AI-Cognitive-Leap/agnes-the-ai-analyst
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
agnes-the-ai-analyst/tests/test_marketplace_api.py
minasarustamyan c6c72b9c00
feat(flea): marketplace refactor — data model, attribution, UI unification (#342) 
* feat(flea): phase-1 — title, tagline, synthetic_name columns + upload UX

Schema v49 adds three user-facing metadata columns to store_entities:

- title (NOT NULL) — humanized display name shown on marketplace
  surfaces in later phases. Acronym-aware humanizer in
  src/store_naming.py (27 entries: MCP, API, OAuth, S3, …) shared
  with the frontend via Jinja-injected dict so JS pre-fill and
  Python backfill produce identical output.
- tagline (NULL, ≤200 chars) — optional short description for card
  listings. Long-form `description` stays.
- synthetic_name (NOT NULL) — deterministic `<name>-by-<owner_username>`
  stored as a column for indexing and as the single source of truth
  for attribution lookups in later phases. Today's bundle bake still
  uses suffixed_name() at the same call sites.

Migration (_v48_to_v49_migrate, Python function — humanize has no
SQL equivalent) backfills existing rows: title from
humanize_name(strip_archive_suffix(name)), synthetic from the concat
formula; tagline stays NULL. Idempotent (ADD COLUMN IF NOT EXISTS +
SET NOT NULL no-op on re-run).

Upload form (store_upload.html step 2) reorders fields: Title
(pre-filled from server-side humanize, JS keeps it in sync until
the user edits manually) → Name + dark synthetic preview on one
row (matches marketplace_item_detail.html dark code styling, no
copy button — preview only) → Short description with character
counter → Description (unchanged). Edit form (store_edit.html)
mirrors the layout with pre-filled values from the entity row.

API:

- POST /api/store/entities/preview returns `title` (humanized
  fallback) for upload form pre-fill.
- POST + PUT /api/store/entities accept `title` and `tagline` form
  fields with 100/200-char validation; PUT recomputes
  synthetic_name when `name` changes (caller responsibility per
  repo contract).
- StoreEntityResponse exposes all three new fields.

Repository:

- create() takes title + tagline + synthetic_name as optional
  kwargs with derived defaults (humanize_name(name) / concat) so
  existing test fixtures don't need to thread them.
- update() supports partial updates on all three; tagline empty
  string clears via NULL sentinel.
- archive() recomputes synthetic_name on rename to the archived
  slug so the column stays consistent with name.

Tests:

- New test_schema_v48_to_v49_migration.py: fresh install,
  populated-row backfill (incl. archived row strip), idempotence,
  NOT NULL constraint verification.
- test_store_naming.py: 14 humanize parametrize cases + acronym
  dict invariants.
- test_store_api.py::TestStoreV49Metadata: preview humanize, POST
  with explicit + fallback title, 100/200-char rejects, PUT
  partial update + synthetic recompute on rename.
- Schema version assertion bumps (48 → 49) in test_db_schema_version,
  test_home_stats, test_schema_v42_migration, test_schema_v46_migration.

Phase 1 only — surface rendering on cards / detail pages and
Claude Code bundle propagation come in later phases.

* feat(flea): phase-2 — wire title/tagline/owner through marketplace cards + detail pages

Phase 1 (7f4cfcbb) populated the three new columns on store_entities;
phase 2 surfaces them across the web presentation layer so the kebab-
case slug + bare username no longer leak into user-facing copy.

API:

- `_flea_to_item` now takes `conn` (both callsites updated) and sets
  `display_name=entity.title`, `tagline=entity.tagline`, `owner=
  _resolve_owner_display(conn, owner_user_id, owner_username)` —
  matches the chain the curated path already uses (users.name →
  users.email → fallback). The card JS chain `it.display_name ||
  it.name` then renders the friendly form; `name` stays at the
  suffixed slug as the technical identifier JS uses for fallbacks.
- `flea_detail` adds `display_name` + `tagline` to PluginDetailResponse
  so the standalone skill/agent + plugin detail heroes pick them up
  through the existing `d.display_name` / `d.tagline` chains.
- `_flea_inner_parent_fields` swaps `parent_display_name` from
  `strip_archive_suffix(name)` to `entity.title or strip_archive_suffix(
  name)`. Drives parent-plugin label in four surfaces at once:
  breadcrumb 3rd segment, hero "part of <plugin>" meta-row,
  helper "This skill is part of <plugin>" panel, and the Details
  sidebar's "Parent plugin" row.

Templates — `marketplace_item_detail.html`:

- Pre-render: browser title, hero h1, and hero-window-label read
  `(entity.title if entity else None) or inner_name or item_name or
  plugin_name` so the SSR shell shows the friendly title before the
  JS fetch lands (no flash of kebab-case).
- Breadcrumb last segment for flea standalone drops the `d.manifest_name
  || heroTitle` fallback in favour of just `heroTitle` — manifest_name
  is the suffixed slug and users explicitly didn't want it in the path.
- Hero meta-row for flea standalone is now hidden. The prior "by
  <author> · N installed · <size>" line duplicated install count
  (hero telemetry chip below), owner + bundle size (Details sidebar).

Templates — `marketplace_plugin_detail.html`:

- Same SSR pre-render swap (title, h1, window-label, crumb-name).
- Hero tagline element starts hidden; JS shows it only when
  `d.tagline` is truthy. Pre-fix it fell back to `d.description`
  (long-form text), which read awkwardly under the h1 and pulled the
  hero too tall. Description still renders in the "What it does"
  panel below the hero.
- Initial "Loading…" placeholder removed so entities without a
  tagline don't flash that text mid-fetch.

