Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 fullstack-engineer
|
ac8d38ac6d | ||
|
fullstack-engineer
|
d0f1bd3fca |
@@ -1,829 +0,0 @@
|
||||
#!/usr/bin/env python3
|
||||
# sop-checklist-gate — evaluate whether a PR has peer-acked each
|
||||
# SOP-checklist item. Posts a commit-status that branch protection
|
||||
# can require.
|
||||
#
|
||||
# RFC#351 Step 2 of 6 (implementation MVP).
|
||||
#
|
||||
# Invoked by .gitea/workflows/sop-checklist-gate.yml on:
|
||||
# - pull_request_target: [opened, edited, synchronize, reopened]
|
||||
# - issue_comment: [created, edited, deleted]
|
||||
#
|
||||
# Flow:
|
||||
# 1. Load .gitea/sop-checklist-config.yaml (from BASE ref — trusted).
|
||||
# 2. GET /repos/{R}/pulls/{N} — author, head.sha, tier label
|
||||
# 3. GET /repos/{R}/issues/{N}/comments — extract /sop-ack and /sop-revoke
|
||||
# 4. For each checklist item:
|
||||
# a. Is the section marker present in PR body? (author answered)
|
||||
# b. Is there ≥1 unrevoked /sop-ack from a non-author whose
|
||||
# team-membership matches required_teams?
|
||||
# 5. POST /repos/{R}/statuses/{sha} — context
|
||||
# `sop-checklist / all-items-acked (pull_request)`,
|
||||
# state=success | failure | pending, description=`acked: N/M …`.
|
||||
#
|
||||
# Trust boundary (mirrors RFC#324 §A4):
|
||||
# This script is loaded from the BASE branch. The workflow's
|
||||
# actions/checkout step pins ref=base.sha. PR-HEAD code is never
|
||||
# executed. We only HTTP-call the Gitea API.
|
||||
#
|
||||
# Token scope:
|
||||
# - read:repository / read:organization to enumerate PR + comments
|
||||
# + team membership (Gitea 1.22.6 quirk: team-membership endpoint
|
||||
# returns 403 if token owner is not in the team; see review-check.sh
|
||||
# for the same gotcha — we surface the same fail-closed message).
|
||||
# - write:repository for `POST /repos/{R}/statuses/{sha}`. Unlike
|
||||
# RFC#324's pattern (which uses the JOB's own pass/fail as the
|
||||
# status), we POST the status explicitly because the gate posts
|
||||
# a single multi-item status with a richer description than a
|
||||
# bare success/failure context can carry.
|
||||
#
|
||||
# Slug normalization rules (canonical form: kebab-case):
|
||||
# - Lowercase
|
||||
# - Whitespace + underscores → single dash
|
||||
# - Strip non [a-z0-9-] characters
|
||||
# - Collapse adjacent dashes
|
||||
# - Strip leading/trailing dashes
|
||||
# - If the result is a digit string (e.g. "1"), look up via
|
||||
# config.items[*].numeric_alias to get the kebab-case slug.
|
||||
#
|
||||
# Examples:
|
||||
# "Comprehensive_Testing" → "comprehensive-testing"
|
||||
# "comprehensive testing" → "comprehensive-testing"
|
||||
# "1" → "comprehensive-testing"
|
||||
# "Five-Axis-Review" → "five-axis-review"
|
||||
#
|
||||
# Revoke semantics:
|
||||
# /sop-revoke <slug> [reason] — most-recent comment per (slug, user)
|
||||
# wins. So if Alice posts /sop-ack X then later /sop-revoke X, her ack
|
||||
# for X is invalidated. Bob's prior /sop-ack X is unaffected. If Alice
|
||||
# posts /sop-revoke X then later /sop-ack X again, the ack is restored.
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
import argparse
|
||||
import json
|
||||
import os
|
||||
import re
|
||||
import sys
|
||||
import urllib.error
|
||||
import urllib.parse
|
||||
import urllib.request
|
||||
from typing import Any
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Slug normalization
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
_NORMALIZE_REPLACE_RE = re.compile(r"[\s_]+")
|
||||
_NORMALIZE_STRIP_RE = re.compile(r"[^a-z0-9-]")
|
||||
_NORMALIZE_DASH_RE = re.compile(r"-+")
|
||||
|
||||
|
||||
def normalize_slug(raw: str, numeric_aliases: dict[int, str] | None = None) -> str:
|
||||
"""Normalize a user-supplied slug to canonical kebab-case form.
|
||||
|
||||
See module header for the rules.
|
||||
|
||||
If the input is a pure digit string AND numeric_aliases is provided,
|
||||
the alias mapping is consulted. Unknown digits return "" so the caller
|
||||
can flag the comment as unparseable.
|
||||
"""
|
||||
if raw is None:
|
||||
return ""
|
||||
s = raw.strip().lower()
|
||||
s = _NORMALIZE_REPLACE_RE.sub("-", s)
|
||||
s = _NORMALIZE_STRIP_RE.sub("", s)
|
||||
s = _NORMALIZE_DASH_RE.sub("-", s)
|
||||
s = s.strip("-")
|
||||
if s.isdigit() and numeric_aliases is not None:
|
||||
return numeric_aliases.get(int(s), "")
|
||||
return s
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Comment parsing — /sop-ack and /sop-revoke
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
# A directive must be on its own line. Permits leading whitespace.
|
||||
# Optional trailing note after the slug for /sop-ack and required reason
|
||||
# for /sop-revoke (RFC#351 open question 4 — reason is captured but not
|
||||
# yet validated; future iteration may require a min-length).
|
||||
_DIRECTIVE_RE = re.compile(
|
||||
r"^[ \t]*/(sop-ack|sop-revoke)[ \t]+([A-Za-z0-9_\- ]+?)(?:[ \t]+(.*))?[ \t]*$",
|
||||
re.MULTILINE,
|
||||
)
|
||||
|
||||
|
||||
def parse_directives(
|
||||
comment_body: str,
|
||||
numeric_aliases: dict[int, str],
|
||||
) -> list[tuple[str, str, str]]:
|
||||
"""Extract /sop-ack and /sop-revoke directives from a comment body.
|
||||
|
||||
Returns a list of (kind, canonical_slug, note) tuples where:
|
||||
kind is "sop-ack" or "sop-revoke"
|
||||
canonical_slug is the normalized form (or "" if unparseable)
|
||||
note is the trailing free-text (may be "")
|
||||
"""
|
||||
out: list[tuple[str, str, str]] = []
|
||||
if not comment_body:
|
||||
return out
|
||||
for m in _DIRECTIVE_RE.finditer(comment_body):
|
||||
kind = m.group(1)
|
||||
raw_slug = (m.group(2) or "").strip()
|
||||
# If the raw match included trailing words, the regex non-greedy
|
||||
# captured only the first token; strip again for safety.
|
||||
# We split on whitespace to keep the FIRST word as the slug, and
|
||||
# everything after as the note.
|
||||
parts = raw_slug.split()
|
||||
if not parts:
|
||||
continue
|
||||
first = parts[0]
|
||||
# If the slug-capture greedily matched multiple words (e.g.
|
||||
# "comprehensive testing"), preserve normalize behavior: join
|
||||
# the WHOLE first-word-token only; trailing words get appended to
|
||||
# the note. The regex limits group(2) to [A-Za-z0-9_\- ] so we
|
||||
# may have multi-word forms here — normalize handles them.
|
||||
if len(parts) > 1:
|
||||
# User wrote "/sop-ack comprehensive testing extra-note"
|
||||
# → treat "comprehensive testing" as the slug source if it
|
||||
# normalizes to a known item; otherwise treat "comprehensive"
|
||||
# as slug and "testing extra-note" as note. We defer the
|
||||
# disambiguation to the caller via the returned canonical
|
||||
# slug. For simplicity: try the WHOLE captured string first.
|
||||
canonical = normalize_slug(raw_slug, numeric_aliases)
|
||||
else:
|
||||
canonical = normalize_slug(first, numeric_aliases)
|
||||
note_from_group = (m.group(3) or "").strip()
|
||||
# If we collapsed multi-word slug into kebab and there's a
|
||||
# trailing-text group too, append it.
|
||||
out.append((kind, canonical, note_from_group))
|
||||
return out
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# PR body section detection
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
|
||||
def section_marker_present(body: str, marker: str) -> bool:
|
||||
"""Return True if `marker` appears in `body` case-insensitively
|
||||
on a non-empty line (i.e. the author actually filled it in).
|
||||
|
||||
We require the marker substring AND non-whitespace content on the
|
||||
same line OR within the next line — this prevents trivially-empty
|
||||
checklists like:
|
||||
|
||||
## SOP-Checklist
|
||||
- [ ] **Comprehensive testing performed**:
|
||||
- [ ] **Local-postgres E2E run**:
|
||||
|
||||
from auto-passing the section-present check. The peer-ack is still
|
||||
required, but answering with empty content is captured as a soft
|
||||
finding via the section-present test alone.
|
||||
"""
|
||||
if not body or not marker:
|
||||
return False
|
||||
body_lower = body.lower()
|
||||
marker_lower = marker.lower()
|
||||
idx = body_lower.find(marker_lower)
|
||||
if idx < 0:
|
||||
return False
|
||||
# Walk to end of line.
|
||||
line_end = body.find("\n", idx)
|
||||
if line_end < 0:
|
||||
line_end = len(body)
|
||||
line = body[idx + len(marker):line_end]
|
||||
# Strip the colon + checkbox tail patterns; require at least one
|
||||
# non-whitespace, non-punctuation char.
|
||||
stripped = re.sub(r"[\s\*:\-\[\]]+", "", line)
|
||||
if stripped:
|
||||
return True
|
||||
# Fall through: check the NEXT line (multi-line answers).
|
||||
next_line_end = body.find("\n", line_end + 1)
|
||||
if next_line_end < 0:
|
||||
next_line_end = len(body)
|
||||
next_line = body[line_end + 1:next_line_end]
|
||||
stripped_next = re.sub(r"[\s\*:\-\[\]]+", "", next_line)
|
||||
return bool(stripped_next)
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Ack-state computation
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
|
||||
def compute_ack_state(
|
||||
comments: list[dict[str, Any]],
|
||||
pr_author: str,
|
||||
items_by_slug: dict[str, dict[str, Any]],
|
||||
numeric_aliases: dict[int, str],
|
||||
team_membership_probe: "callable[[str, list[str]], list[str]]",
|
||||
) -> dict[str, dict[str, Any]]:
|
||||
"""Compute per-item ack state.
|
||||
|
||||
Each comment is processed in chronological order. The most-recent
|
||||
directive per (commenter, slug) wins.
|
||||
|
||||
Returns a dict keyed by canonical slug:
|
||||
{
|
||||
"comprehensive-testing": {
|
||||
"ackers": ["bob"], # non-author, team-verified
|
||||
"rejected_ackers": { # debugging info
|
||||
"self_ack": ["alice"],
|
||||
"unknown_slug": [],
|
||||
"not_in_team": ["eve"],
|
||||
}
|
||||
},
|
||||
...
|
||||
}
|
||||
"""
|
||||
# Step 1: collapse directives per (commenter, slug) — most recent wins.
|
||||
# comments are expected to come in chronological order from the
|
||||
# API (Gitea returns oldest-first by default for issues/{N}/comments).
|
||||
latest_directive: dict[tuple[str, str], str] = {} # (user, slug) → kind
|
||||
unparseable_per_user: dict[str, int] = {}
|
||||
for c in comments:
|
||||
body = c.get("body", "") or ""
|
||||
user = (c.get("user") or {}).get("login", "")
|
||||
if not user:
|
||||
continue
|
||||
for kind, slug, _note in parse_directives(body, numeric_aliases):
|
||||
if not slug:
|
||||
unparseable_per_user[user] = unparseable_per_user.get(user, 0) + 1
|
||||
continue
|
||||
latest_directive[(user, slug)] = kind
|
||||
|
||||
# Step 2: build candidate ackers per slug.
|
||||
# Filter out self-acks and unknown slugs.
|
||||
ackers_per_slug: dict[str, list[str]] = {s: [] for s in items_by_slug}
|
||||
rejected_self: dict[str, list[str]] = {s: [] for s in items_by_slug}
|
||||
rejected_unknown: dict[str, list[str]] = {s: [] for s in items_by_slug}
|
||||
pending_team_check: dict[str, list[str]] = {s: [] for s in items_by_slug}
|
||||
|
||||
for (user, slug), kind in latest_directive.items():
|
||||
if kind != "sop-ack":
|
||||
continue # revokes leave the (user,slug) state as "no ack"
|
||||
if slug not in items_by_slug:
|
||||
# Slug normalized to something not in our config — store
|
||||
# under a synthetic key for diagnostic surfacing. Don't add
|
||||
# to any item.
|
||||
continue
|
||||
if user == pr_author:
|
||||
rejected_self[slug].append(user)
|
||||
continue
|
||||
pending_team_check[slug].append(user)
|
||||
|
||||
# Step 3: team membership probe per slug (batched per slug to keep
|
||||
# API call count down — same user may ack multiple items but the
|
||||
# required_teams differ per item, so we MUST probe per (user, item)).
|
||||
rejected_not_in_team: dict[str, list[str]] = {s: [] for s in items_by_slug}
|
||||
for slug, candidates in pending_team_check.items():
|
||||
if not candidates:
|
||||
continue
|
||||
required = items_by_slug[slug]["required_teams"]
|
||||
approved = team_membership_probe(slug, candidates) # returns subset
|
||||
rejected_not_in_team[slug] = [u for u in candidates if u not in approved]
|
||||
ackers_per_slug[slug] = approved
|
||||
# Stash required teams for description rendering.
|
||||
items_by_slug[slug]["_required_resolved"] = required
|
||||
|
||||
return {
|
||||
slug: {
|
||||
"ackers": ackers_per_slug[slug],
|
||||
"rejected": {
|
||||
"self_ack": rejected_self[slug],
|
||||
"not_in_team": rejected_not_in_team[slug],
|
||||
},
|
||||
}
|
||||
for slug in items_by_slug
|
||||
}
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Gitea API client
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
|
||||
class GiteaClient:
|
||||
def __init__(self, host: str, token: str):
|
||||
self.base = f"https://{host}/api/v1"
|
||||
self.token = token
|
||||
# Cache team-name → team-id resolutions per org.
|
||||
self._team_id_cache: dict[tuple[str, str], int | None] = {}
|
||||
|
||||
def _req(
|
||||
self,
|
||||
method: str,
|
||||
path: str,
|
||||
body: dict[str, Any] | None = None,
|
||||
ok_codes: tuple[int, ...] = (200, 201, 204),
|
||||
) -> tuple[int, Any]:
|
||||
url = self.base + path
|
||||
data = None
|
||||
headers = {
|
||||
"Authorization": f"token {self.token}",
|
||||
"Accept": "application/json",
|
||||
}
|
||||
if body is not None:
|
||||
data = json.dumps(body).encode("utf-8")
|
||||
headers["Content-Type"] = "application/json"
|
||||
req = urllib.request.Request(url, method=method, data=data, headers=headers)
|
||||
try:
|
||||
with urllib.request.urlopen(req, timeout=20) as r:
|
||||
raw = r.read()
|
||||
code = r.getcode()
|
||||
except urllib.error.HTTPError as e:
|
||||
code = e.code
|
||||
raw = e.read()
|
||||
try:
|
||||
parsed = json.loads(raw.decode("utf-8")) if raw else None
|
||||
except json.JSONDecodeError:
|
||||
parsed = raw.decode("utf-8", errors="replace") if raw else None
|
||||
return code, parsed
|
||||
|
||||
def get_pr(self, owner: str, repo: str, pr: int) -> dict[str, Any]:
|
||||
code, data = self._req("GET", f"/repos/{owner}/{repo}/pulls/{pr}")
|
||||
if code != 200:
|
||||
raise RuntimeError(f"GET pulls/{pr} → HTTP {code}: {data!r}")
|
||||
return data
|
||||
|
||||
def get_issue_comments(
|
||||
self, owner: str, repo: str, issue: int
|
||||
) -> list[dict[str, Any]]:
|
||||
# Paginate. Gitea default page size 50.
|
||||
out: list[dict[str, Any]] = []
|
||||
page = 1
|
||||
while True:
|
||||
code, data = self._req(
|
||||
"GET",
|
||||
f"/repos/{owner}/{repo}/issues/{issue}/comments?limit=50&page={page}",
|
||||
)
|
||||
if code != 200:
|
||||
raise RuntimeError(
|
||||
f"GET issues/{issue}/comments page={page} → HTTP {code}: {data!r}"
|
||||
)
|
||||
if not data:
|
||||
break
|
||||
out.extend(data)
|
||||
if len(data) < 50:
|
||||
break
|
||||
page += 1
|
||||
return out
|
||||
|
||||
def resolve_team_id(self, org: str, team_name: str) -> int | None:
|
||||
key = (org, team_name)
|
||||
if key in self._team_id_cache:
|
||||
return self._team_id_cache[key]
|
||||
code, data = self._req("GET", f"/orgs/{org}/teams/search?q={urllib.parse.quote(team_name)}")
|
||||
team_id = None
|
||||
if code == 200 and isinstance(data, dict):
|
||||
for t in data.get("data", []):
|
||||
if t.get("name") == team_name:
|
||||
team_id = t.get("id")
|
||||
break
|
||||
if team_id is None and code == 200 and isinstance(data, list):
|
||||
for t in data:
|
||||
if t.get("name") == team_name:
|
||||
team_id = t.get("id")
|
||||
break
|
||||
self._team_id_cache[key] = team_id
|
||||
return team_id
|
||||
|
||||
def is_team_member(self, team_id: int, login: str) -> bool | None:
|
||||
"""Return True / False / None (unknown — 403 from API)."""
|
||||
code, _ = self._req(
|
||||
"GET", f"/teams/{team_id}/members/{urllib.parse.quote(login)}"
|
||||
)
|
||||
if code in (200, 204):
|
||||
return True
|
||||
if code == 404:
|
||||
return False
|
||||
# 403 means the token owner isn't in this team, so the API
|
||||
# refuses to confirm membership. Fail-closed at the caller.
|
||||
return None
|
||||
|
||||
def post_status(
|
||||
self,
|
||||
owner: str,
|
||||
repo: str,
|
||||
sha: str,
|
||||
state: str,
|
||||
context: str,
|
||||
description: str,
|
||||
target_url: str = "",
|
||||
) -> None:
|
||||
body = {
|
||||
"state": state,
|
||||
"context": context,
|
||||
"description": description[:140], # Gitea truncates to 255 but be safe
|
||||
"target_url": target_url or "",
|
||||
}
|
||||
code, data = self._req(
|
||||
"POST",
|
||||
f"/repos/{owner}/{repo}/statuses/{sha}",
|
||||
body=body,
|
||||
ok_codes=(201,),
|
||||
)
|
||||
if code not in (200, 201):
|
||||
raise RuntimeError(
|
||||
f"POST statuses/{sha} → HTTP {code}: {data!r}"
|
||||
)
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Config loader (PyYAML-free — config file is intentionally tiny + flat)
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
|
||||
def load_config(path: str) -> dict[str, Any]:
|
||||
"""Load .gitea/sop-checklist-config.yaml.
|
||||
|
||||
Uses PyYAML if available, otherwise falls back to a built-in
|
||||
minimal parser sufficient for our flat config shape. Bundling
|
||||
PyYAML on the runner is one apt install away but we avoid the
|
||||
dep by keeping the config shape constrained.
|
||||
"""
|
||||
try:
|
||||
import yaml # type: ignore[import-not-found]
|
||||
with open(path) as f:
|
||||
return yaml.safe_load(f)
|
||||
except ImportError:
|
||||
return _load_config_minimal(path)
|
||||
|
||||
|
||||
def _load_config_minimal(path: str) -> dict[str, Any]:
|
||||
"""Minimal YAML subset parser for our config shape.
|
||||
|
||||
Supports: top-level scalar:value, top-level map-of-map (e.g.
|
||||
tier_failure_mode), top-level list of maps (items:), and within an
|
||||
item map: scalars + lists of scalars. Does NOT support nested lists,
|
||||
YAML anchors, multi-doc, or flow style.
|
||||
"""
|
||||
with open(path) as f:
|
||||
lines = f.readlines()
|
||||
return _parse_minimal_yaml(lines)
|
||||
|
||||
|
||||
def _parse_minimal_yaml(lines: list[str]) -> dict[str, Any]: # noqa: C901
|
||||
"""Hand-rolled subset parser. See _load_config_minimal docstring."""
|
||||
# Strip comments + blank lines but preserve indentation.
|
||||
cleaned: list[tuple[int, str]] = []
|
||||
for raw in lines:
|
||||
# Don't strip a "#" that is inside a quoted value.
|
||||
body = raw.rstrip("\n")
|
||||
# Remove trailing comment.
|
||||
idx = body.find("#")
|
||||
if idx >= 0 and (idx == 0 or body[idx - 1] in " \t"):
|
||||
body = body[:idx].rstrip()
|
||||
if not body.strip():
|
||||
continue
|
||||
indent = len(body) - len(body.lstrip(" "))
|
||||
cleaned.append((indent, body.strip()))
|
||||
|
||||
root: dict[str, Any] = {}
|
||||
i = 0
|
||||
n = len(cleaned)
|
||||
|
||||
def parse_scalar(s: str) -> Any:
|
||||
s = s.strip()
|
||||
if s.startswith('"') and s.endswith('"'):
|
||||
return s[1:-1]
|
||||
if s.startswith("'") and s.endswith("'"):
|
||||
return s[1:-1]
|
||||
if s.lower() in ("true", "yes"):
|
||||
return True
|
||||
if s.lower() in ("false", "no"):
|
||||
return False
|
||||
try:
|
||||
return int(s)
|
||||
except ValueError:
|
||||
pass
|
||||
return s
|
||||
|
||||
def parse_inline_list(s: str) -> list[Any]:
|
||||
s = s.strip()
|
||||
if not (s.startswith("[") and s.endswith("]")):
|
||||
return [parse_scalar(s)]
|
||||
inner = s[1:-1]
|
||||
if not inner.strip():
|
||||
return []
|
||||
return [parse_scalar(x.strip()) for x in inner.split(",")]
|
||||
|
||||
while i < n:
|
||||
indent, line = cleaned[i]
|
||||
if indent != 0:
|
||||
i += 1
|
||||
continue
|
||||
if ":" not in line:
|
||||
i += 1
|
||||
continue
|
||||
key, _, rest = line.partition(":")
|
||||
key = key.strip()
|
||||
rest = rest.strip()
|
||||
if rest == "":
|
||||
# Block — could be map or list.
|
||||
i += 1
|
||||
# Look ahead for first child.
|
||||
if i < n and cleaned[i][1].startswith("- "):
|
||||
# List of items.
|
||||
items: list[Any] = []
|
||||
while i < n and cleaned[i][0] > indent and cleaned[i][1].startswith("- "):
|
||||
item_indent = cleaned[i][0]
|
||||
first_kv = cleaned[i][1][2:].strip() # strip "- "
|
||||
item: dict[str, Any] = {}
|
||||
if ":" in first_kv:
|
||||
k, _, v = first_kv.partition(":")
|
||||
k = k.strip()
|
||||
v = v.strip()
|
||||
if v == "":
|
||||
item[k] = ""
|
||||
elif v.startswith(">-") or v.startswith(">"):
|
||||
# Folded scalar continues on subsequent indented lines
|
||||
collected: list[str] = []
|
||||
i += 1
|
||||
while i < n and cleaned[i][0] > item_indent:
|
||||
collected.append(cleaned[i][1])
|
||||
i += 1
|
||||
item[k] = " ".join(collected)
|
||||
items.append(item)
|
||||
continue
|
||||
elif v.startswith("["):
|
||||
item[k] = parse_inline_list(v)
|
||||
else:
|
||||
item[k] = parse_scalar(v)
|
||||
i += 1
|
||||
# Subsequent k:v lines at deeper indent belong to this item.
|
||||
while i < n and cleaned[i][0] > item_indent and not cleaned[i][1].startswith("- "):
|
||||
sub_indent, sub_line = cleaned[i]
|
||||
if ":" in sub_line:
|
||||
k, _, v = sub_line.partition(":")
|
||||
k = k.strip()
|
||||
v = v.strip()
|
||||
if v == "":
|
||||
item[k] = ""
|
||||
i += 1
|
||||
elif v.startswith(">-") or v.startswith(">"):
|
||||
collected = []
|
||||
i += 1
|
||||
while i < n and cleaned[i][0] > sub_indent:
|
||||
collected.append(cleaned[i][1])
|
||||
i += 1
|
||||
item[k] = " ".join(collected)
|
||||
elif v.startswith("["):
|
||||
item[k] = parse_inline_list(v)
|
||||
i += 1
|
||||
else:
|
||||
item[k] = parse_scalar(v)
|
||||
i += 1
|
||||
else:
|
||||
i += 1
|
||||
items.append(item)
|
||||
root[key] = items
|
||||
else:
|
||||
# Sub-map.
|
||||
submap: dict[str, Any] = {}
|
||||
while i < n and cleaned[i][0] > indent:
|
||||
sub_indent, sub_line = cleaned[i]
|
||||
if ":" in sub_line:
|
||||
k, _, v = sub_line.partition(":")
|
||||
k = k.strip().strip('"').strip("'")
|
||||
v = v.strip()
|
||||
if v.startswith("[") and v.endswith("]"):
|
||||
submap[k] = parse_inline_list(v)
|
||||
else:
|
||||
submap[k] = parse_scalar(v)
|
||||
i += 1
|
||||
root[key] = submap
|
||||
else:
|
||||
# Inline scalar or list.
|
||||
if rest.startswith("[") and rest.endswith("]"):
|
||||
root[key] = parse_inline_list(rest)
|
||||
else:
|
||||
root[key] = parse_scalar(rest)
|
||||
i += 1
|
||||
return root
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Main entry point
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
|
||||
def render_status(
|
||||
items: list[dict[str, Any]],
|
||||
ack_state: dict[str, dict[str, Any]],
|
||||
body_state: dict[str, bool],
|
||||
) -> tuple[str, str]:
|
||||
"""Return (state, description) for the commit-status post.
|
||||
|
||||
state is "success" if every item has at least one valid ack
|
||||
(body section presence is informational only — peer-ack is the
|
||||
real gate). tier:low PRs receive state="success" (soft-fail — no
|
||||
acks required); the description carries "[info tier:low]" prefix.
|
||||
"""
|
||||
n = len(items)
|
||||
fully_acked = [
|
||||
it["slug"] for it in items if ack_state[it["slug"]]["ackers"]
|
||||
]
|
||||
missing = [
|
||||
it["slug"] for it in items if not ack_state[it["slug"]]["ackers"]
|
||||
]
|
||||
missing_body = [it["slug"] for it in items if not body_state.get(it["slug"], False)]
|
||||
|
||||
desc_parts = [f"acked: {len(fully_acked)}/{n}"]
|
||||
if missing:
|
||||
# Show up to 3 missing slugs to stay inside the 140-char budget.
|
||||
shown = ", ".join(missing[:3])
|
||||
if len(missing) > 3:
|
||||
shown += f", +{len(missing) - 3}"
|
||||
desc_parts.append(f"missing: {shown}")
|
||||
if missing_body:
|
||||
shown = ", ".join(missing_body[:3])
|
||||
if len(missing_body) > 3:
|
||||
shown += f", +{len(missing_body) - 3}"
|
||||
desc_parts.append(f"body-unfilled: {shown}")
|
||||
state = "success" if not missing and not missing_body else "failure"
|
||||
return state, " — ".join(desc_parts)
|
||||
|
||||
|
||||
def get_tier_mode(pr: dict[str, Any], cfg: dict[str, Any]) -> str:
|
||||
"""Read tier label, return 'hard' or 'soft' per cfg.tier_failure_mode."""
|
||||
labels = pr.get("labels") or []
|
||||
tier_labels = [l.get("name", "") for l in labels if (l.get("name", "") or "").startswith("tier:")]
|
||||
mode_map = cfg.get("tier_failure_mode") or {}
|
||||
default_mode = cfg.get("default_mode", "hard")
|
||||
for tl in tier_labels:
|
||||
if tl in mode_map:
|
||||
return mode_map[tl]
|
||||
return default_mode
|
||||
|
||||
|
||||
def main(argv: list[str] | None = None) -> int:
|
||||
p = argparse.ArgumentParser()
|
||||
p.add_argument("--owner", required=True)
|
||||
p.add_argument("--repo", required=True)
|
||||
p.add_argument("--pr", type=int, required=True)
|
||||
p.add_argument("--config", default=".gitea/sop-checklist-config.yaml")
|
||||
p.add_argument("--gitea-host", default="git.moleculesai.app")
|
||||
p.add_argument(
|
||||
"--dry-run",
|
||||
action="store_true",
|
||||
help="Compute state but do not POST the status.",
|
||||
)
|
||||
p.add_argument(
|
||||
"--status-context",
|
||||
default="sop-checklist / all-items-acked (pull_request)",
|
||||
)
|
||||
p.add_argument(
|
||||
"--exit-on-state",
|
||||
action="store_true",
|
||||
help=(
|
||||
"If set, exit non-zero when state=failure. Default OFF so the "
|
||||
"job-level conclusion is independent of ack-state — the only "
|
||||
"thing BP sees is the POSTed status. Useful for local debugging."
