c6c72b9c00
* feat(flea): phase-1 — title, tagline, synthetic_name columns + upload UX
Schema v49 adds three user-facing metadata columns to store_entities:
- title (NOT NULL) — humanized display name shown on marketplace
surfaces in later phases. Acronym-aware humanizer in
src/store_naming.py (27 entries: MCP, API, OAuth, S3, …) shared
with the frontend via Jinja-injected dict so JS pre-fill and
Python backfill produce identical output.
- tagline (NULL, ≤200 chars) — optional short description for card
listings. Long-form `description` stays.
- synthetic_name (NOT NULL) — deterministic `<name>-by-<owner_username>`
stored as a column for indexing and as the single source of truth
for attribution lookups in later phases. Today's bundle bake still
uses suffixed_name() at the same call sites.
Migration (_v48_to_v49_migrate, Python function — humanize has no
SQL equivalent) backfills existing rows: title from
humanize_name(strip_archive_suffix(name)), synthetic from the concat
formula; tagline stays NULL. Idempotent (ADD COLUMN IF NOT EXISTS +
SET NOT NULL no-op on re-run).
Upload form (store_upload.html step 2) reorders fields: Title
(pre-filled from server-side humanize, JS keeps it in sync until
the user edits manually) → Name + dark synthetic preview on one
row (matches marketplace_item_detail.html dark code styling, no
copy button — preview only) → Short description with character
counter → Description (unchanged). Edit form (store_edit.html)
mirrors the layout with pre-filled values from the entity row.
API:
- POST /api/store/entities/preview returns `title` (humanized
fallback) for upload form pre-fill.
- POST + PUT /api/store/entities accept `title` and `tagline` form
fields with 100/200-char validation; PUT recomputes
synthetic_name when `name` changes (caller responsibility per
repo contract).
- StoreEntityResponse exposes all three new fields.
Repository:
- create() takes title + tagline + synthetic_name as optional
kwargs with derived defaults (humanize_name(name) / concat) so
existing test fixtures don't need to thread them.
- update() supports partial updates on all three; tagline empty
string clears via NULL sentinel.
- archive() recomputes synthetic_name on rename to the archived
slug so the column stays consistent with name.
Tests:
- New test_schema_v48_to_v49_migration.py: fresh install,
populated-row backfill (incl. archived row strip), idempotence,
NOT NULL constraint verification.
- test_store_naming.py: 14 humanize parametrize cases + acronym
dict invariants.
- test_store_api.py::TestStoreV49Metadata: preview humanize, POST
with explicit + fallback title, 100/200-char rejects, PUT
partial update + synthetic recompute on rename.
- Schema version assertion bumps (48 → 49) in test_db_schema_version,
test_home_stats, test_schema_v42_migration, test_schema_v46_migration.
Phase 1 only — surface rendering on cards / detail pages and
Claude Code bundle propagation come in later phases.
* feat(flea): phase-2 — wire title/tagline/owner through marketplace cards + detail pages
Phase 1 (7f4cfcbb) populated the three new columns on store_entities;
phase 2 surfaces them across the web presentation layer so the kebab-
case slug + bare username no longer leak into user-facing copy.
API:
- `_flea_to_item` now takes `conn` (both callsites updated) and sets
`display_name=entity.title`, `tagline=entity.tagline`, `owner=
_resolve_owner_display(conn, owner_user_id, owner_username)` —
matches the chain the curated path already uses (users.name →
users.email → fallback). The card JS chain `it.display_name ||
it.name` then renders the friendly form; `name` stays at the
suffixed slug as the technical identifier JS uses for fallbacks.
- `flea_detail` adds `display_name` + `tagline` to PluginDetailResponse
so the standalone skill/agent + plugin detail heroes pick them up
through the existing `d.display_name` / `d.tagline` chains.
- `_flea_inner_parent_fields` swaps `parent_display_name` from
`strip_archive_suffix(name)` to `entity.title or strip_archive_suffix(
name)`. Drives parent-plugin label in four surfaces at once:
breadcrumb 3rd segment, hero "part of <plugin>" meta-row,
helper "This skill is part of <plugin>" panel, and the Details
sidebar's "Parent plugin" row.
Templates — `marketplace_item_detail.html`:
- Pre-render: browser title, hero h1, and hero-window-label read
`(entity.title if entity else None) or inner_name or item_name or
plugin_name` so the SSR shell shows the friendly title before the
JS fetch lands (no flash of kebab-case).
- Breadcrumb last segment for flea standalone drops the `d.manifest_name
|| heroTitle` fallback in favour of just `heroTitle` — manifest_name
is the suffixed slug and users explicitly didn't want it in the path.
- Hero meta-row for flea standalone is now hidden. The prior "by
<author> · N installed · <size>" line duplicated install count
(hero telemetry chip below), owner + bundle size (Details sidebar).
Templates — `marketplace_plugin_detail.html`:
- Same SSR pre-render swap (title, h1, window-label, crumb-name).
- Hero tagline element starts hidden; JS shows it only when
`d.tagline` is truthy. Pre-fix it fell back to `d.description`
(long-form text), which read awkwardly under the h1 and pulled the
hero too tall. Description still renders in the "What it does"
panel below the hero.
- Initial "Loading…" placeholder removed so entities without a
tagline don't flash that text mid-fetch.
Tests:
- New `TestFleaPhase2Presentation` class in test_marketplace_api.py
(6 cases): card title + tagline + full-name owner, owner fallback
chain when users.name is NULL, flea_detail exposes title + tagline,
tagline null when omitted, inner skill parent_display_name uses
entity.title (explicit + humanize-fallback variants).
- Updated `TestListItems.test_flea_lists_uploads` to assert both
`display_name == "Alpha"` (humanized) and `name ==
"alpha-by-alice"` (suffixed slug compat).
- Updated `TestWebPages.test_marketplace_flea_detail_page_renders`
to look for the humanized title ("Page Skill") in the SSR shell
instead of the kebab-case `page-skill`.
* feat(flea): phase-3 — read synthetic_name from DB, suffixed_name() only on write
Phase 1 added the column + backfill, repo write paths keep it in sync.
Phase 3 routes every READ callsite through `store_entities.synthetic_name`
directly instead of recomputing `<name>-by-<owner_username>` on the fly,
and switches the collision query off the inline string concat. The
`suffixed_name()` primitive now lives exclusively in write flows.
Read callsites updated (all read `entity["synthetic_name"]` directly,
no fallback — the column is NOT NULL and a missing value would be a
real bug worth surfacing as KeyError):
- app/api/marketplace.py:_flea_to_item — card MarketplaceItem.name.
- app/api/marketplace.py:flea_detail — PluginDetailResponse.manifest_name.
- app/api/store.py:_entity_to_response — StoreEntityResponse.invocation_name.
- app/api/store.py PUT bundle re-bake — `suffixed` passed to
`_bake_plugin_tree`; entity is loaded pre-rename, so its
synthetic_name is the OLD value `_bake_plugin_tree` expects.
- app/api/store.py PUT rename — `old_suffix` for `_rename_baked_tree`.
- app/api/my_stack.py — StoreInstallEntry.invocation_name.
- src/marketplace_filter.py — manifest_name in served plugin entry.
`suffixed_name` imports removed from marketplace.py, my_stack.py, and
marketplace_filter.py (no remaining callsites). store.py keeps the
import for its write paths:
- POST create (`suffixed = suffixed_name(final_name, username)` →
passed to `_bake_plugin_tree` and `repo.create(synthetic_name=...)`).
- PUT rename collision check (`new_suffixed`).
- PUT rename `new_suffix` for `_rename_baked_tree` (proposed value).
- PUT rename `new_synthetic` for `repo.update(synthetic_name=...)`.
- Archive `old_suffix` + `new_suffix` for `_rename_baked_tree`
(retro-compute pre-archive value after `repo.archive` already
overwrote the DB row with the post-archive synthetic).
Collision SQL — `_suffixed_already_taken`:
WHERE name || '-by-' || owner_username = ? (before)
WHERE synthetic_name = ? (after)
Same matches today (phase 1 backfill + NOT NULL invariant + write
paths in sync); indexable + single source of truth going forward.
Repository:
- UserStoreInstallsRepository.list_for_user explicit SELECT extended
with `se.title`, `se.tagline`, `se.synthetic_name` so my_stack and
marketplace_filter callers can read them off the joined row.
Tests:
- test_store_api.py::test_invocation_name_reads_from_synthetic_column —
upload entity, manually override the column with a non-canonical
value, verify GET response returns the override (proves read path
consumes the column, not recomputes).
- test_marketplace_api.py::test_flea_card_and_detail_read_synthetic_name_from_db —
same proof for `MarketplaceItem.name` (card) and
`PluginDetailResponse.manifest_name` (detail).
* feat(flea): phase-4 — rename agnes-store-bundle → flea (synthetic plugin)
The synthetic plugin that wraps loose flea-market skills + agents into
one Claude Code plugin is renamed from `agnes-store-bundle` to `flea`.
Plugin-type flea uploads (their own standalone plugin entry) are
unaffected.
Constants:
- src/marketplace_filter.py:
- BUNDLE_PLUGIN_NAME: "agnes-store-bundle" → "flea" (Claude Code
plugin manifest name + .claude-plugin/plugin.json name)
- BUNDLE_PREFIXED_NAME: "store-bundle" → "flea" (on-disk ZIP /
git tree path, now plugins/flea/...)
Attribution layer (services/session_processors/usage_lib.py):
- FLEA_BUNDLE_PREFIX: "agnes-store-bundle" → "flea". The JSONL
invocation identifier going forward is `flea:<skill-name>`.
- New `_LEGACY_FLEA_BUNDLE_PREFIXES = ("agnes-store-bundle",)`.
`MarketplaceItemLookup.resolve()` + `_attribute_event()` accept BOTH
the new and the legacy prefix so historic usage_events (~90-day
retention) continue attributing to source='flea'. The tuple becomes
a no-op once the rename has been live past the retention window —
a follow-up commit can drop it then.
- USAGE_PROCESSOR_VERSION bumped 6 → 7 so the session-pipeline reprocess
loop re-runs attribution with the new + legacy prefix branches.
User-facing copy:
- /api/store/bundle.zip Content-Disposition filename: agnes-store-bundle.zip → flea.zip
- `agnes admin store pull` default --out: agnes-store-bundle.zip → flea.zip
- Docstrings + JS comment + welcome template comment updated.
Tests:
- skill_flea.jsonl fixture identifier updated to flea:flea-skill.
- New skill_flea_legacy.jsonl with the legacy prefix for backward-compat
coverage.
- New test `test_legacy_agnes_store_bundle_prefix_resolves` replays the
legacy fixture and asserts source='flea' attribution still lands.
- All other test assertions / mocks substituted mechanically:
test_session_processor_usage.py, test_usage_rollups.py,
test_marketplace_filter_store.py, test_store_api.py,
test_cli_refresh_marketplace.py.
- `_seed_flea_entity` (test_usage_rollups.py) + `_seed_attribution`
(test_session_processor_usage.py) helpers now supply the NOT NULL
`title` + `synthetic_name` columns from phase 1, since they INSERT
directly bypassing the repo's create() fallback.
Client rollover note (CHANGELOG): `agnes refresh-marketplace` will
install the new `flea@agnes` plugin and the local marketplace clone's
`plugins/store-bundle/` source folder is removed via `git reset --hard`.
Whether Claude Code itself auto-prunes the orphan `agnes-store-bundle
@agnes` registry entry is undocumented — to verify empirically on the
dev VM. If the orphan entry lingers, a follow-up will add targeted
cleanup; until then users can manually run
`claude plugin uninstall agnes-store-bundle@agnes`.