Tests:

- New `TestFleaPhase2Presentation` class in test_marketplace_api.py
  (6 cases): card title + tagline + full-name owner, owner fallback
  chain when users.name is NULL, flea_detail exposes title + tagline,
  tagline null when omitted, inner skill parent_display_name uses
  entity.title (explicit + humanize-fallback variants).
- Updated `TestListItems.test_flea_lists_uploads` to assert both
  `display_name == "Alpha"` (humanized) and `name ==
  "alpha-by-alice"` (suffixed slug compat).
- Updated `TestWebPages.test_marketplace_flea_detail_page_renders`
  to look for the humanized title ("Page Skill") in the SSR shell
  instead of the kebab-case `page-skill`.

* feat(flea): phase-3 — read synthetic_name from DB, suffixed_name() only on write

Phase 1 added the column + backfill, repo write paths keep it in sync.
Phase 3 routes every READ callsite through `store_entities.synthetic_name`
directly instead of recomputing `<name>-by-<owner_username>` on the fly,
and switches the collision query off the inline string concat. The
`suffixed_name()` primitive now lives exclusively in write flows.

Read callsites updated (all read `entity["synthetic_name"]` directly,
no fallback — the column is NOT NULL and a missing value would be a
real bug worth surfacing as KeyError):

- app/api/marketplace.py:_flea_to_item — card MarketplaceItem.name.
- app/api/marketplace.py:flea_detail — PluginDetailResponse.manifest_name.
- app/api/store.py:_entity_to_response — StoreEntityResponse.invocation_name.
- app/api/store.py PUT bundle re-bake — `suffixed` passed to
  `_bake_plugin_tree`; entity is loaded pre-rename, so its
  synthetic_name is the OLD value `_bake_plugin_tree` expects.
- app/api/store.py PUT rename — `old_suffix` for `_rename_baked_tree`.
- app/api/my_stack.py — StoreInstallEntry.invocation_name.
- src/marketplace_filter.py — manifest_name in served plugin entry.

`suffixed_name` imports removed from marketplace.py, my_stack.py, and
marketplace_filter.py (no remaining callsites). store.py keeps the
import for its write paths:

- POST create (`suffixed = suffixed_name(final_name, username)` →
  passed to `_bake_plugin_tree` and `repo.create(synthetic_name=...)`).
- PUT rename collision check (`new_suffixed`).
- PUT rename `new_suffix` for `_rename_baked_tree` (proposed value).
- PUT rename `new_synthetic` for `repo.update(synthetic_name=...)`.
- Archive `old_suffix` + `new_suffix` for `_rename_baked_tree`
  (retro-compute pre-archive value after `repo.archive` already
  overwrote the DB row with the post-archive synthetic).

Collision SQL — `_suffixed_already_taken`:

  WHERE name || '-by-' || owner_username = ?   (before)
  WHERE synthetic_name = ?                     (after)

Same matches today (phase 1 backfill + NOT NULL invariant + write
paths in sync); indexable + single source of truth going forward.

Repository:

- UserStoreInstallsRepository.list_for_user explicit SELECT extended
  with `se.title`, `se.tagline`, `se.synthetic_name` so my_stack and
  marketplace_filter callers can read them off the joined row.

Tests:

- test_store_api.py::test_invocation_name_reads_from_synthetic_column —
  upload entity, manually override the column with a non-canonical
  value, verify GET response returns the override (proves read path
  consumes the column, not recomputes).
- test_marketplace_api.py::test_flea_card_and_detail_read_synthetic_name_from_db —
  same proof for `MarketplaceItem.name` (card) and
  `PluginDetailResponse.manifest_name` (detail).

* feat(flea): phase-4 — rename agnes-store-bundle → flea (synthetic plugin)

The synthetic plugin that wraps loose flea-market skills + agents into
one Claude Code plugin is renamed from `agnes-store-bundle` to `flea`.
Plugin-type flea uploads (their own standalone plugin entry) are
unaffected.

Constants:
- src/marketplace_filter.py:
  - BUNDLE_PLUGIN_NAME: "agnes-store-bundle" → "flea"  (Claude Code
    plugin manifest name + .claude-plugin/plugin.json name)
  - BUNDLE_PREFIXED_NAME: "store-bundle" → "flea"      (on-disk ZIP /
    git tree path, now plugins/flea/...)

Attribution layer (services/session_processors/usage_lib.py):
- FLEA_BUNDLE_PREFIX: "agnes-store-bundle" → "flea". The JSONL
  invocation identifier going forward is `flea:<skill-name>`.
- New `_LEGACY_FLEA_BUNDLE_PREFIXES = ("agnes-store-bundle",)`.
  `MarketplaceItemLookup.resolve()` + `_attribute_event()` accept BOTH
  the new and the legacy prefix so historic usage_events (~90-day
  retention) continue attributing to source='flea'. The tuple becomes
  a no-op once the rename has been live past the retention window —
  a follow-up commit can drop it then.
- USAGE_PROCESSOR_VERSION bumped 6 → 7 so the session-pipeline reprocess
  loop re-runs attribution with the new + legacy prefix branches.

User-facing copy:
- /api/store/bundle.zip Content-Disposition filename: agnes-store-bundle.zip → flea.zip
- `agnes admin store pull` default --out: agnes-store-bundle.zip → flea.zip
- Docstrings + JS comment + welcome template comment updated.

Tests:
- skill_flea.jsonl fixture identifier updated to flea:flea-skill.
- New skill_flea_legacy.jsonl with the legacy prefix for backward-compat
  coverage.
- New test `test_legacy_agnes_store_bundle_prefix_resolves` replays the
  legacy fixture and asserts source='flea' attribution still lands.
- All other test assertions / mocks substituted mechanically:
  test_session_processor_usage.py, test_usage_rollups.py,
  test_marketplace_filter_store.py, test_store_api.py,
  test_cli_refresh_marketplace.py.
- `_seed_flea_entity` (test_usage_rollups.py) + `_seed_attribution`
  (test_session_processor_usage.py) helpers now supply the NOT NULL
  `title` + `synthetic_name` columns from phase 1, since they INSERT
  directly bypassing the repo's create() fallback.

