AI-Cognitive-Leap/agnes-the-ai-analyst
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
agnes-the-ai-analyst/tests/test_marketplace.py
minasarustamyan dc5e0e0d11
Marketplace UX overhaul: rich plugin/skill/agent detail + filename rename (#251) 
* Rename agnes-metadata.json to marketplace-metadata.json

Curated marketplace enrichment file (.claude-plugin/agnes-metadata.json)
becomes marketplace-metadata.json. Clean cut, no fallback — curators of
upstream marketplace repos must rename the file on their side.

Python API renames mirror the file rename: read_agnes_metadata →
read_marketplace_metadata, AGNES_METADATA_REL → MARKETPLACE_METADATA_REL,
AGNES_METADATA_MAX_BYTES → MARKETPLACE_METADATA_MAX_BYTES. Synth Claude
Code marketplace strip rule (.agnes/** + the metadata file) follows the
new filename.

* Marketplace detail polish: window cover + 715:310 aspect + helper alignment

- Plugin & item (skill/agent) detail hero: 160x160 square cover replaced
  with a macOS-style window frame (3 traffic-light dots + titlebar label
  showing the entity name). Body is constrained to 715:310 so curator-
  uploaded covers no longer crop to a square. Window is 380px wide; meta
  column and absolutely-positioned top-right install/remove actions stay
  put. Fallback when no cover_photo_url (translucent gradient + PL/SK/AG
  initials) is unchanged, just inside the window body.

- Inner skill/agent cards in the plugin detail's Internal structure
  section adopt the same 715:310 aspect (was fixed 78px tall). No window
  chrome on inner cards — just the matching proportions so covers read
  consistently across hero, grid tiles, and listing cards.

- Curated nested item helper text ("This skill is part of ... — add the
  bundle to your stack to use it") now stacks UNDER the "Open parent
  plugin" button instead of being a side-by-side flex sibling in the
  actions-row. Added align-self: flex-end so the 260px helper box
  anchors at the right edge of the 300px actions column, matching the
  button's right edge.

* Marketplace My tab: surface the same category + type filters as Flea

- Frontend: mp-cat-row and mp-type-row now show on tab=my (previously
  hidden — type was flea-only, category was flea/curated-only). Curated
  browse stays plugin-only and continues to hide the type pills.
  fetchOne() sends the `type` param for tab=my too, so the items
  endpoint's existing my-branch filter actually receives it.

- Backend categories endpoint, tab=my branch: when the type filter is
  set to skill/agent, skip counting curated subscriptions. Curated
  plugins are always type='plugin', so they wouldn't survive the items
  endpoint's type filter; including them in the category counts made
  the pill numbers overstate what users could actually see in the
  grid. type=None or type='plugin' keeps the previous behaviour.

- CHANGELOG entry under [Unreleased].

* Marketplace plugin detail: render rich content from marketplace-metadata.json

Adds five optional plugin-level fields to marketplace-metadata.json and
renders them on the curated plugin detail page + listing card:

* display_name — friendly h1 / listing-card name / mac-window titlebar
  label (overrides the technical plugin id)
* tagline — punchy 1-line value prop for the hero subtitle and the
  listing card description (replacing the verbose marketplace.json
  description on cards)
* description — multi-paragraph markdown body, server-side rendered
  through markdown-it-py and sanitized through nh3 with a
  description-scoped allowlist (no iframes / no raw HTML / no
  javascript: links). Powers the "What it does" panel.
* use_cases[] — {title, description, prompt} entries that render as a
  3-column "When to use it" card grid; each card shows the literal
  prompt as a code chip so users can copy-paste into Claude Code.
* sample_interaction — {user, assistant} dialog rendered in a Claude
  Code-style dark Catppuccin Mocha transcript panel: monospace user
  row with a green ">" prompt indicator + sans-serif assistant body
  with markdown formatting (peach bold, yellow italic, pink inline
  code, mantle-dark fenced code blocks).

All five fields are optional; UI sections only render when populated,
so plugins without enrichment look identical to before. Fields are
read on-demand from the working tree (cached by mtime per marketplace
slug) so curator edits land at the next request without waiting for
a sync cycle — same pattern as the existing inner-skill/agent
enrichment path. No DB schema bump.

Skill / agent rich-content rendering is deferred to a later phase
(needs a source-of-truth decision: extend plugin.yml? LLM-generate
from SKILL.md / agent.md?). The schema accepts the same fields at
skill/agent level today for forward compatibility but the UI ignores
them for now.