|
||||
),
|
||||
)
|
||||
args = p.parse_args(argv)
|
||||
|
||||
token = os.environ.get("GITEA_TOKEN", "")
|
||||
if not token and not args.dry_run:
|
||||
print("::error::GITEA_TOKEN env required", file=sys.stderr)
|
||||
return 2
|
||||
|
||||
cfg = load_config(args.config)
|
||||
items: list[dict[str, Any]] = cfg["items"]
|
||||
items_by_slug = {it["slug"]: it for it in items}
|
||||
numeric_aliases = {
|
||||
int(it["numeric_alias"]): it["slug"] for it in items if it.get("numeric_alias")
|
||||
}
|
||||
|
||||
client = GiteaClient(args.gitea_host, token) if token else None
|
||||
if not client:
|
||||
print("::error::No client (dry-run without token has nothing to do)", file=sys.stderr)
|
||||
return 2
|
||||
|
||||
pr = client.get_pr(args.owner, args.repo, args.pr)
|
||||
if pr.get("state") != "open":
|
||||
print(f"::notice::PR #{args.pr} is {pr.get('state')} — gate is a no-op")
|
||||
return 0
|
||||
|
||||
author = (pr.get("user") or {}).get("login", "")
|
||||
head_sha = (pr.get("head") or {}).get("sha", "")
|
||||
body = pr.get("body", "") or ""
|
||||
|
||||
if not author or not head_sha:
|
||||
print("::error::PR payload missing user.login or head.sha", file=sys.stderr)
|
||||
return 1
|
||||
|
||||
comments = client.get_issue_comments(args.owner, args.repo, args.pr)
|
||||
|
||||
# Build team-membership probe closure that caches results per
|
||||
# (user, team-id) so a user acking multiple items only triggers
|
||||
# one membership lookup per team.
|
||||
team_member_cache: dict[tuple[str, int], bool | None] = {}
|
||||
|
||||
def probe(slug: str, users: list[str]) -> list[str]:
|
||||
item = items_by_slug[slug]
|
||||
team_names: list[str] = item["required_teams"]
|
||||
# Resolve names → ids. NOTE: orgs/{org}/teams/search may not be
|
||||
# available — fall back to the list endpoint.
|
||||
team_ids: list[int] = []
|
||||
for tn in team_names:
|
||||
tid = client.resolve_team_id(args.owner, tn)
|
||||
if tid is None:
|
||||
# Try the list endpoint as a fallback.
|
||||
code, data = client._req( # noqa: SLF001
|
||||
"GET", f"/orgs/{args.owner}/teams"
|
||||
)
|
||||
if code == 200 and isinstance(data, list):
|
||||
for t in data:
|
||||
if t.get("name") == tn:
|
||||
tid = t.get("id")
|
||||
client._team_id_cache[(args.owner, tn)] = tid # noqa: SLF001
|
||||
break
|
||||
if tid is not None:
|
||||
team_ids.append(tid)
|
||||
else:
|
||||
print(
|
||||
f"::warning::could not resolve team-id for '{tn}' "
|
||||
f"in org '{args.owner}' — item '{slug}' will fail closed",
|
||||
file=sys.stderr,
|
||||
)
|
||||
approved: list[str] = []
|
||||
for u in users:
|
||||
for tid in team_ids:
|
||||
cache_key = (u, tid)
|
||||
if cache_key not in team_member_cache:
|
||||
team_member_cache[cache_key] = client.is_team_member(tid, u)
|
||||
result = team_member_cache[cache_key]
|
||||
if result is True:
|
||||
approved.append(u)
|
||||
break
|
||||
if result is None:
|
||||
print(
|
||||
f"::warning::team-probe for {u} in team-id {tid} returned 403 "
|
||||
"(token owner not in that team — fail-closed per RFC#324)",
|
||||
file=sys.stderr,
|
||||
)
|
||||
# Treat as not-in-team for this user/team pair; loop
|
||||
# may still find membership in another team.
|
||||
return approved
|
||||
|
||||
ack_state = compute_ack_state(comments, author, items_by_slug, numeric_aliases, probe)
|
||||
body_state = {it["slug"]: section_marker_present(body, it["pr_section_marker"]) for it in items}
|
||||
|
||||
state, description = render_status(items, ack_state, body_state)
|
||||
mode = get_tier_mode(pr, cfg)
|
||||
if mode == "soft":
|
||||
# tier:low: acks are informational only — post success so BP gate passes.
|
||||
# Description carries "[info tier:low]" prefix so reviewers know acks
|
||||
# were not required (vs a tier:medium+ PR that truly passed all acks).
|
||||
state = "success"
|
||||
description = f"[info tier:low] {description}"
|
||||
|
||||
# Diagnostics to job log.
|
||||
print(f"::notice::PR #{args.pr} author={author} head={head_sha[:7]} mode={mode}")
|
||||
for it in items:
|
||||
slug = it["slug"]
|
||||
ackers = ack_state[slug]["ackers"]
|
||||
if ackers:
|
||||
print(f"::notice:: [PASS] {slug} — acked by {','.join(ackers)}")
|
||||
else:
|
||||
r = ack_state[slug]["rejected"]
|
||||
extras: list[str] = []
|
||||
if r["self_ack"]:
|
||||
extras.append(f"self-acks-rejected:{','.join(r['self_ack'])}")
|
||||
if r["not_in_team"]:
|
||||
extras.append(f"not-in-team:{','.join(r['not_in_team'])}")
|
||||
extra = " (" + "; ".join(extras) + ")" if extras else ""
|
||||
print(f"::notice:: [WAIT] {slug} — no valid peer-ack yet{extra}")
|
||||
|
||||
print(f"::notice::posting status: state={state} desc={description!r}")
|
||||
|
||||
if args.dry_run:
|
||||
print("::notice::--dry-run: not posting status")
|
||||
if args.exit_on_state:
|
||||
return 0 if state in ("success", "pending") else 1
|
||||
return 0
|
||||
|
||||
target_url = f"https://{args.gitea_host}/{args.owner}/{args.repo}/pulls/{args.pr}"
|
||||
client.post_status(
|
||||
args.owner, args.repo, head_sha,
|
||||
state=state, context=args.status_context,
|
||||
description=description, target_url=target_url,
|
||||
)
|
||||
print(f"::notice::status posted: {args.status_context} → {state}")
|
||||
# By default exit 0 — the POSTed status IS the gate, NOT the job
|
||||
# conclusion. If the job exits 1 BP will see TWO failure signals
|
||||
# (one from the job's auto-status, one from our POST), making the
|
||||
# description less actionable. --exit-on-state restores the old
|
||||
# behavior for local debugging.
|
||||
if args.exit_on_state:
|
||||
return 0 if state in ("success", "pending") else 1
|
||||
return 0
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
sys.exit(main())
|
||||
@@ -1,109 +0,0 @@
|
||||
# SOP-Checklist gate — per-item required reviewer teams.
|
||||
#
|
||||
# RFC#351 v1 starter set. Each item lists:
|
||||
# slug — canonical kebab-case form used in /sop-ack <slug>
|
||||
# pr_section_marker — substring matched in the PR body to detect that
|
||||
# the author filled in this item (case-insensitive)
|
||||
# required_teams — list of Gitea team names; an ack from ANY one of
|
||||
# these teams (logical OR) satisfies the item.
|
||||
# Membership is probed at gate-time via
|
||||
# GET /api/v1/teams/{id}/members/{login}.
|
||||
# Team-id resolution happens at script start via
|
||||
# GET /api/v1/orgs/{org}/teams (cheap, one call).
|
||||
# numeric_alias — 1..7; lets reviewers type `/sop-ack 3` as a
|
||||
# shortcut for `/sop-ack staging-smoke`.
|
||||
#
|
||||
# WHY THESE TEAM MAPPINGS:
|
||||
# The RFC table referenced persona-role names like `core-qa`,
|
||||
# `core-be`, `core-devops` — these are individual Gitea user logins,
|
||||
# not teams. The Gitea team-membership API is /teams/{id}/members/{u},
|
||||
# so we need actual teams. Orchestrator preflight 2026-05-12 verified
|
||||
# only these teams exist on molecule-ai: ceo(5), engineers(2),
|
||||
# managers(6), qa(20), security(21), Owners(1), and bot teams. We
|
||||
# map the RFC roles to the closest existing team and surface the
|
||||
# mapping explicitly so it's reviewable.
|
||||
#
|
||||
# HOW TO EDIT:
|
||||
# - Tightening: replace `engineers` with a smaller team after creating
|
||||
# it (e.g. a new `senior-engineers` team if needed).
|
||||
# - Loosening: add another team to required_teams (OR semantics).
|
||||
# - Add an item: append to items list and document the slug below.
|
||||
#
|
||||
# AUTHOR SELF-ACK IS FORBIDDEN regardless of which team contains them
|
||||
# — the gate script enforces commenter != PR author before checking
|
||||
# team membership.
|
||||
|
||||
version: 1
|
||||
|
||||
# Tier-aware failure mode (RFC#351 open question 2):
|
||||
# For tier:high — hard-fail (status `failure`, blocks merge via BP).
|
||||
# For tier:medium — hard-fail (same as high; medium is non-trivial).
|
||||
# For tier:low — soft-fail (status `pending` with `acked: N/M` in the
|
||||
# description). BP can choose to require the context
|
||||
# or not for low-tier PRs.
|
||||
# If no tier label is present, default to medium (hard-fail) — every PR
|
||||
# should have a tier label per sop-tier-check, and absence indicates
|
||||
# a missing-tier defect we should surface, not silently lower the bar.
|
||||
tier_failure_mode:
|
||||
"tier:high": hard
|
||||
"tier:medium": hard
|
||||
"tier:low": soft
|
||||
default_mode: hard # used when no tier:* label is present
|
||||
|
||||
items:
|
||||
- slug: comprehensive-testing
|
||||
numeric_alias: 1
|
||||
pr_section_marker: "Comprehensive testing performed"
|
||||
required_teams: [qa, engineers]
|
||||
description: >-
|
||||
What was tested, how, edge cases covered. Ack from any qa-team
|
||||
member (or engineers fallback while qa is small).
|
||||
|
||||
- slug: local-postgres-e2e
|
||||
numeric_alias: 2
|
||||
pr_section_marker: "Local-postgres E2E run"
|
||||
required_teams: [engineers]
|
||||
description: >-
|
||||
Link to local CI artifact, or "N/A: pure-frontend change". Ack
|
||||
from any engineer who can verify the local DB test actually ran.
|
||||
|
||||
- slug: staging-smoke
|
||||
numeric_alias: 3
|
||||
pr_section_marker: "Staging-smoke verified or pending"
|
||||
required_teams: [engineers]
|
||||
description: >-
|
||||
Link to canary run, or "scheduled post-merge". Ack from any
|
||||
engineer (core-devops/infra-sre are members of engineers team).
|
||||
|
||||
- slug: root-cause
|
||||
numeric_alias: 4
|
||||
pr_section_marker: "Root-cause not symptom"
|
||||
required_teams: [managers, ceo]
|
||||
description: >-
|
||||
One-sentence root-cause statement. Ack from managers tier
|
||||
(team-leads) or ceo. Senior judgment required to attest
|
||||
root-cause-versus-symptom.
|
||||
|
||||
- slug: five-axis-review
|
||||
numeric_alias: 5
|
||||
pr_section_marker: "Five-Axis review walked"
|
||||
required_teams: [engineers]
|
||||
description: >-
|
||||
Correctness / readability / architecture / security / performance.
|
||||
Ack from any non-author engineer.
|
||||
|
||||
- slug: no-backwards-compat
|
||||
numeric_alias: 6
|
||||
pr_section_marker: "No backwards-compat shim / dead code added"
|
||||
required_teams: [managers, ceo]
|
||||
description: >-
|
||||
Yes/no + justification if no. Senior ack required because
|
||||
backward-compat shims are how dead-code accretes.
|
||||
|
||||
- slug: memory-consulted
|
||||
numeric_alias: 7
|
||||
pr_section_marker: "Memory/saved-feedback consulted"
|
||||
required_teams: [engineers]
|
||||
description: >-
|
||||
List of feedback memories applicable to this change. Ack from
|
||||
any engineer who has the same memory access.
|
||||
@@ -52,10 +52,7 @@ jobs:
|
||||
# Declared here rather than fetched from /branch_protections
|
||||
# because that endpoint requires admin write — sop-tier-bot is
|
||||
# read-only by design (least-privilege).
|
||||
#
|
||||
# staging branch protection (§F3a/F3b, mc#798): only
|
||||
# sop-checklist / all-items-acked is required. Unlike main,
|
||||
# staging does not require sop-tier-check or Secret scan.
|
||||
REQUIRED_CHECKS: |
|
||||
sop-checklist / all-items-acked (pull_request)
|
||||
sop-tier-check / tier-check (pull_request)
|
||||
Secret scan / Scan diff for credential-shaped strings (pull_request)
|
||||
run: bash .gitea/scripts/audit-force-merge.sh
|
||||
|
||||
@@ -1,599 +0,0 @@
|
||||
# Ported from .github/workflows/ci.yml on 2026-05-11 per RFC internal#219 §1.
|
||||
# continue-on-error: true on every job; follow-up PR will flip required after
|
||||
# surfaced bugs are fixed (per RFC §1 — "surface broken workflows without
|
||||
# blocking"). The four-surface migration audit
|
||||
# (feedback_gitea_actions_migration_audit_pattern) was performed against this
|
||||
# port:
|
||||
#
|
||||
# 1. YAML — dropped `merge_group` trigger (no Gitea merge queue); no
|
||||
# `workflow_dispatch.inputs` to drop (Gitea 1.22.6 rejects those —
|
||||
# feedback_gitea_workflow_dispatch_inputs_unsupported); no `environment:`
|
||||
# blocks; kept `runs-on: ubuntu-latest` (Gitea runner pool advertises
|
||||
# this label per agent_labels in action_runner table). Workflow-level
|
||||
# env.GITHUB_SERVER_URL set as belt-and-suspenders against runner
|
||||
# defaults (feedback_act_runner_github_server_url).
|
||||
#
|
||||
# 2. Cache — `actions/upload-artifact@v3.2.2` was already pinned to v3 for
|
||||
# Gitea act_runner v0.6 compatibility (a comment in the original called
|
||||
# this out). v4+ is incompatible with Gitea 1.22.x. No `actions/cache`
|
||||
# usage to audit. `actions/setup-python@v6` `cache: pip` is left in
|
||||
# place — works against Gitea's built-in cache server when runner.cache
|
||||
# is configured (currently is, /opt/molecule/runners/config.yaml).
|
||||
#
|
||||
# 3. Token — workflow uses no custom dispatch tokens. The auto-injected
|
||||
# `GITHUB_TOKEN` (which Gitea aliases to a runner-scoped token) is
|
||||
# sufficient for `actions/checkout` against this same repo.
|
||||
#
|
||||
# 4. Docs — no docs/scripts reference github.com URLs that need swapping.
|
||||
# The canvas-deploy-reminder step writes a `ghcr.io/...` image
|
||||
# reference into the step summary text — that's documentation prose
|
||||
# pointing at the ECR-mirrored canvas image and stays unchanged for
|
||||
# this port (a separate cleanup if ghcr→ECR sweep is in scope).
|
||||
#
|
||||
# Cross-links:
|
||||
# - RFC: internal#219 (CI/CD hard-gate hardening)
|
||||
# - Reference port style: molecule-controlplane/.gitea/workflows/ci.yml
|
||||
# - Bugs that may surface immediately and are tracked separately:
|
||||
# internal#214 (Go-side vanity-import / go.sum drift, if any)
|
||||
# - Phase 4 (this PR's follow-up): flip `continue-on-error: false` once
|
||||
# surfaced defects are fixed, then add `all-required` aggregator
|
||||
# sentinel (RFC §2) and PATCH branch protection (Phase 4 scope).
|
||||
|
||||
name: CI
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [main, staging]
|
||||
pull_request:
|
||||
branches: [main, staging]
|
||||
# `merge_group` (GitHub merge-queue trigger) dropped — Gitea has no merge
|
||||
# queue. The .github/ original retains it; this Gitea-side copy drops it.
|
||||
|
||||
# Cancel in-progress CI runs when a new commit arrives on the same ref.
|
||||
# Stale runs queue up otherwise. PR refs and main/staging refs each get
|
||||
# their own group because github.ref differs.
|
||||
concurrency:
|
||||
group: ci-${{ github.ref }}
|
||||
cancel-in-progress: true
|
||||
|
||||
env:
|
||||
# Belt-and-suspenders against the runner-default trap
|
||||
# (feedback_act_runner_github_server_url). Runners are configured with
|
||||
# this env via /opt/molecule/runners/config.yaml runner.envs, but pinning
|
||||
# at the workflow level protects against a runner regenerated without
|
||||
# the config file (feedback_act_runner_needs_config_file_env).
|
||||
GITHUB_SERVER_URL: https://git.moleculesai.app
|
||||
|
||||
jobs:
|
||||
# Detect which paths changed so downstream jobs can skip when only
|
||||
# docs/markdown files were modified.
|
||||
changes:
|
||||
name: Detect changes
|
||||
runs-on: ubuntu-latest
|
||||
# Phase 4 (RFC #219 §1): all required jobs >=98% green on main.
|
||||
# Flip confirmed 2026-05-12 via combined-status check of latest main
|
||||
# commit (all CI jobs green). `all-required` sentinel hard-fails
|
||||
# when this job fails; no Phase 3 suppression needed.
|
||||
# revert: add `continue-on-error: true` back if regressions appear.
|
||||
continue-on-error: false
|
||||
outputs:
|
||||
platform: ${{ steps.check.outputs.platform }}
|
||||
canvas: ${{ steps.check.outputs.canvas }}
|
||||
python: ${{ steps.check.outputs.python }}
|
||||
scripts: ${{ steps.check.outputs.scripts }}
|
||||
steps:
|
||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- id: check
|
||||
run: |
|
||||
# For PR events: diff against the base branch (not HEAD~1 of the branch,
|
||||
# which may be unrelated after force-pushes). When a push updates a PR,
|
||||
# both pull_request and push events fire — prefer the PR base so that
|
||||
# the diff is always computed against the actual merge base, not the
|
||||
# previous SHA on the branch which may be on a different history line.
|
||||
BASE="${GITHUB_BASE_REF:-${{ github.event.before }}}"
|
||||
# GITHUB_BASE_REF is set for PR events (the base branch name).
|
||||
# For pull_request events we use the stored base.sha; for push events
|
||||
# (or when base.sha is unavailable) fall back to github.event.before.
|
||||
if [ "${{ github.event_name }}" = "pull_request" ] && [ -n "${{ github.event.pull_request.base.sha }}" ]; then
|
||||
BASE="${{ github.event.pull_request.base.sha }}"
|
||||
fi
|
||||
# Fallback: if BASE is empty or all zeros (new branch), run everything
|
||||
if [ -z "$BASE" ] || echo "$BASE" | grep -qE '^0+$'; then
|
||||
echo "platform=true" >> "$GITHUB_OUTPUT"
|
||||
echo "canvas=true" >> "$GITHUB_OUTPUT"
|
||||
echo "python=true" >> "$GITHUB_OUTPUT"
|
||||
echo "scripts=true" >> "$GITHUB_OUTPUT"
|
||||
exit 0
|
||||
fi
|
||||
# Both .github/workflows/ci.yml AND .gitea/workflows/ci.yml count
|
||||
# as "this workflow changed" — either edit should force-run every
|
||||
# downstream job. The Gitea port follows the same shape as the
|
||||
# GitHub original so behavior matches when triggered on either
|
||||
# platform.
|
||||
DIFF=$(git diff --name-only "$BASE" HEAD 2>/dev/null || echo ".gitea/workflows/ci.yml")
|
||||
echo "platform=$(echo "$DIFF" | grep -qE '^workspace-server/|^\.gitea/workflows/ci\.yml$|^\.github/workflows/ci\.yml$' && echo true || echo false)" >> "$GITHUB_OUTPUT"
|
||||
echo "canvas=$(echo "$DIFF" | grep -qE '^canvas/|^\.gitea/workflows/ci\.yml$|^\.github/workflows/ci\.yml$' && echo true || echo false)" >> "$GITHUB_OUTPUT"
|
||||
echo "python=$(echo "$DIFF" | grep -qE '^workspace/|^\.gitea/workflows/ci\.yml$|^\.github/workflows/ci\.yml$' && echo true || echo false)" >> "$GITHUB_OUTPUT"
|
||||
echo "scripts=$(echo "$DIFF" | grep -qE '^tests/e2e/|^scripts/|^infra/scripts/|^\.gitea/workflows/ci\.yml$|^\.github/workflows/ci\.yml$' && echo true || echo false)" >> "$GITHUB_OUTPUT"
|
||||
|
||||
# Platform (Go) — Go build/vet/test/lint + coverage gates. The always-run
|
||||
# + per-step gating shape preserves the GitHub-side required-check name
|
||||
# contract (so when this Gitea port becomes a required check in Phase 4,
|
||||
# the name match works on PRs that don't touch workspace-server/).
|
||||
platform-build:
|
||||
name: Platform (Go)
|
||||
needs: changes
|
||||
runs-on: ubuntu-latest
|
||||
# mc#774 (interim): re-mask platform-build pending fix-forward. Phase 4
|
||||
# (#656) flipped this to continue-on-error: false based on a Phase-3-masked
|
||||
# "green on main 2026-05-12" — the prior continue-on-error: true had
|
||||
# been hiding failing tests in workspace-server/internal/handlers/.
|
||||
# Two distinct failure classes surfaced on 0e5152c3:
|
||||
# (1) 4x delegation_test.go (lines 1110/1176/1228/1271): helpers
|
||||
# expectExecuteDelegationBase/Success/Failed are missing sqlmock
|
||||
# expectations for queries production has issued since ~2026-04-21
|
||||
# (last_outbound_at UPDATE, lookupDeliveryMode/Runtime SELECTs,
|
||||
# a2a_receive INSERT activity_logs, recordLedgerStatus writes).
|
||||
# Halt cond #3 applies (regression > 7 days → broader sweep).
|
||||
# (2) 1x mcp_test.go:433 (TestMCPHandler_CommitMemory_GlobalScope_Blocked):
|
||||
# commit 7d1a189f (2026-05-10) hardened mcp.go to scrub err.Error()
|
||||
# from JSON-RPC responses (OFFSEC-001), but the test asserts the
|
||||
# error message contains "GLOBAL". Production-vs-test contract
|
||||
# collision — needs design call, not mock update.
|
||||
# Time-boxed Option A (90 min) did not fit the cross-cutting scope.
|
||||
# This is a sequenced revert→fix→reflip per
|
||||
# feedback_strict_root_only_after_class_a emergency clause — NOT
|
||||
# a permanent re-mask. Re-flip blocked on mc#774 fix-forward landing.
|
||||
# Other 4 #656 flips (changes, canvas-build, shellcheck, python-lint)
|
||||
# retain continue-on-error: false; only platform-build regresses.
|
||||
# mc#774: pre-existing continue-on-error mask; root-fix and remove, do not renew silently.
|
||||
continue-on-error: true # mc#774 fix-forward in flight; re-flip when mc#774 lands (PR #669 → rebase after #709)
|
||||
defaults:
|
||||
run:
|
||||
working-directory: workspace-server
|
||||
steps:
|
||||
- if: needs.changes.outputs.platform != 'true'
|
||||
working-directory: .
|
||||
run: echo "No platform/** changes — skipping real build steps; this job always runs to satisfy the required-check name on branch protection."
|
||||
- if: needs.changes.outputs.platform == 'true'
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
- if: needs.changes.outputs.platform == 'true'
|
||||
uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5
|
||||
with:
|
||||
go-version: 'stable'
|
||||
- if: needs.changes.outputs.platform == 'true'
|
||||
run: go mod download
|
||||
- if: needs.changes.outputs.platform == 'true'
|
||||
run: go build ./cmd/server
|
||||
# CLI (molecli) moved to standalone repo: git.moleculesai.app/molecule-ai/molecule-cli
|
||||
- if: needs.changes.outputs.platform == 'true'
|
||||
run: go vet ./...
|
||||
- if: needs.changes.outputs.platform == 'true'
|
||||
name: Install golangci-lint
|
||||
run: go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.12.2
|
||||
- if: needs.changes.outputs.platform == 'true'
|
||||
name: Run golangci-lint
|
||||
run: $(go env GOPATH)/bin/golangci-lint run --timeout 3m ./...
|
||||
- if: needs.changes.outputs.platform == 'true'
|
||||
name: Diagnostic — per-package verbose 60s
|
||||
run: |
|
||||
set +e
|
||||
go test -race -v -timeout 60s ./internal/handlers/... 2>&1 | tee /tmp/test-handlers.log
|
||||
handlers_exit=$?
|
||||
go test -race -v -timeout 60s ./internal/pendinguploads/... 2>&1 | tee /tmp/test-pu.log
|
||||
pu_exit=$?
|
||||
echo "::group::handlers exit=$handlers_exit (last 100 lines)"
|
||||
tail -100 /tmp/test-handlers.log
|
||||
echo "::endgroup::"
|
||||
echo "::group::pendinguploads exit=$pu_exit (last 100 lines)"
|
||||
tail -100 /tmp/test-pu.log
|
||||
echo "::endgroup::"
|
||||
# mc#774: pre-existing continue-on-error mask; root-fix and remove, do not renew silently.
|
||||
continue-on-error: true
|
||||
- if: needs.changes.outputs.platform == 'true'
|
||||
name: Run tests with race detection and coverage
|
||||
run: go test -race -coverprofile=coverage.out ./...
|
||||
|
||||
- if: needs.changes.outputs.platform == 'true'
|
||||
name: Per-file coverage report
|
||||
# Advisory — lists every source file with its coverage so reviewers
|
||||
# can see at-a-glance where gaps are. Sorted ascending so the worst
|
||||
# offenders float to the top. Does NOT fail the build; the hard
|
||||
# gate is the threshold check below. (#1823)
|
||||
run: |
|
||||
echo "=== Per-file coverage (worst first) ==="
|
||||
go tool cover -func=coverage.out \
|
||||
| grep -v '^total:' \
|
||||
| awk '{file=$1; sub(/:[0-9][0-9.]*:.*/, "", file); pct=$NF; gsub(/%/,"",pct); s[file]+=pct; c[file]++}
|
||||
END {for (f in s) printf "%6.1f%% %s\n", s[f]/c[f], f}' \
|
||||
| sort -n
|
||||
|
||||
- if: needs.changes.outputs.platform == 'true'
|
||||
name: Check coverage thresholds
|
||||
# Enforces two gates from #1823 Layer 1:
|
||||
# 1. Total floor (25% — ratchet plan in COVERAGE_FLOOR.md).
|
||||
# 2. Per-file floor — non-test .go files in security-critical
|
||||
# paths with coverage <10% fail the build, UNLESS the file
|
||||
# path is listed in .coverage-allowlist.txt (acknowledged
|
||||
# historical debt with a tracking issue + expiry).
|
||||
run: |
|
||||
set -e
|
||||
TOTAL_FLOOR=25
|
||||
# Security-critical paths where a 0%-coverage file is a real risk.
|
||||
CRITICAL_PATHS=(
|
||||
"internal/handlers/tokens"
|
||||
"internal/handlers/workspace_provision"
|
||||
"internal/handlers/a2a_proxy"
|
||||
"internal/handlers/registry"
|
||||
"internal/handlers/secrets"
|
||||
"internal/middleware/wsauth"
|
||||
"internal/crypto"
|
||||
)
|
||||
|
||||
TOTAL=$(go tool cover -func=coverage.out | grep '^total:' | awk '{print $3}' | sed 's/%//')
|
||||
echo "Total coverage: ${TOTAL}%"
|
||||
if awk "BEGIN{exit !($TOTAL < $TOTAL_FLOOR)}"; then
|
||||
echo "::error::Total coverage ${TOTAL}% is below the ${TOTAL_FLOOR}% floor. See COVERAGE_FLOOR.md for ratchet plan."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Aggregate per-file coverage → /tmp/perfile.txt: "<fullpath> <pct>"
|
||||
go tool cover -func=coverage.out \
|
||||
| grep -v '^total:' \
|
||||
| awk '{file=$1; sub(/:[0-9][0-9.]*:.*/, "", file); pct=$NF; gsub(/%/,"",pct); s[file]+=pct; c[file]++}
|
||||
END {for (f in s) printf "%s %.1f\n", f, s[f]/c[f]}' \
|
||||
> /tmp/perfile.txt
|
||||
|
||||
# Build allowlist — paths relative to workspace-server, one per line.
|
||||
# Lines starting with # are comments.
|
||||
ALLOWLIST=""
|
||||
if [ -f ../.coverage-allowlist.txt ]; then
|
||||
ALLOWLIST=$(grep -vE '^(#|[[:space:]]*$)' ../.coverage-allowlist.txt || true)
|
||||
fi
|
||||
|
||||
FAILED=0
|
||||
WARNED=0
|
||||
for path in "${CRITICAL_PATHS[@]}"; do
|
||||
while read -r file pct; do
|
||||
[[ "$file" == *_test.go ]] && continue
|
||||
[[ "$file" == *"$path"* ]] || continue
|
||||
awk "BEGIN{exit !($pct < 10)}" || continue
|
||||
|
||||
# Strip the package-import prefix so we can match .coverage-allowlist.txt
|
||||
# entries written as paths relative to workspace-server/.
|
||||
# Handle both module paths: platform/workspace-server/... and platform/...
|
||||
rel=$(echo "$file" | sed 's|^github.com/molecule-ai/molecule-monorepo/platform/workspace-server/||; s|^github.com/molecule-ai/molecule-monorepo/platform/||')
|
||||
|
||||
if echo "$ALLOWLIST" | grep -qxF "$rel"; then
|
||||
echo "::warning file=workspace-server/$rel::Critical file at ${pct}% coverage (allowlisted, #1823) — fix before expiry."
|
||||
WARNED=$((WARNED+1))
|
||||
else
|
||||
echo "::error file=workspace-server/$rel::Critical file at ${pct}% coverage — must be >=10% (target 80%). See #1823. To acknowledge as known debt, add this path to .coverage-allowlist.txt."
|
||||
FAILED=$((FAILED+1))
|
||||
fi
|
||||
done < /tmp/perfile.txt
|
||||
done
|
||||
|
||||
echo ""
|
||||
echo "Critical-path check: $FAILED new failures, $WARNED allowlisted warnings."
|
||||
|
||||
if [ "$FAILED" -gt 0 ]; then
|
||||
echo ""
|
||||
echo "$FAILED security-critical file(s) have <10% test coverage and are"
|
||||
echo "NOT in the allowlist. These paths handle auth, tokens, secrets, or"
|
||||
echo "workspace provisioning — a 0% file here is the exact gap that let"
|
||||
echo "CWE-22, CWE-78, KI-005 slip through in past incidents. Either:"
|
||||
echo " (a) add tests to raise coverage above 10%, or"
|
||||
echo " (b) add the path to .coverage-allowlist.txt with an expiry date"
|
||||
echo " and a tracking issue reference."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Canvas (Next.js) — required check, always runs. Same always-run +
|
||||
# per-step gating shape as platform-build. The two-job-sharing-name
|
||||
# pattern attempted in PR #2321 doesn't satisfy branch protection
|
||||
# (SKIPPED siblings count as not-passed regardless of SUCCESS
|
||||
# siblings — verified empirically on PR #2314).
|
||||
canvas-build:
|
||||
name: Canvas (Next.js)
|
||||
needs: changes
|
||||
runs-on: ubuntu-latest
|
||||
# Phase 4 (RFC #219 §1): confirmed green on main 2026-05-12.
|
||||
continue-on-error: false
|
||||
defaults:
|
||||
run:
|
||||
working-directory: canvas
|
||||
steps:
|
||||
- if: needs.changes.outputs.canvas != 'true'
|
||||
working-directory: .
|
||||
run: echo "No canvas/** changes — skipping real build steps; this job always runs to satisfy the required-check name on branch protection."
|
||||
- if: needs.changes.outputs.canvas == 'true'
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
- if: needs.changes.outputs.canvas == 'true'
|
||||
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
|
||||
with:
|
||||
node-version: '22'
|
||||
- if: needs.changes.outputs.canvas == 'true'
|
||||
run: rm -f package-lock.json && npm install
|
||||
- if: needs.changes.outputs.canvas == 'true'
|
||||
run: npm run build
|
||||
- if: needs.changes.outputs.canvas == 'true'
|
||||
name: Run tests with coverage
|
||||
# Coverage instrumentation is configured in canvas/vitest.config.ts
|
||||
# (provider: v8, reporters: text + html + json-summary). Step 2 of
|
||||
# #1815 — wires coverage into CI so we get a baseline visible on
|
||||
# every PR. No threshold gate yet; thresholds dial in (Step 3, also
|
||||
# tracked in #1815) after the team sees what current coverage is.
|
||||
run: npx vitest run --coverage
|
||||
- name: Upload coverage summary as artifact
|
||||
if: needs.changes.outputs.canvas == 'true' && always()
|
||||
# Pinned to v3 for Gitea act_runner v0.6 compatibility — v4+ uses
|
||||
# the GHES 3.10+ artifact protocol that Gitea 1.22.x does NOT
|
||||
# implement, surfacing as `GHESNotSupportedError: @actions/artifact
|
||||
# v2.0.0+, upload-artifact@v4+ and download-artifact@v4+ are not
|
||||
# currently supported on GHES`. Drop this pin when Gitea ships
|
||||
# the v4 protocol (tracked: post-Gitea-1.23 followup).
|
||||
uses: actions/upload-artifact@c6a366c94c3e0affe28c06c8df20a878f24da3cf # v3.2.2
|
||||
with:
|
||||
name: canvas-coverage-${{ github.run_id }}
|
||||
path: canvas/coverage/
|
||||
retention-days: 7
|
||||
if-no-files-found: warn
|
||||
|
||||
# Shellcheck (E2E scripts) — required check, always runs.
|
||||
shellcheck:
|
||||
name: Shellcheck (E2E scripts)
|
||||
needs: changes
|
||||
runs-on: ubuntu-latest
|
||||
# Phase 4 (RFC #219 §1): confirmed green on main 2026-05-12.
|
||||
continue-on-error: false
|
||||
steps:
|
||||
- if: needs.changes.outputs.scripts != 'true'
|
||||
run: echo "No tests/e2e/ or infra/scripts/ changes — skipping real shellcheck; this job always runs to satisfy the required-check name on branch protection."