Verified locally: 98 passed (session_processor_usage + usage_rollups +
marketplace_filter_store + cli_refresh_marketplace) + 228 passed/2
skipped (store_api + marketplace_api + admin_store_submissions +
store_entity_versions + store_repositories).
* fix(flea): phase-5 — attribution keyspace mismatch (closes #335)
Pre-fix every flea skill/agent invocation silently fell through to
`usage_events.source = 'builtin'`. Root cause: lookup tables in
`services/session_processors/usage_lib.py` keyed `_flea_entities` (and
the derived `_flea_plugins` set) by `store_entities.name` — the
un-suffixed display name. Claude Code writes invocations as
`flea:<synthetic_name>` (e.g. `flea:xlsx-by-c-marustamyan`), so
`dict.get(local)` always missed and the resolver fell through to
builtin. Result: marketplace cards, detail telemetry chips, admin
group-by-source all showed 0 flea invocations even when the raw
JSONL stream was correct.
Phase 1 added the `synthetic_name` column + backfill; phase 4 renamed
the bundle prefix to `flea`; phase 5 finally flips the lookup
keyspace to match what JSONL writes.
usage_lib.py:
- `MarketplaceItemLookup.__init__` preload: `SELECT synthetic_name,
type FROM store_entities` (was `SELECT name, type`). `_flea_plugins`
set derived from those keys, so it now carries synthetic_names
too — matches what Claude Code writes when invoking a skill nested
inside a flea plugin (`<synthetic>:<inner>`).
- `rebuild_rollups` preload: same SELECT change; also derives
`flea_plugins` and threads it through `_aggregate_events` /
`_rebuild_window`.
- `_attribute_event`: signature extended with `flea_plugins`; new
branch `if prefix in flea_plugins: return ("flea", default_type,
prefix, local)` for flea-plugin-nested skills/agents. This branch
was added to `MarketplaceItemLookup.resolve()` in v6 (commit
e076ebbe) but the rollup builder's helper was never updated to
match, so nested skills inside flea plugins silently dropped out
of the daily/window fact tables.
- `USAGE_PROCESSOR_VERSION`: 7 → 8. Forces the session-pipeline
reprocess loop to re-attribute existing usage_events rows with
the corrected lookup so rollup tables fill correctly on the next
tick.
marketplace.py — 4 API stats lookup callsites switched from
`entity["name"]` to `entity["synthetic_name"]`:
- `_flea_to_item` (card stats lookup)
- `flea_detail` (`_build_telemetry` + `_load_inner_items_stats_by_parent`)
- `flea_skill_detail` (inner detail `parent_plugin` key)
- `flea_agent_detail` (inner detail `parent_plugin` key)
Tests:
- `skill_flea.jsonl` invocation: `flea:flea-skill` →
`flea:flea-skill-by-alice` (mirrors what Claude Code writes after
phase 1/4 — the suffixed synthetic_name).
- `test_flea_skill_attributed_with_empty_parent` assertion: rollup
`name` column now carries the synthetic_name.
No legacy `agnes-store-bundle` prefix backward compat — clean cut per
user direction (dev phase, no production data worth preserving).
Verified locally: 53 passed targeted (session_processor_usage +
usage_rollups + marketplace_filter_store) + 215 passed/2 skipped
broader (store_api + marketplace_api + admin_store_submissions +
store_entity_versions).
* fix(flea): phase-6 — plugin-level rollup aggregation parity for flea
Flea plugin entity cards + detail pages showed 0 invocations even
though nested skills had correct rollup rows. Root cause: the
plugin-level aggregation pass in `_aggregate_events` was hardcoded
to `source='curated'` only:
if source != "curated" or not parent:
continue
if group_by_day:
pkey = (day, "curated", "plugin", "", parent)
else:
pkey = ("curated", "plugin", "", parent)
So flea plugin entities never got a synthetic
`(source='flea', type='plugin', parent_plugin='', name=<synth>)`
row aggregating nested invocations. `_load_invocation_stats('flea')`
filters `parent_plugin = ''` and returned no row for flea plugin
entity cards, so `stats.get(entity["synthetic_name"])` missed and
the API exposed 0/0.
Triggered by empirical observation on the dev VM —
`codex-second-opinion-by-c-marustamyan` plugin showed 0 calls in
the listing card while its three inner skills (codex-setup ×3,
codex-review ×1, codex-second-opinion ×1) had the expected child
rollup rows.
Fix:
- Extend the guard to `source in ("curated", "flea")`.
- Replace the hardcoded `"curated"` in the `pkey` tuple with the
loop's `source` variable, so flea aggregation lands as `source=
'flea'` and curated aggregation continues landing as
`source='curated'`.
API path unchanged — `_load_invocation_stats('flea')` filters
`parent_plugin = ''` already picks up the new aggregated row
alongside standalone skill/agent rows. Rollup `name` field carries
the synthetic_name keyspace; no collision between standalone entity
synthetic and plugin entity synthetic (global suffix uniqueness
enforced by `_suffixed_already_taken`).
`USAGE_PROCESSOR_VERSION` bumped 8 → 9 to force a reprocess pass so
historic nested-invocation data fills the new plugin-level rows on
the next tick (instead of waiting for the next live invocation).
Tests:
- New `test_flea_plugin_row_aggregates_children` mirrors the existing
`test_curated_plugin_row_aggregates_children`: seeds a flea plugin
entity, three nested events (one user invoking two skills, a
second user invoking one) → asserts the aggregated plugin row
carries count=3, distinct_users=2 (union, not sum), plus the child
rows survive alongside.
Verified locally: 43 passed (session_processor_usage + usage_rollups)
+ 82 passed/2 skipped broader (+ marketplace_filter_store +
marketplace_api).
* refactor(marketplace): phase-7 — unify Details sidebar across detail surfaces
Five marketplace detail surfaces (curated plugin, flea plugin, curated
inner skill/agent, flea inner skill/agent, flea standalone skill/agent)
had drifted on which Details rows they show and what order — the same
field landed in different positions, some fields duplicated hero info,
and the flea plugin Owner row leaked the kebab-case `owner_username`
slug instead of the user's real name. This commit aligns all five
surfaces on a single scan order driven by UX priority:
identity → life-stage → telemetry → debug-tier
Concretely:
1. Curator / Owner (first scan signal — trust)
2. Parent plugin (inner skill/agent only)
3. Released (top-level only — plugins + flea standalone)
4. Last used (recency)
5. Active days (engagement consistency)
6. Version (flea standalone only — content hash)
7. Bundle size (debug-tier)
Dropped:
- Slug field on plugin detail surfaces (`marketplace_id` for curated,
`entity_id` for flea). Pure debug info, never user-relevant; URL
already carries it.
- Category + Installs on flea standalone skill/agent detail.
Category is already shown as a hero badge; install count is in
the hero telemetry chip — sidebar duplication added noise.
Owner display:
- Flea plugin Owner row now reads `d.owner_display` (resolved through
`users.name → users.email → owner_username` by `_resolve_owner_display`
in `app/api/marketplace.py:1491`) instead of the raw `d.author_name`
(which is `owner_username`, the kebab-case slug). API field already
populated from phase 2; templates just consume it.
- Curated Curator row continues to read `d.author_name` from
marketplace-metadata.json; `owner_todo` placeholder behavior
preserved.
Files:
- app/web/templates/marketplace_plugin_detail.html — rewrote the
Details render loop (lines 1364-1427 area). Slug row removed,
rows reordered, Owner branch reads `d.owner_display`.
- app/web/templates/marketplace_item_detail.html — both branches of
the Details sidebar (inner skill/agent + flea standalone) re-laid
around the same scan order. Telemetry helper unchanged, just
repositioned. Category + Installs rows removed from the
standalone branch.
No new tests — no existing test asserts the precise order of Details
rows or references the dropped fields in a sidebar context (grep
confirmed). API surface unchanged.
Verified locally: 84 passed / 2 skipped on `test_marketplace_api.py`
+ `test_store_api.py`.
* fix(flea): post-review hardening — N+1, v50 UNIQUE, docs, test cleanup
Addresses 5 critical findings from PR #342 code review:
1. N+1 query in `_flea_to_item` — owner-display resolution previously
ran one `SELECT … FROM users WHERE id = ?` per item in the listing
comprehension. Now batched via `_load_users_display` IN-query
prefetch; 50 items drops 51 user queries to 2. Regression-guarded
by `TestFleaOwnerDisplayBatched` (spies `_resolve_owner_display`
and asserts it's not called inside the list path).
2. Misleading comment in `src/marketplace_filter.py` claimed the
attribution layer accepts both `agnes-store-bundle` and `flea`
prefixes — it doesn't (clean cut per CHANGELOG). Rewrote to match
reality.
3. CHANGELOG `[Unreleased]` had two `### Changed` blocks. Merged into
one (BREAKING bullet first).
4. New v49→v50 migration adds `UNIQUE INDEX
idx_store_entities_synthetic_name`. v49 made `synthetic_name` the
canonical attribution key but uniqueness was only app-enforced;
v50 promotes the invariant to the DB layer. Migration pre-checks
for existing duplicates and raises `RuntimeError` listing them
rather than letting `CREATE UNIQUE INDEX` fail mid-way. v48→v49
migration gained an `is_nullable='YES'` guard on its `SET NOT NULL`
ALTERs so re-runs on a fully-migrated DB don't trip DuckDB's
"cannot alter entry … entries depend on it" block (the new index
counts as such an entry). Index is created by the migration only —
keeping it out of `_SYSTEM_SCHEMA` preserves fresh-install ordering
(CREATE TABLE → v49 ALTERs → v50 CREATE INDEX).
5. Deleted three redundant version-pinned schema asserts whose names
lied about their bodies (`test_schema_version_is_42` asserting
`== 49`, etc.). Canonical assert lives in
`test_db_schema_version.py`, renamed to
`test_schema_version_matches_constant`.
* fix(db): gate v34→v38 store_entities ALTER COLUMN steps on column state
CI on Linux failed `test_v17_to_v18_drops_*` after the v50 UNIQUE INDEX
landed. Root cause: those tests open a DB at the full target version,
seed fixtures, then reset `schema_version` to 17 and reopen — forcing
the ladder to re-run from 17 → current. With the v50 index now in place,
DuckDB blocks intermediate `ALTER COLUMN` steps on `store_entities`
("Cannot drop this column: an index depends on a column after it!" /
"Cannot alter entry because there are entries that depend on it"),
because `synthetic_name` (the indexed column) sits positionally after
the columns those steps touch.
Fix: convert the three SQL-list migrations that hit store_entities into
defensive Python functions:
- `_v34_to_v35_migrate` short-circuits when `synthetic_name` already
exists (post-v49 shape — the visibility_status rebuild is moot and
the DROP COLUMN would be blocked by the index).
- `_v35_to_v36_migrate` gates the `visibility_status SET NOT NULL` +
`SET DEFAULT` on `is_nullable='YES'` so it's a true no-op when the
column is already constrained.
- `_v37_to_v38_migrate` gates the `version_no SET NOT NULL` step the
same way.
Forward-roll path (real installs that never reset schema_version) is
unchanged: the gates fire `YES` → ALTERs run. The fix only changes
behavior for the "DB is already at v50 shape but version row says 17"
scenario the tests construct.
