molecule-ai/molecule-core
35
0
Fork 2
Code Issues 16 Pull Requests 2 Actions 49 Packages Projects Releases Wiki Activity
0bb8daf25c
molecule-core/tests/e2e/test_dev_mode.sh
Hongming Wang de99a22ffc fix(quickstart): hotfixes discovered during live testing session 
Five additional breakages surfaced while testing the restored stack
end-to-end (spin up Hermes template → click node → open side panel →
configure secrets → send chat). Each fix is narrowly scoped and has
matching unit or e2e tests so they don't regress.

### 1. SSRF defence blocked loopback A2A on self-hosted Docker

handlers/ssrf.go was rejecting `http://127.0.0.1:<port>` workspace
URLs as loopback, so POST /workspaces/:id/a2a returned 502 on every
Canvas chat send in local-dev. The provisioner on self-hosted Docker
publishes each container's A2A port on 127.0.0.1:<ephemeral> — that's
the only reachable address for the platform-on-host path.

Added `devModeAllowsLoopback()` — allows loopback only when
MOLECULE_ENV ∈ {development, dev}. SaaS (MOLECULE_ENV=production)
continues to block loopback; every other blocked range (metadata
169.254/16, TEST-NET, CGNAT, link-local) stays blocked in dev mode.

Tests: 5 new tests in ssrf_test.go covering dev-mode loopback,
dev-mode short-alias ("dev"), production still blocks loopback,
dev-mode still blocks every other range, and a 9-case table test of
the predicate with case/whitespace/typo variants.

### 2. canvas/src/lib/api.ts: 401 → login redirect broke localhost

Every 401 called `redirectToLogin()` which navigates to
`/cp/auth/login`. That route exists only on SaaS (mounted by the
cp_proxy when CP_UPSTREAM_URL is set). On localhost it 404s — users
landed on a blank "404 page not found" instead of seeing the actual
error they should fix.

Gated the redirect on the SaaS-tenant slug check: on
<slug>.moleculesai.app, redirect unchanged; on any non-SaaS host
(localhost, LAN IP, reserved subdomains like app.moleculesai.app),
throw a real error so the calling component can render a retry
affordance.

Tests: 4 new vitest cases in a dedicated api-401.test.ts (needs
jsdom for window.location.hostname) — SaaS redirects, localhost
throws, LAN hostname throws, reserved apex throws.

### 3. SecretsSection rendered a hardcoded key list

config/secrets-section.tsx shipped a fixed COMMON_KEYS list
(Anthropic / OpenAI / Google / SERP / Model Override) regardless of
what the workspace's template actually needed. A Hermes workspace
declaring MINIMAX_API_KEY in required_env got five irrelevant slots
and nothing for the key it actually needed.

Made the slot list template-driven via a new `requiredEnv?: string[]`
prop passed down from ConfigTab. Added `KNOWN_LABELS` for well-known
names and `humanizeKeyName` to turn arbitrary SCREAMING_SNAKE_CASE
into a readable label (e.g. MINIMAX_API_KEY → "Minimax API Key").
Acronyms (API, URL, ID, SDK, MCP, LLM, AI) stay uppercase. Legacy
fallback preserved when required_env is empty.

Tests: 8 new vitest cases covering known-label lookup, humanise
fallback, acronym preservation, deduplication, and both fallback
paths.

### 4. Confusing placeholder in Required Env Vars field

The TagList in ConfigTab labelled "Required Env Vars (from template)"
is a DECLARATION field — stores variable names. The placeholder
"e.g. CLAUDE_CODE_OAUTH_TOKEN" suggested that, but users naturally
typed the value of their API key into the field instead. The actual
values go in the Secrets section further down the tab.

Relabelled to "Required Env Var Names (from template)", changed the
placeholder to "variable NAME (e.g. ANTHROPIC_API_KEY) — not the
value", and added a one-line helper below pointing to Secrets.