|
||||
- if: needs.changes.outputs.scripts == 'true'
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
- if: needs.changes.outputs.scripts == 'true'
|
||||
name: Run shellcheck on tests/e2e/*.sh and infra/scripts/*.sh
|
||||
# shellcheck is pre-installed on ubuntu-latest runners (via apt).
|
||||
# infra/scripts/ is included because setup.sh + nuke.sh gate the
|
||||
# README quickstart — a shellcheck regression there silently breaks
|
||||
# new-user onboarding. scripts/ is intentionally excluded until its
|
||||
# pre-existing SC3040/SC3043 warnings are cleaned up.
|
||||
run: |
|
||||
find tests/e2e infra/scripts -type f -name '*.sh' -print0 \
|
||||
| xargs -0 shellcheck --severity=warning
|
||||
|
||||
- if: needs.changes.outputs.scripts == 'true'
|
||||
name: Lint cleanup-trap hygiene (RFC #2873)
|
||||
run: bash tests/e2e/lint_cleanup_traps.sh
|
||||
|
||||
- if: needs.changes.outputs.scripts == 'true'
|
||||
name: Run E2E bash unit tests (no live infra)
|
||||
run: |
|
||||
bash tests/e2e/test_model_slug.sh
|
||||
|
||||
canvas-deploy-reminder:
|
||||
name: Canvas Deploy Reminder
|
||||
runs-on: ubuntu-latest
|
||||
# mc#774: pre-existing continue-on-error mask; root-fix and remove, do not renew silently.
|
||||
continue-on-error: true
|
||||
needs: [changes, canvas-build]
|
||||
# Only fires on direct pushes to main (i.e. after staging→main promotion).
|
||||
if: needs.changes.outputs.canvas == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/main'
|
||||
steps:
|
||||
- name: Write deploy reminder to step summary
|
||||
env:
|
||||
COMMIT_SHA: ${{ github.sha }}
|
||||
# github.server_url resolves via the workflow-level env override
|
||||
# to the Gitea instance, so the RUN_URL points at the Gitea run
|
||||
# page (not github.com). See feedback_act_runner_github_server_url.
|
||||
RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
|
||||
run: |
|
||||
# Write body to a temp file — avoids backtick escaping in shell.
|
||||
cat > /tmp/deploy-reminder.md << 'BODY'
|
||||
## Canvas build passed — deploy required
|
||||
|
||||
The `publish-canvas-image` workflow is now building a fresh Docker image
|
||||
(`ghcr.io/molecule-ai/canvas:latest`) in the background.
|
||||
|
||||
Once it completes (~3–5 min), apply on the host machine with:
|
||||
```bash
|
||||
cd <runner-workspace>
|
||||
git pull origin main
|
||||
docker compose pull canvas && docker compose up -d canvas
|
||||
```
|
||||
|
||||
If you need to rebuild from local source instead (e.g. testing unreleased
|
||||
changes or a new `NEXT_PUBLIC_*` URL), use:
|
||||
```bash
|
||||
docker compose build canvas && docker compose up -d canvas
|
||||
```
|
||||
BODY
|
||||
printf '\n> Posted automatically by CI · commit `%s` · [build log](%s)\n' \
|
||||
"$COMMIT_SHA" "$RUN_URL" >> /tmp/deploy-reminder.md
|
||||
|
||||
# Gitea has no commit-comments API; write to GITHUB_STEP_SUMMARY,
|
||||
# which both GitHub Actions and Gitea Actions render as the
|
||||
# workflow run's summary page. (#75 / PR-D)
|
||||
cat /tmp/deploy-reminder.md >> "$GITHUB_STEP_SUMMARY"
|
||||
|
||||
# Python Lint & Test — required check, always runs.
|
||||
python-lint:
|
||||
name: Python Lint & Test
|
||||
needs: changes
|
||||
runs-on: ubuntu-latest
|
||||
# Phase 4 (RFC #219 §1): confirmed green on main 2026-05-12.
|
||||
continue-on-error: false
|
||||
env:
|
||||
WORKSPACE_ID: test
|
||||
defaults:
|
||||
run:
|
||||
working-directory: workspace
|
||||
steps:
|
||||
- if: needs.changes.outputs.python != 'true'
|
||||
working-directory: .
|
||||
run: echo "No workspace/** changes — skipping real lint+test; this job always runs to satisfy the required-check name on branch protection."
|
||||
- if: needs.changes.outputs.python == 'true'
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
- if: needs.changes.outputs.python == 'true'
|
||||
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
|
||||
with:
|
||||
python-version: '3.11'
|
||||
cache: pip
|
||||
cache-dependency-path: workspace/requirements.txt
|
||||
- if: needs.changes.outputs.python == 'true'
|
||||
run: pip install -r requirements.txt pytest pytest-asyncio pytest-cov sqlalchemy>=2.0.0
|
||||
# Coverage flags + fail-under floor moved into workspace/pytest.ini
|
||||
# (issue #1817) so local `pytest` and CI use identical config.
|
||||
- if: needs.changes.outputs.python == 'true'
|
||||
run: python -m pytest --tb=short
|
||||
|
||||
- if: needs.changes.outputs.python == 'true'
|
||||
name: Per-file critical-path coverage (MCP / inbox / auth)
|
||||
# MCP-critical Python files have a per-file floor on top of the
|
||||
# 86% total floor in pytest.ini. See issue #2790 for full rationale.
|
||||
run: |
|
||||
set -e
|
||||
PER_FILE_FLOOR=75
|
||||
CRITICAL_FILES=(
|
||||
"a2a_mcp_server.py"
|
||||
"mcp_cli.py"
|
||||
"a2a_tools.py"
|
||||
"a2a_tools_inbox.py"
|
||||
"inbox.py"
|
||||
"platform_auth.py"
|
||||
)
|
||||
|
||||
# pytest already wrote .coverage; emit a JSON view scoped to
|
||||
# the critical files so jq/python can read the per-file pct
|
||||
# without parsing tabular text.
|
||||
INCLUDES=$(printf '*%s,' "${CRITICAL_FILES[@]}")
|
||||
INCLUDES="${INCLUDES%,}"
|
||||
python -m coverage json -o /tmp/critical-cov.json --include="$INCLUDES"
|
||||
|
||||
FAILED=0
|
||||
for f in "${CRITICAL_FILES[@]}"; do
|
||||
pct=$(jq -r --arg f "$f" '.files | to_entries | map(select(.key == $f)) | .[0].value.summary.percent_covered // "MISSING"' /tmp/critical-cov.json)
|
||||
if [ "$pct" = "MISSING" ]; then
|
||||
echo "::error file=workspace/$f::No coverage data — file may have moved or test exclusion mis-set."
|
||||
FAILED=$((FAILED+1))
|
||||
continue
|
||||
fi
|
||||
echo "$f: ${pct}%"
|
||||
if awk "BEGIN{exit !($pct < $PER_FILE_FLOOR)}"; then
|
||||
echo "::error file=workspace/$f::${pct}% < ${PER_FILE_FLOOR}% per-file floor (MCP critical path). See COVERAGE_FLOOR.md."
|
||||
FAILED=$((FAILED+1))
|
||||
fi
|
||||
done
|
||||
|
||||
if [ "$FAILED" -gt 0 ]; then
|
||||
echo ""
|
||||
echo "$FAILED MCP critical-path file(s) below the ${PER_FILE_FLOOR}% per-file floor."
|
||||
echo "These paths handle multi-tenant routing, auth tokens, and inbox dispatch."
|
||||
echo "A coverage drop here is the same risk shape as Go-side tokens/secrets files"
|
||||
echo "dropping below 10% (see COVERAGE_FLOOR.md). Either:"
|
||||
echo " (a) add tests to raise coverage back above ${PER_FILE_FLOOR}%, or"
|
||||
echo " (b) if this is unavoidable historical debt, file an issue and propose"
|
||||
echo " adjusting the floor with rationale in COVERAGE_FLOOR.md."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
all-required:
|
||||
# Aggregator sentinel — RFC internal#219 §2 (Phase 4 — closes internal#286).
|
||||
#
|
||||
# Single stable required-status name that branch protection points at;
|
||||
# CI churns underneath in `needs:` without any protection edits. Mirrors
|
||||
# the molecule-controlplane Phase 2a impl shipped in CP PR#112 and
|
||||
# referenced by `internal#286` ("Phase 4 is a single small PR... mirrors
|
||||
# CP's existing one").
|
||||
#
|
||||
# Closes the failure mode where status_check_contexts on molecule-core/main
|
||||
# only listed `Secret scan` + `sop-tier-check` (the 2 meta-gates), so real
|
||||
# `Platform (Go)` / `Canvas (Next.js)` / `Python Lint & Test` / `Shellcheck`
|
||||
# red silently merged through. See internal#286 for the three concrete
|
||||
# tonight-of-2026-05-11 incidents that prompted the emergency bump.
|
||||
#
|
||||
# Three properties of this job each close a failure mode:
|
||||
#
|
||||
# 1. `if: always()` — runs even when an upstream fails. Without it the
|
||||
# sentinel is `skipped` and protection treats that as missing → merge
|
||||
# ungated.
|
||||
#
|
||||
# 2. Assertion is `result == "success"` per dep, NOT `!= "failure"`.
|
||||
# A `skipped` upstream (job gated by `if:` evaluating false, matrix
|
||||
# entry that couldn't run) must NOT silently pass through.
|
||||
# `skipped`-as-green is exactly the failure mode this gate closes.
|
||||
#
|
||||
# 3. `needs:` is the canonical list of "what counts as required."
|
||||
# status_check_contexts will reference only `ci/all-required` (Step 5
|
||||
# follow-up — branch-protection PATCH is Owners-tier per
|
||||
# `feedback_never_admin_merge_bypass`, separate PR); a new job is
|
||||
# added simply by listing it in `needs:` here.
|
||||
# `.gitea/workflows/ci-required-drift.yml` files a [ci-drift] issue
|
||||
# hourly if this list diverges from status_check_contexts or from
|
||||
# audit-force-merge.yml's REQUIRED_CHECKS env (RFC §4 + §6).
|
||||
#
|
||||
# Excluded from `needs:`: `canvas-deploy-reminder` — gated by
|
||||
# `if: ... github.event_name == 'push' && github.ref == 'refs/heads/main'`,
|
||||
# so on PR events it's legitimately `skipped`. The drift detector
|
||||
# explicitly excludes `github.event_name`-gated jobs from F1 (see
|
||||
# `.gitea/scripts/ci-required-drift.py::ci_job_names`).
|
||||
#
|
||||
# Phase 3 (RFC #219 §1) safety: underlying build jobs carry
|
||||
# continue-on-error: true so their failures are masked to null (2026-05-12: re-enabled mc#774 interim)
|
||||
# (Gitea suppresses status reporting for CoE jobs). This sentinel
|
||||
# runs with continue-on-error: false so it always reports its
|
||||
# result to the API — without this, the required-status entry
|
||||
# (CI / all-required (pull_request)) is never created, which
|
||||
# blocks PR merges. When Phase 3 ends, flip underlying jobs to
|
||||
# continue-on-error: false; this sentinel can then be flipped to
|
||||
# continue-on-error: true if a Phase-4 regression requires it.
|
||||
continue-on-error: false
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 1
|
||||
needs:
|
||||
- changes
|
||||
- platform-build
|
||||
- canvas-build
|
||||
- shellcheck
|
||||
- python-lint
|
||||
if: always()
|
||||
steps:
|
||||
- name: Assert every required dependency succeeded
|
||||
run: |
|
||||
set -euo pipefail
|
||||
# `needs.*.result` is one of: success | failure | cancelled | skipped | null.
|
||||
# We assert success per dep (not != failure) — see RFC §2 reasoning above.
|
||||
# Null results are skipped: they come from Phase 3 (continue-on-error: true
|
||||
# suppresses status) or from jobs still in-flight. The sentinel succeeds
|
||||
# rather than blocking PRs on Phase 3 noise.
|
||||
results='${{ toJSON(needs) }}'
|
||||
echo "$results"
|
||||
echo "$results" | python3 -c '
|
||||
import json, sys
|
||||
ns = json.load(sys.stdin)
|
||||
# Phase 3 masked: jobs with continue-on-error: true may report "failure"
|
||||
# Remove when mc#774 handler test failures are resolved.
|
||||
PHASE3_MASKED = {"platform-build"}
|
||||
# Exclude null (Phase 3 suppressed / in-flight) from the bad list.
|
||||
bad = [(k, v.get("result")) for k, v in ns.items()
|
||||
if v.get("result") not in ("success", None, "cancelled", "skipped") and k not in PHASE3_MASKED]
|
||||
if bad:
|
||||
print(f"FAIL: jobs not green:", file=sys.stderr)
|
||||
for k, r in bad:
|
||||
print(f" - {k}: {r}", file=sys.stderr)
|
||||
sys.exit(1)
|
||||
pending = [(k, v.get("result")) for k, v in ns.items()
|
||||
if v.get("result") is None]
|
||||
cancelled = [(k, v.get("result")) for k, v in ns.items()
|
||||
if v.get("result") == "cancelled"]
|
||||
if pending:
|
||||
print(f"WARN: {len(pending)} job(s) still in-flight (result=null): " +
|
||||
", ".join(k for k, _ in pending), file=sys.stderr)
|
||||
if cancelled:
|
||||
print(f"INFO: {len(cancelled)} job(s) masked by continue-on-error: " +
|
||||
", ".join(k for k, _ in cancelled), file=sys.stderr)
|
||||
print(f"OK: all {len(ns)} required jobs succeeded (or Phase-3 suppressed)")
|
||||
'
|
||||
@@ -1,121 +0,0 @@
|
||||
# sop-checklist-gate — peer-ack merge gate for SOP-checklist items.
|
||||
#
|
||||
# RFC#351 Step 2 of 6 (implementation MVP).
|
||||
#
|
||||
# === DESIGN ===
|
||||
#
|
||||
# Goal: each PR must answer 7 SOP-checklist questions in its body,
|
||||
# and each item must have at least one /sop-ack <slug> comment from
|
||||
# a non-author peer in the required team. BP requires the
|
||||
# `sop-checklist / all-items-acked (pull_request)` status to merge.
|
||||
#
|
||||
# Triggers:
|
||||
# - `pull_request_target`: opened, edited, synchronize, reopened
|
||||
# → fires when PR opens, body is edited (refire — RFC#351 §4),
|
||||
# or new code is pushed (head.sha changes → stale status would
|
||||
# be auto-discarded by BP via dismiss_stale_reviews, but the
|
||||
# status itself is per-SHA so we re-post on the new head).
|
||||
# - `issue_comment`: created, edited, deleted
|
||||
# → fires on any new comment so /sop-ack / /sop-revoke take
|
||||
# effect immediately (Gitea 1.22.6 doesn't refire on
|
||||
# pull_request_review per feedback_pull_request_review_no_refire,
|
||||
# so issue_comment is the canonical refire channel).
|
||||
#
|
||||
# Trust boundary (mirrors RFC#324 §A4 + sop-tier-check security note):
|
||||
# `pull_request_target` (not `pull_request`) — workflow def is loaded
|
||||
# from BASE branch, so a PR cannot rewrite this workflow to exfiltrate
|
||||
# the token. The `actions/checkout` step pins `ref: base.sha` so the
|
||||
# script ALSO comes from BASE. PR-HEAD code is never executed in the
|
||||
# runner.
|
||||
#
|
||||
# Token scope:
|
||||
# - read:repository, read:organization for PR + comments + team probes
|
||||
# - write:repository for POST /statuses/{sha}
|
||||
# - The token owner MUST be a member of every team referenced by the
|
||||
# config's required_teams (else /teams/{id}/members/{login} returns
|
||||
# 403 — see review-check.sh same-gotcha doc). For the MVP we use
|
||||
# the dev-lead token (a member of engineers, managers, qa, security)
|
||||
# via a repo secret `SOP_CHECKLIST_GATE_TOKEN`. Provisioning of that
|
||||
# secret is a follow-up authorization step (separate from this PR).
|
||||
#
|
||||
# Failure mode: tier-aware (RFC#351 open question 2):
|
||||
# - tier:high → state=failure (hard-fail; BP blocks merge)
|
||||
# - tier:medium → state=failure (hard-fail; same)
|
||||
# - tier:low → state=pending (soft-fail; BP can choose to require
|
||||
# this context or skip for low-tier PRs)
|
||||
# - missing/no-tier → state=failure (default-mode: hard — never lower
|
||||
# the bar per feedback_fix_root_not_symptom)
|
||||
#
|
||||
# Slash-command contract (RFC#351 v1 + §A1.1-style notes from RFC#324):
|
||||
#
|
||||
# /sop-ack <slug-or-numeric-alias> [optional note]
|
||||
# — register a peer-ack for one checklist item.
|
||||
# — slug accepts kebab-case, snake_case, or natural-spaces
|
||||
# (all normalize to canonical kebab-case).
|
||||
# — numeric 1..7 maps via config.items[*].numeric_alias.
|
||||
# — most-recent (user, slug) directive wins.
|
||||
#
|
||||
# /sop-revoke <slug-or-numeric-alias> [reason]
|
||||
# — invalidate the commenter's own prior /sop-ack for this slug.
|
||||
# — does NOT affect other peers' acks on the same slug.
|
||||
# — most-recent (user, slug) directive wins, so a later /sop-ack
|
||||
# re-restores the ack.
|
||||
#
|
||||
# The eval is read-only + idempotent (read PR + comments + team
|
||||
# membership, compute, post status). Re-running on any event is safe —
|
||||
# the new status overwrites the previous one for the same context.
|
||||
|
||||
name: sop-checklist-gate
|
||||
|
||||
on:
|
||||
pull_request_target:
|
||||
types: [opened, edited, synchronize, reopened, labeled, unlabeled]
|
||||
issue_comment:
|
||||
types: [created, edited, deleted]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
pull-requests: read
|
||||
# NOTE: `statuses: write` is the GitHub-Actions name for POST /statuses.
|
||||
# Gitea 1.22.6 may not gate on this permission key (it just checks the
|
||||
# token), but listing it explicitly documents intent for the next
|
||||
# platform-version upgrade.
|
||||
statuses: write
|
||||
|
||||
jobs:
|
||||
gate:
|
||||
# Run on pull_request_target events always. On issue_comment events,
|
||||
# only when the comment is on a PR (issue_comment fires for issues
|
||||
# too) and the body contains one of the slash-commands.
|
||||
if: |
|
||||
github.event_name == 'pull_request_target' ||
|
||||
(github.event_name == 'issue_comment' &&
|
||||
github.event.issue.pull_request != null &&
|
||||
(contains(github.event.comment.body, '/sop-ack') ||
|
||||
contains(github.event.comment.body, '/sop-revoke')))
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Check out BASE ref (trust boundary — never PR-head)
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
with:
|
||||
# For pull_request_target, the default branch is the trust
|
||||
# anchor. For issue_comment the PR base may differ from the
|
||||
# default branch (PR targeting `staging`), so we use the
|
||||
# default-branch ref explicitly — same approach as
|
||||
# qa-review.yml so the script source is always trusted.
|
||||
ref: ${{ github.event.repository.default_branch }}
|
||||
|
||||
- name: Run sop-checklist-gate
|
||||
env:
|
||||
GITEA_TOKEN: ${{ secrets.SOP_CHECKLIST_GATE_TOKEN || secrets.GITHUB_TOKEN }}
|
||||
PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }}
|
||||
OWNER: ${{ github.repository_owner }}
|
||||
REPO_NAME: ${{ github.event.repository.name }}
|
||||
run: |
|
||||
set -euo pipefail
|
||||
python3 .gitea/scripts/sop-checklist-gate.py \
|
||||
--owner "$OWNER" \
|
||||
--repo "$REPO_NAME" \
|
||||
--pr "$PR_NUMBER" \
|
||||
--config .gitea/sop-checklist-config.yaml \
|
||||
--gitea-host git.moleculesai.app
|
||||
@@ -18,109 +18,6 @@
|
||||
import { useCallback, useState } from "react";
|
||||
import * as Dialog from "@radix-ui/react-dialog";
|
||||
|
||||
// ─── Pure fill helpers ────────────────────────────────────────────────────────
|
||||
// Each snippet is server-stamped with workspace_id + platform_url but leaves
|
||||
// AUTH_TOKEN as a placeholder. These helpers stamp the real token in so the
|
||||
// operator's copy-paste is truly ready-to-run. All are pure string ops.
|
||||
|
||||
export function fillPythonSnippet(
|
||||
snippet: string,
|
||||
authToken: string,
|
||||
): string {
|
||||
return snippet.replace(
|
||||
'AUTH_TOKEN = "<paste from create response>"',
|
||||
`AUTH_TOKEN = "${authToken}"`,
|
||||
);
|
||||
}
|
||||
|
||||
export function fillCurlSnippet(
|
||||
snippet: string,
|
||||
authToken: string,
|
||||
): string {
|
||||
return snippet.replace(
|
||||
'WORKSPACE_AUTH_TOKEN="<paste from create response>"',
|
||||
`WORKSPACE_AUTH_TOKEN="${authToken}"`,
|
||||
);
|
||||
}
|
||||
|
||||
export function fillChannelSnippet(
|
||||
snippet: string | undefined,
|
||||
authToken: string,
|
||||
): string | undefined {
|
||||
return snippet?.replace(
|
||||
'MOLECULE_WORKSPACE_TOKENS=<paste auth_token from create response>',
|
||||
`MOLECULE_WORKSPACE_TOKENS=${authToken}`,
|
||||
);
|
||||
}
|
||||
|
||||
export function fillUniversalMcpSnippet(
|
||||
snippet: string | undefined,
|
||||
authToken: string,
|
||||
): string | undefined {
|
||||
return snippet?.replace(
|
||||
'MOLECULE_WORKSPACE_TOKEN="<paste from create response>"',
|
||||
`MOLECULE_WORKSPACE_TOKEN="${authToken}"`,
|
||||
);
|
||||
}
|
||||
|
||||
export function fillHermesSnippet(
|
||||
snippet: string | undefined,
|
||||
authToken: string,
|
||||
): string | undefined {
|
||||
return snippet?.replace(
|
||||
'MOLECULE_WORKSPACE_TOKEN="<paste from create response>"',
|
||||
`MOLECULE_WORKSPACE_TOKEN="${authToken}"`,
|
||||
);
|
||||
}
|
||||
|
||||
export function fillCodexSnippet(
|
||||
snippet: string | undefined,
|
||||
authToken: string,
|
||||
): string | undefined {
|
||||
return snippet?.replace(
|
||||
'MOLECULE_WORKSPACE_TOKEN = "<paste from create response>"',
|
||||
`MOLECULE_WORKSPACE_TOKEN = "${authToken}"`,
|
||||
);
|
||||
}
|
||||
|
||||
export function fillOpenClawSnippet(
|
||||
snippet: string | undefined,
|
||||
authToken: string,
|
||||
): string | undefined {
|
||||
return snippet?.replace(
|
||||
'WORKSPACE_TOKEN="<paste from create response>"',
|
||||
`WORKSPACE_TOKEN="${authToken}"`,
|
||||
);
|
||||
}
|
||||
|
||||
/** Build the ordered tab list shown in the modal. Each tab only appears when
|
||||
* the platform supplies the corresponding snippet. */
|
||||
export function buildTabOrder(info: ExternalConnectionInfo): Tab[] {
|
||||
const tabs: Tab[] = [];
|
||||
const { filledUniversalMcp, filledChannel, filledHermes, filledCodex, filledOpenClaw } = buildFilledSnippets(info);
|
||||
if (filledUniversalMcp) tabs.push("mcp");
|
||||
tabs.push("python");
|
||||
if (filledChannel) tabs.push("claude");
|
||||
if (filledHermes) tabs.push("hermes");
|
||||
if (filledCodex) tabs.push("codex");
|
||||
if (filledOpenClaw) tabs.push("openclaw");
|
||||
tabs.push("curl", "fields");
|
||||
return tabs;
|
||||
}
|
||||
|
||||
/** Pre-fill all snippets from an info object. Exposed for testing. */
|
||||
export function buildFilledSnippets(info: ExternalConnectionInfo) {
|
||||
return {
|
||||
filledPython: fillPythonSnippet(info.python_snippet, info.auth_token),
|
||||
filledCurl: fillCurlSnippet(info.curl_register_template, info.auth_token),
|
||||
filledChannel: fillChannelSnippet(info.claude_code_channel_snippet, info.auth_token),
|
||||
filledUniversalMcp: fillUniversalMcpSnippet(info.universal_mcp_snippet, info.auth_token),
|
||||
filledHermes: fillHermesSnippet(info.hermes_channel_snippet, info.auth_token),
|
||||
filledCodex: fillCodexSnippet(info.codex_snippet, info.auth_token),
|
||||
filledOpenClaw: fillOpenClawSnippet(info.openclaw_snippet, info.auth_token),
|
||||
};
|
||||
}
|
||||
|
||||
type Tab = "python" | "curl" | "claude" | "mcp" | "hermes" | "codex" | "openclaw" | "fields";
|
||||
|
||||
export interface ExternalConnectionInfo {
|
||||
@@ -205,7 +102,54 @@ export function ExternalConnectModal({ info, onClose }: Props) {
|
||||
|
||||
if (!info) return null;
|
||||
|
||||
const { filledPython, filledCurl, filledChannel, filledUniversalMcp, filledHermes, filledCodex, filledOpenClaw } = buildFilledSnippets(info);
|
||||
// Python snippet is stamped server-side with workspace_id +
|
||||
// platform_url but leaves AUTH_TOKEN as a "<paste …>" placeholder
|
||||
// (that's what we're showing in the modal). Fill in the real
|
||||
// token here so the snippet the operator copies is truly ready-to-run.
|
||||
const filledPython = info.python_snippet.replace(
|
||||
'AUTH_TOKEN = "<paste from create response>"',
|
||||
`AUTH_TOKEN = "${info.auth_token}"`,
|
||||
);
|
||||
const filledCurl = info.curl_register_template.replace(
|
||||
'WORKSPACE_AUTH_TOKEN="<paste from create response>"',
|
||||
`WORKSPACE_AUTH_TOKEN="${info.auth_token}"`,
|
||||
);
|
||||
// The channel snippet asks the operator to paste the auth_token into
|
||||
// the .env file's MOLECULE_WORKSPACE_TOKENS field. Stamp it server-side
|
||||
// here so the copy-paste-block is truly ready-to-run.
|
||||
const filledChannel = info.claude_code_channel_snippet?.replace(
|
||||
'MOLECULE_WORKSPACE_TOKENS=<paste auth_token from create response>',
|
||||
`MOLECULE_WORKSPACE_TOKENS=${info.auth_token}`,
|
||||
);
|
||||
// Universal MCP snippet uses MOLECULE_WORKSPACE_TOKEN as the env-var
|
||||
// name passed through to molecule-mcp via `claude mcp add ... -- env
|
||||
// MOLECULE_WORKSPACE_TOKEN=...`. The placeholder must match the
|
||||
// template's literal — pre-2026-04-30 polish this looked for
|
||||
// WORKSPACE_AUTH_TOKEN (carryover from the curl tab), which silently
|
||||
// skipped the substitution and left "<paste from create response>"
|
||||
// visible in the operator's clipboard.
|
||||
const filledUniversalMcp = info.universal_mcp_snippet?.replace(
|
||||
'MOLECULE_WORKSPACE_TOKEN="<paste from create response>"',
|
||||
`MOLECULE_WORKSPACE_TOKEN="${info.auth_token}"`,
|
||||
);
|
||||
// Hermes channel snippet uses MOLECULE_WORKSPACE_TOKEN (same env-var
|
||||
// name as Universal MCP). Stamp the auth_token in so the operator's
|
||||
// copy-paste is fully ready-to-run.
|
||||
const filledHermes = info.hermes_channel_snippet?.replace(
|
||||
'MOLECULE_WORKSPACE_TOKEN="<paste from create response>"',
|
||||
`MOLECULE_WORKSPACE_TOKEN="${info.auth_token}"`,
|
||||
);
|
||||
// Codex + OpenClaw snippets carry the placeholder inside the
|
||||
// generated config block (TOML / JSON respectively). Stamp the
|
||||
// token in so the copy-paste is one less manual edit.
|
||||
const filledCodex = info.codex_snippet?.replace(
|
||||
'MOLECULE_WORKSPACE_TOKEN = "<paste from create response>"',
|
||||
`MOLECULE_WORKSPACE_TOKEN = "${info.auth_token}"`,
|
||||
);
|
||||
const filledOpenClaw = info.openclaw_snippet?.replace(
|
||||
'WORKSPACE_TOKEN="<paste from create response>"',
|
||||
`WORKSPACE_TOKEN="${info.auth_token}"`,
|
||||
);
|
||||
|
||||
return (
|
||||
<Dialog.Root open onOpenChange={(o) => !o && onClose()}>
|
||||
@@ -227,7 +171,27 @@ export function ExternalConnectModal({ info, onClose }: Props) {
|
||||
aria-label="Connection snippet format"
|
||||
className="mt-4 flex gap-1 border-b border-line"
|
||||
>
|
||||
{buildTabOrder(info).map((t) => (
|
||||
{(() => {
|
||||
// Build the tab order dynamically. Claude Code first
|
||||
// (when offered) since it's the simplest setup; Python
|
||||
// SDK second (full register+heartbeat+inbound); Universal
|
||||
// MCP third (any MCP-aware runtime, outbound-only); curl
|
||||
// for one-shot register; Fields for raw values.
|
||||
// Tab order: Universal MCP first (default, runtime-
|
||||
// agnostic primitives), then runtime-specific channel/
|
||||
// SDK tabs, then curl + Fields. Each runtime tab only
|
||||
// appears when the platform supplies the snippet — no
|
||||
// dead "tab missing snippet" UX.