Client rollover note (CHANGELOG): `agnes refresh-marketplace` will
install the new `flea@agnes` plugin and the local marketplace clone's
`plugins/store-bundle/` source folder is removed via `git reset --hard`.
Whether Claude Code itself auto-prunes the orphan `agnes-store-bundle
@agnes` registry entry is undocumented — to verify empirically on the
dev VM. If the orphan entry lingers, a follow-up will add targeted
cleanup; until then users can manually run
`claude plugin uninstall agnes-store-bundle@agnes`.

Verified locally: 98 passed (session_processor_usage + usage_rollups +
marketplace_filter_store + cli_refresh_marketplace) + 228 passed/2
skipped (store_api + marketplace_api + admin_store_submissions +
store_entity_versions + store_repositories).

* fix(flea): phase-5 — attribution keyspace mismatch (closes #335)

Pre-fix every flea skill/agent invocation silently fell through to
`usage_events.source = 'builtin'`. Root cause: lookup tables in
`services/session_processors/usage_lib.py` keyed `_flea_entities` (and
the derived `_flea_plugins` set) by `store_entities.name` — the
un-suffixed display name. Claude Code writes invocations as
`flea:<synthetic_name>` (e.g. `flea:xlsx-by-c-marustamyan`), so
`dict.get(local)` always missed and the resolver fell through to
builtin. Result: marketplace cards, detail telemetry chips, admin
group-by-source all showed 0 flea invocations even when the raw
JSONL stream was correct.

Phase 1 added the `synthetic_name` column + backfill; phase 4 renamed
the bundle prefix to `flea`; phase 5 finally flips the lookup
keyspace to match what JSONL writes.

usage_lib.py:
- `MarketplaceItemLookup.__init__` preload: `SELECT synthetic_name,
  type FROM store_entities` (was `SELECT name, type`). `_flea_plugins`
  set derived from those keys, so it now carries synthetic_names
  too — matches what Claude Code writes when invoking a skill nested
  inside a flea plugin (`<synthetic>:<inner>`).
- `rebuild_rollups` preload: same SELECT change; also derives
  `flea_plugins` and threads it through `_aggregate_events` /
  `_rebuild_window`.
- `_attribute_event`: signature extended with `flea_plugins`; new
  branch `if prefix in flea_plugins: return ("flea", default_type,
  prefix, local)` for flea-plugin-nested skills/agents. This branch
  was added to `MarketplaceItemLookup.resolve()` in v6 (commit
  e076ebbe) but the rollup builder's helper was never updated to
  match, so nested skills inside flea plugins silently dropped out
  of the daily/window fact tables.
- `USAGE_PROCESSOR_VERSION`: 7 → 8. Forces the session-pipeline
  reprocess loop to re-attribute existing usage_events rows with
  the corrected lookup so rollup tables fill correctly on the next
  tick.

marketplace.py — 4 API stats lookup callsites switched from
`entity["name"]` to `entity["synthetic_name"]`:
- `_flea_to_item` (card stats lookup)
- `flea_detail` (`_build_telemetry` + `_load_inner_items_stats_by_parent`)
- `flea_skill_detail` (inner detail `parent_plugin` key)
- `flea_agent_detail` (inner detail `parent_plugin` key)

Tests:
- `skill_flea.jsonl` invocation: `flea:flea-skill` →
  `flea:flea-skill-by-alice` (mirrors what Claude Code writes after
  phase 1/4 — the suffixed synthetic_name).
- `test_flea_skill_attributed_with_empty_parent` assertion: rollup
  `name` column now carries the synthetic_name.

No legacy `agnes-store-bundle` prefix backward compat — clean cut per
user direction (dev phase, no production data worth preserving).

Verified locally: 53 passed targeted (session_processor_usage +
usage_rollups + marketplace_filter_store) + 215 passed/2 skipped
broader (store_api + marketplace_api + admin_store_submissions +
store_entity_versions).

* fix(flea): phase-6 — plugin-level rollup aggregation parity for flea

Flea plugin entity cards + detail pages showed 0 invocations even
though nested skills had correct rollup rows. Root cause: the
plugin-level aggregation pass in `_aggregate_events` was hardcoded
to `source='curated'` only:

    if source != "curated" or not parent:
        continue
    if group_by_day:
        pkey = (day, "curated", "plugin", "", parent)
    else:
        pkey = ("curated", "plugin", "", parent)

So flea plugin entities never got a synthetic
`(source='flea', type='plugin', parent_plugin='', name=<synth>)`
row aggregating nested invocations. `_load_invocation_stats('flea')`
filters `parent_plugin = ''` and returned no row for flea plugin
entity cards, so `stats.get(entity["synthetic_name"])` missed and
the API exposed 0/0.

Triggered by empirical observation on the dev VM —
`codex-second-opinion-by-c-marustamyan` plugin showed 0 calls in
the listing card while its three inner skills (codex-setup ×3,
codex-review ×1, codex-second-opinion ×1) had the expected child
rollup rows.

Fix:

- Extend the guard to `source in ("curated", "flea")`.
- Replace the hardcoded `"curated"` in the `pkey` tuple with the
  loop's `source` variable, so flea aggregation lands as `source=
  'flea'` and curated aggregation continues landing as
  `source='curated'`.

API path unchanged — `_load_invocation_stats('flea')` filters
`parent_plugin = ''` already picks up the new aggregated row
alongside standalone skill/agent rows. Rollup `name` field carries
the synthetic_name keyspace; no collision between standalone entity
synthetic and plugin entity synthetic (global suffix uniqueness
enforced by `_suffixed_already_taken`).

`USAGE_PROCESSOR_VERSION` bumped 8 → 9 to force a reprocess pass so
historic nested-invocation data fills the new plugin-level rows on
the next tick (instead of waiting for the next live invocation).

Tests:

- New `test_flea_plugin_row_aggregates_children` mirrors the existing
  `test_curated_plugin_row_aggregates_children`: seeds a flea plugin
  entity, three nested events (one user invoking two skills, a
  second user invoking one) → asserts the aggregated plugin row
  carries count=3, distinct_users=2 (union, not sum), plus the child
  rows survive alongside.