Also: stripped a stale `background-color: var(--bg)` from the global
`code` rule in style.css (was making inline code visually disappear
on the page background).

* Skill / agent detail: render rich content from marketplace-metadata.json

Brings the skill/agent detail pages to parity with the plugin detail
page. Same rich-content schema (display_name, tagline, description as
markdown, use_cases[], sample_interaction) plus two per-item additions:

* invocation — curator-provided literal command string. When set,
  overrides the computed "<manifest_name>:<inner_name>" chip and
  cleanly supports both "/" skill prefix and "@" agent prefix (the
  hardcoded "/" in the chip markup is hidden when the curator provides
  the invocation, so /grpn-eng:query <q> and @grpn-eng:cto-architect
  both render correctly).
* when_to_use — markdown disambiguation block ("Use this for X. For
  similar Y, see /other-skill") rendered into a new "When to use this"
  panel below the Example section.

Skill / agent category is now per-item overridable in
marketplace-metadata.json. When absent, the API keeps the parent
plugin's category as the badge so existing items don't lose their
category until curators opt in to per-item categorization.

The new "Example" Q&A panel uses the same Claude Code-style dark
Catppuccin Mocha transcript treatment as the plugin detail —
monospace user row with a green ">" prompt indicator + sans-serif
assistant body with markdown formatting.

All new fields are optional and read on-demand from the working tree.
Skills / agents whose marketplace-metadata.json doesn't carry rich
content render exactly the same way they did before (frontmatter
description + computed slash command + cover from existing v32
enrichment). No DB schema bump.

* Fix TypeError in skill / agent detail when curator sets per-item category

`curated_skill_detail` and `curated_agent_detail` were passing both
`**parent` (from `_curated_inner_parent_fields`, which returns the
parent plugin's category as a fallback) and `**enrichment` (from
`_curated_inner_enrichment`, which returns the per-item category
override when the curator set one) into `InnerDetailResponse(...)`.

Python function-call kwargs unpacking with overlapping keys raises
`TypeError: got multiple values for keyword argument 'category'`
— it doesn't merge like a literal dict does. The bug only surfaced
when the marketplace-metadata.json carried a `category` field at
skill / agent level (curator opting into per-item categorization);
items without that override hit the endpoint cleanly because only
parent provided the key.

Fix: build `merged = {**parent, **enrichment}` first (literal-dict
syntax DOES merge, with the right-hand-side winning) and unpack the
merged dict. Curator override still wins via the merge order, and
the same pattern is future-proof for any other field that lands in
both layers later.

Plus a regression test in test_marketplace_metadata.py asserting
that the inner-resolver carries `category` for downstream merging.

* Marketplace detail: tolerate partial curator JSON

Server constructed UseCase / SampleInteraction via raw dict indexing
(uc["title"], sample["assistant"]), so a curator commit missing any
required Pydantic field crashed the whole plugin / skill / agent detail
endpoint with a 500. Route both constructions through _safe_use_case /
_safe_sample_interaction helpers — partial input silently drops the
malformed card / section instead of breaking the page.

Regression test in test_marketplace_api.py covers the three shapes:
use_case missing a key, use_case with an empty string, and
sample_interaction with only user (no assistant). Sibling rich fields
still render.

* Address PR-251 review (must-fixes + S2/S3 polish) + release-cut 0.50.0

Five must-fixes from the review pass (3 from @cvrysanek's two-stage
review, 2 from my independent pass), plus the 0.50.0 release-cut as the
last commit on this PR per CLAUDE.md (CLAUDE.md "Release-cut belongs
to the PR" rule added in v0.49.1).

Must-fixes
----------

1. Cache eviction: bounded LRU instead of per-marketplace predicate.
   The previous predicate (`k[0] == marketplace_id and k[1] != mtime_ns`)
   only swept stale entries for the CURRENT marketplace; with N>100
   distinct marketplaces each holding one mtime key, the cap silently
   failed and memory grew linearly. Replaced with OrderedDict-backed
   bounded LRU at cap=256, drop oldest insert on overflow.
   Cache stress test pinned in test_marketplace_metadata.py.

2. Render CPU cap: per-field byte cap on description / when_to_use /
   sample_interaction.assistant via MARKETPLACE_METADATA_FIELD_MAX_BYTES
   (= 64 KiB). Without this, a 1 MiB curator markdown body × QPS =
   curator-controlled CPU burn through pure-Python markdown-it-py.
   Truncation respects UTF-8 boundaries and logs a warning so the
   curator sees the cap fire on the next sync. Test for cap +
   UTF-8-boundary preservation.

