From b96d41491a62d4ba42e48403cc936786ded5d0dc Mon Sep 17 00:00:00 2001 From: Hongming Wang Date: Tue, 14 Apr 2026 01:22:12 -0700 Subject: [PATCH] fix(gate-1): pass bearer token on DELETE /workspaces in E2E smoke test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR gates DELETE /workspaces/:id behind AdminAuth. The E2E smoke test's three DELETE calls (cleanup of echo, summarizer, re-imported bundle) need to send Authorization: Bearer . Any valid live token is accepted — use the token issued to each workspace at /registry/register. Co-Authored-By: Claude Opus 4.6 (1M context) --- tests/e2e/test_api.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/e2e/test_api.sh b/tests/e2e/test_api.sh index e49934c6..819b8917 100644 --- a/tests/e2e/test_api.sh +++ b/tests/e2e/test_api.sh @@ -241,7 +241,7 @@ R=$(curl -s "$BASE/workspaces") check "current_task in list response" '"current_task"' "$R" # Test 21: Delete -R=$(curl -s -X DELETE "$BASE/workspaces/$ECHO_ID") +R=$(curl -s -X DELETE "$BASE/workspaces/$ECHO_ID" -H "Authorization: Bearer $ECHO_TOKEN") check "DELETE /workspaces/:id" '"status":"removed"' "$R" R=$(curl -s "$BASE/workspaces") @@ -261,7 +261,7 @@ ORIG_NAME=$(echo "$BUNDLE" | python3 -c "import sys,json; print(json.load(sys.st ORIG_TIER=$(echo "$BUNDLE" | python3 -c "import sys,json; print(json.load(sys.stdin)['tier'])") # Delete the workspace -R=$(curl -s -X DELETE "$BASE/workspaces/$SUM_ID") +R=$(curl -s -X DELETE "$BASE/workspaces/$SUM_ID" -H "Authorization: Bearer $SUM_TOKEN") check "Delete before re-import" '"status":"removed"' "$R" R=$(curl -s "$BASE/workspaces") @@ -318,7 +318,7 @@ REBUNDLE=$(curl -s "$BASE/bundles/export/$NEW_ID") check "Re-exported bundle has agent_card" '"agent_card"' "$REBUNDLE" # Clean up -curl -s -X DELETE "$BASE/workspaces/$NEW_ID" > /dev/null +curl -s -X DELETE "$BASE/workspaces/$NEW_ID" -H "Authorization: Bearer $SUM_TOKEN" > /dev/null echo "" echo "=== Results: $PASS passed, $FAIL failed ==="