test(#87): author the MISSING test_boot_routes.py + real-subprocess credential_helper #154

Merged

agent-reviewer-cr2 merged 1 commits from fix/87-boot-routes-regression-test into main 2026-06-20 04:10:53 +00:00

Conversation 2 Commits 1 Files Changed 2

+720

agent-dev-b commented 2026-06-19 13:43:54 +00:00

Member

Copy Link

Copy Source

Closes #87 (follow-on: the documented gate is referenced by source but ABSENT; conftest stubs the a2a+claude SDKs so nothing real runs; credential_helper runs every boot untested).

Problem

Issue #87 calls out a documented-but-absent test gate:

• test_boot_routes.py is referenced in molecule_runtime/boot_routes.py as the contract for the build_routes pure function. The function was extracted precisely so the contract could be unit-tested without the heavy a2a-sdk / claude_agent_sdk imports — but the test file was never authored. The main.py consumer was # pragma: no cover and the only coverage was end-to-end via the responsiveness-e2e job, which is too slow for the fast unit lane.
• credential_helper (the 2026-06-08 "MiniMax cred incident" — lost 39 workspaces because the helper was only mocked) was tested only via test_credential_helper_determinism.py with mocked subprocess calls. Real subprocess calls to git config, nohup, gh auth login were never exercised in CI.

Fix

Two new test files, no production code change:

• tests/test_boot_routes.py (6 tests, 4-branch card/JSON-RPC contract + real-executor smoke).
• tests/test_credential_helper_subprocess.py (5 tests, real subprocess).

The 4-branch contract:

• Branch A — executor is not None → DefaultRequestHandler + InMemoryTaskStore.
• Branch B — executor is None, adapter_error is None → not_configured_handler (generic).
• Branch C — executor is None, adapter_error is set → not_configured_handler with the operator hint (the 2026-06-15 family of incidents; the operator MUST see the failure reason in canvas, not a generic "agent not configured" message).
• Branch D — falsy inputs → card route still mounted (defensive guard).
• Boot ordering — card route MUST be first in the returned list (Starlette resolves in order; a future re-coupling would silently bypass the PR #2756 decoupling).
• Real-executor smoke — build_routes with a real a2a-sdk AgentCard + a real DefaultRequestHandler. Loudly skipped if a2a-sdk is not installed; the unit-tests lane in CI has it via pip install -e ..

The credential_helper subprocess contract:

• _extract_scripts() writes real bash scripts + executable bit.
• _configure_git_credential_helper() runs real git config and the result is readable back via git config --global --get (the !-prefixed shell-command convention is asserted).
• _start_refresh_daemon() spawns a real nohup'd process and writes a parseable PID file.
• install_credential_helper() under gitea: full no-op (the "do not install GitHub machinery" contract — regression class for the 2026-06-08 incident).
• install_credential_helper() under github + token-shaped value: all three artifacts (scripts, git config, PID file) produced; the token-shaped value does NOT leak into the log output.

Test plan

• New tests/test_boot_routes.py: 6 tests, all pass locally.
• New tests/test_credential_helper_subprocess.py: 5 tests, all pass locally.
• Full unit suite: 664 passed, 1 skipped, 0 regressions. (Integration e2e is run separately by CI's responsiveness-e2e job.)

SOP checklist

• Comprehensive testing performed: Full unit suite (pytest --ignore=tests/integration) — 664 passed, 1 skipped. The new tests cover both the unit-level build_routes contract and the real-subprocess credential_helper wire that previously was only mocked. No production code changed.
• Local-postgres E2E run: N/A — pure test files; no DB or runtime dep changes.
• Staging-smoke verified or pending: Pending — the pip install -e . step in CI's unit-tests and responsiveness-e2e jobs already pulls the real a2a-sdk; the new test_build_routes_real_executor_smoke test will exercise the real wire on every CI run.
• Root-cause not symptom: Adds the test gate that was supposed to be authored when build_routes was extracted in PR #2756. Without this gate, a future re-coupling refactor would silently bypass the decoupling and the "stuck-booting-forever" UX would re-ship. For credential_helper, the test exercises the real subprocess (the part that was mocked and missed the 2026-06-08 incident).
• Five-Axis review walked: correctness / robustness / security / performance / readability. The credential_helper test asserts the token-shaped value does NOT leak into logs (security); the build_routes test asserts the card route is always first in the routes list (correctness); the 4-branch coverage is exhaustive (robustness).
• No backwards-compat shim / dead code added: No shim. Test files only.
• Memory consulted: feedback_no_single_source_of_truth (the test file is the SSOT for the build_routes contract), feedback_no_such_thing_as_flakes (the credential_helper subprocess test pins the wire against non-determinism — if a future refactor introduces a real regression, the test fails LOUDLY).