3. Inner-detail bypassed the metadata cache. _curated_inner_enrichment,
   _curated_inner_cover, and curated_detail all called
   read_marketplace_metadata directly, defeating the mtime cache the
   plugin listing already shared. Routed all three through
   _read_metadata_cached so skill/agent detail hits are O(1) re-parses
   per marketplace per mtime instead of O(QPS).

4. Truthy-vs-presence trap in plugin/inner enrichment merge. API-layer
   writers used `if resolved.get(k):` which silently dropped any
   future falsy-but-valid resolver field (bool featured=False, int
   priority=0, str category=''). Switched to presence check
   (`if k in resolved`) so the resolver is the authority on field
   presence; `{**parent, **enrichment}` merge respects whatever the
   resolver decided to ship.

5. Vendor-agnostic OSS cleanup. Removed operator-specific token
   references (/grpn-eng:, @grpn-eng:, .foundryai/) from
   src/marketplace_metadata.py docstring, app/web/templates/
   marketplace_item_detail.html JS comment, docs/curated-marketplace-
   format.md, and tests/test_marketplace_metadata.py fixtures. Replaced
   with generic /my-plugin:tool / @my-agent:role / .example/ placeholders.

CHANGELOG
---------
- New "### Fixed (PR #251 follow-ups)" section documenting all 4
  code-side must-fixes
- New "### Internal" section noting the vendor cleanup + new tests
- BREAKING bullet for the file rename now covers operator-side
  migration: running instances see plugin enrichment disappear from
  the UI until upstream curator renames + nightly sync overwrites the
  working tree; POST /api/marketplaces/{id}/sync forces refresh sooner
- Stripped /grpn-eng: leaks from the existing skill/agent rich-content
  bullet

Tests
-----
128 targeted tests pass (test_marketplace_metadata, test_marketplace_api,
test_marketplace, test_markdown_render, test_marketplace_synth_strip,
test_marketplace_filter). New tests added:
- 6 XSS regression tests on render_safe (javascript:/data:/vbscript:
  schemes via autolink, reference link, and mixed-case + positive
  http/https/mailto + noopener noreferrer rel)
- 3 byte-cap tests (truncation + UTF-8 boundary + under-cap pass-through)
- 1 cache eviction stress test (>256 marketplaces -> bounded at cap)
- 1 truthy-vs-presence resolver-contract test

Release-cut
-----------
- pyproject.toml 0.49.1 -> 0.50.0 (minor; BREAKING file rename per
  pre-1.0 CHANGELOG note: "breaking changes called out under Changed
  or Removed with the BREAKING marker")
- CHANGELOG [Unreleased] -> [0.50.0] - 2026-05-12, new empty
  [Unreleased] on top.

---------

Co-authored-by: Minas Arustamyan <arustamyan.minas@gmail.com>
Co-authored-by: ZdenekSrotyr <zdenek.srotyr@keboola.com>
2026-05-12 08:38:39 +00:00