Verified locally: 43 passed (session_processor_usage + usage_rollups)
+ 82 passed/2 skipped broader (+ marketplace_filter_store +
marketplace_api).

* refactor(marketplace): phase-7 — unify Details sidebar across detail surfaces

Five marketplace detail surfaces (curated plugin, flea plugin, curated
inner skill/agent, flea inner skill/agent, flea standalone skill/agent)
had drifted on which Details rows they show and what order — the same
field landed in different positions, some fields duplicated hero info,
and the flea plugin Owner row leaked the kebab-case `owner_username`
slug instead of the user's real name. This commit aligns all five
surfaces on a single scan order driven by UX priority:

  identity → life-stage → telemetry → debug-tier

Concretely:

  1. Curator / Owner          (first scan signal — trust)
  2. Parent plugin            (inner skill/agent only)
  3. Released                 (top-level only — plugins + flea standalone)
  4. Last used                (recency)
  5. Active days              (engagement consistency)
  6. Version                  (flea standalone only — content hash)
  7. Bundle size              (debug-tier)

Dropped:

  - Slug field on plugin detail surfaces (`marketplace_id` for curated,
    `entity_id` for flea). Pure debug info, never user-relevant; URL
    already carries it.
  - Category + Installs on flea standalone skill/agent detail.
    Category is already shown as a hero badge; install count is in
    the hero telemetry chip — sidebar duplication added noise.

Owner display:

  - Flea plugin Owner row now reads `d.owner_display` (resolved through
    `users.name → users.email → owner_username` by `_resolve_owner_display`
    in `app/api/marketplace.py:1491`) instead of the raw `d.author_name`
    (which is `owner_username`, the kebab-case slug). API field already
    populated from phase 2; templates just consume it.
  - Curated Curator row continues to read `d.author_name` from
    marketplace-metadata.json; `owner_todo` placeholder behavior
    preserved.

Files:

  - app/web/templates/marketplace_plugin_detail.html — rewrote the
    Details render loop (lines 1364-1427 area). Slug row removed,
    rows reordered, Owner branch reads `d.owner_display`.
  - app/web/templates/marketplace_item_detail.html — both branches of
    the Details sidebar (inner skill/agent + flea standalone) re-laid
    around the same scan order. Telemetry helper unchanged, just
    repositioned. Category + Installs rows removed from the
    standalone branch.

No new tests — no existing test asserts the precise order of Details
rows or references the dropped fields in a sidebar context (grep
confirmed). API surface unchanged.

Verified locally: 84 passed / 2 skipped on `test_marketplace_api.py`
+ `test_store_api.py`.

* fix(flea): post-review hardening — N+1, v50 UNIQUE, docs, test cleanup

Addresses 5 critical findings from PR #342 code review:

1. N+1 query in `_flea_to_item` — owner-display resolution previously
   ran one `SELECT … FROM users WHERE id = ?` per item in the listing
   comprehension. Now batched via `_load_users_display` IN-query
   prefetch; 50 items drops 51 user queries to 2. Regression-guarded
   by `TestFleaOwnerDisplayBatched` (spies `_resolve_owner_display`
   and asserts it's not called inside the list path).

2. Misleading comment in `src/marketplace_filter.py` claimed the
   attribution layer accepts both `agnes-store-bundle` and `flea`
   prefixes — it doesn't (clean cut per CHANGELOG). Rewrote to match
   reality.

3. CHANGELOG `[Unreleased]` had two `### Changed` blocks. Merged into
   one (BREAKING bullet first).

4. New v49→v50 migration adds `UNIQUE INDEX
   idx_store_entities_synthetic_name`. v49 made `synthetic_name` the
   canonical attribution key but uniqueness was only app-enforced;
   v50 promotes the invariant to the DB layer. Migration pre-checks
   for existing duplicates and raises `RuntimeError` listing them
   rather than letting `CREATE UNIQUE INDEX` fail mid-way. v48→v49
   migration gained an `is_nullable='YES'` guard on its `SET NOT NULL`
   ALTERs so re-runs on a fully-migrated DB don't trip DuckDB's
   "cannot alter entry … entries depend on it" block (the new index
   counts as such an entry). Index is created by the migration only —
   keeping it out of `_SYSTEM_SCHEMA` preserves fresh-install ordering
   (CREATE TABLE → v49 ALTERs → v50 CREATE INDEX).

5. Deleted three redundant version-pinned schema asserts whose names
   lied about their bodies (`test_schema_version_is_42` asserting
   `== 49`, etc.). Canonical assert lives in
   `test_db_schema_version.py`, renamed to
   `test_schema_version_matches_constant`.

* fix(db): gate v34→v38 store_entities ALTER COLUMN steps on column state

CI on Linux failed `test_v17_to_v18_drops_*` after the v50 UNIQUE INDEX
landed. Root cause: those tests open a DB at the full target version,
seed fixtures, then reset `schema_version` to 17 and reopen — forcing
the ladder to re-run from 17 → current. With the v50 index now in place,
DuckDB blocks intermediate `ALTER COLUMN` steps on `store_entities`
("Cannot drop this column: an index depends on a column after it!" /
"Cannot alter entry because there are entries that depend on it"),
because `synthetic_name` (the indexed column) sits positionally after
the columns those steps touch.

Fix: convert the three SQL-list migrations that hit store_entities into
defensive Python functions:

- `_v34_to_v35_migrate` short-circuits when `synthetic_name` already
  exists (post-v49 shape — the visibility_status rebuild is moot and
  the DROP COLUMN would be blocked by the index).
- `_v35_to_v36_migrate` gates the `visibility_status SET NOT NULL` +
  `SET DEFAULT` on `is_nullable='YES'` so it's a true no-op when the
  column is already constrained.
- `_v37_to_v38_migrate` gates the `version_no SET NOT NULL` step the
  same way.