### 5. Agent chat replies rendered 2-3 times

Three delivery paths can fire for a single agent reply — HTTP
response to POST /a2a, A2A_RESPONSE WS event, and a
send_message_to_user WS push. Paths 2↔3 were already guarded by
`sendingFromAPIRef`; path 1 had no guard. Hermes emits both the
reply body AND a send_message_to_user with the same text, which
manifested as duplicate bubbles with identical timestamps.

Added `appendMessageDeduped(prev, msg, windowMs = 3000)` in
chat/types.ts — dedupes on (role, content) within a 3s window.
Threaded into all three setMessages call sites. The window is short
enough that legitimate repeat messages ("hi", "hi") from a real
user/agent a few seconds apart still render.

Tests: 8 new vitest cases covering empty history, different content,
duplicate within window, different roles, window elapsed, stale
match, malformed timestamps, and custom window.

### 6. New end-to-end regression test

tests/e2e/test_dev_mode.sh — 7 HTTP assertions that run against a
live platform with MOLECULE_ENV=development and catch regressions
on all the dev-mode escape hatches in a single pass: AdminAuth
(empty DB + after-token), WorkspaceAuth (/activity, /delegations),
AdminAuth on /approvals/pending, and the populated
/org/templates response. Shellcheck-clean.

### Test sweep

- `go test -race ./internal/handlers/ ./internal/middleware/
  ./internal/provisioner/` — all pass
- `npx vitest run` in canvas — 922/922 pass (up from 902)
- `shellcheck --severity=warning infra/scripts/setup.sh
  tests/e2e/test_dev_mode.sh` — clean
- `bash tests/e2e/test_dev_mode.sh` — 7/7 pass against a live
  platform + populated template registry

### SaaS parity

Every relaxation remains conditional on MOLECULE_ENV=development.
Production tenants run MOLECULE_ENV=production (enforced by the
secrets-encryption strict-init path) and always set ADMIN_TOKEN, so
none of these code paths fire on hosted SaaS. Behaviour on real
tenants is byte-for-byte unchanged.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 14:57:18 -07:00