736 lines
26 KiB
Python
Raw Blame History

"""Tests for marketplace registry + sync.
Uses a local bare git repo as a fake remote so no network is needed.
"""
from __future__ import annotations
import json
import os
import shutil
import subprocess
from pathlib import Path
import pytest
# ---------------------------------------------------------------------------
# Helpers: local bare repo as a fake "remote"
# ---------------------------------------------------------------------------
def _git(*args: str, cwd: Path | None = None, env: dict | None = None) -> str:
full_env = {**os.environ, **(env or {})}
# Minimal identity so commits work in CI sandboxes without global config.
full_env.setdefault("GIT_AUTHOR_NAME", "Test")
full_env.setdefault("GIT_AUTHOR_EMAIL", "test@example.com")
full_env.setdefault("GIT_COMMITTER_NAME", "Test")
full_env.setdefault("GIT_COMMITTER_EMAIL", "test@example.com")
result = subprocess.run(
["git", *args],
cwd=str(cwd) if cwd else None,
env=full_env,
capture_output=True,
text=True,
check=True,
)
return result.stdout.strip()
def _file_url(path: Path) -> str:
# git accepts file:// URLs and plain absolute paths as "URLs" for clone/fetch.
# A file:// URL keeps things OS-agnostic.
return path.resolve().as_uri()
@pytest.fixture
def fake_remote(tmp_path: Path):
"""Create a bare repo + seed one commit. Returns (bare_path, url, first_sha)."""
work = tmp_path / "src-work"
work.mkdir()
_git("init", "-b", "main", cwd=work)
(work / "README.md").write_text("initial\n", encoding="utf-8")
_git("add", ".", cwd=work)
_git("commit", "-m", "initial", cwd=work)
bare = tmp_path / "remote.git"
_git("clone", "--bare", str(work), str(bare))
# Wire the work tree to push back to the bare remote so we can seed
# additional commits during tests via _add_commit().
_git("remote", "add", "origin", str(bare), cwd=work)
sha = _git("rev-parse", "HEAD", cwd=work)
return {"bare": bare, "work": work, "url": _file_url(bare), "sha": sha}
def _add_commit(fake_remote: dict, filename: str, content: str) -> str:
"""Add a new commit to the fake remote via the working clone + push."""
work = fake_remote["work"]
(work / filename).write_text(content, encoding="utf-8")
_git("add", ".", cwd=work)
_git("commit", "-m", f"add {filename}", cwd=work)
_git("push", "origin", "main", cwd=work)
return _git("rev-parse", "HEAD", cwd=work)
# ---------------------------------------------------------------------------
# Environment — fresh DATA_DIR + fresh system.duckdb per test
# ---------------------------------------------------------------------------
@pytest.fixture
def clean_env(tmp_path, monkeypatch):
data_dir = tmp_path / "data"
(data_dir / "state").mkdir(parents=True)
(data_dir / "marketplaces").mkdir()
monkeypatch.setenv("DATA_DIR", str(data_dir))
# Reset the shared system DB connection so it picks up the new DATA_DIR.
import src.db as db
if getattr(db, "_system_db_conn", None) is not None:
try:
db._system_db_conn.close()
except Exception:
pass
db._system_db_conn = None
db._system_db_path = None
yield data_dir
if getattr(db, "_system_db_conn", None) is not None:
try:
db._system_db_conn.close()
except Exception:
pass
db._system_db_conn = None
db._system_db_path = None
# ---------------------------------------------------------------------------
# Repository layer
# ---------------------------------------------------------------------------
def test_registry_crud(clean_env):
from src.db import get_system_db
from src.repositories.marketplace_registry import MarketplaceRegistryRepository
conn = get_system_db()
try:
repo = MarketplaceRegistryRepository(conn)
assert repo.list_all() == []
assert repo.get("foo") is None
repo.register(
id="foo", name="Foo", url="https://example.com/foo.git",
branch="main", token_env="FOO_TOKEN", description="demo",
registered_by="admin@test.com",
)
row = repo.get("foo")
assert row is not None
assert row["url"] == "https://example.com/foo.git"
assert row["branch"] == "main"
assert row["token_env"] == "FOO_TOKEN"
assert row["registered_by"] == "admin@test.com"
assert row["last_synced_at"] is None
# UPSERT: re-register with new name keeps row count at 1.
repo.register(id="foo", name="Foo v2", url="https://example.com/foo.git")
rows = repo.list_all()
assert len(rows) == 1
assert rows[0]["name"] == "Foo v2"
from datetime import datetime, timezone
repo.update_sync_status(
"foo",
commit_sha="abc123",
synced_at=datetime.now(timezone.utc),
)
row = repo.get("foo")
assert row["last_commit_sha"] == "abc123"
assert row["last_synced_at"] is not None
assert row["last_error"] is None