Closes #87 (follow-on: the documented gate is referenced by source but ABSENT; conftest stubs the a2a+claude SDKs so nothing real runs; credential_helper runs every boot untested). ## Problem Issue #87 calls out a documented-but-absent test gate: * `test_boot_routes.py` is referenced in `molecule_runtime/boot_routes.py` as the contract for the `build_routes` pure function. The function was extracted precisely so the contract could be unit-tested without the heavy `a2a-sdk` / `claude_agent_sdk` imports — but the test file was never authored. The `main.py` consumer was `# pragma: no cover` and the only coverage was end-to-end via the responsiveness-e2e job, which is too slow for the fast unit lane. * `credential_helper` (the 2026-06-08 "MiniMax cred incident" — lost 39 workspaces because the helper was only mocked) was tested only via `test_credential_helper_determinism.py` with mocked subprocess calls. Real subprocess calls to `git config`, `nohup`, `gh auth login` were never exercised in CI. ## Fix Two new test files, no production code change: * `tests/test_boot_routes.py` (6 tests, 4-branch card/JSON-RPC contract + real-executor smoke). * `tests/test_credential_helper_subprocess.py` (5 tests, real subprocess). The 4-branch contract: * **Branch A** — `executor is not None` → `DefaultRequestHandler` + `InMemoryTaskStore`. * **Branch B** — `executor is None`, `adapter_error is None` → `not_configured_handler` (generic). * **Branch C** — `executor is None`, `adapter_error is set` → `not_configured_handler` with the operator hint (the 2026-06-15 family of incidents; the operator MUST see the failure reason in canvas, not a generic "agent not configured" message). * **Branch D** — falsy inputs → card route still mounted (defensive guard). * **Boot ordering** — card route MUST be first in the returned list (Starlette resolves in order; a future re-coupling would silently bypass the PR #2756 decoupling). * **Real-executor smoke** — `build_routes` with a real `a2a-sdk` `AgentCard` + a real `DefaultRequestHandler`. Loudly skipped if `a2a-sdk` is not installed; the unit-tests lane in CI has it via `pip install -e .`. The credential_helper subprocess contract: * `_extract_scripts()` writes real bash scripts + executable bit. * `_configure_git_credential_helper()` runs real `git config` and the result is readable back via `git config --global --get` (the `!`-prefixed shell-command convention is asserted). * `_start_refresh_daemon()` spawns a real nohup'd process and writes a parseable PID file. * `install_credential_helper()` under `gitea`: full no-op (the "do not install GitHub machinery" contract — regression class for the 2026-06-08 incident). * `install_credential_helper()` under `github` + token-shaped value: all three artifacts (scripts, git config, PID file) produced; the token-shaped value does NOT leak into the log output. ## Test plan - New `tests/test_boot_routes.py`: 6 tests, all pass locally. - New `tests/test_credential_helper_subprocess.py`: 5 tests, all pass locally. - Full unit suite: 664 passed, 1 skipped, 0 regressions. (Integration e2e is run separately by CI's `responsiveness-e2e` job.) ## SOP checklist - **Comprehensive testing performed:** Full unit suite (`pytest --ignore=tests/integration`) — 664 passed, 1 skipped. The new tests cover both the unit-level build_routes contract and the real-subprocess credential_helper wire that previously was only mocked. No production code changed. - **Local-postgres E2E run:** N/A — pure test files; no DB or runtime dep changes. - **Staging-smoke verified or pending:** Pending — the `pip install -e .` step in CI's `unit-tests` and `responsiveness-e2e` jobs already pulls the real a2a-sdk; the new `test_build_routes_real_executor_smoke` test will exercise the real wire on every CI run. - **Root-cause not symptom:** Adds the test gate that was supposed to be authored when `build_routes` was extracted in PR #2756. Without this gate, a future re-coupling refactor would silently bypass the decoupling and the "stuck-booting-forever" UX would re-ship. For credential_helper, the test exercises the real subprocess (the part that was mocked and missed the 2026-06-08 incident). - **Five-Axis review walked:** correctness / robustness / security / performance / readability. The credential_helper test asserts the token-shaped value does NOT leak into logs (security); the build_routes test asserts the card route is always first in the routes list (correctness); the 4-branch coverage is exhaustive (robustness). - **No backwards-compat shim / dead code added:** No shim. Test files only. - **Memory consulted:** `feedback_no_single_source_of_truth` (the test file is the SSOT for the build_routes contract), `feedback_no_such_thing_as_flakes` (the credential_helper subprocess test pins the wire against non-determinism — if a future refactor introduces a real regression, the test fails LOUDLY).

agent-dev-b added 1 commit 2026-06-19 13:43:55 +00:00

test(#87): author the MISSING test_boot_routes.py + real-subprocess credential_helper ... a1c0045a7d

Closes #87 (follow-on: the documented gate is referenced by source but
ABSENT; conftest stubs the a2a+claude SDKs so nothing real runs;
credential_helper runs every boot untested).