---------
Co-authored-by: Minas Arustamyan <arustamyan.minas@gmail.com>
1547 lines
67 KiB
Python
1547 lines
67 KiB
Python
"""Integration tests for the /api/store endpoints.
|
|
|
|
Covers the upload + bake pipeline, install / uninstall, delete cascade, and
|
|
the cross-cutting hook that drops opt-outs when admin removes a grant.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
import io
|
|
import json
|
|
import zipfile
|
|
|
|
import pytest
|
|
from fastapi.testclient import TestClient
|
|
|
|
|
|
@pytest.fixture
|
|
def web_client(tmp_path, monkeypatch):
|
|
monkeypatch.setenv("DATA_DIR", str(tmp_path))
|
|
monkeypatch.setenv("TESTING", "1")
|
|
monkeypatch.setenv("JWT_SECRET_KEY", "test-secret-key-min-32-characters!!")
|
|
(tmp_path / "state").mkdir()
|
|
(tmp_path / "analytics").mkdir()
|
|
(tmp_path / "extracts").mkdir()
|
|
from src.db import close_system_db
|
|
close_system_db()
|
|
from app.main import create_app
|
|
app = create_app()
|
|
yield TestClient(app)
|
|
close_system_db()
|
|
|
|
|
|
def _create_user(client, email, password="UserPass1!"):
|
|
"""Create user via SQL + password hash, return JWT token via /auth/token."""
|
|
from argon2 import PasswordHasher
|
|
from src.db import get_system_db
|
|
from src.repositories.users import UserRepository
|
|
ph = PasswordHasher()
|
|
conn = get_system_db()
|
|
user_id = email.split("@")[0]
|
|
UserRepository(conn).create(
|
|
id=user_id, email=email, name=user_id, password_hash=ph.hash(password),
|
|
)
|
|
conn.close()
|
|
r = client.post("/auth/token", json={"email": email, "password": password})
|
|
assert r.status_code == 200, r.text
|
|
return user_id, {"access_token": r.json()["access_token"]}
|
|
|
|
|
|
# Strong defaults so the per-component content guardrail (≥ 30 chars,
|
|
# ≥ 4 distinct words, body ≥ 200 chars for skills/agents) passes for
|
|
# every helper bundle. Individual tests that want to exercise failure
|
|
# modes pass shorter overrides explicitly.
|
|
_OK_DESC = "Use when validating the store upload pipeline across every guardrail tier"
|
|
_OK_BODY = (
|
|
"Body explaining when to invoke the component, what inputs it needs, "
|
|
"and the behavior contract. Long enough to clear the 200-char body floor. "
|
|
"Repeated content for length."
|
|
) * 2
|
|
|
|
|
|
def _make_skill_zip(
|
|
skill_name: str = "code-review",
|
|
desc: str = _OK_DESC,
|
|
body: str = _OK_BODY,
|
|
) -> bytes:
|
|
buf = io.BytesIO()
|
|
with zipfile.ZipFile(buf, "w") as zf:
|
|
zf.writestr(
|
|
f"{skill_name}/SKILL.md",
|
|
f"---\nname: {skill_name}\ndescription: {desc}\n---\n\n{body}\n",
|
|
)
|
|
return buf.getvalue()
|
|
|
|
|
|
def _make_plugin_zip(
|
|
name: str = "my-plugin",
|
|
desc: str = _OK_DESC,
|
|
body: str = _OK_BODY,
|
|
) -> bytes:
|
|
buf = io.BytesIO()
|
|
with zipfile.ZipFile(buf, "w") as zf:
|
|
zf.writestr(
|
|
".claude-plugin/plugin.json",
|
|
json.dumps({"name": name, "description": desc, "version": "0.1"}),
|
|
)
|
|
zf.writestr(
|
|
"skills/dummy/SKILL.md",
|
|
f"---\nname: dummy\ndescription: {desc}\n---\n\n{body}\n",
|
|
)
|
|
return buf.getvalue()
|
|
|
|
|
|
def _make_agent_zip(
|
|
name: str = "my-agent",
|
|
desc: str = _OK_DESC,
|
|
body: str = _OK_BODY,
|
|
) -> bytes:
|
|
buf = io.BytesIO()
|
|
with zipfile.ZipFile(buf, "w") as zf:
|
|
zf.writestr(
|
|
f"{name}.md",
|
|
f"---\nname: {name}\ndescription: {desc}\n---\n\n{body}\n",
|
|
)
|
|
return buf.getvalue()
|
|
|
|
|
|
class TestStoreOwners:
|
|
def test_owners_endpoint_lists_uploaders(self, web_client):
|
|
a_id, a_cookies = _create_user(web_client, "alice@x.com")
|
|
b_id, b_cookies = _create_user(web_client, "bob@x.com")
|
|
# Alice uploads two; Bob uploads one.
|
|
web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip("a1"), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC}, cookies=a_cookies,
|
|
)
|
|
web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip("a2"), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC}, cookies=a_cookies,
|
|
)
|
|
web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip("b1"), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC}, cookies=b_cookies,
|
|
)
|
|
# A third user with no uploads must NOT appear.
|
|
_, _ = _create_user(web_client, "carol@x.com")
|
|
|
|
r = web_client.get("/api/store/owners", cookies=a_cookies)
|
|
assert r.status_code == 200
|
|
owners = r.json()
|
|
ids_to_count = {o["user_id"]: o["entity_count"] for o in owners}
|
|
assert ids_to_count == {a_id: 2, b_id: 1}
|
|
|
|
def test_owners_endpoint_filters_listing(self, web_client):
|
|
a_id, a_cookies = _create_user(web_client, "owner-a@x.com")
|
|
b_id, b_cookies = _create_user(web_client, "owner-b@x.com")
|
|
web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip("a-only"), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC}, cookies=a_cookies,
|
|
)
|
|
web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip("b-only"), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC}, cookies=b_cookies,
|
|
)
|
|
# Filter by Alice's id → only Alice's entity comes back.
|
|
r = web_client.get(f"/api/store/entities?owner={a_id}", cookies=a_cookies)
|
|
assert r.status_code == 200
|
|
body = r.json()
|
|
assert body["total"] == 1
|
|
assert body["items"][0]["name"] == "a-only"
|
|
|
|
|
|
class TestStorePreview:
|
|
def test_preview_skill_returns_frontmatter(self, web_client):
|
|
_, cookies = _create_user(web_client, "preview1@x.com")
|
|
zip_bytes = _make_skill_zip("from-preview", desc="Pulled from frontmatter.")
|
|
r = web_client.post(
|
|
"/api/store/entities/preview",
|
|
files={"file": ("s.zip", zip_bytes, "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC},
|
|
cookies=cookies,
|
|
)
|
|
assert r.status_code == 200, r.text
|
|
body = r.json()
|
|
assert body["type"] == "skill"
|
|
assert body["name"] == "from-preview"
|
|
assert body["description"] == "Pulled from frontmatter."
|
|
|
|
def test_preview_does_not_persist(self, web_client):
|
|
from src.repositories.store_entities import StoreEntitiesRepository
|
|
from src.db import get_system_db
|
|
_, cookies = _create_user(web_client, "preview2@x.com")
|
|
web_client.post(
|
|
"/api/store/entities/preview",
|
|
files={"file": ("s.zip", _make_skill_zip("ghost"), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC},
|
|
cookies=cookies,
|
|
)
|
|
conn = get_system_db()
|
|
try:
|
|
items, total = StoreEntitiesRepository(conn).list(skip=0, limit=10)
|
|
assert total == 0
|
|
finally:
|
|
conn.close()
|
|
|
|
def test_preview_wrong_type_422(self, web_client):
|
|
_, cookies = _create_user(web_client, "preview3@x.com")
|
|
r = web_client.post(
|
|
"/api/store/entities/preview",
|
|
files={"file": ("s.zip", _make_skill_zip("oops"), "application/zip")},
|
|
data={"type": "plugin", "description": _OK_DESC},
|
|
cookies=cookies,
|
|
)
|
|
assert r.status_code == 422
|
|
|
|
|
|
class TestStoreDocsUpload:
|
|
def test_create_with_docs(self, web_client, tmp_path):
|
|
_, cookies = _create_user(web_client, "docs@x.com")
|
|
r = web_client.post(
|
|
"/api/store/entities",
|
|
files=[
|
|
("file", ("s.zip", _make_skill_zip("with-docs"), "application/zip")),
|
|
("docs", ("readme.md", b"# Readme", "text/markdown")),
|
|
("docs", ("howto.txt", b"do this then that", "text/plain")),
|
|
],
|
|
data={"type": "skill", "description": _OK_DESC},
|
|
cookies=cookies,
|
|
)
|
|
assert r.status_code == 201, r.text
|
|
body = r.json()
|
|
assert sorted(body["doc_paths"]) == ["assets/docs/howto.txt", "assets/docs/readme.md"]
|
|
assert (tmp_path / "store" / body["id"] / "assets" / "docs" / "readme.md").is_file()
|
|
assert (tmp_path / "store" / body["id"] / "assets" / "docs" / "howto.txt").is_file()
|
|
|
|
def test_doc_filename_collision_renames(self, web_client, tmp_path):
|
|
_, cookies = _create_user(web_client, "dup-doc@x.com")
|
|
r = web_client.post(
|
|
"/api/store/entities",
|
|
files=[
|
|
("file", ("s.zip", _make_skill_zip("dupdoc"), "application/zip")),
|
|
("docs", ("notes.md", b"first", "text/markdown")),
|
|
("docs", ("notes.md", b"second", "text/markdown")),
|
|
],
|
|
data={"type": "skill", "description": _OK_DESC},
|
|
cookies=cookies,
|
|
)
|
|
assert r.status_code == 201, r.text
|
|
body = r.json()
|
|
assert "assets/docs/notes.md" in body["doc_paths"]
|
|
assert "assets/docs/notes-2.md" in body["doc_paths"]
|
|
|
|
def test_doc_download_route(self, web_client):
|
|
_, cookies = _create_user(web_client, "dl-doc@x.com")
|
|
r = web_client.post(
|
|
"/api/store/entities",
|
|
files=[
|
|
("file", ("s.zip", _make_skill_zip("dl"), "application/zip")),
|
|
("docs", ("readme.md", b"# Hello", "text/markdown")),
|
|
],
|
|
data={"type": "skill", "description": _OK_DESC},
|
|
cookies=cookies,
|
|
)
|
|
eid = r.json()["id"]
|
|
d = web_client.get(f"/api/store/entities/{eid}/docs/readme.md", cookies=cookies)
|
|
assert d.status_code == 200
|
|
assert b"Hello" in d.content
|
|
|
|
def test_doc_path_traversal_blocked(self, web_client):
|
|
_, cookies = _create_user(web_client, "trav@x.com")
|
|
r = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip("trav"), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC},
|
|
cookies=cookies,
|
|
)
|
|
eid = r.json()["id"]
|
|
# Direct .. is blocked at the FastAPI route level (won't even match
|
|
# the path-segment param), so try a percent-encoded form — server
|
|
# should still resolve to a path outside the docs dir and 400/404.
|
|
d = web_client.get(
|
|
f"/api/store/entities/{eid}/docs/..%2F..%2Fplugin",
|
|
cookies=cookies,
|
|
)
|
|
assert d.status_code in (400, 404)
|
|
|
|
|
|
class TestStoreUpload:
|
|
def test_upload_skill_creates_baked_tree(self, web_client, tmp_path):
|
|
_, cookies = _create_user(web_client, "alice@x.com")
|
|
zip_bytes = _make_skill_zip("code-review")
|
|
r = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", zip_bytes, "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC},
|
|
cookies=cookies,
|
|
)
|
|
assert r.status_code == 201, r.text
|
|
body = r.json()
|
|
assert body["type"] == "skill"
|
|
assert body["name"] == "code-review"
|
|
assert body["owner_username"] == "alice"
|
|
assert body["invocation_name"] == "code-review-by-alice"
|
|
assert body["version"]