# Error write
repo.update_sync_status("foo", error="boom")
assert repo.get("foo")["last_error"] == "boom"
# Success after error clears it
repo.update_sync_status("foo", commit_sha="def456", synced_at=datetime.now(timezone.utc))
assert repo.get("foo")["last_error"] is None
repo.unregister("foo")
assert repo.get("foo") is None
finally:
conn.close()
# ---------------------------------------------------------------------------
# sync_one — clone and update against local bare repo
# ---------------------------------------------------------------------------
def test_sync_one_clone_then_update(clean_env, fake_remote):
from src.db import get_system_db
from src.marketplace import sync_one
from src.repositories.marketplace_registry import MarketplaceRegistryRepository
conn = get_system_db()
try:
MarketplaceRegistryRepository(conn).register(
id="hello", name="Hello", url=fake_remote["url"], branch="main"
)
finally:
conn.close()
result = sync_one("hello")
assert result["action"] == "clone"
assert result["commit"] == fake_remote["sha"]
target = Path(result["path"])
assert target.is_dir()
assert (target / "README.md").exists()
# Registry row updated
conn = get_system_db()
try:
row = MarketplaceRegistryRepository(conn).get("hello")
assert row["last_commit_sha"] == fake_remote["sha"]
assert row["last_error"] is None
finally:
conn.close()
new_sha = _add_commit(fake_remote, "new.txt", "hello world")
result2 = sync_one("hello")
assert result2["action"] == "update"
assert result2["commit"] == new_sha
assert result2["commit"] != fake_remote["sha"]
assert (Path(result2["path"]) / "new.txt").exists()
def test_sync_one_failure_redacts_token(clean_env, tmp_path, monkeypatch):
"""A bogus HTTPS URL + token should fail with the token redacted from the error."""
from src.db import get_system_db
from src.marketplace import sync_one
from src.repositories.marketplace_registry import MarketplaceRegistryRepository
token = "ghp_supersecrettoken1234567890"
monkeypatch.setenv("AGNES_MARKETPLACE_BOGUS_TOKEN", token)
monkeypatch.setenv("GIT_CONFIG_GLOBAL", str(tmp_path / "no-global-config"))
conn = get_system_db()
try:
MarketplaceRegistryRepository(conn).register(
id="bogus",
name="Bogus",
# Non-routable IP + unlikely port → git fails fast without real network.
url="https://127.0.0.1:1/does-not-exist.git",
token_env="AGNES_MARKETPLACE_BOGUS_TOKEN",
)
finally:
conn.close()
with pytest.raises(RuntimeError) as ei:
sync_one("bogus")
assert token not in str(ei.value)
conn = get_system_db()
try:
row = MarketplaceRegistryRepository(conn).get("bogus")
assert row["last_error"]
assert token not in row["last_error"]
finally:
conn.close()
# ---------------------------------------------------------------------------
# sync_marketplaces — collects errors per entry, empty registry = no-op
# ---------------------------------------------------------------------------
def test_sync_marketplaces_empty(clean_env):
from src.marketplace import sync_marketplaces
assert sync_marketplaces() == {"synced": [], "errors": []}
def test_sync_marketplaces_mixed(clean_env, fake_remote, monkeypatch):
from src.db import get_system_db
from src.marketplace import sync_marketplaces
from src.repositories.marketplace_registry import MarketplaceRegistryRepository
monkeypatch.setenv("GIT_CONFIG_GLOBAL", str(Path(os.environ["DATA_DIR"]) / "no-global"))
conn = get_system_db()
try:
repo = MarketplaceRegistryRepository(conn)
repo.register(id="good", name="Good", url=fake_remote["url"], branch="main")
repo.register(id="bad", name="Bad", url="https://127.0.0.1:1/x.git")
finally:
conn.close()
result = sync_marketplaces()
assert len(result["synced"]) == 1
assert result["synced"][0]["id"] == "good"
assert len(result["errors"]) == 1
assert result["errors"][0]["id"] == "bad"
# ---------------------------------------------------------------------------
# URL auth helper
# ---------------------------------------------------------------------------
def test_authenticated_url():
from src.marketplace import _authenticated_url
# No token → identity
assert _authenticated_url("https://example.com/x.git", "") == "https://example.com/x.git"
# HTTPS + token → x-access-token scheme
out = _authenticated_url("https://example.com/org/repo.git", "secret123")
assert out == "https://x-access-token:secret123@example.com/org/repo.git"
# With port
out = _authenticated_url("https://host:8443/repo.git", "t")
assert out == "https://x-access-token:t@host:8443/repo.git"
# Non-HTTPS (file://) → unchanged
assert _authenticated_url("file:///tmp/repo.git", "t") == "file:///tmp/repo.git"