|
||||
const tabs: Tab[] = [];
|
||||
if (filledUniversalMcp) tabs.push("mcp");
|
||||
tabs.push("python");
|
||||
if (filledChannel) tabs.push("claude");
|
||||
if (filledHermes) tabs.push("hermes");
|
||||
if (filledCodex) tabs.push("codex");
|
||||
if (filledOpenClaw) tabs.push("openclaw");
|
||||
tabs.push("curl", "fields");
|
||||
return tabs;
|
||||
})().map((t) => (
|
||||
<button
|
||||
key={t}
|
||||
type="button"
|
||||
|
||||
@@ -1,275 +0,0 @@
|
||||
'use client';
|
||||
|
||||
import { describe, it, expect } from 'vitest';
|
||||
import {
|
||||
fillPythonSnippet,
|
||||
fillCurlSnippet,
|
||||
fillChannelSnippet,
|
||||
fillUniversalMcpSnippet,
|
||||
fillHermesSnippet,
|
||||
fillCodexSnippet,
|
||||
fillOpenClawSnippet,
|
||||
buildFilledSnippets,
|
||||
buildTabOrder,
|
||||
ExternalConnectionInfo,
|
||||
} from '../ExternalConnectModal';
|
||||
|
||||
// ─── fillPythonSnippet ───────────────────────────────────────────────────────
|
||||
|
||||
describe('fillPythonSnippet', () => {
|
||||
it('stamps auth_token into the AUTH_TOKEN placeholder', () => {
|
||||
const input =
|
||||
'AUTH_TOKEN = "<paste from create response>"\n' +
|
||||
'PLATFORM_URL = "http://localhost:8080"';
|
||||
const got = fillPythonSnippet(input, 'tok-abc123');
|
||||
expect(got).toContain('AUTH_TOKEN = "tok-abc123"');
|
||||
// Original placeholder is gone
|
||||
expect(got).not.toContain('<paste from create response>');
|
||||
});
|
||||
|
||||
it('leaves other lines untouched', () => {
|
||||
const input = 'PLATFORM_URL = "http://localhost:8080"\nAUTH_TOKEN = "<paste from create response>"';
|
||||
const got = fillPythonSnippet(input, 'tok-xyz');
|
||||
expect(got).toContain('PLATFORM_URL = "http://localhost:8080"');
|
||||
});
|
||||
|
||||
it('handles empty token', () => {
|
||||
const input = 'AUTH_TOKEN = "<paste from create response>"';
|
||||
const got = fillPythonSnippet(input, '');
|
||||
expect(got).toContain('AUTH_TOKEN = ""');
|
||||
});
|
||||
});
|
||||
|
||||
// ─── fillCurlSnippet ─────────────────────────────────────────────────────────
|
||||
|
||||
describe('fillCurlSnippet', () => {
|
||||
it('stamps auth_token into WORKSPACE_AUTH_TOKEN placeholder', () => {
|
||||
const input = 'WORKSPACE_AUTH_TOKEN="<paste from create response>"';
|
||||
const got = fillCurlSnippet(input, 'tok-curl');
|
||||
expect(got).toContain('WORKSPACE_AUTH_TOKEN="tok-curl"');
|
||||
expect(got).not.toContain('<paste from create response>');
|
||||
});
|
||||
});
|
||||
|
||||
// ─── fillChannelSnippet ─────────────────────────────────────────────────────
|
||||
|
||||
describe('fillChannelSnippet', () => {
|
||||
it('stamps token into MOLECULE_WORKSPACE_TOKENS placeholder', () => {
|
||||
const input = 'MOLECULE_WORKSPACE_TOKENS=<paste auth_token from create response>';
|
||||
const got = fillChannelSnippet(input, 'tok-channel');
|
||||
expect(got).toContain('MOLECULE_WORKSPACE_TOKENS=tok-channel');
|
||||
});
|
||||
|
||||
it('returns undefined when snippet is undefined', () => {
|
||||
expect(fillChannelSnippet(undefined, 'tok')).toBeUndefined();
|
||||
});
|
||||
});
|
||||
|
||||
// ─── fillUniversalMcpSnippet ───────────────────────────────────────────────
|
||||
|
||||
describe('fillUniversalMcpSnippet', () => {
|
||||
it('stamps token with double-quoted value', () => {
|
||||
const input = 'MOLECULE_WORKSPACE_TOKEN="<paste from create response>"';
|
||||
const got = fillUniversalMcpSnippet(input, 'tok-mcp');
|
||||
expect(got).toContain('MOLECULE_WORKSPACE_TOKEN="tok-mcp"');
|
||||
});
|
||||
|
||||
it('returns undefined when snippet is undefined', () => {
|
||||
expect(fillUniversalMcpSnippet(undefined, 'tok')).toBeUndefined();
|
||||
});
|
||||
});
|
||||
|
||||
// ─── fillHermesSnippet ─────────────────────────────────────────────────────
|
||||
|
||||
describe('fillHermesSnippet', () => {
|
||||
it('stamps token with double-quoted value', () => {
|
||||
const input = 'MOLECULE_WORKSPACE_TOKEN="<paste from create response>"';
|
||||
const got = fillHermesSnippet(input, 'tok-hermes');
|
||||
expect(got).toContain('MOLECULE_WORKSPACE_TOKEN="tok-hermes"');
|
||||
});
|
||||
|
||||
it('returns undefined when snippet is undefined', () => {
|
||||
expect(fillHermesSnippet(undefined, 'tok')).toBeUndefined();
|
||||
});
|
||||
});
|
||||
|
||||
// ─── fillCodexSnippet ──────────────────────────────────────────────────────
|
||||
|
||||
describe('fillCodexSnippet', () => {
|
||||
it('uses TOML spacing (space around equals)', () => {
|
||||
const input = 'MOLECULE_WORKSPACE_TOKEN = "<paste from create response>"';
|
||||
const got = fillCodexSnippet(input, 'tok-codex');
|
||||
expect(got).toContain('MOLECULE_WORKSPACE_TOKEN = "tok-codex"');
|
||||
expect(got).not.toContain('<paste from create response>');
|
||||
});
|
||||
|
||||
it('returns undefined when snippet is undefined', () => {
|
||||
expect(fillCodexSnippet(undefined, 'tok')).toBeUndefined();
|
||||
});
|
||||
});
|
||||
|
||||
// ─── fillOpenClawSnippet ───────────────────────────────────────────────────
|
||||
|
||||
describe('fillOpenClawSnippet', () => {
|
||||
it('stamps token with WORKSPACE_TOKEN key name', () => {
|
||||
const input = 'WORKSPACE_TOKEN="<paste from create response>"';
|
||||
const got = fillOpenClawSnippet(input, 'tok-oc');
|
||||
expect(got).toContain('WORKSPACE_TOKEN="tok-oc"');
|
||||
expect(got).not.toContain('<paste from create response>');
|
||||
});
|
||||
|
||||
it('returns undefined when snippet is undefined', () => {
|
||||
expect(fillOpenClawSnippet(undefined, 'tok')).toBeUndefined();
|
||||
});
|
||||
});
|
||||
|
||||
// ─── buildFilledSnippets ────────────────────────────────────────────────────
|
||||
|
||||
describe('buildFilledSnippets', () => {
|
||||
const makeInfo = (overrides: Partial<ExternalConnectionInfo> = {}): ExternalConnectionInfo =>
|
||||
({
|
||||
workspace_id: 'ws-1',
|
||||
platform_url: 'http://localhost:8080',
|
||||
auth_token: 'tok-test',
|
||||
registry_endpoint: 'http://localhost:8080/registry/register',
|
||||
heartbeat_endpoint: 'http://localhost:8080/registry/heartbeat',
|
||||
python_snippet: 'AUTH_TOKEN = "<paste from create response>"',
|
||||
curl_register_template: 'WORKSPACE_AUTH_TOKEN="<paste from create response>"',
|
||||
...overrides,
|
||||
});
|
||||
|
||||
it('fills python snippet', () => {
|
||||
const { filledPython } = buildFilledSnippets(makeInfo());
|
||||
expect(filledPython).toContain('tok-test');
|
||||
});
|
||||
|
||||
it('fills curl snippet', () => {
|
||||
const { filledCurl } = buildFilledSnippets(makeInfo());
|
||||
expect(filledCurl).toContain('tok-test');
|
||||
});
|
||||
|
||||
it('fills claude_code_channel_snippet when present', () => {
|
||||
const info = makeInfo({
|
||||
claude_code_channel_snippet: 'MOLECULE_WORKSPACE_TOKENS=<paste auth_token from create response>',
|
||||
});
|
||||
const { filledChannel } = buildFilledSnippets(info);
|
||||
expect(filledChannel).toContain('tok-test');
|
||||
});
|
||||
|
||||
it('fills universal_mcp_snippet when present', () => {
|
||||
const info = makeInfo({
|
||||
universal_mcp_snippet: 'MOLECULE_WORKSPACE_TOKEN="<paste from create response>"',
|
||||
});
|
||||
const { filledUniversalMcp } = buildFilledSnippets(info);
|
||||
expect(filledUniversalMcp).toContain('tok-test');
|
||||
});
|
||||
|
||||
it('fills hermes_channel_snippet when present', () => {
|
||||
const info = makeInfo({
|
||||
hermes_channel_snippet: 'MOLECULE_WORKSPACE_TOKEN="<paste from create response>"',
|
||||
});
|
||||
const { filledHermes } = buildFilledSnippets(info);
|
||||
expect(filledHermes).toContain('tok-test');
|
||||
});
|
||||
|
||||
it('fills codex_snippet when present', () => {
|
||||
const info = makeInfo({
|
||||
codex_snippet: 'MOLECULE_WORKSPACE_TOKEN = "<paste from create response>"',
|
||||
});
|
||||
const { filledCodex } = buildFilledSnippets(info);
|
||||
expect(filledCodex).toContain('tok-test');
|
||||
});
|
||||
|
||||
it('fills openclaw_snippet when present', () => {
|
||||
const info = makeInfo({
|
||||
openclaw_snippet: 'WORKSPACE_TOKEN="<paste from create response>"',
|
||||
});
|
||||
const { filledOpenClaw } = buildFilledSnippets(info);
|
||||
expect(filledOpenClaw).toContain('tok-test');
|
||||
});
|
||||
});
|
||||
|
||||
// ─── buildTabOrder ──────────────────────────────────────────────────────────
|
||||
|
||||
describe('buildTabOrder', () => {
|
||||
const makeInfo = (overrides: Partial<ExternalConnectionInfo> = {}): ExternalConnectionInfo =>
|
||||
({
|
||||
workspace_id: 'ws-1',
|
||||
platform_url: 'http://localhost:8080',
|
||||
auth_token: 'tok-test',
|
||||
registry_endpoint: 'http://localhost:8080/registry/register',
|
||||
heartbeat_endpoint: 'http://localhost:8080/registry/heartbeat',
|
||||
python_snippet: 'AUTH_TOKEN = "<paste from create response>"',
|
||||
curl_register_template: 'WORKSPACE_AUTH_TOKEN="<paste from create response>"',
|
||||
...overrides,
|
||||
});
|
||||
|
||||
it('python is always present', () => {
|
||||
const tabs = buildTabOrder(makeInfo());
|
||||
expect(tabs).toContain('python');
|
||||
});
|
||||
|
||||
it('curl and fields are always present', () => {
|
||||
const tabs = buildTabOrder(makeInfo());
|
||||
expect(tabs).toContain('curl');
|
||||
expect(tabs).toContain('fields');
|
||||
});
|
||||
|
||||
it('mcp first when universal_mcp_snippet is present', () => {
|
||||
const tabs = buildTabOrder(makeInfo({
|
||||
universal_mcp_snippet: 'MOLECULE_WORKSPACE_TOKEN="<paste from create response>"',
|
||||
}));
|
||||
expect(tabs[0]).toBe('mcp');
|
||||
});
|
||||
|
||||
it('python first when universal_mcp_snippet is absent', () => {
|
||||
const tabs = buildTabOrder(makeInfo());
|
||||
expect(tabs[0]).toBe('python');
|
||||
});
|
||||
|
||||
it('mcp excluded when universal_mcp_snippet is absent', () => {
|
||||
const tabs = buildTabOrder(makeInfo());
|
||||
expect(tabs).not.toContain('mcp');
|
||||
});
|
||||
|
||||
it('includes claude when claude_code_channel_snippet is present', () => {
|
||||
const tabs = buildTabOrder(makeInfo({
|
||||
claude_code_channel_snippet: 'MOLECULE_WORKSPACE_TOKENS=<paste auth_token from create response>',
|
||||
}));
|
||||
expect(tabs).toContain('claude');
|
||||
});
|
||||
|
||||
it('includes hermes when hermes_channel_snippet is present', () => {
|
||||
const tabs = buildTabOrder(makeInfo({
|
||||
hermes_channel_snippet: 'MOLECULE_WORKSPACE_TOKEN="<paste from create response>"',
|
||||
}));
|
||||
expect(tabs).toContain('hermes');
|
||||
});
|
||||
|
||||
it('includes codex when codex_snippet is present', () => {
|
||||
const tabs = buildTabOrder(makeInfo({
|
||||
codex_snippet: 'MOLECULE_WORKSPACE_TOKEN = "<paste from create response>"',
|
||||
}));
|
||||
expect(tabs).toContain('codex');
|
||||
});
|
||||
|
||||
it('includes openclaw when openclaw_snippet is present', () => {
|
||||
const tabs = buildTabOrder(makeInfo({
|
||||
openclaw_snippet: 'WORKSPACE_TOKEN="<paste from create response>"',
|
||||
}));
|
||||
expect(tabs).toContain('openclaw');
|
||||
});
|
||||
|
||||
it('all optional tabs at once: full house', () => {
|
||||
const tabs = buildTabOrder(makeInfo({
|
||||
universal_mcp_snippet: 'MOLECULE_WORKSPACE_TOKEN="<paste from create response>"',
|
||||
claude_code_channel_snippet: 'MOLECULE_WORKSPACE_TOKENS=<paste auth_token from create response>',
|
||||
hermes_channel_snippet: 'MOLECULE_WORKSPACE_TOKEN="<paste from create response>"',
|
||||
codex_snippet: 'MOLECULE_WORKSPACE_TOKEN = "<paste from create response>"',
|
||||
openclaw_snippet: 'WORKSPACE_TOKEN="<paste from create response>"',
|
||||
}));
|
||||
expect(tabs).toEqual([
|
||||
'mcp', 'python', 'claude', 'hermes', 'codex', 'openclaw', 'curl', 'fields',
|
||||
]);
|
||||
});
|
||||
});
|
||||
@@ -1,162 +1,216 @@
|
||||
// @vitest-environment jsdom
|
||||
/**
|
||||
* Tests for the main FilesTab / PlatformOwnedFilesTab component.
|
||||
* FilesTab: NotAvailablePanel + FilesToolbar coverage.
|
||||
*
|
||||
* Covers: NotAvailablePanel (external runtime), loading/empty/error states,
|
||||
* FilesToolbar actions, and the /configs-only upload guard.
|
||||
* NotAvailablePanel: pure presentational component — renders a "feature not
|
||||
* available" placeholder for external-runtime workspaces.
|
||||
* FilesToolbar: pure props-driven component — directory selector, file count,
|
||||
* action buttons (New, Upload, Export, Clear, Refresh) with correct aria-labels.
|
||||
*
|
||||
* No @testing-library/jest-dom — use textContent / className / getAttribute.
|
||||
* No @testing-library/jest-dom import — use textContent / className /
|
||||
* getAttribute checks to avoid "expect is not defined" errors.
|
||||
*/
|
||||
import { afterEach, describe, expect, it, vi } from "vitest";
|
||||
import { cleanup, fireEvent, render, screen, waitFor } from "@testing-library/react";
|
||||
import { cleanup, render, screen } from "@testing-library/react";
|
||||
import React from "react";
|
||||
|
||||
import { FilesTab } from "../../FilesTab.tsx";
|
||||
import type { FileEntry } from "../../FilesTab/tree";
|
||||
import { FilesToolbar } from "../FilesToolbar";
|
||||
import { NotAvailablePanel } from "../NotAvailablePanel";
|
||||
|
||||
// ─── Mock ──────────────────────────────────────────────────────────────────
|
||||
|
||||
const _mockGet = vi.hoisted(() => vi.fn<() => Promise<unknown>>());
|
||||
vi.mock("@/lib/api", () => ({
|
||||
api: { get: _mockGet, put: vi.fn(), del: vi.fn() },
|
||||
}));
|
||||
// ─── afterEach ─────────────────────────────────────────────────────────────────
|
||||
|
||||
afterEach(() => {
|
||||
cleanup();
|
||||
_mockGet.mockReset();
|
||||
vi.restoreAllMocks();
|
||||
});
|
||||
|
||||
// ─── Helpers ───────────────────────────────────────────────────────────────
|
||||
// ─── NotAvailablePanel ─────────────────────────────────────────────────────────
|
||||
|
||||
const emptyFileList: FileEntry[] = [];
|
||||
describe("NotAvailablePanel", () => {
|
||||
it("renders heading 'Files not available'", () => {
|
||||
const { container } = render(<NotAvailablePanel runtime="external" />);
|
||||
expect(container.textContent).toContain("Files not available");
|
||||
});
|
||||
|
||||
/** Render FilesTab with a non-external runtime (triggers PlatformOwnedFilesTab). */
|
||||
function renderPlatformTab(extraProps: Partial<React.ComponentProps<typeof FilesTab>> = {}) {
|
||||
return render(
|
||||
<FilesTab
|
||||
workspaceId="ws-1"
|
||||
data={{ id: "ws-1", name: "Test", runtime: "claude-code", status: "online", tier: 0, skills: [], created_at: "" }}
|
||||
{...extraProps}
|
||||
/>,
|
||||
);
|
||||
}
|
||||
it("renders the runtime name in monospace", () => {
|
||||
const { container } = render(<NotAvailablePanel runtime="external" />);
|
||||
expect(container.textContent).toContain("external");
|
||||
const spans = container.querySelectorAll("span");
|
||||
const monoSpans = Array.from(spans).filter(
|
||||
(s) => s.className && s.className.includes("font-mono"),
|
||||
);
|
||||
expect(monoSpans.length).toBeGreaterThan(0);
|
||||
});
|
||||
|
||||
// ─── NotAvailablePanel ──────────────────────────────────────────────────────
|
||||
it("renders a Chat tab hint in description", () => {
|
||||
const { container } = render(<NotAvailablePanel runtime="remote-agent" />);
|
||||
expect(container.textContent).toContain("Chat tab");
|
||||
});
|
||||
|
||||
describe("FilesTab — NotAvailablePanel", () => {
|
||||
it("renders NotAvailablePanel when runtime is external", async () => {
|
||||
_mockGet.mockResolvedValueOnce(emptyFileList);
|
||||
render(
|
||||
<FilesTab
|
||||
workspaceId="ws-1"
|
||||
data={{ id: "ws-1", name: "Test", runtime: "external", status: "online", tier: 0, skills: [], created_at: "" }}
|
||||
it("SVG icon has aria-hidden=true", () => {
|
||||
const { container } = render(<NotAvailablePanel runtime="external" />);
|
||||
const svg = container.querySelector("svg");
|
||||
expect(svg?.getAttribute("aria-hidden")).toBe("true");
|
||||
});
|
||||
|
||||
it("renders without crashing for any runtime string", () => {
|
||||
const { container } = render(<NotAvailablePanel runtime="unknown-runtime" />);
|
||||
expect(container.textContent).toContain("unknown-runtime");
|
||||
});
|
||||
|
||||
it("applies the correct layout classes to root div", () => {
|
||||
const { container } = render(<NotAvailablePanel runtime="external" />);
|
||||
const root = container.firstElementChild as HTMLElement;
|
||||
expect(root.className).toContain("flex");
|
||||
expect(root.className).toContain("flex-col");
|
||||
expect(root.className).toContain("items-center");
|
||||
});
|
||||
});
|
||||
|
||||
// ─── FilesToolbar ───────────────────────────────────────────────────────────────
|
||||
|
||||
describe("FilesToolbar", () => {
|
||||
const noop = vi.fn();
|
||||
|
||||
function renderToolbar(props: Partial<React.ComponentProps<typeof FilesToolbar>> = {}) {
|
||||
return render(
|
||||
<FilesToolbar
|
||||
root="/configs"
|
||||
setRoot={noop}
|
||||
fileCount={0}
|
||||
onNewFile={noop}
|
||||
onUpload={noop}
|
||||
onDownloadAll={noop}
|
||||
onClearAll={noop}
|
||||
onRefresh={noop}
|
||||
{...props}
|
||||
/>,
|
||||
);
|
||||
expect(screen.getByText(/Files not available/i)).toBeTruthy();
|
||||
}
|
||||
|
||||
it("renders the directory selector with correct aria-label", () => {
|
||||
const { container } = renderToolbar();
|
||||
const select = container.querySelector("select");
|
||||
expect(select?.getAttribute("aria-label")).toBe("File root directory");
|
||||
});
|
||||
|
||||
it("renders the runtime name in NotAvailablePanel", async () => {
|
||||
_mockGet.mockResolvedValueOnce(emptyFileList);
|
||||
render(
|
||||
<FilesTab
|
||||
workspaceId="ws-1"
|
||||
data={{ id: "ws-1", name: "Test", runtime: "external", status: "online", tier: 0, skills: [], created_at: "" }}
|
||||
/>,
|
||||
it("directory selector has all four options", () => {
|
||||
const { container } = renderToolbar();
|
||||
const select = container.querySelector("select") as HTMLSelectElement;
|
||||
const options = Array.from(select?.options ?? []);
|
||||
const values = options.map((o) => o.value);
|
||||
expect(values).toContain("/configs");
|
||||
expect(values).toContain("/home");
|
||||
expect(values).toContain("/workspace");
|
||||
expect(values).toContain("/plugins");
|
||||
});
|
||||
|
||||
it("calls setRoot when directory changes", () => {
|
||||
const setRoot = vi.fn();
|
||||
const { container } = renderToolbar({ setRoot });
|
||||
const select = container.querySelector("select") as HTMLSelectElement;
|
||||
select.value = "/home";
|
||||
select.dispatchEvent(new Event("change", { bubbles: true }));
|
||||
expect(setRoot).toHaveBeenCalledWith("/home");
|
||||
});
|
||||
|
||||
it("displays the file count", () => {
|
||||
const { container } = renderToolbar({ fileCount: 42 });
|
||||
expect(container.textContent).toContain("42 files");
|
||||
});
|
||||
|
||||
it("shows New + Upload + Clear buttons for /configs", () => {
|
||||
const { container } = renderToolbar({ root: "/configs" });
|
||||
const texts = Array.from(container.querySelectorAll("button")).map(
|
||||
(b) => b.textContent?.trim(),
|
||||
);
|
||||
expect(screen.getByText(/external/i)).toBeTruthy();
|
||||
expect(texts).toContain("+ New");
|
||||
expect(texts).toContain("Upload");
|
||||
expect(texts).toContain("Clear");
|
||||
expect(texts).toContain("Export");
|
||||
expect(texts).toContain("↻");
|
||||
});
|
||||
|
||||
it("does NOT call api.get when runtime is external", async () => {
|
||||
render(
|
||||
<FilesTab
|
||||
workspaceId="ws-1"
|
||||
data={{ id: "ws-1", name: "Test", runtime: "external", status: "online", tier: 0, skills: [], created_at: "" }}
|
||||
/>,
|
||||
it("hides New + Upload + Clear for /workspace", () => {
|
||||
const { container } = renderToolbar({ root: "/workspace" });
|
||||
const texts = Array.from(container.querySelectorAll("button")).map(
|
||||
(b) => b.textContent?.trim(),
|
||||
);
|
||||
expect(_mockGet).not.toHaveBeenCalled();
|
||||
expect(texts).not.toContain("+ New");
|
||||
expect(texts).not.toContain("Upload");
|
||||
expect(texts).not.toContain("Clear");
|
||||
expect(texts).toContain("Export");
|
||||
});
|
||||
});
|
||||
|
||||
// ─── Loading / Empty / Error states ────────────────────────────────────────
|
||||
|
||||
describe("FilesTab — states", () => {
|
||||
it("shows loading text while fetching files", () => {
|
||||
_mockGet.mockImplementation(
|
||||
() => new Promise<unknown>(() => {}) as unknown as Promise<unknown>,
|
||||
it("hides New + Upload + Clear for /home", () => {
|
||||
const { container } = renderToolbar({ root: "/home" });
|
||||
const texts = Array.from(container.querySelectorAll("button")).map(
|
||||
(b) => b.textContent?.trim(),
|
||||
);
|
||||
renderPlatformTab();
|
||||
expect(screen.getByText("Loading files...")).toBeTruthy();
|
||||
expect(texts).not.toContain("+ New");
|
||||
expect(texts).not.toContain("Upload");
|
||||
expect(texts).not.toContain("Clear");
|
||||
});
|
||||
|
||||
it("shows 'No config files yet' when root is /configs and no files", async () => {
|
||||
_mockGet.mockResolvedValueOnce(emptyFileList);
|
||||
renderPlatformTab();
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText(/No config files yet/i)).toBeTruthy();
|
||||
});
|
||||
it("hides New + Upload + Clear for /plugins", () => {
|
||||
const { container } = renderToolbar({ root: "/plugins" });
|
||||
const texts = Array.from(container.querySelectorAll("button")).map(
|
||||
(b) => b.textContent?.trim(),
|
||||
);
|
||||
expect(texts).not.toContain("+ New");
|
||||
expect(texts).not.toContain("Upload");
|
||||
expect(texts).not.toContain("Clear");
|
||||
});
|
||||
|
||||
it("fetches from the correct endpoint", async () => {
|
||||
_mockGet.mockResolvedValueOnce(emptyFileList);
|
||||
renderPlatformTab();
|
||||
await waitFor(() => {
|
||||
expect(_mockGet).toHaveBeenCalledWith(expect.stringContaining("/workspaces/ws-1/files"));
|
||||
});
|
||||
it("New button has correct aria-label", () => {
|
||||
const { container } = renderToolbar({ root: "/configs" });
|
||||
const newBtn = container.querySelector('button[aria-label="Create new file"]');
|
||||
expect(newBtn?.textContent?.trim()).toBe("+ New");
|
||||
});
|
||||
|
||||
it("shows file count from toolbar when files exist", async () => {
|
||||
_mockGet.mockResolvedValue([
|
||||
{ path: "configs/a.yaml", size: 10, dir: false },
|
||||
{ path: "configs/b.yaml", size: 20, dir: false },
|
||||
]);
|
||||
renderPlatformTab();
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText("2 files")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
// ─── FilesToolbar ──────────────────────────────────────────────────────────
|
||||
|
||||
describe("FilesTab — FilesToolbar", () => {
|
||||
it("shows Refresh button", async () => {
|
||||
_mockGet.mockResolvedValueOnce(emptyFileList);
|
||||
renderPlatformTab();
|
||||
await waitFor(() => {
|
||||
expect(screen.getByLabelText("Refresh file list")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("shows root directory selector", async () => {
|
||||
_mockGet.mockResolvedValueOnce(emptyFileList);
|
||||
renderPlatformTab();
|
||||
await waitFor(() => {
|
||||
expect(screen.getByRole("combobox")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("Refresh button triggers a reload", async () => {
|
||||
// Use persistent mock — loadFiles fires on mount AND on Refresh click.
|
||||
_mockGet.mockResolvedValue(emptyFileList);
|
||||
renderPlatformTab();
|
||||
await waitFor(() => screen.getByLabelText("Refresh file list"));
|
||||
const before = _mockGet.mock.calls.length;
|
||||
fireEvent.click(screen.getByLabelText("Refresh file list"));
|
||||
await waitFor(() => {
|
||||
expect(_mockGet.mock.calls.length).toBeGreaterThan(before);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
// ─── Upload guard ──────────────────────────────────────────────────────────
|
||||
|
||||
describe("FilesTab — upload guard", () => {
|
||||
it("no error alert on dragover when root is /configs (default)", async () => {
|
||||
_mockGet.mockResolvedValue(emptyFileList);
|
||||
renderPlatformTab();
|
||||
await waitFor(() => screen.getByText(/No config files yet/i));
|
||||
|
||||
// No alert should be present
|
||||
expect(screen.queryByRole("alert")).toBeNull();
|
||||
it("Export button has correct aria-label", () => {
|
||||
const { container } = renderToolbar();
|
||||
const exportBtn = container.querySelector('button[aria-label="Download all files"]');
|
||||
expect(exportBtn?.textContent?.trim()).toBe("Export");
|
||||
});
|
||||
|
||||
it("Clear button has correct aria-label", () => {
|
||||
const { container } = renderToolbar({ root: "/configs" });
|
||||
const clearBtn = container.querySelector('button[aria-label="Delete all files"]');
|
||||
expect(clearBtn?.textContent?.trim()).toBe("Clear");
|
||||
});
|
||||
|
||||
it("Refresh button has correct aria-label", () => {
|
||||
const { container } = renderToolbar();
|
||||
const refreshBtn = container.querySelector('button[aria-label="Refresh file list"]');
|
||||
expect(refreshBtn?.textContent?.trim()).toBe("↻");
|
||||
});
|
||||
|
||||
it("calls onNewFile when New button is clicked", () => {
|
||||
const onNewFile = vi.fn();
|
||||
const { container } = renderToolbar({ root: "/configs", onNewFile });
|
||||
container.querySelector('button[aria-label="Create new file"]')!.click();
|
||||
expect(onNewFile).toHaveBeenCalledTimes(1);
|
||||
});
|
||||
|
||||
it("calls onDownloadAll when Export button is clicked", () => {
|
||||
const onDownloadAll = vi.fn();
|
||||
const { container } = renderToolbar({ onDownloadAll });
|
||||
container.querySelector('button[aria-label="Download all files"]')!.click();
|
||||
expect(onDownloadAll).toHaveBeenCalledTimes(1);
|
||||
});
|
||||
|
||||
it("calls onClearAll when Clear button is clicked", () => {
|
||||
const onClearAll = vi.fn();
|
||||
const { container } = renderToolbar({ root: "/configs", onClearAll });
|
||||
container.querySelector('button[aria-label="Delete all files"]')!.click();
|
||||
expect(onClearAll).toHaveBeenCalledTimes(1);
|
||||
});
|
||||
|
||||
it("calls onRefresh when Refresh button is clicked", () => {
|
||||
const onRefresh = vi.fn();
|
||||
const { container } = renderToolbar({ onRefresh });
|
||||
container.querySelector('button[aria-label="Refresh file list"]')!.click();
|
||||
expect(onRefresh).toHaveBeenCalledTimes(1);
|
||||
});
|
||||
});
|
||||
|
||||
@@ -1,218 +0,0 @@
|
||||
// @vitest-environment jsdom
|
||||
/**
|
||||
* Tests for tree.ts — buildTree and getIcon pure functions.
