2e2e1a1eca
* feat(home+news): state-aware /home + /news + admin-edited news section
Squash of the vr/home-page feature work for clean rebase onto main.
Original 18-commit history preserved in branch backup/vr-home-page-pre-rebase.
What's in this PR:
**State-aware /home page**
- New `/home` route with hero + auto-mode + connectors (Asana / GWS /
Atlassian) + lookarounds. Onboarded vs not-onboarded state-machine
branches a single template (`home_not_onboarded.html`); the install
steps, "Setup a new Claude Code" CTA (90-day PAT mint), and per-
connector setup prompts hide once `users.onboarded=TRUE`. A
completion badge replaces them.
- "Mark me as offboarded" button reverses the flag without an SQL UPDATE.
- `users.onboarded BOOLEAN` column added; default FALSE; flipped by the
CLI's `agnes init` post-success POST and the `/admin/users` API.
- Connector setup prompts pre-check whether the tool is already
installed/connected before re-running setup.
- GWS scope set widened to include Google Chat (`chat.spaces`,
`chat.messages`).
**Single template + design tokens**
- `dashboard.html` now extends `base.html` via the new
`{% block layout %}` opt-out (full-width pages skip the 800px
`.container`). Net: every page shares one shell.
- `style-custom.css` `:root` extended with `--space-{7,9,10,12}`,
`--radius-2xl`, `--shadow-{card,elevated}`, `--text-{muted,disabled}`,
`--focus-ring`, `--transition-*`, `--width-{narrow,app,wide}` so
inline page styles can migrate incrementally.
**Auth redirects honor AGNES_HOME_ROUTE**
- `safe_next_path` resolves the configured home route when no `default=`
is passed; OAuth callbacks, magic-link clicks, password form, and
LOCAL_DEV_MODE shortcuts now land on `/home` (or whatever the operator
picked) instead of always /dashboard.
**News section + /news permalink + /admin/news editor**
- Schema-bumped `news_template` table (single versioned entity, draft +
publish gate). `published BOOLEAN` distinguishes draft from public;
monotonically-increasing `version` per save; rows >30d pruned on
save except the currently-displayed published version.
- `/home` bottom-of-page renders the latest published intro with a
"Read more →" link to `/news` (which renders the full body).
- `/admin/news` editor with sandboxed live preview, versions table,
per-row Unpublish, Format-help cheatsheet.
- `agnes admin news show / draft / edit / publish / unpublish /
versions / export` (CLI). Talks to the live server via the
`/api/admin/news/*` endpoints (PAT-authed) — no direct DB access
so it coexists with a running uvicorn.
- **Optimistic-lock guard**: `agnes admin news publish --version N` and
PUT/PATCH endpoints accept `expected_version` and 409 with structured
`{error: "version_conflict", expected, actual, actual_by}` when a
concurrent admin replaced the draft. Edit refuses to overwrite a
draft authored by someone else without `--force` or
`--expect-version`.
- nh3 (Rust-backed ammonia) HTML sanitizer; iframe pre-pass strips
any iframe whose src is not on the YouTube/Vimeo/Loom allowlist;
javascript:/data: schemes blocked everywhere.
- Author CSS vocabulary: `.news-hero` (blue gradient hero block),
`.callout`/`.callout-{info,warn,success,danger}`,
`.video-embed`, `.news-section`, `.news-grid-{2,3}`, `.news-cta` —
all consolidated in `style-custom.css` under "News content
vocabulary (shared)" so /home perex, /news body, and /admin/news
preview share one source of styling.
- Code-inside-`<pre>` contrast fix (was unreadable amber-on-silver).
- `.news-content` table styling (border, header band, row-hover).
**`scripts/dev/run-local.sh`** — local uvicorn launcher. Pulls Google
OAuth client id/secret from GCP Secret Manager
(`AGNES_OAUTH_GCP_PROJECT`-driven, no vendor defaults), points
`AGNES_CLI_DIST_DIR` at `./dist` so the wheel endpoint resolves, and
`--dev` flips `LOCAL_DEV_MODE=1` + `AGNES_HOME_ROUTE=/home` for one-
command iteration. `LOCAL_DEV_MODE=1` also enables the FastAPI debug
toolbar.
**CLAUDE.md "Run tests before every push" section** codifies
`pytest tests/ -n auto -q` as non-negotiable before each push.
**Tests**: 51 + 14 + 8 = 73 new tests across news-template repo,
sanitizer, API, web, CLI; plus updated home/auth/template tests for
the new shared-shell architecture.