|
|
# On-disk: the suffixed skill folder exists with rewritten frontmatter.
|
|
plugin_dir = tmp_path / "store" / body["id"] / "plugin"
|
|
skill_md = plugin_dir / "skills" / "code-review-by-alice" / "SKILL.md"
|
|
assert skill_md.is_file()
|
|
assert "name: code-review-by-alice" in skill_md.read_text()
|
|
assert (plugin_dir / ".claude-plugin" / "plugin.json").is_file()
|
|
|
|
def test_upload_plugin_rewrites_name(self, web_client, tmp_path):
|
|
_, cookies = _create_user(web_client, "bob@x.com")
|
|
zip_bytes = _make_plugin_zip("my-plugin")
|
|
r = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("p.zip", zip_bytes, "application/zip")},
|
|
data={"type": "plugin", "description": _OK_DESC},
|
|
cookies=cookies,
|
|
)
|
|
assert r.status_code == 201, r.text
|
|
body = r.json()
|
|
plugin_dir = tmp_path / "store" / body["id"] / "plugin"
|
|
pj = json.loads((plugin_dir / ".claude-plugin" / "plugin.json").read_text())
|
|
assert pj["name"] == "my-plugin-by-bob"
|
|
# Inner skill stays untouched (per spec — plugin all-or-nothing).
|
|
assert (plugin_dir / "skills" / "dummy" / "SKILL.md").is_file()
|
|
|
|
def test_upload_agent(self, web_client, tmp_path):
|
|
_, cookies = _create_user(web_client, "carol@x.com")
|
|
zip_bytes = _make_agent_zip("planner")
|
|
r = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("a.zip", zip_bytes, "application/zip")},
|
|
data={"type": "agent", "description": _OK_DESC},
|
|
cookies=cookies,
|
|
)
|
|
assert r.status_code == 201, r.text
|
|
body = r.json()
|
|
plugin_dir = tmp_path / "store" / body["id"] / "plugin"
|
|
agent_md = plugin_dir / "agents" / "planner-by-carol.md"
|
|
assert agent_md.is_file()
|
|
assert "name: planner-by-carol" in agent_md.read_text()
|
|
|
|
def test_upload_same_name_twice_409(self, web_client):
|
|
_, cookies = _create_user(web_client, "dan@x.com")
|
|
zip_bytes = _make_skill_zip("dup")
|
|
for _ in range(1):
|
|
r = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", zip_bytes, "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC},
|
|
cookies=cookies,
|
|
)
|
|
assert r.status_code == 201, r.text
|
|
r2 = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", zip_bytes, "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC},
|
|
cookies=cookies,
|
|
)
|
|
assert r2.status_code == 409
|
|
assert r2.json()["detail"] == "conflict_owner_name"
|
|
|
|
def test_upload_wrong_type_for_zip(self, web_client):
|
|
_, cookies = _create_user(web_client, "eve@x.com")
|
|
# ZIP shaped like a skill, but declared as plugin → 422.
|
|
zip_bytes = _make_skill_zip("foo")
|
|
r = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", zip_bytes, "application/zip")},
|
|
data={"type": "plugin", "description": _OK_DESC},
|
|
cookies=cookies,
|
|
)
|
|
assert r.status_code == 422
|
|
assert "claude_plugin_json" in r.json()["detail"]
|
|
|
|
def test_skill_zip_rejected_as_agent(self, web_client):
|
|
"""SKILL.md has the same name+description frontmatter shape as an
|
|
agent file, so the type-agent validator must explicitly reject any
|
|
ZIP that contains a SKILL.md — otherwise a skill upload would
|
|
silently masquerade as an agent (issue surfaced during user-test)."""
|
|
_, cookies = _create_user(web_client, "skill-as-agent@x.com")
|
|
zip_bytes = _make_skill_zip("trick")
|
|
r = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", zip_bytes, "application/zip")},
|
|
data={"type": "agent", "description": _OK_DESC},
|
|
cookies=cookies,
|
|
)
|
|
assert r.status_code == 422
|
|
assert r.json()["detail"] == "zip_looks_like_skill"
|
|
|
|
def test_plugin_zip_rejected_as_skill(self, web_client):
|
|
_, cookies = _create_user(web_client, "plugin-as-skill@x.com")
|
|
zip_bytes = _make_plugin_zip("p1")
|
|
r = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("p.zip", zip_bytes, "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC},
|
|
cookies=cookies,
|
|
)
|
|
assert r.status_code == 422
|
|
assert r.json()["detail"] == "zip_looks_like_plugin"
|
|
|
|
def test_plugin_zip_rejected_as_agent(self, web_client):
|
|
_, cookies = _create_user(web_client, "plugin-as-agent@x.com")
|
|
zip_bytes = _make_plugin_zip("p2")
|
|
r = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("p.zip", zip_bytes, "application/zip")},
|
|
data={"type": "agent", "description": _OK_DESC},
|
|
cookies=cookies,
|
|
)
|
|
assert r.status_code == 422
|
|
# Plugin ZIP also contains a skills/dummy/SKILL.md which trips the
|
|
# skill-mismatch guard first; either error code is acceptable proof
|
|
# that the validator caught the mismatch.
|
|
assert r.json()["detail"] in {"zip_looks_like_plugin", "zip_looks_like_skill"}
|
|
|
|
|
|
class TestStoreV49Metadata:
|
|
"""v49 phase-1 — title, tagline, synthetic_name fields end-to-end.
|
|
|
|
Preview returns humanized title; POST accepts user-supplied title/tagline
|
|
and falls back to the humanizer; PUT round-trips the partial update; the
|
|
response always carries the v49 columns.
|
|
"""
|
|
|
|
def test_preview_returns_humanized_title(self, web_client):
|
|
_, cookies = _create_user(web_client, "preview@x.com")
|
|
zip_bytes = _make_skill_zip("mcp-builder")
|
|
r = web_client.post(
|
|
"/api/store/entities/preview",
|
|
files={"file": ("s.zip", zip_bytes, "application/zip")},
|
|
data={"type": "skill"},
|
|
cookies=cookies,
|
|
)
|
|
assert r.status_code == 200, r.text
|
|
body = r.json()
|
|
assert body["name"] == "mcp-builder"
|
|
assert body["title"] == "MCP Builder", body
|
|
|
|
def test_post_with_explicit_title_and_tagline(self, web_client):
|
|
_, cookies = _create_user(web_client, "v49post@x.com")
|
|
zip_bytes = _make_skill_zip("code-review")
|
|
r = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", zip_bytes, "application/zip")},
|
|
data={
|
|
"type": "skill",
|
|
"description": _OK_DESC,
|
|
"title": "PR Reviewer (custom)",
|
|
"tagline": "Spots missing tests and weak assertions.",
|
|
},
|
|
cookies=cookies,
|
|
)
|
|
assert r.status_code == 201, r.text
|
|
body = r.json()
|
|
assert body["title"] == "PR Reviewer (custom)"
|
|
assert body["tagline"] == "Spots missing tests and weak assertions."
|
|
assert body["synthetic_name"] == "code-review-by-v49post"
|
|
|
|
def test_post_falls_back_to_humanized_title_when_omitted(self, web_client):
|
|
_, cookies = _create_user(web_client, "fallback@x.com")
|
|
zip_bytes = _make_skill_zip("oauth-server")
|
|
r = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", zip_bytes, "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC},
|
|
cookies=cookies,
|
|
)
|
|
assert r.status_code == 201, r.text
|
|
body = r.json()
|
|
# Server-side humanize fallback uses the same acronym dict as JS.
|
|
assert body["title"] == "OAuth Server"
|
|
assert body["tagline"] is None
|
|
assert body["synthetic_name"] == "oauth-server-by-fallback"
|
|
|
|
def test_post_rejects_oversize_title(self, web_client):
|
|
_, cookies = _create_user(web_client, "oversize@x.com")
|
|
zip_bytes = _make_skill_zip("long-title")
|
|
r = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", zip_bytes, "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC, "title": "x" * 101},
|
|
cookies=cookies,
|
|
)
|
|
assert r.status_code == 400
|
|
assert r.json()["detail"] == "title_too_long"
|
|
|
|
def test_post_rejects_oversize_tagline(self, web_client):
|
|
_, cookies = _create_user(web_client, "oversizetag@x.com")
|
|
zip_bytes = _make_skill_zip("long-tag")
|
|
r = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", zip_bytes, "application/zip")},
|
|
data={
|
|
"type": "skill", "description": _OK_DESC,
|
|
"tagline": "x" * 201,
|
|
},
|
|
cookies=cookies,
|
|
)
|
|
assert r.status_code == 400
|
|
assert r.json()["detail"] == "tagline_too_long"
|
|
|
|
def test_put_updates_title_and_tagline_and_recomputes_synthetic_on_rename(
|
|
self, web_client,
|
|
):
|
|
_, cookies = _create_user(web_client, "v49put@x.com")
|
|
zip_bytes = _make_skill_zip("starter-name")
|
|
r = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", zip_bytes, "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC},
|
|
cookies=cookies,
|
|
)
|
|
assert r.status_code == 201, r.text
|
|
eid = r.json()["id"]
|
|
|
|
# Pure metadata edit: title + tagline.
|
|
e = web_client.put(
|
|
f"/api/store/entities/{eid}",
|
|
data={
|
|
"title": "New Title",
|
|
"tagline": "A pithy tagline",
|
|
},
|
|
cookies=cookies,
|
|
)
|
|
assert e.status_code == 200, e.text
|
|
body = e.json()
|
|
assert body["title"] == "New Title"
|
|
assert body["tagline"] == "A pithy tagline"
|
|
# name unchanged → synthetic unchanged.
|
|
assert body["synthetic_name"] == "starter-name-by-v49put"
|
|
|
|
# Rename: synthetic_name must follow.
|
|
e2 = web_client.put(
|
|
f"/api/store/entities/{eid}",
|
|
data={"name": "renamed-thing"},
|
|
cookies=cookies,
|
|
)
|
|
assert e2.status_code == 200, e2.text
|
|
assert e2.json()["synthetic_name"] == "renamed-thing-by-v49put"
|
|
|
|
def test_invocation_name_reads_from_synthetic_column(self, web_client):
|
|
"""v49 phase-3: ``invocation_name`` in StoreEntityResponse sources
|
|
from the stored ``synthetic_name`` column, not a fresh recompute.
|
|
Manually override the column with a non-canonical value and verify
|
|
the API returns it verbatim — proves read paths consume the column
|
|
rather than recomputing ``<name>-by-<owner_username>`` on the fly."""
|
|
from src.db import get_system_db
|
|
_, cookies = _create_user(web_client, "synthread@x.com")
|
|
up = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip("orig-name"), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC},
|
|
cookies=cookies,
|
|
)
|
|
eid = up.json()["id"]
|
|
# Manual divergence — pretend an admin fix-up landed a non-canonical
|
|
# synthetic. A pure recompute path would not see this; a column-read
|
|
# path will.
|
|
conn = get_system_db()
|
|
try:
|
|
conn.execute(
|
|
"UPDATE store_entities SET synthetic_name = ? WHERE id = ?",
|
|
["manual-override-xyz", eid],
|
|
)
|
|
finally:
|
|
conn.close()
|
|
r = web_client.get(f"/api/store/entities/{eid}", cookies=cookies)
|
|
assert r.status_code == 200, r.text
|
|
body = r.json()
|
|
assert body["synthetic_name"] == "manual-override-xyz"
|
|
assert body["invocation_name"] == "manual-override-xyz"
|
|
|
|
|
|
class TestStoreSecurityFixes:
|
|
"""Regression tests for the three security blockers and one correctness
|
|
bug found in PR #180 review (F1, F2, F4, F5)."""