assert _authenticated_url("http://host/repo.git", "t") == "http://host/repo.git"
def test_is_valid_slug():
from src.marketplace import is_valid_slug
assert is_valid_slug("foo")
assert is_valid_slug("foo-bar")
assert is_valid_slug("foo_bar_99")
assert is_valid_slug("a")
assert not is_valid_slug("")
assert not is_valid_slug("Foo")
assert not is_valid_slug("../etc")
assert not is_valid_slug("foo/bar")
assert not is_valid_slug("-foo")
assert not is_valid_slug("a" * 65)
# ---------------------------------------------------------------------------
# Admin API — CRUD + token persistence in .env_overlay
# ---------------------------------------------------------------------------
def test_api_create_with_token_persists_to_overlay(seeded_app, fake_remote):
client = seeded_app["client"]
token_headers = {"Authorization": f"Bearer {seeded_app['admin_token']}"}
data_dir = Path(seeded_app["env"]["data_dir"])
pat = "ghp_testsecret_abcdef1234567890"
r = client.post(
"/api/marketplaces",
headers=token_headers,
json={
"name": "Hello",
"slug": "hello",
"url": fake_remote["url"].replace("file://", "https://") if False else "https://example.com/hello.git",
"token": pat,
"curator_name": "Test Curator",
"curator_email": "curator@example.com",
},
)
# URL must start with https:// per our validator — the placeholder above
# is a plain https URL; it's only persisted, not hit by this endpoint.
assert r.status_code == 201, r.text
body = r.json()
assert body["id"] == "hello"
assert body["has_token"] is True
assert "token" not in body # response never echoes the secret
overlay = (data_dir / "state" / ".env_overlay").read_text()
assert f"AGNES_MARKETPLACE_HELLO_TOKEN={pat}" in overlay
assert os.environ.get("AGNES_MARKETPLACE_HELLO_TOKEN") == pat
# GET list includes it
r = client.get("/api/marketplaces", headers=token_headers)
assert r.status_code == 200
entries = r.json()
assert any(e["id"] == "hello" and e["has_token"] for e in entries)
def test_api_rejects_bad_slug_and_non_https(seeded_app):
client = seeded_app["client"]
token_headers = {"Authorization": f"Bearer {seeded_app['admin_token']}"}
curator = {"curator_name": "Curator", "curator_email": "c@example.com"}
# Bad slug
r = client.post(
"/api/marketplaces",
headers=token_headers,
json={"name": "X", "slug": "../etc", "url": "https://example.com/x.git", **curator},
)
assert r.status_code == 400
# Non-https URL
r = client.post(
"/api/marketplaces",
headers=token_headers,
json={"name": "X", "slug": "xy", "url": "http://example.com/x.git", **curator},
)
assert r.status_code == 400
def test_api_create_requires_curator(seeded_app):
"""v32: curator_name + curator_email are mandatory at create time.
Three failure shapes are checked: missing both, missing email, malformed
email. Each must surface a 400 with a curator-specific message so the
admin form can render a useful toast.
"""
client = seeded_app["client"]
token_headers = {"Authorization": f"Bearer {seeded_app['admin_token']}"}
# Both missing
r = client.post(
"/api/marketplaces",
headers=token_headers,
json={"name": "X", "slug": "cnone", "url": "https://example.com/x.git"},
)
assert r.status_code == 400
assert "curator_name" in r.text
# Email missing
r = client.post(
"/api/marketplaces",
headers=token_headers,
json={
"name": "X", "slug": "cmail", "url": "https://example.com/x.git",
"curator_name": "Test",
},
)
assert r.status_code == 400
assert "curator_email" in r.text
# Email malformed
r = client.post(
"/api/marketplaces",
headers=token_headers,
json={
"name": "X", "slug": "cbad", "url": "https://example.com/x.git",
"curator_name": "Test", "curator_email": "not-an-email",
},
)
assert r.status_code == 400
def test_api_curator_round_trip(seeded_app):
"""Curator fields persist through create + GET list, and a PATCH edit
updates them. Empty-string curator inputs on PATCH leave the existing
values unchanged (per the help text on the edit modal)."""
client = seeded_app["client"]
token_headers = {"Authorization": f"Bearer {seeded_app['admin_token']}"}
r = client.post(
"/api/marketplaces",
headers=token_headers,
json={
"name": "Curator Test", "slug": "curator-rt",
"url": "https://example.com/x.git",
"curator_name": "Alice Original",
"curator_email": "alice@example.com",
},
)
assert r.status_code == 201, r.text
body = r.json()
assert body["curator_name"] == "Alice Original"
assert body["curator_email"] == "alice@example.com"
# Update curator name only
r = client.patch(
"/api/marketplaces/curator-rt",
headers=token_headers,
json={"curator_name": "Bob New"},
)
assert r.status_code == 200
