguments": json.dumps(payload, ensure_ascii=False)}
yield f'data: {json.dumps({"type": "tool_calls", "calls": [call]})}\n\n'
yield "data: [DONE]\n\n"
async def fake_execute(block, *args, **kwargs):
parsed = json.loads(block.content)
return (
"ask_user",
{
"ask_user": parsed,
"output": "Awaiting their selection.",
"exit_code": 0,
},
)
monkeypatch.setattr(agent_loop, "stream_llm_with_fallback", fake_stream, raising=False)
monkeypatch.setattr(agent_loop, "execute_tool_block", fake_execute, raising=False)
chunks = _collect(
agent_loop.stream_agent_loop(
"https://api.openai.com/v1",
"gpt-4o",
[{"role": "user", "content": "Ayúdame a elegir un proyecto."}],
relevant_tools={"ask_user"},
_is_teacher_run=True,
)
)
events = _events(chunks)
tool_output_index = next(i for i, event in enumerate(events) if event.get("type") == "tool_output")
ask_user_index = next(i for i, event in enumerate(events) if event.get("type") == "ask_user")
assert tool_output_index < ask_user_index
tool_output = events[tool_output_index]
assert tool_output["ask_user"] == payload
assert "¿Qué proyecto prefieres?" in tool_output["command"]
assert "\\u00" not in tool_output["command"]
metrics = next(event["data"] for event in events if event.get("type") == "metrics")
assert metrics["tool_events"][0]["ask_user"] == payload
def test_frontend_uses_one_renderer_for_live_and_restored_cards():
chat = (ROOT / "static" / "js" / "chat.js").read_text(encoding="utf-8")
renderer = (ROOT / "static" / "js" / "chatRenderer.js").read_text(encoding="utf-8")
assert "chatRenderer.renderAskUserCard(json.data || {})" in chat
assert "export function renderAskUserCard" in renderer
assert "renderAskUserCard(pendingAskUser" in renderer
assert "if (role === 'user') removeAskUserCards(box)" in renderer
tests/test_ask_user_tool.py
+13
View File
@@ -85,6 +85,19 @@ def test_serializer_round_trips_structured_args():
assert json.loads(block.content) == args
def test_serializer_keeps_unicode_readable_for_tool_trace():
from src.tool_schemas import function_call_to_tool_block
args = {
"question": "¿Qué proyecto prefieres?",
"options": [{"label": "Reseñas"}, {"label": "Clasificación"}],
}
block = function_call_to_tool_block("ask_user", json.dumps(args, ensure_ascii=False))
assert "¿Qué proyecto prefieres?" in block.content
assert "Reseñas" in block.content
assert "\\u00" not in block.content
def test_registered_everywhere():
# TOOL_TAGS gate (serializer rejects unknown tools)
assert "ask_user" in TOOL_TAGS
tests/test_auth_disabled_document_access.py
+280
View File
@@ -0,0 +1,280 @@
"""Regression tests for auth-disabled document access (PR #4623).
Validates that the _auth_disabled() bypass in _verify_doc_owner and
list_documents restores single-user / no-auth mode WITHOUT weakening the
authenticated path. Three pinned directions:
1. AUTH_DISABLED + None user -> list_documents + doc read SUCCEEDS
(the bug being fixed).
2. AUTH_ENABLED + None user -> still 403.
3. AUTH_ENABLED + wrong owner -> _verify_doc_owner still raises 404/403.
Route handlers are called directly (same pattern as
test_document_session_owner_scope.py) so coverage lands on the real
closures without spinning up middleware.
"""
import tempfile
import uuid
from types import SimpleNamespace
from unittest.mock import MagicMock
import pytest
from fastapi import HTTPException
from sqlalchemy import create_engine
from sqlalchemy.orm import sessionmaker
from sqlalchemy.pool import NullPool
from tests.helpers.import_state import clear_fake_database_modules
clear_fake_database_modules()
import core.database as cdb
import routes.document_routes as droutes
from core.database import Document
from core.database import Session as DbSession
from routes.document_helpers import _verify_doc_owner, _owner_session_filter
_TMPDB = tempfile.NamedTemporaryFile(suffix=".db", delete=False)
_ENGINE = create_engine(
f"sqlite:///{_TMPDB.name}",
connect_args={"check_same_thread": False},
poolclass=NullPool,
)
cdb.Base.metadata.create_all(_ENGINE)
_TS = sessionmaker(bind=_ENGINE, autoflush=False, autocommit=False)
# ------------------------------------------------------------------ helpers
def _req(user=None):
"""Build a minimal fake Request whose state.current_user returns *user*."""
return SimpleNamespace(state=SimpleNamespace(current_user=user))
def _endpoint(method, path):
"""Resolve a route endpoint from the document router."""
router = droutes.setup_document_routes(MagicMock(), None)
for route in router.routes:
if getattr(route, "path", None) == path and method in getattr(route, "methods", set()):
return route.endpoint
raise RuntimeError(f"{method} {path} not found")
def _bind_test_db():
previous = droutes.SessionLocal
droutes.SessionLocal = _TS
return previous
def _seed(owner="alice"):
"""Create one session + one owned document. Returns (session_id, doc_id)."""
session_id = f"{owner}-" + uuid.uuid4().hex[:8]
doc_id = str(uuid.uuid4())
db = _TS()
try:
db.add(DbSession(
id=session_id, owner=owner, name=owner,
model="m", endpoint_url="http://x",
))
db.add(Document(
id=doc_id,
session_id=session_id,
title=f"{owner} doc",
language="markdown",
current_content=f"{owner} body",
version_count=1,
is_active=True,
owner=owner,
))
db.commit()
return session_id, doc_id
finally:
db.close()
# ------------------------------------------------------ 1. auth DISABLED +
# None user -> succeeds
@pytest.mark.asyncio
async def test_list_documents_allows_none_user_when_auth_disabled(monkeypatch):
"""AUTH_ENABLED=false + user=None must NOT raise 403 on list_documents."""
monkeypatch.setenv("AUTH_ENABLED", "false")
previous = _bind_test_db()
try:
list_docs = _endpoint("GET", "/api/documents/{session_id}")
session_id, doc_id = _seed()
# Must succeed — this is the bug fix.
rows = await list_docs(_req(None), session_id)
ids = [row["id"] for row in rows]
assert doc_id in ids, "own doc must be visible in auth-disabled mode"
finally:
droutes.SessionLocal = previous
@pytest.mark.asyncio
async def test_get_document_allows_none_user_when_auth_disabled(monkeypatch):
"""AUTH_ENABLED=false + user=None must NOT raise 403 on get_document."""
monkeypatch.setenv("AUTH_ENABLED", "false")
previous = _bind_test_db()
try:
get_doc = _endpoint("GET", "/api/document/{doc_id}")
_session_id, doc_id = _seed()
# Must succeed — _verify_doc_owner bypasses when auth is disabled.
result = await get_doc(_req(None), doc_id)
assert result["id"] == doc_id
finally:
droutes.SessionLocal = previous
def test_verify_doc_owner_allows_none_user_when_auth_disabled(monkeypatch):
"""_verify_doc_owner with user=None + AUTH_ENABLED=false must pass."""
monkeypatch.setenv("AUTH_ENABLED", "false")
_session_id, doc_id = _seed()
db = _TS()
try:
doc = db.query(Document).filter(Document.id == doc_id).first()
# Must NOT raise — the bypass allows single-user access.
_verify_doc_owner(db, doc, None)
finally:
db.close()
def test_owner_session_filter_noops_for_none_user_when_auth_disabled(monkeypatch):
"""_owner_session_filter with user=None + AUTH_ENABLED=false returns query unchanged."""
monkeypatch.setenv("AUTH_ENABLED", "false")
_session_id, doc_id = _seed()
db = _TS()
try:
q = db.query(Document).filter(Document.id == doc_id)
result = _owner_session_filter(q, None)
# Filter was a no-op; document is still reachable.
assert result.first().id == doc_id
finally:
db.close()
# ------------------------------------------------------ 2. auth ENABLED +
# None user -> 403
@pytest.mark.asyncio
async def test_list_documents_rejects_none_user_when_auth_enabled(monkeypatch):
"""AUTH_ENABLED=true (default) + user=None must raise 403."""
monkeypatch.delenv("AUTH_ENABLED", raising=False)
previous = _bind_test_db()
try:
list_docs = _endpoint("GET", "/api/documents/{session_id}")
session_id, _doc_id = _seed()
with pytest.raises(HTTPException) as exc:
await list_docs(_req(None), session_id)
assert exc.value.status_code == 403
finally:
droutes.SessionLocal = previous
@pytest.mark.asyncio
async def test_get_document_rejects_none_user_when_auth_enabled(monkeypatch):
"""AUTH_ENABLED=true (default) + user=None must raise 403 via _verify_doc_owner."""
monkeypatch.delenv("AUTH_ENABLED", raising=False)
previous = _bind_test_db()
try:
get_doc = _endpoint("GET", "/api/document/{doc_id}")
_session_id, doc_id = _seed()
with pytest.raises(HTTPException) as exc:
await get_doc(_req(None), doc_id)
assert exc.value.status_code == 403
finally:
droutes.SessionLocal = previous
def test_verify_doc_owner_rejects_none_user_when_auth_enabled(monkeypatch):
"""_verify_doc_owner with user=None + AUTH_ENABLED=true must raise 403."""
monkeypatch.delenv("AUTH_ENABLED", raising=False)
_session_id, doc_id = _seed()
db = _TS()
try:
doc = db.query(Document).filter(Document.id == doc_id).first()
with pytest.raises(HTTPException) as exc:
_verify_doc_owner(db, doc, None)
assert exc.value.status_code == 403
finally:
db.close()
# ------------------------------------------ 3. auth ENABLED + wrong owner ->
# _verify_doc_owner raises 404
def test_verify_doc_owner_rejects_wrong_owner_when_auth_enabled(monkeypatch):
"""_verify_doc_owner with a mismatched owner must raise 404 (not 403).
This confirms the authenticated path is untouched by the no-auth bypass."""
monkeypatch.delenv("AUTH_ENABLED", raising=False)
session_id, doc_id = _seed(owner="alice")
db = _TS()
try:
doc = db.query(Document).filter(Document.id == doc_id).first()
with pytest.raises(HTTPException) as exc:
_verify_doc_owner(db, doc, "bob") # bob != alice
assert exc.value.status_code == 404
finally:
db.close()
@pytest.mark.asyncio
async def test_get_document_rejects_wrong_owner(monkeypatch):
"""GET /api/document/{doc_id} with wrong authenticated user -> 404."""
monkeypatch.delenv("AUTH_ENABLED", raising=False)
previous = _bind_test_db()
try:
get_doc = _endpoint("GET", "/api/document/{doc_id}")
_session_id, doc_id = _seed(owner="alice")
with pytest.raises(HTTPException) as exc:
await get_doc(_req("bob"), doc_id)
assert exc.value.status_code == 404
finally:
droutes.SessionLocal = previous
@pytest.mark.asyncio
async def test_list_documents_hides_wrong_owner_docs(monkeypatch):
"""list_documents for alice must not show bob's documents."""
monkeypatch.delenv("AUTH_ENABLED", raising=False)
previous = _bind_test_db()
try:
list_docs = _endpoint("GET", "/api/documents/{session_id}")
# Seed alice's session with a doc
alice_session, alice_doc = _seed(owner="alice")
# Create bob's session+doc in the SAME session so ownership filter kicks in
bob_session = "bob-" + uuid.uuid4().hex[:8]
bob_doc = str(uuid.uuid4())
db = _TS()
try:
db.add(DbSession(id=bob_session, owner="bob", name="bob", model="m", endpoint_url="http://x"))
db.add(Document(
id=bob_doc, session_id=alice_session, # same session!
title="bob doc", language="markdown", current_content="bob body",
version_count=1, is_active=True, owner="bob",
))
db.commit()
finally:
db.close()
rows = await list_docs(_req("alice"), alice_session)
ids = [row["id"] for row in rows]
assert alice_doc in ids
assert bob_doc not in ids, "wrong-owner docs must be hidden"
finally:
droutes.SessionLocal = previous
tests/test_auth_policy.py
+272
View File
@@ -0,0 +1,272 @@
"""Tests for auth policy endpoint and password length validation."""
import asyncio
import importlib
import sys
import types
from pathlib import Path
from types import SimpleNamespace
from unittest.mock import MagicMock
import pytest
from fastapi import HTTPException
from tests.helpers.import_state import clear_module
def _real_core_package():
root = Path(__file__).resolve().parent.parent
core_path = str(root / "core")
core = sys.modules.get("core")
if core is None:
core = types.ModuleType("core")
sys.modules["core"] = core
core.__path__ = [core_path]
clear_module("core.auth")
return core
def _auth_module():
_real_core_package()
return importlib.import_module("core.auth")
def _make_manager(tmp_path):
auth_mod = _auth_module()
auth_mod._hash_password = lambda password: f"hash:{password}"
auth_mod._verify_password = lambda password, hashed: hashed == f"hash:{password}"
auth_path = tmp_path / "auth.json"
mgr = auth_mod.AuthManager(str(auth_path))
return mgr
async def _immediate_to_thread(fn, *args, **kwargs):
return fn(*args, **kwargs)
# ── AuthManager.policy() ───────────────────────────────────────────────
def test_policy_returns_password_min_length(tmp_path):
mgr = _make_manager(tmp_path)
policy = mgr.policy()
assert policy["password_min_length"] == 8
def test_policy_returns_reserved_usernames(tmp_path):
mgr = _make_manager(tmp_path)
policy = mgr.policy()
assert "internal-tool" in policy["reserved_usernames"]
assert "api" in policy["reserved_usernames"]
assert "demo" in policy["reserved_usernames"]
assert "system" in policy["reserved_usernames"]
assert isinstance(policy["reserved_usernames"], list)
def test_policy_returns_signup_enabled(tmp_path):
mgr = _make_manager(tmp_path)
policy = mgr.policy()
assert policy["signup_enabled"] is False # default
def test_policy_returns_session_days(tmp_path):
mgr = _make_manager(tmp_path)
policy = mgr.policy()
assert policy["session_days"] == 7
# ── GET /api/auth/policy endpoint ──────────────────────────────────────
def _policy_endpoint(auth_manager):
sys.modules.pop("routes.auth_routes", None)
_real_core_package()
from routes.auth_routes import setup_auth_routes
router = setup_auth_routes(auth_manager)
for route in router.routes:
if getattr(route, "path", None) == "/api/auth/policy":
return route.endpoint
raise AssertionError("policy route not found")
def test_policy_endpoint_returns_dict(tmp_path):
mgr = _make_manager(tmp_path)
endpoint = _policy_endpoint(mgr)
result = asyncio.run(endpoint())
assert isinstance(result, dict)
assert "password_min_length" in result
assert "reserved_usernames" in result
assert "signup_enabled" in result
assert "session_days" in result
def test_policy_endpoint_values_match_manager(tmp_path):
mgr = _make_manager(tmp_path)
endpoint = _policy_endpoint(mgr)
result = asyncio.run(endpoint())
assert result == mgr.policy()
# ── Password length validation ─────────────────────────────────────────
def _setup_endpoint(auth_manager):
sys.modules.pop("routes.auth_routes", None)
_real_core_package()
from routes.auth_routes import SetupRequest, setup_auth_routes
router = setup_auth_routes(auth_manager)
for route in router.routes:
if getattr(route, "path", None) == "/api/auth/setup":
return route.endpoint, SetupRequest
raise AssertionError("setup route not found")
def _signup_endpoint(auth_manager):
sys.modules.pop("routes.auth_routes", None)
_real_core_package()
from routes.auth_routes import SignupRequest, setup_auth_routes
router = setup_auth_routes(auth_manager)
for route in router.routes:
if getattr(route, "path", None) == "/api/auth/signup":
return route.endpoint, SignupRequest
raise AssertionError("signup route not found")
def _change_password_endpoint(auth_manager):
sys.modules.pop("routes.auth_routes", None)
_real_core_package()
from routes.auth_routes import ChangePasswordRequest, setup_auth_routes
router = setup_auth_routes(auth_manager)
for route in router.routes:
if getattr(route, "path", None) == "/api/auth/change-password":
return route.endpoint, ChangePasswordRequest
raise AssertionError("change-password route not found")
def test_setup_rejects_short_password(tmp_path):
mgr = _make_manager(tmp_path)
endpoint, SetupRequest = _setup_endpoint(mgr)
request = SimpleNamespace(client=SimpleNamespace(host="127.0.0.1"))
body = SetupRequest(username="admin", password="short")
with pytest.raises(HTTPException) as exc:
asyncio.run(endpoint(body=body, request=request))
assert exc.value.status_code == 400
assert "8 characters" in exc.value.detail
def test_signup_rejects_short_password(tmp_path):
mgr = _make_manager(tmp_path)
mgr.create_user("admin", "admin-password", is_admin=True)
mgr.signup_enabled = True
endpoint, SignupRequest = _signup_endpoint(mgr)
request = SimpleNamespace(client=SimpleNamespace(host="127.0.0.1"))
body = SignupRequest(username="newuser", password="short")
with pytest.raises(HTTPException) as exc:
asyncio.run(endpoint(body=body, request=request))
assert exc.value.status_code == 400
assert "8 characters" in exc.value.detail
def test_change_password_rejects_short_password(tmp_path):
mgr = _make_manager(tmp_path)
mgr.create_user("alice", "old-password", is_admin=False)
endpoint, ChangePasswordRequest = _change_password_endpoint(mgr)
request = SimpleNamespace(
cookies={"odysseus_session": "current-token"},
client=SimpleNamespace(host="127.0.0.1"),
)
# Mock get_username_for_token to return alice
mgr.get_username_for_token = MagicMock(return_value="alice")
body = ChangePasswordRequest(current_password="old-password", new_password="short")
with pytest.raises(HTTPException) as exc:
asyncio.run(endpoint(body=body, request=request))
assert exc.value.status_code == 400
assert "8 characters" in exc.value.detail
def test_setup_accepts_exactly_min_length_password(tmp_path):
mgr = _make_manager(tmp_path)
endpoint, SetupRequest = _setup_endpoint(mgr)
request = SimpleNamespace(client=SimpleNamespace(host="127.0.0.1"))
body = SetupRequest(username="admin", password="12345678")
result = asyncio.run(endpoint(body=body, request=request))
assert result == {"ok": True, "message": "Admin account created"}
def test_setup_rejects_seven_char_password(tmp_path):
mgr = _make_manager(tmp_path)
endpoint, SetupRequest = _setup_endpoint(mgr)
request = SimpleNamespace(client=SimpleNamespace(host="127.0.0.1"))
body = SetupRequest(username="admin", password="1234567")
with pytest.raises(HTTPException) as exc:
asyncio.run(endpoint(body=body, request=request))
assert exc.value.status_code == 400
# ── Login "remember me" cookie lifetime ────────────────────────────────
class _CapturingResponse:
"""Stand-in for fastapi.Response that records set_cookie kwargs."""
def __init__(self):
self.cookie_kwargs = None
def set_cookie(self, **kwargs):
self.cookie_kwargs = kwargs
def _login_endpoint(auth_manager):
sys.modules.pop("routes.auth_routes", None)
_real_core_package()
from routes.auth_routes import LoginRequest, setup_auth_routes
router = setup_auth_routes(auth_manager)
for route in router.routes:
if getattr(route, "path", None) == "/api/auth/login":
return route.endpoint, LoginRequest
raise AssertionError("login route not found")
def test_remember_cookie_max_age_matches_token_ttl(tmp_path):
auth_mod = _auth_module()
mgr = _make_manager(tmp_path)
mgr.create_user("alice", "alice-password", is_admin=False)
endpoint, LoginRequest = _login_endpoint(mgr)
request = SimpleNamespace(client=SimpleNamespace(host="127.0.0.1"))
response = _CapturingResponse()
body = LoginRequest(username="alice", password="alice-password", remember=True)
result = asyncio.run(endpoint(body=body, request=request, response=response))
assert result == {"ok": True, "username": "alice"}
# The persistent cookie must outlive neither more nor less than the token.
assert response.cookie_kwargs["max_age"] == auth_mod.TOKEN_TTL
def test_no_remember_omits_cookie_max_age(tmp_path):
mgr = _make_manager(tmp_path)
mgr.create_user("bob", "bob-password", is_admin=False)
endpoint, LoginRequest = _login_endpoint(mgr)
request = SimpleNamespace(client=SimpleNamespace(host="127.0.0.1"))
response = _CapturingResponse()
body = LoginRequest(username="bob", password="bob-password", remember=False)
asyncio.run(endpoint(body=body, request=request, response=response))
# Without "remember", the cookie is a session cookie (no max_age).
assert "max_age" not in response.cookie_kwargs
tests/test_auth_session_revocation.py
+43
View File
@@ -80,6 +80,16 @@ def test_password_change_allows_new_password_and_blocks_old_password(tmp_path):
assert mgr.create_session("alice", "new-password") is not None
def test_create_session_trusted_rejects_username_renamed_after_verification(tmp_path):
mgr = _make_manager(tmp_path)
assert mgr.create_user("admin", "admin-password", is_admin=True)
assert mgr.verify_password("alice", "old-password") is True
assert mgr.rename_user("alice", "alice2", "admin") is True
assert mgr.create_session_trusted("alice") is None
def _change_password_endpoint(auth_manager):
sys.modules.pop("routes.auth_routes", None)
_real_core_package()
@@ -92,6 +102,39 @@ def _change_password_endpoint(auth_manager):
raise AssertionError("change-password route not found")
def _login_endpoint(auth_manager):
sys.modules.pop("routes.auth_routes", None)
_real_core_package()
from routes.auth_routes import LoginRequest, setup_auth_routes
router = setup_auth_routes(auth_manager)
for route in router.routes:
if getattr(route, "path", None) == "/api/auth/login":
return route.endpoint, LoginRequest
raise AssertionError("login route not found")
def test_login_route_does_not_set_cookie_when_trusted_session_rejects_stale_user(monkeypatch):
auth = MagicMock()
auth.verify_password.return_value = True
auth.totp_enabled.return_value = False
auth.create_session_trusted.return_value = None
endpoint, LoginRequest = _login_endpoint(auth)
monkeypatch.setattr(
"routes.auth_routes.asyncio.to_thread",
lambda fn, *args, **kwargs: _immediate_to_thread(fn, *args, **kwargs),
)
request = SimpleNamespace(client=SimpleNamespace(host="127.0.0.1"))
response = MagicMock()
body = LoginRequest(username="alice", password="old-password")
with pytest.raises(HTTPException) as exc:
asyncio.run(endpoint(body=body, request=request, response=response))
assert exc.value.status_code == 401
response.set_cookie.assert_not_called()
def test_change_password_route_revokes_other_sessions_after_success(monkeypatch):
auth = MagicMock()
auth.get_username_for_token.return_value = "alice"
tests/test_aux_llm_owner_scope.py
+2 -1
View File
@@ -43,7 +43,8 @@ def test_background_session_sort_uses_owner_task_endpoint():
def test_scheduler_fallbacks_and_research_headers_are_owner_scoped():
src = _src("src/task_scheduler.py")
assert "resolve_utility_fallback_candidates(owner=task.owner or None)" in src
assert "resolve_task_candidates(" in src
assert "owner=task.owner or None" in src
assert 'resolve_endpoint(\n "research",' in src
assert "owner=task.owner or None" in src
assert "headers_from_resolver = False" in src
tests/test_bg_job_tools.py
+174
View File
@@ -0,0 +1,174 @@
"""Tests for bg_jobs.kill and the manage_bg_jobs agent tool.
Process-free: the store/dir are redirected to tmp, _pid_alive is forced True so
seeded "running" jobs stay running through refresh(), and _kill is stubbed so no
real signal is sent. Jobs are scoped to a chat (session_id), which is the main
invariant under test.
"""
import asyncio
import json
import time
import pytest
from src import bg_jobs
from src.agent_tools.bg_job_tools import ManageBgJobsTool
@pytest.fixture
def store(tmp_path, monkeypatch):
jobs_dir = tmp_path / "bg_jobs"
jobs_dir.mkdir()
monkeypatch.setattr(bg_jobs, "_STORE", tmp_path / "bg_jobs.json")
monkeypatch.setattr(bg_jobs, "_JOBS_DIR", jobs_dir)
monkeypatch.setattr(bg_jobs, "_pid_alive", lambda pid: True)
killed: list = []
monkeypatch.setattr(bg_jobs, "_kill", lambda pid: killed.append(pid))
return {"dir": jobs_dir, "killed": killed}
def _seed(session_id="sess-a", status="running", job_id="job0001", output="", pid=4321):
rec = {
"id": job_id, "session_id": session_id, "command": "sleep 60",
"status": status, "pid": pid, "started_at": time.time(),
"ended_at": None if status == "running" else time.time(),
"exit_code": None if status == "running" else 0,
"max_runtime_s": 3600, "followed_up": False,
"log_path": str(bg_jobs._JOBS_DIR / f"{job_id}.log"),
"exit_path": str(bg_jobs._JOBS_DIR / f"{job_id}.exit"),
}
if output:
(bg_jobs._JOBS_DIR / f"{job_id}.log").write_text(output, encoding="utf-8")
jobs = bg_jobs._load()
jobs[job_id] = rec
bg_jobs._save(jobs)
return rec
def _run(args, session_id="sess-a"):
return asyncio.run(ManageBgJobsTool().execute(json.dumps(args), {"session_id": session_id, "owner": None}))
# ── bg_jobs.kill ────────────────────────────────────────────────────────────
def test_kill_marks_killed_and_suppresses_followup(store):
_seed(job_id="job0001", pid=4321)
rec = bg_jobs.kill("job0001")
assert rec["status"] == "failed"
assert rec["killed"] is True
assert rec["exit_code"] == -1
# followed_up True so the monitor won't ALSO auto-continue a deliberate kill.
assert rec["followed_up"] is True
assert store["killed"] == [4321]
def test_kill_unknown_job_returns_none(store):
assert bg_jobs.kill("nope") is None
def test_kill_finished_job_is_noop(store):
_seed(job_id="done01", status="done")
rec = bg_jobs.kill("done01")
assert rec["status"] == "done"
assert store["killed"] == [] # no signal sent to an already-finished job
def test_result_text_reports_killed(store):
rec = _seed(job_id="job0001")
bg_jobs.kill("job0001")
assert "killed" in bg_jobs.result_text(bg_jobs.get("job0001")).lower()
# ── manage_bg_jobs tool ─────────────────────────────────────────────────────
def test_no_session_is_rejected(store):
out = asyncio.run(ManageBgJobsTool().execute('{"action":"list"}', {"session_id": None}))
assert "error" in out
def test_list_empty(store):
assert "No background jobs" in _run({"action": "list"})["output"]
def test_list_scoped_to_session(store):
_seed(session_id="sess-a", job_id="aaaa")
_seed(session_id="sess-b", job_id="bbbb")
out = _run({"action": "list"}, session_id="sess-a")["output"]
assert "aaaa" in out and "bbbb" not in out
def test_output_returns_captured_log(store):
_seed(job_id="job0001", output="hello from the job\n")
out = _run({"action": "output", "job_id": "job0001"})["output"]
assert "hello from the job" in out
def test_output_cross_session_denied(store):
_seed(session_id="sess-a", job_id="job0001", output="secret")
out = _run({"action": "output", "job_id": "job0001"}, session_id="sess-b")
assert "error" in out and "secret" not in out.get("error", "")
def test_kill_via_tool(store):
_seed(job_id="job0001", pid=999)
out = _run({"action": "kill", "job_id": "job0001"})
assert "Killed" in out["output"]
assert store["killed"] == [999]
assert bg_jobs.get("job0001")["killed"] is True
def test_kill_cross_session_denied(store):
_seed(session_id="sess-a", job_id="job0001")
out = _run({"action": "kill", "job_id": "job0001"}, session_id="sess-b")
assert "error" in out
assert store["killed"] == [] # never touched another chat's job
def test_kill_requires_job_id(store):
assert "error" in _run({"action": "kill"})
def test_unknown_action(store):
assert "error" in _run({"action": "frobnicate"})
def test_action_aliases(store):
_seed(job_id="job0001", output="aliased")
# 'read' aliases to output, 'jobs' to list, 'stop' to kill
assert "aliased" in _run({"action": "read", "job_id": "job0001"})["output"]
assert "job0001" in _run({"action": "jobs"})["output"]
assert "Killed" in _run({"action": "stop", "job_id": "job0001"})["output"]
# ── intent classifier: short bg-job commands must not be dropped as low-signal ─
# A short imperative ("kill that job") otherwise trips the low-signal gate, which
# skips tool retrieval entirely and never surfaces manage_bg_jobs (the live bug
# this feature hit). These lock in that bg-job control reaches the files domain.
@pytest.mark.parametrize("msg", [
"stop the job",
"kill that job",
"Now kill that background job.",
"is the job done?",
"check the job output",
"list my jobs",
"kill the bg task",
])
def test_bg_job_commands_are_not_low_signal(msg):
from src.agent_loop import _classify_agent_request, _DOMAIN_TOOL_MAP
r = _classify_agent_request([{"role": "user", "content": msg}], msg)
assert r["low_signal"] is False
assert "files" in r["domains"]
# files domain seeds manage_bg_jobs, so it gets offered to the model.
assert "manage_bg_jobs" in _DOMAIN_TOOL_MAP["files"]
@pytest.mark.parametrize("msg", [
"run this in the background", # launching, not managing
"find me a job listing", # unrelated use of "job"
])
def test_non_bg_messages_do_not_trip_files_domain(msg):
from src.agent_loop import _classify_agent_request
r = _classify_agent_request([{"role": "user", "content": msg}], msg)
assert "files" not in r["domains"]
tests/test_builtin_actions_owner_scope.py
+118 -20
View File
@@ -1,5 +1,6 @@
"""Regression tests for owner-scoped model resolution in scheduled actions."""
import sqlite3
from datetime import datetime
from types import SimpleNamespace
@@ -50,23 +51,19 @@ class _Db:
self.closed = True
def _resolver_spy(monkeypatch, utility_result=("", "", {}), default_result=("http://llm", "model", {})):
from src import endpoint_resolver
def _resolver_spy(monkeypatch, candidates=None):
from src import task_endpoint
calls = []
fallback_calls = []
def fake_resolve(kind, *args, **kwargs):
calls.append((kind, kwargs.get("owner")))
return utility_result if kind == "utility" else default_result
def fake_candidates(*args, **kwargs):
calls.append(kwargs.get("owner"))
if candidates is None:
return [("http://llm", "model", {})]
return list(candidates)
def fake_fallbacks(*args, **kwargs):
fallback_calls.append(kwargs.get("owner"))
return []
monkeypatch.setattr(endpoint_resolver, "resolve_endpoint", fake_resolve)
monkeypatch.setattr(endpoint_resolver, "resolve_utility_fallback_candidates", fake_fallbacks)
return calls, fallback_calls
monkeypatch.setattr(task_endpoint, "resolve_task_candidates", fake_candidates)
return calls
@pytest.mark.asyncio
@@ -87,7 +84,7 @@ async def test_classify_events_resolves_llm_for_task_owner(monkeypatch):
location="",
)
db = _Db({FakeCalendarEvent: [event]})
calls, _fallback_calls = _resolver_spy(monkeypatch, utility_result=("http://llm", "model", {}))
calls = _resolver_spy(monkeypatch)
monkeypatch.setattr(database, "CalendarEvent", FakeCalendarEvent)
monkeypatch.setattr(database, "SessionLocal", lambda: db)
@@ -96,7 +93,7 @@ async def test_classify_events_resolves_llm_for_task_owner(monkeypatch):
assert ok is True
assert "Scanned 1 upcoming event" in message
assert calls == [("utility", "alice")]
assert calls == ["alice"]
assert db.closed is True
@@ -121,7 +118,7 @@ async def test_learn_sender_signatures_resolves_llm_for_task_owner(monkeypatch):
def logout(self):
return None
calls, _fallback_calls = _resolver_spy(monkeypatch, utility_result=("", "", {}), default_result=("", "", {}))
calls = _resolver_spy(monkeypatch, candidates=[])
imap_owners = []
def fake_imap_connect(_account_id=None, owner=""):
@@ -134,10 +131,112 @@ async def test_learn_sender_signatures_resolves_llm_for_task_owner(monkeypatch):
assert ok is False
assert message == "No LLM endpoint available"
assert calls == [("utility", "alice"), ("default", "alice")]
assert calls == ["alice"]
assert imap_owners == ["alice"]
@pytest.mark.asyncio
async def test_learn_sender_signatures_writes_owner_scoped_cache(monkeypatch, tmp_path):
from routes import email_helpers
from src import llm_core, task_endpoint
from src.builtin_actions import action_learn_sender_signatures
db_path = tmp_path / "scheduled_emails.db"
monkeypatch.setattr(email_helpers, "SCHEDULED_DB", db_path)
email_helpers._init_scheduled_db()
conn = sqlite3.connect(db_path)
try:
conn.execute(
"""
INSERT INTO sender_signatures
(from_address, owner, signature_text, sample_count, last_built_at, model_used, source)
VALUES (?, ?, ?, ?, ?, ?, ?)
""",
(
"writer@example.com",
"bob",
"bob cached signature",
3,
"2999-01-01T00:00:00",
"old-model",
"llm",
),
)
conn.commit()
finally:
conn.close()
class FakeImap:
def select(self, *_args, **_kwargs):
return "OK", []
def search(self, *_args, **_kwargs):
return "OK", [b"1 2 3"]
def fetch(self, uid, query):
if "HEADER.FIELDS" in query:
return "OK", [(None, b"From: Writer <writer@example.com>\r\n\r\n")]
return "OK", [
(
None,
(
b"Thanks for the update.\r\n\r\n"
b"Regards,\r\n"
b"Writer Example\r\n"
b"Example Co.\r\n"
+ str(uid).encode()
),
)
]
def logout(self):
return None
imap_owners = []
def fake_imap_connect(_account_id=None, owner=""):
imap_owners.append(owner)
return FakeImap()
monkeypatch.setattr(email_helpers, "_imap_connect", fake_imap_connect)
monkeypatch.setattr(
task_endpoint,
"resolve_task_candidates",
lambda *args, **kwargs: [("http://llm", "alice-model", {})],
)
async def fake_llm_call_async(_candidates, **_kwargs):
return "Writer Example\nExample Co.\nwriter@example.com"
monkeypatch.setattr(llm_core, "llm_call_async_with_fallback", fake_llm_call_async)
message, ok = await action_learn_sender_signatures("alice")
assert ok is True
assert message.startswith("Learned sigs: 1 found")
assert imap_owners == ["alice", "alice"]
conn = sqlite3.connect(db_path)
try:
rows = conn.execute(
"""
SELECT owner, signature_text, model_used
FROM sender_signatures
WHERE from_address = ?
ORDER BY owner
""",
("writer@example.com",),
).fetchall()
finally:
conn.close()
assert rows == [
("alice", "Writer Example\nExample Co.\nwriter@example.com", "alice-model"),
("bob", "bob cached signature", "old-model"),
]
@pytest.mark.asyncio
async def test_check_email_urgency_resolves_llm_candidates_for_task_owner(monkeypatch, tmp_path):
from core import database
@@ -150,7 +249,7 @@ async def test_check_email_urgency_resolves_llm_candidates_for_task_owner(monkey
from_address = _Column()
db = _Db({FakeEmailAccount: []})
calls, fallback_calls = _resolver_spy(monkeypatch, utility_result=("http://llm", "model", {}))
calls = _resolver_spy(monkeypatch)
monkeypatch.chdir(tmp_path)
monkeypatch.setattr(database, "EmailAccount", FakeEmailAccount)
@@ -159,6 +258,5 @@ async def test_check_email_urgency_resolves_llm_candidates_for_task_owner(monkey
with pytest.raises(TaskNoop, match="no email accounts configured"):
await action_check_email_urgency("alice")
assert calls == [("utility", "alice")]
assert fallback_calls == ["alice"]
assert calls == ["alice"]
assert db.closed is True
tests/test_builtin_memory_consolidation.py
+8 -4
View File
@@ -29,8 +29,8 @@ def _read_memories(data_dir):
@pytest.mark.asyncio
async def test_consolidate_memory_empty_owner_treats_each_owner_separately(monkeypatch, tmp_path):
from src import constants
from src import endpoint_resolver
from src import llm_core
from src import task_endpoint
action_consolidate_memory = _import_consolidate_action()
long_alice_text = "Alice private project context. " + ("A" * 2200)
@@ -44,11 +44,15 @@ async def test_consolidate_memory_empty_owner_treats_each_owner_separately(monke
],
)
monkeypatch.setattr(constants, "DATA_DIR", str(data_dir))
monkeypatch.setattr(endpoint_resolver, "resolve_endpoint", lambda *args, **kwargs: ("http://llm", "model", {}))
monkeypatch.setattr(
task_endpoint,
"resolve_task_candidates",
lambda *args, **kwargs: [("http://llm", "model", {})],
)
prompts = []
async def fake_llm_call_async(**kwargs):
async def fake_llm_call_async(_candidates, **kwargs):
prompt = kwargs["messages"][0]["content"]
prompts.append(prompt)
if "alice-long" in prompt:
@@ -71,7 +75,7 @@ async def test_consolidate_memory_empty_owner_treats_each_owner_separately(monke
}
)
monkeypatch.setattr(llm_core, "llm_call_async", fake_llm_call_async)
monkeypatch.setattr(llm_core, "llm_call_async_with_fallback", fake_llm_call_async)
message, ok = await action_consolidate_memory("")
tests/test_cache_affinity_local_only.py
+10
View File
@@ -38,6 +38,16 @@ def test_unknown_public_host_gets_no_affinity_fields(monkeypatch):
assert payload == {}
@pytest.mark.parametrize("url", [
"https://10.example-cloud.com/v1",
"https://172.16.example-cloud.com/v1",
"https://192.168.example-cloud.com/v1",
])
def test_private_prefix_dns_host_gets_no_affinity_fields(monkeypatch, url):
payload = _affinity_fields(url, monkeypatch)
assert payload == {}
def test_localhost_server_gets_affinity_fields(monkeypatch):
payload = _affinity_fields("http://localhost:8080/v1", monkeypatch)
assert payload == {"session_id": "sess-123", "cache_prompt": True}
tests/test_calendar_cli_overlap.py
+130
View File
@@ -0,0 +1,130 @@
"""Regression: `odysseus-calendar list` must select events that OVERLAP the
query window, matching the canonical web-route filter in
routes/calendar_routes.py (`dtstart < end AND dtend > start`) and the
recurring-expansion contract asserted in test_calendar_recurrence.py
(test_expand_multi_day_crossing_range_start).