|
|
|
|
def test_video_url_javascript_scheme_rejected_on_create(self, web_client):
|
|
"""F1 — `javascript:` URI must not be stored. Otherwise a malicious
|
|
uploader can pop XSS in any viewer's session via the
|
|
store_detail "Watch video" link."""
|
|
_, cookies = _create_user(web_client, "f1a@x.com")
|
|
r = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip("vid1"), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC, "video_url": "javascript:alert(1)"},
|
|
cookies=cookies,
|
|
)
|
|
assert r.status_code == 400, r.text
|
|
assert r.json()["detail"] == "invalid_video_url"
|
|
|
|
def test_video_url_data_scheme_rejected(self, web_client):
|
|
_, cookies = _create_user(web_client, "f1b@x.com")
|
|
r = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip("vid2"), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC, "video_url": "data:text/html,<script>alert(1)</script>"},
|
|
cookies=cookies,
|
|
)
|
|
assert r.status_code == 400
|
|
assert r.json()["detail"] == "invalid_video_url"
|
|
|
|
def test_video_url_https_accepted(self, web_client):
|
|
_, cookies = _create_user(web_client, "f1c@x.com")
|
|
r = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip("vid3"), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC, "video_url": "https://www.youtube.com/watch?v=abc"},
|
|
cookies=cookies,
|
|
)
|
|
assert r.status_code == 201, r.text
|
|
assert r.json()["video_url"] == "https://www.youtube.com/watch?v=abc"
|
|
|
|
def test_video_url_javascript_scheme_rejected_on_update(self, web_client):
|
|
_, cookies = _create_user(web_client, "f1d@x.com")
|
|
c = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip("vid4"), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC}, cookies=cookies,
|
|
)
|
|
eid = c.json()["id"]
|
|
u = web_client.put(
|
|
f"/api/store/entities/{eid}",
|
|
data={"video_url": "javascript:alert(1)"},
|
|
cookies=cookies,
|
|
)
|
|
assert u.status_code == 400
|
|
assert u.json()["detail"] == "invalid_video_url"
|
|
|
|
def test_zip_bomb_uncompressed_size_rejected(self, tmp_path):
|
|
"""F2 — _safe_zip_extract must refuse when the sum of declared
|
|
file_size across infolist() exceeds MAX_ZIP_UNCOMPRESSED, BEFORE
|
|
extractall touches disk.
|
|
|
|
We test the helper directly because Python's ``ZipFile.writestr``
|
|
rewrites ``ZipInfo.file_size`` to the real payload length, making
|
|
an end-to-end ZIP-with-fake-size impossible without manual header
|
|
surgery. The bomb defense is in ``_safe_zip_extract``, so target
|
|
it directly with a stub ZipFile whose ``infolist()`` returns
|
|
entries with inflated declared sizes.
|
|
"""
|
|
from fastapi import HTTPException
|
|
|
|
from app.api import store as store_module
|
|
|
|
class _FakeZipFile:
|
|
def __init__(self, infolist):
|
|
self._infolist = infolist
|
|
self.extracted = False
|
|
|
|
def infolist(self):
|
|
return self._infolist
|
|
|
|
def extractall(self, dest):
|
|
# Must not be reached — the guard is supposed to raise
|
|
# before extractall. Mark and let the caller assert.
|
|
self.extracted = True
|
|
|
|
zi = zipfile.ZipInfo("code-review/SKILL.md")
|
|
zi.file_size = store_module.MAX_ZIP_UNCOMPRESSED + 1
|
|
zf = _FakeZipFile([zi])
|
|
|
|
try:
|
|
store_module._safe_zip_extract(zf, tmp_path)
|
|
except HTTPException as exc:
|
|
assert exc.status_code == 413
|
|
assert "zip_too_large_uncompressed" in str(exc.detail)
|
|
else:
|
|
raise AssertionError("expected HTTPException 413, got none")
|
|
assert zf.extracted is False, "guard fired AFTER extractall — bug in fix"
|
|
|
|
def test_admin_can_update_non_owned_entity(self, web_client):
|
|
"""F4 — UPDATE must permit owner OR admin (parity with DELETE)."""
|
|
from argon2 import PasswordHasher
|
|
from src.db import get_system_db
|
|
from src.repositories.users import UserRepository
|
|
from tests.helpers.auth import grant_admin
|
|
|
|
owner_id, owner_cookies = _create_user(web_client, "owner-f4@x.com")
|
|
c = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip("f4-skill"), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC}, cookies=owner_cookies,
|
|
)
|
|
eid = c.json()["id"]
|
|
|
|
ph = PasswordHasher()
|
|
conn = get_system_db()
|
|
UserRepository(conn).create(
|
|
id="adm-f4", email="adm-f4@x.com", name="adm",
|
|
password_hash=ph.hash("AdminPass1!"),
|
|
)
|
|
grant_admin(conn, "adm-f4")
|
|
admin_token = web_client.post(
|
|
"/auth/token", json={"email": "adm-f4@x.com", "password": "AdminPass1!"}
|
|
).json()["access_token"]
|
|
admin_cookies = {"access_token": admin_token}
|
|
|
|
u = web_client.put(
|
|
f"/api/store/entities/{eid}",
|
|
data={"description": "moderated by admin"},
|
|
cookies=admin_cookies,
|
|
)
|
|
assert u.status_code == 200, u.text
|
|
assert u.json()["description"] == "moderated by admin"
|
|
|
|
def test_non_owner_non_admin_cannot_update(self, web_client):
|
|
"""F4 negative — random user still gets 403 on UPDATE."""
|
|
_, owner_cookies = _create_user(web_client, "owner-f4b@x.com")
|
|
c = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip("f4b-skill"), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC}, cookies=owner_cookies,
|
|
)
|
|
eid = c.json()["id"]
|
|
_, intruder_cookies = _create_user(web_client, "intruder-f4@x.com")
|
|
u = web_client.put(
|
|
f"/api/store/entities/{eid}",
|
|
data={"description": "hijack"},
|
|
cookies=intruder_cookies,
|
|
)
|
|
assert u.status_code == 403
|
|
assert u.json()["detail"] == "not_owner"
|
|
|
|
def test_admin_sees_action_buttons_on_marketplace_flea_detail(self, web_client):
|
|
"""F4 (v32+ port): admin must see owner-actions panel on the
|
|
unified /marketplace/flea/{id} detail page even when not the
|
|
owner. Original test targeted the now-deleted /store/{id};
|
|
the policy itself is unchanged."""
|
|
from argon2 import PasswordHasher
|
|
from src.db import get_system_db
|
|
from src.repositories.users import UserRepository
|
|
from tests.helpers.auth import grant_admin
|
|
|
|
_, owner_cookies = _create_user(web_client, "owner-ui@x.com")
|
|
c = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip("ui-skill"), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC}, cookies=owner_cookies,
|
|
)
|
|
eid = c.json()["id"]
|
|
|
|
ph = PasswordHasher()
|
|
conn = get_system_db()
|
|
UserRepository(conn).create(
|
|
id="adm-ui", email="adm-ui@x.com", name="adm",
|
|
password_hash=ph.hash("AdminPass1!"),
|
|
)
|
|
grant_admin(conn, "adm-ui")
|
|
admin_token = web_client.post(
|
|
"/auth/token", json={"email": "adm-ui@x.com", "password": "AdminPass1!"}
|
|
).json()["access_token"]
|
|
admin_cookies = {"access_token": admin_token}
|
|
|
|
page = web_client.get(f"/marketplace/flea/{eid}", cookies=admin_cookies)
|
|
assert page.status_code == 200, page.text
|
|
# Admin-non-owner sees the owner-actions panel.
|
|
assert "owner-actions" in page.text
|
|
# v35: admin sees Archive (soft) + Hard delete buttons.
|
|
assert 'id="owner-archive-btn"' in page.text
|
|
assert 'id="owner-hard-delete-btn"' in page.text
|
|
|
|
def test_cross_owner_suffix_collision_rejected(self, web_client):
|
|
"""F5 — two emails can sanitize to the same username
|
|
(alice.smith / alice_smith → alice-smith). Both uploading a skill
|
|
called `code-review` would yield the same `code-review-by-alice-smith`
|
|
and silently collide in the served bundle + manifest. The upload
|
|
endpoint must refuse the second one."""
|
|
_, a_cookies = _create_user(web_client, "alice.smith@x.com")
|
|
r1 = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip("collide"), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC}, cookies=a_cookies,
|
|
)
|
|
assert r1.status_code == 201, r1.text
|
|
assert r1.json()["invocation_name"] == "collide-by-alice-smith"
|
|
|
|
_, b_cookies = _create_user(web_client, "alice_smith@x.com")
|
|
r2 = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip("collide"), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC}, cookies=b_cookies,
|
|
)
|
|
assert r2.status_code == 409, r2.text
|
|
assert r2.json()["detail"] == "conflict_global_suffix"
|
|
|
|
def test_scratch_dir_cleaned_up_after_failed_extraction(self, web_client, monkeypatch, tmp_path):
|
|
"""Devin: ZIP-validation failure inside _safe_zip_extract was leaving
|
|
the ``agnes_store_*`` scratch dir on disk because scratch creation
|
|
and cleanup lived in different try/finally scopes. After the fix
|
|
both share one outer try/finally; assert the dir really is gone.
|
|
|
|
Issue #252: redirect ``tempfile.mkdtemp()`` to a per-test ``tmp_path``
|
|
via ``monkeypatch.setattr(tempfile, "tempdir", ...)`` so the
|
|
``agnes_store_*`` glob is scoped to this test's exclusive directory.
|
|
Pre-#252 the glob ran against the shared system tmp and would flake
|
|
when a sibling pytest-xdist worker's store test happened to be
|
|
mid-creation inside the [before, after] window.
|
|
"""
|
|
import tempfile as _tempfile
|
|
from pathlib import Path as _Path
|
|
|
|
# FastAPI app runs in-process under TestClient → patching the
|
|
# tempfile module here also redirects the server-side mkdtemp call.
|
|
monkeypatch.setattr(_tempfile, "tempdir", str(tmp_path))
|
|
|
|
# A ZIP whose only member traverses out of the destination —
|
|
# _safe_zip_extract raises 422 zip_unsafe_path before it touches
|
|
# extractall. That's the simplest trigger that exits via
|
|
# HTTPException without doing anything to scratch.
|
|
buf = io.BytesIO()
|
|
with zipfile.ZipFile(buf, "w") as zf:
|
|
zf.writestr("../escape.txt", "boom")
|
|
bad_zip = buf.getvalue()
|
|
|
|
tmp_root = tmp_path
|
|
before = {p.name for p in tmp_root.glob("agnes_store_*")}
|
|
|
|
_, cookies = _create_user(web_client, "leak@x.com")
|
|
r = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("bad.zip", bad_zip, "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC}, cookies=cookies,
|
|
)
|
|
assert r.status_code == 422, r.text
|
|
assert r.json()["detail"] == "zip_unsafe_path"
|
|
|
|
after = {p.name for p in tmp_root.glob("agnes_store_*")}
|
|
leaked = after - before
|
|
assert not leaked, f"scratch dir leaked: {leaked}"
|
|
|
|
def test_distinct_suffixes_pass(self, web_client):
|
|
"""F5 — uploads that yield distinct suffixed names must pass. (Avoid
|
|
regressing into rejecting all distinct uploads.)"""
|
|
_, a_cookies = _create_user(web_client, "alice@x.com")
|
|
_, b_cookies = _create_user(web_client, "bob@x.com")
|
|
for cookies, skill_name in [(a_cookies, "alpha"), (b_cookies, "beta")]:
|
|
r = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip(skill_name), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC}, cookies=cookies,
|
|
)
|
|
assert r.status_code == 201, r.text
|
|
|
|
|
|
class TestStoreBundle:
|
|
"""GET /api/store/bundle.zip + POST /api/store/import-bundle."""