body = r.json()
assert body["curator_name"] == "Bob New"
assert body["curator_email"] == "alice@example.com" # unchanged
# Empty-string PATCH leaves the value alone (not a clear)
r = client.patch(
"/api/marketplaces/curator-rt",
headers=token_headers,
json={"curator_name": "", "curator_email": " "},
)
assert r.status_code == 200
body = r.json()
assert body["curator_name"] == "Bob New"
assert body["curator_email"] == "alice@example.com"
# Malformed email rejected on PATCH too
r = client.patch(
"/api/marketplaces/curator-rt",
headers=token_headers,
json={"curator_email": "not-an-email"},
)
assert r.status_code == 400
def test_patch_legacy_row_without_curator_is_rejected(seeded_app):
"""Pre-v32 rows can survive in the DB with NULL curator (the column is
nullable so the migration doesn't break operator instances). But the
moment an admin opens the edit modal — touches URL, description, name,
anything — the API must reject the PATCH unless the curator gap is
closed in the same payload. Otherwise the OWNER_TODO_PLACEHOLDER lingers
on every /marketplace card forever (PR #234 review #5).
"""
from src.db import get_system_db
from src.repositories.marketplace_registry import MarketplaceRegistryRepository
client = seeded_app["client"]
token_headers = {"Authorization": f"Bearer {seeded_app['admin_token']}"}
# Seed a legacy row directly via the repository — bypasses the API
# validation, mimicking a row that pre-dates v32.
conn = get_system_db()
try:
MarketplaceRegistryRepository(conn).register(
id="legacy-mp",
name="Legacy",
url="https://example.com/legacy.git",
# curator_name + curator_email default to None here
)
finally:
conn.close()
# PATCH that only updates the URL — must 400 because the existing row
# has no curator and the payload doesn't fill it.
r = client.patch(
"/api/marketplaces/legacy-mp",
headers=token_headers,
json={"url": "https://example.com/legacy-renamed.git"},
)
assert r.status_code == 400, r.text
assert "curator_name is required" in r.text
# Same PATCH with curator_name only — still 400 because email is empty.
r = client.patch(
"/api/marketplaces/legacy-mp",
headers=token_headers,
json={
"url": "https://example.com/legacy-renamed.git",
"curator_name": "Late Curator",
},
)
assert r.status_code == 400, r.text
assert "curator_email is required" in r.text
# Now fill BOTH — PATCH succeeds, the row carries the new curator.
r = client.patch(
"/api/marketplaces/legacy-mp",
headers=token_headers,
json={
"url": "https://example.com/legacy-renamed.git",
"curator_name": "Late Curator",
"curator_email": "late@example.com",
},
)
assert r.status_code == 200, r.text
body = r.json()
assert body["curator_name"] == "Late Curator"
assert body["curator_email"] == "late@example.com"
# Subsequent PATCH on the now-fully-formed row that doesn't mention
# curator at all keeps working (sanity: the gate fires only when the
# row would persist with empty curator).
r = client.patch(
"/api/marketplaces/legacy-mp",
headers=token_headers,
json={"description": "Now annotated"},
)
assert r.status_code == 200, r.text
def test_api_delete_clears_overlay_binding(seeded_app):
client = seeded_app["client"]
token_headers = {"Authorization": f"Bearer {seeded_app['admin_token']}"}
pat = "ghp_another_test_token"
client.post(
"/api/marketplaces",
headers=token_headers,
json={
"name": "Temp", "slug": "temp",
"url": "https://example.com/temp.git", "token": pat,
"curator_name": "Curator", "curator_email": "c@example.com",
},
)
assert os.environ.get("AGNES_MARKETPLACE_TEMP_TOKEN") == pat
r = client.delete("/api/marketplaces/temp?purge=false", headers=token_headers)
assert r.status_code == 204
assert os.environ.get("AGNES_MARKETPLACE_TEMP_TOKEN") in (None, "")
def test_refresh_plugin_cache_drops_missing_internal_assets(clean_env, monkeypatch):
"""v32 enrichment drop semantics — when marketplace-metadata references files
that don't exist on disk (or external URLs that fail to mirror), those
entries are removed from the served metadata so the UI never shows a
broken link / image. We exercise the missing-internal-file branch
directly because it's deterministic without network.
"""
from src.db import get_system_db
from src.marketplace import _refresh_plugin_cache, is_valid_slug
from src.repositories.marketplace_registry import MarketplaceRegistryRepository
slug = "drop-test"
assert is_valid_slug(slug)
# Stand up a minimal cloned marketplace tree by hand. No git involved —
# the helper reads from disk directly.
repo_root = clean_env / "marketplaces" / slug