Origin docs (gitignored, customer-fork content):
docs/brainstorms/home-page-requirements.md,
docs/plans/2026-05-07-001-feat-home-page-plan.md.
* feat(cli): agnes onboarded {on,off,status} — self-scoped flag toggle
User-facing equivalent of the in-page "Mark me as (off)boarded" button
on /home. POSTs /api/me/onboarded with {onboarded, source}; --source
overrides the audit-log marker so flips made from the CLI vs the web
button vs agnes init automation stay distinguishable.
`status` reads via /api/me/profile (when present); falls back to a
quick body-marker scan of /home so the read path doesn't write an
audit_log row. PAT-authed via cli.client.api_post — same convention
as agnes admin news / agnes admin add-user etc.
Tests: 5 covering on/off/status round-trip, idempotency, and
audit-log source recording. Full suite holds at 12 pre-existing
failures (same set as before).
* ui(nav+home): primary nav reorg + green What's new band + /marketplace link fix
Primary nav (post-rebase audit + per-user feedback):
- Items: Home → Marketplace → Data Packages → Memory. Admin dropdown
for admins only. The "Dashboard" label was renamed Home — point still
resolves through `home_route` so customer instances on /dashboard
still land there.
- Activity Center moved into the Admin dropdown. Per-team adoption
analytics is admin-consumed in practice; the route still allows
any authed user for direct deep-links so existing /home tile +
bookmarks keep working.
- Memory link added (→ /corporate-memory) — was previously buried in
the /home "Look around" tiles.
- Setup local agent + My Stack dropped from main nav. Setup is the
/home install flow's home now; My Stack lives as a tab inside
/marketplace.
/home tweaks:
- Plugin marketplace tile now points at /marketplace (was /store —
legacy from before the marketplace rebrand landed in #230).
- "What's new" section header gets a green band (success-flavored
D1FAE5 background, A7F3D0 border, darker green title) so the
bottom-of-page news block visibly distinguishes from the blue
install-hero at the top. Header strip only — body stays white.
Test fix: test_home_route_resolution renamed `dashboard_link_uses_home_route`
→ `home_link_uses_home_route` and asserts `href="/home">Home` instead
of `href="/home">Dashboard` after the label change.
* fix(home): decouple Step 3 + Connect-tools collapse from server onboarded flag
The server-side `users.onboarded` flip happens through two paths:
1. Explicit user click on "Mark me as onboarded" or `agnes onboarded on`.
2. Implicit `agnes init` POST → /api/me/onboarded on success.
Path 2 produced a UX surprise: an analyst running `agnes init` mid-flow
reloaded /home and saw Step 3 (auto-mode) + Connect-your-tools auto-
collapse to summary bars. They were actively working through those
sections — the install POST never signalled "I'm done with the rest
of setup", just "Agnes itself is installed".
Decouple the section-collapse decision from the server flag:
- Step 1 + Step 2 install blocks: still hidden on `onboarded=TRUE`
(their completion is a hard server signal — Agnes IS installed).
- Step 3 + Connect-your-tools: render flat by default in BOTH states.
Wrapped in `<details class="setup-collapsible" open>` so the
browser's native disclosure handles per-section toggle without JS,
but the `<summary>` is CSS-hidden until the page-level
`data-setup-minimized="1"` attribute is set on `.home-mock`.
- New "Minimize setup view" toggle inside the blue install-hero,
rendered only when onboarded. Click flips the data-attr on
`.home-mock` AND removes the `open` attribute from each
`<details>`. State persists in `localStorage["agnes_home_setup_minimized"]`
so the choice survives reloads but is per-device.
- "Show full setup view" (the same button when minimized) re-opens
both `<details>` and clears localStorage.
When minimized, each `<details>` still has its own native expand/
collapse — click the gray summary bar to peek at one section without
toggling the page-level minimize off.
Tests:
- test_step3_and_connectors_render_flat_when_onboarded_by_default —
asserts `<details class="setup-collapsible" ... open>` for both
sections post-onboarding and the absence of any server-rendered
`data-setup-minimized` attribute on the `.home-mock` root.
- test_minimize_toggle_visible_only_when_onboarded — toggle button
rendered only when onboarded.
Full pytest holds at 12 pre-existing failures (same set).