Forward-roll path (real installs that never reset schema_version) is
unchanged: the gates fire `YES` → ALTERs run. The fix only changes
behavior for the "DB is already at v50 shape but version row says 17"
scenario the tests construct.

---------

Co-authored-by: Minas Arustamyan <arustamyan.minas@gmail.com>
2026-05-19 02:32:41 +02:00

1011 lines
43 KiB
Python
Raw Blame History

"""Integration tests for the unified /api/marketplace endpoints.
Covers the v28 Model B browse + install surface: per-tab listing,
categories, curated detail with RBAC guard, and subscribe/unsubscribe.
"""
from __future__ import annotations
import io
import json
import zipfile
from datetime import datetime, timezone
import pytest
from fastapi.testclient import TestClient
@pytest.fixture
def web_client(tmp_path, monkeypatch):
monkeypatch.setenv("DATA_DIR", str(tmp_path))
monkeypatch.setenv("TESTING", "1")
monkeypatch.setenv("JWT_SECRET_KEY", "test-secret-key-min-32-characters!!")
(tmp_path / "state").mkdir()
(tmp_path / "analytics").mkdir()
(tmp_path / "extracts").mkdir()
from src.db import close_system_db
close_system_db()
from app.main import create_app
app = create_app()
yield TestClient(app)
close_system_db()
def _create_user(client, email, password="UserPass1!"):
from argon2 import PasswordHasher
from src.db import get_system_db
from src.repositories.users import UserRepository
ph = PasswordHasher()
conn = get_system_db()
user_id = email.split("@")[0]
UserRepository(conn).create(
id=user_id, email=email, name=user_id, password_hash=ph.hash(password),
)
conn.close()
r = client.post("/auth/token", json={"email": email, "password": password})
assert r.status_code == 200, r.text
return user_id, {"access_token": r.json()["access_token"]}
def _seed_curated_grant(
*,
user_id: str,
marketplace: str,
plugin: str,
plugin_meta: dict | None = None,
group_name: str | None = None,
) -> tuple[str, str]:
from src.db import get_system_db
from src.repositories.user_groups import UserGroupsRepository
from src.repositories.user_group_members import UserGroupMembersRepository
from src.repositories.resource_grants import ResourceGrantsRepository
conn = get_system_db()
try:
existing = conn.execute(
"SELECT 1 FROM marketplace_registry WHERE id = ?", [marketplace],
).fetchone()
if not existing:
conn.execute(
"INSERT INTO marketplace_registry (id, name, url, registered_at) "
"VALUES (?, ?, ?, ?)",
[marketplace, marketplace.upper(),
f"https://example.test/{marketplace}.git",
datetime.now(timezone.utc)],
)
meta = {"name": plugin, "version": "1.0", "description": "desc"}
if plugin_meta:
meta.update(plugin_meta)
conn.execute(
"INSERT INTO marketplace_plugins "
"(marketplace_id, name, description, version, category, raw, updated_at) "
"VALUES (?, ?, ?, ?, ?, ?, ?)",
[
marketplace, plugin, meta.get("description"), meta.get("version"),
meta.get("category"), json.dumps(meta),
datetime.now(timezone.utc),
],
)
gname = group_name or f"G-{user_id}-{marketplace}"
gid = UserGroupsRepository(conn).create(name=gname)["id"]
UserGroupMembersRepository(conn).add_member(user_id, gid, source="admin")
grant_id = ResourceGrantsRepository(conn).create(
group_id=gid, resource_type="marketplace_plugin",
resource_id=f"{marketplace}/{plugin}",
)
return gid, grant_id
finally:
conn.close()
_OK_DESC = "Use when validating marketplace API endpoints across guardrail tiers"
_OK_BODY = (
"Body explaining the skill, when to invoke it, and the expected outputs. "
"Long enough to clear the 200-char content guardrail floor. " * 2
)
def _make_skill_zip(skill_name: str = "code-review") -> bytes:
buf = io.BytesIO()
with zipfile.ZipFile(buf, "w") as zf:
zf.writestr(
f"{skill_name}/SKILL.md",
f"---\nname: {skill_name}\ndescription: {_OK_DESC}\n---\n\n{_OK_BODY}",
)
return buf.getvalue()
def _make_plugin_zip(plugin_name: str, inner_skill: str = "dummy") -> bytes:
"""Mirror of test_store_api._make_plugin_zip — minimal flea plugin
ZIP with one inner skill, used to drive ``/api/marketplace/flea/{id}
/skill/{name}`` inner-detail tests."""
import json
buf = io.BytesIO()
with zipfile.ZipFile(buf, "w") as zf:
zf.writestr(
".claude-plugin/plugin.json",
json.dumps({
"name": plugin_name,
"description": _OK_DESC,
"version": "0.1",
}),
)
zf.writestr(
f"skills/{inner_skill}/SKILL.md",
f"---\nname: {inner_skill}\ndescription: {_OK_DESC}\n---\n\n{_OK_BODY}",
)
return buf.getvalue()
# ---------------------------------------------------------------------------
# /api/marketplace/items
# ---------------------------------------------------------------------------
class TestListItems:
def test_curated_empty_for_user_without_grants(self, web_client):
_, cookies = _create_user(web_client, "alice@x.com")
r = web_client.get("/api/marketplace/items?tab=curated", cookies=cookies)
assert r.status_code == 200
data = r.json()
assert data["total"] == 0
assert data["items"] == []
def test_curated_lists_granted_plugins(self, web_client):
user_id, cookies = _create_user(web_client, "alice@x.com")
_seed_curated_grant(user_id=user_id, marketplace="mkt-x", plugin="alpha")
r = web_client.get("/api/marketplace/items?tab=curated", cookies=cookies)
assert r.status_code == 200
data = r.json()
assert data["total"] == 1
assert data["items"][0]["source"] == "curated"
assert data["items"][0]["name"] == "alpha"
assert data["items"][0]["installed"] is False
assert data["items"][0]["marketplace_slug"] == "mkt-x"
def test_flea_lists_uploads(self, web_client):
_, cookies = _create_user(web_client, "alice@x.com")