(repo_root / ".claude-plugin").mkdir(parents=True, exist_ok=True)
(repo_root / "plugins" / "demo").mkdir(parents=True, exist_ok=True)
# Real marketplace.json — single plugin
(repo_root / ".claude-plugin" / "marketplace.json").write_text(
json.dumps({
"name": "drop-test", "owner": {"name": "T"},
"plugins": [{
"name": "demo", "description": "test",
"version": "1.0", "source": "./plugins/demo",
}],
}),
encoding="utf-8",
)
# marketplace-metadata referencing a mix of valid + missing internal paths
(repo_root / ".claude-plugin" / "marketplace-metadata.json").write_text(
json.dumps({
"version": 1,
"plugins": {
"demo": {
# cover_photo points at a file that does NOT exist
"cover_photo": ".agnes/missing-cover.png",
"doc_links": [
# Internal path that exists → should survive
{"name": "ok-doc", "path": "docs/ok.md"},
# Internal path that doesn't exist → dropped
{"name": "missing-doc", "path": "docs/missing.md"},
],
},
},
}),
encoding="utf-8",
)
# Create the file referenced by the surviving doc_link
(repo_root / "docs").mkdir(exist_ok=True)
(repo_root / "docs" / "ok.md").write_text("# ok\n", encoding="utf-8")
# Register the marketplace so the cache write has a parent row to point at.
conn = get_system_db()
try:
MarketplaceRegistryRepository(conn).register(
id=slug, name="drop test", url="https://example.com/x.git",
curator_name="C", curator_email="c@example.com",
)
finally:
conn.close()
written = _refresh_plugin_cache(slug)
assert written == 1
# Assert the DB row reflects the drops:
# cover_photo_url is NULL (missing internal file)
# doc_links carries only the surviving entry (ok-doc)
conn = get_system_db()
try:
row = conn.execute(
"SELECT cover_photo_url, doc_links "
"FROM marketplace_plugins "
"WHERE marketplace_id = ? AND name = ?",
[slug, "demo"],
).fetchone()
finally:
conn.close()
assert row is not None
cover_url, doc_links_json = row
assert cover_url is None, f"missing internal cover should be dropped, got {cover_url}"
import json as _json
doc_links = _json.loads(doc_links_json) if isinstance(doc_links_json, str) else doc_links_json
assert isinstance(doc_links, list) and len(doc_links) == 1
assert doc_links[0]["name"] == "ok-doc"
def test_api_sync_endpoint(seeded_app, fake_remote):
client = seeded_app["client"]
token_headers = {"Authorization": f"Bearer {seeded_app['admin_token']}"}
# Register marketplace pointing at our fake remote.
r = client.post(
"/api/marketplaces",
headers=token_headers,
json={
"name": "Hello",
"slug": "sync-hello",
"url": "https://example.com/placeholder.git", # URL in DB (not dialed here)
"curator_name": "Curator",
"curator_email": "c@example.com",
},
)
assert r.status_code == 201
# Patch the URL to the local file:// one. PATCH requires https://, so we
# go around it by writing directly via the repo — simulates an admin
# that registered then later rotated to a real URL behind a reverse proxy.
from src.db import get_system_db
from src.repositories.marketplace_registry import MarketplaceRegistryRepository
conn = get_system_db()
try:
MarketplaceRegistryRepository(conn).register(
id="sync-hello", name="Hello", url=fake_remote["url"], branch="main"
)
finally:
conn.close()
r = client.post("/api/marketplaces/sync-hello/sync", headers=token_headers)
assert r.status_code == 200, r.text
body = r.json()
assert body["commit"] == fake_remote["sha"]
assert body["action"] == "clone"
def test_api_sync_nonexistent_returns_404(seeded_app):
client = seeded_app["client"]
token_headers = {"Authorization": f"Bearer {seeded_app['admin_token']}"}
r = client.post("/api/marketplaces/missing/sync", headers=token_headers)
assert r.status_code == 404
def test_api_requires_admin(seeded_app):
client = seeded_app["client"]
analyst_headers = {"Authorization": f"Bearer {seeded_app['analyst_token']}"}
r = client.get("/api/marketplaces", headers=analyst_headers)
assert r.status_code in (401, 403)
# ---------------------------------------------------------------------------
# delete_marketplace_dir helper
# ---------------------------------------------------------------------------
def test_delete_marketplace_dir(clean_env):
from src.marketplace import delete_marketplace_dir
from app.utils import get_marketplaces_dir
target = get_marketplaces_dir() / "foo"
target.mkdir(parents=True)
(target / "a.txt").write_text("x")
assert delete_marketplace_dir("foo") is True
assert not target.exists()
# Idempotent: deleting twice returns False, no exception
assert delete_marketplace_dir("foo") is False
with pytest.raises(ValueError):
delete_marketplace_dir("../etc")
Reference in a new issue View git blame Copy permalink