232 lines
7 KiB
Python
232 lines
7 KiB
Python
"""REST surface for /api/admin/news/* — RBAC, CRUD, sanitizer integration.
|
|
|
|
Mirrors the test scaffolding in tests/test_api_me_onboarded.py: per-test
|
|
fresh DATA_DIR + JWT secret, helper to mint admin / non-admin sessions
|
|
through TestClient, hit endpoints with cookie auth.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
import tempfile
|
|
import uuid
|
|
|
|
import pytest
|
|
|
|
|
|
@pytest.fixture
|
|
def fresh_db(monkeypatch):
|
|
with tempfile.TemporaryDirectory() as tmp:
|
|
monkeypatch.setenv("DATA_DIR", tmp)
|
|
monkeypatch.setenv("TESTING", "1")
|
|
monkeypatch.setenv("JWT_SECRET_KEY", "test-jwt-secret-key-minimum-32-chars!!")
|
|
yield tmp
|
|
|
|
|
|
def _make_user(conn, email: str, *, admin: bool):
|
|
from src.repositories.users import UserRepository
|
|
from app.auth.jwt import create_access_token
|
|
|
|
uid = str(uuid.uuid4())
|
|
UserRepository(conn).create(id=uid, email=email, name=email.split("@")[0])
|
|
|
|
if admin:
|
|
# Add to the seeded Admin group so require_admin grants access.
|
|
admin_group = conn.execute(
|
|
"SELECT id FROM user_groups WHERE name = 'Admin'"
|
|
).fetchone()
|
|
assert admin_group, "Admin system group should be seeded by bootstrap"
|
|
conn.execute(
|
|
"INSERT INTO user_group_members (user_id, group_id, source, added_by) "
|
|
"VALUES (?, ?, 'admin', 'test')",
|
|
[uid, admin_group[0]],
|
|
)
|
|
|
|
token = create_access_token(user_id=uid, email=email)
|
|
return uid, token
|
|
|
|
|
|
def _client():
|
|
from fastapi.testclient import TestClient
|
|
from app.main import app
|
|
return TestClient(app)
|
|
|
|
|
|
def _make_admin_client(conn):
|
|
_, token = _make_user(conn, "admin@example.com", admin=True)
|
|
c = _client()
|
|
c.cookies.set("access_token", token)
|
|
return c
|
|
|
|
|
|
def _make_user_client(conn):
|
|
_, token = _make_user(conn, "user@example.com", admin=False)
|
|
c = _client()
|
|
c.cookies.set("access_token", token)
|
|
return c
|
|
|
|
|
|
def test_get_current_returns_unpublished_envelope_when_empty(fresh_db):
|
|
from src.db import get_system_db, close_system_db
|
|
conn = get_system_db()
|
|
try:
|
|
c = _make_admin_client(conn)
|
|
finally:
|
|
conn.close()
|
|
close_system_db()
|
|
resp = c.get("/api/admin/news/current")
|
|
assert resp.status_code == 200
|
|
assert resp.json() == {"published": False}
|
|
|
|
|
|
def test_non_admin_blocked(fresh_db):
|
|
from src.db import get_system_db, close_system_db
|
|
conn = get_system_db()
|
|
try:
|
|
c = _make_user_client(conn)
|
|
finally:
|
|
conn.close()
|
|
close_system_db()
|
|
resp = c.get("/api/admin/news/current")
|
|
assert resp.status_code in (401, 403)
|
|
|
|
|
|
def test_full_lifecycle_draft_publish_unpublish(fresh_db):
|
|
from src.db import get_system_db, close_system_db
|
|
conn = get_system_db()
|
|
try:
|
|
c = _make_admin_client(conn)
|
|
finally:
|
|
conn.close()
|
|
close_system_db()
|
|
|
|
# No draft yet → 404
|
|
assert c.get("/api/admin/news/draft").status_code == 404
|
|
|
|
# Save draft
|
|
r = c.put("/api/admin/news/draft", json={"intro": "<p>v1 intro</p>", "content": "<h1>v1</h1>"})
|
|
assert r.status_code == 200
|
|
body = r.json()
|
|
assert body["version"] == 1
|
|
assert body["published"] is False
|
|
assert body["intro"] == "<p>v1 intro</p>"
|
|
|
|
# Publish → /current returns it
|
|
r = c.post("/api/admin/news/publish")
|
|
assert r.status_code == 200
|
|
pub = r.json()
|
|
assert pub["published"] is True
|
|
|
|
cur = c.get("/api/admin/news/current").json()
|
|
assert cur["version"] == 1
|
|
assert cur["published"] is True