|
|
|
|
def _upload_skill(self, web_client, cookies, name="bundled-skill"):
|
|
return web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip(name), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC}, cookies=cookies,
|
|
)
|
|
|
|
def test_bundle_zip_contains_manifest_and_entity_tree(self, web_client):
|
|
_, cookies = _create_user(web_client, "owner-bundle@x.com")
|
|
r1 = self._upload_skill(web_client, cookies, name="bundle-a")
|
|
r2 = self._upload_skill(web_client, cookies, name="bundle-b")
|
|
eid_a, eid_b = r1.json()["id"], r2.json()["id"]
|
|
|
|
bundle = web_client.get("/api/store/bundle.zip", cookies=cookies)
|
|
assert bundle.status_code == 200
|
|
assert bundle.headers["content-type"] == "application/zip"
|
|
assert bundle.headers["x-bundle-entry-count"] == "2"
|
|
|
|
with zipfile.ZipFile(io.BytesIO(bundle.content)) as zf:
|
|
names = set(zf.namelist())
|
|
assert "manifest.json" in names
|
|
assert f"entities/{eid_a}/plugin/skills/bundle-a-by-owner-bundle/SKILL.md" in names
|
|
assert f"entities/{eid_b}/plugin/skills/bundle-b-by-owner-bundle/SKILL.md" in names
|
|
|
|
manifest = json.loads(zf.read("manifest.json"))
|
|
assert manifest["format"] == 1
|
|
assert manifest["entry_count"] == 2
|
|
entries_by_id = {e["entity_id"]: e for e in manifest["entries"]}
|
|
assert entries_by_id[eid_a]["owner_email"] == "owner-bundle@x.com"
|
|
assert entries_by_id[eid_a]["name"] == "bundle-a"
|
|
|
|
def test_bundle_zip_owner_me_resolves_to_caller(self, web_client):
|
|
"""`?owner=me` magic value resolves server-side to the caller's
|
|
user_id, so `agnes store mine` can pull a self-bundle without
|
|
having to look up its own id first."""
|
|
_, alice_cookies = _create_user(web_client, "mine-a@x.com")
|
|
_, bob_cookies = _create_user(web_client, "mine-b@x.com")
|
|
self._upload_skill(web_client, alice_cookies, name="alice-1")
|
|
self._upload_skill(web_client, alice_cookies, name="alice-2")
|
|
self._upload_skill(web_client, bob_cookies, name="bob-1")
|
|
|
|
# Alice asks for owner=me → only her two entities.
|
|
r = web_client.get("/api/store/bundle.zip?owner=me", cookies=alice_cookies)
|
|
assert r.status_code == 200
|
|
assert r.headers["x-bundle-entry-count"] == "2"
|
|
|
|
with zipfile.ZipFile(io.BytesIO(r.content)) as zf:
|
|
names = zf.namelist()
|
|
assert any("alice-1-by-mine-a" in n for n in names)
|
|
assert any("alice-2-by-mine-a" in n for n in names)
|
|
assert not any("bob-1-by-mine-b" in n for n in names)
|
|
|
|
def test_bundle_zip_filters(self, web_client):
|
|
_, cookies = _create_user(web_client, "filter@x.com")
|
|
self._upload_skill(web_client, cookies, name="keep-this")
|
|
web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("p.zip", _make_plugin_zip("filter-out"), "application/zip")},
|
|
data={"type": "plugin", "description": _OK_DESC}, cookies=cookies,
|
|
)
|
|
|
|
only_skill = web_client.get(
|
|
"/api/store/bundle.zip?type=skill", cookies=cookies,
|
|
)
|
|
assert only_skill.headers["x-bundle-entry-count"] == "1"
|
|
|
|
def test_import_bundle_round_trip_preserves_entity(self, web_client, tmp_path):
|
|
from argon2 import PasswordHasher
|
|
from src.db import get_system_db
|
|
from src.repositories.users import UserRepository
|
|
from tests.helpers.auth import grant_admin
|
|
|
|
# Source instance: create entity, pull bundle.
|
|
_, owner_cookies = _create_user(web_client, "src-owner@x.com")
|
|
r = self._upload_skill(web_client, owner_cookies, name="rt-skill")
|
|
eid = r.json()["id"]
|
|
bundle_bytes = web_client.get(
|
|
"/api/store/bundle.zip", cookies=owner_cookies,
|
|
).content
|
|
|
|
# Wipe Store DB rows + on-disk dir to simulate empty target.
|
|
conn = get_system_db()
|
|
conn.execute("DELETE FROM store_entities WHERE id = ?", [eid])
|
|
import shutil as _shutil
|
|
_shutil.rmtree(tmp_path / "store" / eid, ignore_errors=True)
|
|
|
|
# Promote a different user to admin and import.
|
|
ph = PasswordHasher()
|
|
UserRepository(conn).create(
|
|
id="adm-bundle", email="adm-bundle@x.com", name="adm",
|
|
password_hash=ph.hash("AdminPass1!"),
|
|
)
|
|
grant_admin(conn, "adm-bundle")
|
|
admin_token = web_client.post(
|
|
"/auth/token", json={"email": "adm-bundle@x.com", "password": "AdminPass1!"}
|
|
).json()["access_token"]
|
|
admin_cookies = {"access_token": admin_token}
|
|
|
|
imp = web_client.post(
|
|
"/api/store/import-bundle",
|
|
files={"file": ("b.zip", bundle_bytes, "application/zip")},
|
|
data={"mode": "merge"},
|
|
cookies=admin_cookies,
|
|
)
|
|
assert imp.status_code == 200, imp.text
|
|
body = imp.json()
|
|
assert body["imported"] == 1
|
|
assert body["replaced"] == 0
|
|
# Owner email matched existing user (src-owner@x.com), no stub needed.
|
|
assert body["stub_users_created"] == 0
|
|
|
|
# Entity should be present again.
|
|
r2 = web_client.get(f"/api/store/entities/{eid}", cookies=admin_cookies)
|
|
assert r2.status_code == 200
|
|
assert r2.json()["name"] == "rt-skill"
|
|
assert (tmp_path / "store" / eid / "plugin" / "skills" / "rt-skill-by-src-owner" / "SKILL.md").is_file()
|
|
|
|
def test_import_bundle_creates_stub_for_unknown_owner(self, web_client, tmp_path):
|
|
"""When the bundle's owner_email is not in users table, server
|
|
creates a disabled stub so the entity row has a valid owner_user_id.
|
|
"""
|
|
from argon2 import PasswordHasher
|
|
from src.db import get_system_db
|
|
from src.repositories.users import UserRepository
|
|
from tests.helpers.auth import grant_admin
|
|
|
|
_, owner_cookies = _create_user(web_client, "vanishing@x.com")
|
|
r = self._upload_skill(web_client, owner_cookies, name="orphan-skill")
|
|
eid = r.json()["id"]
|
|
bundle_bytes = web_client.get(
|
|
"/api/store/bundle.zip", cookies=owner_cookies,
|
|
).content
|
|
|
|
# Delete the owner + the entity (simulate fresh target instance).
|
|
conn = get_system_db()
|
|
conn.execute("DELETE FROM store_entities WHERE id = ?", [eid])
|
|
# We can't easily delete users via repo (no method), so just rename
|
|
# so email lookup misses. Brute SQL.
|
|
conn.execute("UPDATE users SET email = 'gone@x.com' WHERE email = 'vanishing@x.com'")
|
|
import shutil as _shutil
|
|
_shutil.rmtree(tmp_path / "store" / eid, ignore_errors=True)
|
|
|
|
ph = PasswordHasher()
|
|
UserRepository(conn).create(
|
|
id="adm-stub", email="adm-stub@x.com", name="adm",
|
|
password_hash=ph.hash("AdminPass1!"),
|
|
)
|
|
grant_admin(conn, "adm-stub")
|
|
admin_token = web_client.post(
|
|
"/auth/token", json={"email": "adm-stub@x.com", "password": "AdminPass1!"}
|
|
).json()["access_token"]
|
|
admin_cookies = {"access_token": admin_token}
|
|
|
|
imp = web_client.post(
|
|
"/api/store/import-bundle",
|
|
files={"file": ("b.zip", bundle_bytes, "application/zip")},
|
|
data={"mode": "merge"},
|
|
cookies=admin_cookies,
|
|
)
|
|
assert imp.status_code == 200, imp.text
|
|
body = imp.json()
|
|
assert body["imported"] == 1
|
|
assert body["stub_users_created"] == 1
|
|
|
|
stub = conn.execute(
|
|
"SELECT id, active FROM users WHERE email = 'vanishing@x.com'"
|
|
).fetchone()
|
|
assert stub is not None
|
|
assert stub[0].startswith("imported-")
|
|
assert stub[1] is False # disabled
|
|
|
|
def test_import_bundle_skip_mode_keeps_existing(self, web_client):
|
|
from argon2 import PasswordHasher
|
|
from src.db import get_system_db
|
|
from src.repositories.users import UserRepository
|
|
from tests.helpers.auth import grant_admin
|
|
|
|
_, owner_cookies = _create_user(web_client, "skip@x.com")
|
|
r = self._upload_skill(web_client, owner_cookies, name="skip-existing")
|
|
eid = r.json()["id"]
|
|
bundle_bytes = web_client.get(
|
|
"/api/store/bundle.zip", cookies=owner_cookies,
|
|
).content
|
|
|
|
conn = get_system_db()
|
|
ph = PasswordHasher()
|
|
UserRepository(conn).create(
|
|
id="adm-skip", email="adm-skip@x.com", name="adm",
|
|
password_hash=ph.hash("AdminPass1!"),
|
|
)
|
|
grant_admin(conn, "adm-skip")
|
|
admin_token = web_client.post(
|
|
"/auth/token", json={"email": "adm-skip@x.com", "password": "AdminPass1!"}
|
|
).json()["access_token"]
|
|
admin_cookies = {"access_token": admin_token}
|
|
|
|
# Import without wiping → entity already present → mode=skip
|
|
# should report 1 skipped, 0 imported, 0 replaced.
|
|
imp = web_client.post(
|
|
"/api/store/import-bundle",
|
|
files={"file": ("b.zip", bundle_bytes, "application/zip")},
|
|
data={"mode": "skip"},
|
|
cookies=admin_cookies,
|
|
)
|
|
assert imp.status_code == 200
|
|
assert imp.json() == {
|
|
"imported": 0, "replaced": 0, "skipped": 1,
|
|
"stub_users_created": 0, "errors": [],
|
|
}
|
|
|
|
def test_import_bundle_admin_only(self, web_client):
|
|
_, cookies = _create_user(web_client, "non-admin@x.com")
|
|
# Build the smallest valid bundle: just manifest.json + no entries.
|
|
buf = io.BytesIO()
|
|
with zipfile.ZipFile(buf, "w") as zf:
|
|
zf.writestr("manifest.json", json.dumps({
|
|
"format": 1, "generated_at": "2026-01-01T00:00:00Z",
|
|
"entry_count": 0, "entries": [],
|
|
}))
|
|
r = web_client.post(
|
|
"/api/store/import-bundle",
|
|
files={"file": ("b.zip", buf.getvalue(), "application/zip")},
|
|
data={"mode": "merge"}, cookies=cookies,
|
|
)
|
|
# require_admin denies non-admin with 403.
|
|
assert r.status_code == 403, r.text
|
|
|
|
def test_bundle_zip_filters_quarantined_for_non_owner(
|
|
self, web_client, monkeypatch,
|
|
):
|
|
"""Codex adversarial review [CRITICAL]: GET /bundle.zip used
|
|
``repo.list(...)`` without a visibility filter. An
|
|
authenticated non-admin could download pending / blocked v1
|
|
bytes by hitting the bundle endpoint. Fixed by mirroring the
|
|
browse-listing gate: non-admin sees only ``approved`` (plus
|
|
their own non-approved entries)."""