The buggy CLI filtered on `dtstart >= start AND dtstart < end`, which drops a
multi-day / in-progress event that started before the window but is still
running inside it (e.g. an all-day-running conference when you call
`odysseus-calendar list` with the default start=now()).
"""
import importlib.machinery
import importlib.util
import sys
import types
from datetime import datetime
from pathlib import Path
from unittest.mock import MagicMock
ROOT = Path(__file__).resolve().parents[1]
class _Col:
"""A fake SQLAlchemy column that records comparison clauses instead of
building SQL. `Col >= x` / `Col < x` / `Col > x` evaluate against a row
later via .matches(row)."""
def __init__(self, name):
self.name = name
def __ge__(self, other):
return _Clause(self.name, ">=", other)
def __lt__(self, other):
return _Clause(self.name, "<", other)
def __gt__(self, other):
return _Clause(self.name, ">", other)
# asc()/order_by helpers used by cmd_list — return self, harmless.
def asc(self):
return self
class _Clause:
def __init__(self, col, op, value):
self.col = col
self.op = op
self.value = value
def matches(self, row):
actual = getattr(row, self.col)
if self.op == ">=":
return actual >= self.value
if self.op == "<":
return actual < self.value
if self.op == ">":
return actual > self.value
raise AssertionError(self.op)
class _Query:
def __init__(self, rows):
self.rows = rows
self.clauses = []
def filter(self, *conds):
self.clauses.extend(conds)
return self
def order_by(self, *a, **k):
return self
def limit(self, n):
return self
def first(self):
return None
def all(self):
out = []
for r in self.rows:
if all(c.matches(r) for c in self.clauses if isinstance(c, _Clause)):
out.append(r)
return out
def _load_cli(monkeypatch, rows):
db = types.ModuleType("core.database")
session = MagicMock()
session.query.return_value = _Query(rows)
db.SessionLocal = MagicMock(return_value=session)
cal_event = types.SimpleNamespace(dtstart=_Col("dtstart"), dtend=_Col("dtend"))
db.CalendarEvent = cal_event
db.CalendarCal = MagicMock()
monkeypatch.setitem(sys.modules, "core.database", db)
path = ROOT / "scripts" / "odysseus-calendar"
loader = importlib.machinery.SourceFileLoader("odysseus_calendar_cli", str(path))
spec = importlib.util.spec_from_loader(loader.name, loader)
module = importlib.util.module_from_spec(spec)
loader.exec_module(module)
return module
def test_list_includes_event_overlapping_window_start(monkeypatch, capsys):
# Conference running 09:0017:00; we list from 14:00 onward (default now()).
ongoing = types.SimpleNamespace(
dtstart=datetime(2026, 6, 3, 9, 0),
dtend=datetime(2026, 6, 3, 17, 0),
)
cli = _load_cli(monkeypatch, [ongoing])
# Serialize to something trivial so emit() doesn't choke on the namespace.
cli._serialize_event = lambda e: {"dtstart": e.dtstart.isoformat()}
args = types.SimpleNamespace(
start="2026-06-03T14:00:00",
end="2026-06-03T23:00:00",
calendar=None,
limit=100,
pretty=False,
)
cli.cmd_list(args)
out = capsys.readouterr().out
assert "2026-06-03T09:00:00" in out, (
"An event that started before the window but is still running inside "
"it must be listed (overlap semantics), but it was dropped."
)
tests/test_calendar_css_url_escape_js.py
+107
View File
@@ -0,0 +1,107 @@
r"""DOM/CSS-injection regression for calendar background-image URL escaping.
CodeQL `js/incomplete-sanitization` (#463 calendar.js:416, #464 calendar.js:1263)
flagged event-background CSS that escaped `'` -> `\'` without first escaping
backslashes. A `bg:`-color value (settable per event, and CalDAV-syncable, so
untrusted) ending in or containing a backslash can then consume the closing
quote of `url('...')` and break out of the CSS string.
The fix is a single canonical escaper, `_cssUrlEscape`, in calendar/utils.js,
used by both inline sinks and by `_calBgCss` (which had the same incomplete
escaping). These tests pin the escaper: backslashes are doubled FIRST, then
quotes, so no input can terminate the `url('...')` string early.
"""
import json
import re
import shutil
import subprocess
import textwrap
from pathlib import Path
import pytest
_REPO = Path(__file__).resolve().parent.parent
_UTILS = (_REPO / "static" / "js" / "calendar" / "utils.js").as_posix()
_CALENDAR_JS = _REPO / "static" / "js" / "calendar.js"
_HAS_NODE = shutil.which("node") is not None
pytestmark = pytest.mark.skipif(not _HAS_NODE, reason="node binary not on PATH")
def _run(js: str) -> str:
proc = subprocess.run(
["node", "--input-type=module"],
input=js, capture_output=True, text=True, cwd=str(_REPO), timeout=30,
)
assert proc.returncode == 0, proc.stderr
return proc.stdout.strip()
def test_cssurlescape_doubles_backslashes_before_quotes():
js = textwrap.dedent(
f"""
const {{ _cssUrlEscape }} = await import('{_UTILS}');
console.log(JSON.stringify({{
backslash: _cssUrlEscape('a\\\\b'),
trailing: _cssUrlEscape('img\\\\'),
quote: _cssUrlEscape("a'b"),
dquote: _cssUrlEscape('a"b'),
}}));
"""
)
out = json.loads(_run(js))
# one backslash -> two; the escape for "'" is not itself re-escaped
assert out["backslash"] == r"a\\b"
assert out["trailing"] == "img\\\\" # 'img\' -> 'img\\'
assert out["quote"] == r"a\'b"
assert out["dquote"] == "a%22b"
def test_backslash_breakout_payload_cannot_close_the_url_string():
# Without the backslash-first escape, "x\" would render url('x\') and the
# trailing backslash escapes the closing quote -> breakout. After the fix the
# backslash is doubled, so the quote we add still terminates the string.
js = textwrap.dedent(
f"""
const {{ _cssUrlEscape, _calBgCss }} = await import('{_UTILS}');
const payload = 'x\\\\'; // a string ending in one backslash
console.log(JSON.stringify({{
esc: _cssUrlEscape(payload),
css: _calBgCss('bg:' + payload, 'var(--accent)'),
}}));
"""
)
out = json.loads(_run(js))
assert out["esc"] == "x\\\\" # doubled backslash
# The rendered declaration keeps the backslash doubled inside url('...').
assert "url('x\\\\')" in out["css"]
def test_calbgcss_escapes_quote_breakout():
js = textwrap.dedent(
f"""
const {{ _calBgCss }} = await import('{_UTILS}');
console.log(JSON.stringify(_calBgCss("bg:a'); X{{}}//", 'var(--accent)')));
"""
)
css = json.loads(_run(js))
# the injected single quote is escaped, so the url() string is not closed early
assert r"\'" in css
assert "url('a\\'); X{}//')" in css
def test_every_calendar_url_interpolation_is_escaped():
# Whole-file invariant: every CSS `url('${...}')` built in calendar.js must
# route its (CalDAV-syncable, untrusted) value through `_cssUrlEscape`. This
# is the guard that catches a *newly added* bg-image sink the centralization
# forgot - the failure mode that left calendar.js:2856 (edit-form color
# swatch) and :2953 (custom-dot preview) raw before this change.
src = _CALENDAR_JS.read_text(encoding="utf-8")
interps = re.findall(r"url\('\$\{([^}]*)\}'\)", src)
assert interps, "expected at least one url('${...}') interpolation in calendar.js"
unescaped = [expr for expr in interps if "_cssUrlEscape(" not in expr]
assert not unescaped, (
"bg-image url() interpolation(s) not routed through _cssUrlEscape: "
+ ", ".join(repr(e) for e in unescaped)
)
tests/test_calendar_reminder_minutes_parsing.py
+88
View File
@@ -0,0 +1,88 @@
"""do_manage_calendar must honour abbreviated reminder phrasings like "mins"/"hrs".
`_reminder_minutes` parsed the reminder offset with regexes anchored on
`(?:m|min|minute|minutes)\b` / `(?:h|hr|hour|hours)\b`. The trailing `\b`
made the very common plural abbreviations "mins" and "hrs" fail to match
(after "min" the next char "s" is a word char, so no boundary), so a request
like ``reminder_minutes: "5 mins"`` silently produced no reminder at all —
even though the sibling duration parser (no `\b`) already accepted them.
"""
import json
import sys
import uuid
import pytest
from tests.helpers.import_state import clear_fake_database_modules
from tests.helpers.sqlite_db import make_temp_sqlite
clear_fake_database_modules()
import core.database as cdb
from core.database import Note
_TS, _ENGINE, _TMPDB = make_temp_sqlite(cdb.Base.metadata)
@pytest.fixture(autouse=True)
def _bind_temp_db(monkeypatch):
monkeypatch.setitem(sys.modules, "core.database", cdb)
parent = sys.modules.get("core")
if parent is not None:
monkeypatch.setattr(parent, "database", cdb, raising=False)
monkeypatch.setattr(cdb, "SessionLocal", _TS)
yield
async def _create_with_reminder(reminder, owner):
from src.tool_implementations import do_manage_calendar
payload = {
"action": "create_event",
"summary": "Dentist",
# Far-future so the reminder is never "already passed".
"dtstart": "2030-01-01T10:00:00",
"reminder_minutes": reminder,
}
return await do_manage_calendar(json.dumps(payload), owner=owner)
@pytest.mark.parametrize("reminder,expected", [
("5 mins", 5),
("10 mins", 10),
("2 hrs", 120),
("1 hr", 60),
("15 minutes", 15), # regression: long form still works
("30m", 30), # regression: bare unit still works
])
async def test_reminder_minutes_accepts_abbreviations(reminder, expected):
owner = "tester-" + uuid.uuid4().hex[:6]
res = await _create_with_reminder(reminder, owner)
assert res.get("exit_code") == 0, res
assert f"reminder {expected} min before" in res.get("response", ""), res
db = _TS()
try:
note = (
db.query(Note)
.filter(Note.owner == owner, Note.title == "Reminder: Dentist")
.first()
)
assert note is not None, "reminder note should have been created"
finally:
db.close()
async def test_no_reminder_when_offset_absent():
owner = "tester-" + uuid.uuid4().hex[:6]
from src.tool_implementations import do_manage_calendar
payload = {
"action": "create_event",
"summary": "No Reminder Event",
"dtstart": "2030-02-01T10:00:00",
}
res = await do_manage_calendar(json.dumps(payload), owner=owner)
assert res.get("exit_code") == 0, res
assert "reminder set" not in res.get("response", ""), res
tests/test_canvas_coords_empty_touches_js.py
+51
View File
@@ -0,0 +1,51 @@
"""Pin canvasCoords (static/js/editor/canvas-coords.js) against an empty
touch list. Driven through `node --input-type=module` (same approach as
tests/test_markdown_table_row_js.py); skips when `node` is missing.
Regression: a touch event whose `touches` list is present but EMPTY (a
real mobile race — the finger is already lifted when the handler runs)
made `e.touches[0].clientX` throw \"Cannot read properties of undefined\".
The guard falls back to the event's own clientX/clientY in that case.
"""
import json
import shutil
import subprocess
from pathlib import Path
import pytest
_REPO = Path(__file__).resolve().parent.parent
_MOD = _REPO / "static" / "js" / "editor" / "canvas-coords.js"
_HAS_NODE = shutil.which("node") is not None
_CANVAS = "{width:800,height:600,getBoundingClientRect:()=>({width:400,height:300,left:100,top:50})}"
def _coords(event_js):
js = f"""
import {{ canvasCoords }} from '{_MOD.as_posix()}';
const canvas = {_CANVAS};
console.log(JSON.stringify(canvasCoords({event_js}, canvas)));
"""
proc = subprocess.run(
["node", "--input-type=module"],
input=js, capture_output=True, text=True, cwd=str(_REPO), timeout=30,
)
assert proc.returncode == 0, proc.stderr
return json.loads(proc.stdout.strip())
@pytest.mark.skipif(not _HAS_NODE, reason="node binary not on PATH")
def test_empty_touch_list_falls_back_to_client_xy():
# scaleX = 800/400 = 2; (200-100)*2 = 200, (100-50)*2 = 100
assert _coords("{touches:[],clientX:200,clientY:100}") == {"x": 200, "y": 100}
@pytest.mark.skipif(not _HAS_NODE, reason="node binary not on PATH")
def test_mouse_event_unaffected():
assert _coords("{clientX:200,clientY:100}") == {"x": 200, "y": 100}
@pytest.mark.skipif(not _HAS_NODE, reason="node binary not on PATH")
def test_touch_with_finger_still_used():
assert _coords("{touches:[{clientX:200,clientY:100}]}") == {"x": 200, "y": 100}
tests/test_chat_helpers.py
+224 -7
View File
@@ -1,10 +1,19 @@
import asyncio
from types import SimpleNamespace
import pytest
from fastapi import HTTPException
import routes.chat_helpers as chat_helpers
from routes.chat_helpers import (
_enforce_chat_privileges,
_session_is_research_spinoff,
auto_name_session,
build_chat_context,
clean_thinking_for_save,
needs_auto_name,
PreprocessedMessage,
PresetInfo,
save_assistant_response,
)
@@ -30,7 +39,7 @@ class _Session:
def test_allowed_models_legacy_empty_list_remains_unrestricted(monkeypatch):
monkeypatch.setattr("routes.chat_helpers.get_current_user", lambda request: "alice")
monkeypatch.setattr("routes.chat_helpers.effective_user", lambda request: "alice")
_enforce_chat_privileges(
_Request({"allowed_models": [], "max_messages_per_day": 0}),
@@ -39,7 +48,7 @@ def test_allowed_models_legacy_empty_list_remains_unrestricted(monkeypatch):
def test_allowed_models_explicit_empty_restricted_list_blocks_all_models(monkeypatch):
monkeypatch.setattr("routes.chat_helpers.get_current_user", lambda request: "alice")
monkeypatch.setattr("routes.chat_helpers.effective_user", lambda request: "alice")
with pytest.raises(HTTPException) as exc:
_enforce_chat_privileges(
@@ -56,7 +65,7 @@ def test_allowed_models_explicit_empty_restricted_list_blocks_all_models(monkeyp
def test_allowed_models_nonempty_list_still_restricts_without_new_flag(monkeypatch):
monkeypatch.setattr("routes.chat_helpers.get_current_user", lambda request: "alice")
monkeypatch.setattr("routes.chat_helpers.effective_user", lambda request: "alice")
_enforce_chat_privileges(
_Request({"allowed_models": ["provider/model-a"], "max_messages_per_day": 0}),
@@ -70,7 +79,7 @@ def test_allowed_models_nonempty_list_still_restricts_without_new_flag(monkeypat
def test_no_restriction_allows_any_model(monkeypatch):
monkeypatch.setattr("routes.chat_helpers.get_current_user", lambda request: "alice")
monkeypatch.setattr("routes.chat_helpers.effective_user", lambda request: "alice")
privs = {"allowed_models": [], "block_all_models": False, "max_messages_per_day": 0}
_enforce_chat_privileges(_Request(privs), _Session("provider/model-a"))
@@ -78,7 +87,7 @@ def test_no_restriction_allows_any_model(monkeypatch):
def test_specific_allowlist_blocks_models_outside_it(monkeypatch):
monkeypatch.setattr("routes.chat_helpers.get_current_user", lambda request: "alice")
monkeypatch.setattr("routes.chat_helpers.effective_user", lambda request: "alice")
privs = {
"allowed_models": ["gpt-4"],
@@ -92,7 +101,7 @@ def test_specific_allowlist_blocks_models_outside_it(monkeypatch):
def test_block_all_models_blocks_regardless_of_allowed_models_contents(monkeypatch):
monkeypatch.setattr("routes.chat_helpers.get_current_user", lambda request: "alice")
monkeypatch.setattr("routes.chat_helpers.effective_user", lambda request: "alice")
# Even if allowed_models contains entries, block_all_models wins.
privs = {
@@ -111,7 +120,7 @@ def test_block_all_models_blocks_regardless_of_allowed_models_contents(monkeypat
def test_admin_user_is_never_blocked(monkeypatch):
from core.auth import ADMIN_PRIVILEGES
monkeypatch.setattr("routes.chat_helpers.get_current_user", lambda request: "admin")
monkeypatch.setattr("routes.chat_helpers.effective_user", lambda request: "admin")
class _AdminAuthManager:
def get_privileges(self, username):
@@ -218,3 +227,211 @@ def test_save_assistant_response_preserves_actual_and_requested_model():
assert sess.history[-1].metadata["requested_model"] == "selected-model"
assert sess.history[-1].metadata["model"] == "actual-model"
class _SpinMsg:
def __init__(self, role, metadata=None):
self.role = role
self.metadata = metadata
def test_spinoff_detected_from_chatmessage_history():
sess = SimpleNamespace(history=[
_SpinMsg("system", {"research_spinoff_from": "rp-1"}),
_SpinMsg("user", None),
])
assert _session_is_research_spinoff(sess) is True
def test_auto_name_session_passes_session_fallback_to_task_resolver(monkeypatch):
import src.llm_core as llm_core
import src.task_endpoint as task_endpoint
resolver_calls = []
llm_calls = []
def fake_resolve_task_endpoint(
fallback_url=None,
fallback_model=None,
fallback_headers=None,
owner=None,
):
resolver_calls.append((fallback_url, fallback_model, fallback_headers, owner))
return fallback_url, fallback_model, fallback_headers
async def fake_llm_call(url, model, messages, **kwargs):
llm_calls.append((url, model, messages, kwargs))
return "Focused Fix"
monkeypatch.setattr(task_endpoint, "resolve_task_endpoint", fake_resolve_task_endpoint)
monkeypatch.setattr(llm_core, "llm_call_async", fake_llm_call)
session_headers = {"Authorization": "Bearer session"}
sess = SimpleNamespace(
id="session-1",
owner="alice",
endpoint_url="http://session.example/v1/chat/completions",
model="session-model",
headers=session_headers,
history=[SimpleNamespace(role="user", content="Please fix the endpoint fallback bug.")],
)
updates = []
session_manager = SimpleNamespace(
update_session_name=lambda session_id, title: updates.append((session_id, title))
)
asyncio.run(auto_name_session(session_manager, sess))
assert resolver_calls == [(
"http://session.example/v1/chat/completions",
"session-model",
session_headers,
"alice",
)]
assert llm_calls[0][0] == "http://session.example/v1/chat/completions"
assert llm_calls[0][1] == "session-model"
assert llm_calls[0][3]["headers"] == session_headers
assert updates == [("session-1", "Focused Fix")]
def test_spinoff_detected_from_dict_history():
sess = SimpleNamespace(history=[
{"role": "system", "metadata": {"research_spinoff_from": "rp-2"}},
{"role": "user", "content": "hi"},
])
assert _session_is_research_spinoff(sess) is True
def test_non_spinoff_plain_session_is_false():
sess = SimpleNamespace(history=[
_SpinMsg("system", {"compacted": True}),
_SpinMsg("user", None),
])
assert _session_is_research_spinoff(sess) is False
def test_metadata_on_non_system_message_ignored():
sess = SimpleNamespace(history=[_SpinMsg("user", {"research_spinoff_from": "rp-3"})])
assert _session_is_research_spinoff(sess) is False
def test_empty_or_missing_history():
assert _session_is_research_spinoff(SimpleNamespace(history=[])) is False
assert _session_is_research_spinoff(SimpleNamespace()) is False
async def _build_context_owner_probe(monkeypatch, request_state):
captured = {
"prefs_owner": None,
"preface_owner": None,
"compact_owner": None,
}
async def fake_preprocess(chat_handler, message, att_ids, sess, **kwargs):
return PreprocessedMessage(
enhanced_message=message,
user_content=message,
text_for_context=message,
youtube_transcripts=[],
attachment_meta=[],
)
def fake_extract_preset(chat_handler, preset_id):
return PresetInfo(
temperature=0.7,
max_tokens=1024,
system_prompt=None,
character_name=None,
)
def fake_add_user_message(sess, chat_handler, preprocessed, incognito=False):
sess.messages.append({"role": "user", "content": preprocessed.user_content})
def fake_load_prefs(owner):
captured["prefs_owner"] = owner
return {"memory_enabled": True, "skills_enabled": True}
def fake_build_context_preface(**kwargs):
captured["preface_owner"] = kwargs["owner"]
return [], [], []
async def fake_maybe_compact(sess, endpoint_url, model, messages, headers, owner=None):
captured["compact_owner"] = owner
return messages, 8192, False
monkeypatch.setattr(chat_helpers, "preprocess", fake_preprocess)
monkeypatch.setattr(chat_helpers, "extract_preset", fake_extract_preset)
monkeypatch.setattr(chat_helpers, "add_user_message", fake_add_user_message)
monkeypatch.setattr(chat_helpers, "load_prefs_for_user", fake_load_prefs)
monkeypatch.setattr(chat_helpers, "_normalize_model_id_from_cache", lambda sess: None)
monkeypatch.setattr(chat_helpers, "normalize_model_id", lambda endpoint_url, model, **kwargs: None)
monkeypatch.setattr(chat_helpers, "maybe_compact", fake_maybe_compact)
monkeypatch.setattr(chat_helpers, "trim_for_context", lambda messages, context_length: messages)
import src.user_time as user_time
monkeypatch.setattr(
user_time,
"current_datetime_context_message",
lambda now_utc=None: {"role": "user", "content": "[Context - current date/time]"},
raising=False,
)
sess = SimpleNamespace(
endpoint_url="http://model.local/v1/chat/completions",
model="test-model",
headers={},
history=[],
messages=[],
)
sess.get_context_messages = lambda: list(sess.messages)
request = SimpleNamespace(state=SimpleNamespace(**request_state))
ctx = await build_chat_context(
sess=sess,
request=request,
chat_handler=SimpleNamespace(),
chat_processor=SimpleNamespace(build_context_preface=fake_build_context_preface),
message="hello",
session_id="session-1",
incognito=True,
)
return ctx, captured
@pytest.mark.asyncio
async def test_build_chat_context_uses_api_token_owner_for_compaction_scope(monkeypatch):
ctx, captured = await _build_context_owner_probe(
monkeypatch,
{
"api_token": True,
"api_token_owner": "alice",
"current_user": "api",
},
)
assert ctx.user == "alice"
assert captured == {
"prefs_owner": "alice",
"preface_owner": "alice",
"compact_owner": "alice",
}
@pytest.mark.asyncio
async def test_build_chat_context_keeps_cookie_user_owner_scope(monkeypatch):
ctx, captured = await _build_context_owner_probe(
monkeypatch,
{
"api_token": False,
"current_user": "bob",
},
)
assert ctx.user == "bob"
assert captured == {
"prefs_owner": "bob",
"preface_owner": "bob",
"compact_owner": "bob",
}
tests/test_chat_helpers_bg_tasks_tracked.py
+71
View File
@@ -0,0 +1,71 @@
"""Guard: chat hot-path background tasks must go through _spawn_bg.
asyncio only holds a weak reference to a bare create_task() result, so the
GC can collect the outer task before its body runs and the background work
(memory/skill extraction, session auto-naming) silently never happens.
routes/chat_helpers.py owns these schedules via _spawn_bg(), which adds the
task to _BG_TASKS and discards it via a done-callback. This guard catches a
regression where a copy-paste re-introduces a bare asyncio.create_task.
This is the routes/chat_helpers.py-scoped sibling of the webhook-emitter
guard added in #4336 (tests/test_webhook_emitters_use_manager.py).
"""
import ast
from pathlib import Path
CHAT_HELPERS = (
Path(__file__).resolve().parent.parent / "routes" / "chat_helpers.py"
)
def _untracked_create_task_calls(tree: ast.AST) -> list[tuple[int, str]]:
"""(lineno, snippet) for any bare asyncio.create_task(...).
A call is "bare" when its return value is dropped — i.e. it is the direct
expression of an ast.Expr statement. Captured forms (`x = asyncio.create_task(...)`,
`[asyncio.create_task(...), ...]`, `await asyncio.create_task(...)`) are fine
because something else holds the reference.
The helper itself (_spawn_bg) is exempt: it calls asyncio.create_task once
and registers the task in _BG_TASKS before returning.
"""
hits: list[tuple[int, str]] = []
def _is_create_task(call: ast.Call) -> bool:
f = call.func
return (
isinstance(f, ast.Attribute)
and f.attr == "create_task"
and isinstance(f.value, ast.Name)
and f.value.id == "asyncio"
)
spawn_helper_lines: set[int] = set()
for node in ast.walk(tree):
if isinstance(node, ast.FunctionDef) and node.name == "_spawn_bg":
for n in ast.walk(node):
if hasattr(n, "lineno"):
spawn_helper_lines.add(n.lineno)
for node in ast.walk(tree):
if not isinstance(node, ast.Expr):
continue
if not isinstance(node.value, ast.Call):
continue
if not _is_create_task(node.value):
continue
if node.lineno in spawn_helper_lines:
continue
hits.append((node.lineno, ast.unparse(node.value)))
return hits
def test_no_untracked_create_task_in_chat_helpers():
tree = ast.parse(CHAT_HELPERS.read_text(), filename=str(CHAT_HELPERS))
offenders = _untracked_create_task_calls(tree)
assert not offenders, (
"Background tasks scheduled from routes/chat_helpers.py must go through "
"_spawn_bg(coro) so the task is registered in _BG_TASKS and survives until "
"it finishes. Found bare asyncio.create_task(...) call(s):\n "
+ "\n ".join(f"chat_helpers.py:{ln}: {snip}" for ln, snip in offenders)
)
tests/test_checkin_digest_owner_scope.py
+70
View File
@@ -0,0 +1,70 @@
"""Check-in calendar digest must be scoped to the task owner.
The digest query selected CalendarEvent with no owner scope, so a scheduled
check-in for one user pulled EVERY user's calendar events (summaries,
locations) into their digest — a cross-tenant leak. Ownership lives on
CalendarCal.owner; the query must join it, like routes/calendar_routes.
"""
import tempfile
import uuid
from datetime import datetime
import pytest
from sqlalchemy import create_engine
from sqlalchemy.orm import sessionmaker
from sqlalchemy.pool import NullPool
import core.database as cdb
from core.database import CalendarEvent, CalendarCal
from src.task_scheduler import _checkin_calendar_events
_TMPDB = tempfile.NamedTemporaryFile(suffix=".db", delete=False)
_ENGINE = create_engine(f"sqlite:///{_TMPDB.name}", connect_args={"check_same_thread": False}, poolclass=NullPool)
cdb.Base.metadata.create_all(_ENGINE)
_TS = sessionmaker(bind=_ENGINE, autoflush=False, autocommit=False)
def _seed():
db = _TS()
try:
db.query(CalendarEvent).delete(); db.query(CalendarCal).delete()
db.add(CalendarCal(id="calA", owner="alice", name="A"))
db.add(CalendarCal(id="calB", owner="bob", name="B"))
db.add(CalendarEvent(uid="a1", calendar_id="calA", summary="Alice mtg",
dtstart=datetime(2026, 6, 10, 9, 0),
dtend=datetime(2026, 6, 10, 10, 0), status="confirmed"))
db.add(CalendarEvent(uid="b1", calendar_id="calB", summary="Bob secret",
dtstart=datetime(2026, 6, 10, 10, 0),
dtend=datetime(2026, 6, 10, 11, 0), status="confirmed"))
db.commit()
finally:
db.close()
def test_digest_only_returns_owner_events():
_seed()
db = _TS()
try:
s, e = datetime(2026, 6, 1), datetime(2026, 6, 30)
alice = _checkin_calendar_events(db, "alice", s, e)
assert [ev.summary for ev in alice] == ["Alice mtg"] # not Bob's
bob = _checkin_calendar_events(db, "bob", s, e)
assert [ev.summary for ev in bob] == ["Bob secret"]
finally:
db.close()
def test_cancelled_excluded_and_window_respected():
_seed()
db = _TS()
try:
db2 = _TS()
db2.add(CalendarEvent(uid="a2", calendar_id="calA", summary="cancelled",
dtstart=datetime(2026, 6, 11),
dtend=datetime(2026, 6, 11, 1, 0), status="cancelled"))
db2.commit(); db2.close()
s, e = datetime(2026, 6, 1), datetime(2026, 6, 30)
out = _checkin_calendar_events(db, "alice", s, e)
assert "cancelled" not in [ev.summary for ev in out]
finally:
db.close()
tests/test_code_nav_tools.py
+34
View File
@@ -24,6 +24,9 @@ def repo():
os.mkdir(os.path.join(root, "sub"))
with open(os.path.join(root, "sub", "b.txt"), "w") as f:
f.write("nothing\nNEEDLE upper\n")
os.mkdir(os.path.join(root, "sub", "deep"))
with open(os.path.join(root, "sub", "deep", "c.py"), "w") as f:
f.write("# deep python\n")
os.mkdir(os.path.join(root, "node_modules"))
with open(os.path.join(root, "node_modules", "dep.py"), "w") as f:
f.write("needle in dep\n")
@@ -107,6 +110,37 @@ def test_glob_requires_pattern(repo):
assert r["exit_code"] == 1
def test_glob_literal_in_subdir(repo):
"""Bare literal should match at any depth (like rglob), not only at root."""
r = _run("glob", f'{{"pattern": "b.txt", "path": "{repo}"}}')
assert r["exit_code"] == 0
assert "b.txt" in r["output"]
def test_glob_multi_segment_single_star(repo):
"""sub/*.txt matches sub/b.txt but NOT sub/deep/c.py (single * stays in one segment)."""
r = _run("glob", f'{{"pattern": "sub/*.txt", "path": "{repo}"}}')
assert r["exit_code"] == 0
assert "b.txt" in r["output"]
assert "c.py" not in r["output"]
def test_glob_star_does_not_cross_slash(repo):
"""src/*.py must NOT match src/a/b/x.py — * is single-segment only."""
r = _run("glob", f'{{"pattern": "sub/*.py", "path": "{repo}"}}')
assert r["exit_code"] == 0
# sub/ has no .py directly, only sub/deep/c.py — should NOT match
assert "No files matching" in r["output"]
def test_glob_double_star_matches_deep(repo):
"""**/*.py should match files at any depth."""
r = _run("glob", f'{{"pattern": "**/*.py", "path": "{repo}"}}')
assert r["exit_code"] == 0
assert "a.py" in r["output"]
assert "c.py" in r["output"]
# ── ls ────────────────────────────────────────────────────────────────────
def test_ls_lists_entries(repo):
tests/test_codex_ssh_host_validation.py
+105 -1
View File
@@ -7,12 +7,55 @@ in ``remoteHost`` would be injected into that command.
These pin validation on the host/port before they reach the ssh string, matching
the validators the rest of the cookbook routes already apply.