|
||||
*/
|
||||
import { describe, expect, it } from "vitest";
|
||||
import type { FileEntry } from "../tree";
|
||||
import { buildTree, getIcon } from "../tree";
|
||||
|
||||
// ─── getIcon ─────────────────────────────────────────────────────────────────
|
||||
|
||||
describe("getIcon", () => {
|
||||
it("returns folder emoji for directories", () => {
|
||||
expect(getIcon("/configs", true)).toBe("📁");
|
||||
});
|
||||
|
||||
it("returns correct emoji for .md", () => {
|
||||
expect(getIcon("readme.md", false)).toBe("📄");
|
||||
});
|
||||
|
||||
it("returns correct emoji for .yaml", () => {
|
||||
expect(getIcon("config.yaml", false)).toBe("⚙");
|
||||
});
|
||||
|
||||
it("returns correct emoji for .yml", () => {
|
||||
expect(getIcon("config.yml", false)).toBe("⚙");
|
||||
});
|
||||
|
||||
it("returns correct emoji for .py", () => {
|
||||
expect(getIcon("script.py", false)).toBe("🐍");
|
||||
});
|
||||
|
||||
it("returns correct emoji for .ts", () => {
|
||||
expect(getIcon("index.ts", false)).toBe("💠");
|
||||
});
|
||||
|
||||
it("returns correct emoji for .tsx", () => {
|
||||
expect(getIcon("App.tsx", false)).toBe("💠");
|
||||
});
|
||||
|
||||
it("returns correct emoji for .js", () => {
|
||||
expect(getIcon("index.js", false)).toBe("📜");
|
||||
});
|
||||
|
||||
it("returns correct emoji for .json", () => {
|
||||
expect(getIcon("package.json", false)).toBe("{}");
|
||||
});
|
||||
|
||||
it("returns correct emoji for .html", () => {
|
||||
expect(getIcon("index.html", false)).toBe("🌐");
|
||||
});
|
||||
|
||||
it("returns correct emoji for .css", () => {
|
||||
expect(getIcon("style.css", false)).toBe("🎨");
|
||||
});
|
||||
|
||||
it("returns correct emoji for .sh", () => {
|
||||
expect(getIcon("deploy.sh", false)).toBe("▸");
|
||||
});
|
||||
|
||||
it("returns default file emoji for unknown extensions", () => {
|
||||
expect(getIcon("Makefile", false)).toBe("📄");
|
||||
expect(getIcon("Dockerfile", false)).toBe("📄");
|
||||
expect(getIcon("Rakefile", false)).toBe("📄");
|
||||
});
|
||||
|
||||
it("extension matching is case-insensitive", () => {
|
||||
expect(getIcon("readme.MD", false)).toBe("📄");
|
||||
expect(getIcon("script.PY", false)).toBe("🐍");
|
||||
});
|
||||
});
|
||||
|
||||
// ─── buildTree ───────────────────────────────────────────────────────────────
|
||||
|
||||
describe("buildTree", () => {
|
||||
it("returns empty array for empty input", () => {
|
||||
expect(buildTree([])).toEqual([]);
|
||||
});
|
||||
|
||||
it("adds a single file at root", () => {
|
||||
const files: FileEntry[] = [{ path: "config.yaml", size: 128, dir: false }];
|
||||
const tree = buildTree(files);
|
||||
expect(tree).toHaveLength(1);
|
||||
expect(tree[0]).toMatchObject({
|
||||
name: "config.yaml",
|
||||
path: "config.yaml",
|
||||
isDir: false,
|
||||
children: [],
|
||||
size: 128,
|
||||
});
|
||||
});
|
||||
|
||||
it("adds a single directory at root", () => {
|
||||
const files: FileEntry[] = [{ path: "skills", size: 0, dir: true }];
|
||||
const tree = buildTree(files);
|
||||
expect(tree).toHaveLength(1);
|
||||
expect(tree[0]).toMatchObject({
|
||||
name: "skills",
|
||||
path: "skills",
|
||||
isDir: true,
|
||||
children: [],
|
||||
size: 0,
|
||||
});
|
||||
});
|
||||
|
||||
it("sorts dirs before files at the same level", () => {
|
||||
const files: FileEntry[] = [
|
||||
{ path: "b.txt", size: 10, dir: false },
|
||||
{ path: "a.txt", size: 10, dir: false },
|
||||
{ path: "z-dir", size: 0, dir: true },
|
||||
{ path: "a-dir", size: 0, dir: true },
|
||||
];
|
||||
const tree = buildTree(files);
|
||||
expect(tree).toHaveLength(4);
|
||||
// Dirs first: z-dir, a-dir alphabetically → a before z
|
||||
expect(tree[0].name).toBe("a-dir");
|
||||
expect(tree[1].name).toBe("z-dir");
|
||||
// Then files alphabetically
|
||||
expect(tree[2].name).toBe("a.txt");
|
||||
expect(tree[3].name).toBe("b.txt");
|
||||
});
|
||||
|
||||
it("alphabetically sorts files within the same level", () => {
|
||||
const files: FileEntry[] = [
|
||||
{ path: "z.yaml", size: 10, dir: false },
|
||||
{ path: "a.yaml", size: 10, dir: false },
|
||||
{ path: "m.yaml", size: 10, dir: false },
|
||||
];
|
||||
const tree = buildTree(files);
|
||||
expect(tree.map((n) => n.name)).toEqual(["a.yaml", "m.yaml", "z.yaml"]);
|
||||
});
|
||||
|
||||
it("nests a file under its parent directory", () => {
|
||||
const files: FileEntry[] = [
|
||||
{ path: "skills", size: 0, dir: true },
|
||||
{ path: "skills/readme.md", size: 64, dir: false },
|
||||
];
|
||||
const tree = buildTree(files);
|
||||
expect(tree).toHaveLength(1);
|
||||
expect(tree[0].name).toBe("skills");
|
||||
expect(tree[0].children).toHaveLength(1);
|
||||
expect(tree[0].children[0]).toMatchObject({
|
||||
name: "readme.md",
|
||||
path: "skills/readme.md",
|
||||
isDir: false,
|
||||
size: 64,
|
||||
});
|
||||
});
|
||||
|
||||
it("creates intermediate directories automatically", () => {
|
||||
const files: FileEntry[] = [
|
||||
{ path: "a/b/c/deep.txt", size: 32, dir: false },
|
||||
];
|
||||
const tree = buildTree(files);
|
||||
// Root has one child: "a"
|
||||
expect(tree).toHaveLength(1);
|
||||
expect(tree[0].name).toBe("a");
|
||||
expect(tree[0].isDir).toBe(true);
|
||||
// "a" has one child: "b"
|
||||
expect(tree[0].children).toHaveLength(1);
|
||||
expect(tree[0].children[0].name).toBe("b");
|
||||
// "b" has one child: "c"
|
||||
expect(tree[0].children[0].children).toHaveLength(1);
|
||||
expect(tree[0].children[0].children[0].name).toBe("c");
|
||||
// "c" has the file
|
||||
expect(tree[0].children[0].children[0].children[0].name).toBe("deep.txt");
|
||||
expect(tree[0].children[0].children[0].children[0].size).toBe(32);
|
||||
});
|
||||
|
||||
it("adds multiple files to the same directory", () => {
|
||||
const files: FileEntry[] = [
|
||||
{ path: "configs", size: 0, dir: true },
|
||||
{ path: "configs/a.yaml", size: 10, dir: false },
|
||||
{ path: "configs/b.yaml", size: 20, dir: false },
|
||||
];
|
||||
const tree = buildTree(files);
|
||||
expect(tree).toHaveLength(1);
|
||||
expect(tree[0].children.map((n) => n.name).sort()).toEqual(["a.yaml", "b.yaml"]);
|
||||
});
|
||||
|
||||
it("does not duplicate a directory already created as intermediate", () => {
|
||||
const files: FileEntry[] = [
|
||||
{ path: "a/b.txt", size: 5, dir: false },
|
||||
{ path: "a", size: 0, dir: true },
|
||||
];
|
||||
const tree = buildTree(files);
|
||||
// "a" should appear only once
|
||||
expect(tree).toHaveLength(1);
|
||||
expect(tree[0].name).toBe("a");
|
||||
// The dir "a" should still contain "b.txt"
|
||||
expect(tree[0].children).toHaveLength(1);
|
||||
expect(tree[0].children[0].name).toBe("b.txt");
|
||||
});
|
||||
|
||||
it("intermediate dirs have size 0", () => {
|
||||
const files: FileEntry[] = [
|
||||
{ path: "a/b/c/file.txt", size: 1, dir: false },
|
||||
];
|
||||
const tree = buildTree(files);
|
||||
expect(tree[0].size).toBe(0);
|
||||
expect(tree[0].children[0].size).toBe(0);
|
||||
});
|
||||
|
||||
it("handles deeply nested mixed dirs and files", () => {
|
||||
const files: FileEntry[] = [
|
||||
{ path: "a", size: 0, dir: true },
|
||||
{ path: "a/b", size: 0, dir: true },
|
||||
{ path: "a/b/c", size: 0, dir: true },
|
||||
{ path: "a/b/c/d.txt", size: 1, dir: false },
|
||||
{ path: "a/b/e.txt", size: 2, dir: false },
|
||||
{ path: "a/f.txt", size: 3, dir: false },
|
||||
];
|
||||
const tree = buildTree(files);
|
||||
expect(tree).toHaveLength(1); // root: "a"
|
||||
expect(tree[0].children.map((n) => n.name).sort()).toEqual(["b", "f.txt"]);
|
||||
expect(tree[0].children.find((n) => n.name === "b")!.children.map((n) => n.name).sort())
|
||||
.toEqual(["c", "e.txt"]);
|
||||
});
|
||||
});
|
||||
@@ -28,8 +28,7 @@ const FILE_ICONS: Record<string, string> = {
|
||||
|
||||
export function getIcon(path: string, isDir: boolean): string {
|
||||
if (isDir) return "📁";
|
||||
const parts = path.split(".");
|
||||
const ext = parts.length > 1 ? "." + parts[parts.length - 1].toLowerCase() : "";
|
||||
const ext = "." + (path.split(".").pop() ?? "").toLowerCase();
|
||||
return FILE_ICONS[ext] || "📄";
|
||||
}
|
||||
|
||||
|
||||
@@ -1,271 +0,0 @@
|
||||
// @vitest-environment jsdom
|
||||
/**
|
||||
* Tests for ChannelsTab component.
|
||||
*
|
||||
* Covers: relativeTime pure function, SUPPORTS_DETECT_CHATS constant,
|
||||
* loading/empty/error states, channel list rendering (enabled/disabled),
|
||||
* auto-refresh interval, header + Connect button.
|
||||
*/
|
||||
import React from "react";
|
||||
import { render, screen, fireEvent, cleanup, waitFor } from "@testing-library/react";
|
||||
import { afterEach, describe, expect, it, vi } from "vitest";
|
||||
import { ChannelsTab } from "../ChannelsTab";
|
||||
|
||||
// Mock @/lib/api — hoisted so it's applied before the module loads.
|
||||
const _mockGet = vi.hoisted(() => vi.fn<() => Promise<unknown>>());
|
||||
vi.mock("@/lib/api", () => ({
|
||||
api: { get: _mockGet },
|
||||
}));
|
||||
|
||||
afterEach(() => {
|
||||
cleanup();
|
||||
_mockGet.mockReset();
|
||||
});
|
||||
|
||||
// ─── SUPPORTS_DETECT_CHATS ─────────────────────────────────────────────────
|
||||
|
||||
describe("ChannelsTab — SUPPORTS_DETECT_CHATS", () => {
|
||||
it("supports Detect Chats for telegram", async () => {
|
||||
// Telegram is the only platform that supports Detect Chats.
|
||||
// This is a smoke test: the tab must render without crashing.
|
||||
// NOTE: ChannelsTab calls Promise.allSettled([channels, adapters]) so
|
||||
// both must be mocked for the load() to complete and exit loading state.
|
||||
_mockGet.mockResolvedValueOnce([]);
|
||||
_mockGet.mockResolvedValueOnce([]);
|
||||
render(<ChannelsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText("Channels")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
// ─── States ───────────────────────────────────────────────────────────────
|
||||
|
||||
describe("ChannelsTab — states", () => {
|
||||
it("shows loading text initially", () => {
|
||||
_mockGet.mockImplementation(
|
||||
() => new Promise<unknown>(() => {}) as unknown as Promise<unknown>
|
||||
);
|
||||
render(<ChannelsTab workspaceId="ws-1" />);
|
||||
expect(screen.getByText("Loading channels...")).toBeTruthy();
|
||||
});
|
||||
|
||||
it("shows empty message when no channels", async () => {
|
||||
_mockGet.mockResolvedValueOnce([]);
|
||||
_mockGet.mockResolvedValueOnce([]);
|
||||
render(<ChannelsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText("No channels connected")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("shows error alert when channels fetch fails", async () => {
|
||||
// Channels fails; adapters succeeds. Both must be resolved/rejected
|
||||
// for Promise.allSettled to settle and setLoading(false).
|
||||
_mockGet.mockRejectedValueOnce(new Error("server error"));
|
||||
_mockGet.mockResolvedValueOnce([]);
|
||||
render(<ChannelsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
// The component renders a generic error message, not the raw error text.
|
||||
expect(screen.getByText(/Failed to load connected channels/i)).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("shows error alert when adapters fetch fails", async () => {
|
||||
_mockGet.mockResolvedValueOnce([]);
|
||||
_mockGet.mockRejectedValueOnce(new Error("adapters error"));
|
||||
render(<ChannelsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText(/Failed to load platforms/i)).toBeTruthy();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
// ─── Channel list ──────────────────────────────────────────────────────────
|
||||
|
||||
describe("ChannelsTab — channel list", () => {
|
||||
// ChannelsTab.load() calls Promise.allSettled([channels, adapters]).
|
||||
// Both must be mocked for load() to complete and exit loading state.
|
||||
const channelsPayload = (channels: object[]) => channels;
|
||||
const adaptersPayload: unknown[] = [];
|
||||
|
||||
it("renders one channel", async () => {
|
||||
_mockGet.mockResolvedValueOnce(channelsPayload([{
|
||||
id: "ch-1", workspace_id: "ws-1", channel_type: "telegram",
|
||||
config: { chat_id: "12345" }, enabled: true, allowed_users: [],
|
||||
message_count: 10, last_message_at: null, created_at: new Date().toISOString(),
|
||||
}]));
|
||||
_mockGet.mockResolvedValueOnce(adaptersPayload);
|
||||
render(<ChannelsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText("Telegram")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("renders multiple channels", async () => {
|
||||
_mockGet.mockResolvedValueOnce(channelsPayload([
|
||||
{ id: "ch-1", workspace_id: "ws-1", channel_type: "telegram",
|
||||
config: { chat_id: "1" }, enabled: true, allowed_users: [],
|
||||
message_count: 5, last_message_at: null, created_at: new Date().toISOString() },
|
||||
{ id: "ch-2", workspace_id: "ws-1", channel_type: "slack",
|
||||
config: { channel_id: "C0123" }, enabled: false, allowed_users: [],
|
||||
message_count: 0, last_message_at: null, created_at: new Date().toISOString() },
|
||||
]));
|
||||
_mockGet.mockResolvedValueOnce(adaptersPayload);
|
||||
render(<ChannelsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText("Telegram")).toBeTruthy();
|
||||
expect(screen.getByText("Slack")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("capitalises channel type", async () => {
|
||||
_mockGet.mockResolvedValueOnce(channelsPayload([{
|
||||
id: "ch-1", workspace_id: "ws-1", channel_type: "discord",
|
||||
config: {}, enabled: true, allowed_users: [],
|
||||
message_count: 0, last_message_at: null, created_at: new Date().toISOString(),
|
||||
}]));
|
||||
_mockGet.mockResolvedValueOnce(adaptersPayload);
|
||||
render(<ChannelsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText("Discord")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("shows 'On' toggle for enabled channel", async () => {
|
||||
_mockGet.mockResolvedValueOnce(channelsPayload([{
|
||||
id: "ch-1", workspace_id: "ws-1", channel_type: "telegram",
|
||||
config: {}, enabled: true, allowed_users: [],
|
||||
message_count: 1, last_message_at: null, created_at: new Date().toISOString(),
|
||||
}]));
|
||||
_mockGet.mockResolvedValueOnce(adaptersPayload);
|
||||
render(<ChannelsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
// Use exact string "On" (not regex) — "Connect" contains "on" and would
|
||||
// match /on/i, causing multiple-element errors.
|
||||
expect(screen.getByRole("button", { name: "On" })).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("shows 'Off' toggle for disabled channel", async () => {
|
||||
_mockGet.mockResolvedValueOnce(channelsPayload([{
|
||||
id: "ch-1", workspace_id: "ws-1", channel_type: "telegram",
|
||||
config: {}, enabled: false, allowed_users: [],
|
||||
message_count: 1, last_message_at: null, created_at: new Date().toISOString(),
|
||||
}]));
|
||||
_mockGet.mockResolvedValueOnce(adaptersPayload);
|
||||
render(<ChannelsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByRole("button", { name: "Off" })).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("shows message count", async () => {
|
||||
_mockGet.mockResolvedValueOnce(channelsPayload([{
|
||||
id: "ch-1", workspace_id: "ws-1", channel_type: "telegram",
|
||||
config: {}, enabled: true, allowed_users: [],
|
||||
message_count: 42, last_message_at: null, created_at: new Date().toISOString(),
|
||||
}]));
|
||||
_mockGet.mockResolvedValueOnce(adaptersPayload);
|
||||
render(<ChannelsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText("42 messages")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("shows 'Last: never' when last_message_at is null", async () => {
|
||||
_mockGet.mockResolvedValueOnce(channelsPayload([{
|
||||
id: "ch-1", workspace_id: "ws-1", channel_type: "telegram",
|
||||
config: {}, enabled: true, allowed_users: [],
|
||||
message_count: 0, last_message_at: null, created_at: new Date().toISOString(),
|
||||
}]));
|
||||
_mockGet.mockResolvedValueOnce(adaptersPayload);
|
||||
render(<ChannelsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText("Last: never")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("shows allowed user count when users are present", async () => {
|
||||
_mockGet.mockResolvedValueOnce(channelsPayload([{
|
||||
id: "ch-1", workspace_id: "ws-1", channel_type: "telegram",
|
||||
config: {}, enabled: true, allowed_users: ["alice", "bob"],
|
||||
message_count: 0, last_message_at: null, created_at: new Date().toISOString(),
|
||||
}]));
|
||||
_mockGet.mockResolvedValueOnce(adaptersPayload);
|
||||
render(<ChannelsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText("2 allowed user(s)")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("has a Test button for each channel", async () => {
|
||||
_mockGet.mockResolvedValueOnce(channelsPayload([{
|
||||
id: "ch-1", workspace_id: "ws-1", channel_type: "telegram",
|
||||
config: {}, enabled: true, allowed_users: [],
|
||||
message_count: 0, last_message_at: null, created_at: new Date().toISOString(),
|
||||
}]));
|
||||
_mockGet.mockResolvedValueOnce(adaptersPayload);
|
||||
render(<ChannelsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByRole("button", { name: /test/i })).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("has a Remove button for each channel", async () => {
|
||||
_mockGet.mockResolvedValueOnce(channelsPayload([{
|
||||
id: "ch-1", workspace_id: "ws-1", channel_type: "telegram",
|
||||
config: {}, enabled: true, allowed_users: [],
|
||||
message_count: 0, last_message_at: null, created_at: new Date().toISOString(),
|
||||
}]));
|
||||
_mockGet.mockResolvedValueOnce(adaptersPayload);
|
||||
render(<ChannelsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByRole("button", { name: /remove/i })).toBeTruthy();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
// ─── Header + Connect button ───────────────────────────────────────────────
|
||||
|
||||
describe("ChannelsTab — header", () => {
|
||||
it("renders the Channels heading", async () => {
|
||||
_mockGet.mockResolvedValue([]);
|
||||
render(<ChannelsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText("Channels")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("has a Connect button when channels exist", async () => {
|
||||
_mockGet.mockResolvedValue([
|
||||
{
|
||||
id: "ch-1", workspace_id: "ws-1", channel_type: "telegram",
|
||||
config: {}, enabled: true, allowed_users: [],
|
||||
message_count: 1, last_message_at: null, created_at: new Date().toISOString(),
|
||||
},
|
||||
]);
|
||||
render(<ChannelsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByRole("button", { name: /connect/i })).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("has a Cancel button when form is open", async () => {
|
||||
_mockGet.mockResolvedValue([
|
||||
{
|
||||
id: "ch-1", workspace_id: "ws-1", channel_type: "telegram",
|
||||
config: {}, enabled: true, allowed_users: [],
|
||||
message_count: 1, last_message_at: null, created_at: new Date().toISOString(),
|
||||
},
|
||||
]);
|
||||
render(<ChannelsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
const btn = screen.getByRole("button", { name: /connect/i });
|
||||
fireEvent.click(btn);
|
||||
});
|
||||
await waitFor(() => {
|
||||
expect(screen.getByRole("button", { name: /cancel/i })).toBeTruthy();
|
||||
});
|
||||
});
|
||||
});
|
||||
@@ -1,205 +0,0 @@
|
||||
// @vitest-environment jsdom
|
||||
/**
|
||||
* Tests for EventsTab component.
|
||||
*
|
||||
* Covers: formatTime pure function, EVENT_COLORS constant,
|
||||
* loading/error/empty states, event list rendering, expand/collapse,
|
||||
* refresh button, auto-refresh setup.
|
||||
*/
|
||||
import React from "react";
|
||||
import { render, screen, fireEvent, cleanup, waitFor } from "@testing-library/react";
|
||||
import { afterEach, describe, expect, it, vi } from "vitest";
|
||||
import { EventsTab } from "../EventsTab";
|
||||
|
||||
// Mock @/lib/api — hoisted so it's applied before the module loads.
|
||||
const _mockGet = vi.hoisted(() => vi.fn<() => Promise<unknown[]>>());
|
||||
vi.mock("@/lib/api", () => ({
|
||||
api: { get: _mockGet },
|
||||
}));
|
||||
|
||||
afterEach(() => {
|
||||
cleanup();
|
||||
vi.restoreAllMocks();
|
||||
});
|
||||
|
||||
// ─── formatTime tests (via rendered output) ────────────────────────────────────
|
||||
|
||||
describe("EventsTab — formatTime", () => {
|
||||
it("shows 'ago' for events less than a minute old", async () => {
|
||||
const now = new Date();
|
||||
const recent = new Date(now.getTime() - 30_000).toISOString();
|
||||
_mockGet.mockResolvedValueOnce([
|
||||
{ id: "e1", event_type: "WORKSPACE_ONLINE", workspace_id: null, payload: {}, created_at: recent },
|
||||
]);
|
||||
render(<EventsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText(/ago/)).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("shows 'm ago' for events less than an hour old", async () => {
|
||||
const now = new Date();
|
||||
const minsAgo = new Date(now.getTime() - 5 * 60_000).toISOString();
|
||||
_mockGet.mockResolvedValueOnce([
|
||||
{ id: "e1", event_type: "WORKSPACE_OFFLINE", workspace_id: null, payload: {}, created_at: minsAgo },
|
||||
]);
|
||||
render(<EventsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText(/m ago/)).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("shows 'h ago' for events less than a day old", async () => {
|
||||
const now = new Date();
|
||||
const hoursAgo = new Date(now.getTime() - 3 * 3_600_000).toISOString();
|
||||
_mockGet.mockResolvedValueOnce([
|
||||
{ id: "e1", event_type: "WORKSPACE_DEGRADED", workspace_id: null, payload: {}, created_at: hoursAgo },
|
||||
]);
|
||||
render(<EventsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText(/h ago/)).toBeTruthy();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
// ─── EVENT_COLORS rendering ───────────────────────────────────────────────────
|
||||
|
||||
describe("EventsTab — EVENT_COLORS", () => {
|
||||
it("renders all known event types without crashing", async () => {
|
||||
const eventTypes = [
|
||||
"WORKSPACE_ONLINE",
|
||||
"WORKSPACE_OFFLINE",
|
||||
"WORKSPACE_DEGRADED",
|
||||
"WORKSPACE_PROVISIONING",
|
||||
"WORKSPACE_REMOVED",
|
||||
"WORKSPACE_PROVISION_FAILED",
|
||||
"AGENT_CARD_UPDATED",
|
||||
];
|
||||
_mockGet.mockResolvedValueOnce(
|
||||
eventTypes.map((event_type, i) => ({
|
||||
id: `e-${i}`, event_type, workspace_id: null, payload: {}, created_at: new Date().toISOString(),
|
||||
})),
|
||||
);
|
||||
render(<EventsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
for (const et of eventTypes) {
|
||||
expect(screen.getByText(et)).toBeTruthy();
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
it("renders unknown event types without crashing", async () => {
|
||||
_mockGet.mockResolvedValueOnce([
|
||||
{ id: "e-unk", event_type: "UNKNOWN_EVENT_XYZ", workspace_id: null, payload: {}, created_at: new Date().toISOString() },
|
||||
]);
|
||||
render(<EventsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText("UNKNOWN_EVENT_XYZ")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
// ─── States ───────────────────────────────────────────────────────────────────
|
||||
|
||||
describe("EventsTab — states", () => {
|
||||
it("shows loading text initially", () => {
|
||||
_mockGet.mockImplementation(() => new Promise(() => {})); // never resolves
|
||||
render(<EventsTab workspaceId="ws-1" />);
|
||||
expect(screen.getByText("Loading events...")).toBeTruthy();
|
||||
});
|
||||
|
||||
it("shows empty message when no events returned", async () => {
|
||||
_mockGet.mockResolvedValueOnce([]);
|
||||
render(<EventsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText("No events yet")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("shows error alert when fetch fails", async () => {
|
||||
_mockGet.mockRejectedValueOnce(new Error("server error"));
|
||||
render(<EventsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText(/server error/i)).toBeTruthy();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
// ─── Event list ───────────────────────────────────────────────────────────────
|
||||
|
||||
describe("EventsTab — event list", () => {
|
||||
it("renders all returned events", async () => {
|
||||
_mockGet.mockResolvedValueOnce([
|
||||
{ id: "e1", event_type: "WORKSPACE_ONLINE", workspace_id: null, payload: { foo: 1 }, created_at: new Date().toISOString() },
|
||||
{ id: "e2", event_type: "WORKSPACE_OFFLINE", workspace_id: null, payload: { bar: 2 }, created_at: new Date().toISOString() },
|
||||
]);
|
||||
render(<EventsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getAllByText(/WORKSPACE_/).length).toBeGreaterThanOrEqual(2);
|
||||
});
|
||||
});
|
||||
|
||||
it("shows event count in header", async () => {
|
||||
_mockGet.mockResolvedValueOnce([
|
||||
{ id: "e1", event_type: "WORKSPACE_ONLINE", workspace_id: null, payload: {}, created_at: new Date().toISOString() },
|
||||
{ id: "e2", event_type: "WORKSPACE_OFFLINE", workspace_id: null, payload: {}, created_at: new Date().toISOString() },
|
||||
{ id: "e3", event_type: "WORKSPACE_DEGRADED", workspace_id: null, payload: {}, created_at: new Date().toISOString() },
|
||||
]);
|
||||
render(<EventsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText("3 events")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("expands payload panel on click", async () => {
|
||||
_mockGet.mockResolvedValueOnce([
|
||||
{ id: "e-expand", event_type: "WORKSPACE_ONLINE", workspace_id: null, payload: { key: "value" }, created_at: new Date().toISOString() },
|
||||
]);
|
||||
render(<EventsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => screen.getByText("WORKSPACE_ONLINE"));
|
||||
|
||||
fireEvent.click(screen.getByText("WORKSPACE_ONLINE"));
|
||||
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText(/"key":\s*"value"/)).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("collapses expanded panel on second click", async () => {
|
||||
_mockGet.mockResolvedValueOnce([
|
||||
{ id: "e-collapse", event_type: "WORKSPACE_DEGRADED", workspace_id: null, payload: { x: 1 }, created_at: new Date().toISOString() },
|
||||
]);
|
||||
render(<EventsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => screen.getByText("WORKSPACE_DEGRADED"));
|
||||
|
||||
fireEvent.click(screen.getByText("WORKSPACE_DEGRADED"));
|
||||
await waitFor(() => expect(screen.getByText(/"x":\s*1/)).toBeTruthy());
|
||||
|
||||
fireEvent.click(screen.getByText("WORKSPACE_DEGRADED"));
|
||||
await waitFor(() => {
|
||||
expect(screen.queryByText(/"x":\s*1/)).toBeNull();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
// ─── Refresh button ───────────────────────────────────────────────────────────
|
||||
|
||||
describe("EventsTab — refresh", () => {
|
||||
it("has a Refresh button", async () => {
|
||||
_mockGet.mockResolvedValueOnce([]);
|
||||
render(<EventsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {});
|
||||
expect(screen.getByRole("button", { name: /refresh/i })).toBeTruthy();
|
||||
});
|
||||
|
||||
it("Refresh button triggers a reload", async () => {
|
||||
_mockGet.mockResolvedValueOnce([]);
|
||||
render(<EventsTab workspaceId="ws-1" />);
|
||||
await waitFor(() => screen.getByRole("button", { name: /refresh/i }));
|
||||
|
||||
fireEvent.click(screen.getByRole("button", { name: /refresh/i }));
|
||||
|
||||
// Called at least twice: initial load + refresh click
|
||||
expect(_mockGet).toHaveBeenCalled();
|
||||
});
|
||||
});
|
||||
@@ -1,156 +0,0 @@
|
||||
// @vitest-environment jsdom
|
||||
/**
|
||||
* Tests for ScheduleTab component.
|
||||
*
|
||||
* Covers: cronToHuman pure function, relativeTime pure function,
|
||||
* loading/error/empty states, schedule list rendering.
|
||||
*/
|
||||
import React from "react";
|
||||
import { render, screen, fireEvent, cleanup, waitFor } from "@testing-library/react";
|
||||
import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
|
||||
import { ScheduleTab } from "../ScheduleTab";
|
||||
|
||||
const _mockGet = vi.hoisted(() => vi.fn<() => Promise<unknown[]>>());
|
||||
vi.mock("@/lib/api", () => ({
|
||||
api: { get: _mockGet },
|
||||
}));
|
||||
|
||||
afterEach(() => {
|
||||
cleanup();
|
||||
_mockGet.mockReset();
|
||||
});
|
||||
|
||||
// ─── cronToHuman tests ─────────────────────────────────────────────────────
|
||||
|
||||
describe("ScheduleTab — cronToHuman", () => {
|
||||
it('returns "Every minute" for "* * * * *"', async () => {
|
||||
_mockGet.mockResolvedValueOnce([
|
||||
{ id: "s1", workspace_id: "ws-1", name: "Test", cron_expr: "* * * * *",
|
||||
timezone: "UTC", prompt: "", enabled: true, last_run_at: null, next_run_at: null,
|
||||
run_count: 0, last_status: "ok", last_error: "", created_at: new Date().toISOString() },
|
||||
]);
|
||||
render(<ScheduleTab workspaceId="ws-1" />);
|
||||
expect(await screen.findByText("Every minute")).toBeTruthy();
|
||||
});
|
||||
|
||||
it("returns 'Every X minutes' for '*/X * * * *'", async () => {
|
||||
_mockGet.mockResolvedValueOnce([
|
||||
{ id: "s1", workspace_id: "ws-1", name: "Test", cron_expr: "*/15 * * * *",
|
||||
timezone: "UTC", prompt: "", enabled: true, last_run_at: null, next_run_at: null,
|
||||
run_count: 0, last_status: "ok", last_error: "", created_at: new Date().toISOString() },
|
||||
]);
|
||||
render(<ScheduleTab workspaceId="ws-1" />);
|
||||
expect(await screen.findByText("Every 15 minutes")).toBeTruthy();
|
||||
});
|
||||
|
||||
it("returns 'Every X hours' for '0 */X * * *'", async () => {
|
||||
_mockGet.mockResolvedValueOnce([
|
||||
{ id: "s1", workspace_id: "ws-1", name: "Test", cron_expr: "0 */3 * * *",
|
||||
timezone: "UTC", prompt: "", enabled: true, last_run_at: null, next_run_at: null,
|
||||
run_count: 0, last_status: "ok", last_error: "", created_at: new Date().toISOString() },
|
||||
]);
|
||||
render(<ScheduleTab workspaceId="ws-1" />);
|
||||
expect(await screen.findByText("Every 3 hours")).toBeTruthy();
|
||||
});
|
||||
|
||||
it("returns 'Daily at HH:MM UTC' for daily schedules", async () => {
|
||||
_mockGet.mockResolvedValueOnce([
|
||||
{ id: "s1", workspace_id: "ws-1", name: "Test", cron_expr: "30 14 * * *",
|
||||
timezone: "UTC", prompt: "", enabled: true, last_run_at: null, next_run_at: null,
|
||||
run_count: 0, last_status: "ok", last_error: "", created_at: new Date().toISOString() },
|
||||
]);
|
||||
render(<ScheduleTab workspaceId="ws-1" />);
|
||||
expect(await screen.findByText("Daily at 14:30 UTC")).toBeTruthy();
|
||||
});
|
||||
|
||||
it("returns 'Weekdays at HH:MM UTC' for weekday schedules", async () => {
|
||||
_mockGet.mockResolvedValueOnce([
|
||||
{ id: "s1", workspace_id: "ws-1", name: "Test", cron_expr: "0 9 * * 1-5",
|
||||
timezone: "UTC", prompt: "", enabled: true, last_run_at: null, next_run_at: null,
|
||||
run_count: 0, last_status: "ok", last_error: "", created_at: new Date().toISOString() },
|
||||
]);
|
||||
render(<ScheduleTab workspaceId="ws-1" />);
|
||||
expect(await screen.findByText("Weekdays at 09:00 UTC")).toBeTruthy();
|
||||
});
|
||||
|
||||
it("falls back to raw expression for unrecognised patterns", async () => {
|
||||
_mockGet.mockResolvedValueOnce([
|
||||
{ id: "s1", workspace_id: "ws-1", name: "Test", cron_expr: "0 0 1 * *",
|
||||
timezone: "UTC", prompt: "", enabled: true, last_run_at: null, next_run_at: null,
|
||||
run_count: 0, last_status: "ok", last_error: "", created_at: new Date().toISOString() },
|
||||
]);
|
||||
render(<ScheduleTab workspaceId="ws-1" />);
|
||||
expect(await screen.findByText("0 0 1 * *")).toBeTruthy();
|
||||
});
|
||||
|
||||
it("falls back to raw expression for malformed input", async () => {
|
||||
_mockGet.mockResolvedValueOnce([
|
||||
{ id: "s1", workspace_id: "ws-1", name: "Test", cron_expr: "not a cron",
|
||||
timezone: "UTC", prompt: "", enabled: true, last_run_at: null, next_run_at: null,
|
||||
run_count: 0, last_status: "ok", last_error: "", created_at: new Date().toISOString() },
|
||||
]);
|
||||
render(<ScheduleTab workspaceId="ws-1" />);
|
||||
expect(await screen.findByText("not a cron")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
// ─── relativeTime tests ─────────────────────────────────────────────────────
|
||||
|
||||
describe("ScheduleTab — relativeTime", () => {
|
||||
it('shows "Last: never" when last_run_at is null', async () => {
|
||||
// Use mockResolvedValue (persistent) instead of mockResolvedValueOnce because
|
||||
// ScheduleTab's 10 s auto-refresh interval fires and calls fetchSchedules
|
||||
// a second time, consuming a one-time mock and clearing the DOM.