|
|
from src.repositories.store_entities import StoreEntitiesRepository
|
|
|
|
# Owner uploads a clean skill (lands approved with guardrails off).
|
|
owner_id, owner_cookies = _create_user(web_client, "bundle-owner@x.com")
|
|
r = self._upload_skill(web_client, owner_cookies, name="bundle-public")
|
|
eid_public = r.json()["id"]
|
|
|
|
from src.db import get_system_db
|
|
# Owner also has a SECOND skill that we manually flip to
|
|
# visibility=pending (simulating in-review).
|
|
r = self._upload_skill(web_client, owner_cookies, name="bundle-pending")
|
|
eid_pending = r.json()["id"]
|
|
conn = get_system_db()
|
|
StoreEntitiesRepository(conn).set_visibility(eid_pending, "pending")
|
|
conn.close()
|
|
|
|
# Snoop is a different non-admin user.
|
|
_, snoop_cookies = _create_user(web_client, "bundle-snoop@x.com")
|
|
r = web_client.get("/api/store/bundle.zip", cookies=snoop_cookies)
|
|
assert r.status_code == 200
|
|
with zipfile.ZipFile(io.BytesIO(r.content)) as zf:
|
|
names = zf.namelist()
|
|
# Snoop sees the approved entity ...
|
|
assert any(f"entities/{eid_public}/" in n for n in names), (
|
|
"approved entity must be present in bundle"
|
|
)
|
|
# ... but NEVER the pending one.
|
|
assert not any(f"entities/{eid_pending}/" in n for n in names), (
|
|
"non-admin must NOT see pending entities via bundle.zip"
|
|
)
|
|
# Manifest entry count reflects the filter.
|
|
manifest = json.loads(
|
|
zipfile.ZipFile(io.BytesIO(r.content)).read("manifest.json"),
|
|
)
|
|
manifest_ids = {e["entity_id"] for e in manifest["entries"]}
|
|
assert eid_public in manifest_ids
|
|
assert eid_pending not in manifest_ids
|
|
|
|
def test_bundle_zip_owner_sees_own_pending(self, web_client):
|
|
"""Owner-of-pending sees their own non-approved entries in
|
|
their bundle export (matches the browse-listing affordance
|
|
via include_owner_id)."""
|
|
from src.repositories.store_entities import StoreEntitiesRepository
|
|
|
|
from src.db import get_system_db
|
|
owner_id, owner_cookies = _create_user(web_client, "bundle-mine@x.com")
|
|
r = self._upload_skill(web_client, owner_cookies, name="mine-pending")
|
|
eid = r.json()["id"]
|
|
conn = get_system_db()
|
|
StoreEntitiesRepository(conn).set_visibility(eid, "pending")
|
|
conn.close()
|
|
|
|
r = web_client.get("/api/store/bundle.zip", cookies=owner_cookies)
|
|
assert r.status_code == 200
|
|
with zipfile.ZipFile(io.BytesIO(r.content)) as zf:
|
|
names = zf.namelist()
|
|
assert any(f"entities/{eid}/" in n for n in names), (
|
|
"owner must see their OWN pending entity in their bundle"
|
|
)
|
|
|
|
def test_bundle_zip_admin_sees_all(self, web_client):
|
|
"""Admin sees pending entries from other users too."""
|
|
from src.repositories.store_entities import StoreEntitiesRepository
|
|
from tests.helpers.auth import grant_admin
|
|
|
|
from src.db import get_system_db
|
|
owner_id, owner_cookies = _create_user(web_client, "bundle-other-owner@x.com")
|
|
r = self._upload_skill(web_client, owner_cookies, name="other-pending")
|
|
eid = r.json()["id"]
|
|
conn = get_system_db()
|
|
StoreEntitiesRepository(conn).set_visibility(eid, "pending")
|
|
conn.close()
|
|
|
|
_, admin_cookies = _create_user(web_client, "bundle-admin@x.com")
|
|
conn = get_system_db()
|
|
grant_admin(conn, "bundle-admin")
|
|
conn.close()
|
|
|
|
r = web_client.get("/api/store/bundle.zip", cookies=admin_cookies)
|
|
assert r.status_code == 200
|
|
with zipfile.ZipFile(io.BytesIO(r.content)) as zf:
|
|
names = zf.namelist()
|
|
assert any(f"entities/{eid}/" in n for n in names), (
|
|
"admin must see pending entities from any owner"
|
|
)
|
|
|
|
|
|
class TestInstallCycle:
|
|
def test_install_uninstall_and_count(self, web_client):
|
|
# Owner uploads, two other users install, install_count = 2.
|
|
_, owner_cookies = _create_user(web_client, "owner@x.com")
|
|
r = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip("share"), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC},
|
|
cookies=owner_cookies,
|
|
)
|
|
eid = r.json()["id"]
|
|
|
|
_, a_cookies = _create_user(web_client, "alpha@x.com")
|
|
_, b_cookies = _create_user(web_client, "beta@x.com")
|
|
assert web_client.post(f"/api/store/entities/{eid}/install", cookies=a_cookies).status_code == 200
|
|
# Idempotent — second call doesn't double-bump.
|
|
assert web_client.post(f"/api/store/entities/{eid}/install", cookies=a_cookies).status_code == 200
|
|
assert web_client.post(f"/api/store/entities/{eid}/install", cookies=b_cookies).status_code == 200
|
|
|
|
det = web_client.get(f"/api/store/entities/{eid}", cookies=owner_cookies).json()
|
|
assert det["install_count"] == 2
|
|
|
|
# Uninstall.
|
|
web_client.delete(f"/api/store/entities/{eid}/install", cookies=a_cookies)
|
|
det = web_client.get(f"/api/store/entities/{eid}", cookies=owner_cookies).json()
|
|
assert det["install_count"] == 1
|
|
|
|
def test_owner_delete_archives_but_preserves_existing_installs(self, web_client):
|
|
"""v35 soft-delete semantics. Owner DELETE = soft archive. Bundle
|
|
+ install rows preserved so already-installed users keep getting
|
|
the plugin through marketplace.zip / .git. The installer still
|
|
sees the entity in their My AI Stack with an 'Archived' badge."""
|
|
_, owner_cookies = _create_user(web_client, "o2@x.com")
|
|
r = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip("cascade"), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC},
|
|
cookies=owner_cookies,
|
|
)
|
|
eid = r.json()["id"]
|
|
_, u_cookies = _create_user(web_client, "victim@x.com")
|
|
web_client.post(f"/api/store/entities/{eid}/install", cookies=u_cookies)
|
|
|
|
# Owner soft-archives (default DELETE semantics in v35).
|
|
d = web_client.delete(f"/api/store/entities/{eid}", cookies=owner_cookies)
|
|
assert d.status_code == 204
|
|
|
|
# Detail still reachable for owner — visibility flipped, not deleted.
|
|
det = web_client.get(f"/api/store/entities/{eid}", cookies=owner_cookies).json()
|
|
assert det["visibility_status"] == "archived"
|
|
|
|
# Installer's My AI Stack STILL contains the entity (existing
|
|
# install survives archive — that's the whole point).
|
|
ms = web_client.get("/api/my-stack", cookies=u_cookies).json()
|
|
assert any(e["entity_id"] == eid for e in ms["store"]), (
|
|
"archived entity must remain in existing installer's stack"
|
|
)
|
|
archived_entry = next(e for e in ms["store"] if e["entity_id"] == eid)
|
|
assert archived_entry["visibility_status"] == "archived"
|
|
|
|
def test_admin_hard_delete_cascades_installs(self, web_client):
|
|
"""v35 hard delete (admin only): bundle dropped + install rows
|
|
cascade. Existing users lose the plugin on next sync."""
|
|
_, owner_cookies = _create_user(web_client, "owner-hd@x.com")
|
|
r = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip("cascade-hd"), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC},
|
|
cookies=owner_cookies,
|
|
)
|
|
eid = r.json()["id"]
|
|
_, u_cookies = _create_user(web_client, "victim-hd@x.com")
|
|
web_client.post(f"/api/store/entities/{eid}/install", cookies=u_cookies)
|
|
|
|
# Admin hard-deletes via ?hard=true.
|
|
from argon2 import PasswordHasher
|
|
from src.db import get_system_db as _gdb
|
|
from src.repositories.users import UserRepository
|
|
from tests.helpers.auth import grant_admin
|
|
ph = PasswordHasher()
|
|
conn = _gdb()
|
|
UserRepository(conn).create(id="adm-hd", email="adm-hd@x.com", name="adm",
|
|
password_hash=ph.hash("AdminPass1!"))
|
|
grant_admin(conn, "adm-hd")
|
|
conn.close()
|
|
admin_token = web_client.post(
|
|
"/auth/token", json={"email": "adm-hd@x.com", "password": "AdminPass1!"}
|
|
).json()["access_token"]
|
|
d = web_client.delete(
|
|
f"/api/store/entities/{eid}?hard=true",
|
|
cookies={"access_token": admin_token},
|
|
)
|
|
# DELETE returns 204 No Content per the API design rule landed in
|
|
# this PR (tests/test_api_design_rules.py rule 2).
|
|
assert d.status_code == 204, d.text
|
|
|
|
# GET 404 + install row gone.
|
|
assert web_client.get(
|
|
f"/api/store/entities/{eid}", cookies=owner_cookies,
|
|
).status_code == 404
|
|
ms = web_client.get("/api/my-stack", cookies=u_cookies).json()
|
|
assert all(e["entity_id"] != eid for e in ms["store"])
|
|
|
|
def test_non_owner_cannot_delete(self, web_client):
|
|
_, owner_cookies = _create_user(web_client, "o3@x.com")
|
|
r = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip("guarded"), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC},
|
|
cookies=owner_cookies,
|
|
)
|
|
eid = r.json()["id"]
|
|
_, intruder_cookies = _create_user(web_client, "intruder@x.com")
|
|
d = web_client.delete(f"/api/store/entities/{eid}", cookies=intruder_cookies)
|
|
assert d.status_code == 403
|
|
|
|
|
|
class TestMarketplaceBundle:
|
|
"""End-to-end: the served /marketplace.zip merges installed Store skills
|
|
and agents into a single ``flea`` plugin, while ``type='plugin'``
|
|
Store entities stay standalone."""