"""
import asyncio
import pytest
from fastapi import HTTPException
from fastapi import APIRouter, HTTPException
from starlette.requests import Request
import routes.codex_routes as codex_routes
def _route_endpoint(path: str, method: str, router=None):
router = router or codex_routes.setup_codex_routes()
for route in router.routes:
if route.path == path and method in route.methods:
return route.endpoint
raise AssertionError(f"{method} {path} route not found")
def _launch_request() -> Request:
request = Request(
{
"type": "http",
"method": "POST",
"path": "/api/codex/cookbook/adopt",
"headers": [],
"state": {},
}
)
request.state.api_token = True
request.state.api_token_owner = "alice"
request.state.api_token_scopes = ["cookbook:launch"]
return request
def _codex_request(scopes) -> Request:
request = Request(
{
"type": "http",
"method": "POST",
"path": "/api/codex/emails/draft-document",
"headers": [],
"state": {},
}
)
request.state.api_token = True
request.state.api_token_owner = "alice"
request.state.api_token_scopes = list(scopes)
return request
def test_rejects_remote_host_with_shell_metacharacters():
task = {"remoteHost": "box; rm -rf ~", "sshPort": ""}
with pytest.raises(HTTPException) as exc:
@@ -41,9 +84,70 @@ def test_valid_remote_builds_port_flag():
assert port_flag == "-p 2222 "
def test_integer_ssh_port_in_stored_task_normalizes_without_crashing():
host, port_flag = codex_routes._ssh_prefix_for_task(
{"remoteHost": "user@box", "sshPort": 2222}
)
assert host == "user@box"
assert port_flag == "-p 2222 "
def test_default_ssh_port_omits_flag():
host, port_flag = codex_routes._ssh_prefix_for_task(
{"remoteHost": "box", "sshPort": "22"}
)
assert host == "box"
assert port_flag == ""
def test_adopt_rejects_ssh_option_host_before_shell(monkeypatch):
calls = []
async def fail_if_shell_runs(*args, **kwargs):
calls.append((args, kwargs))
raise RuntimeError("shell should not run for invalid host")
monkeypatch.setattr(asyncio, "create_subprocess_shell", fail_if_shell_runs)
endpoint = _route_endpoint("/api/codex/cookbook/adopt", "POST")
body = {
"tmux_session": "serve_abc123",
"model": "org/model",
"host": "-oProxyCommand=sh",
}
with pytest.raises(HTTPException) as exc:
asyncio.run(endpoint(_launch_request(), body))
assert exc.value.status_code == 400
assert calls == []
@pytest.mark.asyncio
async def test_email_draft_document_accepts_send_scope_with_document_write():
calls = []
document_router = APIRouter()
@document_router.post("/api/document")
async def create_document(request: Request, req):
calls.append((request.state.current_user, req.title, req.language, req.content))
return {"id": "doc-1", "title": req.title}
router = codex_routes.setup_codex_routes(document_router=document_router)
endpoint = _route_endpoint("/api/codex/emails/draft-document", "POST", router=router)
result = await endpoint(
_codex_request(["email:send", "documents:write"]),
{"to": "recipient@example.com", "subject": "Subject", "body": "Body"},
)
assert result["draft_type"] == "document"
assert result["send_required_confirmation"] is True
assert calls == [
(
"alice",
"Subject",
"email",
"To: recipient@example.com\nSubject: Subject\n---\nBody\n",
)
]
tests/test_companion_readonly.py
+32 -2
View File
@@ -13,6 +13,9 @@ import json
from types import SimpleNamespace
from unittest.mock import MagicMock
import pytest
from fastapi import HTTPException
sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
# core.database instantiates SQLAlchemy declarative classes at import time, which
@@ -225,12 +228,34 @@ def test_models_route_scopes_api_token_to_token_owner(monkeypatch):
endpoints = _call_models_route(
monkeypatch,
rows,
_request(api_token=True, api_token_owner="alice", current_user="api"),
_request(
api_token=True,
api_token_owner="alice",
api_token_scopes=["chat"],
current_user="api",
),
)
assert _endpoint_names(endpoints) == ["alice-endpoint", "shared-endpoint"]
def test_models_route_rejects_api_token_without_chat_scope(monkeypatch):
monkeypatch.setattr(companion_routes, "get_current_user", lambda request: "api")
with pytest.raises(HTTPException) as exc:
_models_route()(
_request(
api_token=True,
api_token_owner="alice",
api_token_scopes=["todos:read"],
current_user="api",
)
)
assert exc.value.status_code == 403
assert "chat scope" in exc.value.detail
def test_models_route_unresolved_owner_returns_only_shared_rows(monkeypatch):
rows = [
_ep(1, "alice-endpoint", "alice"),
@@ -242,7 +267,12 @@ def test_models_route_unresolved_owner_returns_only_shared_rows(monkeypatch):
endpoints = _call_models_route(
monkeypatch,
rows,
_request(api_token=True, api_token_owner=None, current_user="api"),
_request(
api_token=True,
api_token_owner=None,
api_token_scopes=["chat"],
current_user="api",
),
)
assert _endpoint_names(endpoints) == ["shared-endpoint"]
tests/test_consolidate_memory_explicit_drops.py
+5 -5
View File
@@ -29,24 +29,24 @@ class _FakeMM:
def test_omitted_memory_survives_only_explicit_drop(monkeypatch):
import src.memory
import src.endpoint_resolver
import src.llm_core
import src.task_endpoint
_FakeMM.saved = None
monkeypatch.setattr(src.memory, "MemoryManager", _FakeMM)
monkeypatch.setattr(
src.endpoint_resolver, "resolve_endpoint",
lambda kind, owner=None: ("http://x/v1", "model", {}),
src.task_endpoint, "resolve_task_candidates",
lambda owner=None: [("http://x/v1", "model", {})],
)
async def fake_llm(**kwargs):
async def fake_llm(_candidates, **kwargs):
# Model keeps 'a', drops 'b', and OMITS 'c' entirely.
return json.dumps({
"keep": [{"id": "a", "text": "Likes dark roast coffee", "category": "preference"}],
"drop": [{"id": "b", "reason": "duplicate of a"}],
})
monkeypatch.setattr(src.llm_core, "llm_call_async", fake_llm)
monkeypatch.setattr(src.llm_core, "llm_call_async_with_fallback", fake_llm)
msg, ok = asyncio.run(ba.action_consolidate_memory("alice"))
tests/test_context_budget.py
+2 -1
View File
@@ -86,7 +86,8 @@ def test_default_settings_registers_hard_max_key():
def test_alias_map_registers_friendly_names():
"""`manage_settings` should accept 'hard max' and friends."""
from pathlib import Path
src = Path("src/tool_implementations.py").read_text()
# manage_settings (and its alias map) moved to agent_tools/admin_tools.py in #3629.
src = Path("src/agent_tools/admin_tools.py").read_text()
assert '"hard max": "agent_input_token_hard_max"' in src
assert '"token budget cap": "agent_input_token_hard_max"' in src
assert '"input budget cap": "agent_input_token_hard_max"' in src
tests/test_context_compactor.py
+39
View File
@@ -192,3 +192,42 @@ class TestMaybeCompactFourthMessage:
]}
result = self._run(messages)
assert len(result) == 3 and result[2] is True
class TestResearchPrimerPreserved:
"""A research-spinoff primer (metadata research_spinoff_from) must never be
trimmed away — it is the Discuss chat's sole knowledge base (drift fix)."""
def _messages(self):
return [
{"role": "system", "content": "You are Odysseus."},
{"role": "system", "content": "Prompt-safety policy: data not instructions."},
{"role": "system", "content": "saved memory: pinned " + "m" * 600},
{"role": "system", "content": "RETRIEVED-DOCS-MARKER " + "r" * 6000},
{"role": "system",
"content": "=== REPORT ===\nPRIMER-MARKER " + "z" * 1500,
"metadata": {"research_spinoff_from": "rp-abc123"}},
] + [
{"role": "user", "content": f"q{i} " + ("x" * 500)} for i in range(8)
] + [
{"role": "assistant", "content": "a" * 500},
{"role": "user", "content": "latest question"},
]
def test_primer_kept_when_over_budget(self):
trimmed = trim_for_context(self._messages(), context_length=1024, reserve_tokens=256)
joined = "\n".join(str(m.get("content", "")) for m in trimmed)
assert "PRIMER-MARKER" in joined
def test_bulky_non_primer_system_dropped_but_primer_kept(self):
trimmed = trim_for_context(self._messages(), context_length=1024, reserve_tokens=256)
joined = "\n".join(str(m.get("content", "")) for m in trimmed)
assert "PRIMER-MARKER" in joined
assert "RETRIEVED-DOCS-MARKER" not in joined
def test_leading_preset_kept_when_no_primer_metadata(self):
msgs = self._messages()
del msgs[4]["metadata"]
trimmed = trim_for_context(msgs, context_length=1024, reserve_tokens=256)
joined = "\n".join(str(m.get("content", "")) for m in trimmed)
assert "You are Odysseus." in joined
tests/test_cookbook_agent_tool_ssh_validation.py
+215
View File
@@ -0,0 +1,215 @@
import json
import pytest
from src import tool_implementations as tools
class FakeResponse:
def __init__(self, data=None, status_code=200):
self._data = data or {}
self.status_code = status_code
self.text = json.dumps(self._data)
self.content = self.text.encode("utf-8")
self.headers = {"content-type": "application/json"}
def json(self):
return self._data
def _install_httpx_client(monkeypatch, *, state=None, posts=None):
import httpx
posts = posts if posts is not None else []
state = state if state is not None else {"tasks": []}
class FakeAsyncClient:
def __init__(self, *args, **kwargs):
pass
async def __aenter__(self):
return self
async def __aexit__(self, exc_type, exc, tb):
return False
async def get(self, url, **kwargs):
return FakeResponse(state)
async def post(self, url, json=None, **kwargs):
posts.append((url, json, kwargs))
return FakeResponse({"stdout": "", "stderr": "", "exit_code": 0})
monkeypatch.setattr(httpx, "AsyncClient", FakeAsyncClient)
return posts
@pytest.mark.asyncio
async def test_stop_served_model_rejects_invalid_remote_host_before_shell(monkeypatch):
posts = _install_httpx_client(monkeypatch)
result = await tools.do_stop_served_model(
json.dumps({"session_id": "serve-abc123", "remote_host": "-bad"})
)
assert result["exit_code"] == 1
assert "Invalid remote_host" in result["error"]
assert posts == []
@pytest.mark.asyncio
async def test_stop_served_model_rejects_invalid_state_host_before_shell(monkeypatch):
posts = _install_httpx_client(
monkeypatch,
state={
"tasks": [
{
"sessionId": "serve-abc123",
"remoteHost": "-bad",
"sshPort": "22",
}
]
},
)
result = await tools.do_stop_served_model(
json.dumps({"session_id": "serve-abc123"})
)
assert result["exit_code"] == 1
assert "Invalid remote_host" in result["error"]
assert posts == []
@pytest.mark.asyncio
async def test_stop_served_model_rejects_invalid_ssh_port_before_shell(monkeypatch):
posts = _install_httpx_client(monkeypatch)
result = await tools.do_stop_served_model(
json.dumps(
{
"session_id": "serve-abc123",
"remote_host": "gpu-box",
"ssh_port": "not-a-port",
}
)
)
assert result["exit_code"] == 1
assert "Invalid ssh_port" in result["error"]
assert posts == []
@pytest.mark.asyncio
async def test_stop_served_model_uses_validated_remote_target(monkeypatch):
posts = _install_httpx_client(monkeypatch)
result = await tools.do_stop_served_model(
json.dumps(
{
"session_id": "serve-abc123",
"remote_host": "user@gpu-box",
"ssh_port": 2222,
}
)
)
assert result["exit_code"] == 0
assert len(posts) == 1
command = posts[0][1]["command"]
assert "ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no" in command
assert "-p 2222 user@gpu-box" in command
assert "tmux kill-session -t serve-abc123" in command
@pytest.mark.asyncio
async def test_cancel_download_rejects_invalid_remote_host_before_shell(monkeypatch):
posts = _install_httpx_client(monkeypatch)
result = await tools.do_cancel_download(
json.dumps({"session_id": "cookbook-abc123", "remote_host": "-bad"})
)
assert result["exit_code"] == 1
assert "Invalid remote_host" in result["error"]
assert posts == []
@pytest.mark.asyncio
async def test_cancel_download_rejects_invalid_state_host_before_shell(monkeypatch):
posts = _install_httpx_client(
monkeypatch,
state={
"tasks": [
{
"sessionId": "cookbook-abc123",
"remoteHost": "-bad",
"sshPort": "22",
}
]
},
)
result = await tools.do_cancel_download(
json.dumps({"session_id": "cookbook-abc123"})
)
assert result["exit_code"] == 1
assert "Invalid remote_host" in result["error"]
assert posts == []
@pytest.mark.asyncio
async def test_tail_serve_output_rejects_invalid_remote_host_before_shell(monkeypatch):
posts = _install_httpx_client(monkeypatch)
result = await tools.do_tail_serve_output(
json.dumps({"session_id": "serve-abc123", "remote_host": "-bad"})
)
assert result["exit_code"] == 1
assert "Invalid remote_host" in result["error"]
assert posts == []
@pytest.mark.asyncio
async def test_tail_serve_output_rejects_invalid_state_host_before_shell(monkeypatch):
posts = _install_httpx_client(
monkeypatch,
state={
"tasks": [
{
"sessionId": "serve-abc123",
"remoteHost": "-bad",
"sshPort": "22",
}
]
},
)
result = await tools.do_tail_serve_output(
json.dumps({"session_id": "serve-abc123"})
)
assert result["exit_code"] == 1
assert "Invalid remote_host" in result["error"]
assert posts == []
@pytest.mark.asyncio
async def test_adopt_served_model_rejects_invalid_remote_host_before_shell(monkeypatch):
posts = _install_httpx_client(monkeypatch)
result = await tools.do_adopt_served_model(
json.dumps(
{
"tmux_session": "serve_abc123",
"model": "org/model",
"host": "-bad",
}
)
)
assert result["exit_code"] == 1
assert "Invalid remote_host" in result["error"]
assert posts == []
tests/test_cookbook_cpu_only_serve.py
+36 -3
View File
@@ -16,6 +16,7 @@ from pathlib import Path
SRC = Path(__file__).resolve().parent.parent / "static/js/cookbook.js"
SERVE_SRC = Path(__file__).resolve().parent.parent / "static/js/cookbookServe.js"
ROUTES_SRC = Path(__file__).resolve().parent.parent / "routes/cookbook_routes.py"
def test_cpu_only_drops_gpu_only_flags():
@@ -38,11 +39,14 @@ def test_diffusers_is_not_blocked_on_windows_dependencies_panel():
assert "new Set(['diffusers'" not in text
def test_diffusers_is_available_on_windows_serve_panel():
def test_diffusers_is_available_only_on_local_windows_serve_panel():
text = SERVE_SRC.read_text(encoding="utf-8")
assert "? ['llamacpp', 'diffusers']" in text
assert "? [['llamacpp','llama.cpp'],['diffusers','Diffusers']]" in text
assert "function _remoteWindowsDiffusersUnsupported(target)" in text
assert "return !!(target?.host && target?.platform === 'windows');" in text
assert "if (_remoteWindowsDiffusersUnsupported(target)) return [['llamacpp','llama.cpp']];" in text
assert "return [['llamacpp','llama.cpp'],['diffusers','Diffusers']];" in text
assert "Diffusers serving is not supported on remote Windows servers yet." in text
def test_windows_diffusers_uses_python_not_python3():
@@ -51,3 +55,32 @@ def test_windows_diffusers_uses_python_not_python3():
assert "const diffusersPy = _isWindows() ? 'python' : _py3Bin;" in text
assert "cmd += `${diffusersPy} scripts/diffusion_server.py" in text
assert "cmd += `python3 scripts/diffusion_server.py" not in text
def test_vllm_blank_swap_omits_swap_space_flag():
text = SRC.read_text(encoding="utf-8")
assert "const _swapRaw = (f.swap ?? '').toString().trim().toLowerCase();" in text
assert "['0', 'off', 'none', 'false'].includes(_swapRaw)" in text
assert "if (_swapRaw && !['0', 'off', 'none', 'false'].includes(_swapRaw)) cmd += ` --swap-space ${_swapRaw}`;" in text
def test_serve_preflight_uses_selected_server_not_stale_env_host():
text = SERVE_SRC.read_text(encoding="utf-8")
assert "function _selectedServeTarget(panel) {" in text
assert "const _hostStr = launchTarget.host || '';" in text
assert "(t.remoteHost || '') === _hostStr" in text
assert "const _probeHost = (launchTarget.host || '').trim();" in text
assert "const _portHost = (launchTarget.host || '').trim();" in text
def test_vllm_route_strips_swap_space_when_runtime_rejects_it():
text = ROUTES_SRC.read_text(encoding="utf-8")
assert "Setting vLLM --swap-space 0 so the runtime does not reserve CPU swap per GPU." in text
assert "vLLM serve does not expose --swap-space; removing the flag and patching the runtime default to 0." in text
assert "ODYSSEUS_VLLM_HELP_CMD" in text
assert "print(shlex.join(parts[:serve_i + 1] + [\"--help\"]))" in text
assert "eval \"$ODYSSEUS_VLLM_HELP_CMD\" 2>&1 | grep -q -- \"--swap-space\"" in text
assert "eval \"$ODYSSEUS_SERVE_CMD\"" in text
tests/test_cookbook_dependency_completion_regression.py
+5 -3
View File
@@ -28,13 +28,15 @@ def test_background_status_poll_reconciles_into_local_tasks():
assert "completedDeps.forEach(t => _refreshDepsAfterInstall(t));" in source
def test_local_windows_session_commands_use_local_powershell_log_dir():
def test_windows_session_commands_use_shared_powershell_wrapper_and_local_log_dir():
source = _read("static/js/cookbookRunning.js")
assert "const host = task.remoteHost;" in source
assert "host ? '$env:TEMP\\\\odysseus-sessions' : '$env:TEMP\\\\odysseus-tmux'" in source
assert "return host ? `ssh ${pf}${host}" in source
assert ": `powershell -Command \"${ps}\"`;" in source
assert "function _winPowerShellCmd(task, ps)" in source
assert "const command = `powershell -Command \"${ps}\"`;" in source
assert "if (!task.remoteHost) return command;" in source
assert "return `ssh ${_sshPrefix(_getPort(task))}${task.remoteHost} ${_shQuote(command)}`;" in source
def test_dep_install_success_recognized_from_exit_sentinel():
tests/test_cookbook_deps_recipes.py
+27
View File
@@ -0,0 +1,27 @@
"""Guard the llama.cpp Docker pull recipe surfaced in Cookbook → Dependencies.
The upstream repo moved from github.com/ggerganov/llama.cpp to
github.com/ggml-org/llama.cpp. The old GHCR namespace
(ghcr.io/ggerganov/llama.cpp) no longer publishes images, so the
docker variant in the Dependencies panel returned
"failed to resolve reference … not found" when copied verbatim (#4457).
The other llama.cpp reference in routes/cookbook_routes.py already uses
ggml-org; this guards the JS recipe so the two stay aligned.
"""
from pathlib import Path
RECIPES_JS = (
Path(__file__).resolve().parent.parent / "static" / "js" / "cookbook-deps-recipes.js"
)
def test_llama_cpp_docker_recipe_uses_ggml_org_namespace():
source = RECIPES_JS.read_text(encoding="utf-8")
assert "ghcr.io/ggml-org/llama.cpp:server-cuda" in source, (
"Expected the llama.cpp docker recipe to pull from the ggml-org namespace."
)
assert "ghcr.io/ggerganov/llama.cpp" not in source, (
"The ggerganov GHCR namespace no longer publishes llama.cpp images. "
"Use ghcr.io/ggml-org/llama.cpp:server-cuda."
)
tests/test_cookbook_helpers.py
+57 -7
View File
@@ -348,7 +348,7 @@ def test_serve_pip_install_normalizes_llama_cpp_alias_and_adds_wheel_index():
src = (pathlib.Path(__file__).resolve().parent.parent
/ "routes" / "cookbook_routes.py").read_text(encoding="utf-8")
assert "re.sub(r\"(?<![A-Za-z0-9_.-])llama_cpp(?![A-Za-z0-9_.-])\", \"llama-cpp-python[server]\", req.cmd)" in src
assert "re.sub(r\"(?<![A-Za-z0-9_.\\-/])llama_cpp(?![A-Za-z0-9_.\\-/])\", \"llama-cpp-python[server]\", req.cmd)" in src
assert "if \"llama-cpp-python\" in req.cmd and \"--extra-index-url\" not in req.cmd:" in src
assert "https://abetlen.github.io/llama-cpp-python/whl/cpu" in src
@@ -468,7 +468,13 @@ def test_local_tooling_path_export_converts_windows_paths_for_bash():
def test_user_shell_path_bootstrap_falls_back_to_python_on_windows_bash():
script = "\n".join(_user_shell_path_bootstrap())
assert 'command -v python3 >/dev/null 2>&1 || python3() { python "$@"; }' in script
# A missing python3 OR a Microsoft Store App Execution Alias stub under
# WindowsApps must shim python3 -> python so the venv interpreter is used.
assert '_odys_py3="$(command -v python3 2>/dev/null || true)"' in script
assert (
'case "$_odys_py3" in ""|*[Ww]indows[Aa]pps*) python3() { python "$@"; } ;; esac'
in script
)
assert 'command -v python >/dev/null 2>&1 || python() { python3 "$@"; }' in script
@@ -620,7 +626,7 @@ def test_llama_cpp_linux_bootstrap_prefers_rocm_before_cuda():
script = "\n".join(runner_lines)
assert "mkdir -p ~/bin" in script
assert script.index("mkdir -p ~/bin") < script.index("cd ~/llama.cpp && rm -rf build")
assert script.index("mkdir -p ~/bin") < script.index("cd ~/llama.cpp")
assert 'command -v hipconfig &>/dev/null || [ -d /opt/rocm ] || [ -n "$ROCM_PATH" ] || [ -n "$HIP_PATH" ]' in script
assert 'cmake -B build -DCMAKE_BUILD_TYPE=Release -DGGML_HIP=ON' in script
assert 'cmake -B build -DCMAKE_BUILD_TYPE=Release -DGGML_CUDA=ON' in script
@@ -670,7 +676,7 @@ def test_llama_cpp_linux_bootstrap_nvcc_without_cudart_warns_and_falls_back():
# outer else that handles no-GPU-toolchain). Verify it appears at least once
# before the outer "no HIP/CUDA toolchain" warning.
cpu_cmake = 'cmake -B build -DCMAKE_BUILD_TYPE=Release &&'
no_toolchain_warn = 'WARNING: no HIP/CUDA toolchain found'
no_toolchain_warn = 'WARNING: no HIP/CUDA/Vulkan toolchain found'
assert cpu_cmake in script
assert script.index(cpu_cmake) < script.index(no_toolchain_warn)
@@ -687,8 +693,8 @@ def test_llama_cpp_linux_bootstrap_keeps_cpu_fallback_when_no_gpu_toolchain():
_append_llama_cpp_linux_accel_build_lines(runner_lines)
script = "\n".join(runner_lines)
assert 'WARNING: no HIP/CUDA toolchain found — building llama-server for CPU only.' in script
assert 'Install ROCm for AMD GPUs or vLLM/CUDA tooling for NVIDIA' in script
assert 'WARNING: no HIP/CUDA/Vulkan toolchain found — building llama-server for CPU only.' in script
assert 'Install Vulkan (libvulkan-dev) / ROCm for AMD GPUs or CUDA tooling for NVIDIA' in script
def test_llama_cpp_rebuild_cmd_clears_cached_build_paths():
@@ -712,7 +718,7 @@ def test_local_windows_download_pid_tracks_inner_bash_and_stop_kills_tree():
assert 'printf \'%s\\\\n\' \\"$$\\" > {pp}' in routes_src
assert "function Stop-Tree([int]$Id)" in running_src
assert "ParentProcessId = $Id" in running_src
assert "('ParentProcessId = ' + $Id)" in running_src
assert "Stop-Tree ([int]$p)" in running_src
@@ -780,6 +786,50 @@ def test_cached_model_scan_reports_plain_dir_gguf(tmp_path):
assert ggufs[3]["quant"] == "BF16"
def test_cached_model_scan_uses_ollama_api_before_cli_and_windows_opt_in():
script = _cached_model_scan_script()
assert "scan_ollama_api()\nscan_ollama()" in script
assert "if any(m.get('is_ollama') for m in models): return" in script
assert "os.name == 'nt'" in script
assert "ODYSSEUS_ALLOW_OLLAMA_CLI_SCAN" in script
@pytest.mark.skipif(os.name != "nt", reason="Windows Ollama CLI startup guard")
def test_cached_model_scan_does_not_launch_ollama_cli_on_windows(tmp_path):
"""Official Ollama for Windows can auto-start the tray/server on `ollama list`.
The read-only cache scanner must not invoke that CLI unless explicitly opted in.
"""
marker = tmp_path / "ollama-called.txt"
fake_ollama = tmp_path / "ollama.cmd"
fake_ollama.write_text(
"@echo off\r\n"
f'echo called>"{marker}"\r\n'
"echo NAME ID SIZE MODIFIED\r\n"
"echo local-model:latest abc 1 GB now\r\n",
encoding="utf-8",
)
empty_home = tmp_path / "home"
empty_home.mkdir()
scan_py = tmp_path / "scan_cache.py"
scan_py.write_text(_cached_model_scan_script(), encoding="utf-8")
env = dict(os.environ)
env["PATH"] = str(tmp_path) + os.pathsep + env.get("PATH", "")
env["HOME"] = str(empty_home)
env.pop("ODYSSEUS_ALLOW_OLLAMA_CLI_SCAN", None)
proc = subprocess.run(
[sys.executable, str(scan_py)],
check=True,
capture_output=True,
text=True,
env=env,
)
assert marker.exists() is False
assert all(m.get("backend") != "ollama" for m in json.loads(proc.stdout))
def test_cached_model_scan_uses_huggingface_cache_env(tmp_path):
"""Docker recreates can leave the persisted HF cache outside HOME.
The Serve scanner should honor the cache env path instead of only ~/.cache.
tests/test_cookbook_remote_windows_diffusers.py
+57
View File
@@ -0,0 +1,57 @@
import asyncio
import pytest
from fastapi import HTTPException
from starlette.requests import Request
import routes.cookbook_routes as cookbook_routes
from routes.cookbook_helpers import ServeRequest
def _route_endpoint(path: str, method: str):
router = cookbook_routes.setup_cookbook_routes()
for route in router.routes:
if route.path == path and method in route.methods:
return route.endpoint
raise AssertionError(f"{method} {path} route not found")
def _admin_request() -> Request:
request = Request(
{
"type": "http",
"method": "POST",
"path": "/api/model/serve",
"headers": [],
"state": {},
}
)
request.state.current_user = "admin"
return request
@pytest.mark.asyncio
async def test_remote_windows_diffusers_is_rejected_before_runner_launch(monkeypatch):
monkeypatch.setattr(cookbook_routes, "require_admin", lambda request: None)
calls = []
async def fail_if_shell_runs(*args, **kwargs):
calls.append((args, kwargs))
raise AssertionError("remote Windows Diffusers should fail before shell launch")
monkeypatch.setattr(asyncio, "create_subprocess_shell", fail_if_shell_runs)
endpoint = _route_endpoint("/api/model/serve", "POST")
req = ServeRequest(
repo_id="diffusers/example",
cmd="python scripts/diffusion_server.py --model diffusers/example --port 8100",
remote_host="winbox",
platform="windows",
)
with pytest.raises(HTTPException) as exc:
await endpoint(_admin_request(), req)
assert exc.value.status_code == 400
assert "Remote Windows Diffusers" in str(exc.value.detail)
assert calls == []
tests/test_cookbook_same_host_server_profiles_js.py
+16 -4
View File
@@ -36,16 +36,28 @@ def test_cookbook_submodules_resolve_visible_profile_selection():
assert "_serverByVal(_envState.remoteServerKey || remoteHost)" in HWFIT
assert "hk: _currentServerValue()" in HWFIT
assert "sel.value = _currentServerValue();" in HWFIT
assert "_serverByVal?.(_ssEl.value)" in SERVE
assert "_serverByVal?.(select.value)" in SERVE
assert "_serverByVal?.(val)" in SERVE
assert "_serverByVal?.(_es.remoteServerKey || _es.remoteHost || '')" in SERVE
assert "_serverByVal?.(_envState.remoteServerKey || _probeHost)" in SERVE
assert "port: host ? (server?.port || _getPort(host) || '') : ''" in SERVE
def test_serve_launch_preflights_use_selected_target_and_port():
launch_target = "const launchTarget = _selectedServeTarget(panel);"
assert launch_target in SERVE
assert "const _hostStr = launchTarget.host || '';" in SERVE
assert "const _probeHost = (launchTarget.host || '').trim();" in SERVE
assert "if (launchTarget.port) _probeParams.set('ssh_port', launchTarget.port);" in SERVE
assert "const _portHost = (launchTarget.host || '').trim();" in SERVE
assert "StrictHostKeyChecking=no ${_sshPrefix(launchTarget.port)}${_portHost}" in SERVE
assert "const serveHost = launchTarget.host || '';" in SERVE
assert SERVE.index(launch_target) < SERVE.index("const _runningMod = await import('./cookbookRunning.js');")
def test_running_tab_resolves_profile_key_not_first_host():
assert "_serverByVal(_envState.remoteServerKey || _tHost)" in RUNNING
assert "_serverByVal(_targetKey)" in RUNNING
assert "_serverByVal(_envState.remoteServerKey || _host)" in RUNNING
assert "_serverByVal(_envState.remoteServerKey || host)" in RUNNING
assert "_serverByVal(savedKey)" in RUNNING
assert "_serverByVal = shared._serverByVal;" in RUNNING
assert "_selectedServer = shared._selectedServer;" in RUNNING
tests/test_cookbook_serve_lifecycle.py
+50
View File
@@ -0,0 +1,50 @@
import json
import pytest
from src import cookbook_serve_lifecycle as lifecycle
@pytest.mark.asyncio
async def test_tick_persists_only_successfully_stopped_serves(tmp_path, monkeypatch):
state_path = tmp_path / "cookbook_state.json"
state_path.write_text(
json.dumps({
"tasks": [
{
"id": "stop-succeeds",
"type": "serve",
"status": "running",
"_scheduledStopAtMs": 0,
},
{
"id": "stop-fails",
"type": "serve",
"status": "running",
"_scheduledStopAtMs": 0,
},
]
}),
encoding="utf-8",
)
async def fake_stop_serve(session_id, remote_host="", ssh_port=""):
return session_id == "stop-succeeds"
async def fake_delete_endpoint(task):
return None
monkeypatch.setattr(lifecycle, "COOKBOOK_STATE_FILE", str(state_path))
monkeypatch.setattr(lifecycle, "_stop_serve", fake_stop_serve)
monkeypatch.setattr(lifecycle, "_delete_endpoint_for_task", fake_delete_endpoint)
await lifecycle._tick()
tasks = {
task["id"]: task
for task in json.loads(state_path.read_text(encoding="utf-8"))["tasks"]
}
assert tasks["stop-succeeds"]["status"] == "stopped"
assert tasks["stop-succeeds"]["_scheduledStopAtMs"] is None
assert tasks["stop-fails"]["status"] == "running"
assert tasks["stop-fails"]["_scheduledStopAtMs"] == 0
tests/test_cookbook_windows_stop_tree_js.py
+58
View File
@@ -0,0 +1,58 @@
import shlex
from pathlib import Path
ROOT = Path(__file__).resolve().parents[1]
RUNNING_JS = ROOT / "static" / "js" / "cookbookRunning.js"
def _between(source, start, end):
start_idx = source.index(start)
end_idx = source.index(end, start_idx)
return source[start_idx:end_idx]
def test_windows_graceful_kill_reuses_recursive_stop_tree_helper():
source = RUNNING_JS.read_text(encoding="utf-8")
wrapper = _between(source, "function _winPowerShellCmd(task, ps)", "function _winSessionStopTreePs(task)")
helper = _between(source, "function _winSessionStopTreePs(task)", "function _tmuxGracefulKill(task)")
graceful = _between(source, "function _tmuxGracefulKill(task)", "function _shQuote(value)")
win_session = _between(source, "function _winSessionCmd(task, tmuxArgs)", "function _winPowerShellCmd(task, ps)")
assert "function Stop-Tree([int]$Id)" in helper
assert "('ParentProcessId = ' + $Id)" in helper
assert "Stop-Tree ([int]$p)" in helper
assert "${_shQuote(command)}" in wrapper
assert "_winSessionStopTreePs(task)" in win_session
assert "_winPowerShellCmd(task, ps)" in win_session
assert "_winSessionStopTreePs(task)" in graceful
assert "_winPowerShellCmd(task, ps)" in graceful
assert "Stop-Process -Id $p -Force" not in graceful
assert '-Filter "ParentProcessId = $Id"' not in helper
assert 'powershell -Command \\\\"${ps}\\\\"' not in source
def _posix_quote(value):
return "'" + value.replace("'", "'\\''") + "'"
def test_remote_windows_stop_tree_payload_survives_shell_parsing():
ps = (
"function Stop-Tree([int]$Id) { "
"Get-CimInstance Win32_Process -Filter ('ParentProcessId = ' + $Id) "
"-ErrorAction SilentlyContinue | ForEach-Object { Stop-Tree ([int]$_.ProcessId) }; "
"Stop-Process -Id $Id -Force -ErrorAction SilentlyContinue }; "
"$p = Get-Content '$env:TEMP\\odysseus-sessions\\serve_abc.pid' "
"-ErrorAction SilentlyContinue; "
"if ($p -match '^\\d+$') { Stop-Tree ([int]$p) }"
)
remote_command = f'powershell -Command "{ps}"'
shell_command = f"ssh -p 2222 winbox {_posix_quote(remote_command)}"
argv = shlex.split(shell_command)
assert argv == ["ssh", "-p", "2222", "winbox", remote_command]
assert "$Id" in argv[-1]
assert "$_.ProcessId" in argv[-1]
assert "$env:TEMP" in argv[-1]
assert "$p" in argv[-1]
tests/test_copy_message_strips_thinking_js.py
+21
View File
@@ -126,6 +126,27 @@ def test_plain_reply_copy_text_is_unchanged(node_available):
assert out["content"] == raw
def test_minimax_namespaced_thinking_is_extracted(node_available):
raw = (
'<mm:think>The user said "idk" - just casual.</mm:think>'
"Haha fair. Well, I'm here whenever you figure it out."
)
out = _extract_thinking_blocks(raw)
assert out["thinkingBlocks"] == ['The user said "idk" - just casual.']
assert out["content"] == "Haha fair. Well, I'm here whenever you figure it out."
assert "mm:think" not in out["content"]
def test_minimax_orphan_closing_tag_drops_leaked_reasoning(node_available):
raw = "</mm:think>Hi! What can I do for you?"
out = _extract_thinking_blocks(raw)
assert out["thinkingBlocks"] == []
assert out["content"] == "Hi! What can I do for you?"
assert "mm:think" not in out["content"]
def test_thinking_only_message_yields_empty_content(node_available):
# The copy handler falls back to the raw text in this case so the button
# still copies something for turns interrupted mid-thinking.
tests/test_docker_devops_hardening.py
+133
View File
@@ -0,0 +1,133 @@
"""Static regressions for Docker/devops hardening contracts."""
import ast
import re
from pathlib import Path
import yaml
from starlette.applications import Starlette
from starlette.middleware.cors import CORSMiddleware
from starlette.responses import PlainTextResponse
from starlette.routing import Route
from starlette.testclient import TestClient
ROOT = Path(__file__).resolve().parents[1]
COMPOSE_FILES = [
ROOT / "docker-compose.yml",
ROOT / "docker-compose.gpu-nvidia.yml",
ROOT / "docker-compose.gpu-amd.yml",
]
TEST_DOCS = [
ROOT / "tests" / "README.md",
ROOT / "tests" / "TESTING_STANDARD.md",
ROOT / "tests" / "LAYOUT_INVENTORY.md",
]
def _compose_env_names(path: Path) -> set[str]:
compose = yaml.safe_load(path.read_text(encoding="utf-8"))
env = compose["services"]["odysseus"]["environment"]
return {entry.split("=", 1)[0] for entry in env}
def _upload_limit_env_names() -> set[str]:
source = (ROOT / "src" / "upload_limits.py").read_text(encoding="utf-8")
return set(re.findall(r'"(ODYSSEUS_[A-Z_]*BYTES)"', source)) | {
"ODYSSEUS_CHAT_UPLOAD_MAX_BYTES"
}
def _cors_allow_methods() -> list[str]:
tree = ast.parse((ROOT / "app.py").read_text(encoding="utf-8"))
for node in tree.body:
if isinstance(node, ast.Assign):
names = [target.id for target in node.targets if isinstance(target, ast.Name)]
if "CORS_ALLOW_METHODS" in names:
return ast.literal_eval(node.value)
raise AssertionError("CORS_ALLOW_METHODS not found")
def test_compose_files_forward_every_upload_limit_env_var():
expected = _upload_limit_env_names()
assert expected
for path in COMPOSE_FILES:
assert expected <= _compose_env_names(path), path.name
def test_docker_entrypoint_does_not_resolve_root_commands_from_app_local_path():
script = (ROOT / "docker" / "entrypoint.sh").read_text(encoding="utf-8")
path_export = script.index('export PATH="/app/.local/bin:$PATH"')
gosu_capture = script.index('GOSU_BIN="$(command -v gosu)"')
python_capture = script.index('PYTHON_BIN="$(command -v python)"')
setup_call = script.index('"$GOSU_BIN" "$ODY_USER" "$PYTHON_BIN" /app/setup.py')
final_exec = script.index('exec "$GOSU_BIN" "$ODY_USER" "$@"')
assert gosu_capture < path_export < setup_call
assert python_capture < path_export < setup_call
assert final_exec > path_export
def test_docker_entrypoint_ownership_repair_stays_inside_expected_mounts():
script = (ROOT / "docker" / "entrypoint.sh").read_text(encoding="utf-8")
assert "find /app -xdev" in script
for path in ("/app/data", "/app/logs", "/app/.ssh", "/app/.cache", "/app/.local"):
assert f"-path {path}" in script
assert "mount_root_for" in script
assert "is_broad_mount_root" in script
assert "Skipping recursive ownership repair" in script
def test_dockerignore_excludes_secrets_editor_backups():
patterns = set((ROOT / ".dockerignore").read_text(encoding="utf-8").splitlines())
assert {
"secrets.env",
"secrets.env.*",
"secrets.env~",
".secrets.env.swp",
".secrets.env.swo",
"**/#secrets.env#",
} <= patterns
assert "!secrets.env.example" in patterns
def test_cors_allow_methods_include_patch():
methods = _cors_allow_methods()
assert "PATCH" in methods
def test_patch_preflight_is_allowed_by_configured_cors_methods():
async def patched(_request):
return PlainTextResponse("ok")
app = Starlette(routes=[Route("/api/document/1", patched, methods=["PATCH"])])
app.add_middleware(
CORSMiddleware,
allow_origins=["http://client.local"],
allow_credentials=True,
allow_methods=_cors_allow_methods(),
allow_headers=["Content-Type"],
)
response = TestClient(app).options(
"/api/document/1",
headers={
"Origin": "http://client.local",
"Access-Control-Request-Method": "PATCH",
},
)
assert response.status_code == 200
def test_testing_docs_use_project_venv_for_python_validation():
stale_patterns = [
"python3 -m pytest",
"python3 -m py_compile",
"Focused `pytest`",
"`pytest` on neighboring",
".venv/bin/python",
]
for path in TEST_DOCS:
text = path.read_text(encoding="utf-8")
for stale in stale_patterns:
assert stale not in text, f"{path.name} still contains {stale!r}"
tests/test_document_render_pdf_iframe.py
+238
View File
@@ -0,0 +1,238 @@
"""Regression tests for the document PDF preview framing headers and PyMuPDF dependency handling."""
import builtins
import tempfile
import uuid
from types import SimpleNamespace
from unittest.mock import AsyncMock, MagicMock
import pytest
from sqlalchemy import create_engine
from sqlalchemy.orm import sessionmaker
from sqlalchemy.pool import NullPool
import core.database as cdb
import routes.document_routes as droutes
from core.database import Document
from core.middleware import SecurityHeadersMiddleware
# ---------------------------------------------------------------------------
# Helpers
# ---------------------------------------------------------------------------
class _FakeURL:
def __init__(self, path: str):
self.path = path
self.scheme = "http"
class _FakeRequest:
def __init__(self, path: str):
self.url = _FakeURL(path)
self.headers = {}
self.state = SimpleNamespace()
class _FakeResponse:
def __init__(self):
self.headers: dict[str, str] = {}
async def _dispatch(path: str) -> _FakeResponse:
mw = SecurityHeadersMiddleware(MagicMock())
resp = _FakeResponse()
call_next = AsyncMock(return_value=resp)
await mw.dispatch(_FakeRequest(path), call_next)
return resp
# ---------------------------------------------------------------------------
# Test 1: middleware framing policy on /api/document/.../render-pdf
# ---------------------------------------------------------------------------
async def test_doc_render_pdf_same_origin_framing():
"""Assert that /api/document/{id}/render-pdf allows same-origin framing."""