|
||||
_mockGet.mockResolvedValue([
|
||||
{ id: "s1", workspace_id: "ws-1", name: "Test", cron_expr: "0 9 * * *",
|
||||
timezone: "UTC", prompt: "", enabled: true, last_run_at: null, next_run_at: null,
|
||||
run_count: 0, last_status: "ok", last_error: "", created_at: new Date().toISOString() },
|
||||
]);
|
||||
render(<ScheduleTab workspaceId="ws-1" />);
|
||||
// Use "Last: never" to match the exact label text in ScheduleTab.tsx:349.
|
||||
// findByText("never") would throw on the multiple-match ambiguity since
|
||||
// "never" also appears in the "Next: never" span.
|
||||
expect(await screen.findByText("Last: never")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
// ─── States ───────────────────────────────────────────────────────────────
|
||||
|
||||
describe("ScheduleTab — states", () => {
|
||||
it("shows empty message when no schedules", async () => {
|
||||
_mockGet.mockResolvedValueOnce([]);
|
||||
render(<ScheduleTab workspaceId="ws-1" />);
|
||||
expect(await screen.findByText("No schedules yet")).toBeTruthy();
|
||||
});
|
||||
// Note: ScheduleTab silently swallows fetch errors (no error state for
|
||||
// the initial load). Error state only exists for form-level actions
|
||||
// (save/delete/toggle) which require api.post/del/patch mocking.
|
||||
});
|
||||
|
||||
// ─── Schedule list ─────────────────────────────────────────────────────────
|
||||
|
||||
describe("ScheduleTab — list", () => {
|
||||
it("renders schedule name", async () => {
|
||||
_mockGet.mockResolvedValueOnce([
|
||||
{ id: "s1", workspace_id: "ws-1", name: "Nightly Run", cron_expr: "0 2 * * *",
|
||||
timezone: "UTC", prompt: "", enabled: true, last_run_at: null, next_run_at: null,
|
||||
run_count: 0, last_status: "ok", last_error: "", created_at: new Date().toISOString() },
|
||||
]);
|
||||
render(<ScheduleTab workspaceId="ws-1" />);
|
||||
expect(await screen.findByText("Nightly Run")).toBeTruthy();
|
||||
});
|
||||
|
||||
it("renders multiple schedules", async () => {
|
||||
_mockGet.mockResolvedValueOnce([
|
||||
{ id: "s1", workspace_id: "ws-1", name: "Schedule A", cron_expr: "0 9 * * *",
|
||||
timezone: "UTC", prompt: "", enabled: true, last_run_at: null, next_run_at: null,
|
||||
run_count: 0, last_status: "ok", last_error: "", created_at: new Date().toISOString() },
|
||||
{ id: "s2", workspace_id: "ws-1", name: "Schedule B", cron_expr: "*/15 * * * *",
|
||||
timezone: "UTC", prompt: "", enabled: false, last_run_at: null, next_run_at: null,
|
||||
run_count: 0, last_status: "ok", last_error: "", created_at: new Date().toISOString() },
|
||||
]);
|
||||
render(<ScheduleTab workspaceId="ws-1" />);
|
||||
expect(await screen.findByText("Schedule A")).toBeTruthy();
|
||||
expect(await screen.findByText("Schedule B")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
@@ -1,292 +0,0 @@
|
||||
// @vitest-environment jsdom
|
||||
/**
|
||||
* Tests for TracesTab component.
|
||||
*
|
||||
* Covers: loading/empty/error states, trace list rendering, expand/collapse,
|
||||
* status dot coloring, latency formatting, token usage display, Refresh button.
|
||||
*/
|
||||
import React from "react";
|
||||
import { render, screen, fireEvent, cleanup, waitFor } from "@testing-library/react";
|
||||
import { afterEach, describe, expect, it, vi } from "vitest";
|
||||
import { TracesTab } from "../TracesTab";
|
||||
|
||||
const _mockGet = vi.hoisted(() => vi.fn<() => Promise<unknown>>());
|
||||
vi.mock("@/lib/api", () => ({
|
||||
api: { get: _mockGet },
|
||||
}));
|
||||
|
||||
afterEach(() => {
|
||||
cleanup();
|
||||
_mockGet.mockReset();
|
||||
});
|
||||
|
||||
// ─── States ───────────────────────────────────────────────────────────────
|
||||
|
||||
describe("TracesTab — states", () => {
|
||||
it("shows loading text initially", () => {
|
||||
_mockGet.mockImplementation(
|
||||
() => new Promise<unknown>(() => {}) as unknown as Promise<unknown>
|
||||
);
|
||||
render(<TracesTab workspaceId="ws-1" />);
|
||||
expect(screen.getByText("Loading traces...")).toBeTruthy();
|
||||
});
|
||||
|
||||
it("shows empty message when no traces", async () => {
|
||||
_mockGet.mockResolvedValueOnce({ data: [] });
|
||||
render(<TracesTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText("No traces yet")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("shows empty message when API returns null data", async () => {
|
||||
_mockGet.mockResolvedValueOnce({ data: null });
|
||||
render(<TracesTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText("No traces yet")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("shows error alert when fetch fails", async () => {
|
||||
_mockGet.mockRejectedValueOnce(new Error("trace service unavailable"));
|
||||
render(<TracesTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText(/trace service unavailable/i)).toBeTruthy();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
// ─── Trace list ──────────────────────────────────────────────────────────
|
||||
|
||||
describe("TracesTab — trace list", () => {
|
||||
it("renders one trace", async () => {
|
||||
_mockGet.mockResolvedValueOnce({
|
||||
data: [{
|
||||
id: "t-1",
|
||||
name: "deploy-agent",
|
||||
timestamp: new Date().toISOString(),
|
||||
status: "ok",
|
||||
}],
|
||||
});
|
||||
render(<TracesTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText("deploy-agent")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("renders trace name as fallback to 'trace'", async () => {
|
||||
_mockGet.mockResolvedValueOnce({
|
||||
data: [{
|
||||
id: "t-1",
|
||||
name: "",
|
||||
timestamp: new Date().toISOString(),
|
||||
}],
|
||||
});
|
||||
render(<TracesTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText("trace")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("shows trace count in header", async () => {
|
||||
_mockGet.mockResolvedValueOnce({
|
||||
data: [
|
||||
{ id: "t-1", name: "A", timestamp: new Date().toISOString() },
|
||||
{ id: "t-2", name: "B", timestamp: new Date().toISOString() },
|
||||
{ id: "t-3", name: "C", timestamp: new Date().toISOString() },
|
||||
],
|
||||
});
|
||||
render(<TracesTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText("3 traces")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("shows latency in milliseconds for values < 1000", async () => {
|
||||
_mockGet.mockResolvedValueOnce({
|
||||
data: [{
|
||||
id: "t-1",
|
||||
name: "Fast trace",
|
||||
timestamp: new Date().toISOString(),
|
||||
latency: 250,
|
||||
}],
|
||||
});
|
||||
render(<TracesTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText("250ms")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("shows latency in seconds for values >= 1000", async () => {
|
||||
_mockGet.mockResolvedValueOnce({
|
||||
data: [{
|
||||
id: "t-1",
|
||||
name: "Slow trace",
|
||||
timestamp: new Date().toISOString(),
|
||||
latency: 3500,
|
||||
}],
|
||||
});
|
||||
render(<TracesTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText("3.5s")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("shows token usage when present", async () => {
|
||||
_mockGet.mockResolvedValueOnce({
|
||||
data: [{
|
||||
id: "t-1",
|
||||
name: "AI trace",
|
||||
timestamp: new Date().toISOString(),
|
||||
usage: { input: 100, output: 200, total: 300 },
|
||||
}],
|
||||
});
|
||||
render(<TracesTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText("300 tok")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("does not show latency when latency is absent", async () => {
|
||||
_mockGet.mockResolvedValueOnce({
|
||||
data: [{
|
||||
id: "t-1",
|
||||
name: "Trace",
|
||||
timestamp: new Date().toISOString(),
|
||||
}],
|
||||
});
|
||||
render(<TracesTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText("Trace")).toBeTruthy();
|
||||
// Should have no "ms" or "s" latency text
|
||||
expect(screen.queryByText(/\d+ms/)).toBeNull();
|
||||
expect(screen.queryByText(/\d+\.\d+s/)).toBeNull();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
// ─── Expand / Collapse ───────────────────────────────────────────────────
|
||||
|
||||
describe("TracesTab — expand/collapse", () => {
|
||||
it("expands a trace row on click", async () => {
|
||||
_mockGet.mockResolvedValueOnce({
|
||||
data: [{
|
||||
id: "t-expand",
|
||||
name: "Expandable",
|
||||
timestamp: new Date().toISOString(),
|
||||
input: { prompt: "hello" },
|
||||
output: { result: "world" },
|
||||
totalCost: 0.000123,
|
||||
}],
|
||||
});
|
||||
render(<TracesTab workspaceId="ws-1" />);
|
||||
await waitFor(() => screen.getByText("Expandable"));
|
||||
|
||||
fireEvent.click(screen.getByText("Expandable"));
|
||||
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText("Input")).toBeTruthy();
|
||||
expect(screen.getByText("Output")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("shows trace ID in expanded panel", async () => {
|
||||
_mockGet.mockResolvedValueOnce({
|
||||
data: [{
|
||||
id: "trace-id-abc123",
|
||||
name: "Trace",
|
||||
timestamp: new Date().toISOString(),
|
||||
}],
|
||||
});
|
||||
render(<TracesTab workspaceId="ws-1" />);
|
||||
await waitFor(() => screen.getByText("Trace"));
|
||||
|
||||
fireEvent.click(screen.getByText("Trace"));
|
||||
|
||||
await waitFor(() => {
|
||||
expect(screen.getByText("trace-id-abc123")).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("shows cost when totalCost is present", async () => {
|
||||
_mockGet.mockResolvedValueOnce({
|
||||
data: [{
|
||||
id: "t-cost",
|
||||
name: "Costly trace",
|
||||
timestamp: new Date().toISOString(),
|
||||
totalCost: 0.000456,
|
||||
}],
|
||||
});
|
||||
render(<TracesTab workspaceId="ws-1" />);
|
||||
await waitFor(() => screen.getByText("Costly trace"));
|
||||
|
||||
fireEvent.click(screen.getByText("Costly trace"));
|
||||
|
||||
await waitFor(() => {
|
||||
// Use regex — toFixed(6) is locale-sensitive (may render as "0,000456").
|
||||
expect(screen.getByText(/\$0\.000456/)).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
it("collapses expanded row on second click", async () => {
|
||||
_mockGet.mockResolvedValueOnce({
|
||||
data: [{
|
||||
id: "t-collapse",
|
||||
name: "Collapsible",
|
||||
timestamp: new Date().toISOString(),
|
||||
input: { key: "value" },
|
||||
}],
|
||||
});
|
||||
render(<TracesTab workspaceId="ws-1" />);
|
||||
await waitFor(() => screen.getByText("Collapsible"));
|
||||
|
||||
fireEvent.click(screen.getByText("Collapsible"));
|
||||
await waitFor(() => expect(screen.getByText("Input")).toBeTruthy());
|
||||
|
||||
fireEvent.click(screen.getByText("Collapsible"));
|
||||
await waitFor(() => {
|
||||
expect(screen.queryByText("Input")).toBeNull();
|
||||
});
|
||||
});
|
||||
|
||||
it("has aria-expanded attribute on trace row", async () => {
|
||||
_mockGet.mockResolvedValueOnce({
|
||||
data: [{
|
||||
id: "t-a11y",
|
||||
name: "A11y trace",
|
||||
timestamp: new Date().toISOString(),
|
||||
}],
|
||||
});
|
||||
render(<TracesTab workspaceId="ws-1" />);
|
||||
await waitFor(() => screen.getByText("A11y trace"));
|
||||
|
||||
const row = screen.getByText("A11y trace").closest("button");
|
||||
expect(row?.getAttribute("aria-expanded")).toBe("false");
|
||||
|
||||
fireEvent.click(row!);
|
||||
await waitFor(() => {
|
||||
expect(row?.getAttribute("aria-expanded")).toBe("true");
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
// ─── Refresh button ───────────────────────────────────────────────────────
|
||||
|
||||
describe("TracesTab — refresh", () => {
|
||||
it("has a Refresh button", async () => {
|
||||
_mockGet.mockResolvedValueOnce({ data: [] });
|
||||
render(<TracesTab workspaceId="ws-1" />);
|
||||
await waitFor(() => {});
|
||||
expect(screen.getByRole("button", { name: /refresh/i })).toBeTruthy();
|
||||
});
|
||||
|
||||
it("Refresh button triggers a reload", async () => {
|
||||
_mockGet.mockResolvedValueOnce({ data: [] });
|
||||
render(<TracesTab workspaceId="ws-1" />);
|
||||
await waitFor(() => screen.getByRole("button", { name: /refresh/i }));
|
||||
|
||||
fireEvent.click(screen.getByRole("button", { name: /refresh/i }));
|
||||
|
||||
expect(_mockGet).toHaveBeenCalled();
|
||||
});
|
||||
});
|
||||
@@ -248,81 +248,6 @@ describe("extractResponseText", () => {
|
||||
});
|
||||
});
|
||||
|
||||
describe("extractAgentText", () => {
|
||||
it("extracts from parts", () => {
|
||||
const task = {
|
||||
parts: [{ kind: "text", text: "Hello from agent" }],
|
||||
};
|
||||
expect(extractAgentText(task as Record<string, unknown>)).toBe("Hello from agent");
|
||||
});
|
||||
|
||||
it("extracts from artifacts[0].parts", () => {
|
||||
const task = {
|
||||
artifacts: [
|
||||
{ parts: [{ kind: "text", text: "Artifact text" }] },
|
||||
],
|
||||
};
|
||||
expect(extractAgentText(task as Record<string, unknown>)).toBe("Artifact text");
|
||||
});
|
||||
|
||||
it("extracts from status.message.parts", () => {
|
||||
const task = {
|
||||
status: {
|
||||
message: { parts: [{ kind: "text", text: "Status text" }] },
|
||||
},
|
||||
};
|
||||
expect(extractAgentText(task as Record<string, unknown>)).toBe("Status text");
|
||||
});
|
||||
|
||||
it("prefers parts over artifacts", () => {
|
||||
const task = {
|
||||
parts: [{ kind: "text", text: "parts wins" }],
|
||||
artifacts: [{ parts: [{ kind: "text", text: "artifacts lost" }] }],
|
||||
};
|
||||
expect(extractAgentText(task as Record<string, unknown>)).toBe("parts wins");
|
||||
});
|
||||
|
||||
it("prefers artifacts[0] over status.message", () => {
|
||||
const task = {
|
||||
status: { message: { parts: [{ kind: "text", text: "status lost" }] } },
|
||||
artifacts: [{ parts: [{ kind: "text", text: "artifacts wins" }] }],
|
||||
};
|
||||
expect(extractAgentText(task as Record<string, unknown>)).toBe("artifacts wins");
|
||||
});
|
||||
|
||||
it("falls back to string task", () => {
|
||||
expect(extractAgentText("raw string task" as unknown as Record<string, unknown>)).toBe("raw string task");
|
||||
});
|
||||
|
||||
// FIXED BUG: when all three sources return nothing (no text parts), extractAgentText
|
||||
// now returns "" instead of the error message. An empty task should render as a
|
||||
// blank bubble, not an error indicator.
|
||||
it("returns empty string when parts is empty array", () => {
|
||||
const task = { parts: [] };
|
||||
expect(extractAgentText(task as Record<string, unknown>)).toBe("");
|
||||
});
|
||||
|
||||
it("returns empty string when artifacts is empty array", () => {
|
||||
const task = { artifacts: [] };
|
||||
expect(extractAgentText(task as Record<string, unknown>)).toBe("");
|
||||
});
|
||||
|
||||
it("returns empty string when status.message.parts is empty", () => {
|
||||
const task = { status: { message: { parts: [] } } };
|
||||
expect(extractAgentText(task as Record<string, unknown>)).toBe("");
|
||||
});
|
||||
|
||||
it("tolerates null/undefined status.message without throwing", () => {
|
||||
const task = { status: null };
|
||||
expect(extractAgentText(task as Record<string, unknown>)).toBe("");
|
||||
});
|
||||
|
||||
it("tolerates undefined artifacts without throwing", () => {
|
||||
const task = {};
|
||||
expect(extractAgentText(task as Record<string, unknown>)).toBe("");
|
||||
});
|
||||
});
|
||||
|
||||
describe("extractTextsFromParts", () => {
|
||||
it("extracts text parts with kind=text", () => {
|
||||
const parts = [
|
||||
|
||||
@@ -1,14 +1,5 @@
|
||||
// @vitest-environment jsdom
|
||||
/**
|
||||
* Tests for uploads.ts — uploadChatFiles and downloadChatFile.
|
||||
*
|
||||
* Covers: empty-file guard, successful upload, error-throw on non-ok,
|
||||
* external-URL window.open bypass, platform-attachment fetch+blob download,
|
||||
* error-throw on non-ok download, URL.createObjectURL lifecycle.
|
||||
*/
|
||||
import { describe, it, expect, beforeEach, afterEach, vi } from "vitest";
|
||||
import { isPlatformAttachment, resolveAttachmentHref, uploadChatFiles, downloadChatFile } from "../uploads";
|
||||
import type { ChatAttachment } from "../types";
|
||||
import { describe, it, expect } from "vitest";
|
||||
import { isPlatformAttachment, resolveAttachmentHref } from "../uploads";
|
||||
|
||||
describe("resolveAttachmentHref — URI scheme normalisation", () => {
|
||||
const wsId = "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee";
|
||||
@@ -173,135 +164,3 @@ describe("isPlatformAttachment", () => {
|
||||
expect(isPlatformAttachment("ftp://server/file")).toBe(false);
|
||||
});
|
||||
});
|
||||
|
||||
// ─── uploadChatFiles ────────────────────────────────────────────────────────
|
||||
|
||||
describe("uploadChatFiles", () => {
|
||||
const wsId = "test-ws-id";
|
||||
|
||||
// Suppress console.error from AbortSignal.timeout in node environment
|
||||
// where native AbortController may not be fully stubbed.
|
||||
let consoleErrorSpy: ReturnType<typeof vi.spyOn>;
|
||||
let fetchMock: ReturnType<typeof vi.spyOn>;
|
||||
|
||||
beforeEach(() => {
|
||||
consoleErrorSpy = vi.spyOn(console, "error").mockReturnValue();
|
||||
fetchMock = vi.spyOn(globalThis, "fetch");
|
||||
});
|
||||
|
||||
afterEach(() => {
|
||||
consoleErrorSpy.mockRestore();
|
||||
fetchMock?.mockRestore();
|
||||
});
|
||||
|
||||
it("returns an empty array when given no files", async () => {
|
||||
const result = await uploadChatFiles(wsId, []);
|
||||
expect(result).toEqual([]);
|
||||
// fetch should NOT be called at all
|
||||
});
|
||||
|
||||
it("returns ChatAttachment[] on successful upload", async () => {
|
||||
const mockFiles: ChatAttachment[] = [
|
||||
{ name: "report.pdf", uri: "workspace:/workspace/report.pdf", size: 1024, mimeType: "application/pdf" },
|
||||
{ name: "data.csv", uri: "workspace:/workspace/data.csv", size: 512, mimeType: "text/csv" },
|
||||
];
|
||||
fetchMock.mockResolvedValueOnce(
|
||||
new Response(JSON.stringify({ files: mockFiles }), {
|
||||
status: 200,
|
||||
headers: { "Content-Type": "application/json" },
|
||||
})
|
||||
);
|
||||
|
||||
// Pass two files so the test validates the complete response round-trip
|
||||
// (the mock returns two ChatAttachment objects).
|
||||
const file1 = new File(["content1"], "report.pdf", { type: "application/pdf" });
|
||||
const file2 = new File(["content2"], "data.csv", { type: "text/csv" });
|
||||
const result = await uploadChatFiles(wsId, [file1, file2]);
|
||||
|
||||
expect(result).toHaveLength(2);
|
||||
expect(result[0].name).toBe("report.pdf");
|
||||
expect(result[1].name).toBe("data.csv");
|
||||
expect(fetchMock).toHaveBeenCalledTimes(1);
|
||||
const [url, opts] = fetchMock.mock.calls[0]!;
|
||||
expect(url).toContain(`/workspaces/${wsId}/chat/uploads`);
|
||||
// FormData stores files in order; each appended field is independent.
|
||||
const formFile = (opts.body as FormData).get("files") as File;
|
||||
expect(formFile.name).toBe("report.pdf");
|
||||
expect(formFile.type).toBe("application/pdf");
|
||||
});
|
||||
|
||||
it("throws Error with status text on non-ok response", async () => {
|
||||
fetchMock.mockResolvedValueOnce(
|
||||
new Response("Internal Server Error", { status: 500 })
|
||||
);
|
||||
|
||||
const file = new File(["content"], "fail.pdf", { type: "application/pdf" });
|
||||
await expect(uploadChatFiles(wsId, [file])).rejects.toThrow("upload failed: 500 Internal Server Error");
|
||||
});
|
||||
});
|
||||
|
||||
// ─── downloadChatFile ────────────────────────────────────────────────────────
|
||||
|
||||
describe("downloadChatFile", () => {
|
||||
const wsId = "test-ws-id";
|
||||
const makeAttachment = (uri: string): ChatAttachment => ({
|
||||
name: "report.pdf",
|
||||
uri,
|
||||
size: 1024,
|
||||
mimeType: "application/pdf",
|
||||
});
|
||||
|
||||
let consoleErrorSpy: ReturnType<typeof vi.spyOn>;
|
||||
|
||||
beforeEach(() => {
|
||||
consoleErrorSpy = vi.spyOn(console, "error").mockReturnValue();
|
||||
});
|
||||
|
||||
afterEach(() => {
|
||||
consoleErrorSpy.mockRestore();
|
||||
});
|
||||
|
||||
it("opens external HTTPS URLs in a new tab (no fetch involved)", async () => {
|
||||
const openSpy = vi.spyOn(window, "open").mockReturnValue(null);
|
||||
const fetchSpy = vi.spyOn(globalThis, "fetch");
|
||||
|
||||
await downloadChatFile(wsId, makeAttachment("https://cdn.example.com/file.pdf"));
|
||||
|
||||
expect(openSpy).toHaveBeenCalledOnce();
|
||||
expect(openSpy).toHaveBeenCalledWith("https://cdn.example.com/file.pdf", "_blank", "noopener,noreferrer");
|
||||
expect(fetchSpy).not.toHaveBeenCalled();
|
||||
openSpy.mockRestore();
|
||||
});
|
||||
|
||||
it("fetches and triggers blob download for platform attachments", async () => {
|
||||
const blobResult = new Blob(["hello world"], { type: "application/pdf" });
|
||||
const mockResponse = {
|
||||
ok: true,
|
||||
status: 200,
|
||||
blob: () => Promise.resolve(blobResult),
|
||||
} as unknown as Response;
|
||||
const fetchMock = vi.spyOn(globalThis, "fetch").mockResolvedValueOnce(mockResponse);
|
||||
const openSpy = vi.spyOn(window, "open").mockReturnValue(null);
|
||||
|
||||
await downloadChatFile(wsId, makeAttachment("workspace:/workspace/report.pdf"));
|
||||
|
||||
expect(fetchMock).toHaveBeenCalledTimes(1);
|
||||
expect(fetchMock.mock.calls[0]![0]).toContain(`/workspaces/${wsId}/chat/download`);
|
||||
expect(openSpy).not.toHaveBeenCalled(); // blob path, not window.open
|
||||
|
||||
fetchMock.mockRestore();
|
||||
openSpy.mockRestore();
|
||||
});
|
||||
|
||||
it("throws Error on non-ok download response", async () => {
|
||||
const fetchMock = vi.spyOn(globalThis, "fetch").mockResolvedValueOnce(
|
||||
new Response("Not Found", { status: 404 })
|
||||
);
|
||||
|
||||
await expect(
|
||||
downloadChatFile(wsId, makeAttachment("workspace:/workspace/missing.pdf"))
|
||||
).rejects.toThrow("download failed: 404");
|
||||
|
||||
fetchMock.mockRestore();
|
||||
});
|
||||
});
|
||||
|
||||
@@ -1,8 +1,5 @@
|
||||
export function extractAgentText(task: Record<string, unknown>): string {
|
||||
try {
|
||||
// Check direct string first — some callers pass the raw response body.
|
||||
if (typeof task === "string") return task;
|
||||
|
||||
const directTexts = extractTextsFromParts(task.parts);
|
||||
if (directTexts) return directTexts;
|
||||
|
||||
@@ -19,14 +16,8 @@ export function extractAgentText(task: Record<string, unknown>): string {
|
||||
if (texts) return texts;
|
||||
}
|
||||
|
||||
// No text found in any source. Return "" so callers render a blank
|
||||
// bubble rather than an error chip. This handles:
|
||||
// - parts: [] (empty array, no text parts)
|
||||
// - artifacts: [] (no artifacts at all)
|
||||
// - status: {} (status present but no message)
|
||||
// - status.message=null (null guard)
|
||||
// - {} (entirely empty task)
|
||||
return "";
|
||||
if (typeof task === "string") return task;
|
||||
return "(Could not extract response text)";
|
||||
} catch {
|
||||
return "(Failed to parse response)";
|
||||
}
|
||||
|
||||
@@ -26,16 +26,13 @@ export function createMessage(
|
||||
content: string,
|
||||
attachments?: ChatAttachment[],
|
||||
): ChatMessage {
|
||||
const base = {
|
||||
return {
|
||||
id: crypto.randomUUID(),
|
||||
role,
|
||||
content,
|
||||
...(attachments && attachments.length > 0 ? { attachments } : {}),
|
||||
timestamp: new Date().toISOString(),
|
||||
};
|
||||
if (attachments && attachments.length > 0) {
|
||||
return Object.freeze({ ...base, attachments });
|
||||
}
|
||||
return Object.freeze(base);
|
||||
}
|
||||
|
||||
// appendMessageDeduped adds a ChatMessage to `prev` unless the tail
|
||||
|
||||
@@ -76,7 +76,6 @@ func TestBuildBundleConfigFiles_Skills(t *testing.T) {
|
||||
},
|
||||
},
|
||||
}
|
||||
files := buildBundleConfigFiles(b)
|
||||
// 2 skills × 1 file each = 2 files
|
||||
if n := len(files); n != 2 {
|
||||
t.Fatalf("skills: want 2 files, got %d", n)
|
||||
|
||||
@@ -158,151 +158,6 @@ func TestNilIfEmpty_Contract(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
// ──────────────────────────────────────────────────────────────────────────────
|
||||
// parseUsageFromA2AResponse
|
||||
// ──────────────────────────────────────────────────────────────────────────────
|
||||
|
||||
func TestParseUsageFromA2AResponse_EmptyAndMalformed(t *testing.T) {
|
||||
cases := []struct {
|
||||
name string
|
||||
body []byte
|
||||
}{
|
||||
{"nil", nil},
|
||||
{"empty", []byte{}},
|
||||
{"non-JSON", []byte("not json")},
|
||||
{"empty object", []byte("{}")},
|
||||
{"null result", []byte(`{"result": null}`)},
|
||||
{"string result", []byte(`{"result": "hello"}`)},
|
||||
}
|
||||
for _, tc := range cases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
in, out := parseUsageFromA2AResponse(tc.body)
|
||||
if in != 0 || out != 0 {
|
||||
t.Errorf("parseUsageFromA2AResponse = (%d, %d), want (0, 0)", in, out)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestParseUsageFromA2AResponse_ResultUsageShape(t *testing.T) {
|
||||
body := []byte(`{
|
||||
"result": {
|
||||
"usage": {"input_tokens": 1500, "output_tokens": 320}
|
||||
}
|
||||
}`)
|
||||
in, out := parseUsageFromA2AResponse(body)
|
||||
if in != 1500 || out != 320 {
|
||||
t.Errorf("parseUsageFromA2AResponse = (%d, %d), want (1500, 320)", in, out)
|
||||
}
|
||||
}
|
||||
|
||||
func TestParseUsageFromA2AResponse_TopLevelUsage(t *testing.T) {
|
||||
body := []byte(`{
|
||||
"usage": {"input_tokens": 100, "output_tokens": 50}
|
||||
}`)
|
||||
in, out := parseUsageFromA2AResponse(body)
|
||||
if in != 100 || out != 50 {
|
||||
t.Errorf("parseUsageFromA2AResponse = (%d, %d), want (100, 50)", in, out)
|
||||
}
|
||||
}
|
||||
|
||||
func TestParseUsageFromA2AResponse_BothPresentPrefersResult(t *testing.T) {
|
||||
// When both result.usage and top-level usage exist, result.usage wins.