|
|
|
|
def _zip_entries(self, content: bytes) -> set[str]:
|
|
import io, zipfile
|
|
with zipfile.ZipFile(io.BytesIO(content)) as zf:
|
|
return set(zf.namelist())
|
|
|
|
def _read_zip_file(self, content: bytes, name: str) -> bytes:
|
|
import io, zipfile
|
|
with zipfile.ZipFile(io.BytesIO(content)) as zf:
|
|
return zf.read(name)
|
|
|
|
def test_skill_and_agent_merge_into_one_bundle(self, web_client):
|
|
import json as _json
|
|
owner_id, owner_cookies = _create_user(web_client, "owner@bundle.x")
|
|
# Two skills + one agent + one plugin
|
|
skill_a = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip("alpha"), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC}, cookies=owner_cookies,
|
|
).json()["id"]
|
|
skill_b = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip("beta"), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC}, cookies=owner_cookies,
|
|
).json()["id"]
|
|
agent_c = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("a.zip", _make_agent_zip("gamma"), "application/zip")},
|
|
data={"type": "agent", "description": _OK_DESC}, cookies=owner_cookies,
|
|
).json()["id"]
|
|
plugin_d = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("p.zip", _make_plugin_zip("delta"), "application/zip")},
|
|
data={"type": "plugin", "description": _OK_DESC}, cookies=owner_cookies,
|
|
).json()["id"]
|
|
|
|
_, installer_cookies = _create_user(web_client, "installer@bundle.x")
|
|
for eid in (skill_a, skill_b, agent_c, plugin_d):
|
|
assert web_client.post(
|
|
f"/api/store/entities/{eid}/install", cookies=installer_cookies,
|
|
).status_code == 200
|
|
|
|
r = web_client.get("/marketplace.zip", cookies=installer_cookies)
|
|
assert r.status_code == 200, r.text
|
|
names = self._zip_entries(r.content)
|
|
|
|
# Bundle exists with synth plugin.json + every skill + agent file.
|
|
assert "plugins/flea/.claude-plugin/plugin.json" in names
|
|
assert "plugins/flea/skills/alpha-by-owner/SKILL.md" in names
|
|
assert "plugins/flea/skills/beta-by-owner/SKILL.md" in names
|
|
assert "plugins/flea/agents/gamma-by-owner.md" in names
|
|
|
|
# The plugin-typed entity is a separate dir; skills inside its tree
|
|
# carry their original (non-suffixed) names per spec.
|
|
assert f"plugins/store-{plugin_d}/.claude-plugin/plugin.json" in names
|
|
|
|
# Manifest has exactly two plugin entries: the bundle + the standalone.
|
|
manifest = _json.loads(self._read_zip_file(
|
|
r.content, ".claude-plugin/marketplace.json",
|
|
))
|
|
names_in_catalog = sorted(p["name"] for p in manifest["plugins"])
|
|
assert names_in_catalog == ["delta-by-owner", "flea"]
|
|
|
|
# Bundle's own plugin.json carries the synth fields.
|
|
bundle_pj = _json.loads(self._read_zip_file(
|
|
r.content, "plugins/flea/.claude-plugin/plugin.json",
|
|
))
|
|
assert bundle_pj["name"] == "flea"
|
|
assert bundle_pj["version"] # non-empty hash
|
|
|
|
def test_only_skills_yields_only_bundle(self, web_client):
|
|
owner_id, owner_cookies = _create_user(web_client, "ob@x.x")
|
|
eid = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip("solo"), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC}, cookies=owner_cookies,
|
|
).json()["id"]
|
|
_, installer_cookies = _create_user(web_client, "ib@x.x")
|
|
web_client.post(f"/api/store/entities/{eid}/install", cookies=installer_cookies)
|
|
|
|
r = web_client.get("/marketplace.zip", cookies=installer_cookies)
|
|
assert r.status_code == 200
|
|
names = self._zip_entries(r.content)
|
|
assert "plugins/flea/skills/solo-by-ob/SKILL.md" in names
|
|
# No standalone entry for the skill — bundle is the only Store-derived
|
|
# plugin dir present.
|
|
assert not any(n.startswith(f"plugins/store-{eid}/") for n in names)
|
|
|
|
def test_uninstalling_skill_drops_from_bundle(self, web_client):
|
|
owner_id, owner_cookies = _create_user(web_client, "oc@x.x")
|
|
a = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip("keepme"), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC}, cookies=owner_cookies,
|
|
).json()["id"]
|
|
b = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip("dropme"), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC}, cookies=owner_cookies,
|
|
).json()["id"]
|
|
_, installer_cookies = _create_user(web_client, "ic@x.x")
|
|
web_client.post(f"/api/store/entities/{a}/install", cookies=installer_cookies)
|
|
web_client.post(f"/api/store/entities/{b}/install", cookies=installer_cookies)
|
|
|
|
# Both skills present.
|
|
r1 = web_client.get("/marketplace.zip", cookies=installer_cookies)
|
|
names1 = self._zip_entries(r1.content)
|
|
assert "plugins/flea/skills/keepme-by-oc/SKILL.md" in names1
|
|
assert "plugins/flea/skills/dropme-by-oc/SKILL.md" in names1
|
|
|
|
# Uninstall one — bundle still exists, but only the kept skill remains.
|
|
web_client.delete(f"/api/store/entities/{b}/install", cookies=installer_cookies)
|
|
r2 = web_client.get("/marketplace.zip", cookies=installer_cookies)
|
|
names2 = self._zip_entries(r2.content)
|
|
assert "plugins/flea/skills/keepme-by-oc/SKILL.md" in names2
|
|
assert "plugins/flea/skills/dropme-by-oc/SKILL.md" not in names2
|
|
|
|
|
|
class TestWebPages:
|
|
def test_store_upload_page_renders(self, web_client):
|
|
_, cookies = _create_user(web_client, "page2@x.com")
|
|
r = web_client.get("/store/new", cookies=cookies)
|
|
assert r.status_code == 200
|
|
assert "Upload" in r.text
|
|
|
|
def test_marketplace_flea_detail_page_renders(self, web_client):
|
|
"""v32+: /store/{id} was deleted; /marketplace/flea/{id} is the
|
|
canonical detail surface.
|
|
|
|
v49 phase-2: SSR pre-render uses ``entity.title`` (humanized)
|
|
rather than the kebab-case entity ``name`` for the page heading.
|
|
Both the friendly + technical forms should be present in the
|
|
page (title in the hero / breadcrumbs, slug in JS data / detail
|
|
URL parameter passed to fetch).
|
|
"""
|
|
_, cookies = _create_user(web_client, "page4@x.com")
|
|
r = web_client.post(
|
|
"/api/store/entities",
|
|
files={"file": ("s.zip", _make_skill_zip("page-skill"), "application/zip")},
|
|
data={"type": "skill", "description": _OK_DESC},
|
|
cookies=cookies,
|
|
)
|
|
eid = r.json()["id"]
|
|
det = web_client.get(f"/marketplace/flea/{eid}", cookies=cookies)
|
|
assert det.status_code == 200
|
|
# Humanized title sits in the hero h1 + browser title.
|
|
assert "Page Skill" in det.text
|
|
# Entity id (slug-equivalent for routing) survives in detail URL.
|
|
assert eid in det.text
|
|
# Confirm the legacy URL is gone (404, not 200).
|
|
legacy = web_client.get(f"/store/{eid}", cookies=cookies)
|
|
assert legacy.status_code == 404
|
|
|
|
|
|
class TestMyStackOptout:
|
|
def _seed_admin_grant(self, conn, *, user_id, marketplace, plugin, group_name="Test"):
|
|
"""Helper: register marketplace + plugin, put user in a group with grant."""
|
|
from datetime import datetime, timezone
|
|
conn.execute(
|
|
"INSERT INTO marketplace_registry (id, name, url, registered_at) "
|
|
"VALUES (?, ?, ?, ?)",
|
|
[marketplace, marketplace.upper(),
|
|
f"https://example/{marketplace}.git", datetime.now(timezone.utc)],
|
|
)
|
|
conn.execute(
|
|
"INSERT INTO marketplace_plugins (marketplace_id, name, version, raw, updated_at) "
|
|
"VALUES (?, ?, ?, ?, ?)",
|
|
[marketplace, plugin, "1.0",
|
|
json.dumps({"name": plugin, "version": "1.0"}),
|
|
datetime.now(timezone.utc)],
|
|
)
|
|
from src.repositories.user_groups import UserGroupsRepository
|
|
from src.repositories.user_group_members import UserGroupMembersRepository
|
|
from src.repositories.resource_grants import ResourceGrantsRepository
|
|
gid = UserGroupsRepository(conn).create(name=group_name)["id"]
|
|
UserGroupMembersRepository(conn).add_member(user_id, gid, source="admin")
|
|
grant_id = ResourceGrantsRepository(conn).create(
|
|
group_id=gid, resource_type="marketplace_plugin",
|
|
resource_id=f"{marketplace}/{plugin}",
|
|
)
|
|
return gid, grant_id
|
|
|
|
def test_subscribe_toggle_updates_my_stack(self, web_client):
|
|
"""Model B: granted plugins start unsubscribed (`enabled=False`).
|
|
Toggling enabled=True writes a subscription; enabled=False removes it."""
|
|
from src.db import get_system_db
|
|
user_id, cookies = _create_user(web_client, "stack@x.com")
|
|
conn = get_system_db()
|
|
self._seed_admin_grant(conn, user_id=user_id, marketplace="mkt-x", plugin="alpha")
|
|
conn.close()
|
|
|
|
ms = web_client.get("/api/my-stack", cookies=cookies).json()
|
|
assert len(ms["curated"]) == 1
|
|
assert ms["curated"][0]["enabled"] is False # default unsubscribed
|
|
|
|
r = web_client.put(
|
|
"/api/my-stack/curated/mkt-x/alpha",
|
|
json={"enabled": True},
|
|
cookies=cookies,
|
|
)
|
|
assert r.status_code == 200
|
|
|
|
ms2 = web_client.get("/api/my-stack", cookies=cookies).json()
|
|
assert ms2["curated"][0]["enabled"] is True
|
|
|
|
r = web_client.put(
|
|
"/api/my-stack/curated/mkt-x/alpha",
|
|
json={"enabled": False},
|
|
cookies=cookies,
|
|
)
|
|
assert r.status_code == 200
|
|
ms3 = web_client.get("/api/my-stack", cookies=cookies).json()
|
|
assert ms3["curated"][0]["enabled"] is False
|
|
|
|
def test_grant_delete_drops_subscriptions(self, web_client):
|
|
"""The admin grant-delete hook must clean up everyone's subscriptions
|
|
so a re-grant restarts at the default (unsubscribed)."""
|
|
from src.db import get_system_db
|
|
from tests.helpers.auth import grant_admin
|
|
from src.repositories.users import UserRepository
|
|
from argon2 import PasswordHasher
|
|
|
|
# Bootstrap an admin user.
|
|
ph = PasswordHasher()
|
|
conn = get_system_db()
|
|
UserRepository(conn).create(
|
|
id="adm", email="adm@x.com", name="adm", password_hash=ph.hash("AdminPass1!"),
|
|
)
|
|
grant_admin(conn, "adm")
|
|
conn.close()
|
|
admin_token = web_client.post(
|
|
"/auth/token", json={"email": "adm@x.com", "password": "AdminPass1!"}
|
|
).json()["access_token"]
|
|
admin_cookies = {"access_token": admin_token}
|
|
|
|
# Regular user with a grant + an opt-out.
|
|
user_id, user_cookies = _create_user(web_client, "stack2@x.com")
|
|
conn = get_system_db()
|
|
gid, grant_id = self._seed_admin_grant(
|
|
conn, user_id=user_id, marketplace="mkt-y", plugin="beta",
|
|
group_name="Other",
|
|
)
|
|
conn.close()
|
|
|
|
r = web_client.put(
|
|
"/api/my-stack/curated/mkt-y/beta",
|
|
json={"enabled": True}, cookies=user_cookies,
|
|
)
|
|
assert r.status_code == 200
|
|
|
|
# Admin deletes the grant.
|
|
d = web_client.delete(f"/api/admin/grants/{grant_id}", cookies=admin_cookies)
|
|
assert d.status_code == 204, d.text
|
|
|
|
# Subscription should be gone too.
|
|
from src.repositories.user_curated_subscriptions import (
|
|
UserCuratedSubscriptionsRepository,
|
|
)
|
|
conn = get_system_db()
|
|
try:
|
|
assert UserCuratedSubscriptionsRepository(conn).is_subscribed(
|
|
user_id, "mkt-y", "beta",
|
|
) is False
|
|
finally:
|
|
conn.close()
|