resp = await _dispatch("/api/document/abc-123/render-pdf")
assert resp.headers.get("X-Frame-Options") == "SAMEORIGIN"
csp = resp.headers.get("Content-Security-Policy", "")
assert "frame-ancestors 'self'" in csp
async def test_doc_render_pdf_keeps_baseline_security_headers():
"""Assert that baseline security headers are preserved on the render-pdf path."""
resp = await _dispatch("/api/document/abc-123/render-pdf")
assert resp.headers.get("X-Content-Type-Options") == "nosniff"
assert resp.headers.get("Referrer-Policy") == "no-referrer"
async def test_doc_export_pdf_still_frame_blocked():
"""Assert that the export-pdf path remains frame-blocked."""
resp = await _dispatch("/api/document/abc-123/export-pdf")
assert resp.headers.get("X-Frame-Options") == "DENY"
assert "frame-ancestors 'none'" in resp.headers.get("Content-Security-Policy", "")
async def test_doc_path_matching_is_precise():
"""Assert that similar paths are not exempted from framing restrictions."""
for path in [
"/api/document/abc-123/render-pdfx",
"/api/document/abc-123/render-pdf/foo",
"/api/documents/abc-123/render-pdf",
]:
resp = await _dispatch(path)
assert resp.headers.get("X-Frame-Options") == "DENY"
async def test_tool_render_exemption_preserved():
"""Assert that the tool-render path remains exempt from framing headers."""
resp = await _dispatch("/api/tools/foo/bar/render")
assert "X-Frame-Options" not in resp.headers
csp = resp.headers.get("Content-Security-Policy", "")
assert "frame-ancestors" not in csp
async def test_unrelated_paths_keep_strict_policy():
"""Assert that other paths keep the strict framing policy."""
resp = await _dispatch("/api/chat")
assert resp.headers.get("X-Frame-Options") == "DENY"
csp = resp.headers.get("Content-Security-Policy", "")
assert "frame-ancestors 'none'" in csp
# ---------------------------------------------------------------------------
# Test 2: render-pdf route must return 503 (not 500) when PyMuPDF is missing
# ---------------------------------------------------------------------------
@pytest.fixture
def test_db(monkeypatch):
"""Create a temporary SQLite database and patch routes.document_routes.SessionLocal."""
import os
tmpdb = tempfile.NamedTemporaryFile(suffix=".db", delete=False)
tmpdb.close()
engine = create_engine(
f"sqlite:///{tmpdb.name}",
connect_args={"check_same_thread": False},
poolclass=NullPool,
)
cdb.Base.metadata.create_all(engine)
ts = sessionmaker(bind=engine, autoflush=False, autocommit=False)
monkeypatch.setattr(droutes, "SessionLocal", ts)
try:
yield ts
finally:
engine.dispose()
try:
os.unlink(tmpdb.name)
except OSError:
pass
def _req():
"""Minimal request stub."""
return SimpleNamespace(
state=SimpleNamespace(current_user="tester"),
app=SimpleNamespace(state=SimpleNamespace(auth_manager=None)),
)
def _endpoint(method: str, path: str, upload_handler=None):
router = droutes.setup_document_routes(MagicMock(), upload_handler)
for r in router.routes:
if getattr(r, "path", None) == path and method in getattr(r, "methods", set()):
return r.endpoint
raise RuntimeError(f"{method} {path} not found")
def _make_pdf_doc(db_session) -> str:
"""Create a test Document with a pdf_form_source front-matter pointer."""
content = (
'<!-- pdf_form_source upload_id="'
+ "a" * 32
+ '" fields="3" -->\n'
"- Field 1: value1\n- Field 2: value2\n- Field 3: value3\n"
)
db = db_session()
try:
doc = Document(
id=str(uuid.uuid4()),
session_id=None,
title="t",
language="markdown",
current_content=content,
version_count=1,
is_active=True,
owner="tester",
)
db.add(doc)
db.commit()
return doc.id
finally:
db.close()
async def test_render_pdf_returns_503_when_pymupdf_missing(monkeypatch, test_db):
"""Assert that the render-pdf path returns 503 when PyMuPDF is not installed."""
real_import = builtins.__import__
def fake_import(name, *args, **kwargs):
if name == "fitz":
raise ImportError("No module named 'fitz'")
return real_import(name, *args, **kwargs)
monkeypatch.setattr(builtins, "__import__", fake_import)
# Stub route dependencies to isolate the PyMuPDF check
import src.pdf_form_doc as pdf_form_doc
monkeypatch.setattr(pdf_form_doc, "find_source_upload_id", lambda _content: "a" * 32)
monkeypatch.setattr(droutes, "_resolve_user_upload_path", lambda *a, **kw: "/tmp/fake.pdf")
render_pdf = _endpoint("GET", "/api/document/{doc_id}/render-pdf", upload_handler=MagicMock())
doc_id = _make_pdf_doc(test_db)
from fastapi import HTTPException
with pytest.raises(HTTPException) as excinfo:
await render_pdf(doc_id, _req())
assert excinfo.value.status_code == 503
detail = str(excinfo.value.detail)
assert "requirements-optional.txt" in detail
assert "PyMuPDF" in detail
async def test_render_pdf_503_runs_before_file_io(monkeypatch, test_db, tmp_path):
"""Assert that the PyMuPDF check runs before resolving or checking the source file path."""
real_import = builtins.__import__
def fake_import(name, *args, **kwargs):
if name == "fitz":
raise ImportError("No module named 'fitz'")
return real_import(name, *args, **kwargs)
monkeypatch.setattr(builtins, "__import__", fake_import)
# Use a non-existent path to verify the check fails before checking path existence
sentinel_dir = tmp_path / "should-never-be-touched"
sentinel_dir.mkdir()
sentinel_path = str(sentinel_dir / "source.pdf")
import src.pdf_form_doc as pdf_form_doc
monkeypatch.setattr(pdf_form_doc, "find_source_upload_id", lambda _content: "a" * 32)
monkeypatch.setattr(droutes, "_resolve_user_upload_path", lambda *a, **kw: sentinel_path)
render_pdf = _endpoint("GET", "/api/document/{doc_id}/render-pdf", upload_handler=MagicMock())
doc_id = _make_pdf_doc(test_db)
from fastapi import HTTPException
with pytest.raises(HTTPException) as excinfo:
await render_pdf(doc_id, _req())
assert excinfo.value.status_code == 503
tests/test_document_session_owner_scope.py
+16
View File
@@ -25,6 +25,7 @@ import routes.document_routes as droutes
from core.database import Document
from core.database import Session as DbSession
from routes.document_helpers import DocumentPatch
from routes.document_helpers import _owner_session_filter
_TMPDB = tempfile.NamedTemporaryFile(suffix=".db", delete=False)
_ENGINE = create_engine(
@@ -141,3 +142,18 @@ async def test_list_documents_filters_foreign_docs_in_visible_session():
assert bob_doc not in ids
finally:
droutes.SessionLocal = previous_session_local
def test_owner_session_filter_noops_for_auth_disabled_single_user(monkeypatch):
monkeypatch.setenv("AUTH_ENABLED", "false")
previous_session_local = _bind_test_db()
try:
_alice_session, _bob_session, alice_doc, _bob_doc, _legacy_doc = _seed()
db = _TS()
try:
q = db.query(Document).filter(Document.id == alice_doc)
assert _owner_session_filter(q, None).first().id == alice_doc
finally:
db.close()
finally:
droutes.SessionLocal = previous_session_local
tests/test_email_oauth.py
+580
View File
@@ -0,0 +1,580 @@
"""Tests for the Google OAuth2 email helpers.
Covers the security-critical surface added for Google Workspace / .edu
IMAP/SMTP support:
- `make_oauth_state` / `verify_oauth_state` — HMAC-signed OAuth state so the
callback can't be CSRF'd or have its account_id/owner tampered with.
- `_smtp_ready` — an OAuth account (no stored password) must still count as
send-capable; a host+user-only account without password or OAuth must not.
- `_xoauth2_raw` / `_xoauth2_bytes` — SASL XOAUTH2 framing for SMTP/IMAP.
- `_refresh_google_token` — token refresh stores result encrypted; failure is
silent (no token/secret in logs or return value).
- `_get_valid_google_token` — uses cached token when fresh; calls refresh when
expired.
- `google_oauth_callback` (real route) — invalid/tampered/missing state and
provider errors return generic redirects with no PII; owner mismatch refuses
the token write; a valid owner writes encrypted tokens only to the intended
account.
- `list_email_accounts` (real route) — exposes OAuth status but never token
values.
- `_imap_connect` — password accounts use login(); OAuth accounts use XOAUTH2.
Route tests pull the live endpoint out of `setup_email_routes()` and call it
directly — they pin the real handler, not a re-implementation. The ASGI app is
not booted; outbound HTTP is mocked and the DB is an isolated in-memory SQLite.
"""
import base64
import json
import time
import unittest.mock as mock
import pytest
# ── OAuth state signing ──────────────────────────────────────────
def test_oauth_state_round_trips_account_and_owner():
from routes.email_helpers import make_oauth_state, verify_oauth_state
state = make_oauth_state("acct-123", "user@example.com")
payload = verify_oauth_state(state)
assert payload is not None
assert payload["a"] == "acct-123"
assert payload["o"] == "user@example.com"
assert payload["n"] # nonce present
def test_oauth_state_nonce_is_unique_per_call():
from routes.email_helpers import make_oauth_state, verify_oauth_state
a = verify_oauth_state(make_oauth_state("acct", "o"))
b = verify_oauth_state(make_oauth_state("acct", "o"))
assert a["n"] != b["n"]
def test_oauth_state_rejects_tampered_account_id():
from routes.email_helpers import make_oauth_state, verify_oauth_state
state = make_oauth_state("acct-123", "user@example.com")
decoded = base64.urlsafe_b64decode(state.encode()).decode()
payload_str, sig = decoded.rsplit("|", 1)
payload = json.loads(payload_str)
payload["a"] = "evil-acct" # attacker swaps the target account
forged = base64.urlsafe_b64encode(
(json.dumps(payload, separators=(",", ":")) + "|" + sig).encode()
).decode()
assert verify_oauth_state(forged) is None
def test_oauth_state_rejects_forged_signature():
from routes.email_helpers import make_oauth_state, verify_oauth_state
state = make_oauth_state("acct-123", "user@example.com")
decoded = base64.urlsafe_b64decode(state.encode()).decode()
payload_str, _ = decoded.rsplit("|", 1)
forged = base64.urlsafe_b64encode((payload_str + "|" + "deadbeef" * 8).encode()).decode()
assert verify_oauth_state(forged) is None
@pytest.mark.parametrize("garbage", ["", "not-base64-at-all", "###", "a|b|c"])
def test_oauth_state_rejects_garbage(garbage):
from routes.email_helpers import verify_oauth_state
assert verify_oauth_state(garbage) is None
# ── _smtp_ready: OAuth accounts have no password but can still send ──
def test_smtp_ready_true_for_oauth_account_without_password():
from routes.email_routes import _smtp_ready
cfg = {
"smtp_host": "smtp.gmail.com",
"smtp_user": "me@nyu.edu",
"smtp_password": "",
"oauth_provider": "google",
}
assert _smtp_ready(cfg) is True
def test_smtp_ready_true_for_password_account():
from routes.email_routes import _smtp_ready
cfg = {
"smtp_host": "smtp.example.com",
"smtp_user": "me@example.com",
"smtp_password": "app-password",
"oauth_provider": "",
}
assert _smtp_ready(cfg) is True
def test_smtp_ready_false_without_password_or_oauth():
from routes.email_routes import _smtp_ready
cfg = {
"smtp_host": "smtp.example.com",
"smtp_user": "me@example.com",
"smtp_password": "",
"oauth_provider": "",
}
assert _smtp_ready(cfg) is False
def test_smtp_ready_false_without_host():
from routes.email_routes import _smtp_ready
cfg = {"smtp_host": "", "smtp_user": "me@x.com", "oauth_provider": "google"}
assert _smtp_ready(cfg) is False
# ── XOAUTH2 SASL framing ─────────────────────────────────────────
def test_xoauth2_raw_is_unencoded_sasl_frame():
from routes.email_helpers import _xoauth2_raw
assert _xoauth2_raw("me@nyu.edu", "tok123") == "user=me@nyu.edu\x01auth=Bearer tok123\x01\x01"
def test_xoauth2_bytes_is_raw_frame_encoded():
from routes.email_helpers import _xoauth2_bytes
assert _xoauth2_bytes("me@nyu.edu", "tok123") == b"user=me@nyu.edu\x01auth=Bearer tok123\x01\x01"
# ── Helpers for in-memory DB fixtures ────────────────────────────
def _make_db():
"""Return (Session, SessionFactory) backed by an isolated in-memory SQLite DB.
Used to test DB-touching helpers without the real database.
The factory lets tests open a fresh session after the helper closes its own.
"""
from sqlalchemy import create_engine
from sqlalchemy.orm import sessionmaker
from core.database import Base
engine = create_engine("sqlite:///:memory:", connect_args={"check_same_thread": False})
Base.metadata.create_all(engine)
Factory = sessionmaker(bind=engine)
return Factory(), Factory
def _make_account(session, account_id="acct-1", owner="alice", **kwargs):
"""Insert a minimal EmailAccount row and return it."""
from core.database import EmailAccount
row = EmailAccount(
id=account_id,
owner=owner,
name=kwargs.get("name", "Test"),
from_address=kwargs.get("from_address", "test@example.com"),
imap_host=kwargs.get("imap_host", "imap.gmail.com"),
imap_port=kwargs.get("imap_port", 993),
imap_user=kwargs.get("imap_user", "test@example.com"),
smtp_host=kwargs.get("smtp_host", "smtp.gmail.com"),
smtp_port=kwargs.get("smtp_port", 587),
smtp_user=kwargs.get("smtp_user", "test@example.com"),
)
for k, v in kwargs.items():
if hasattr(row, k):
setattr(row, k, v)
session.add(row)
session.commit()
return row
# ── Token encryption at rest ─────────────────────────────────────
def test_refresh_token_stored_encrypted_not_raw():
"""_refresh_google_token must encrypt the new access token before writing it
to the DB — storing the raw token string would expose credentials at rest."""
from src.secret_storage import encrypt as _enc, decrypt as _dec
from core.database import EmailAccount
raw_token = "ya29.test_access_token_raw"
db, Factory = _make_db()
_make_account(db, account_id="acct-r", owner="bob",
oauth_refresh_token=_enc("refresh-tok-xyz"))
db.close()
fake_resp = mock.MagicMock()
fake_resp.raise_for_status = mock.MagicMock()
fake_resp.json.return_value = {"access_token": raw_token, "expires_in": 3600}
with mock.patch("httpx.post", return_value=fake_resp), \
mock.patch("core.database.SessionLocal", Factory), \
mock.patch("routes.email_helpers.os.environ.get", side_effect=lambda k, d="": {
"GOOGLE_OAUTH_CLIENT_ID": "cid", "GOOGLE_OAUTH_CLIENT_SECRET": "csec"
}.get(k, d)):
from routes.email_helpers import _refresh_google_token
result = _refresh_google_token("acct-r")
verify_db = Factory()
row = verify_db.query(EmailAccount).filter(EmailAccount.id == "acct-r").first()
stored = row.oauth_access_token
verify_db.close()
assert result == raw_token, "function should return the plain access token to callers"
assert stored != raw_token, "raw token must not be stored directly in the DB"
assert _dec(stored) == raw_token, "stored value must decrypt back to the raw token"
def test_refresh_stores_encrypted_expiry_not_token():
"""oauth_token_expiry stores only a timestamp, never the token value."""
from src.secret_storage import encrypt as _enc
from core.database import EmailAccount
db, Factory = _make_db()
_make_account(db, account_id="acct-e", owner="bob",
oauth_refresh_token=_enc("ref-tok"))
db.close()
fake_resp = mock.MagicMock()
fake_resp.raise_for_status = mock.MagicMock()
fake_resp.json.return_value = {"access_token": "ya29.secret", "expires_in": 3600}
with mock.patch("httpx.post", return_value=fake_resp), \
mock.patch("core.database.SessionLocal", Factory), \
mock.patch("routes.email_helpers.os.environ.get", side_effect=lambda k, d="": {
"GOOGLE_OAUTH_CLIENT_ID": "cid", "GOOGLE_OAUTH_CLIENT_SECRET": "csec"
}.get(k, d)):
from routes.email_helpers import _refresh_google_token
_refresh_google_token("acct-e")
verify_db = Factory()
row = verify_db.query(EmailAccount).filter(EmailAccount.id == "acct-e").first()
expiry = row.oauth_token_expiry
verify_db.close()
assert "ya29" not in (expiry or ""), \
"token_expiry must be a timestamp, not the token string"
# ── Real OAuth callback route ─────────────────────────────────────
#
# These pull the actual google_oauth_callback endpoint out of the router and
# invoke it — they pin the real route's behaviour, not a re-implementation, so
# they fail if the ownership/state guards are ever removed or weakened.
def _callback_endpoint():
"""Return the live google_oauth_callback endpoint from the email router."""
from routes.email_routes import setup_email_routes
router = setup_email_routes()
for route in router.routes:
if route.path == "/api/email/oauth/google/callback" and "GET" in getattr(route, "methods", set()):
return route.endpoint
raise AssertionError("google_oauth_callback route not found")
class _FakeRequest:
"""Minimal stand-in for starlette Request — the callback only reads headers."""
headers = {"host": "localhost:7000"}
def _location(resp):
"""Pull the redirect target out of a RedirectResponse."""
return resp.headers["location"]
@pytest.mark.asyncio
async def test_callback_missing_code_returns_generic_error():
"""No `code` query param → generic error redirect, with no account id, owner,
or state echoed back into the URL."""
from routes.email_helpers import make_oauth_state
callback = _callback_endpoint()
state = make_oauth_state("acct-1", "alice")
resp = await callback(code=None, state=state, error=None, request=_FakeRequest())
loc = _location(resp)
assert "email_oauth_error=missing_code" in loc
assert "acct-1" not in loc, "account id must not appear in redirect URL"
assert "alice" not in loc, "owner must not appear in redirect URL"
@pytest.mark.asyncio
async def test_callback_provider_error_returns_generic_error():
"""An `error` from Google → generic error redirect, no raw provider text."""
callback = _callback_endpoint()
resp = await callback(code=None, state=None, error="access_denied", request=_FakeRequest())
loc = _location(resp)
assert "email_oauth_error=google_error" in loc
assert "access_denied" not in loc, "raw provider error must not leak into redirect"
@pytest.mark.asyncio
async def test_callback_tampered_state_returns_generic_error_no_leak():
"""Tampered/invalid state → invalid_state redirect; the auth code and any
token must never appear in the redirect URL."""
callback = _callback_endpoint()
resp = await callback(code="4/secret-auth-code", state="not-a-valid-state",
error=None, request=_FakeRequest())
loc = _location(resp)
assert "email_oauth_error=invalid_state" in loc
assert "4/secret-auth-code" not in loc, "auth code must not leak into redirect"
assert "token" not in loc
@pytest.mark.asyncio
async def test_callback_owner_mismatch_does_not_write_tokens():
"""A signed, valid state whose owner does not match the target account's
owner must NOT write tokens — this blocks one authenticated user from
binding their Google account onto another user's mailbox row.
"""
from routes.email_helpers import make_oauth_state
from core.database import EmailAccount
db, Factory = _make_db()
_make_account(db, account_id="acct-x", owner="alice")
db.close()
# Token-exchange + userinfo would succeed — the point is the ownership gate
# rejects the write *before* trusting them.
token_resp = mock.MagicMock()
token_resp.raise_for_status = mock.MagicMock()
token_resp.json.return_value = {"access_token": "ya29.attacker", "refresh_token": "r", "expires_in": 3600}
userinfo_resp = mock.MagicMock()
userinfo_resp.is_success = True
userinfo_resp.json.return_value = {"email": "bob@evil.com", "name": "Bob"}
# State is genuinely signed, but for owner "bob" — not the row owner "alice".
state = make_oauth_state("acct-x", "bob")
with mock.patch("httpx.post", return_value=token_resp), \
mock.patch("httpx.get", return_value=userinfo_resp), \
mock.patch("core.database.SessionLocal", Factory):
callback = _callback_endpoint()
resp = await callback(code="4/code", state=state, error=None, request=_FakeRequest())
loc = _location(resp)
assert "email_oauth_error=ownership_error" in loc
verify_db = Factory()
row = verify_db.query(EmailAccount).filter(EmailAccount.id == "acct-x").first()
token_after = row.oauth_access_token
verify_db.close()
assert token_after is None, "no token may be written when ownership check fails"
@pytest.mark.asyncio
async def test_callback_valid_owner_writes_encrypted_tokens_to_intended_account():
"""A signed state whose owner matches the target account writes the tokens —
and only to that account, stored encrypted (raw token never persisted)."""
from routes.email_helpers import make_oauth_state
from src.secret_storage import decrypt as _dec
from core.database import EmailAccount
db, Factory = _make_db()
_make_account(db, account_id="acct-v", owner="alice", imap_host="", smtp_host="")
_make_account(db, account_id="acct-other", owner="alice") # must stay untouched
db.close()
raw_access = "ya29.legit_access_token"
raw_refresh = "1//legit_refresh_token"
token_resp = mock.MagicMock()
token_resp.raise_for_status = mock.MagicMock()
token_resp.json.return_value = {"access_token": raw_access, "refresh_token": raw_refresh, "expires_in": 3600}
userinfo_resp = mock.MagicMock()
userinfo_resp.is_success = True
userinfo_resp.json.return_value = {"email": "alice@nyu.edu", "name": "Alice"}
state = make_oauth_state("acct-v", "alice")
with mock.patch("httpx.post", return_value=token_resp), \
mock.patch("httpx.get", return_value=userinfo_resp), \
mock.patch("core.database.SessionLocal", Factory):
callback = _callback_endpoint()
resp = await callback(code="4/code", state=state, error=None, request=_FakeRequest())
assert "email_oauth_success=1" in _location(resp)
verify_db = Factory()
target = verify_db.query(EmailAccount).filter(EmailAccount.id == "acct-v").first()
other = verify_db.query(EmailAccount).filter(EmailAccount.id == "acct-other").first()
verify_db.close()
assert target.oauth_provider == "google"
assert target.oauth_access_token != raw_access, "access token must be stored encrypted"
assert _dec(target.oauth_access_token) == raw_access
assert _dec(target.oauth_refresh_token) == raw_refresh
assert other.oauth_access_token is None, "tokens must only touch the intended account"
# ── Token refresh scenarios ───────────────────────────────────────
def test_get_valid_google_token_uses_cached_when_fresh():
"""_get_valid_google_token must NOT call refresh when the stored token is
still valid (expiry - 60s buffer > now). Refresh is an outbound HTTP call
that should only happen when genuinely needed."""
from src.secret_storage import encrypt as _enc
from routes.email_helpers import _get_valid_google_token
future_expiry = str(int(time.time()) + 7200) # 2 hours from now
cfg = {
"account_id": "acct-fresh",
"oauth_access_token": _enc("ya29.fresh_token"),
"oauth_token_expiry": future_expiry,
}
with mock.patch("routes.email_helpers._refresh_google_token") as mock_refresh:
result = _get_valid_google_token("acct-fresh", cfg)
assert result == "ya29.fresh_token"
mock_refresh.assert_not_called()
def test_get_valid_google_token_refreshes_when_expired():
"""_get_valid_google_token must call refresh when the token is expired."""
from src.secret_storage import encrypt as _enc
from routes.email_helpers import _get_valid_google_token
past_expiry = str(int(time.time()) - 10) # already expired
cfg = {
"account_id": "acct-exp",
"oauth_access_token": _enc("ya29.old_token"),
"oauth_token_expiry": past_expiry,
}
with mock.patch("routes.email_helpers._refresh_google_token", return_value="ya29.new_token") as mock_refresh:
result = _get_valid_google_token("acct-exp", cfg)
mock_refresh.assert_called_once_with("acct-exp")
assert result == "ya29.new_token"
def test_refresh_failure_returns_none_no_secret_raised():
"""When the refresh HTTP call fails, _refresh_google_token must return None
silently. It must not raise an exception or surface token/secret details."""
from src.secret_storage import encrypt as _enc
db, Factory = _make_db()
_make_account(db, account_id="acct-fail", owner="dave",
oauth_refresh_token=_enc("ref-tok"))
db.close()
failing_resp = mock.MagicMock()
failing_resp.raise_for_status.side_effect = Exception("401 Unauthorized")
with mock.patch("httpx.post", return_value=failing_resp), \
mock.patch("core.database.SessionLocal", Factory), \
mock.patch("routes.email_helpers.os.environ.get", side_effect=lambda k, d="": {
"GOOGLE_OAUTH_CLIENT_ID": "cid", "GOOGLE_OAUTH_CLIENT_SECRET": "csec"
}.get(k, d)):
from routes.email_helpers import _refresh_google_token
result = _refresh_google_token("acct-fail")
assert result is None, "failed refresh must return None, not raise"
def test_refresh_without_credentials_returns_none():
"""_refresh_google_token must return None immediately when the OAuth client
credentials are not configured — no DB query, no HTTP call."""
with mock.patch("routes.email_helpers.os.environ.get", return_value=""):
from routes.email_helpers import _refresh_google_token
result = _refresh_google_token("acct-any")
assert result is None
# ── Password-account regression ───────────────────────────────────
def test_imap_connect_uses_login_for_password_accounts():
"""Existing password-auth IMAP accounts must still call conn.login() and
must NOT trigger the XOAUTH2 authenticate path."""
from routes.email_helpers import _imap_connect
mock_conn = mock.MagicMock()
# _imap_connect calls _get_email_config internally — mock it to return our cfg.
cfg = {
"imap_host": "imap.gmail.com",
"imap_port": 993,
"imap_starttls": False,
"imap_user": "me@gmail.com",
"imap_password": "app-password-xyz",
"oauth_provider": "",
"account_id": "acct-pw",
}
with mock.patch("routes.email_helpers._open_imap_connection", return_value=mock_conn), \
mock.patch("routes.email_helpers._get_email_config", return_value=cfg):
_imap_connect("acct-pw", owner="alice")
mock_conn.login.assert_called_once_with("me@gmail.com", "app-password-xyz")
mock_conn.authenticate.assert_not_called()
def test_imap_connect_uses_xoauth2_for_oauth_accounts():
"""OAuth accounts must call conn.authenticate('XOAUTH2', ...) and must NOT
call conn.login() — which would fail without a password."""
from routes.email_helpers import _imap_connect
from src.secret_storage import encrypt as _enc
mock_conn = mock.MagicMock()
future_expiry = str(int(time.time()) + 7200)
cfg = {
"imap_host": "imap.gmail.com",
"imap_port": 993,
"imap_starttls": False,
"imap_user": "me@nyu.edu",
"imap_password": "",
"oauth_provider": "google",
"account_id": "acct-oauth",
"oauth_access_token": _enc("ya29.live_token"),
"oauth_token_expiry": future_expiry,
}
with mock.patch("routes.email_helpers._open_imap_connection", return_value=mock_conn), \
mock.patch("routes.email_helpers._get_email_config", return_value=cfg):
_imap_connect("acct-oauth", owner="alice")
mock_conn.authenticate.assert_called_once()
assert mock_conn.authenticate.call_args[0][0] == "XOAUTH2"
mock_conn.login.assert_not_called()
@pytest.mark.asyncio
async def test_account_list_response_does_not_expose_token_values():
"""The /accounts list route is the client-facing account inventory. It must
expose `oauth_provider` (so the UI can show OAuth status) but never the
access/refresh token values, encrypted or otherwise — only boolean
has_*_password flags and the provider name."""
from routes.email_routes import setup_email_routes
from src.secret_storage import encrypt as _enc
raw_access = "ya29.super_secret_access_token"
raw_refresh = "1//super_secret_refresh_token"
db, Factory = _make_db()
_make_account(db, account_id="acct-list", owner="alice",
oauth_provider="google",
oauth_access_token=_enc(raw_access),
oauth_refresh_token=_enc(raw_refresh))
db.close()
router = setup_email_routes()
list_accounts = None
for route in router.routes:
if route.path == "/api/email/accounts" and "GET" in getattr(route, "methods", set()):
list_accounts = route.endpoint
break
assert list_accounts is not None, "accounts list route not found"
with mock.patch("core.database.SessionLocal", Factory):
result = await list_accounts(owner="alice")
blob = json.dumps(result)
assert raw_access not in blob, "raw access token must not appear in list response"
assert raw_refresh not in blob, "raw refresh token must not appear in list response"
assert _enc(raw_access) not in blob, "encrypted token must not be sent to the client either"
acct = result["accounts"][0]
assert acct["oauth_provider"] == "google" # status is exposed
assert "oauth_access_token" not in acct # token value is not
assert "oauth_refresh_token" not in acct
tests/test_email_owner_scope.py
+48
View File
@@ -406,6 +406,54 @@ async def test_scheduled_email_routes_are_owner_scoped(tmp_path, monkeypatch):
assert alice_rows["scheduled"] == []
@pytest.mark.asyncio
async def test_pending_agent_draft_routes_do_not_expose_ownerless_rows(tmp_path, monkeypatch):
import routes.email_helpers as email_helpers
import routes.email_routes as email_routes
db_path = tmp_path / "scheduled_emails.db"
monkeypatch.setattr(email_helpers, "SCHEDULED_DB", db_path)
monkeypatch.setattr(email_routes, "SCHEDULED_DB", db_path)
email_helpers._init_scheduled_db()
conn = sqlite3.connect(db_path)
conn.executemany(
"""
INSERT INTO scheduled_emails
(id, to_addr, subject, body, attachments, send_at, created_at, status, account_id, owner)
VALUES (?, ?, ?, ?, '[]', '9999-12-31T00:00:00', ?, 'agent_draft', ?, ?)
""",
[
("draft-ownerless", "nobody@example.com", "Ownerless", "old", "2026-01-01", "acct-a", ""),
("draft-bob", "bob@example.com", "Bob", "bob body", "2026-01-02", "acct-b", "bob"),
],
)
conn.commit()
conn.close()
router = email_routes.setup_email_routes()
list_pending = _route_endpoint(router, "/api/email/pending", "GET")
approve_pending = _route_endpoint(router, "/api/email/pending/{sid}/approve", "POST")
cancel_pending = _route_endpoint(router, "/api/email/pending/{sid}", "DELETE")
alice_rows = await list_pending(owner="alice")
bob_rows = await list_pending(owner="bob")
assert alice_rows["pending"] == []
assert [row["id"] for row in bob_rows["pending"]] == ["draft-bob"]
assert (await approve_pending("draft-ownerless", owner="alice"))["success"] is False
assert (await cancel_pending("draft-ownerless", owner="bob"))["success"] is False
conn = sqlite3.connect(db_path)
try:
rows = conn.execute(
"SELECT id, status FROM scheduled_emails ORDER BY id",
).fetchall()
finally:
conn.close()
assert rows == [("draft-bob", "agent_draft"), ("draft-ownerless", "agent_draft")]
def test_scheduled_poller_resolves_config_with_row_owner(tmp_path, monkeypatch):
import routes.email_helpers as email_helpers
import routes.email_pollers as email_pollers
tests/test_endpoint_probing.py
+27 -7
View File
@@ -264,7 +264,7 @@ class TestProbeSingleModel:
_patch_resolve(monkeypatch)
captured = {}
def fake_post(url, headers=None, json=None, timeout=None):
def fake_post(url, headers=None, json=None, timeout=None, verify=None):
captured["url"] = url
return _resp(200, json={"choices": [{"message": {"content": "OK"}}]})
@@ -274,11 +274,31 @@ class TestProbeSingleModel:
assert "latency_ms" in result
assert captured["url"] == "https://api.example.com/v1/chat/completions"
@pytest.mark.parametrize("base,api_key,model_id", [
("https://api.example.com/v1", "key", "gpt-4o"),
("http://localhost:11434/v1", None, "llama3.2"),
("https://api.anthropic.com/v1", "sk-ant", "claude-sonnet-4-5"),
])
def test_completion_probe_uses_llm_verify(self, monkeypatch, base, api_key, model_id):
_patch_resolve(monkeypatch)
marker = object()
captured = {}
monkeypatch.setattr(model_routes, "llm_verify", lambda: marker)
def fake_post(url, headers=None, json=None, timeout=None, verify=None):
captured["verify"] = verify
return _resp(200, json={"choices": [{"message": {"content": "OK"}}]})
monkeypatch.setattr(model_routes.httpx, "post", fake_post)
result = _probe_single_model(base, api_key, model_id)
assert result["status"] == "ok"
assert captured["verify"] is marker
def test_extracts_dict_error_message(self, monkeypatch):
_patch_resolve(monkeypatch)
monkeypatch.setattr(
model_routes.httpx, "post",
lambda url, headers=None, json=None, timeout=None: _resp(
lambda url, headers=None, json=None, timeout=None, verify=None: _resp(
400, json={"error": {"message": "model not found"}}),
)
result = _probe_single_model("https://api.example.com/v1", "key", "ghost")
@@ -289,7 +309,7 @@ class TestProbeSingleModel:
_patch_resolve(monkeypatch)
monkeypatch.setattr(
model_routes.httpx, "post",
lambda url, headers=None, json=None, timeout=None: _resp(
lambda url, headers=None, json=None, timeout=None, verify=None: _resp(
403, json={"error": "forbidden"}),
)
result = _probe_single_model("https://api.example.com/v1", "key", "m")
@@ -299,7 +319,7 @@ class TestProbeSingleModel:
def test_timeout(self, monkeypatch):
_patch_resolve(monkeypatch)
def fake_post(url, headers=None, json=None, timeout=None):
def fake_post(url, headers=None, json=None, timeout=None, verify=None):
raise httpx.TimeoutException("timed out")
monkeypatch.setattr(model_routes.httpx, "post", fake_post)
@@ -310,7 +330,7 @@ class TestProbeSingleModel:
def test_transport_error_is_fail(self, monkeypatch):
_patch_resolve(monkeypatch)
def fake_post(url, headers=None, json=None, timeout=None):
def fake_post(url, headers=None, json=None, timeout=None, verify=None):
raise httpx.ConnectError("refused")
monkeypatch.setattr(model_routes.httpx, "post", fake_post)
@@ -322,7 +342,7 @@ class TestProbeSingleModel:
_patch_resolve(monkeypatch)
captured = {}
def fake_post(url, headers=None, json=None, timeout=None):
def fake_post(url, headers=None, json=None, timeout=None, verify=None):
captured.update(url=url, headers=headers, payload=json)
return _resp(200, json={"content": [{"type": "text", "text": "OK"}]})
@@ -337,7 +357,7 @@ class TestProbeSingleModel:
_patch_resolve(monkeypatch)
captured = {}
def fake_post(url, headers=None, json=None, timeout=None):
def fake_post(url, headers=None, json=None, timeout=None, verify=None):
captured["payload"] = json
return _resp(200, json={"content": []})
tests/test_endpoint_resolver.py
+26
View File
@@ -1,6 +1,8 @@
"""Tests for endpoint_resolver — pure functions tested directly."""
import json
import pytest
from src.endpoint_resolver import (
_first_chat_model,
_endpoint_hidden_models,
@@ -45,6 +47,9 @@ class TestBuildChatUrl:
def test_openai_style(self):
assert build_chat_url("https://api.openai.com/v1") == "https://api.openai.com/v1/chat/completions"
def test_pathless_openai_style_adds_v1(self):
assert build_chat_url("https://api.openai.com") == "https://api.openai.com/v1/chat/completions"
def test_anthropic_style(self):
assert build_chat_url("https://api.anthropic.com") == "https://api.anthropic.com/v1/messages"
@@ -66,14 +71,35 @@ class TestBuildChatUrl:
def test_ollama_v1_preserves_openai_compat(self):
assert build_chat_url("http://nas:11434/v1") == "http://nas:11434/v1/chat/completions"
@pytest.mark.parametrize("bad_base", [
"https://api.example.com/v1?token=abc",
"https://api.example.com/v1#fragment",
"http://localhost:1234?",
])
def test_rejects_query_or_fragment_base(self, bad_base):
with pytest.raises(ValueError, match="query or fragment"):
build_chat_url(bad_base)
class TestBuildModelsUrl:
def test_openai_models(self):
assert build_models_url("https://api.openai.com/v1") == "https://api.openai.com/v1/models"
def test_pathless_openai_models_adds_v1(self):
assert build_models_url("https://api.openai.com") == "https://api.openai.com/v1/models"
def test_ollama_tags(self):
assert build_models_url("https://ollama.com/api") == "https://ollama.com/api/tags"
@pytest.mark.parametrize("bad_base", [
"https://api.example.com/v1?token=abc",
"https://api.example.com/v1#fragment",
"http://localhost:1234?",
])
def test_rejects_query_or_fragment_base(self, bad_base):
with pytest.raises(ValueError, match="query or fragment"):
build_models_url(bad_base)
class TestBuildHeaders:
def test_no_key(self):
tests/test_fastembed_cache_path.py
+69
View File
@@ -0,0 +1,69 @@
"""Regression: FASTEMBED_CACHE_DIR must tolerate a PRESENT-but-EMPTY
FASTEMBED_CACHE_PATH.
docker-compose.yml injects ``FASTEMBED_CACHE_PATH=${FASTEMBED_CACHE_PATH:-}``,
which sets the variable to ``""`` when the host has not defined it. The old
``os.getenv("FASTEMBED_CACHE_PATH", default)`` only used the default when the
variable was ABSENT, so an empty value made ``FASTEMBED_CACHE_DIR == ""`` →
``os.makedirs("")`` raised ``[Errno 2] No such file or directory: ''`` →
FastEmbed failed to initialise and every vector feature (RAG, semantic memory,
tool index) silently degraded on the default Docker stack.