|
||||
body := []byte(`{
|
||||
"result": {"usage": {"input_tokens": 500, "output_tokens": 200}},
|
||||
"usage": {"input_tokens": 50, "output_tokens": 20}
|
||||
}`)
|
||||
in, out := parseUsageFromA2AResponse(body)
|
||||
if in != 500 || out != 200 {
|
||||
t.Errorf("parseUsageFromA2AResponse = (%d, %d), want (500, 200) from result.usage", in, out)
|
||||
}
|
||||
}
|
||||
|
||||
func TestParseUsageFromA2AResponse_ZeroUsage(t *testing.T) {
|
||||
// Zero values are treated as absent (readUsageMap returns ok=false).
|
||||
body := []byte(`{"result": {"usage": {"input_tokens": 0, "output_tokens": 0}}}`)
|
||||
in, out := parseUsageFromA2AResponse(body)
|
||||
if in != 0 || out != 0 {
|
||||
t.Errorf("parseUsageFromA2AResponse = (%d, %d), want (0, 0)", in, out)
|
||||
}
|
||||
}
|
||||
|
||||
// ──────────────────────────────────────────────────────────────────────────────
|
||||
// readUsageMap
|
||||
// ──────────────────────────────────────────────────────────────────────────────
|
||||
|
||||
func TestReadUsageMap_HappyPath(t *testing.T) {
|
||||
m := map[string]json.RawMessage{
|
||||
"usage": json.RawMessage(`{"input_tokens": 100, "output_tokens": 50}`),
|
||||
}
|
||||
in, out, ok := readUsageMap(m)
|
||||
if !ok {
|
||||
t.Fatal("readUsageMap returned ok=false, want true")
|
||||
}
|
||||
if in != 100 || out != 50 {
|
||||
t.Errorf("readUsageMap = (%d, %d, %v), want (100, 50, true)", in, out, ok)
|
||||
}
|
||||
}
|
||||
|
||||
func TestReadUsageMap_MissingUsage(t *testing.T) {
|
||||
m := map[string]json.RawMessage{
|
||||
"other": json.RawMessage(`{}`),
|
||||
}
|
||||
in, out, ok := readUsageMap(m)
|
||||
if ok {
|
||||
t.Errorf("readUsageMap returned ok=true for missing usage, want false")
|
||||
}
|
||||
}
|
||||
|
||||
func TestReadUsageMap_ZeroValues(t *testing.T) {
|
||||
m := map[string]json.RawMessage{
|
||||
"usage": json.RawMessage(`{"input_tokens": 0, "output_tokens": 0}`),
|
||||
}
|
||||
in, out, ok := readUsageMap(m)
|
||||
if ok {
|
||||
t.Errorf("readUsageMap returned ok=true for zero usage, want false")
|
||||
}
|
||||
if in != 0 || out != 0 {
|
||||
t.Errorf("readUsageMap = (%d, %d, %v), want (0, 0, false)", in, out, ok)
|
||||
}
|
||||
}
|
||||
|
||||
func TestReadUsageMap_OnlyInputTokens(t *testing.T) {
|
||||
m := map[string]json.RawMessage{
|
||||
"usage": json.RawMessage(`{"input_tokens": 200, "output_tokens": 0}`),
|
||||
}
|
||||
in, out, ok := readUsageMap(m)
|
||||
if !ok {
|
||||
t.Fatal("readUsageMap returned ok=false, want true")
|
||||
}
|
||||
if in != 200 || out != 0 {
|
||||
t.Errorf("readUsageMap = (%d, %d, %v), want (200, 0, true)", in, out, ok)
|
||||
}
|
||||
}
|
||||
|
||||
func TestReadUsageMap_OnlyOutputTokens(t *testing.T) {
|
||||
m := map[string]json.RawMessage{
|
||||
"usage": json.RawMessage(`{"input_tokens": 0, "output_tokens": 150}`),
|
||||
}
|
||||
in, out, ok := readUsageMap(m)
|
||||
if !ok {
|
||||
t.Fatal("readUsageMap returned ok=false, want true")
|
||||
}
|
||||
if in != 0 || out != 150 {
|
||||
t.Errorf("readUsageMap = (%d, %d, %v), want (0, 150, true)", in, out, ok)
|
||||
}
|
||||
}
|
||||
|
||||
func TestReadUsageMap_MalformedUsageJSON(t *testing.T) {
|
||||
m := map[string]json.RawMessage{
|
||||
"usage": json.RawMessage(`not valid json`),
|
||||
}
|
||||
in, out, ok := readUsageMap(m)
|
||||
if ok {
|
||||
t.Errorf("readUsageMap returned ok=true for malformed usage JSON, want false")
|
||||
}
|
||||
}
|
||||
|
||||
// Suppress unused import warning — setupTestDB references db.DB but this file
|
||||
// only tests pure functions, so db is only needed transitively through helpers.
|
||||
var _ = db.DB
|
||||
|
||||
@@ -80,54 +80,6 @@ func TestExtractIdempotencyKey_emptyOnMissing(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
// ──────────────────────────────────────────────────────────────────────────────
|
||||
// extractExpiresInSeconds
|
||||
// ──────────────────────────────────────────────────────────────────────────────
|
||||
|
||||
func TestExtractExpiresInSeconds_valid(t *testing.T) {
|
||||
cases := []struct {
|
||||
name string
|
||||
body string
|
||||
want int
|
||||
}{
|
||||
{"positive int", `{"params":{"expires_in_seconds":30}}`, 30},
|
||||
{"zero", `{"params":{"expires_in_seconds":0}}`, 0},
|
||||
{"large TTL", `{"params":{"expires_in_seconds":3600}}`, 3600},
|
||||
{"nested message — not affected", `{"params":{"message":{"role":"user"},"expires_in_seconds":60}}`, 60},
|
||||
}
|
||||
for _, tc := range cases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
if got := extractExpiresInSeconds([]byte(tc.body)); got != tc.want {
|
||||
t.Errorf("extractExpiresInSeconds = %d, want %d", got, tc.want)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestExtractExpiresInSeconds_invalidOrMissing(t *testing.T) {
|
||||
cases := []struct {
|
||||
name string
|
||||
body string
|
||||
want int
|
||||
}{
|
||||
{"negative → 0", `{"params":{"expires_in_seconds":-5}}`, 0},
|
||||
{"missing expires_in_seconds", `{"params":{"message":{"role":"user"}}}`, 0},
|
||||
{"no params at all", `{"method":"message/send"}`, 0},
|
||||
{"malformed JSON", `not json`, 0},
|
||||
{"empty body", ``, 0},
|
||||
{"null value", `{"params":{"expires_in_seconds":null}}`, 0},
|
||||
{"string value", `{"params":{"expires_in_seconds":"30"}}`, 0},
|
||||
{"float value", `{"params":{"expires_in_seconds":30.5}}`, 0},
|
||||
}
|
||||
for _, tc := range cases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
if got := extractExpiresInSeconds([]byte(tc.body)); got != tc.want {
|
||||
t.Errorf("extractExpiresInSeconds(%q) = %d, want %d", tc.body, got, tc.want)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestExtractDelegationIDFromBody(t *testing.T) {
|
||||
cases := []struct {
|
||||
name string
|
||||
|
||||
@@ -116,9 +116,6 @@ func (h *ApprovalsHandler) ListAll(c *gin.Context) {
|
||||
"created_at": createdAt,
|
||||
})
|
||||
}
|
||||
if err := rows.Err(); err != nil {
|
||||
log.Printf("ListPendingApprovals scan error: %v", err)
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, approvals)
|
||||
}
|
||||
@@ -158,9 +155,6 @@ func (h *ApprovalsHandler) List(c *gin.Context) {
|
||||
"created_at": createdAt,
|
||||
})
|
||||
}
|
||||
if err := rows.Err(); err != nil {
|
||||
log.Printf("ListApprovals scan error: %v", err)
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, approvals)
|
||||
}
|
||||
|
||||
@@ -50,14 +50,6 @@ func (h *BundleHandler) Import(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
// Reject null JSON (which binds to a zero-value Bundle{}) and empty schema.
|
||||
// Without this guard a POST of `null` or `{}` would INSERT a workspace row
|
||||
// with name="" and tier=0 into the DB before bundle.Import() fails.
|
||||
if b.Schema == "" {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "invalid bundle"})
|
||||
return
|
||||
}
|
||||
|
||||
ctx := c.Request.Context()
|
||||
result := bundle.Import(ctx, &b, nil, h.broadcaster, h.provisioner, h.platformURL)
|
||||
|
||||
|
||||
@@ -1,144 +0,0 @@
|
||||
package handlers
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"database/sql"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"testing"
|
||||
|
||||
"github.com/DATA-DOG/go-sqlmock"
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
// ─────────────────────────────────────────────────────────────────────────────
|
||||
// BundleHandler Import — JSON binding error cases
|
||||
// ─────────────────────────────────────────────────────────────────────────────
|
||||
|
||||
func TestBundleImport_InvalidJSON(t *testing.T) {
|
||||
h := NewBundleHandler(nil, nil, "http://localhost:8080", t.TempDir(), nil)
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
body string
|
||||
}{
|
||||
{"not JSON", `not json at all`},
|
||||
{"truncated JSON", `{"name": "test",`},
|
||||
{"null", `null`},
|
||||
{"array", `[]`},
|
||||
{"number", `42`},
|
||||
{"boolean", `true`},
|
||||
{"string", `"just a string"`},
|
||||
}
|
||||
|
||||
for _, tc := range tests {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
w := httptest.NewRecorder()
|
||||
c, _ := gin.CreateTestContext(w)
|
||||
c.Request = httptest.NewRequest("POST", "/bundles/import", bytes.NewBufferString(tc.body))
|
||||
c.Request.Header.Set("Content-Type", "application/json")
|
||||
|
||||
h.Import(c)
|
||||
|
||||
if w.Code != http.StatusBadRequest {
|
||||
t.Errorf("invalid JSON %q: expected status %d, got %d", tc.body, http.StatusBadRequest, w.Code)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
// ─────────────────────────────────────────────────────────────────────────────
|
||||
// BundleHandler Import — valid JSON routes to bundle.Import and returns 201
|
||||
// ─────────────────────────────────────────────────────────────────────────────
|
||||
|
||||
func TestBundleImport_ValidJSON(t *testing.T) {
|
||||
mock := setupTestDB(t)
|
||||
broadcaster := newTestBroadcaster()
|
||||
h := NewBundleHandler(broadcaster, nil, "http://localhost:8080", t.TempDir(), nil)
|
||||
|
||||
// bundle.Import does: INSERT workspaces (creates record), UPDATE runtime (after
|
||||
// parsing config.yaml), plus a RecordAndBroadcast (not a DB call). SubWorkspaces
|
||||
// recursion is a no-op for this test bundle. No workspace_schedules or
|
||||
// workspace_secrets INSERT in the current importer.
|
||||
mock.ExpectExec("INSERT INTO workspaces").
|
||||
WillReturnResult(sqlmock.NewResult(0, 1))
|
||||
mock.ExpectExec("UPDATE workspaces SET runtime").
|
||||
WillReturnResult(sqlmock.NewResult(0, 1))
|
||||
|
||||
body := `{"name": "test-workspace", "schema": "1.0", "tier": 3}`
|
||||
w := httptest.NewRecorder()
|
||||
c, _ := gin.CreateTestContext(w)
|
||||
c.Request = httptest.NewRequest("POST", "/bundles/import", bytes.NewBufferString(body))
|
||||
c.Request.Header.Set("Content-Type", "application/json")
|
||||
|
||||
h.Import(c)
|
||||
|
||||
if w.Code != http.StatusCreated {
|
||||
t.Errorf("valid JSON: expected status %d, got %d: %s", http.StatusCreated, w.Code, w.Body.String())
|
||||
}
|
||||
if err := mock.ExpectationsWereMet(); err != nil {
|
||||
t.Errorf("unmet sqlmock expectations: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
// ─────────────────────────────────────────────────────────────────────────────
|
||||
// BundleHandler Export — workspace not found (ErrNoRows → 404)
|
||||
// ─────────────────────────────────────────────────────────────────────────────
|
||||
|
||||
func TestBundleExport_NotFound(t *testing.T) {
|
||||
mock := setupTestDB(t)
|
||||
_ = setupTestRedis(t)
|
||||
broadcaster := newTestBroadcaster()
|
||||
h := NewBundleHandler(broadcaster, nil, "http://localhost:8080", t.TempDir(), nil)
|
||||
|
||||
// bundle.Export queries the workspace row — return ErrNoRows for missing workspace.
|
||||
mock.ExpectQuery(`SELECT name, COALESCE\(role`).
|
||||
WithArgs("ws-nonexistent").
|
||||
WillReturnError(sql.ErrNoRows)
|
||||
|
||||
w := httptest.NewRecorder()
|
||||
c, _ := gin.CreateTestContext(w)
|
||||
c.Params = gin.Params{{Key: "id", Value: "ws-nonexistent"}}
|
||||
c.Request = httptest.NewRequest("GET", "/bundles/export/ws-nonexistent", nil)
|
||||
|
||||
h.Export(c)
|
||||
|
||||
if w.Code != http.StatusNotFound {
|
||||
t.Errorf("expected status %d, got %d: %s", http.StatusNotFound, w.Code, w.Body.String())
|
||||
}
|
||||
if err := mock.ExpectationsWereMet(); err != nil {
|
||||
t.Errorf("unmet sqlmock expectations: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
// ─────────────────────────────────────────────────────────────────────────────
|
||||
// BundleHandler Export — query error (DB error → 404, per bundle.Export semantics)
|
||||
// ─────────────────────────────────────────────────────────────────────────────
|
||||
|
||||
func TestBundleExport_QueryError(t *testing.T) {
|
||||
mock := setupTestDB(t)
|
||||
_ = setupTestRedis(t)
|
||||
broadcaster := newTestBroadcaster()
|
||||
h := NewBundleHandler(broadcaster, nil, "http://localhost:8080", t.TempDir(), nil)
|
||||
|
||||
// Simulate a non-ErrNoRows DB error.
|
||||
mock.ExpectQuery(`SELECT name, COALESCE\(role`).
|
||||
WithArgs("ws-error").
|
||||
WillReturnError(sql.ErrConnDone)
|
||||
|
||||
w := httptest.NewRecorder()
|
||||
c, _ := gin.CreateTestContext(w)
|
||||
c.Params = gin.Params{{Key: "id", Value: "ws-error"}}
|
||||
c.Request = httptest.NewRequest("GET", "/bundles/export/ws-error", nil)
|
||||
|
||||
h.Export(c)
|
||||
|
||||
// bundle.Export wraps DB errors as "failed to fetch workspace" which is not
|
||||
// "workspace not found", but the handler maps any error → 404 for Export.
|
||||
if w.Code != http.StatusNotFound {
|
||||
t.Errorf("expected status %d for DB error, got %d: %s", http.StatusNotFound, w.Code, w.Body.String())
|
||||
}
|
||||
if err := mock.ExpectationsWereMet(); err != nil {
|
||||
t.Errorf("unmet sqlmock expectations: %v", err)
|
||||
}
|
||||
}
|
||||
@@ -645,9 +645,6 @@ func (h *DelegationHandler) ListDelegations(c *gin.Context) {
|
||||
}
|
||||
delegations = append(delegations, entry)
|
||||
}
|
||||
if err := rows.Err(); err != nil {
|
||||
log.Printf("ListDelegations scan error: %v", err)
|
||||
}
|
||||
|
||||
if delegations == nil {
|
||||
delegations = []map[string]interface{}{}
|
||||
|
||||
@@ -1287,80 +1287,3 @@ func TestExecuteDelegation_CleanProxyResponse_Unchanged(t *testing.T) {
|
||||
t.Errorf("unmet sqlmock expectations: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
// ---------- extractResponseText ----------
|
||||
|
||||
func TestExtractResponseText_NonJSON(t *testing.T) {
|
||||
got := extractResponseText([]byte("not json at all"))
|
||||
if got != "not json at all" {
|
||||
t.Errorf("non-JSON: got %q, want %q", got, "not json at all")
|
||||
}
|
||||
}
|
||||
|
||||
func TestExtractResponseText_ValidJSONNoResult(t *testing.T) {
|
||||
got := extractResponseText([]byte(`{"id":"1","error":{"code":-32601,"message":"method not found"}}`))
|
||||
if got != `{"id":"1","error":{"code":-32601,"message":"method not found"}}` {
|
||||
t.Errorf("no result key: got %q, want raw body", got)
|
||||
}
|
||||
}
|
||||
|
||||
// TestExtractResponseText_* cases live in delegation_extract_response_text_test.go
|
||||
// to keep pure-helper tests in their own file.
|
||||
|
||||
func TestExtractResponseText_PartsTextKind(t *testing.T) {
|
||||
body := []byte(`{"result":{"parts":[{"kind":"text","text":"Hello from agent"}]}}`)
|
||||
got := extractResponseText(body)
|
||||
if got != "Hello from agent" {
|
||||
t.Errorf("parts text: got %q, want %q", got, "Hello from agent")
|
||||
}
|
||||
}
|
||||
|
||||
func TestExtractResponseText_PartsNonTextKind(t *testing.T) {
|
||||
// kind="image" is skipped; falls through to raw body since no artifacts
|
||||
body := []byte(`{"result":{"parts":[{"kind":"image","text":"should not return"}]}}`)
|
||||
got := extractResponseText(body)
|
||||
if got != string(body) {
|
||||
t.Errorf("parts non-text: got %q, want raw body", got)
|
||||
}
|
||||
}
|
||||
|
||||
func TestExtractResponseText_PartsMultipleWithTextFirst(t *testing.T) {
|
||||
body := []byte(`{"result":{"parts":[{"kind":"text","text":"first"},{"kind":"text","text":"second"}]}}`)
|
||||
got := extractResponseText(body)
|
||||
// Returns first text part found
|
||||
if got != "first" {
|
||||
t.Errorf("parts first match: got %q, want %q", got, "first")
|
||||
}
|
||||
}
|
||||
|
||||
func TestExtractResponseText_ArtifactsTextKind(t *testing.T) {
|
||||
body := []byte(`{"result":{"artifacts":[{"parts":[{"kind":"text","text":"artifact text here"}]}]}}`)
|
||||
got := extractResponseText(body)
|
||||
if got != "artifact text here" {
|
||||
t.Errorf("artifacts text: got %q, want %q", got, "artifact text here")
|
||||
}
|
||||
}
|
||||
|
||||
func TestExtractResponseText_ArtifactsNonTextKind(t *testing.T) {
|
||||
body := []byte(`{"result":{"artifacts":[{"parts":[{"kind":"image","text":"hidden"}]}]}}`)
|
||||
got := extractResponseText(body)
|
||||
if got != string(body) {
|
||||
t.Errorf("artifacts non-text: got %q, want raw body", got)
|
||||
}
|
||||
}
|
||||
|
||||
func TestExtractResponseText_EmptyPartsAndArtifacts(t *testing.T) {
|
||||
body := []byte(`{"result":{"parts":[],"artifacts":[]}}`)
|
||||
got := extractResponseText(body)
|
||||
if got != string(body) {
|
||||
t.Errorf("empty parts/artifacts: got %q, want raw body", got)
|
||||
}
|
||||
}
|
||||
|
||||
func TestExtractResponseText_EmptyText(t *testing.T) {
|
||||
body := []byte(`{"result":{"parts":[{"kind":"text","text":""}]}}`)
|
||||
got := extractResponseText(body)
|
||||
if got != "" {
|
||||
t.Errorf("empty text: got %q, want %q", got, "")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -352,9 +352,6 @@ func queryPeerMaps(query string, args ...interface{}) ([]map[string]interface{},
|
||||
|
||||
result = append(result, peer)
|
||||
}
|
||||
if err := rows.Err(); err != nil {
|
||||
log.Printf("queryPeerMaps scan error: %v", err)
|
||||
}
|
||||
return result, nil
|
||||
}
|
||||
|
||||
|
||||
@@ -49,9 +49,6 @@ func (h *EventsHandler) List(c *gin.Context) {
|
||||
"created_at": createdAt,
|
||||
})
|
||||
}
|
||||
if err := rows.Err(); err != nil {
|
||||
log.Printf("ListEvents scan error: %v", err)
|
||||
}
|
||||
c.JSON(http.StatusOK, events)
|
||||
}
|
||||
|
||||
@@ -90,8 +87,5 @@ func (h *EventsHandler) ListByWorkspace(c *gin.Context) {
|
||||
"created_at": createdAt,
|
||||
})
|
||||
}
|
||||
if err := rows.Err(); err != nil {
|
||||
log.Printf("ListEventsByWorkspace scan error: %v", err)
|
||||
}
|
||||
c.JSON(http.StatusOK, events)
|
||||
}
|
||||
|
||||
@@ -248,9 +248,6 @@ func (h *InstructionsHandler) Resolve(c *gin.Context) {
|
||||
b.WriteString(content)
|
||||
b.WriteString("\n\n")
|
||||
}
|
||||
if err := rows.Err(); err != nil {
|
||||
log.Printf("ListInstructions scan error: %v", err)
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, gin.H{
|
||||
"workspace_id": workspaceID,
|
||||
@@ -261,7 +258,6 @@ func (h *InstructionsHandler) Resolve(c *gin.Context) {
|
||||
func scanInstructions(rows interface {
|
||||
Next() bool
|
||||
Scan(dest ...interface{}) error
|
||||
Err() error
|
||||
}) []Instruction {
|
||||
var instructions []Instruction
|
||||
for rows.Next() {
|
||||
@@ -273,9 +269,6 @@ func scanInstructions(rows interface {
|
||||
}
|
||||
instructions = append(instructions, inst)
|
||||
}
|
||||
if err := rows.Err(); err != nil {
|
||||
log.Printf("Instructions scan loop error: %v", err)
|
||||
}
|
||||
if instructions == nil {
|
||||
instructions = []Instruction{}
|
||||
}
|
||||
|
||||
@@ -346,7 +346,7 @@ func (g *gitFetcher) Fetch(ctx context.Context, rootDir, host, repoPath, ref str
|
||||
// MkdirTemp creates the dir; git clone refuses to clone into a
|
||||
// non-empty dir. Remove + recreate empty.
|
||||
os.RemoveAll(tmpDir)
|
||||
cloneAndConfig := gitArgs("clone", "--quiet", "--depth=1", "-b", ref, cloneURL, tmpDir)
|
||||
cloneAndConfig := append(gitArgs("clone", "--quiet", "--depth=1", "-b", ref, cloneURL, tmpDir))
|
||||
cmd := exec.CommandContext(ctx, "git", cloneAndConfig...)
|
||||
cmd.Env = append(os.Environ(), "GIT_TERMINAL_PROMPT=0")
|
||||
if out, err := cmd.CombinedOutput(); err != nil {
|
||||
|
||||
@@ -487,13 +487,11 @@ func (h *OrgHandler) createWorkspaceTree(ws OrgWorkspace, parentID *string, absX
|
||||
// timeout (caught 2026-05-08 right after dev-only org/import).
|
||||
loadPersonaEnvFile(ws.FilesDir, envVars)
|
||||
if orgBaseDir != "" {
|
||||
// Load org root and workspace-specific .env files. loadWorkspaceEnv
|
||||
// applies resolveInsideRoot to ws.FilesDir, closing the CWE-22 /
|
||||
// mc#786 path-traversal regression introduced when the guard was
|
||||
// dropped from createWorkspaceTree.
|
||||
workspaceEnv := loadWorkspaceEnv(orgBaseDir, ws.FilesDir)
|
||||
for k, v := range workspaceEnv {
|
||||
envVars[k] = v // workspace-specific overrides org root
|
||||
// 1. Org root .env (shared defaults)
|
||||
parseEnvFile(filepath.Join(orgBaseDir, ".env"), envVars)
|
||||
// 2. Workspace-specific .env (overrides)
|
||||
if ws.FilesDir != "" {
|
||||
parseEnvFile(filepath.Join(orgBaseDir, ws.FilesDir, ".env"), envVars)
|
||||
}
|
||||
}
|
||||
// Store as workspace secrets via DB (encrypted if key is set, raw otherwise)
|
||||
|
||||
@@ -354,10 +354,6 @@ func TestExpandWithEnv_UnsetVar(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
// TestHasUnresolvedVarRef_* cases live in org_helpers_pure_test.go to keep
|
||||
// pure-helper tests in their own file. Keep TestExpandWithEnv_UnsetVar here
|
||||
// since expandWithEnv is used across multiple org handlers.
|
||||
|
||||
func eqStringSlice(a, b []string) bool {
|
||||
if len(a) != len(b) {
|
||||
return false
|
||||
|
||||
@@ -1,80 +0,0 @@
|
||||
package handlers
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
// supportsRuntime tests — plugin runtime compatibility checking.
|
||||
|
||||
func TestSupportsRuntime_EmptyRuntimes(t *testing.T) {
|
||||
// Empty runtimes = unspecified, try it → always compatible.
|
||||
info := pluginInfo{Name: "test", Runtimes: nil}
|
||||
assert.True(t, info.supportsRuntime("claude_code"))
|
||||
assert.True(t, info.supportsRuntime("any_runtime"))
|
||||
}
|
||||
|
||||
func TestSupportsRuntime_ExactMatch(t *testing.T) {
|
||||
info := pluginInfo{Name: "test", Runtimes: []string{"claude_code", "anthropic"}}
|
||||
assert.True(t, info.supportsRuntime("claude_code"))
|
||||
assert.True(t, info.supportsRuntime("anthropic"))
|
||||
}
|
||||
|
||||
func TestSupportsRuntime_NoMatch(t *testing.T) {
|
||||
info := pluginInfo{Name: "test", Runtimes: []string{"claude_code"}}
|
||||
assert.False(t, info.supportsRuntime("openai"))
|
||||
}
|
||||
|
||||
func TestSupportsRuntime_HyphenUnderscoreNormalized(t *testing.T) {
|
||||
// "claude-code" and "claude_code" are considered equal.
|
||||
info := pluginInfo{Name: "test", Runtimes: []string{"claude-code"}}
|
||||
assert.True(t, info.supportsRuntime("claude_code"))
|
||||
assert.True(t, info.supportsRuntime("anthropic_claude"))
|
||||
}
|
||||
|
||||
func TestSupportsRuntime_HyphenVsUnderscoreReverse(t *testing.T) {
|
||||
// Plugin declares underscore form; runtime uses hyphen.
|
||||
info := pluginInfo{Name: "test", Runtimes: []string{"claude_code"}}
|
||||
assert.True(t, info.supportsRuntime("claude-code"))
|
||||
}
|
||||
|
||||
func TestSupportsRuntime_EmptyStringRuntime(t *testing.T) {
|
||||
info := pluginInfo{Name: "test", Runtimes: []string{"claude_code"}}
|
||||
// Empty runtime string: should not match any plugin.
|
||||
assert.False(t, info.supportsRuntime(""))
|
||||
}
|
||||
|
||||
func TestSupportsRuntime_SingleRuntimeMatch(t *testing.T) {
|
||||
// Multiple declared runtimes: only matching one is sufficient.
|
||||
info := pluginInfo{Name: "test", Runtimes: []string{"python", "nodejs", "claude_code"}}
|
||||
assert.True(t, info.supportsRuntime("claude_code"))
|
||||
assert.False(t, info.supportsRuntime("ruby"))
|
||||
}
|
||||
|
||||
func TestSupportsRuntime_AllHyphenForms(t *testing.T) {
|
||||
// Both plugin and runtime use hyphen form.
|
||||
info := pluginInfo{Name: "test", Runtimes: []string{"claude-code"}}
|
||||
assert.True(t, info.supportsRuntime("claude-code"))
|
||||
}
|
||||
|
||||
func TestSupportsRuntime_MultipleHyphenNormalization(t *testing.T) {
|
||||
// Mixed hyphen/underscore forms normalize to the same.
|
||||
info := pluginInfo{Name: "test", Runtimes: []string{"some-runtime-name"}}
|
||||
assert.True(t, info.supportsRuntime("some_runtime_name"))
|
||||
assert.True(t, info.supportsRuntime("some-runtime-name"))
|
||||
}
|
||||
|
||||
func TestSupportsRuntime_EmptyPluginRuntimesWithAnyInput(t *testing.T) {
|
||||
// Empty Runtimes on plugin = try it regardless of runtime.
|
||||
info := pluginInfo{Name: "test", Runtimes: []string{}}
|
||||
assert.True(t, info.supportsRuntime(""))
|
||||
assert.True(t, info.supportsRuntime("any"))
|
||||
assert.True(t, info.supportsRuntime("unknown"))
|
||||
}
|
||||
|
||||
func TestSupportsRuntime_ZeroLengthRuntimes(t *testing.T) {
|
||||
// Empty slice vs nil: both should be treated as "unspecified".
|
||||
info := pluginInfo{Name: "test"}
|
||||
assert.True(t, info.supportsRuntime("anything"))
|
||||
}
|
||||
@@ -63,9 +63,6 @@ func (h *SecretsHandler) List(c *gin.Context) {
|
||||
"updated_at": updatedAt,
|
||||
})
|
||||
}
|
||||
if err := rows.Err(); err != nil {
|
||||
log.Printf("ListSecrets scan error: %v", err)
|
||||
}
|
||||
|
||||
// 2. Global secrets not overridden at workspace level
|
||||
globalRows, err := db.DB.QueryContext(ctx,
|
||||
@@ -327,9 +324,6 @@ func (h *SecretsHandler) ListGlobal(c *gin.Context) {
|
||||
"scope": "global",
|
||||
})
|
||||
}
|
||||
if err := rows.Err(); err != nil {
|
||||
log.Printf("ListGlobalSecrets scan error: %v", err)
|
||||
}
|
||||
c.JSON(http.StatusOK, secrets)
|
||||
}
|
||||
|
||||
@@ -406,9 +400,6 @@ func (h *SecretsHandler) restartAllAffectedByGlobalKey(key string) {
|
||||
ids = append(ids, id)
|
||||
}
|
||||
}
|
||||
if err := rows.Err(); err != nil {
|
||||
log.Printf("notifyGlobalSecretChange scan error: %v", err)
|
||||
}
|
||||
if len(ids) == 0 {
|
||||
return
|
||||
}
|
||||
|
||||
@@ -1,164 +0,0 @@
|
||||
package handlers
|
||||
|
||||
import (
|
||||
"context"
|
||||
"testing"
|
||||
|
||||
"github.com/DATA-DOG/go-sqlmock"
|
||||
"github.com/Molecule-AI/molecule-monorepo/platform/internal/models"
|
||||
)
|
||||
|
||||
// ==================== resolveDeliveryMode ====================
|
||||
// Covers workspace_dispatchers.go / registry.go:resolveDeliveryMode
|
||||
|
||||
func TestResolveDeliveryMode_PayloadModeWins(t *testing.T) {
|
||||
mock := setupTestDB(t)
|
||||
setupTestRedis(t)
|
||||
broadcaster := newTestBroadcaster()
|
||||
h := NewRegistryHandler(broadcaster)
|
||||
|
||||
ctx := context.Background()
|
||||
for _, mode := range []string{models.DeliveryModePush, models.DeliveryModePoll} {
|
||||
got, err := h.resolveDeliveryMode(ctx, "ws-any-id", mode)
|
||||
if err != nil {
|
||||
t.Errorf("resolveDeliveryMode(payloadMode=%q) unexpected error: %v", mode, err)
|
||||
}
|
||||
if got != mode {
|
||||
t.Errorf("resolveDeliveryMode(payloadMode=%q) = %q, want %q", mode, got, mode)
|
||||
}
|
||||
}
|
||||
|
||||
// DB must NOT have been queried when payloadMode is set.