|
|
|
|
# Publish again with no draft → 409
|
|
r = c.post("/api/admin/news/publish")
|
|
assert r.status_code == 409
|
|
assert r.json()["detail"] == "no_draft"
|
|
|
|
# New draft v2; unpublishing v1 while v2 draft exists → 409
|
|
c.put("/api/admin/news/draft", json={"intro": "<p>v2</p>", "content": "<p>V2</p>"})
|
|
r = c.post("/api/admin/news/unpublish/1")
|
|
assert r.status_code == 409
|
|
|
|
# Publish v2 → unpublish v2 → web falls back to v1
|
|
c.post("/api/admin/news/publish")
|
|
r = c.post("/api/admin/news/unpublish/2")
|
|
assert r.status_code == 200
|
|
cur = c.get("/api/admin/news/current").json()
|
|
assert cur["version"] == 1
|
|
|
|
|
|
def test_versions_list_paginated(fresh_db):
|
|
from src.db import get_system_db, close_system_db
|
|
conn = get_system_db()
|
|
try:
|
|
c = _make_admin_client(conn)
|
|
finally:
|
|
conn.close()
|
|
close_system_db()
|
|
|
|
# Create 3 versions, all published
|
|
for i in range(1, 4):
|
|
c.put("/api/admin/news/draft", json={"intro": f"<p>v{i}</p>", "content": f"<p>V{i}</p>"})
|
|
c.post("/api/admin/news/publish")
|
|
|
|
rows = c.get("/api/admin/news/versions?limit=10").json()["versions"]
|
|
assert [r["version"] for r in rows] == [3, 2, 1]
|
|
assert all(r["status"] == "published" for r in rows)
|
|
|
|
|
|
def test_preview_sanitizes_without_persisting(fresh_db):
|
|
from src.db import get_system_db, close_system_db
|
|
conn = get_system_db()
|
|
try:
|
|
c = _make_admin_client(conn)
|
|
finally:
|
|
conn.close()
|
|
close_system_db()
|
|
|
|
r = c.post(
|
|
"/api/admin/news/preview",
|
|
json={
|
|
"intro": "<p>x<script>alert(1)</script></p>",
|
|
"content": '<iframe src="https://evil.com/x"></iframe><p>ok</p>',
|
|
},
|
|
)
|
|
assert r.status_code == 200
|
|
body = r.json()
|
|
assert "<script>" not in body["intro"]
|
|
assert "evil.com" not in body["content"]
|
|
# Preview must not persist anything.
|
|
assert c.get("/api/admin/news/draft").status_code == 404
|
|
|
|
|
|
def test_publish_with_expected_version_mismatch_returns_409(fresh_db):
|
|
from src.db import get_system_db, close_system_db
|
|
conn = get_system_db()
|
|
try:
|
|
c = _make_admin_client(conn)
|
|
finally:
|
|
conn.close()
|
|
close_system_db()
|
|
|
|
c.put("/api/admin/news/draft", json={"intro": "<p>v1</p>", "content": "V1"})
|
|
# Active draft is v1; publish with ?expected_version=42 must 409.
|
|
r = c.post("/api/admin/news/publish?expected_version=42")
|
|
assert r.status_code == 409
|
|
detail = r.json()["detail"]
|
|
assert detail["error"] == "version_conflict"
|
|
assert detail["expected"] == 42
|
|
assert detail["actual"] == 1
|
|
|
|
|
|
def test_put_draft_with_expected_version_mismatch_returns_409(fresh_db):
|
|
from src.db import get_system_db, close_system_db
|
|
conn = get_system_db()
|
|
try:
|
|
c = _make_admin_client(conn)
|
|
finally:
|
|
conn.close()
|
|
close_system_db()
|
|
|
|
# Admin A creates draft v1; admin B (same client here) tries to save
|
|
# believing no draft exists.
|
|
c.put("/api/admin/news/draft", json={"intro": "<p>v1</p>", "content": "V1"})
|
|
r = c.put(
|
|
"/api/admin/news/draft?expected_version=0",
|
|
json={"intro": "<p>fresh</p>", "content": "fresh"},
|
|
)
|
|
assert r.status_code == 409
|
|
assert r.json()["detail"]["error"] == "version_conflict"
|
|
|
|
|
|
def test_unknown_version_returns_404(fresh_db):
|
|
from src.db import get_system_db, close_system_db
|
|
conn = get_system_db()
|
|
try:
|
|
c = _make_admin_client(conn)
|
|
finally:
|
|
conn.close()
|
|
close_system_db()
|
|
r = c.get("/api/admin/news/versions/999")
|
|
assert r.status_code == 404
|