These tests pin the fix: empty is treated like absent → use the DATA_DIR
default, while an explicit non-empty override is still honoured.
"""
from __future__ import annotations
import importlib
import os
import src.constants as constants
def _reload_with(monkeypatch, value):
"""Reload src.constants with FASTEMBED_CACHE_PATH set to ``value`` (or
removed when ``value`` is None) and return the reloaded module."""
if value is None:
monkeypatch.delenv("FASTEMBED_CACHE_PATH", raising=False)
else:
monkeypatch.setenv("FASTEMBED_CACHE_PATH", value)
return importlib.reload(constants)
def _restore(monkeypatch):
"""Return the module to its env-default state so reloading it here does
not leak a test-specific FASTEMBED_CACHE_DIR into other tests."""
monkeypatch.delenv("FASTEMBED_CACHE_PATH", raising=False)
importlib.reload(constants)
def test_empty_fastembed_cache_path_falls_back_to_default(monkeypatch):
"""The bug: an empty FASTEMBED_CACHE_PATH (exactly what Docker injects)
must fall back to the DATA_DIR default, never the empty string."""
try:
mod = _reload_with(monkeypatch, "")
assert mod.FASTEMBED_CACHE_DIR, "empty env must not yield an empty path"
assert mod.FASTEMBED_CACHE_DIR == os.path.join(mod.DATA_DIR, "fastembed_cache")
finally:
_restore(monkeypatch)
def test_unset_fastembed_cache_path_uses_default(monkeypatch):
"""Sanity: an absent variable also resolves to the default."""
try:
mod = _reload_with(monkeypatch, None)
assert mod.FASTEMBED_CACHE_DIR == os.path.join(mod.DATA_DIR, "fastembed_cache")
finally:
_restore(monkeypatch)
def test_explicit_fastembed_cache_path_is_respected(monkeypatch):
"""A real explicit override must still win — the fix only changes the
empty-value handling, not the documented FASTEMBED_CACHE_PATH override."""
custom = os.path.join("custom", "fastembed-cache")
try:
mod = _reload_with(monkeypatch, custom)
assert mod.FASTEMBED_CACHE_DIR == custom
finally:
_restore(monkeypatch)
tests/test_fenced_example_not_executed_for_native_models.py
+54
View File
@@ -221,6 +221,60 @@ def test_skip_fenced_still_recovers_xml_invoke_markup():
assert "latest python release" in blocks[0].content
def test_stepfun_native_tool_tokens_are_executed_even_when_fenced_fallback_is_skipped():
leaked = (
"<tool▁calls▁begin>"
"<tool▁call▁begin>web_search<tool▁sep>"
'{"query":"Sweden news today"}'
"<tool▁call▁end>"
"<tool▁calls▁end>"
)
blocks = parse_tool_blocks(leaked, skip_fenced=True)
assert len(blocks) == 1
assert blocks[0].tool_type == "web_search"
assert "Sweden news today" in blocks[0].content
assert strip_tool_blocks(leaked, skip_fenced=True) == ""
def test_stepfun_native_tool_tokens_accept_plain_web_query():
leaked = (
"<tool▁call▁begin>web_search<tool▁sep>"
"Sweden news today"
"<tool▁call▁end>"
)
blocks = parse_tool_blocks(leaked, skip_fenced=True)
assert len(blocks) == 1
assert blocks[0].tool_type == "web_search"
assert "Sweden news today" in blocks[0].content
def test_skip_fenced_still_recovers_direct_xml_tool_markup():
leaked = (
"I'll search now.\n"
"<tool_call><web_search>News in Sweden today 2026-06-22</web_search></tool_call>"
)
blocks = parse_tool_blocks(leaked, skip_fenced=True)
assert len(blocks) == 1
assert blocks[0].tool_type == "web_search"
assert "News in Sweden today 2026-06-22" in blocks[0].content
assert strip_tool_blocks(leaked, skip_fenced=True) == "I'll search now."
def test_skip_fenced_recovers_direct_xml_tool_markup_with_unclosed_wrapper():
leaked = (
"I'll search now.\n"
"<tool_call>\n"
"<web_search>\n"
"Sweden news today 2026-06-22\n"
"</web_search>"
)
blocks = parse_tool_blocks(leaked, skip_fenced=True)
assert len(blocks) == 1
assert blocks[0].tool_type == "web_search"
assert "Sweden news today 2026-06-22" in blocks[0].content
assert strip_tool_blocks(leaked, skip_fenced=True) == "I'll search now."
def test_skip_fenced_still_recovers_dsml_markup():
dsml = (
"Let me search for that.\n"
tests/test_function_call_non_object_args.py
+7
View File
@@ -53,6 +53,13 @@ def test_non_object_arguments_do_not_crash(arguments):
assert block.content == ""
@pytest.mark.parametrize("tool_name", ["list_emails", "mcp__email__list_emails"])
def test_email_mcp_non_object_arguments_are_rejected(tool_name):
block = function_call_to_tool_block(tool_name, '["INBOX"]')
assert block is None
def test_edit_document_skips_non_object_edit_items():
block = function_call_to_tool_block(
"edit_document",
tests/test_gallery_delete_file_ordering.py
+4 -2
View File
@@ -41,8 +41,10 @@ def _seed(tmp_path):
def test_file_kept_when_commit_fails(tmp_path, monkeypatch):
monkeypatch.chdir(tmp_path)
SessionLocal = _seed(tmp_path)
# GALLERY_IMAGE_DIR is an absolute path fixed at import, so a chdir can't
# redirect the delete; point the resolver at the seeded tmp dir directly.
monkeypatch.setattr(gallery_routes, "GALLERY_IMAGE_DIR", tmp_path / "data" / "generated_images")
monkeypatch.setattr(gallery_routes, "get_current_user", lambda r: "alice")
# A session whose commit always fails, to simulate a DB error mid-delete.
@@ -67,8 +69,8 @@ def test_file_kept_when_commit_fails(tmp_path, monkeypatch):
def test_file_removed_on_successful_delete(tmp_path, monkeypatch):
monkeypatch.chdir(tmp_path)
SessionLocal = _seed(tmp_path)
monkeypatch.setattr(gallery_routes, "GALLERY_IMAGE_DIR", tmp_path / "data" / "generated_images")
monkeypatch.setattr(gallery_routes, "get_current_user", lambda r: "alice")
monkeypatch.setattr(gallery_routes, "SessionLocal", SessionLocal)
tests/test_gallery_filename_confinement.py
+74
View File
@@ -2,7 +2,14 @@ import os
from pathlib import Path
import pytest
from fastapi import FastAPI
from fastapi import HTTPException
from fastapi.testclient import TestClient
from sqlalchemy import create_engine
from sqlalchemy.orm import sessionmaker
from sqlalchemy.pool import NullPool
from core.database import Base, GalleryImage
def _gallery_module():
@@ -21,6 +28,22 @@ def test_gallery_image_path_allows_safe_filename(tmp_path, monkeypatch):
assert path == image_dir / "abc123.png"
def test_gallery_image_path_does_not_fallback_to_cwd_data_dir(tmp_path, monkeypatch):
gallery_routes = _gallery_module()
configured_dir = tmp_path / "configured" / "generated_images"
cwd_root = tmp_path / "cwd"
cwd_image_dir = cwd_root / "data" / "generated_images"
cwd_image_dir.mkdir(parents=True)
(cwd_image_dir / "abc123.png").write_bytes(b"wrong root")
monkeypatch.setattr(gallery_routes, "GALLERY_IMAGE_DIR", configured_dir)
monkeypatch.chdir(cwd_root)
path = gallery_routes._gallery_image_path("abc123.png")
assert path == configured_dir / "abc123.png"
assert path != cwd_image_dir / "abc123.png"
@pytest.mark.parametrize("filename", ["../../secret.png", "..\\secret.png", None, 12345])
def test_gallery_image_path_rejects_unsafe_stored_filenames(tmp_path, monkeypatch, filename):
gallery_routes = _gallery_module()
@@ -53,6 +76,57 @@ def test_gallery_image_path_rejects_symlink_escape(tmp_path, monkeypatch):
assert exc.value.status_code == 400
def test_gallery_replace_rejects_symlink_escape(tmp_path, monkeypatch):
gallery_routes = _gallery_module()
image_dir = tmp_path / "generated_images"
image_dir.mkdir()
outside = tmp_path / "outside.png"
outside.write_bytes(b"outside image root")
link = image_dir / "escape.png"
try:
os.symlink(outside, link)
except (AttributeError, NotImplementedError, OSError) as exc:
pytest.skip(f"symlinks unavailable: {exc}")
engine = create_engine(
f"sqlite:///{tmp_path / 'gallery.db'}",
connect_args={"check_same_thread": False},
poolclass=NullPool,
)
Base.metadata.create_all(engine)
SessionLocal = sessionmaker(bind=engine, autoflush=False, autocommit=False)
db = SessionLocal()
try:
db.add(
GalleryImage(
id="img-1",
filename="escape.png",
prompt="escape",
owner="alice",
is_active=True,
)
)
db.commit()
finally:
db.close()
monkeypatch.setattr(gallery_routes, "GALLERY_IMAGE_DIR", image_dir)
monkeypatch.setattr(gallery_routes, "SessionLocal", SessionLocal)
monkeypatch.setattr(gallery_routes, "get_current_user", lambda request: "alice")
app = FastAPI()
app.include_router(gallery_routes.setup_gallery_routes())
client = TestClient(app)
response = client.post(
"/api/gallery/img-1/replace",
files={"image": ("replacement.png", b"replacement bytes", "image/png")},
)
assert response.status_code == 400
assert outside.read_bytes() == b"outside image root"
def test_gallery_file_operations_use_confining_resolver():
source = Path("routes/gallery_routes.py").read_text(encoding="utf-8")
tests/test_gpu_compose_standalone.py
+4 -5
View File
@@ -124,9 +124,9 @@ def test_nvidia_odysseus_adds_only_overlay(base):
{"driver": "nvidia", "count": "all", "capabilities": ["gpu"]}
]
# No AMD-only keys leaked in.
# Base Docker socket group is preserved; no AMD-only keys leaked in.
assert "devices" not in svc
assert "group_add" not in svc
assert svc["group_add"] == base_svc["group_add"]
def test_amd_odysseus_adds_only_overlay(base):
@@ -137,11 +137,10 @@ def test_amd_odysseus_adds_only_overlay(base):
# Environment is unchanged from base for AMD.
assert svc["environment"] == base_svc["environment"]
# devices and group_add are new and match the overlay exactly.
# devices are new; group_add preserves the base Docker group and appends AMD groups.
assert "devices" not in base_svc
assert "group_add" not in base_svc
assert svc["devices"] == ["/dev/kfd", "/dev/dri"]
assert svc["group_add"] == ["video", "${RENDER_GID:-render}"]
assert svc["group_add"] == base_svc["group_add"] + ["video", "${RENDER_GID:-render}"]
# No NVIDIA-only keys leaked in.
assert "deploy" not in svc
tests/test_hwfit_apple_bandwidth.py
+59
View File
@@ -0,0 +1,59 @@
from services.hwfit.fit import _lookup_apple_bandwidth, _lookup_bandwidth
def test_m3_max_bandwidth_uses_gpu_cores():
assert _lookup_bandwidth({"gpu_name": "Apple M3 Max", "gpu_cores": 30}) == 300
assert _lookup_bandwidth({"gpu_name": "Apple M3 Max", "gpu_cores": 40}) == 400
def test_m4_max_bandwidth_uses_gpu_cores():
assert _lookup_bandwidth({"gpu_name": "Apple M4 Max", "gpu_cores": 32}) == 410
assert _lookup_bandwidth({"gpu_name": "Apple M4 Max", "gpu_cores": 40}) == 546
def test_m5_max_bandwidth_uses_gpu_cores():
assert _lookup_bandwidth({"gpu_name": "Apple M5 Max", "gpu_cores": 32}) == 460
assert _lookup_bandwidth({"gpu_name": "Apple M5 Max", "gpu_cores": 40}) == 614
def test_apple_max_bandwidth_falls_back_conservatively_without_gpu_cores():
assert _lookup_bandwidth({"gpu_name": "Apple M3 Max"}) == 300
assert _lookup_bandwidth({"gpu_name": "Apple M4 Max"}) == 410
assert _lookup_bandwidth({"gpu_name": "Apple M5 Max"}) == 460
def test_fixed_apple_bandwidth_entries_include_updated_m5_values():
assert _lookup_bandwidth({"gpu_name": "Apple M5 Pro"}) == 307
assert _lookup_bandwidth({"gpu_name": "Apple M5"}) == 153
def test_non_apple_gpu_does_not_match_apple_bandwidth():
"""NVIDIA Quadro M4 000 should NOT match Apple bandwidth lookup."""
assert _lookup_bandwidth({"gpu_name": "NVIDIA Quadro M4 000"}) is None
assert _lookup_bandwidth({"gpu_name": "NVIDIA Quadro M3 000"}) is None
assert _lookup_bandwidth({"gpu_name": "NVIDIA Quadro M5 000"}) is None
def test_non_apple_gpu_with_cores_does_not_match():
"""A non-Apple GPU that happens to carry a gpu_cores count must not be
matched by the APPLE bandwidth path. This asserts the Apple-specific
matcher directly: _lookup_bandwidth would (correctly) return these cards'
real bandwidth from the general GPU table (e.g. the RTX 4090's 1008 GB/s),
which is a different code path and not what this guard is about.
"""
assert _lookup_apple_bandwidth({"gpu_name": "NVIDIA GeForce RTX 4090", "gpu_cores": 128}) is None
assert _lookup_apple_bandwidth({"gpu_name": "AMD Radeon RX 9070 XT", "gpu_cores": 64}) is None
def test_apple_string_input_resolves_conservative_tier():
"""Bare-string callers must still get Apple bandwidth. #2564 moved the
Apple tiers out of the generic GPU table into the dict-only Apple helper,
so _lookup_bandwidth("Apple M3 Max") (no gpu_cores) regressed to None;
string inputs now route through the Apple helper and get the conservative
(lowest) tier for the model."""
assert _lookup_bandwidth("Apple M3 Max") == 300
assert _lookup_bandwidth("Apple M4 Max") == 410
assert _lookup_bandwidth("Apple M5 Max") == 460
# Non-Apple strings still fall through to the generic table.
assert _lookup_bandwidth("NVIDIA GeForce RTX 4090") == 1008
assert _lookup_bandwidth("Totally Unknown GPU") is None
tests/test_hwfit_cpu_arch_detection.py
+55
View File
@@ -0,0 +1,55 @@
"""CPU architecture normalization for HW Fit hardware detection."""
import pytest
from services.hwfit import hardware
@pytest.fixture(autouse=True)
def _clear_hwfit_cache(monkeypatch):
hardware._cache_by_host.clear()
monkeypatch.setattr(hardware, "_remote_host", None)
monkeypatch.setattr(hardware, "_remote_platform", None)
monkeypatch.setattr(hardware, "_is_containerized", lambda: False)
yield
hardware._cache_by_host.clear()
def _stub_common_probe(monkeypatch, machine):
monkeypatch.setattr(hardware.platform, "machine", lambda: machine)
monkeypatch.setattr(hardware, "_get_ram_gb", lambda: 64.0)
monkeypatch.setattr(hardware, "_get_available_ram_gb", lambda: 48.0)
monkeypatch.setattr(hardware, "_get_cpu_count", lambda: 16)
monkeypatch.setattr(hardware, "_get_cpu_name", lambda: "Test CPU")
monkeypatch.setattr(hardware, "_detect_apple_silicon", lambda: None)
monkeypatch.setattr(hardware, "_detect_amd", lambda: None)
def test_detect_system_reports_cpu_arch_for_gpu_backends(monkeypatch):
"""GPU-backed systems still need CPU architecture for cpu_only estimates."""
_stub_common_probe(monkeypatch, "aarch64")
monkeypatch.setattr(hardware, "_detect_nvidia", lambda: {
"gpu_name": "NVIDIA GB10",
"gpu_vram_gb": 64.0,
"gpu_count": 1,
"gpus": [],
"gpu_groups": [],
"homogeneous": True,
"backend": "cuda",
})
system = hardware.detect_system(fresh=True)
assert system["backend"] == "cuda"
assert system["cpu_arch"] == "arm64"
def test_detect_system_keeps_32_bit_arm_on_conservative_cpu_backend(monkeypatch):
"""Plain arm/armv7 is not the same as the ARM64-class cpu_arm fallback."""
_stub_common_probe(monkeypatch, "armv7l")
monkeypatch.setattr(hardware, "_detect_nvidia", lambda: None)
system = hardware.detect_system(fresh=True)
assert system["cpu_arch"] == "arm"
assert system["backend"] == "cpu_x86"
tests/test_hwfit_cpu_only_fallback.py
+140
View File
@@ -0,0 +1,140 @@
"""Regression test for cpu_only backend fallback in hwfit speed estimation."""
import pytest
from services.hwfit.fit import _estimate_speed
DENSE_MODEL = {
"name": "Test-7B",
"parameter_count": "7B",
"parameters_raw": 7_000_000_000,
}
CUDA_SYSTEM = {
"backend": "cuda",
"gpu_name": "NVIDIA RTX 4090",
"gpu_vram_gb": 24.0,
}
CPU_X86_SYSTEM = {
"backend": "cpu_x86",
"gpu_name": None,
"gpu_vram_gb": 0,
}
CPU_ARM_SYSTEM = {
"backend": "cpu_arm",
"gpu_name": None,
"gpu_vram_gb": 0,
}
METAL_SYSTEM = {
"backend": "metal",
"gpu_name": "Apple M3 Max",
"gpu_vram_gb": 36.0,
}
ROCM_SYSTEM = {
"backend": "rocm",
"gpu_name": "AMD Radeon RX 7900 XTX",
"gpu_vram_gb": 24.0,
}
ARM64_SYSTEM = {
"backend": "arm64",
"gpu_name": None,
"gpu_vram_gb": 0,
}
ARM32_SYSTEM = {
"backend": "arm",
"gpu_name": None,
"gpu_vram_gb": 0,
}
AARCH64_SYSTEM = {
"backend": "aarch64",
"gpu_name": None,
"gpu_vram_gb": 0,
}
QUANT = "Q4_K_M"
@pytest.mark.parametrize(
"non_cpu_system",
[CUDA_SYSTEM, ROCM_SYSTEM],
ids=["cuda", "rocm"],
)
def test_cpu_only_on_non_cpu_backend_uses_cpu_x86_fallback(non_cpu_system):
"""cpu_only must ignore discrete GPU backends and use the x86 CPU fallback constant."""
non_cpu_tps = _estimate_speed(DENSE_MODEL, QUANT, "cpu_only", non_cpu_system)
cpu_tps = _estimate_speed(DENSE_MODEL, QUANT, "cpu_only", CPU_X86_SYSTEM)
assert non_cpu_tps == pytest.approx(cpu_tps, rel=1e-9, abs=1e-9)
assert non_cpu_tps > 0
def test_cpu_only_on_metal_apple_silicon_uses_cpu_arm_fallback():
"""Apple Silicon/Metal cpu_only should map to the ARM CPU fallback constant."""
metal_tps = _estimate_speed(DENSE_MODEL, QUANT, "cpu_only", METAL_SYSTEM)
arm_tps = _estimate_speed(DENSE_MODEL, QUANT, "cpu_only", CPU_ARM_SYSTEM)
assert metal_tps == pytest.approx(arm_tps, rel=1e-9, abs=1e-9)
assert metal_tps > 0
def test_cpu_only_on_gpu_backend_uses_detected_arm64_cpu_arch():
"""A GPU backend on an ARM64 host should use the ARM CPU fallback for cpu_only."""
cuda_arm64 = dict(CUDA_SYSTEM, cpu_arch="aarch64", cpu_name="Ampere Altra")
cuda_arm64_tps = _estimate_speed(DENSE_MODEL, QUANT, "cpu_only", cuda_arm64)
arm_tps = _estimate_speed(DENSE_MODEL, QUANT, "cpu_only", CPU_ARM_SYSTEM)
assert cuda_arm64_tps == pytest.approx(arm_tps, rel=1e-9, abs=1e-9)
assert cuda_arm64_tps > 0
@pytest.mark.parametrize(
"arm_alias_system",
[ARM64_SYSTEM, AARCH64_SYSTEM, CPU_ARM_SYSTEM],
ids=["arm64", "aarch64", "cpu_arm"],
)
def test_cpu_only_preserves_arm_backends(arm_alias_system):
"""ARM CPU backends and their aliases must stay on the ARM CPU fallback."""
alias_tps = _estimate_speed(DENSE_MODEL, QUANT, "cpu_only", arm_alias_system)
arm_tps = _estimate_speed(DENSE_MODEL, QUANT, "cpu_only", CPU_ARM_SYSTEM)
assert alias_tps == pytest.approx(arm_tps, rel=1e-9, abs=1e-9)
assert alias_tps > 0
def test_cpu_only_does_not_treat_plain_arm_as_arm64_fallback():
"""Docker/OCI plain arm is not the ARM64-class fallback used for Apple Silicon."""
arm32_tps = _estimate_speed(DENSE_MODEL, QUANT, "cpu_only", ARM32_SYSTEM)
x86_tps = _estimate_speed(DENSE_MODEL, QUANT, "cpu_only", CPU_X86_SYSTEM)
assert arm32_tps == pytest.approx(x86_tps, rel=1e-9, abs=1e-9)
assert arm32_tps > 0
def test_cpu_only_preserves_known_cpu_backends():
"""Known CPU backends should be preserved, not rewritten to cpu_x86."""
for system in (CPU_X86_SYSTEM, CPU_ARM_SYSTEM):
tps = _estimate_speed(DENSE_MODEL, QUANT, "cpu_only", system)
assert tps > 0
# The two CPU backends use different fallback constants, so their results
# must differ (cpu_arm is faster in the fallback table than cpu_x86).
x86_tps = _estimate_speed(DENSE_MODEL, QUANT, "cpu_only", CPU_X86_SYSTEM)
arm_tps = _estimate_speed(DENSE_MODEL, QUANT, "cpu_only", CPU_ARM_SYSTEM)
assert arm_tps != x86_tps
assert arm_tps > x86_tps
def test_cpu_only_on_cuda_is_slower_than_gpu_path():
"""The CPU-only estimate on a CUDA system must not exceed the GPU path."""
cpu_only_tps = _estimate_speed(DENSE_MODEL, QUANT, "cpu_only", CUDA_SYSTEM)
gpu_tps = _estimate_speed(DENSE_MODEL, QUANT, "gpu", CUDA_SYSTEM)
assert cpu_only_tps < gpu_tps
tests/test_hwfit_gemma4_12b.py
+51
View File
@@ -0,0 +1,51 @@
from services.hwfit.fit import rank_models
from services.hwfit.models import get_models, is_prequantized
def _8gb_vram_system():
return {
"has_gpu": True,
"backend": "cuda",
"gpu_name": "NVIDIA GeForce RTX 4060",
"gpu_vram_gb": 8.0,
"gpu_count": 1,
"available_ram_gb": 32.0,
"total_ram_gb": 32.0,
}
def test_gemma4_12b_in_catalog():
catalog = {m["name"]: m for m in get_models()}
assert "google/gemma-4-12B-it" in catalog, "gemma-4-12B-it missing from catalog"
def test_gemma4_12b_has_gguf_source():
catalog = {m["name"]: m for m in get_models()}
entry = catalog["google/gemma-4-12B-it"]
assert entry.get("gguf_sources"), "gemma-4-12B-it has no gguf_sources"
repos = [s["repo"] for s in entry["gguf_sources"]]
assert "unsloth/gemma-4-12B-it-GGUF" in repos
def test_gemma4_12b_rank_models_returns_it_for_8gb_vram():
results = rank_models(_8gb_vram_system(), search="gemma-4-12B-it", limit=20)
names = [r["name"] for r in results]
assert "google/gemma-4-12B-it" in names, "rank_models did not return gemma-4-12B-it for 8 GB VRAM"
def test_gemma4_12b_qat_entries_in_catalog():
catalog = {m["name"]: m for m in get_models()}
assert "google/gemma-4-12B-it-qat-int4" in catalog
assert "google/gemma-4-12B-it-qat-int8" in catalog
def test_gemma4_12b_qat_entries_are_prequantized():
catalog = {m["name"]: m for m in get_models()}
assert is_prequantized(catalog["google/gemma-4-12B-it-qat-int4"])
assert is_prequantized(catalog["google/gemma-4-12B-it-qat-int8"])
def test_gemma4_12b_qat_entries_have_no_gguf():
catalog = {m["name"]: m for m in get_models()}
assert catalog["google/gemma-4-12B-it-qat-int4"]["gguf_sources"] == []
assert catalog["google/gemma-4-12B-it-qat-int8"]["gguf_sources"] == []
tests/test_hwfit_macos.py
+52 -3
View File
@@ -4,6 +4,8 @@ Covers the Metal-specific behavior added for Apple Silicon and locks in the
guarantee that non-macOS (Linux/Windows) detection is unchanged.
"""
import json
from services.hwfit import hardware
from services.hwfit.fit import rank_models
from services.hwfit.models import get_models
@@ -22,7 +24,7 @@ def _metal_system(ram_gb=16.0, vram_gb=10.7):
}
def _fake_sysctl(brand="Apple M2 Pro", memsize_gb=32, wired_mb=None):
def _fake_sysctl(brand="Apple M2 Pro", memsize_gb=32, wired_mb=None, display_json=None, display_text=None):
def run(cmd):
joined = " ".join(cmd)
if "machdep.cpu.brand_string" in joined:
@@ -31,6 +33,12 @@ def _fake_sysctl(brand="Apple M2 Pro", memsize_gb=32, wired_mb=None):
return str(int(memsize_gb * 1024**3))
if "iogpu.wired_limit_mb" in joined:
return str(wired_mb) if wired_mb is not None else None
if "system_profiler SPDisplaysDataType -json" in joined:
if isinstance(display_json, (dict, list)):
return json.dumps(display_json)
return display_json
if "system_profiler SPDisplaysDataType" in joined:
return display_text
return None
return run
@@ -98,16 +106,47 @@ def test_apple_silicon_detected_as_metal(monkeypatch):
monkeypatch.setattr(hardware, "_remote_host", None)
monkeypatch.setattr(hardware.platform, "system", lambda: "Darwin")
monkeypatch.setattr(hardware.platform, "machine", lambda: "arm64")
monkeypatch.setattr(hardware, "_run", _fake_sysctl(memsize_gb=32))
monkeypatch.setattr(hardware, "_run", _fake_sysctl(
memsize_gb=32,
display_json={"SPDisplaysDataType": [{"sppci_model": "Apple M2 Pro", "sppci_cores": "19"}]},
))
info = hardware._detect_apple_silicon()
assert info is not None
assert info["backend"] == "metal"
assert info["gpu_name"] == "Apple M2 Pro"
assert info["unified_memory"] is True
assert info["gpu_cores"] == 19
assert info["gpu_vram_gb"] == 24.0 # 32GB * 0.75
def test_apple_silicon_gpu_cores_fall_back_to_plain_text(monkeypatch):
monkeypatch.setattr(hardware, "_remote_host", None)
monkeypatch.setattr(hardware.platform, "system", lambda: "Darwin")
monkeypatch.setattr(hardware.platform, "machine", lambda: "arm64")
monkeypatch.setattr(hardware, "_run", _fake_sysctl(
brand="Apple M4 Max",
memsize_gb=64,
display_json="{not-json",
display_text="Graphics/Displays:\n\nApple M4 Max:\n Total Number of Cores: 32\n",
))
info = hardware._detect_apple_silicon()
assert info is not None
assert info["gpu_cores"] == 32
def test_apple_silicon_gpu_cores_are_optional(monkeypatch):
monkeypatch.setattr(hardware, "_remote_host", None)
monkeypatch.setattr(hardware.platform, "system", lambda: "Darwin")
monkeypatch.setattr(hardware.platform, "machine", lambda: "arm64")
monkeypatch.setattr(hardware, "_run", _fake_sysctl(memsize_gb=32))
info = hardware._detect_apple_silicon()
assert info is not None
assert "gpu_cores" not in info
def test_apple_silicon_skipped_on_linux(monkeypatch):
"""Guarantee Linux detection is untouched: the Metal probe bails immediately."""
monkeypatch.setattr(hardware, "_remote_host", None)
@@ -126,13 +165,22 @@ def test_intel_mac_skipped(monkeypatch):
assert hardware._detect_apple_silicon() is None
def test_plain_arm_mac_skipped(monkeypatch):
"""Only ARM64-class Macs should enter the Apple Silicon Metal path."""
monkeypatch.setattr(hardware, "_remote_host", None)
monkeypatch.setattr(hardware.platform, "system", lambda: "Darwin")
monkeypatch.setattr(hardware.platform, "machine", lambda: "armv7l")
monkeypatch.setattr(hardware, "_run", _fake_sysctl())
assert hardware._detect_apple_silicon() is None
def test_detect_system_propagates_unified_memory(monkeypatch):
"""The unified_memory flag set by GPU detection must survive into the
system dict so the API and UI can report it (it was being dropped)."""
monkeypatch.setattr(hardware, "_detect_apple_silicon", lambda: {
"gpu_name": "Apple M4", "gpu_vram_gb": 10.7, "gpu_count": 1,
"gpus": [], "gpu_groups": [], "homogeneous": True,
"backend": "metal", "unified_memory": True,
"backend": "metal", "unified_memory": True, "gpu_cores": 10,
})
monkeypatch.setattr(hardware, "_get_ram_gb", lambda: 16.0)
monkeypatch.setattr(hardware, "_get_available_ram_gb", lambda: 11.0)
@@ -142,3 +190,4 @@ def test_detect_system_propagates_unified_memory(monkeypatch):
s = hardware.detect_system(fresh=True)
assert s["backend"] == "metal"
assert s.get("unified_memory") is True
assert s["gpu_cores"] == 10
tests/test_hwfit_remote_validation.py
+51
View File
@@ -31,6 +31,24 @@ def test_hwfit_routes_reject_ssh_option_host(path, kwargs):
assert exc.value.status_code == 400
@pytest.mark.parametrize(
"path,kwargs",
[
("/api/hwfit/system", {}),
("/api/hwfit/models", {"limit": 1}),
("/api/hwfit/profiles", {"model": "demo"}),
("/api/hwfit/image-models", {}),
],
)
def test_hwfit_routes_reject_invalid_ssh_port(path, kwargs):
endpoint = _endpoint(path)
with pytest.raises(HTTPException) as exc:
endpoint(host="alice@gpu-box", ssh_port="-oProxyCommand=sh", **kwargs)
assert exc.value.status_code == 400
def test_hwfit_routes_reject_port_without_host():
endpoint = _endpoint("/api/hwfit/system")
@@ -45,3 +63,36 @@ def test_ssh_argv_rejects_option_shaped_remote():
_ssh_exec_argv("-oProxyCommand=sh", "22", remote_cmd="true")
with pytest.raises(ValueError):
_ssh_exec_argv("alice@-oProxyCommand=sh", "22", remote_cmd="true")
def test_detect_system_option_host_never_starts_ssh(monkeypatch):
from core import platform_compat
from services.hwfit import hardware
calls = []
def _record_subprocess_run(*args, **kwargs):
calls.append((args, kwargs))
raise AssertionError("ssh subprocess should not start")
monkeypatch.setattr(platform_compat.subprocess, "run", _record_subprocess_run)
hardware._cache_by_host.clear()
try:
result = hardware.detect_system(
host="-oProxyCommand=sh",
ssh_port="22",
platform="linux",
fresh=True,
)
finally:
hardware._cache_by_host.clear()
hardware._remote_host = None
hardware._remote_port = None
hardware._remote_platform = None
assert result == {
"error": "Cannot connect to -oProxyCommand=sh",
"host": "-oProxyCommand=sh",
}
assert calls == []
tests/test_hwfit_windows.py
+47
View File
@@ -72,3 +72,50 @@ def test_gguf_alternate_still_recommended_on_windows():
still appear on Windows even though the AWQ variant is hidden."""
names = {r["name"] for r in rank_models(_windows_system(), limit=900)}
assert "Qwen/Qwen2.5-3B-Instruct" in names
def test_remote_windows_probe_uses_encoded_command(monkeypatch):
"""Remote Windows hwfit must not use nested -Command quoting over SSH."""
from services.hwfit import hardware
calls = []
monkeypatch.setattr(hardware, "_remote_host", "user@winpc")
monkeypatch.setattr(hardware, "_remote_port", None)
def fake_run(cmd):
calls.append(cmd)
if isinstance(cmd, str) and "EncodedCommand" in cmd:
return (
'{"ram_gb":64,"avail_gb":32,"cpu_name":"Test CPU",'
'"cpu_cores":8,"arch":64}'
)
return None
monkeypatch.setattr(hardware, "_run", fake_run)
result = hardware._detect_windows()
assert result is not None
assert result["total_ram_gb"] == 64
assert len(calls) == 1
assert "EncodedCommand" in calls[0]
assert '-Command "' not in calls[0]
def test_probe_remote_platform_detects_windows(monkeypatch):
from services.hwfit import hardware
monkeypatch.setattr(hardware, "_run", lambda cmd: "Windows_NT\n")
assert hardware._probe_remote_platform() == "windows"
def test_probe_remote_platform_detects_darwin(monkeypatch):
from services.hwfit import hardware
def fake_run(cmd):
if cmd == "echo %OS%":
return "%OS%"
if cmd == ["uname", "-s"]:
return "Darwin"
raise AssertionError(f"unexpected probe cmd: {cmd!r}")
monkeypatch.setattr(hardware, "_run", fake_run)
assert hardware._probe_remote_platform() == "linux"
tests/test_integrations_api_call_truncation.py
+49
View File
@@ -87,11 +87,60 @@ async def _call(json_data, status=200):
return await integrations.execute_api_call("test_integ", "GET", "/items")
async def _call_with_integration(integration, path="/items"):
mock_resp = _make_response({"ok": True})
mock_client = AsyncMock()
mock_client.__aenter__ = AsyncMock(return_value=mock_client)
mock_client.__aexit__ = AsyncMock(return_value=None)
mock_client.request = AsyncMock(return_value=mock_resp)
with (
patch.object(integrations, "_find_integration", return_value=integration),
patch("httpx.AsyncClient", return_value=mock_client),
):
result = await integrations.execute_api_call("test_integ", "GET", path)
return result, mock_client
# ---------------------------------------------------------------------------
# Tests
# ---------------------------------------------------------------------------
@pytest.mark.asyncio
async def test_api_call_rejects_stored_base_url_with_query_without_requesting():
integration = {**DUMMY_INTEGRATION, "base_url": "http://api.example.com/api?token=abc"}
result, mock_client = await _call_with_integration(integration)
assert result == {
"error": "Integration base URL must not include query or fragment",
"exit_code": 1,
}
mock_client.request.assert_not_called()
@pytest.mark.asyncio
async def test_api_call_joins_path_under_configured_base_path():
integration = {**DUMMY_INTEGRATION, "base_url": "http://api.example.com/root"}
result, mock_client = await _call_with_integration(integration, "/v1/items?limit=1")
assert result.get("exit_code") == 0
mock_client.request.assert_called_once()
assert mock_client.request.call_args.args[:2] == (
"GET",
"http://api.example.com/root/v1/items?limit=1",
)
@pytest.mark.asyncio
async def test_api_call_rejects_path_fragment_without_requesting():
result, mock_client = await _call_with_integration(DUMMY_INTEGRATION, "/items#fragment")
assert result == {"error": "Path must not contain a fragment", "exit_code": 1}
mock_client.request.assert_not_called()
@pytest.mark.asyncio
async def test_large_json_list_returns_valid_json_with_sentinel():
"""A JSON list whose serialized form exceeds 12000 chars must be truncated
tests/test_integrations_store_shape.py
+50
View File
@@ -83,6 +83,27 @@ def test_create_integration_rejects_blank_base_url_without_persisting(integratio
assert integrations.load_integrations() == []
@pytest.mark.parametrize(("base_url", "message"), [
("ftp://example.test", "Integration base URL must be an HTTP(S) URL"),
("https://example.test/api?token=abc", "Integration base URL must not include query or fragment"),
("https://example.test/api#fragment", "Integration base URL must not include query or fragment"),
])
def test_create_integration_rejects_invalid_base_url_without_persisting(
integrations_routes, base_url, message
):
endpoint, session_cookie, http_exception = integrations_routes
create_integration = endpoint("/api/auth/integrations", "POST")
with pytest.raises(http_exception) as exc:
asyncio.run(create_integration(
_JsonRequest({"name": "Example", "base_url": base_url}, session_cookie)
))
assert exc.value.status_code == 400
assert exc.value.detail == message
assert integrations.load_integrations() == []
@pytest.mark.parametrize("blank_name", ["", " "])
def test_update_integration_rejects_blank_name_without_changing_existing(integrations_routes, blank_name):
endpoint, session_cookie, http_exception = integrations_routes
@@ -127,3 +148,32 @@ def test_update_integration_rejects_blank_base_url_without_changing_existing(int
assert exc.value.status_code == 400
assert exc.value.detail == "Integration base URL is required"
assert integrations.load_integrations()[0]["base_url"] == "https://example.test"
@pytest.mark.parametrize(("base_url", "message"), [
("ftp://example.test", "Integration base URL must be an HTTP(S) URL"),
("https://example.test/api?token=abc", "Integration base URL must not include query or fragment"),
("https://example.test/api#fragment", "Integration base URL must not include query or fragment"),
])
def test_update_integration_rejects_invalid_base_url_without_changing_existing(
integrations_routes, base_url, message
):
endpoint, session_cookie, http_exception = integrations_routes
update_integration = endpoint("/api/auth/integrations/{integration_id}", "PUT")
integrations.save_integrations([
{
"id": "existing",
"name": "Original",
"base_url": "https://example.test",
}
])
with pytest.raises(http_exception) as exc:
asyncio.run(update_integration(
integration_id="existing",
request=_JsonRequest({"base_url": base_url}, session_cookie),
))
assert exc.value.status_code == 400
assert exc.value.detail == message
assert integrations.load_integrations()[0]["base_url"] == "https://example.test"
tests/test_kv_cache_invalidation_2927.py
+1 -1
View File
@@ -79,7 +79,7 @@ def _build_context_harness(monkeypatch, chat_helpers, history):
monkeypatch.setattr(chat_helpers, "extract_preset", fake_extract_preset)
monkeypatch.setattr(chat_helpers, "add_user_message", fake_add_user_message)
monkeypatch.setattr(chat_helpers, "load_prefs_for_user", lambda user: {})
monkeypatch.setattr(chat_helpers, "get_current_user", lambda request: "tester")
monkeypatch.setattr(chat_helpers, "effective_user", lambda request: "tester")
monkeypatch.setattr(chat_helpers, "normalize_model_id", lambda endpoint_url, model, **kwargs: None)
monkeypatch.setattr(chat_helpers, "maybe_compact", fake_maybe_compact)
monkeypatch.setattr(chat_helpers, "trim_for_context", lambda messages, context_length: messages)
tests/test_launcher.py
+62
View File
@@ -0,0 +1,62 @@
# tests/test_launcher.py
import sys
import os
from unittest import mock
import pytest
from launcher import NullWriter, create_tray_image, on_open_browser, on_exit, open_browser
def test_null_writer():
writer = NullWriter()
# writing and flushing should not raise any exceptions
writer.write("hello")
writer.flush()
assert writer.isatty() is False
def test_create_tray_image():
try:
from PIL import Image
img = create_tray_image()
assert isinstance(img, Image.Image)
assert img.size == (64, 64)
except ImportError:
pytest.skip("Pillow/PIL not installed in test environment")
def test_on_open_browser():
with mock.patch("webbrowser.open") as mock_open:
icon_mock = mock.Mock()
item_mock = mock.Mock()
url = "http://127.0.0.1:7000"
on_open_browser(icon_mock, item_mock, url)
mock_open.assert_called_once_with(url)
def test_on_exit():
with mock.patch("os._exit") as mock_exit:
icon_mock = mock.Mock()
item_mock = mock.Mock()
on_exit(icon_mock, item_mock)
icon_mock.stop.assert_called_once()
mock_exit.assert_called_once_with(0)
def test_open_browser():
with mock.patch("webbrowser.open") as mock_open, \
mock.patch("time.sleep") as mock_sleep:
# Test when splash_root is None
with mock.patch("launcher.splash_root", None):
open_browser("http://127.0.0.1:7000")
mock_open.assert_called_once_with("http://127.0.0.1:7000")
mock_sleep.assert_called_once_with(3.5)
with mock.patch("webbrowser.open") as mock_open, \
mock.patch("time.sleep") as mock_sleep:
# Test when splash_root is present and gets destroyed
mock_splash = mock.Mock()
with mock.patch("launcher.splash_root", mock_splash):
open_browser("http://127.0.0.1:7000")
mock_splash.after.assert_called_once()
tests/test_live_strip_email_tool_fences.py
+119
View File
@@ -0,0 +1,119 @@
"""Regression test for #3993 — live chat leaves executed tool fences visible.