web_client.post(
"/api/store/entities",
files={"file": ("s.zip", _make_skill_zip("alpha"), "application/zip")},
data={"type": "skill", "description": _OK_DESC}, cookies=cookies,
)
r = web_client.get("/api/marketplace/items?tab=flea", cookies=cookies)
assert r.status_code == 200
data = r.json()
assert data["total"] == 1
item = data["items"][0]
assert item["source"] == "flea"
# v49 phase-1: `name` is the suffixed invocation slug — kept as the
# technical identifier card JS falls back to when display_name is
# absent. v49 phase-2: `display_name` carries the humanized title
# (`Alpha`), and JS uses it as the visible card heading.
assert item["name"] == "alpha-by-alice"
assert item["display_name"] == "Alpha"
def test_my_subscriptions_default_empty(self, web_client):
"""Without explicit install, a granted curated plugin doesn't show
up under tab=my (Model B)."""
user_id, cookies = _create_user(web_client, "alice@x.com")
_seed_curated_grant(user_id=user_id, marketplace="mkt-x", plugin="alpha")
r = web_client.get("/api/marketplace/items?tab=my", cookies=cookies)
assert r.status_code == 200
data = r.json()
assert data["total"] == 0
def test_my_stack_carries_marketplace_metadata_enrichment(self, web_client):
"""Once a curated plugin is in the user's stack (subscribed), the
``tab=my`` card MUST carry the same marketplace-metadata enrichment
(cover_photo_url, video_url, category override) the ``tab=curated``
card shows. Previously the My Stack handler built rows from the
on-disk ``marketplace.json``, which doesn't carry those columns —
same plugin → cover photo on Curated, gradient placeholder on
My Stack.
"""
from src.db import get_system_db
from src.repositories.user_curated_subscriptions import (
UserCuratedSubscriptionsRepository,
)
user_id, cookies = _create_user(web_client, "alice@x.com")
_seed_curated_grant(user_id=user_id, marketplace="mkt-x", plugin="alpha")
# Backfill the marketplace-metadata enrichment columns on the seeded
# plugin row — same shape `_refresh_plugin_cache` writes after a
# nightly sync that picked up a curator's marketplace-metadata.json.
cover = "/api/marketplace/curated/mkt-x/alpha/asset/cover.png"
video = "https://www.youtube.com/watch?v=abc123"
conn = get_system_db()
try:
conn.execute(
"UPDATE marketplace_plugins SET cover_photo_url = ?, "
"video_url = ?, category = ? "
"WHERE marketplace_id = 'mkt-x' AND name = 'alpha'",
[cover, video, "Code & Engineering"],
)
UserCuratedSubscriptionsRepository(conn).subscribe(
user_id=user_id, marketplace_id="mkt-x", plugin_name="alpha",
)
finally:
conn.close()
r = web_client.get("/api/marketplace/items?tab=my", cookies=cookies)
assert r.status_code == 200, r.text
data = r.json()
assert data["total"] == 1, data
item = data["items"][0]
assert item["source"] == "curated"
assert item["name"] == "alpha"
# The bug the test guards: ``photo_url`` (mapped from
# ``marketplace_plugins.cover_photo_url``) used to be hard-coded
# None on the My Stack path. Now the My Stack handler looks up the
# enriched marketplace_plugins row and surfaces it — matching the
# Curated tab. ``MarketplaceItem`` flattens the column name to
# ``photo_url``; see :func:`_curated_to_item`.
assert item["photo_url"] == cover, (
"My Stack must surface marketplace-metadata cover_photo_url, not None"
)
assert item["category"] == "Code & Engineering"
# ---------------------------------------------------------------------------
# /api/marketplace/categories
# ---------------------------------------------------------------------------
class TestCategories:
def test_curated_categories_count(self, web_client):
user_id, cookies = _create_user(web_client, "alice@x.com")
_seed_curated_grant(
user_id=user_id, marketplace="mkt-x", plugin="alpha",
plugin_meta={"category": "Code & Engineering"},
)
_seed_curated_grant(
user_id=user_id, marketplace="mkt-x", plugin="beta",
plugin_meta={"category": "Code & Engineering"},
group_name="G-alice-mkt-x-beta",
)
r = web_client.get(
"/api/marketplace/categories?tab=curated", cookies=cookies,
)
assert r.status_code == 200
data = r.json()
cats = {c["name"]: c["count"] for c in data["items"]}
assert cats.get("Code & Engineering") == 2
def test_categories_skip_empty(self, web_client):
_, cookies = _create_user(web_client, "alice@x.com")
r = web_client.get(
"/api/marketplace/categories?tab=curated", cookies=cookies,
)
assert r.status_code == 200
data = r.json()
assert data["items"] == [] # no plugins in scope → no categories
# ---------------------------------------------------------------------------
# Curated detail + install
# ---------------------------------------------------------------------------
class TestCuratedDetail:
def test_detail_403_without_grant(self, web_client):
_, cookies = _create_user(web_client, "alice@x.com")
r = web_client.get(
"/api/marketplace/curated/some-mp/some-plugin", cookies=cookies,
)
assert r.status_code == 403
def test_detail_200_with_grant(self, web_client):
user_id, cookies = _create_user(web_client, "alice@x.com")
_seed_curated_grant(user_id=user_id, marketplace="mkt-x", plugin="alpha")
r = web_client.get(
"/api/marketplace/curated/mkt-x/alpha", cookies=cookies,
)
assert r.status_code == 200, r.text
data = r.json()
assert data["plugin_name"] == "alpha"
assert data["installed"] is False
# New fields populated for the redesigned plugin detail page.
assert "files" in data and isinstance(data["files"], list)
assert "docs" in data and isinstance(data["docs"], list)