141 lines
5.2 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# E2E regression suite for the local-dev escape hatches added in
# fix/quickstart-bugless. These cover the exact user-facing breakages
# that dropped out of the partial squash-merge of PR #1871:
#
# 1. GET /workspaces returns 200 with no bearer after tokens exist in
# the DB — exercises the AdminAuth Tier-1b dev-mode hatch
# (middleware/devmode.go::isDevModeFailOpen).
# 2. GET /workspaces/:id/activity returns 200 with no bearer — the
# same hatch applied to WorkspaceAuth.
# 3. POST /workspaces/:id/a2a doesn't 502-SSRF on a loopback workspace
# URL — exercises handlers/ssrf.go::devModeAllowsLoopback.
# 4. GET /org/templates returns the curated set populated by
# clone-manifest.sh — exercises infra/scripts/setup.sh + the
# ListTemplates failure logging in handlers/org.go.
#
# Requires: platform running on :8080 with MOLECULE_ENV=development and
# ADMIN_TOKEN unset. Matches the README quickstart env.
#
# Usage:
# bash tests/e2e/test_dev_mode.sh
set -euo pipefail
# shellcheck source=_lib.sh
source "$(dirname "$0")/_lib.sh"
PASS=0
FAIL=0
fail() {
echo "FAIL: $1"
FAIL=$((FAIL + 1))
}
pass() {
echo "PASS: $1"
PASS=$((PASS + 1))
}
check_http() {
local desc="$1" expected="$2" actual="$3"
if [ "$actual" = "$expected" ]; then
pass "$desc (HTTP $actual)"
else
fail "$desc — expected HTTP $expected, got $actual"
fi
}
echo "=== Dev-mode escape-hatch regression tests ==="
echo ""
# Pre-test: ensure MOLECULE_ENV=development and no ADMIN_TOKEN are in the
# platform's env. The request path doesn't let us read the platform's
# env directly, but we can verify the hatch is active by confirming the
# expected behaviour under the conditions the test otherwise sets up.
e2e_cleanup_all_workspaces
# ----------------------------------------------------------------------
# Section 1 — AdminAuth dev-mode hatch
# ----------------------------------------------------------------------
# Before fix: once any workspace had tokens in the DB, GET /workspaces
# closed to unauthenticated callers and the Canvas broke. The hatch
# keeps it open specifically in dev mode.
echo "--- Section 1: AdminAuth dev-mode hatch ---"
R=$(curl -s -o /dev/null -w "%{http_code}" "$BASE/workspaces")
check_http "GET /workspaces (empty DB)" "200" "$R"
# Create a workspace so tokens land in the DB.
R=$(curl -s -w "\n%{http_code}" -X POST "$BASE/workspaces" \
-H "Content-Type: application/json" \
-d '{"name":"Dev-Mode-Test","tier":1}')
CODE=$(echo "$R" | tail -n1)
BODY=$(echo "$R" | sed '$d')
check_http "POST /workspaces (create)" "201" "$CODE"
WS_ID=$(echo "$BODY" | python3 -c "import sys,json; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
if [ -z "$WS_ID" ]; then
fail "Could not extract workspace ID from create response"
echo "=== Results: $PASS passed, $FAIL failed ==="
exit 1
fi
# Mint a test-token so AdminAuth now sees a live token on record. On
# pre-fix builds the next /workspaces call would 401 — on post-fix it
# must stay 200 because MOLECULE_ENV=development + ADMIN_TOKEN unset.
curl -s -o /dev/null "$BASE/admin/workspaces/$WS_ID/test-token"
R=$(curl -s -o /dev/null -w "%{http_code}" "$BASE/workspaces")
check_http "GET /workspaces (after token minted, no bearer)" "200" "$R"
# ----------------------------------------------------------------------
# Section 2 — WorkspaceAuth dev-mode hatch
# ----------------------------------------------------------------------
# Before fix: /workspaces/:id/activity 401'd once tokens existed —
# the Canvas side panel's chat history load broke.
echo ""
echo "--- Section 2: WorkspaceAuth dev-mode hatch ---"
R=$(curl -s -o /dev/null -w "%{http_code}" \
"$BASE/workspaces/$WS_ID/activity?type=a2a_receive&limit=50")
check_http "GET /workspaces/:id/activity (no bearer)" "200" "$R"
R=$(curl -s -o /dev/null -w "%{http_code}" \
"$BASE/workspaces/$WS_ID/delegations")
check_http "GET /workspaces/:id/delegations (no bearer)" "200" "$R"
R=$(curl -s -o /dev/null -w "%{http_code}" "$BASE/approvals/pending")
check_http "GET /approvals/pending (no bearer)" "200" "$R"
# ----------------------------------------------------------------------
# Section 3 — Template registry populated by setup.sh
# ----------------------------------------------------------------------
# Before fix: setup.sh didn't run clone-manifest.sh so the template
# palette was empty and the molecule-dev in-tree copy was broken.
echo ""
echo "--- Section 3: Template registry ---"
R=$(curl -s "$BASE/org/templates")
COUNT=$(echo "$R" | python3 -c "import sys,json; print(len(json.load(sys.stdin)))" 2>/dev/null || echo "0")
if [ "$COUNT" -gt 0 ]; then
pass "GET /org/templates returns $COUNT template(s)"
else
fail "GET /org/templates returned empty list — is clone-manifest.sh run? (bash scripts/clone-manifest.sh manifest.json workspace-configs-templates/ org-templates/ plugins/)"
fi
# ----------------------------------------------------------------------
# Cleanup
# ----------------------------------------------------------------------
curl -s -X DELETE "$BASE/workspaces/$WS_ID?confirm=true" > /dev/null || true
echo ""
echo "=== Results: $PASS passed, $FAIL failed ==="
if [ "$FAIL" -gt 0 ]; then
exit 1
fi
Reference in New Issue View Git Blame Copy Permalink