The backend strips every fenced tool block (``src/tool_parsing.py`` builds its
regex from the full ``TOOL_TAGS`` set), so a reloaded session renders cleanly.
The live frontend path uses its own regex, ``EXEC_FENCE_RE`` in
``static/js/chatRenderer.js``.
Originally that regex came from a hand-maintained subset, so any executable tool
not in it — and every *future* tool added to ``TOOL_TAGS`` — left its executed
fence lingering as a raw code block in the live bubble until reload. The fix
makes ``TOOL_TAGS`` the single source: ``chatRenderer.js`` no longer hard-codes a
tool list at all. It fetches the backend's authoritative set once from
``GET /api/tools`` (which serves ``sorted(TOOL_TAGS)``) and builds
``EXEC_FENCE_RE`` from it at load, minus ``bash``/``python`` (legitimate code
examples a user may have asked the model to show). There is no second list to
drift.
``chatRenderer.js`` pulls browser globals and can't be imported under node, so
the behavioral tests exercise an equivalent Python regex built straight from the
backend ``TOOL_TAGS`` — the same source the live regex now derives from — and
source-level guards assert the frontend keeps no hard-coded list.
"""
import re
from pathlib import Path
_SRC = Path("static/js/chatRenderer.js")
_TOOLS_SRC = Path("src/agent_tools/__init__.py")
_ROUTES_SRC = Path("routes/model_routes.py")
# Deliberately NOT stripped: legitimate code-example languages, not tool
# invocations. Must match the carve-out in chatRenderer.js.
_NON_STRIPPED = {"bash", "python"}
def _tool_tags() -> set[str]:
"""Extract the backend TOOL_TAGS set from src/agent_tools/__init__.py (source-level)."""
source = _TOOLS_SRC.read_text(encoding="utf-8")
m = re.search(r"TOOL_TAGS\s*=\s*\{(?P<body>.*?)\}", source, re.DOTALL)
assert m, "TOOL_TAGS literal not found in src/agent_tools/__init__.py"
return set(re.findall(r'"([a-z_]+)"', m.group("body")))
def _exec_fence_regex() -> re.Pattern:
"""Rebuild EXEC_FENCE_RE's behavior from the same source the live regex now
derives from: the backend TOOL_TAGS (served via /api/tools) minus bash/python."""
tags = _tool_tags() - _NON_STRIPPED
assert tags, "TOOL_TAGS is empty"
return re.compile(r"```(?:" + "|".join(sorted(tags)) + r")\s*\n[\s\S]*?```", re.IGNORECASE)
def test_strips_executed_email_tool_fences():
rx = _exec_fence_regex()
# The exact shape the reporter observed lingering in the live bubble.
text = 'Here are emails\n\n```list_emails\n{"max_results":10}\n```'
assert rx.sub("", text).strip() == "Here are emails"
def test_strips_every_named_email_tool_fence():
rx = _exec_fence_regex()
email_tools = [
"list_email_accounts", "send_email", "list_emails", "read_email",
"reply_to_email", "bulk_email", "archive_email", "delete_email",
"mark_email_read",
]
for tool in email_tools:
fence = f"```{tool}\n{{}}\n```"
assert rx.sub("", fence).strip() == "", f"{tool} fence not stripped"
def test_preserves_existing_web_search_stripping():
rx = _exec_fence_regex()
fence = '```web_search\n{"q":"x"}\n```'
assert rx.sub("", fence).strip() == ""
def test_does_not_strip_bash_or_python_code_examples():
"""bash/python fences are deliberately excluded — they are legitimate code
examples a user may have asked the model to show, not tool invocations."""
rx = _exec_fence_regex()
for lang in sorted(_NON_STRIPPED):
example = f"```{lang}\nls -la\n```"
assert rx.sub("", example) == example, f"{lang} example wrongly stripped"
def test_frontend_keeps_no_hardcoded_tool_list():
"""Root-cause guard for #3993: chatRenderer.js must NOT reintroduce a
hand-maintained tool list. A hard-coded mirror of TOOL_TAGS silently drifts
when a new tool is added — leaving its executed fence in the live bubble
until reload. The live regex must instead be built from the backend's
authoritative set fetched at runtime."""
source = _SRC.read_text(encoding="utf-8")
assert "EXEC_TOOL_TAGS" not in source, (
"chatRenderer.js reintroduced a hard-coded EXEC_TOOL_TAGS list; the "
"live-strip tags must come from GET /api/tools so TOOL_TAGS stays the "
"single source (#3993)."
)
assert "/api/tools" in source, (
"chatRenderer.js must fetch the tool set from /api/tools to build "
"EXEC_FENCE_RE."
)
# The bash/python carve-out must survive the move to the runtime list.
m = re.search(r"EXEC_FENCE_NON_TOOL\s*=\s*new Set\(\[(?P<body>.*?)\]\)", source, re.DOTALL)
assert m, "bash/python carve-out (EXEC_FENCE_NON_TOOL) not found in chatRenderer.js"
carve_out = set(re.findall(r"['\"]([a-z_]+)['\"]", m.group("body")))
assert carve_out == _NON_STRIPPED, (
f"EXEC_FENCE_NON_TOOL must carve out exactly {sorted(_NON_STRIPPED)}, "
f"got {sorted(carve_out)}"
)
def test_api_tools_endpoint_serves_full_tool_tags():
"""The frontend's single source is GET /api/tools. Guard that the endpoint
serves the complete TOOL_TAGS set (sorted) — if it ever served a subset, the
live-strip list would silently shrink with no second list to catch it."""
source = _ROUTES_SRC.read_text(encoding="utf-8")
assert re.search(r"for\s+tag\s+in\s+sorted\(\s*TOOL_TAGS\s*\)", source), (
"GET /api/tools must iterate sorted(TOOL_TAGS) so the frontend's "
"EXEC_FENCE_RE covers every executable tool (#3993)."
)
tests/test_llamacpp_discovery.py
+178
View File
@@ -0,0 +1,178 @@
"""Tests for llama.cpp (llama-server) local discovery: the default scan list
includes llama-server's port 8080, and `_fingerprint_provider` identifies a
llama-server via its native ``/props`` endpoint without misfiring on LM Studio,
Ollama, or plain OpenAI-compatible servers.
Companion to test_lmstudio_discovery.py; the llama.cpp fingerprint is checked
*after* the LM Studio one, so LM Studio still wins when both could match.
"""
from src.model_discovery import ModelDiscovery
class _FakeResponse:
def __init__(self, payload, ok=True):
self._payload = payload
self.is_success = ok
def json(self):
return self._payload
# ════════════════════════════════════════════════════════════
# discover_models — scan list includes 8080 (llama-server default)
# ════════════════════════════════════════════════════════════
class TestLlamaCppScanPort:
def test_discover_models_scans_port_8080(self, monkeypatch):
"""llama-server's default port 8080 must be among the scan targets."""
discovery = ModelDiscovery(default_host="localhost")
scanned_ports = []
def fake_check_port(host, port):
scanned_ports.append(port)
return None
monkeypatch.setattr(discovery, "_check_port", fake_check_port)
monkeypatch.setattr(
"src.model_discovery.discover_tailscale_hosts", lambda: [],
)
discovery.discover_models()
assert 8080 in scanned_ports
# ════════════════════════════════════════════════════════════
# _fingerprint_provider — llama-server via /props
# ════════════════════════════════════════════════════════════
class TestLlamaCppFingerprint:
# A representative llama-server /props payload (trimmed to the keys the
# fingerprint relies on).
LLAMACPP_PROPS = {
"default_generation_settings": {"n_ctx": 4096, "temperature": 0.8},
"total_slots": 1,
"chat_template": "{{ messages }}",
"model_path": "/models/gemma-4-12b-it-Q4_K_M.gguf",
}
def test_llamacpp_props_detected(self, monkeypatch):
"""A server that isn't LM Studio but answers /props as llama-server →
'llamacpp'."""
discovery = ModelDiscovery(default_host="localhost")
def fake_get(url, timeout=None):
if url.endswith("/api/v1/models"):
# OpenAI-compatible shape, not the LM Studio native shape.
return _FakeResponse({"data": [{"id": "gemma-4-12b"}]})
if url.endswith("/props"):
return _FakeResponse(self.LLAMACPP_PROPS)
return _FakeResponse({}, ok=False)
monkeypatch.setattr("src.model_discovery.httpx.get", fake_get)
assert discovery._fingerprint_provider("localhost", 8080) == "llamacpp"
def test_lmstudio_still_wins_when_both_match(self, monkeypatch):
"""If /api/v1/models reports the LM Studio native shape, LM Studio is
returned even when /props would also match."""
discovery = ModelDiscovery(default_host="localhost")
lmstudio_native = {
"models": [{"type": "llm", "key": "qwen3.6-27b",
"architecture": "qwen35", "format": "gguf"}]
}
def fake_get(url, timeout=None):
if url.endswith("/api/v1/models"):
return _FakeResponse(lmstudio_native)
if url.endswith("/props"):
return _FakeResponse(self.LLAMACPP_PROPS)
return _FakeResponse({}, ok=False)
monkeypatch.setattr("src.model_discovery.httpx.get", fake_get)
assert discovery._fingerprint_provider("localhost", 8080) == "lmstudio"
def test_props_without_llamacpp_keys_not_detected(self, monkeypatch):
"""A /props-style response lacking llama-server marker keys → None."""
discovery = ModelDiscovery(default_host="localhost")
def fake_get(url, timeout=None):
if url.endswith("/api/v1/models"):
return _FakeResponse({"data": []})
if url.endswith("/props"):
return _FakeResponse({"unrelated": "value"})
return _FakeResponse({}, ok=False)
monkeypatch.setattr("src.model_discovery.httpx.get", fake_get)
assert discovery._fingerprint_provider("localhost", 8080) is None
def test_props_unreachable_returns_none(self, monkeypatch):
"""No /api/v1/models and a failing /props → None (not an exception)."""
discovery = ModelDiscovery(default_host="localhost")
def fake_get(url, timeout=None):
if url.endswith("/api/v1/models"):
return _FakeResponse({}, ok=False)
raise OSError("connection refused")
monkeypatch.setattr("src.model_discovery.httpx.get", fake_get)
assert discovery._fingerprint_provider("localhost", 8080) is None
def test_check_port_attaches_llamacpp_provider(self, monkeypatch):
"""End-to-end: _check_port tags a discovered llama-server as 'llamacpp'."""
discovery = ModelDiscovery(default_host="localhost")
def fake_get(url, timeout=None):
if url.endswith("/v1/models"):
return _FakeResponse({"data": [{"id": "gemma-4-12b"}]})
if url.endswith("/api/v1/models"):
return _FakeResponse({"data": [{"id": "gemma-4-12b"}]})
if url.endswith("/props"):
return _FakeResponse(self.LLAMACPP_PROPS)
return _FakeResponse({}, ok=False)
monkeypatch.setattr("src.model_discovery.httpx.get", fake_get)
result = discovery._check_port("localhost", 8080)
assert result is not None
assert result["provider"] == "llamacpp"
assert result["models"] == ["gemma-4-12b"]
# ════════════════════════════════════════════════════════════
# Docker loopback rewrite — host.docker.internal:8080 in scan
# ════════════════════════════════════════════════════════════
class TestDockerLoopbackScan:
def test_host_docker_internal_in_scan_hosts(self, monkeypatch):
"""When no LLM_HOSTS env override is set, host.docker.internal must be
included in the scan host list so llama-server on the Docker host is
discovered from inside the container."""
monkeypatch.delenv("LLM_HOSTS", raising=False)
monkeypatch.setattr(
"src.model_discovery.discover_tailscale_hosts", lambda: [],
)
discovery = ModelDiscovery(default_host="localhost")
hosts = discovery._get_hosts()
assert "host.docker.internal" in hosts
def test_discovered_endpoint_url_uses_provided_host(self, monkeypatch):
"""When host.docker.internal:8080 is probed, the returned base_url
contains host.docker.internal — not a rewritten 127.0.0.1."""
from src.model_discovery import ModelDiscovery as _MD
discovery = _MD(default_host="localhost")
def fake_get(url, timeout=None):
if url.endswith("/v1/models") or url.endswith("/api/v1/models"):
return _FakeResponse({"data": [{"id": "gemma-4-12b"}]})
if url.endswith("/props"):
return _FakeResponse({
"default_generation_settings": {"n_ctx": 4096},
"total_slots": 1,
"chat_template": "{{ messages }}",
})
return _FakeResponse({}, ok=False)
monkeypatch.setattr("src.model_discovery.httpx.get", fake_get)
result = discovery._check_port("host.docker.internal", 8080)
assert result is not None
assert "host.docker.internal" in result["url"]
assert "127.0.0.1" not in result["url"]
tests/test_llm_core_mistral_content.py
+156
View File
@@ -0,0 +1,156 @@
"""Tests for _normalize_mistral_content() — Mistral's structured content parser.
Mistral's chat completions API returns content as a typed array when reasoning
is enabled, instead of the plain string most OpenAI-compat servers use:
"content": [
{"type": "thinking", "thinking": [{"type": "text", "text": "..."}], "closed": true},
{"type": "text", "text": "..."}
]
_normalize_mistral_content() splits that into (text, thinking) plain strings.
The function is called from three sites:
- llm_call (sync, non-streaming response parser)
- llm_call_async (async, non-streaming response parser)
- stream_llm (streaming delta parser)
These tests pin the contract: string passthrough, the array shape, and the
edge cases (empty, garbage, missing fields) so a refactor doesn't silently
drop thinking content or break non-Mistral providers.
"""
from src.llm_core import _normalize_mistral_content
def test_string_passthrough_returns_text_with_empty_thinking():
"""Plain string content (the common case) passes through unchanged."""
text, thinking = _normalize_mistral_content("hello world")
assert text == "hello world"
assert thinking == ""
def test_empty_string_passthrough():
text, thinking = _normalize_mistral_content("")
assert text == ""
assert thinking == ""
def test_array_with_thinking_and_text_blocks():
"""Mistral's documented format: thinking block + text block."""
content = [
{
"type": "thinking",
"thinking": [{"type": "text", "text": "Let me work through this..."}],
"closed": True,
},
{"type": "text", "text": "The answer is 42."},
]
text, thinking = _normalize_mistral_content(content)
assert text == "The answer is 42."
assert thinking == "Let me work through this..."
def test_array_with_only_thinking_block():
"""Streaming deltas often contain only a thinking fragment (no text block yet)."""
content = [
{
"type": "thinking",
"thinking": [{"type": "text", "text": "Okay, let's"}],
"closed": True,
}
]
text, thinking = _normalize_mistral_content(content)
assert text == ""
assert thinking == "Okay, let's"
def test_array_with_only_text_block():
"""Final answer delta — only the text block, no thinking."""
content = [{"type": "text", "text": "Final answer."}]
text, thinking = _normalize_mistral_content(content)
assert text == "Final answer."
assert thinking == ""
def test_array_concatenates_multiple_text_blocks():
"""Multiple text blocks are concatenated in order."""
content = [
{"type": "text", "text": "part 1 "},
{"type": "text", "text": "part 2"},
]
text, thinking = _normalize_mistral_content(content)
assert text == "part 1 part 2"
def test_array_concatenates_multiple_thinking_fragments():
"""Multiple thinking sub-blocks are concatenated in order."""
content = [
{
"type": "thinking",
"thinking": [
{"type": "text", "text": "first "},
{"type": "text", "text": "second"},
],
"closed": True,
}
]
text, thinking = _normalize_mistral_content(content)
assert text == ""
assert thinking == "first second"
def test_empty_array_returns_empty_strings():
text, thinking = _normalize_mistral_content([])
assert text == ""
assert thinking == ""
def test_array_with_garbage_entries_skips_them():
"""Non-dict entries, missing type, missing text — all silently skipped."""
content = [
"not a dict",
None,
{"type": "unknown_type", "text": "should be ignored"},
{"type": "text"}, # missing text key
{"type": "thinking"}, # missing thinking key
{"type": "text", "text": "valid text"},
]
text, thinking = _normalize_mistral_content(content)
assert text == "valid text"
assert thinking == ""
def test_none_returns_empty_strings():
"""Defensive: None content (server bug or schema drift) doesn't crash."""
text, thinking = _normalize_mistral_content(None)
assert text == ""
assert thinking == ""
def test_int_returns_empty_strings():
"""Defensive: wrong-typed content doesn't crash."""
text, thinking = _normalize_mistral_content(42)
assert text == ""
assert thinking == ""
def test_thinking_block_with_string_inner():
"""Some Mistral API versions may use a string instead of an array for
the inner 'thinking' field. Accept both shapes."""
content = [
{"type": "thinking", "thinking": "inline string thinking"},
{"type": "text", "text": "answer"},
]
text, thinking = _normalize_mistral_content(content)
assert text == "answer"
assert thinking == "inline string thinking"
def test_thinking_block_with_empty_text_field():
"""Empty text fields don't pollute the output."""
content = [
{"type": "thinking", "thinking": [{"type": "text", "text": ""}], "closed": True},
{"type": "text", "text": ""},
]
text, thinking = _normalize_mistral_content(content)
assert text == ""
assert thinking == ""
tests/test_llm_core_reasoning.py
+30
View File
@@ -206,3 +206,33 @@ def test_harmony_analysis_channel_routes_to_thinking(monkeypatch):
assert answer == "Here are the files."
assert "<|channel|>" not in thinking + answer
assert "<|message|>" not in thinking + answer
def test_harmony_commentary_channel_no_marker_or_toolarg_leak(monkeypatch):
# gpt-oss commentary channel (tool-call preambles / function-arg bodies) is
# internal — it must not leak the channel marker, the `to=functions.*`
# recipient, or its body into the visible answer. The `<|channel|>comm` /
# `entary` split also exercises the suffix-hold for the new marker.
deltas = _run_stream(
"gpt-oss:20b",
[
'data: {"choices":[{"delta":{"content":"<|channel|>comm"}}]}',
'data: {"choices":[{"delta":{"content":"entary to=functions.web_search<|message|>Let me search the web."}}]}',
'data: {"choices":[{"delta":{"content":"<|end|><|channel|>final<|message|>Here are the "}}]}',
'data: {"choices":[{"delta":{"content":"results.<|end|>"}}]}',
"data: [DONE]",
],
monkeypatch,
)
thinking = "".join(d["delta"] for d in deltas if d.get("thinking"))
answer = "".join(d["delta"] for d in deltas if not d.get("thinking"))
# final channel is the only user-facing text
assert answer == "Here are the results."
# commentary body routed to thinking, not the visible answer
assert thinking == "Let me search the web."
# no harmony markers, channel name, or tool recipient leak anywhere
assert "<|channel|>" not in thinking + answer
assert "<|message|>" not in thinking + answer
assert "commentary" not in answer
assert "to=functions.web_search" not in thinking + answer
tests/test_llm_core_temperature.py
+65 -2
View File
@@ -29,7 +29,12 @@ def test_normal_models_allow_temperature(model):
assert llm_core._restricts_temperature(model) is False
def _capture_openai_payload(monkeypatch, model, temperature):
def _capture_openai_payload(
monkeypatch,
model,
temperature,
url="https://api.openai.com/v1/chat/completions",
):
"""Run a synchronous OpenAI-compatible call and return the posted JSON body."""
llm_core._response_cache.clear()
seen = {}
@@ -45,7 +50,7 @@ def _capture_openai_payload(monkeypatch, model, temperature):
monkeypatch.setattr(llm_core.httpx, "post", fake_post)
result = llm_core.llm_call(
"https://api.openai.com/v1/chat/completions",
url,
model,
[{"role": "user", "content": "Say OK"}],
temperature=temperature,
@@ -131,3 +136,61 @@ def test_anthropic_payload_clamps_negative():
def test_anthropic_payload_none_temperature_does_not_crash():
payload = _anthropic_payload(None)
assert payload["temperature"] is None
@pytest.mark.parametrize(
"model",
[
"kimi-k2.5",
"kimi-k2.6",
"moonshot/kimi-k2.6",
"kimi-k2.6-preview",
],
)
def test_moonshot_k2_5_plus_uses_fixed_temperature(model):
assert llm_core._moonshot_rejects_custom_temperature("moonshot", model)
@pytest.mark.parametrize(
"provider,model",
[
("openai", "kimi-k2.6"),
("moonshot", "kimi-k2-0905-preview"),
("moonshot", "kimi-k2-thinking"),
("moonshot", "kimi-k2.50"),
("moonshot", None),
],
)
def test_other_models_keep_temperature(provider, model):
assert not llm_core._moonshot_rejects_custom_temperature(provider, model)
@pytest.mark.parametrize(
"url",
[
"https://api.moonshot.ai/v1/chat/completions",
"https://api.moonshot.cn/v1/chat/completions",
],
)
def test_moonshot_provider_detection(url):
assert llm_core._detect_provider(url) == "moonshot"
def test_moonshot_k2_6_payload_omits_temperature(monkeypatch):
payload = _capture_openai_payload(
monkeypatch,
"kimi-k2.6",
0.7,
url="https://api.moonshot.ai/v1/chat/completions",
)
assert "temperature" not in payload
def test_self_hosted_kimi_k2_6_payload_keeps_temperature(monkeypatch):
payload = _capture_openai_payload(
monkeypatch,
"kimi-k2.6",
0.7,
url="http://localhost:8000/v1/chat/completions",
)
assert payload["temperature"] == 0.7
tests/test_lmstudio_models_url.py
+14
View File
@@ -17,6 +17,7 @@ This module pins both behaviors so future refactors don't regress them.
"""
import httpx
import pytest
from src import endpoint_resolver, llm_core
@@ -90,6 +91,19 @@ def test_build_models_url_preserves_explicit_non_v1_path(monkeypatch):
)
@pytest.mark.parametrize("base_url", [
"http://localhost:1234?",
"http://localhost:1234#fragment",
"http://localhost:1234/v1?token=abc",
])
def test_build_models_url_rejects_query_or_fragment_base(monkeypatch, base_url):
monkeypatch.setattr(endpoint_resolver, "resolve_url", lambda url: url)
_neutralize_provider_detection(monkeypatch)
with pytest.raises(ValueError, match="query or fragment"):
endpoint_resolver.build_models_url(base_url)
# ── list_model_ids: parse LM Studio's response ─────────────────────────
tests/test_log_safety.py
+32
View File
@@ -0,0 +1,32 @@
from core.log_safety import redact_url
def test_strips_userinfo():
assert redact_url("https://user:pass@host.example/v1/models") == "https://host.example/v1/models"
def test_strips_query_and_fragment():
assert redact_url("https://host.example/v1?api_key=secret#frag") == "https://host.example/v1"
def test_keeps_port_and_path():
assert redact_url("http://host.example:8080/api/tags") == "http://host.example:8080/api/tags"
def test_ipv6_host_keeps_brackets():
assert redact_url("https://user:pass@[2001:db8::1]:8443/v1") == "https://[2001:db8::1]:8443/v1"
assert redact_url("https://[2001:db8::1]/v1") == "https://[2001:db8::1]/v1"
def test_no_credentials_passthrough():
assert redact_url("https://host.example/v1/models") == "https://host.example/v1/models"
def test_empty_and_none():
assert redact_url("") == ""
assert redact_url(None) == ""
def test_garbage_does_not_raise():
# urlparse is lenient; just assert no credential-looking userinfo survives.
assert "@" not in redact_url("::::not a url::::")
tests/test_manage_mcp_command_allowlist.py
+168
View File
@@ -0,0 +1,168 @@
"""RCE guard for manage_mcp 'add' (#438).
do_manage_mcp("add", ...) used to pass model / prompt-injection-controlled
command/args/env straight to a stdio subprocess spawn with no allowlist, so a
payload smuggled into a skill description, memory entry, fetched page, or email
body could register an MCP server running arbitrary code as the app UID.
_validate_mcp_command now gates the agent path before any DB write or spawn:
interpreters, runtimes, package runners, shells, and exec-wrappers are
hard-denied (even if an operator allowlists one); the command must otherwise be
a bare basename in ODYSSEUS_MCP_ALLOWED_COMMANDS; code-exec flags are rejected
by prefix (catching glued forms like -cimport os and --eval=); remote-URL args
and code-injecting env vars (LD_PRELOAD, NODE_OPTIONS, PYTHONPATH, ...) are
rejected too.
"""
import asyncio
import json
import pytest
from unittest.mock import MagicMock, AsyncMock
from tests.helpers.import_state import clear_fake_database_modules
from tests.helpers.sqlite_db import make_temp_sqlite
clear_fake_database_modules()
import core.database as cdb
from core.database import McpServer
import src.agent_tools.admin_tools as ti # do_manage_mcp/get_mcp_manager moved here in the registry migration
from src.agent_tools.admin_tools import _validate_mcp_command
_TS, _ENGINE, _TMPDB = make_temp_sqlite(cdb.Base.metadata)
@pytest.fixture(autouse=True)
def _env(monkeypatch):
monkeypatch.setattr(cdb, "SessionLocal", _TS)
# Allow one benign launcher (so the positive path is reachable) and also
# python3 (to prove the hard-deny still wins over an operator allowlist).
monkeypatch.setenv("ODYSSEUS_MCP_ALLOWED_COMMANDS", "mcp-server-demo,python3")
db = _TS()
try:
db.query(McpServer).delete()
db.commit()
finally:
db.close()
yield
# ── validator: the RCE forms from the #438 review must all be rejected ──
@pytest.mark.parametrize("command,args", [
("sh", ["-c", "id>/tmp/pwn"]),
("bash", ["-c", "id"]),
("python3", ["/tmp/payload.py"]), # interpreter + script path
("python3", ["-m", "pip", "install", "evilpkg"]), # -m pip
("python3", ["-cimport os; os.system('x')"]), # glued -c (NubsCarson)
("node", ["-erequire('child_process')"]), # glued -e
("node", ["--eval=console.log(1)"]),
("node", ["-p", "process.env"]),
("deno", ["eval", "console.log(1)"]),
("npx", ["-y", "evil-mcp"]),
("uvx", ["evil"]),
("pipx", ["run", "evil"]),
("yarn", ["evil"]),
("env", ["sh", "-c", "id"]), # exec wrapper
("/tmp/payload", []), # path, not a basename
("mcp-server-demo;id", []), # shell metachar in command
("mcp-server-demo", ["-c", "code"]), # code-exec flag on allowed cmd
("mcp-server-demo", ["-cglued()"]), # glued code-exec flag
("mcp-server-demo", ["--eval=x"]), # long glued eval
("mcp-server-demo", ["https://evil.example/x.js"]),# remote URL arg
])
def test_validator_rejects_rce_forms(command, args):
assert _validate_mcp_command(command, args, {}) is not None
@pytest.mark.parametrize("key", ["LD_PRELOAD", "NODE_OPTIONS", "PYTHONPATH", "DYLD_INSERT_LIBRARIES", "PATH"])
def test_validator_rejects_dangerous_env(key):
assert _validate_mcp_command("mcp-server-demo", [], {key: "x"}) is not None
def test_denied_command_rejected_even_when_operator_allowlists_it():
# python3 is in ODYSSEUS_MCP_ALLOWED_COMMANDS for this test; hard-deny wins.
assert _validate_mcp_command("python3", ["server.py"], {}) is not None
@pytest.mark.parametrize("command", [
"python3.11", "python3.12", "node18", "node20", "pip3", "ruby3.2",
"java", "javac", "bunx", "tsx", "ts-node", "pypy3", "deno1",
])
def test_versioned_and_alias_runtimes_are_denied(command):
# Versioned / alias runtime forms must collapse to the family and be denied,
# not slip past exact-name matching (RaresKeY review on #4433).
assert _validate_mcp_command(command, [], {}) is not None
def test_alias_runtime_denied_even_if_operator_allowlists_it(monkeypatch):
# The exact scenario from review: an operator allowlists a versioned alias.
# Hard-deny by family must still win, before the allowlist is consulted.
monkeypatch.setenv("ODYSSEUS_MCP_ALLOWED_COMMANDS", "python3.11,node18,java,bunx")
for command in ("python3.11", "node18", "java", "bunx"):
assert _validate_mcp_command(command, [], {}) is not None, command
def test_command_not_in_allowlist_rejected():
assert _validate_mcp_command("some-random-binary", [], {}) is not None
def test_validator_allows_safe_allowlisted_server():
assert _validate_mcp_command("mcp-server-demo", ["--port", "3000"], {"FOO": "bar"}) is None
# ── integration: the real do_manage_mcp('add') path ──
def _add(command, args=None, env=None):
payload = {"action": "add", "name": "x", "command": command,
"args": args if args is not None else [], "env": env or {}}
return asyncio.run(ti.do_manage_mcp(json.dumps(payload)))
def test_add_rejects_rce_with_no_db_write_and_no_connect(monkeypatch):
mcp = MagicMock()
mcp.connect_server = AsyncMock()
monkeypatch.setattr(ti, "get_mcp_manager", lambda: mcp)
res = _add("sh", ["-c", "id>/tmp/pwn"])
assert res["exit_code"] == 1
assert "refused" in res["error"]
mcp.connect_server.assert_not_called()
db = _TS()
try:
assert db.query(McpServer).count() == 0, "rejected add must not persist an enabled row"
finally:
db.close()
def test_add_rejects_versioned_runtime_alias_no_row_no_connect(monkeypatch):
# Versioned alias on the real add path must also write no row and not connect.
mcp = MagicMock()
mcp.connect_server = AsyncMock()
monkeypatch.setattr(ti, "get_mcp_manager", lambda: mcp)
res = _add("python3.11", ["server.py"])
assert res["exit_code"] == 1
mcp.connect_server.assert_not_called()
db = _TS()
try:
assert db.query(McpServer).count() == 0
finally:
db.close()
def test_add_allows_safe_server_writes_row_and_connects(monkeypatch):
mcp = MagicMock()
mcp.connect_server = AsyncMock()
mcp.get_server_status = MagicMock(return_value={"tool_count": 2})
monkeypatch.setattr(ti, "get_mcp_manager", lambda: mcp)
res = _add("mcp-server-demo", ["--port", "3000"])
assert res["exit_code"] == 0
mcp.connect_server.assert_called_once()
db = _TS()
try:
assert db.query(McpServer).count() == 1
finally:
db.close()
tests/test_manage_memory_list.py
+7
View File
@@ -0,0 +1,7 @@
from pathlib import Path
def test_memory_list_implementations_do_not_truncate_results():
for path in ("mcp_servers/memory_server.py", "src/ai_interaction.py"):
source = Path(path).read_text()
assert "memories[:100]" not in source
tests/test_manage_settings_token_budget.py
+1 -1
View File
@@ -3,7 +3,7 @@ import asyncio
import json
import src.settings as settings_mod
from src.tool_implementations import do_manage_settings
from src.agent_tools.admin_tools import do_manage_settings
def test_set_token_budget_is_not_refused_as_secret(monkeypatch):
tests/test_markdown_rendering_js.py
+30
View File
@@ -170,6 +170,36 @@ def test_extract_thinking_blocks_handles_thought_tag(node_available):
assert result["content"] == "Final answer."
def test_url_inside_inline_code_is_not_autolinked(node_available):
# A URL inside a backtick span is preceded by a space, so the bare-URL
# autolink used to wrap it in an <a> tag (then swap it for an
# ___ALLOWED_HTML_ placeholder), corrupting the command shown to the user.
html = _run_markdown_case("Run `$j = irm http://127.0.0.1:3000/x` to fetch.")
assert "<code>$j = irm http://127.0.0.1:3000/x</code>" in html
assert "___ALLOWED_HTML_" not in html
assert "<a " not in html
assert 'href="http://127.0.0.1:3000/x"' not in html
def test_url_outside_inline_code_is_still_autolinked(node_available):
# Inline code must not disable autolinking for bare URLs elsewhere in the
# same line.
html = _run_markdown_case("Use `irm` then visit https://example.com/page now.")
assert "<code>irm</code>" in html
assert 'href="https://example.com/page"' in html
def test_inline_code_content_is_html_escaped(node_available):
# Inline code is now extracted before the global escape pass, so it must be
# escaped at extraction time (matching the fenced-code-block handling).
html = _run_markdown_case("Render `<b>$1 & 'q'</b>` literally.")
assert "<code>&lt;b&gt;$1 &amp; &#39;q&#39;&lt;/b&gt;</code>" in html
assert "<b>" not in html
def test_dotted_python_import_paths_are_not_autolinked(node_available):
html = _run_markdown_case(
"from imblearn.combine import SMOTETomek\n"
tests/test_mcp_email_decode_header_spaces.py
+182
View File
@@ -6,6 +6,9 @@ double space after "Re:" on every non-ASCII subject, a spurious space in
"Name <addr>" senders, and violated RFC 2047 6.2 which requires whitespace
between two adjacent encoded-words to be dropped.