|
||||
if err := mock.ExpectationsWereMet(); err != nil {
|
||||
t.Errorf("DB expectations not met: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestResolveDeliveryMode_ExistingDeliveryMode(t *testing.T) {
|
||||
mock := setupTestDB(t)
|
||||
setupTestRedis(t)
|
||||
broadcaster := newTestBroadcaster()
|
||||
h := NewRegistryHandler(broadcaster)
|
||||
|
||||
// Workspace row has existing delivery_mode = "poll"
|
||||
mock.ExpectQuery("SELECT delivery_mode, runtime FROM workspaces").
|
||||
WithArgs("ws-poll").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"delivery_mode", "runtime"}).
|
||||
AddRow("poll", "langgraph"))
|
||||
|
||||
ctx := context.Background()
|
||||
got, err := h.resolveDeliveryMode(ctx, "ws-poll", "")
|
||||
if err != nil {
|
||||
t.Errorf("resolveDeliveryMode() unexpected error: %v", err)
|
||||
}
|
||||
if got != models.DeliveryModePoll {
|
||||
t.Errorf("resolveDeliveryMode() = %q, want %q", got, models.DeliveryModePoll)
|
||||
}
|
||||
}
|
||||
|
||||
func TestResolveDeliveryMode_ExternalRuntime_DefaultsToPoll(t *testing.T) {
|
||||
mock := setupTestDB(t)
|
||||
setupTestRedis(t)
|
||||
broadcaster := newTestBroadcaster()
|
||||
h := NewRegistryHandler(broadcaster)
|
||||
|
||||
// Row exists but delivery_mode is NULL; runtime = "external"
|
||||
mock.ExpectQuery("SELECT delivery_mode, runtime FROM workspaces").
|
||||
WithArgs("ws-external").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"delivery_mode", "runtime"}).
|
||||
AddRow(nil, "external"))
|
||||
|
||||
ctx := context.Background()
|
||||
got, err := h.resolveDeliveryMode(ctx, "ws-external", "")
|
||||
if err != nil {
|
||||
t.Errorf("resolveDeliveryMode() unexpected error: %v", err)
|
||||
}
|
||||
if got != models.DeliveryModePoll {
|
||||
t.Errorf("resolveDeliveryMode() = %q, want %q (external runtime)", got, models.DeliveryModePoll)
|
||||
}
|
||||
}
|
||||
|
||||
func TestResolveDeliveryMode_SelfHosted_DefaultsToPush(t *testing.T) {
|
||||
mock := setupTestDB(t)
|
||||
setupTestRedis(t)
|
||||
broadcaster := newTestBroadcaster()
|
||||
h := NewRegistryHandler(broadcaster)
|
||||
|
||||
// Row exists; delivery_mode is NULL; runtime = "langgraph"
|
||||
mock.ExpectQuery("SELECT delivery_mode, runtime FROM workspaces").
|
||||
WithArgs("ws-self-hosted").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"delivery_mode", "runtime"}).
|
||||
AddRow(nil, "langgraph"))
|
||||
|
||||
ctx := context.Background()
|
||||
got, err := h.resolveDeliveryMode(ctx, "ws-self-hosted", "")
|
||||
if err != nil {
|
||||
t.Errorf("resolveDeliveryMode() unexpected error: %v", err)
|
||||
}
|
||||
if got != models.DeliveryModePush {
|
||||
t.Errorf("resolveDeliveryMode() = %q, want %q (self-hosted default)", got, models.DeliveryModePush)
|
||||
}
|
||||
}
|
||||
|
||||
func TestResolveDeliveryMode_NotFound_DefaultsToPush(t *testing.T) {
|
||||
mock := setupTestDB(t)
|
||||
setupTestRedis(t)
|
||||
broadcaster := newTestBroadcaster()
|
||||
h := NewRegistryHandler(broadcaster)
|
||||
|
||||
// Row not found → sql.ErrNoRows → default push
|
||||
mock.ExpectQuery("SELECT delivery_mode, runtime FROM workspaces").
|
||||
WithArgs("ws-nonexistent").
|
||||
WillReturnError(sql.ErrNoRows)
|
||||
|
||||
ctx := context.Background()
|
||||
got, err := h.resolveDeliveryMode(ctx, "ws-nonexistent", "")
|
||||
if err != nil {
|
||||
t.Errorf("resolveDeliveryMode() unexpected error on no-rows: %v", err)
|
||||
}
|
||||
if got != models.DeliveryModePush {
|
||||
t.Errorf("resolveDeliveryMode() = %q, want %q (not-found default)", got, models.DeliveryModePush)
|
||||
}
|
||||
}
|
||||
|
||||
func TestResolveDeliveryMode_DBError_Propagated(t *testing.T) {
|
||||
mock := setupTestDB(t)
|
||||
setupTestRedis(t)
|
||||
broadcaster := newTestBroadcaster()
|
||||
h := NewRegistryHandler(broadcaster)
|
||||
|
||||
mock.ExpectQuery("SELECT delivery_mode, runtime FROM workspaces").
|
||||
WithArgs("ws-error").
|
||||
WillReturnError(context.DeadlineExceeded)
|
||||
|
||||
ctx := context.Background()
|
||||
_, err := h.resolveDeliveryMode(ctx, "ws-error", "")
|
||||
if err == nil {
|
||||
t.Errorf("resolveDeliveryMode() expected error, got nil")
|
||||
}
|
||||
}
|
||||
|
||||
func TestResolveDeliveryMode_ExistingDeliveryModeEmptyString(t *testing.T) {
|
||||
// When the DB returns an empty (non-NULL) string for delivery_mode,
|
||||
// it falls through to the runtime check (not the existing.Valid path).
|
||||
mock := setupTestDB(t)
|
||||
setupTestRedis(t)
|
||||
broadcaster := newTestBroadcaster()
|
||||
h := NewRegistryHandler(broadcaster)
|
||||
|
||||
// delivery_mode is explicitly empty string (not NULL), runtime = "langgraph"
|
||||
// → falls through to runtime check → "push" for non-external
|
||||
mock.ExpectQuery("SELECT delivery_mode, runtime FROM workspaces").
|
||||
WithArgs("ws-empty-mode").
|
||||
WillReturnRows(sqlmock.NewRows([]string{"delivery_mode", "runtime"}).
|
||||
AddRow("", "langgraph"))
|
||||
|
||||
ctx := context.Background()
|
||||
got, err := h.resolveDeliveryMode(ctx, "ws-empty-mode", "")
|
||||
if err != nil {
|
||||
t.Errorf("resolveDeliveryMode() unexpected error: %v", err)
|
||||
}
|
||||
if got != models.DeliveryModePush {
|
||||
t.Errorf("resolveDeliveryMode() = %q, want %q", got, models.DeliveryModePush)
|
||||
}
|
||||
}
|
||||
@@ -1,100 +0,0 @@
|
||||
package models
|
||||
|
||||
import "testing"
|
||||
|
||||
// ==================== IsValidDeliveryMode ====================
|
||||
|
||||
func TestIsValidDeliveryMode_Valid(t *testing.T) {
|
||||
for _, mode := range []string{DeliveryModePush, DeliveryModePoll} {
|
||||
if !IsValidDeliveryMode(mode) {
|
||||
t.Errorf("IsValidDeliveryMode(%q) = false, want true", mode)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestIsValidDeliveryMode_Invalid(t *testing.T) {
|
||||
cases := []struct {
|
||||
val string
|
||||
want bool
|
||||
}{
|
||||
{"", false}, // empty string is not valid — callers must resolve the default
|
||||
{"pushx", false}, // typo
|
||||
{"pollx", false}, // typo
|
||||
{"PUSH", false}, // case-sensitive
|
||||
{"PUSH ", false}, // trailing space
|
||||
{"push ", false}, // trailing space
|
||||
{"hybrid", false}, // non-existent mode
|
||||
{"poll ", false}, // trailing space
|
||||
}
|
||||
for _, tc := range cases {
|
||||
got := IsValidDeliveryMode(tc.val)
|
||||
if got != tc.want {
|
||||
t.Errorf("IsValidDeliveryMode(%q) = %v, want %v", tc.val, got, tc.want)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// ==================== WorkspaceStatus ====================
|
||||
|
||||
func TestWorkspaceStatus_String(t *testing.T) {
|
||||
statuses := []WorkspaceStatus{
|
||||
StatusProvisioning,
|
||||
StatusOnline,
|
||||
StatusOffline,
|
||||
StatusDegraded,
|
||||
StatusFailed,
|
||||
StatusRemoved,
|
||||
StatusPaused,
|
||||
StatusHibernated,
|
||||
StatusHibernating,
|
||||
StatusAwaitingAgent,
|
||||
}
|
||||
for _, s := range statuses {
|
||||
if got := s.String(); got != string(s) {
|
||||
t.Errorf("WorkspaceStatus(%q).String() = %q, want %q", s, got, string(s))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestAllWorkspaceStatuses_Length(t *testing.T) {
|
||||
// The const block has 10 statuses; AllWorkspaceStatuses must match.
|
||||
if got := len(AllWorkspaceStatuses); got != 10 {
|
||||
t.Errorf("len(AllWorkspaceStatuses) = %d, want 10", got)
|
||||
}
|
||||
}
|
||||
|
||||
func TestAllWorkspaceStatuses_ContainsAllNamed(t *testing.T) {
|
||||
// Verify every named const appears in AllWorkspaceStatuses exactly once.
|
||||
named := []WorkspaceStatus{
|
||||
StatusProvisioning,
|
||||
StatusOnline,
|
||||
StatusOffline,
|
||||
StatusDegraded,
|
||||
StatusFailed,
|
||||
StatusRemoved,
|
||||
StatusPaused,
|
||||
StatusHibernated,
|
||||
StatusHibernating,
|
||||
StatusAwaitingAgent,
|
||||
}
|
||||
set := make(map[WorkspaceStatus]bool, len(AllWorkspaceStatuses))
|
||||
for _, s := range AllWorkspaceStatuses {
|
||||
set[s] = true
|
||||
}
|
||||
for _, s := range named {
|
||||
if !set[s] {
|
||||
t.Errorf("named status %q missing from AllWorkspaceStatuses", s)
|
||||
}
|
||||
}
|
||||
if len(set) != len(named) {
|
||||
t.Errorf("AllWorkspaceStatuses has %d unique entries, want %d", len(set), len(named))
|
||||
}
|
||||
}
|
||||
|
||||
func TestAllWorkspaceStatuses_NoEmpty(t *testing.T) {
|
||||
for _, s := range AllWorkspaceStatuses {
|
||||
if s == "" {
|
||||
t.Errorf("AllWorkspaceStatuses contains empty string")
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -24,7 +24,7 @@ func makeTestOpts(t *testing.T) *LocalBuildOptions {
|
||||
RepoPrefix: "https://git.test/molecule-ai/molecule-ai-workspace-template-",
|
||||
Platform: "linux/amd64",
|
||||
HTTPClient: &http.Client{},
|
||||
checkShellDeps: func() error {
|
||||
preflightLocalBuild: func() error {
|
||||
return nil // tests bypass the real PATH check
|
||||
},
|
||||
remoteHeadSha: func(ctx context.Context, opts *LocalBuildOptions, runtime string) (string, error) {
|
||||
@@ -46,7 +46,10 @@ func makeTestOpts(t *testing.T) *LocalBuildOptions {
|
||||
dockerTag: func(ctx context.Context, src, dst string) error {
|
||||
return nil
|
||||
},
|
||||
|
||||
// Stub the shell-dep pre-flight so tests run without docker/git on PATH.
|
||||
checkShellDeps: func() error {
|
||||
return nil
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
@@ -674,10 +677,10 @@ func TestProvisionerStartUsesLocalBuild_LocalMode(t *testing.T) {
|
||||
// caught by this test.
|
||||
}
|
||||
|
||||
// TestEnsureLocalImage_Hooks checkShellDeps — when preflight fails,
|
||||
// TestEnsureLocalImage_Hooks preflightLocalBuild — when preflight fails,
|
||||
func TestEnsureLocalImage_PreflightFailsIfDockerMissing(t *testing.T) {
|
||||
opts := makeTestOpts(t)
|
||||
opts.checkShellDeps = func() error {
|
||||
opts.preflightLocalBuild = func() error {
|
||||
return fmt.Errorf(
|
||||
"local-build mode requires `docker` and `git` on PATH in the platform container; " +
|
||||
"found: docker=<missing>, git=<missing>. " +
|
||||
@@ -699,7 +702,7 @@ func TestEnsureLocalImage_PreflightFailsIfDockerMissing(t *testing.T) {
|
||||
// nil, execution proceeds normally.
|
||||
func TestEnsureLocalImage_PreflightOKPassesThrough(t *testing.T) {
|
||||
opts := makeTestOpts(t)
|
||||
opts.checkShellDeps = func() error { return nil }
|
||||
opts.preflightLocalBuild = func() error { return nil }
|
||||
tag, err := ensureLocalImageWithOpts(context.Background(), "claude-code", opts)
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
|
||||
@@ -127,9 +127,7 @@ func (h *Hub) Close() {
|
||||
count := len(h.clients)
|
||||
for client := range h.clients {
|
||||
close(client.Send)
|
||||
if client.Conn != nil {
|
||||
client.Conn.Close()
|
||||
}
|
||||
client.Conn.Close()
|
||||
delete(h.clients, client)
|
||||
}
|
||||
log.Printf("WebSocket hub closed (%d clients disconnected)", count)
|
||||
|
||||
@@ -1,386 +0,0 @@
|
||||
package ws
|
||||
|
||||
import (
|
||||
"sync"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/Molecule-AI/molecule-monorepo/platform/internal/models"
|
||||
)
|
||||
|
||||
// ─── helpers ────────────────────────────────────────────────────────────────
|
||||
|
||||
// mockClient returns a Client with a buffered send channel of the given size
|
||||
// and a nil WebSocket connection. Nil Conn is safe for our tests because we
|
||||
// never call WritePump (which uses Conn) — we only test the hub's send channel
|
||||
// and broadcast logic.
|
||||
func mockClient(workspaceID string, bufSize int) *Client {
|
||||
return &Client{
|
||||
WorkspaceID: workspaceID,
|
||||
Send: make(chan []byte, bufSize),
|
||||
// Conn is nil — safe: WritePump (which uses Conn) is never called in tests.
|
||||
}
|
||||
}
|
||||
|
||||
// ─── NewHub ────────────────────────────────────────────────────────────────
|
||||
|
||||
func TestNewHub_NilChecker(t *testing.T) {
|
||||
// nil AccessChecker is accepted (hub allows all workspace→workspace broadcasts
|
||||
// when canCommunicate is unset — the gating is purely advisory).
|
||||
h := NewHub(nil)
|
||||
if h == nil {
|
||||
t.Fatal("NewHub(nil) returned nil")
|
||||
}
|
||||
if h.canCommunicate != nil {
|
||||
t.Error("canCommunicate should be nil")
|
||||
}
|
||||
}
|
||||
|
||||
func TestNewHub_AccessCheckerWired(t *testing.T) {
|
||||
called := false
|
||||
checker := func(callerID, targetID string) bool {
|
||||
called = true
|
||||
return callerID == targetID // only self-communication allowed
|
||||
}
|
||||
h := NewHub(checker)
|
||||
if h.canCommunicate == nil {
|
||||
t.Fatal("canCommunicate not wired")
|
||||
}
|
||||
// Invoke the wired function directly
|
||||
allowed := h.canCommunicate("ws-1", "ws-1")
|
||||
if !called {
|
||||
t.Error("checker was not called")
|
||||
}
|
||||
if !allowed {
|
||||
t.Error("self-communication should be allowed")
|
||||
}
|
||||
if h.canCommunicate("ws-1", "ws-2") {
|
||||
t.Error("cross-workspace communication should be blocked by checker")
|
||||
}
|
||||
}
|
||||
|
||||
// ─── safeSend ─────────────────────────────────────────────────────────────
|
||||
|
||||
func TestSafeSend_OpenChannel_Sends(t *testing.T) {
|
||||
c := mockClient("ws-1", 10)
|
||||
data := []byte(`{"type":"ping"}`)
|
||||
ok := safeSend(c, data)
|
||||
if !ok {
|
||||
t.Error("safeSend should return true for open channel")
|
||||
}
|
||||
select {
|
||||
case got := <-c.Send:
|
||||
if string(got) != string(data) {
|
||||
t.Errorf("got %q, want %q", got, data)
|
||||
}
|
||||
case <-time.After(100 * time.Millisecond):
|
||||
t.Error("no message received on channel")
|
||||
}
|
||||
}
|
||||
|
||||
func TestSafeSend_ClosedChannel_ReturnsFalse(t *testing.T) {
|
||||
c := mockClient("ws-1", 10)
|
||||
close(c.Send) // close before safeSend
|
||||
ok := safeSend(c, []byte("data"))
|
||||
if ok {
|
||||
t.Error("safeSend should return false for closed channel")
|
||||
}
|
||||
}
|
||||
|
||||
func TestSafeSend_FullChannel_ReturnsFalse(t *testing.T) {
|
||||
c := mockClient("ws-1", 1) // buffer size 1
|
||||
// Fill the channel
|
||||
c.Send <- []byte("first")
|
||||
// Channel is now full
|
||||
ok := safeSend(c, []byte("second"))
|
||||
if ok {
|
||||
t.Error("safeSend should return false when channel buffer is full")
|
||||
}
|
||||
// Drain to leave clean state
|
||||
<-c.Send
|
||||
}
|
||||
|
||||
// ─── Broadcast ────────────────────────────────────────────────────────────
|
||||
|
||||
func TestBroadcast_CanvasAlwaysReceives(t *testing.T) {
|
||||
h := NewHub(nil) // nil checker: canvas always gets messages
|
||||
|
||||
// Canvas client (no workspaceID) + two workspace clients
|
||||
canvas := mockClient("", 10)
|
||||
ws1 := mockClient("ws-1", 10)
|
||||
ws2 := mockClient("ws-2", 10)
|
||||
|
||||
// Manually register clients into hub state
|
||||
h.mu.Lock()
|
||||
h.clients[canvas] = true
|
||||
h.clients[ws1] = true
|
||||
h.clients[ws2] = true
|
||||
h.mu.Unlock()
|
||||
|
||||
msg := models.WSMessage{Event: "test", Payload: []byte(`"hello"`)}
|
||||
h.Broadcast(msg)
|
||||
|
||||
// Canvas must receive
|
||||
select {
|
||||
case got := <-canvas.Send:
|
||||
t.Logf("canvas received: %s", got)
|
||||
case <-time.After(100 * time.Millisecond):
|
||||
t.Error("canvas client did not receive broadcast")
|
||||
}
|
||||
}
|
||||
|
||||
func TestBroadcast_WorkspaceCanCommunicateGating(t *testing.T) {
|
||||
// Only ws-1 can receive messages for ws-2
|
||||
checker := func(callerID, targetID string) bool {
|
||||
return callerID == targetID
|
||||
}
|
||||
h := NewHub(checker)
|
||||
|
||||
ws1 := mockClient("ws-1", 10)
|
||||
ws2 := mockClient("ws-2", 10)
|
||||
canvas := mockClient("", 10)
|
||||
|
||||
h.mu.Lock()
|
||||
h.clients[ws1] = true
|
||||
h.clients[ws2] = true
|
||||
h.clients[canvas] = true
|
||||
h.mu.Unlock()
|
||||
|
||||
// Broadcast addressed to ws-2
|
||||
msg := models.WSMessage{Event: "test", WorkspaceID: "ws-2"}
|
||||
h.Broadcast(msg)
|
||||
|
||||
// ws-1 should NOT receive (not the target, checker says no)
|
||||
select {
|
||||
case <-ws1.Send:
|
||||
t.Error("ws-1 should not receive broadcast for ws-2")
|
||||
case <-time.After(50 * time.Millisecond):
|
||||
t.Log("ws-1 correctly blocked — no message")
|
||||
}
|
||||
|
||||
// ws-2 should receive
|
||||
select {
|
||||
case <-ws2.Send:
|
||||
t.Log("ws-2 correctly received broadcast")
|
||||
case <-time.After(100 * time.Millisecond):
|
||||
t.Error("ws-2 did not receive broadcast")
|
||||
}
|
||||
|
||||
// Canvas always receives
|
||||
select {
|
||||
case <-canvas.Send:
|
||||
t.Log("canvas correctly received broadcast")
|
||||
case <-time.After(100 * time.Millisecond):
|
||||
t.Error("canvas did not receive broadcast")
|
||||
}
|
||||
}
|
||||
|
||||
func TestBroadcast_DropsOnClosedChannel(t *testing.T) {
|
||||
h := NewHub(nil)
|
||||
c := mockClient("", 10)
|
||||
close(c.Send) // pre-close so safeSend returns false
|
||||
|
||||
h.mu.Lock()
|
||||
h.clients[c] = true
|
||||
h.mu.Unlock()
|
||||
|
||||
// Broadcast must not panic; closed client should be dropped silently.
|
||||
msg := models.WSMessage{Event: "ping"}
|
||||
h.Broadcast(msg) // should not panic
|
||||
}
|
||||
|
||||
func TestBroadcast_DropsOnFullChannel(t *testing.T) {
|
||||
h := NewHub(nil)
|
||||
c := mockClient("", 1)
|
||||
c.Send <- []byte("blocker") // fill buffer
|
||||
|
||||
h.mu.Lock()
|
||||
h.clients[c] = true
|
||||
h.mu.Unlock()
|
||||
|
||||
msg := models.WSMessage{Event: "ping"}
|
||||
h.Broadcast(msg) // safeSend returns false; no panic
|
||||
|
||||
// Drain to leave clean state
|
||||
<-c.Send
|
||||
}
|
||||
|
||||
func TestBroadcast_EmptyHubNoPanic(t *testing.T) {
|
||||
h := NewHub(nil)
|
||||
msg := models.WSMessage{Event: "ping"}
|
||||
h.Broadcast(msg) // must not panic with no clients
|
||||
}
|
||||
|
||||
func TestBroadcast_MultiClient(t *testing.T) {
|
||||
h := NewHub(nil)
|
||||
clients := make([]*Client, 5)
|
||||
h.mu.Lock()
|
||||
for i := 0; i < 5; i++ {
|
||||
clients[i] = mockClient("", 10)
|
||||
h.clients[clients[i]] = true
|
||||
}
|
||||
h.mu.Unlock()
|
||||
|
||||
msg := models.WSMessage{Event: "multi", Payload: []byte(`"all receive"`)}
|
||||
h.Broadcast(msg)
|
||||
|
||||
for i, c := range clients {
|
||||
select {
|
||||
case <-c.Send:
|
||||
t.Logf("client %d received", i)
|
||||
case <-time.After(100 * time.Millisecond):
|
||||
t.Errorf("client %d did not receive broadcast", i)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestBroadcast_CanvasIgnoresChecker(t *testing.T) {
|
||||
// Strict checker that blocks ALL cross-workspace (never returns true for different IDs)
|
||||
strictChecker := func(callerID, targetID string) bool {
|
||||
return callerID == targetID
|
||||
}
|
||||
h := NewHub(strictChecker)
|
||||
|
||||
canvas := mockClient("", 10)
|
||||
|
||||
h.mu.Lock()
|
||||
h.clients[canvas] = true
|
||||
h.mu.Unlock()
|
||||
|
||||
msg := models.WSMessage{Event: "ping", WorkspaceID: "ws-1"}
|
||||
h.Broadcast(msg)
|
||||
|
||||
select {
|
||||
case <-canvas.Send:
|
||||
t.Log("canvas received message even though checker blocks ws-1")
|
||||
case <-time.After(100 * time.Millisecond):
|
||||
t.Error("canvas must always receive — checker should be bypassed")
|
||||
}
|
||||
}
|
||||
|
||||
// ─── Close ────────────────────────────────────────────────────────────────
|
||||
|
||||
func TestClose_DisconnectsAllClients(t *testing.T) {
|
||||
h := NewHub(nil)
|
||||
clients := make([]*Client, 3)
|
||||
h.mu.Lock()
|
||||
for i := 0; i < 3; i++ {
|
||||
clients[i] = mockClient("", 10)
|
||||
h.clients[clients[i]] = true
|
||||
}
|
||||
h.mu.Unlock()
|
||||
|
||||
// Start Run goroutine so Close can drain Unregister channel
|
||||
go h.Run()
|
||||
defer h.Close()
|
||||
|
||||
// Unregister all clients so the mutex is released before Close() tries to lock it
|
||||
for _, c := range clients {
|
||||
h.Unregister <- c
|
||||
}
|
||||
time.Sleep(50 * time.Millisecond)
|
||||
|
||||
// Now close — mutex is free, Close() should succeed
|
||||
h.Close()
|
||||
|
||||
// All client channels should be closed
|
||||
for i, c := range clients {
|
||||
select {
|
||||
case _, ok := <-c.Send:
|
||||
if ok {
|
||||
t.Errorf("client %d channel still open after Close", i)
|
||||
}
|
||||
case <-time.After(100 * time.Millisecond):
|
||||
// Channel drained and closed
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestClose_Idempotent(t *testing.T) {
|
||||
h := NewHub(nil)
|
||||
c := mockClient("", 10)
|
||||
h.mu.Lock()
|
||||
h.clients[c] = true
|
||||
h.mu.Unlock()
|
||||
|
||||
// Close twice — must not panic or deadlock
|
||||
h.Close()
|
||||
h.Close() // second call also fine
|
||||
}
|
||||
|
||||
func TestClose_ClosesDoneChannel(t *testing.T) {
|
||||
h := NewHub(nil)
|
||||
|
||||
// Start Run goroutine
|
||||
done := make(chan struct{})
|
||||
go func() {
|
||||
h.Run()
|
||||
close(done)
|
||||
}()
|
||||
|
||||
h.Close()
|
||||
|
||||
select {
|
||||
case <-done:
|
||||
t.Log("Run exited after Close")
|
||||
case <-time.After(200 * time.Millisecond):
|
||||
t.Error("Run did not exit after Close")
|
||||
}
|
||||
}
|
||||
|
||||
// ─── Run goroutine (Unregister) ──────────────────────────────────────────
|
||||
|
||||
func TestRun_UnregisterClosesClientSend(t *testing.T) {
|
||||
h := NewHub(nil)
|
||||
c := mockClient("ws-1", 10)
|
||||
|
||||
// Start Run() BEFORE sending to Register — Register is unbuffered,
|
||||
// so Run() must be ready to receive before the send can complete.
|
||||
go h.Run()
|
||||
defer h.Close()
|
||||
|
||||
// Register the client
|
||||
h.Register <- c
|
||||
|
||||
// Give Run a moment to register the client
|
||||
time.Sleep(20 * time.Millisecond)
|
||||
|
||||
// Unregister client
|
||||
h.Unregister <- c
|
||||
|
||||
select {
|
||||
case _, ok := <-c.Send:
|
||||
if ok {
|
||||
t.Error("client send channel should be closed after Unregister")
|
||||
}
|
||||
case <-time.After(500 * time.Millisecond):
|
||||
t.Error("client send channel not closed within timeout")
|
||||
}
|
||||
}
|
||||
|
||||
// ─── Concurrent access ────────────────────────────────────────────────────
|
||||
|
||||
func TestBroadcast_ConcurrentSafe(t *testing.T) {
|
||||
h := NewHub(nil)
|
||||
clients := make([]*Client, 10)
|
||||
h.mu.Lock()
|
||||
for i := 0; i < 10; i++ {
|
||||
clients[i] = mockClient("", 100)
|
||||
h.clients[clients[i]] = true
|
||||
}
|
||||
h.mu.Unlock()
|
||||
|
||||
var wg sync.WaitGroup
|
||||
for i := 0; i < 5; i++ {
|
||||
wg.Add(1)
|
||||
go func(id int) {
|
||||
defer wg.Done()
|
||||
for j := 0; j < 20; j++ {
|
||||
h.Broadcast(models.WSMessage{Event: "ping", Payload: []byte(`"concurrent"`)})
|
||||
|
||||
}
|
||||
}(i)
|
||||
}
|
||||
|
||||
wg.Wait() // should not deadlock or panic
|
||||
}
|
||||
@@ -9,13 +9,6 @@ import uuid
|
||||
|
||||
import httpx
|
||||
|
||||
# OFFSEC-003: peer-controlled text MUST be wrapped with sanitize_a2a_result
|
||||
# before being returned to the LLM. This module's delegate_task() is one of
|
||||
# the trust-boundary entry points where peer output crosses into our agent's
|
||||
# context — same surface as a2a_tools_delegation.py:325 (fixed via #492).
|
||||
# Issue #537.
|
||||
from _sanitize_a2a import sanitize_a2a_result
|
||||
|
||||
PLATFORM_URL = os.environ.get("PLATFORM_URL", "http://host.docker.internal:8080")
|
||||
WORKSPACE_ID = os.environ.get("WORKSPACE_ID", "")
|
||||
|
||||
@@ -76,12 +69,12 @@ async def delegate_task(workspace_id: str, task: str) -> str:
|
||||
result = data["result"]
|
||||
parts = result.get("parts", []) if isinstance(result, dict) else []
|
||||
if parts and isinstance(parts[0], dict):
|
||||
return sanitize_a2a_result(parts[0].get("text", "(no text)"))
|
||||
return parts[0].get("text", "(no text)")
|
||||
# Empty parts list (e.g. {"parts": []}) should return str(result),
|
||||
# not "(no text)" — preserves pre-fix behavior (#279 regression fix).
|
||||
if isinstance(result, dict) and result.get("parts") == []:
|
||||
return sanitize_a2a_result(str(result))
|
||||
return sanitize_a2a_result(str(result) if isinstance(result, str) else "(no text)")
|
||||
return str(result)
|
||||
return str(result) if isinstance(result, str) else "(no text)"
|
||||
elif "error" in data:
|
||||
err = data["error"]
|
||||
# Handle both string-form errors ("error": "some string")
|
||||
@@ -94,6 +87,14 @@ async def delegate_task(workspace_id: str, task: str) -> str:
|
||||
else:
|
||||
msg = str(err)
|
||||
return f"Error: {msg}"
|
||||
msg = ""
|
||||
if isinstance(err, dict):
|
||||
msg = err.get("message", "")
|
||||
elif isinstance(err, str):
|
||||
msg = err
|
||||
else:
|
||||
msg = str(err)
|
||||
return f"Error: {msg}"
|
||||
return str(data)
|
||||
except Exception as e:
|
||||
return f"Error sending A2A message: {e}"
|
||||
|
||||
@@ -620,9 +620,7 @@ def sanitize_agent_error(
|
||||
# a malicious or buggy peer injecting a huge error body, and
|
||||
# scrubs any API keys / bearer tokens that snuck into the message.
|
||||
detail = _sanitize_for_external(stderr[:_MAX_STDERR_PREVIEW])
|
||||
if category:
|
||||
return f"Agent error ({tag}): {detail}"
|
||||
return f"Agent error: {detail}"
|
||||
return f"Agent error ({tag}): {detail}"
|
||||
return f"Agent error ({tag}) — see workspace logs for details."
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user