assert data["install_count"] == 0
def test_detail_rich_content_from_marketplace_metadata(
self, web_client, tmp_path,
):
"""When curator wrote rich content into marketplace-metadata.json, the
detail endpoint surfaces display_name, tagline, description_long_html
(server-rendered markdown), use_cases, and sample_interaction. The
on-demand parser reads from `${DATA_DIR}/marketplaces/<id>/...` —
this test seeds that file and verifies the API response carries
the fields through to PluginDetailResponse."""
import json
from pathlib import Path
user_id, cookies = _create_user(web_client, "alice@x.com")
_seed_curated_grant(user_id=user_id, marketplace="mkt-x", plugin="alpha")
# Write a marketplace-metadata.json to the working tree the on-demand
# parser will read.
marketplaces_dir = Path(tmp_path) / "marketplaces" / "mkt-x" / ".claude-plugin"
marketplaces_dir.mkdir(parents=True, exist_ok=True)
(marketplaces_dir / "marketplace-metadata.json").write_text(json.dumps({
"plugins": {
"alpha": {
"display_name": "Friendly Alpha",
"tagline": "One-line value prop.",
"description": "Para 1.\n\nPara 2 with **bold**.",
"use_cases": [
{"title": "Find owner", "description": "X+Y.", "prompt": "/q"},
],
"sample_interaction": {
"user": "What?",
"assistant": "Here's *the* answer.",
},
},
},
}), encoding="utf-8")
r = web_client.get("/api/marketplace/curated/mkt-x/alpha", cookies=cookies)
assert r.status_code == 200, r.text
data = r.json()
assert data["display_name"] == "Friendly Alpha"
assert data["tagline"] == "One-line value prop."
# description_long_html is the server-rendered markdown body.
assert "<strong>bold</strong>" in data["description_long_html"]
assert "<p>Para 1.</p>" in data["description_long_html"]
assert len(data["use_cases"]) == 1
assert data["use_cases"][0]["title"] == "Find owner"
# sample_interaction carries both the raw assistant text + rendered HTML.
assert data["sample_interaction"]["user"] == "What?"
assert "<em>the</em>" in data["sample_interaction"]["assistant_html"]
def test_detail_falls_back_when_no_rich_content(self, web_client):
"""No marketplace-metadata.json on disk → API returns the historical
shape with rich fields left null / empty. No 500, no crash."""
user_id, cookies = _create_user(web_client, "alice@x.com")
_seed_curated_grant(user_id=user_id, marketplace="mkt-x", plugin="alpha")
r = web_client.get(
"/api/marketplace/curated/mkt-x/alpha", cookies=cookies,
)
assert r.status_code == 200, r.text
data = r.json()
assert data["display_name"] is None
assert data["tagline"] is None
assert data["description_long_html"] is None
assert data["use_cases"] == []
assert data["sample_interaction"] is None
def test_detail_tolerates_partial_curator_json(self, web_client, tmp_path):
"""Curator commits a sample_interaction with only ``user`` (forgot
``assistant``) and a use_cases entry missing ``prompt``. The endpoint
must skip the malformed sections instead of 500-ing on Pydantic's
required-field validation — PR description promises rich content
renders only when populated, partial population should degrade
gracefully."""
import json
from pathlib import Path
user_id, cookies = _create_user(web_client, "alice@x.com")
_seed_curated_grant(user_id=user_id, marketplace="mkt-x", plugin="alpha")
marketplaces_dir = Path(tmp_path) / "marketplaces" / "mkt-x" / ".claude-plugin"
marketplaces_dir.mkdir(parents=True, exist_ok=True)
(marketplaces_dir / "marketplace-metadata.json").write_text(json.dumps({
"plugins": {
"alpha": {
"display_name": "Friendly Alpha",
"use_cases": [
{"title": "Good one", "description": "X.", "prompt": "/q"},
{"title": "Missing prompt", "description": "Y."},
{"title": "Empty prompt", "description": "Z.", "prompt": ""},
],
"sample_interaction": {"user": "Just user, no assistant"},
},
},
}), encoding="utf-8")
r = web_client.get("/api/marketplace/curated/mkt-x/alpha", cookies=cookies)
assert r.status_code == 200, r.text
data = r.json()
# Good card survives; malformed cards are dropped.
assert len(data["use_cases"]) == 1
assert data["use_cases"][0]["title"] == "Good one"
# Partial sample_interaction is dropped, not crashed.
assert data["sample_interaction"] is None
# The well-formed field next to the broken ones still renders.
assert data["display_name"] == "Friendly Alpha"
def test_detail_html_is_sanitized(self, web_client, tmp_path):
"""Curator-written `<script>` in description markdown must NOT
survive into description_long_html — defense-in-depth check."""
import json
from pathlib import Path
user_id, cookies = _create_user(web_client, "alice@x.com")
_seed_curated_grant(user_id=user_id, marketplace="mkt-x", plugin="alpha")
marketplaces_dir = Path(tmp_path) / "marketplaces" / "mkt-x" / ".claude-plugin"
marketplaces_dir.mkdir(parents=True, exist_ok=True)
(marketplaces_dir / "marketplace-metadata.json").write_text(json.dumps({
"plugins": {
"alpha": {
"description": "Hello <script>alert(1)</script> world",
},
},
}), encoding="utf-8")
r = web_client.get("/api/marketplace/curated/mkt-x/alpha", cookies=cookies)
assert r.status_code == 200, r.text
html = r.json()["description_long_html"] or ""
assert "<script>" not in html
# `alert(1)` could appear as escaped text inside the rendered HTML;
# what we MUST not see is unescaped `<script>` tags executing it.
# Verify the literal `<script` open-tag never reaches the response.
assert "<script" not in html.lower()
def test_install_403_without_grant(self, web_client):
_, cookies = _create_user(web_client, "alice@x.com")