"""
import json
import sqlite3
import pytest
pytest.importorskip("mcp")
@@ -13,6 +16,49 @@ pytest.importorskip("mcp")
import mcp_servers.email_server as es
def _init_accounts_db(path):
conn = sqlite3.connect(path)
conn.execute(
"""
CREATE TABLE email_accounts (
id TEXT PRIMARY KEY,
owner TEXT,
name TEXT NOT NULL,
is_default INTEGER NOT NULL DEFAULT 0,
enabled INTEGER NOT NULL DEFAULT 1,
imap_host TEXT,
imap_port INTEGER,
imap_user TEXT,
imap_password TEXT,
imap_starttls INTEGER,
smtp_host TEXT,
smtp_port INTEGER,
smtp_security TEXT,
smtp_user TEXT,
smtp_password TEXT,
from_address TEXT,
created_at TEXT
)
"""
)
conn.executemany(
"""
INSERT INTO email_accounts
(id, owner, name, is_default, enabled, imap_host, imap_port, imap_user,
imap_password, imap_starttls, smtp_host, smtp_port, smtp_security,
smtp_user, smtp_password, from_address, created_at)
VALUES (?, ?, ?, ?, 1, 'imap.example.com', 993, ?, '', 1,
'smtp.example.com', 465, 'ssl', ?, '', ?, ?)
""",
[
("acct-alice", "alice", "Alice Mail", 1, "alice@example.com", "alice@example.com", "alice@example.com", "2026-01-01"),
("acct-bob", "bob", "Bob Mail", 1, "bob@example.com", "bob@example.com", "bob@example.com", "2026-01-02"),
],
)
conn.commit()
conn.close()
def test_prefix_then_encoded_word_single_space():
assert es._decode_header("Re: =?utf-8?b?SsOzc2U=?=") == "Re: J\u00f3se"
@@ -32,3 +78,139 @@ def test_plain_ascii_header_unchanged():
def test_empty_header():
assert es._decode_header("") == ""
@pytest.mark.asyncio
async def test_mcp_email_accounts_are_filtered_by_hidden_owner(tmp_path, monkeypatch):
db_path = tmp_path / "app.db"
_init_accounts_db(db_path)
monkeypatch.setattr(es, "APP_DB", str(db_path))
es._ACCOUNT_CACHE.clear()
out = await es.call_tool("list_email_accounts", {"_odysseus_owner": "alice"})
text = out[0].text
assert "Alice Mail" in text
assert "Bob Mail" not in text
@pytest.mark.asyncio
async def test_mcp_email_requires_owner_when_multiple_account_owners_exist(tmp_path, monkeypatch):
db_path = tmp_path / "app.db"
_init_accounts_db(db_path)
monkeypatch.setattr(es, "APP_DB", str(db_path))
es._ACCOUNT_CACHE.clear()
out = await es.call_tool("list_email_accounts", {})
assert "requires an authenticated owner" in out[0].text
def test_mcp_email_scoped_owner_without_visible_account_skips_legacy_fallback(tmp_path, monkeypatch):
db_path = tmp_path / "app.db"
settings_path = tmp_path / "settings.json"
_init_accounts_db(db_path)
settings_path.write_text(
json.dumps(
{
"imap_host": "legacy-imap.example.com",
"imap_user": "legacy@example.com",
"imap_password": "legacy-secret",
"smtp_host": "legacy-smtp.example.com",
"smtp_user": "legacy@example.com",
"smtp_password": "legacy-secret",
"from_address": "legacy@example.com",
}
),
encoding="utf-8",
)
monkeypatch.setattr(es, "APP_DB", str(db_path))
monkeypatch.setattr(es, "_SETTINGS_FILE", str(settings_path))
es._ACCOUNT_CACHE.clear()
token = es._CURRENT_OWNER.set("charlie")
try:
with pytest.raises(ValueError, match="No email account is configured"):
es._load_config()
finally:
es._CURRENT_OWNER.reset(token)
es._ACCOUNT_CACHE.clear()
@pytest.mark.asyncio
async def test_mcp_send_email_stages_owner_scoped_pending_draft(tmp_path, monkeypatch):
import src.constants as constants
db_path = tmp_path / "scheduled_emails.db"
monkeypatch.setattr(constants, "SCHEDULED_EMAILS_DB", str(db_path))
monkeypatch.setattr(es, "_read_agent_email_confirm_setting", lambda: True)
out = await es.call_tool(
"send_email",
{
"to": "recipient@example.com",
"subject": "Review",
"body": "Please review.",
"_odysseus_owner": "alice",
},
)
assert "Draft staged for approval" in out[0].text
assert "Nothing has been sent yet" in out[0].text
conn = sqlite3.connect(db_path)
try:
row = conn.execute(
"SELECT owner, status, to_addr, subject FROM scheduled_emails"
).fetchone()
finally:
conn.close()
assert row == ("alice", "agent_draft", "recipient@example.com", "Review")
@pytest.mark.asyncio
async def test_mcp_draft_email_document_uses_hidden_owner(monkeypatch):
import core.database as db_mod
saved = []
class FakeDocument:
def __init__(self, **kwargs):
self.__dict__.update(kwargs)
class FakeDocumentVersion:
def __init__(self, **kwargs):
self.__dict__.update(kwargs)
class FakeDb:
def add(self, obj):
saved.append(obj)
def commit(self):
pass
def close(self):
pass
monkeypatch.setattr(db_mod, "Document", FakeDocument)
monkeypatch.setattr(db_mod, "DocumentVersion", FakeDocumentVersion)
monkeypatch.setattr(db_mod, "SessionLocal", lambda: FakeDb())
monkeypatch.setattr(
es,
"_load_config",
lambda account=None: {"account_name": "Alice Mail", "account_id": "acct-alice"},
)
out = await es.call_tool(
"draft_email",
{
"to": "recipient@example.com",
"subject": "Draft subject",
"body": "Draft body",
"_odysseus_owner": "alice",
},
)
assert "Created Odysseus email draft" in out[0].text
docs = [obj for obj in saved if isinstance(obj, FakeDocument)]
assert len(docs) == 1
assert docs[0].owner == "alice"
tests/test_mcp_memory_owner_scope.py
+150
View File
@@ -0,0 +1,150 @@
import asyncio
import mcp_servers.memory_server as memory_server
from src.memory import MemoryManager
class FakeVector:
healthy = True
def __init__(self):
self.added = []
self.removed = []
def add(self, memory_id, text):
self.added.append((memory_id, text))
def remove(self, memory_id):
self.removed.append(memory_id)
def _tool_text(arguments):
result = asyncio.run(memory_server.call_tool("manage_memory", arguments))
return result[0].text
def _entry(manager, text, owner=None, memory_id=None, category="fact"):
entry = manager.add_entry(text, owner=owner, category=category)
if memory_id:
entry["id"] = memory_id
return entry
def _configure_server(monkeypatch, manager, vector=None):
monkeypatch.setattr(memory_server, "_memory_manager", manager)
monkeypatch.setattr(memory_server, "_memory_vector", vector)
monkeypatch.setattr(memory_server, "_initialized", True)
for key in memory_server._OWNER_ENV_KEYS:
monkeypatch.delenv(key, raising=False)
def test_mcp_memory_uses_configured_owner_for_all_operations(monkeypatch, tmp_path):
manager = MemoryManager(str(tmp_path))
vector = FakeVector()
alice = _entry(
manager,
"Alice likes green tea",
owner="alice",
memory_id="aaaaaaaa-0000-0000-0000-000000000000",
)
bob = _entry(
manager,
"Bob likes espresso",
owner="bob",
memory_id="bbbbbbbb-0000-0000-0000-000000000000",
)
manager.save([alice, bob])
_configure_server(monkeypatch, manager, vector)
monkeypatch.setenv("ODYSSEUS_MCP_MEMORY_OWNER", "alice")
list_text = _tool_text({"action": "list"})
assert "Alice likes green tea" in list_text
assert "Bob likes espresso" not in list_text
search_text = _tool_text({"action": "search", "text": "likes"})
assert "Alice likes green tea" in search_text
assert "Bob likes espresso" not in search_text
add_text = _tool_text({
"action": "add",
"text": "Alice prefers concise notes",
"category": "preference",
})
assert "Memory added" in add_text
added = next(
entry for entry in manager.load_all()
if entry["text"] == "Alice prefers concise notes"
)
assert added["owner"] == "alice"
assert vector.added == [(added["id"], "Alice prefers concise notes")]
edit_text = _tool_text({
"action": "edit",
"memory_id": bob["id"][:8],
"text": "Bob changed",
})
assert edit_text == "Error: Memory 'bbbbbbbb' not found"
bob_after_edit = next(
entry for entry in manager.load_all()
if entry["id"] == bob["id"]
)
assert bob_after_edit["text"] == "Bob likes espresso"
delete_text = _tool_text({"action": "delete", "memory_id": bob["id"][:8]})
assert delete_text == "Error: Memory 'bbbbbbbb' not found"
assert any(entry["id"] == bob["id"] for entry in manager.load_all())
def test_mcp_memory_fails_closed_without_owner_for_owner_scoped_store(monkeypatch, tmp_path):
manager = MemoryManager(str(tmp_path))
alice = _entry(manager, "Alice private memory", owner="alice", memory_id="aaaaaaaa-0000")
bob = _entry(manager, "Bob private memory", owner="bob", memory_id="bbbbbbbb-0000")
manager.save([alice, bob])
_configure_server(monkeypatch, manager, FakeVector())
before = manager.load_all()
actions = [
{"action": "list"},
{"action": "search", "text": "private"},
{"action": "add", "text": "new ownerless memory"},
{"action": "edit", "memory_id": alice["id"][:8], "text": "changed"},
{"action": "delete", "memory_id": alice["id"][:8]},
]
for arguments in actions:
assert _tool_text(arguments).startswith("Error: Memory MCP owner is not configured")
assert manager.load_all() == before
def test_mcp_memory_preserves_ownerless_local_behavior(monkeypatch, tmp_path):
manager = MemoryManager(str(tmp_path))
legacy = _entry(
manager,
"Legacy local memory",
memory_id="llllllll-0000-0000-0000-000000000000",
)
manager.save([legacy])
_configure_server(monkeypatch, manager, FakeVector())
assert "Legacy local memory" in _tool_text({"action": "list"})
assert "Legacy local memory" in _tool_text({"action": "search", "text": "legacy"})
add_text = _tool_text({"action": "add", "text": "Another local memory"})
assert "Memory added" in add_text
added = next(
entry for entry in manager.load_all()
if entry["text"] == "Another local memory"
)
assert "owner" not in added
assert _tool_text({
"action": "edit",
"memory_id": legacy["id"][:8],
"text": "Updated local memory",
}) == "Memory updated: Updated local memory"
assert any(entry["text"] == "Updated local memory" for entry in manager.load_all())
delete_text = _tool_text({"action": "delete", "memory_id": legacy["id"][:8]})
assert delete_text.startswith("Memory deleted:")
assert all(entry["id"] != legacy["id"] for entry in manager.load_all())
tests/test_mcp_reconnect_args.py
+2 -2
View File
@@ -8,7 +8,7 @@ from types import SimpleNamespace
def test_reconnect_passes_full_server_config():
"""do_manage_mcp reconnect must pass name/transport/command/args/env/url."""
from src.tool_implementations import do_manage_mcp
from src.agent_tools.admin_tools import do_manage_mcp
fake_mcp = MagicMock()
fake_mcp.disconnect_server = AsyncMock()
@@ -28,7 +28,7 @@ def test_reconnect_passes_full_server_config():
fake_db = MagicMock()
fake_db.query.return_value.filter.return_value.first.return_value = fake_srv
with patch("src.tool_implementations.get_mcp_manager", return_value=fake_mcp), \
with patch("src.agent_tools.admin_tools.get_mcp_manager", return_value=fake_mcp), \
patch("core.database.SessionLocal", return_value=fake_db):
result = asyncio.run(do_manage_mcp(
json.dumps({"action": "reconnect", "server_id": "srv-123"})
tests/test_memory_audit_timeout.py
+10
View File
@@ -0,0 +1,10 @@
from pathlib import Path
def test_memory_audit_uses_its_own_llm_timeout():
source = Path("app.py").read_text()
start = source.index("_TIMEOUT_EXEMPT_PREFIXES =")
end = source.index("\n)\n", start)
timeout_exemptions = source[start:end]
assert '"/api/memory/audit"' in timeout_exemptions
tests/test_memory_routes_session_owner.py
+163 -1
View File
@@ -7,11 +7,14 @@ another tenant's session and leak their chat history, session-scoped LLM
credentials, or session title.
"""
import asyncio
import io
import sys
import types
from types import SimpleNamespace
from unittest.mock import MagicMock
import pytest
from fastapi import HTTPException
from fastapi import HTTPException, UploadFile
import routes.memory_routes as mr
from src.request_models import MemoryAddRequest
@@ -46,6 +49,17 @@ def _request(user):
)
def _upload(name="memories.json"):
return UploadFile(
filename=name,
file=io.BytesIO(b'[{"text": "Project Phoenix uses Python", "category": "project"}]'),
)
def _allow_memory_management(monkeypatch):
monkeypatch.setattr("src.auth_helpers.require_privilege", lambda request, privilege: "alice")
def test_extract_rejects_other_users_session(monkeypatch):
router = _router(monkeypatch, caller="bob")
extract = _route(router, "/api/memory/extract", "POST")
@@ -69,6 +83,78 @@ def test_owner_can_access_own_session(monkeypatch):
assert out["session_name"] == "Secret project"
def test_audit_session_fallback_uses_resolver_without_manual_default(monkeypatch):
import src.task_endpoint as task_endpoint
memory_manager = MagicMock()
memory_vector = MagicMock()
session_headers = {"Authorization": "Bearer session"}
session_manager = MagicMock()
session_manager.get_session.return_value = SimpleNamespace(
owner="alice",
endpoint_url="http://session.example/v1/chat/completions",
model="session-model",
headers=session_headers,
)
router = mr.setup_memory_routes(memory_manager, session_manager, memory_vector)
audit_route = _route(router, "/api/memory/audit", "POST")
resolver_calls = []
audit_calls = []
def fake_resolve_task_endpoint(
fallback_url=None,
fallback_model=None,
fallback_headers=None,
owner=None,
):
resolver_calls.append((fallback_url, fallback_model, fallback_headers, owner))
if fallback_url and fallback_model:
return fallback_url, fallback_model, fallback_headers
return None, None, {}
async def fake_audit_memories(memory_manager_arg, memory_vector_arg, endpoint_url, model, headers, owner=None):
audit_calls.append((memory_manager_arg, memory_vector_arg, endpoint_url, model, headers, owner))
return {"before": 2, "after": 1}
fake_model_routes = types.ModuleType("routes.model_routes")
fake_model_routes._load_settings = lambda: {
"default_endpoint_id": "default",
"default_model": "default-model",
}
fake_model_routes._normalize_base = lambda base: base.rstrip("/")
fake_model_routes.build_chat_url = lambda base: f"{base}/chat/completions"
monkeypatch.setattr(mr, "resolve_task_endpoint", fake_resolve_task_endpoint)
monkeypatch.setattr(task_endpoint, "resolve_task_endpoint", fake_resolve_task_endpoint)
monkeypatch.setattr(mr, "audit_memories", fake_audit_memories)
monkeypatch.setitem(sys.modules, "routes.model_routes", fake_model_routes)
monkeypatch.setattr(
mr,
"SessionLocal",
lambda: (_ for _ in ()).throw(AssertionError("manual default branch should not run")),
)
out = asyncio.run(audit_route(request=_request("alice"), session="session-1"))
assert resolver_calls == [(
"http://session.example/v1/chat/completions",
"session-model",
session_headers,
"alice",
)]
assert audit_calls == [(
memory_manager,
memory_vector,
"http://session.example/v1/chat/completions",
"session-model",
session_headers,
"alice",
)]
assert out["ok"] is True
assert out["removed"] == 1
def test_add_memory_rejects_other_users_session(monkeypatch):
memory_manager = MagicMock()
session_manager = MagicMock()
@@ -125,3 +211,79 @@ def test_timeline_does_not_expose_other_users_session_name():
out = timeline(request=_request("alice"))
assert out["timeline"][0]["session_name"] == "Unknown"
def test_import_missing_session_uses_utility_fallback(monkeypatch):
_allow_memory_management(monkeypatch)
memory_manager = MagicMock()
session_manager = MagicMock()
session_manager.get_session.side_effect = KeyError
resolve_endpoint = MagicMock(return_value=("http://utility", "utility-model", {}))
resolve_task_endpoint = MagicMock(side_effect=AssertionError("session task endpoint should not be used"))
monkeypatch.setattr(mr, "resolve_endpoint", resolve_endpoint)
monkeypatch.setattr(mr, "resolve_task_endpoint", resolve_task_endpoint)
router = mr.setup_memory_routes(memory_manager, session_manager)
import_memories = _route(router, "/api/memory/import", "POST")
out = asyncio.run(import_memories(request=_request("alice"), session="missing-session", file=_upload()))
assert out == {
"suggestions": [{"text": "Project Phoenix uses Python", "category": "project"}],
"filename": "memories.json",
}
session_manager.get_session.assert_called_once_with("missing-session")
resolve_endpoint.assert_called_once_with("utility", owner="alice")
def test_import_foreign_session_uses_same_utility_fallback(monkeypatch):
_allow_memory_management(monkeypatch)
memory_manager = MagicMock()
session_manager = MagicMock()
session_manager.get_session.return_value = SimpleNamespace(
owner="bob",
endpoint_url="http://bob-llm",
model="bob-model",
headers={"Authorization": "Bearer bob-secret"},
)
resolve_endpoint = MagicMock(return_value=("http://utility", "utility-model", {}))
resolve_task_endpoint = MagicMock(side_effect=AssertionError("foreign session endpoint should not be used"))
monkeypatch.setattr(mr, "resolve_endpoint", resolve_endpoint)
monkeypatch.setattr(mr, "resolve_task_endpoint", resolve_task_endpoint)
router = mr.setup_memory_routes(memory_manager, session_manager)
import_memories = _route(router, "/api/memory/import", "POST")
out = asyncio.run(import_memories(request=_request("alice"), session="bob-session", file=_upload()))
assert out["suggestions"] == [{"text": "Project Phoenix uses Python", "category": "project"}]
session_manager.get_session.assert_called_once_with("bob-session")
resolve_endpoint.assert_called_once_with("utility", owner="alice")
def test_import_owned_session_uses_session_endpoint(monkeypatch):
_allow_memory_management(monkeypatch)
memory_manager = MagicMock()
session_manager = MagicMock()
session_manager.get_session.return_value = SimpleNamespace(
owner="alice",
endpoint_url="http://alice-llm",
model="alice-model",
headers={"X-Session": "alice"},
)
resolve_endpoint = MagicMock(side_effect=AssertionError("utility fallback should not be used"))
resolve_task_endpoint = MagicMock(return_value=("http://alice-task", "alice-task-model", {"X-Task": "alice"}))
monkeypatch.setattr(mr, "resolve_endpoint", resolve_endpoint)
monkeypatch.setattr(mr, "resolve_task_endpoint", resolve_task_endpoint)
router = mr.setup_memory_routes(memory_manager, session_manager)
import_memories = _route(router, "/api/memory/import", "POST")
out = asyncio.run(import_memories(request=_request("alice"), session="alice-session", file=_upload()))
assert out["suggestions"] == [{"text": "Project Phoenix uses Python", "category": "project"}]
session_manager.get_session.assert_called_once_with("alice-session")
resolve_task_endpoint.assert_called_once_with(
"http://alice-llm",
"alice-model",
{"X-Session": "alice"},
owner="alice",
)
resolve_endpoint.assert_not_called()
tests/test_misfenced_read_file_tool_call.py
+70
View File
@@ -0,0 +1,70 @@
import json
import src.agent_tools # noqa: F401 (break agent_tools<->tool_parsing import cycle)
from src.tool_parsing import parse_tool_blocks, strip_tool_blocks
def test_bash_fenced_read_file_function_call_runs_as_read_file():
blocks = parse_tool_blocks('```bash\nread_file("notes/todo.md")\n```')
assert len(blocks) == 1
assert blocks[0].tool_type == "read_file"
assert blocks[0].content == "notes/todo.md"
def test_python_fenced_read_file_function_call_runs_as_read_file():
blocks = parse_tool_blocks('```python\nread_file(path="notes/todo.md", offset=3, limit=2)\n```')
assert len(blocks) == 1
assert blocks[0].tool_type == "read_file"
assert json.loads(blocks[0].content) == {
"path": "notes/todo.md",
"offset": 3,
"limit": 2,
}
def test_bash_fenced_read_file_command_runs_as_read_file():
blocks = parse_tool_blocks('```bash\nread_file "notes/todo.md"\n```')
assert len(blocks) == 1
assert blocks[0].tool_type == "read_file"
assert blocks[0].content == "notes/todo.md"
def test_bash_fenced_read_file_json_command_runs_as_read_file():
blocks = parse_tool_blocks('```bash\nread_file {"path":"notes/todo.md","offset":1,"limit":4}\n```')
assert len(blocks) == 1
assert blocks[0].tool_type == "read_file"
assert json.loads(blocks[0].content) == {
"path": "notes/todo.md",
"offset": 1,
"limit": 4,
}
def test_multiline_bash_read_file_block_stays_bash():
blocks = parse_tool_blocks('```bash\nread_file notes/todo.md\necho done\n```')
assert len(blocks) == 1
assert blocks[0].tool_type == "bash"
assert "read_file notes/todo.md" in blocks[0].content
def test_nontrivial_python_read_file_name_stays_python_code():
blocks = parse_tool_blocks('```python\nprint(read_file("notes/todo.md"))\n```')
assert len(blocks) == 1
assert blocks[0].tool_type == "python"
def test_strip_tool_blocks_removes_rescued_read_file_fence():
text = 'Opening file:\n```bash\nread_file "notes/todo.md"\n```\nDone.'
cleaned = strip_tool_blocks(text)
assert "```" not in cleaned
assert "read_file" not in cleaned
assert "Opening file:" in cleaned
assert "Done." in cleaned
tests/test_model_context.py
+8
View File
@@ -67,6 +67,14 @@ class TestIsLocalEndpoint:
def test_private_10(self):
assert is_local_endpoint("http://10.0.0.5:8000/v1/chat/completions") is True
@pytest.mark.parametrize("host", [
"10.example-cloud.com",
"172.16.example-cloud.com",
"192.168.example-cloud.com",
])
def test_private_prefix_dns_names_are_remote(self, host):
assert is_local_endpoint(f"https://{host}/v1/chat/completions") is False
def test_tailscale_100(self):
# 100.64.0.0/10 is the CGNAT range Tailscale uses.
assert is_local_endpoint("http://100.64.0.1:5000/v1/chat/completions") is True
tests/test_model_defaults.py
+173
View File
@@ -0,0 +1,173 @@
"""Tests for share_defaults_with_users setting"""
import pytest
from types import SimpleNamespace
from unittest.mock import MagicMock
from tests.helpers.import_state import preserve_import_state
from tests.helpers.db_stubs import make_core_db_stub
with preserve_import_state("core.database", "src.database", "routes.model_routes", "routes.prefs_routes"):
import routes.model_routes as model_routes
import routes.prefs_routes as prefs_routes
import src.auth_helpers as auth_helpers
### Helper Classes
class _FakeEndpoint:
"""Minimal fake endpoint for testing"""
def __init__(self, id, base_url, is_enabled=True, owner=None):
self.id = id
self.base_url = base_url
self.is_enabled = is_enabled
self.owner = owner
self.cached_models = None
self.hidden_models = None
self.pinned_models = None
class _FakeQuery:
"""Fake query object for testing"""
def __init__(self, endpoints, user=None, include_shared=True):
self._endpoints = endpoints
self._user = user
self._include_shared = include_shared
def filter(self, *conditions):
for cond in conditions:
cond_str = str(cond)
print(f"Filter condition: {cond_str}")
if 'owner' in cond_str and 'IS NULL' not in cond_str:
self._include_shared = False
return self
def first(self):
"""Return first endpoint respecting owner filter"""
if not self._endpoints:
return None
if self._user:
for ep in self._endpoints:
ep_owner = getattr(ep, 'owner', None)
if ep_owner == self._user:
return ep
if self._include_shared and ep_owner is None:
return ep
return None
return self._endpoints[0]
def _make_db_session(endpoints, user=None):
"""Create a fake DB session that returns our fake query"""
fake_session = MagicMock()
fake_query = _FakeQuery(endpoints, user)
fake_session.query.return_value = fake_query
return fake_session
def _get_default_chat_route(router):
"""Extract the /api/default-chat GET route from the router"""
for route in router.routes:
if getattr(route, "path", "") == "/api/default-chat" and "GET" in getattr(route, "methods", set()):
return route.endpoint
raise AssertionError("GET /api/default-chat route not found")
def _make_request(user=None, auth_manager=None):
"""Create a fake request for testing"""
return SimpleNamespace(
state=SimpleNamespace(current_user=user),
app=SimpleNamespace(state=SimpleNamespace(auth_manager=auth_manager)),
client=SimpleNamespace(host="127.0.0.1"),
)
### Shared test logic
def _run_get_default_chat_test(monkeypatch, share_defaults_enabled, second_endpoint_only=False):
"""Helper function that runs get_default_chat with the given share_defaults_with_users setting."""
global_settings = {
"default_endpoint_id": "global-ep-123",
"default_model": "qwen-3.6",
"default_model_fallbacks": [
{"endpoint_id": "fallback-ep", "model": "fallback-model"}
],
"share_defaults_with_users": share_defaults_enabled
}
monkeypatch.setattr(model_routes, "_load_settings", lambda: global_settings)
monkeypatch.setattr(prefs_routes, "_load_for_user", lambda user: {})
fake_auth_manager = MagicMock()
fake_auth_manager.is_admin = lambda user: False
endpoints = [
_FakeEndpoint(
id="global-ep-123",
base_url="http://global-endpoint:8000/v1",
is_enabled=True
),
_FakeEndpoint(
id="fallback-ep",
base_url="http://fallback-endpoint:8000/v1",
is_enabled=True
)
]
# When testing fallback scenario, removes the primary endpoint
if second_endpoint_only:
endpoints = [endpoints[1]]
fake_db = _make_db_session(endpoints, user="regular_user")
monkeypatch.setattr(model_routes, "SessionLocal", lambda: fake_db)
monkeypatch.setattr(model_routes, "_normalize_base", lambda url: url)
monkeypatch.setattr(model_routes, "build_chat_url", lambda base: f"{base}/chat")
router = model_routes.setup_model_routes(model_discovery=None)
get_default_chat = _get_default_chat_route(router)
fake_request = _make_request(user="regular_user", auth_manager=fake_auth_manager)
result = get_default_chat(fake_request)
return result
### Test Functions
def test_get_default_chat_user_no_prefs_share_disabled_resolves_nothing(monkeypatch):
"""
Non-admin user without personal preferences should resolve to empty
ep_id, model, and fallbacks when share_defaults_with_users is disabled.
"""
test_data = _run_get_default_chat_test(monkeypatch, share_defaults_enabled=False)
assert test_data["endpoint_id"] == "", "Should get empty endpoint_id"
assert test_data["model"] == "", "Should get empty model"
def test_get_default_chat_user_no_prefs_share_enabled_resolves_global_defaults_fallbacks(monkeypatch):
"""
Non-admin user without personal preferences should resolve to global
defaults for ep_id, model, and fallbacks when share_defaults_with_users is enabled.
"""
test_data = _run_get_default_chat_test(monkeypatch, share_defaults_enabled=True)
assert test_data["model"] == "qwen-3.6", \
"model should be resolved from global default_model"
assert test_data["endpoint_id"] == "global-ep-123", \
"Should get global endpoint_id"
def test_get_default_chat_user_no_prefs_share_enabled_resolves_global_defaults(monkeypatch):
"""
Non-admin user without personal preferences should resolve to global
defaults for ep_id, model, and fallbacks when share_defaults_with_users is enabled.
"""
test_data = _run_get_default_chat_test(monkeypatch, share_defaults_enabled=True, second_endpoint_only=True)
assert test_data["model"] == "qwen-3.6", \
"model should be resolved from global default_model"
assert test_data["endpoint_id"] == "fallback-ep", \
"Should get global endpoint_id"
tests/test_model_interaction_registry.py
+104
View File
@@ -0,0 +1,104 @@
"""Tests for the model-interaction tools after their move to the agent_tools
registry (#3629): chat_with_model, ask_teacher, list_models.
The implementations now live in src/agent_tools/model_interaction_tools.py
(moved out of src/ai_interaction.py). These assert (1) the handlers are
registered in TOOL_HANDLERS, (2) each handler runs the moved logic and threads
session_id/owner from the ctx, and (3) tool_execution.py dispatches them
through the registry rather than the legacy dispatch_ai_tool elif.
"""
import asyncio
from pathlib import Path
import src.ai_interaction as ai_interaction
import src.llm_core as llm_core
import src.database as database
from src.agent_tools import TOOL_HANDLERS
from src.agent_tools import model_interaction_tools as mit
_MODEL_TOOLS = ("chat_with_model", "ask_teacher", "list_models")
def test_model_interaction_tools_registered():
for name in _MODEL_TOOLS:
assert name in TOOL_HANDLERS, f"{name} missing from TOOL_HANDLERS"
def test_chat_with_model_threads_owner_and_returns(monkeypatch):
seen = {}
def fake_resolve(spec, owner=None):
seen["spec"] = spec
seen["owner"] = owner
return ("http://x", "model-x", {})
async def fake_call(url, model, messages, headers=None, timeout=None):
seen["message"] = messages[-1]["content"]
return "hi back"
monkeypatch.setattr(ai_interaction, "_resolve_model", fake_resolve)
monkeypatch.setattr(llm_core, "llm_call_async", fake_call)
res = asyncio.run(mit.ChatWithModelTool().execute(
"model-x\nhello there", {"owner": "alice", "session_id": "s1"}))
assert res == {"model": "model-x", "response": "hi back"}
assert seen["owner"] == "alice"
assert seen["spec"] == "model-x"
assert seen["message"] == "hello there"
def test_ask_teacher_threads_owner_and_marks_teacher(monkeypatch):
seen = {}
def fake_resolve(spec, owner=None):
seen["owner"] = owner
return ("http://x", "teacher-x", {})
async def fake_call(url, model, messages, headers=None, timeout=None):
return "do this and that"
monkeypatch.setattr(ai_interaction, "_resolve_model", fake_resolve)
monkeypatch.setattr(llm_core, "llm_call_async", fake_call)
res = asyncio.run(mit.AskTeacherTool().execute(
"teacher-x\nI am stuck", {"owner": "bob"}))
assert res["teacher"] is True
assert res["response"] == "do this and that"
assert seen["owner"] == "bob"
def test_list_models_no_endpoints(monkeypatch):
class _Q:
def filter(self, *a, **k):
return self
def all(self):
return []
class _S:
def query(self, *a, **k):
return _Q()
def close(self):
pass
monkeypatch.setattr(database, "SessionLocal", lambda: _S())
res = asyncio.run(mit.ListModelsTool().execute("", {}))
assert res == {"results": "No enabled model endpoints configured."}
def test_dispatched_via_registry_not_dispatch_ai_tool():
"""The model tools route through the registry (_document_tool_dispatch), and
are no longer in the dispatch_ai_tool elif tuple."""
source = (Path(__file__).resolve().parent.parent / "src" / "tool_execution.py").read_text(encoding="utf-8")
assert 'elif tool in ("chat_with_model", "ask_teacher", "list_models"):' in source
marker = "from src.ai_interaction import dispatch_ai_tool"
idx = source.index(marker)
branch_head = source.rfind("elif tool in (", 0, idx)
legacy_tuple = source[branch_head:idx]
for name in _MODEL_TOOLS:
assert f'"{name}"' not in legacy_tuple, f"{name} still routed via dispatch_ai_tool"
tests/test_model_routes.py
+84 -1
View File
@@ -419,6 +419,14 @@ class TestClassifyEndpoint:
def test_private_10(self):
assert _classify_endpoint("http://10.0.0.5:8000") == "local"
@pytest.mark.parametrize("host", [
"10.example-cloud.com",
"172.16.example-cloud.com",
"192.168.example-cloud.com",
])
def test_private_prefix_dns_names_are_api(self, host):
assert _classify_endpoint(f"https://{host}/v1") == "api"
def test_public_api(self):
assert _classify_endpoint("https://api.openai.com/v1") == "api"
@@ -1286,6 +1294,14 @@ class _ImmediateThread:
self.target()
class _NoopThread:
def __init__(self, target, daemon=None):
self.target = target
def start(self):
return None
def _wait_for(predicate, timeout=2.0):
deadline = time.time() + timeout
while time.time() < deadline:
@@ -1313,6 +1329,7 @@ def _route_ep(
pinned_models=None,
refresh_mode="auto",
refresh_timeout=None,
owner=None,
):
return SimpleNamespace(
id=id,
@@ -1329,7 +1346,7 @@ def _route_ep(
model_refresh_interval=None,
model_refresh_timeout=refresh_timeout,
supports_tools=None,
owner=None,
owner=owner,
created_at=None,
updated_at=None,
)
@@ -1342,6 +1359,72 @@ def _route_request():
)
def test_api_models_rejects_api_token_without_chat_scope(monkeypatch):
router = model_routes.setup_model_routes(model_discovery=None)
def fail_session():
raise AssertionError("model DB should not be queried without chat scope")
monkeypatch.setattr(model_routes, "SessionLocal", fail_session)
request = SimpleNamespace(
state=SimpleNamespace(
current_user="api",
api_token=True,
api_token_owner="alice",
api_token_scopes=["documents:read"],
),
app=SimpleNamespace(
state=SimpleNamespace(
auth_manager=SimpleNamespace(is_configured=True, is_admin=lambda user: False),
),
),
)
with pytest.raises(HTTPException) as exc:
_route_endpoint(router, "/api/models")(request)
assert exc.value.status_code == 403
assert "chat" in str(exc.value.detail)
def test_api_models_scopes_api_token_to_token_owner(monkeypatch):
rows = [
_route_ep("alice", "http://alice.example/v1", cached_models=["alice-model"], owner="alice"),
_route_ep("shared", "http://shared.example/v1", cached_models=["shared-model"], owner=None),
_route_ep("bob", "http://bob.example/v1", cached_models=["bob-model"], owner="bob"),
]
db = _RouteDb(rows)
router = model_routes.setup_model_routes(model_discovery=None)
admin_checks = []
monkeypatch.setattr(model_routes, "ModelEndpoint", _RouteModelEndpoint)
monkeypatch.setattr(model_routes, "SessionLocal", lambda: db)
monkeypatch.setattr(threading, "Thread", _NoopThread)
request = SimpleNamespace(
state=SimpleNamespace(
current_user="api",
api_token=True,
api_token_owner="alice",
api_token_scopes=["chat"],
),
app=SimpleNamespace(
state=SimpleNamespace(
auth_manager=SimpleNamespace(
is_configured=True,
is_admin=lambda user: admin_checks.append(user) or False,
),
),
),
)
result = _route_endpoint(router, "/api/models")(request)
assert [item["endpoint_name"] for item in result["items"]] == ["alice", "shared"]
assert admin_checks == ["alice"]
def test_api_models_returns_cached_proxy_models_without_refresh_probe(monkeypatch):
row = _route_ep(
"proxy",
tests/test_notes_fail_closed_auth.py
+188
View File
@@ -0,0 +1,188 @@
"""Owner-scoped note routes must fail closed when the request has no identity.
The notes CRUD routes resolved the acting user with bare get_current_user().