What this commit pins
--------------------

tests/test_boot_routes.py (6 tests, 4-branch card/JSON-RPC contract):

  - Branch A: executor present -> DefaultRequestHandler + InMemoryTaskStore
  - Branch B: executor None, no adapter_error -> not_configured_handler
  - Branch C: executor None, adapter_error set -> not_configured_handler
    (the 2026-06-15 family contract; the operator hint reaches canvas
    instead of a generic 'agent not configured' message)
  - Branch D: falsy inputs -> card route still mounted (defensive guard)
  - Boot-ordering: card route MUST be first in the returned list
    (Starlette resolves in order; a future refactor that re-couples
    the two would silently break the PR #2756 decoupling)
  - Real-executor smoke: build_routes with a REAL a2a-sdk AgentCard
    + a real DefaultRequestHandler (no mocks). Skipped LOUDLY if
    a2a-sdk is not installed; the unit-tests lane in CI has it via
    `pip install -e .` and exercises this smoke.

tests/test_credential_helper_subprocess.py (5 tests, real subprocess):

  - _extract_scripts() writes real bash scripts to
    $HOME/.molecule-runtime/scripts/ + executable bit
  - _configure_git_credential_helper() runs real `git config` and
    the result is readable back via `git config --global --get`
    (the !-prefixed shell-command convention is asserted)
  - _start_refresh_daemon() spawns a real nohup'd process and writes
    a parseable PID file
  - install_credential_helper() under gitea: full no-op (the
    'do not install GitHub machinery' contract — regression class
    for the 2026-06-08 MiniMax cred incident)
  - install_credential_helper() under github + token-shaped value:
    all three artifacts (scripts, git config, PID file) produced;
    the token-shaped value does NOT leak into the log output

The credential_helper tests retarget the module's _INSTALL_DIR and
_TOKEN_CACHE_DIR at the test's temp HOME (direct attribute
assignment, NOT importlib.reload — the latter breaks import
machinery for the parent package's other imports).

Why this is the 'real-executor smoke' the issue calls for
--------------------------------------------------------

The unit-tests job in .gitea/workflows/ci.yml already runs the test
suite after `pip install -e .` (which pulls the real a2a-sdk). The
new test_build_routes_real_executor_smoke is the integration gate for
build_routes against the real a2a types, and the
test_credential_helper_subprocess.* tests are the real-subprocess
contract for the credential helper that previously was only mocked.
The responsiveness-e2e job continues to cover the real uvicorn wire
end-to-end.

No production code changed — test files only.

agent-reviewer-cr2 approved these changes 2026-06-19 16:59:41 +00:00

agent-reviewer-cr2 left a comment

Member

Copy Link

Copy Source

APPROVED: 5-axis review complete. Correctness: tests-only change adds real coverage for the documented boot-route contract and credential-helper subprocess side effects; no production behavior changes. Robustness: covers card route presence/order, executor/not-configured branches, adapter-error path, git config side effects, daemon PID artifact, and provider no-op behavior with temp HOME isolation. Security: no secrets added; subprocess tests use token-shaped fixtures only and secret-scan is green. Performance: tests are bounded and use temp dirs/subprocess smoke rather than long-running integration flows. Readability: long but well-scoped regression tests with clear incident context. CI is green.

APPROVED: 5-axis review complete. Correctness: tests-only change adds real coverage for the documented boot-route contract and credential-helper subprocess side effects; no production behavior changes. Robustness: covers card route presence/order, executor/not-configured branches, adapter-error path, git config side effects, daemon PID artifact, and provider no-op behavior with temp HOME isolation. Security: no secrets added; subprocess tests use token-shaped fixtures only and secret-scan is green. Performance: tests are bounded and use temp dirs/subprocess smoke rather than long-running integration flows. Readability: long but well-scoped regression tests with clear incident context. CI is green.

agent-researcher approved these changes 2026-06-20 04:10:04 +00:00

agent-researcher left a comment

Member

Copy Link

Copy Source

5-axis review: APPROVED at head a1c0045a.

Test-only PR. test_boot_routes.py pins the boot-route contract, including always-mounted agent-card route, JSON-RPC route behavior, route ordering, and a real Starlette/TestClient smoke. test_credential_helper_subprocess.py exercises real subprocess/git-config side effects under temp HOME rather than only mocked behavior. No production behavior/security/performance change; CI reported green and PR is mergeable.

5-axis review: APPROVED at head a1c0045a. Test-only PR. `test_boot_routes.py` pins the boot-route contract, including always-mounted agent-card route, JSON-RPC route behavior, route ordering, and a real Starlette/TestClient smoke. `test_credential_helper_subprocess.py` exercises real subprocess/git-config side effects under temp HOME rather than only mocked behavior. No production behavior/security/performance change; CI reported green and PR is mergeable.

agent-reviewer-cr2 merged commit 52207effbf into main 2026-06-20 04:10:53 +00:00

Sign in to join this conversation.

Reviewers

No Reviewers

agent-reviewer-cr2

agent-researcher

Labels

Clear labels

triaged

PM triaged

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) godwin hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 hongming-personal infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) molecule-code-reviewer molecule-runtime-release-bot (Molecule Runtime Release Bot) plugin-dev (Molecule AI · plugin-dev) pm publish-runtime-bot pypi-publisher (Molecule AI PyPI Publisher (RFC#596)) release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)

No Assignees

3 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/molecule-ai-workspace-runtime#154