A request that reached them carrying no identity (auth-middleware regression,
SSRF from a sibling service) therefore came through as user=None and the
queries treat None as the single-user mode, i.e. blanket access to every
account's notes: list everything, read/update/delete/pin/archive any row,
reorder globally.
require_user() already encodes the correct policy 401 when auth is
configured, while the documented anonymous modes (AUTH_ENABLED=false,
LOCALHOST_BYPASS on loopback, unconfigured first-run) still pass and
fire-reminder in the same file already used it. The CRUD routes now resolve
the owner through it too.
Test transport note: these drive the ASGI app through ``httpx.ASGITransport``
+ ``httpx.AsyncClient`` rather than ``starlette.testclient.TestClient``.
TestClient runs the app inside a background event-loop thread spun up by
``anyio.from_thread.start_blocking_portal`` and then dispatches each sync
endpoint onto *another* worker thread; on some anyio/httpx/platform
combinations that two-thread handshake deadlocks and ``TestClient(app).get(...)``
simply hangs. ASGITransport runs the whole request on the test's own event
loop no portal thread, no BaseHTTPMiddleware so the suite is portable.
Identity is injected by a pure-ASGI shim that writes the same
``request.state`` fields the real auth middleware sets.
"""
import uuid
from types import SimpleNamespace
import httpx
import pytest
from fastapi import FastAPI
from sqlalchemy import create_engine
from sqlalchemy.orm import sessionmaker
from sqlalchemy.pool import NullPool
import core.database as cdb
from core.database import Note
import routes.note_routes as nr
# A deliberately NON-loopback peer. require_user has loopback fall-throughs
# (unconfigured first-run, LOCALHOST_BYPASS); pinning a public-looking client
# keeps every assertion below about the *configured-auth* path and not an
# accidental loopback bypass — the same reason the old fixture leaned on
# TestClient's non-loopback "testclient" host.
_PEER = ("203.0.113.7", 54321)
class _Identity:
"""Pure-ASGI shim mirroring what the auth middleware writes onto
request.state. Pure-ASGI on purpose it stays off Starlette's
BaseHTTPMiddleware + sync-TestClient path, the source of the
``TestClient(app).get(...)`` hang. No x-test-user header => no identity,
the exact state an auth-middleware regression would produce."""
def __init__(self, app):
self.app = app
async def __call__(self, scope, receive, send):
if scope["type"] == "http":
headers = dict(scope.get("headers") or [])
state = scope.setdefault("state", {})
user = headers.get(b"x-test-user")
if user:
state["current_user"] = user.decode()
if headers.get(b"x-test-api-token"):
state["current_user"] = "api"
state["api_token"] = True
await self.app(scope, receive, send)
def _temp_db(tmp_path):
"""Note routes over a fresh temp DB; returns the session factory."""
engine = create_engine(
f"sqlite:///{tmp_path / 'notes.db'}",
connect_args={"check_same_thread": False},
poolclass=NullPool,
)
cdb.Base.metadata.create_all(engine)
return sessionmaker(bind=engine)
def _build_app(factory, *, configured=True):
app = FastAPI()
app.state.auth_manager = SimpleNamespace(is_configured=configured)
app.include_router(nr.setup_note_routes())
return _Identity(app)
def _client(app):
"""AsyncClient over the ASGI app with a non-loopback peer. Caller drives
it inside ``async with``."""
transport = httpx.ASGITransport(app=app, client=_PEER)
return httpx.AsyncClient(transport=transport, base_url="http://notes.test")
@pytest.fixture
def env(monkeypatch, tmp_path):
"""Configured-auth world: AUTH_ENABLED=true, auth_manager.is_configured,
no LOCALHOST_BYPASS. Identity comes only from the x-test-user header
(mirroring the auth middleware); no header => no identity, the exact state
an auth-middleware regression leaves behind. Seeds one note each for alice
and bob. Returns (app, factory)."""
factory = _temp_db(tmp_path)
monkeypatch.setattr(nr, "SessionLocal", factory)
monkeypatch.setenv("AUTH_ENABLED", "true")
monkeypatch.delenv("LOCALHOST_BYPASS", raising=False)
app = _build_app(factory)
db = factory()
db.add(Note(id="note-alice", owner="alice", title="a", content="x",
items='[{"text": "t", "done": false}]'))
db.add(Note(id="note-bob", owner="bob", title="b", content="y"))
db.commit()
db.close()
return app, factory
async def test_no_identity_fails_closed_on_every_owner_scoped_route(env):
app, _ = env
async with _client(app) as c:
assert (await c.get("/api/notes")).status_code == 401
assert (await c.get("/api/notes/note-alice")).status_code == 401
assert (await c.put("/api/notes/note-alice", json={"title": "pwn"})).status_code == 401
assert (await c.delete("/api/notes/note-alice")).status_code == 401
assert (await c.post("/api/notes/note-alice/pin")).status_code == 401
assert (await c.post("/api/notes/note-alice/archive")).status_code == 401
assert (await c.post("/api/notes/note-alice/items/0/toggle")).status_code == 401
assert (await c.post("/api/notes/reorder", json={"ids": ["note-bob", "note-alice"]})).status_code == 401
assert (await c.post("/api/notes", json={"title": "ghost"})).status_code == 401
async def test_no_identity_did_not_mutate_anything(env):
app, factory = env
async with _client(app) as c:
await c.put("/api/notes/note-alice", json={"title": "pwn"})
await c.post("/api/notes/note-alice/pin")
await c.delete("/api/notes/note-bob")
db = factory()
rows = {n.id: n for n in db.query(Note).all()}
db.close()
assert set(rows) == {"note-alice", "note-bob"}
assert rows["note-alice"].title == "a"
assert not rows["note-alice"].pinned
async def test_authenticated_user_still_scoped_to_own_notes(env):
app, _ = env
alice = {"x-test-user": "alice"}
async with _client(app) as c:
listed = (await c.get("/api/notes", headers=alice)).json()["notes"]
assert [n["id"] for n in listed] == ["note-alice"]
assert (await c.get("/api/notes/note-alice", headers=alice)).status_code == 200
# Someone else's note stays a 404 (don't reveal it exists).
assert (await c.get("/api/notes/note-bob", headers=alice)).status_code == 404
assert (await c.put("/api/notes/note-alice", json={"title": "mine"}, headers=alice)).status_code == 200
async def test_api_token_pseudo_user_is_rejected(env):
"""Bearer tokens must use the scope-aware API routes (require_user's
existing contract), not slip into cookie-session routes as user 'api'."""
app, _ = env
async with _client(app) as c:
r = await c.get("/api/notes", headers={"x-test-api-token": "1"})
assert r.status_code == 403
async def test_auth_disabled_keeps_single_user_mode_working(monkeypatch, tmp_path):
"""AUTH_ENABLED=false is the operator's explicit anonymous mode: no
identity must still mean full single-user access (issue #622 contract),
even with a stale configured auth.json on disk."""
factory = _temp_db(tmp_path)
monkeypatch.setattr(nr, "SessionLocal", factory)
monkeypatch.setenv("AUTH_ENABLED", "false")
app = _build_app(factory)
db = factory()
db.add(Note(id="n1", owner=None, title="solo", content="x"))
db.commit()
db.close()
async with _client(app) as c:
assert [n["id"] for n in (await c.get("/api/notes")).json()["notes"]] == ["n1"]
assert (await c.put("/api/notes/n1", json={"title": "still mine"})).status_code == 200
assert (await c.post("/api/notes/n1/pin")).status_code == 200
tests/test_notes_search_reset_on_reopen_js.py
+29
View File
@@ -0,0 +1,29 @@
"""Issue #2919 — openPanel must reset _searchQuery so a reopened Notes panel
doesn't keep filtering by a stale query (the rebuilt search box renders empty).
notes.js is a browser ES module with a heavy import chain (can't node-import in
isolation), so per the repo's DOM-coupled-guard convention — this asserts the
reset is present in openPanel, beside the existing _editingId reset.
"""
import re
from pathlib import Path
SRC = Path("static/js/notes.js").read_text(encoding="utf-8")
def _open_panel_body():
start = SRC.index("export function openPanel()")
rest = SRC[start + len("export function openPanel()"):]
m = re.search(r"\n(?:export\s+)?(?:async\s+)?function ", rest)
return rest[: m.start()] if m else rest
def test_open_panel_resets_search_query():
body = _open_panel_body()
assert "_searchQuery = ''" in body, body[:400]
# reset must sit with the other open-time state resets, before render
assert body.index("_searchQuery = ''") < body.index("_renderNotes") if "_renderNotes" in body else True
def test_module_still_declares_search_query():
assert "let _searchQuery = ''" in SRC
tests/test_notes_z_order_js.py
+139
View File
@@ -0,0 +1,139 @@
"""Node-driven regression coverage for Notes pane z-order selection.
Notes uses a body-level backdrop instead of the shared `.modal` element, so the
shared tool-window stack helper must account for both Notes and normal modals
without importing the full browser-heavy modules.
"""
import json
import shutil
import subprocess
import textwrap
from pathlib import Path
import pytest
ROOT = Path(__file__).resolve().parents[1]
HELPER = ROOT / "static" / "js" / "toolWindowZOrder.js"
pytestmark = pytest.mark.skipif(not shutil.which("node"), reason="node binary not on PATH")
def _node_eval(source: str):
proc = subprocess.run(
["node", "--input-type=module"],
input=source,
cwd=ROOT,
capture_output=True,
text=True,
timeout=30,
)
assert proc.returncode == 0, proc.stderr
return json.loads(proc.stdout.strip())
def test_notes_z_order_uses_floor_when_no_tool_windows_are_open():
values = _node_eval(
textwrap.dedent(
f"""
import {{ topToolWindowZ }} from '{HELPER.as_uri()}';
const root = {{ querySelectorAll() {{ return []; }} }};
console.log(JSON.stringify({{ z: topToolWindowZ({{ root, getStyle: () => ({{}}) }}) }}));
"""
)
)
assert values == {"z": 250}
def test_notes_z_order_lands_above_highest_visible_tool_window():
values = _node_eval(
textwrap.dedent(
f"""
import {{ topToolWindowZ }} from '{HELPER.as_uri()}';
const cls = (...names) => ({{ contains: (name) => names.includes(name) }});
const elements = [
{{ id: 'memory', classList: cls(), style: {{ zIndex: '320' }} }},
{{ id: 'research', classList: cls(), style: {{ zIndex: '415' }} }},
{{ id: 'invalid', classList: cls(), style: {{ zIndex: 'auto' }} }},
];
const root = {{ querySelectorAll() {{ return elements; }} }};
const top = topToolWindowZ({{ root, getStyle: (el) => el.style }});
console.log(JSON.stringify({{ top, notes: top + 1 }}));
"""
)
)
assert values == {"top": 415, "notes": 416}
def test_modal_z_order_handoff_lands_above_notes_tie_on_first_click():
values = _node_eval(
textwrap.dedent(
f"""
import {{ nextToolWindowZ }} from '{HELPER.as_uri()}';
const cls = (...names) => ({{ contains: (name) => names.includes(name) }});
const modal = {{ id: 'modal', classList: cls(), style: {{ zIndex: '416' }} }};
const notes = {{ id: 'notes', classList: cls(), style: {{ zIndex: '416' }} }};
const elements = [modal, notes];
const root = {{ querySelectorAll() {{ return elements; }} }};
const z = nextToolWindowZ({{
exclude: modal,
current: modal.style.zIndex,
root,
getStyle: (el) => el.style,
}});
console.log(JSON.stringify({{ z }}));
"""
)
)
assert values == {"z": 417}
def test_modal_z_order_keeps_current_z_when_already_above_stack():
values = _node_eval(
textwrap.dedent(
f"""
import {{ nextToolWindowZ }} from '{HELPER.as_uri()}';
const cls = (...names) => ({{ contains: (name) => names.includes(name) }});
const modal = {{ id: 'modal', classList: cls(), style: {{ zIndex: '420' }} }};
const notes = {{ id: 'notes', classList: cls(), style: {{ zIndex: '416' }} }};
const root = {{ querySelectorAll() {{ return [modal, notes]; }} }};
const z = nextToolWindowZ({{
exclude: modal,
current: modal.style.zIndex,
root,
getStyle: (el) => el.style,
}});
console.log(JSON.stringify({{ z }}));
"""
)
)
assert values == {"z": 420}
def test_notes_z_order_ignores_hidden_minimized_and_excluded_windows():
values = _node_eval(
textwrap.dedent(
f"""
import {{ topToolWindowZ }} from '{HELPER.as_uri()}';
const cls = (...names) => ({{ contains: (name) => names.includes(name) }});
const excluded = {{ id: 'notes', classList: cls(), style: {{ zIndex: '900' }} }};
const elements = [
excluded,
{{ id: 'hidden-class', classList: cls('hidden'), style: {{ zIndex: '800' }} }},
{{ id: 'minimized', classList: cls('modal-minimized'), style: {{ zIndex: '700' }} }},
{{ id: 'display-none', classList: cls(), style: {{ zIndex: '600', display: 'none' }} }},
{{ id: 'visibility-hidden', classList: cls(), style: {{ zIndex: '500', visibility: 'hidden' }} }},
{{ id: 'visible', classList: cls(), style: {{ zIndex: '310' }} }},
];
const root = {{ querySelectorAll() {{ return elements; }} }};
const top = topToolWindowZ({{ exclude: excluded, root, getStyle: (el) => el.style }});
console.log(JSON.stringify({{ top }}));
"""
)
)
assert values == {"top": 310}
tests/test_ollama_multimodal.py
+109
View File
@@ -0,0 +1,109 @@
"""Regression tests for Ollama-native multimodal image routing (issue #4723).
Odysseus builds user messages in OpenAI style::
{"role": "user", "content": [
{"type": "text", "text": "..."},
{"type": "image_url", "image_url": {"url": "data:image/png;base64,AAA"}},
]}
Native Ollama ``/api/chat`` does **not** accept a list for ``content``. It
expects ``content`` to be a string and images carried separately on
``images`` (a list of raw base64 strings, no ``data:`` prefix). Without
this conversion the image block silently never reaches the vision model
the model reports "I can't see the image" even though it is vision-capable
and the request succeeded.
"""
from src import llm_core
def _multimodal_msg():
return {
"role": "user",
"content": [
{"type": "text", "text": "What is in this picture?"},
{"type": "image_url", "image_url": {"url": "data:image/png;base64,AAAA"}},
{"type": "image_url", "image_url": {"url": "data:image/jpeg;base64,BBBB"}},
],
}
def test_ollama_payload_converts_openai_image_blocks_to_native_images_array():
payload = llm_core._build_ollama_payload(
"gemma4:e4b", [_multimodal_msg()], temperature=0.0, max_tokens=0,
)
msg = payload["messages"][0]
# Content must be a string, not a list — native Ollama rejects lists.
assert isinstance(msg["content"], str)
assert "What is in this picture?" in msg["content"]
# Base64 data extracted into the native images array (no data: prefix).
assert msg["images"] == ["AAAA", "BBBB"]
def test_ollama_payload_skips_http_image_url():
"""Non-data-URI image_url values are skipped with a warning because
native Ollama images[] accepts base64 only."""
msg = {
"role": "user",
"content": [
{"type": "text", "text": "Look"},
{"type": "image_url", "image_url": {"url": "https://example.com/cat.png"}},
],
}
payload = llm_core._build_ollama_payload("gemma4:e4b", [msg], temperature=0.0, max_tokens=0)
out = payload["messages"][0]
assert out["content"] == "Look"
# HTTP URL is NOT added to images — Ollama cannot fetch it.
assert "images" not in out
def test_ollama_payload_preserves_native_images_array():
"""If the caller already used Ollama's native shape, leave it alone."""
msg = {
"role": "user",
"content": "Describe",
"images": ["XXXX"],
}
payload = llm_core._build_ollama_payload("gemma4:e4b", [msg], temperature=0.0, max_tokens=0)
out = payload["messages"][0]
assert out["content"] == "Describe"
assert out["images"] == ["XXXX"]
def test_ollama_payload_merges_native_and_openai_images():
"""A message that carries both native ``images`` and OpenAI ``image_url``
blocks (e.g. assembled by different code paths) must produce one combined
list rather than drop either half."""
msg = {
"role": "user",
"content": [
{"type": "text", "text": "Hi"},
{"type": "image_url", "image_url": {"url": "data:image/png;base64,OPENAI"}},
],
"images": ["NATIVE"],
}
payload = llm_core._build_ollama_payload("gemma4:e4b", [msg], temperature=0.0, max_tokens=0)
out = payload["messages"][0]
assert out["content"] == "Hi"
assert out["images"] == ["NATIVE", "OPENAI"]
def test_ollama_payload_text_only_message_untouched():
msgs = [{"role": "user", "content": "hello"}]
payload = llm_core._build_ollama_payload("gemma4:e4b", msgs, temperature=0.0, max_tokens=0)
assert payload["messages"][0] == {"role": "user", "content": "hello"}
def test_ollama_payload_string_content_with_only_image_block():
"""A message whose content list has only image_url blocks (no text part)
still yields a non-empty content string so native Ollama accepts it."""
msg = {
"role": "user",
"content": [
{"type": "image_url", "image_url": {"url": "data:image/png;base64,QQ=="}},
],
}
payload = llm_core._build_ollama_payload("gemma4:e4b", [msg], temperature=0.0, max_tokens=0)
out = payload["messages"][0]
assert isinstance(out["content"], str)
assert out["images"] == ["QQ=="]
tests/test_personal_delete_file_confinement.py
+95
View File
@@ -0,0 +1,95 @@
import asyncio
import os
from pathlib import Path
from routes import personal_routes
class _FakePersonalDocs:
def __init__(self):
self.excluded = []
def exclude_file(self, filepath):
self.excluded.append(filepath)
class _FakeRAG:
def __init__(self):
self.deleted_sources = []
def delete_by_source(self, filepath):
self.deleted_sources.append(filepath)
return 1
def _delete_endpoint(personal_docs):
router = personal_routes.setup_personal_routes(personal_docs, None, True)
for route in router.routes:
if getattr(route, "path", "") == "/api/personal/file" and "DELETE" in getattr(route, "methods", set()):
return route.endpoint
raise AssertionError("DELETE /api/personal/file endpoint not found")
def test_delete_file_refuses_symlink_directory_escape(tmp_path, monkeypatch):
uploads = tmp_path / "uploads"
uploads.mkdir()
outside = tmp_path / "outside"
outside.mkdir()
victim = outside / "victim.txt"
victim.write_text("keep me", encoding="utf-8")
os.symlink(outside, uploads / "linked")
docs = _FakePersonalDocs()
rag = _FakeRAG()
monkeypatch.setattr(personal_routes, "UPLOADS_DIR", str(uploads))
monkeypatch.setattr(personal_routes, "get_rag_manager", lambda: rag)
filepath = str(uploads / "linked" / "victim.txt")
result = asyncio.run(_delete_endpoint(docs)(filepath=filepath, owner="alice", _admin=None))
assert result["deleted_from_disk"] is False
assert victim.read_text(encoding="utf-8") == "keep me"
assert docs.excluded == [filepath]
assert rag.deleted_sources == [filepath]
def test_delete_file_removes_regular_file_inside_upload_root(tmp_path, monkeypatch):
uploads = tmp_path / "uploads"
uploads.mkdir()
uploaded_file = uploads / "alice" / "notes.txt"
uploaded_file.parent.mkdir()
uploaded_file.write_text("delete me", encoding="utf-8")
docs = _FakePersonalDocs()
rag = _FakeRAG()
monkeypatch.setattr(personal_routes, "UPLOADS_DIR", str(uploads))
monkeypatch.setattr(personal_routes, "get_rag_manager", lambda: rag)
filepath = str(uploaded_file)
result = asyncio.run(_delete_endpoint(docs)(filepath=filepath, owner="alice", _admin=None))
assert result["deleted_from_disk"] is True
assert not uploaded_file.exists()
assert docs.excluded == [filepath]
assert rag.deleted_sources == [filepath]
def test_delete_file_refuses_other_owners_upload(tmp_path, monkeypatch):
# alice must not be able to delete a file living under bob's per-owner
# upload subdir, even though it sits inside the shared uploads root.
uploads = tmp_path / "uploads"
uploads.mkdir()
victim = uploads / "bob" / "secret.txt"
victim.parent.mkdir()
victim.write_text("keep me", encoding="utf-8")
docs = _FakePersonalDocs()
rag = _FakeRAG()
monkeypatch.setattr(personal_routes, "UPLOADS_DIR", str(uploads))
monkeypatch.setattr(personal_routes, "get_rag_manager", lambda: rag)
filepath = str(victim)
result = asyncio.run(_delete_endpoint(docs)(filepath=filepath, owner="alice", _admin=None))
assert result["deleted_from_disk"] is False
assert victim.read_text(encoding="utf-8") == "keep me"
tests/test_personal_upload_isolation.py
+42
View File
@@ -1,5 +1,6 @@
import os
from pathlib import Path
from types import SimpleNamespace
from routes import personal_routes
@@ -42,3 +43,44 @@ def test_personal_upload_paths_stay_under_upload_root(tmp_path, monkeypatch):
assert os.path.commonpath([file_path, upload_dir]) == upload_dir
assert Path(file_path).name == stored_name
assert display_name == "env"
def test_rename_personal_upload_owner_moves_files_and_rewrites_rag(tmp_path, monkeypatch):
monkeypatch.setattr(personal_routes, "UPLOADS_DIR", str(tmp_path))
old_dir = Path(personal_routes._personal_upload_dir_for_owner("alice"))
old_file = old_dir / "note.txt"
old_file.write_text("alice private RAG note", encoding="utf-8")
manager_calls = []
rag_calls = []
manager = SimpleNamespace(
rename_directory=lambda old, new, path_map=None: manager_calls.append((old, new, dict(path_map or {}))),
)
rag = SimpleNamespace(
rename_owner=lambda old, new, path_map=None, path_prefixes=None: rag_calls.append(
(old, new, dict(path_map or {}), list(path_prefixes or []))
) or {"success": True, "updated_count": 1},
)
result = personal_routes.rename_personal_upload_owner(
"alice",
"alice2",
personal_docs_manager=manager,
rag_manager=rag,
)
new_dir = Path(personal_routes._personal_upload_dir_for_owner("alice2"))
new_file = new_dir / "note.txt"
assert old_file.exists() is False
assert new_file.read_text(encoding="utf-8") == "alice private RAG note"
assert result["moved_files"] == 1
assert manager_calls == [(str(old_dir), str(new_dir), {str(old_file): str(new_file)})]
assert rag_calls == [
(
"alice",
"alice2",
{str(old_file): str(new_file)},
[(str(old_dir), str(new_dir))],
)
]
tests/test_platform_compat.py
+6 -2
View File
@@ -153,6 +153,7 @@ def test_get_wsl_windows_user_profile_prefers_powershell(monkeypatch):
def test_get_wsl_windows_user_profile_falls_back_to_users_dir(monkeypatch):
import os
monkeypatch.setattr(platform_compat, "is_wsl", lambda: True)
def raise_run(*_a, **_k):
@@ -166,11 +167,14 @@ def test_get_wsl_windows_user_profile_falls_back_to_users_dir(monkeypatch):
)
def fake_isdir(path):
return path in {"/mnt/c/Users", "/mnt/c/Users/alice"}
return os.path.normpath(path) in {
os.path.normpath("/mnt/c/Users"),
os.path.normpath("/mnt/c/Users/alice")
}
monkeypatch.setattr(platform_compat.os.path, "isdir", fake_isdir)
assert platform_compat.get_wsl_windows_user_profile() == "/mnt/c/Users/alice"
assert platform_compat.get_wsl_windows_user_profile() == os.path.join("/mnt/c/Users", "alice")
def test_get_wsl_windows_user_profile_returns_none_when_nothing_found(monkeypatch):
tests/test_portal_dropdown_z_js.py
+89
View File
@@ -0,0 +1,89 @@
"""Node-driven regression coverage for body-portaled dropdown z-order.
Tool-modal z climbs unbounded via modalManager's bring-to-front counter, so the
old hardcoded `z-index: 10001` shared by ~16 body-portaled dropdowns eventually
rendered them BEHIND their own modal in a long session (#4720). topPortalZ()
replaces every one of those literals with a value derived from the live
tool-window stack. These tests pin that it always clears both the modal stack
and the dock-chip floor, without importing the browser-heavy UI modules.
"""
import json
import shutil
import subprocess
import textwrap
from pathlib import Path
import pytest
ROOT = Path(__file__).resolve().parents[1]
HELPER = ROOT / "static" / "js" / "toolWindowZOrder.js"
pytestmark = pytest.mark.skipif(not shutil.which("node"), reason="node binary not on PATH")
def _node_eval(source: str):
proc = subprocess.run(
["node", "--input-type=module"],
input=source,
cwd=ROOT,
capture_output=True,
text=True,
timeout=30,
)
assert proc.returncode == 0, proc.stderr
return json.loads(proc.stdout.strip())
def test_portal_z_clears_dock_chip_floor_when_no_modal_is_open():
# No tool window raised → topToolWindowZ floors at 250, but a portaled
# dropdown must still clear the dock chips pinned up to 10030, so it lands
# just above that floor.
values = _node_eval(
textwrap.dedent(
f"""
import {{ topPortalZ }} from '{HELPER.as_uri()}';
const root = {{ querySelectorAll() {{ return []; }} }};
console.log(JSON.stringify({{ z: topPortalZ({{ root, getStyle: () => ({{}}) }}) }}));
"""
)
)
assert values == {"z": 10031}
def test_portal_z_sits_above_a_modal_whose_counter_has_climbed_past_10001():
# The #4720 scenario: a long session bumped the owning modal's bring-to-front
# z to 99999. A hardcoded 10001 dropdown rendered BEHIND it; topPortalZ must
# land one above the live modal z.
values = _node_eval(
textwrap.dedent(
f"""
import {{ topPortalZ }} from '{HELPER.as_uri()}';
const cls = (...names) => ({{ contains: (name) => names.includes(name) }});
const modal = {{ id: 'memory-modal', classList: cls(), style: {{ zIndex: '99999' }} }};
const root = {{ querySelectorAll() {{ return [modal]; }} }};
console.log(JSON.stringify({{ z: topPortalZ({{ root, getStyle: (el) => el.style }}) }}));
"""
)
)
assert values == {"z": 100000}
def test_portal_z_uses_chip_floor_when_the_open_modal_sits_below_it():
# A modal raised to 5000 is still below the dock-chip floor, so the floor
# (10030) wins and the dropdown lands at 10031 — never below a pinned chip.
values = _node_eval(
textwrap.dedent(
f"""
import {{ topPortalZ }} from '{HELPER.as_uri()}';
const cls = (...names) => ({{ contains: (name) => names.includes(name) }});
const modal = {{ id: 'cookbook-modal', classList: cls(), style: {{ zIndex: '5000' }} }};
const root = {{ querySelectorAll() {{ return [modal]; }} }};
console.log(JSON.stringify({{ z: topPortalZ({{ root, getStyle: (el) => el.style }}) }}));
"""
)
)
assert values == {"z": 10031}
tests/test_provider_classification.py
+18 -91
View File
@@ -1,20 +1,18 @@
"""Provider classification and upstream-error formatting (REAL src.llm_core).
"""Provider classification from a base URL (REAL src.llm_core).
ROADMAP "Backend → more tests around ... provider setup" and "Provider
setup/probing audit for Anthropic, Gemini, Groq, xAI, OpenRouter, OpenAI, and
DeepSeek". `test_provider_endpoints.py` already pins URL/header *building*; this
module pins the two pieces of provider setup that decide WHICH provider an
endpoint is and how its failures are reported to the user:
endpoint is:
* `_detect_provider` host-based provider identification (drives payload
shape, auth headers, and the /v1 collapse). The look-alike-host and
domain-in-path cases guard the hostname (not substring) matching.
* `_provider_label` the human name shown in degraded-state messages.
* `_format_upstream_error` turns a raw upstream HTTP status + body into the
one-line, provider-aware message the UI shows ("Provider probes" degraded
reporting in the roadmap).
* `_uses_max_completion_tokens` the gpt-5 / o-series quirk that the probe
and chat payload builders branch on.
Upstream-error formatting lives in `test_provider_classification_errors.py` and
the token-param quirk in `test_provider_classification_token_params.py`.
conftest.py stubs the heavy deps (sqlalchemy, src.database), so importing the
real module is side-effect free.
@@ -24,8 +22,6 @@ import pytest
from src.llm_core import (
_detect_provider,
_provider_label,
_format_upstream_error,
_uses_max_completion_tokens,
)
@@ -97,10 +93,19 @@ class TestProviderLabel:
def test_known_labels(self, url, expected):
assert _provider_label(url) == expected
def test_local_non_ollama_endpoint(self):
# A loopback host that isn't on the native Ollama /api path is just a
# generic local endpoint (e.g. an OpenAI-compatible local server).
assert _provider_label("http://localhost:8080/v1") == "local endpoint"
@pytest.mark.parametrize("url", [
"http://localhost:8080/v1",
"http://127.0.0.1:8080/v1",
"http://localhost:8000/v1",
"http://localhost:1234/v1",
"http://localhost:9999/v1",
])
def test_local_non_ollama_endpoint(self, url):
# The serving tool is NOT inferred from the port: vLLM, SGLang, llama.cpp
# and plain OpenAI-compatible servers all share 8000/8080, so a port-only
# label would mislabel real setups. The tool is identified by /props
# fingerprinting during discovery; this helper stays neutral.
assert _provider_label(url) == "local endpoint"
def test_unknown_host_returns_host(self):
assert _provider_label("https://api.unknown-llm.example/v1") == "api.unknown-llm.example"
@@ -108,81 +113,3 @@ class TestProviderLabel:
@pytest.mark.parametrize("url", ["", None])
def test_empty_returns_generic(self, url):
assert _provider_label(url) == "provider"
# ── _format_upstream_error ──
# Status + body → one-line provider-aware sentence.
class TestFormatUpstreamError:
def test_401_rejects_key_with_provider_and_detail(self):
msg = _format_upstream_error(
401, '{"error": {"message": "Invalid API key"}}', "https://api.x.ai/v1"
)
assert msg.startswith("xAI rejected the API key")
assert "Invalid API key" in msg
assert "re-paste the key" in msg
def test_403_denies_access(self):
msg = _format_upstream_error(
403, '{"error": {"message": "Forbidden"}}', "https://api.openai.com/v1"
)
assert "OpenAI denied access (403)" in msg
assert "Forbidden" in msg
def test_404_points_at_base_url(self):
msg = _format_upstream_error(404, "", "https://api.groq.com/openai/v1")
assert msg == "Groq returned 404 — check the base URL and model name."
def test_429_rate_limited(self):
msg = _format_upstream_error(
429, '{"error": {"message": "slow down"}}', "https://api.anthropic.com"
)
assert msg.startswith("Anthropic rate-limited the request (429).")
assert "slow down" in msg
def test_5xx_reported_as_outage(self):
msg = _format_upstream_error(503, "", "https://api.deepseek.com")
assert msg == "DeepSeek is having an outage (HTTP 503)."
def test_other_status_passthrough(self):
msg = _format_upstream_error(418, "", "https://api.openai.com/v1")
assert msg == "OpenAI returned HTTP 418"
def test_string_error_field(self):
msg = _format_upstream_error(401, '{"error": "bad key"}', "https://api.openai.com/v1")
assert "bad key" in msg
def test_plain_text_body_used_as_detail(self):
msg = _format_upstream_error(500, "upstream exploded", "https://api.openai.com/v1")
assert "OpenAI is having an outage (HTTP 500)." in msg
assert "upstream exploded" in msg
def test_bytes_body_is_decoded(self):
msg = _format_upstream_error(
401, b'{"error": {"message": "nope"}}', "https://api.openai.com/v1"
)
assert "nope" in msg
def test_unknown_url_falls_back_to_generic_label(self):
msg = _format_upstream_error(401, "", "")
assert msg.startswith("provider rejected the API key")
# ── _uses_max_completion_tokens ──
# gpt-5 / o-series need `max_completion_tokens`; everything else `max_tokens`.
class TestUsesMaxCompletionTokens:
@pytest.mark.parametrize("model", [
"gpt-5", "gpt-5.2", "gpt-5-mini", "o1", "o1-preview", "o3", "o3-mini",
"o4-mini", "gpt-4.5", "gpt-4.5-preview", "openrouter/openai/o3",
])
def test_requires_max_completion_tokens(self, model):
assert _uses_max_completion_tokens(model) is True
@pytest.mark.parametrize("model", [
# gpt-4o must NOT be confused with the o-series ("o4"/"o1" tokens).
"gpt-4o", "gpt-4o-mini", "gpt-4.1", "claude-opus-4", "llama-3.3-70b",
"deepseek-chat", "", None,
])
def test_uses_plain_max_tokens(self, model):
assert _uses_max_completion_tokens(model) is False
tests/test_provider_classification_errors.py
+71
View File
@@ -0,0 +1,71 @@
"""Upstream-error formatting for provider setup (REAL src.llm_core).
Split from `test_provider_classification.py` to keep error-message formatting
separate from provider identification.
* `_format_upstream_error` turns a raw upstream HTTP status + body into the
one-line, provider-aware message the UI shows ("Provider probes" degraded
reporting in the roadmap).
conftest.py stubs the heavy deps (sqlalchemy, src.database), so importing the
real module is side-effect free.
"""
from src.llm_core import _format_upstream_error
# ── _format_upstream_error ──
# Status + body → one-line provider-aware sentence.
class TestFormatUpstreamError:
def test_401_rejects_key_with_provider_and_detail(self):
msg = _format_upstream_error(
401, '{"error": {"message": "Invalid API key"}}', "https://api.x.ai/v1"
)
assert msg.startswith("xAI rejected the API key")
assert "Invalid API key" in msg
assert "re-paste the key" in msg
def test_403_denies_access(self):
msg = _format_upstream_error(
403, '{"error": {"message": "Forbidden"}}', "https://api.openai.com/v1"
)
assert "OpenAI denied access (403)" in msg
assert "Forbidden" in msg
def test_404_points_at_base_url(self):
msg = _format_upstream_error(404, "", "https://api.groq.com/openai/v1")
assert msg == "Groq returned 404 — check the base URL and model name."
def test_429_rate_limited(self):
msg = _format_upstream_error(
429, '{"error": {"message": "slow down"}}', "https://api.anthropic.com"
)
assert msg.startswith("Anthropic rate-limited the request (429).")
assert "slow down" in msg
def test_5xx_reported_as_outage(self):
msg = _format_upstream_error(503, "", "https://api.deepseek.com")
assert msg == "DeepSeek is having an outage (HTTP 503)."
def test_other_status_passthrough(self):
msg = _format_upstream_error(418, "", "https://api.openai.com/v1")
assert msg == "OpenAI returned HTTP 418"
def test_string_error_field(self):
msg = _format_upstream_error(401, '{"error": "bad key"}', "https://api.openai.com/v1")
assert "bad key" in msg
def test_plain_text_body_used_as_detail(self):
msg = _format_upstream_error(500, "upstream exploded", "https://api.openai.com/v1")
assert "OpenAI is having an outage (HTTP 500)." in msg
assert "upstream exploded" in msg
def test_bytes_body_is_decoded(self):
msg = _format_upstream_error(
401, b'{"error": {"message": "nope"}}', "https://api.openai.com/v1"
)
assert "nope" in msg
def test_unknown_url_falls_back_to_generic_label(self):
msg = _format_upstream_error(401, "", "")
assert msg.startswith("provider rejected the API key")
tests/test_provider_classification_token_params.py
+34
View File
@@ -0,0 +1,34 @@
"""Token-parameter selection for provider setup (REAL src.llm_core).
Split from `test_provider_classification.py` to keep the token-param quirk
separate from provider identification and error formatting.
* `_uses_max_completion_tokens` the gpt-5 / o-series quirk that the probe
and chat payload builders branch on.
conftest.py stubs the heavy deps (sqlalchemy, src.database), so importing the
real module is side-effect free.
"""
import pytest
from src.llm_core import _uses_max_completion_tokens
# ── _uses_max_completion_tokens ──
# gpt-5 / o-series need `max_completion_tokens`; everything else `max_tokens`.
class TestUsesMaxCompletionTokens:
@pytest.mark.parametrize("model", [
"gpt-5", "gpt-5.2", "gpt-5-mini", "o1", "o1-preview", "o3", "o3-mini",
"o4-mini", "gpt-4.5", "gpt-4.5-preview", "openrouter/openai/o3",
])
def test_requires_max_completion_tokens(self, model):
assert _uses_max_completion_tokens(model) is True
@pytest.mark.parametrize("model", [
# gpt-4o must NOT be confused with the o-series ("o4"/"o1" tokens).
"gpt-4o", "gpt-4o-mini", "gpt-4.1", "claude-opus-4", "llama-3.3-70b",
"deepseek-chat", "", None,
])
def test_uses_plain_max_tokens(self, model):
assert _uses_max_completion_tokens(model) is False

Some files were not shown because too many files have changed in this diff Show More