r = web_client.post(
"/api/marketplace/curated/some-mp/some-plugin/install",
cookies=cookies,
)
assert r.status_code == 403
def test_install_uninstall_round_trip(self, web_client):
user_id, cookies = _create_user(web_client, "alice@x.com")
_seed_curated_grant(user_id=user_id, marketplace="mkt-x", plugin="alpha")
# Install.
r = web_client.post(
"/api/marketplace/curated/mkt-x/alpha/install", cookies=cookies,
)
assert r.status_code == 200, r.text
# Verify in DB.
from src.db import get_system_db
from src.repositories.user_curated_subscriptions import (
UserCuratedSubscriptionsRepository,
)
conn = get_system_db()
try:
assert UserCuratedSubscriptionsRepository(conn).is_subscribed(
user_id, "mkt-x", "alpha",
)
finally:
conn.close()
# Detail now reports installed=True.
d = web_client.get(
"/api/marketplace/curated/mkt-x/alpha", cookies=cookies,
).json()
assert d["installed"] is True
# Uninstall.
r = web_client.delete(
"/api/marketplace/curated/mkt-x/alpha/install", cookies=cookies,
)
assert r.status_code == 204
conn = get_system_db()
try:
assert not UserCuratedSubscriptionsRepository(conn).is_subscribed(
user_id, "mkt-x", "alpha",
)
finally:
conn.close()
# ---------------------------------------------------------------------------
# Curated nested skill / agent detail — extended response shape
# ---------------------------------------------------------------------------
def _seed_curated_skill_on_disk(
tmp_path, marketplace: str, plugin: str, skill: str,
*, files: dict[str, str] | None = None,
):
"""Materialize a skill on disk so curated_skill_detail can read it.
`files` maps relative paths inside the skill dir to file contents.
SKILL.md is always written; extra files surface in the Files section.
"""
skill_dir = tmp_path / "marketplaces" / marketplace / "plugins" / plugin / "skills" / skill
skill_dir.mkdir(parents=True, exist_ok=True)
(skill_dir / "SKILL.md").write_text(
f"---\nname: {skill}\ndescription: Use when validating marketplace skill rows across guardrail tiers and endpoints\n---\nbody",
encoding="utf-8",
)
for rel, content in (files or {}).items():
target = skill_dir / rel
target.parent.mkdir(parents=True, exist_ok=True)
target.write_text(content, encoding="utf-8")
def _seed_curated_agent_on_disk(
tmp_path, marketplace: str, plugin: str, agent: str,
):
agents_dir = tmp_path / "marketplaces" / marketplace / "plugins" / plugin / "agents"
agents_dir.mkdir(parents=True, exist_ok=True)
(agents_dir / f"{agent}.md").write_text(
f"---\nname: {agent}\ndescription: Use when validating marketplace agent rows across guardrail tiers and endpoints\n---\nbody",
encoding="utf-8",
)
class TestCuratedInnerDetail:
def test_skill_detail_includes_parent_metadata_and_files(
self, web_client, tmp_path,
):
user_id, cookies = _create_user(web_client, "alice@x.com")
_seed_curated_grant(
user_id=user_id, marketplace="mkt-x", plugin="alpha",
plugin_meta={"category": "Data", "author": {"name": "ops-team"}},
)
_seed_curated_skill_on_disk(
tmp_path, "mkt-x", "alpha", "data-explorer",
files={"REFERENCE.md": "ref docs"},
)
r = web_client.get(
"/api/marketplace/curated/mkt-x/alpha/skill/data-explorer",
cookies=cookies,
)
assert r.status_code == 200, r.text
d = r.json()
# Inner-detail fields.
assert d["kind"] == "skill"
assert d["name"] == "data-explorer"
assert d["description"] == "Use when validating marketplace skill rows across guardrail tiers and endpoints"
# Parent plugin metadata surfaced for the redesigned hero / sidebar.
assert d["category"] == "Data"
assert d["marketplace_name"] # registry display name
assert d["parent_updated_at"] is not None
# Bundle + files.
assert d["bundle_size"] is not None and d["bundle_size"] > 0
names = {f["path"] for f in d["files"]}
assert "SKILL.md" in names
assert "REFERENCE.md" in names
def test_agent_detail_single_file(self, web_client, tmp_path):
user_id, cookies = _create_user(web_client, "alice@x.com")
_seed_curated_grant(user_id=user_id, marketplace="mkt-x", plugin="alpha")
_seed_curated_agent_on_disk(tmp_path, "mkt-x", "alpha", "incident-responder")
r = web_client.get(
"/api/marketplace/curated/mkt-x/alpha/agent/incident-responder",
cookies=cookies,
)
assert r.status_code == 200, r.text
d = r.json()
assert d["kind"] == "agent"
# Agents are flat single-file .md → exactly one file entry.
assert len(d["files"]) == 1
assert d["files"][0]["path"] == "incident-responder.md"
assert d["bundle_size"] == d["files"][0]["size"]
class TestSafeJoinContainment:
"""Defense-in-depth unit tests for ``_safe_join`` — the helper backing
``_read_inner`` / ``curated_skill_detail`` / ``curated_agent_detail``.
The threat model is a curated marketplace's git mirror containing a
booby-trapped symlink (or a future regression in Starlette's ``[^/]+``
path-param regex letting ``..`` slip through). HTTP-level ``..`` tests
aren't useful — httpx normalizes ``..`` segments before they reach the
wire — so the guard is verified at the function boundary.
"""
def _plugin_root(self, tmp_path):
root = tmp_path / "marketplaces" / "mkt-x" / "plugins" / "alpha"
(root / "skills").mkdir(parents=True)
(root / "agents").mkdir(parents=True)
return root
def test_resolves_normal_skill_path(self, tmp_path):
from app.api.marketplace import _safe_join
root = self._plugin_root(tmp_path)
skill_dir = root / "skills" / "data-explorer"
skill_dir.mkdir()
(skill_dir / "SKILL.md").write_text("body", encoding="utf-8")
result = _safe_join(root, "skills", "data-explorer", "SKILL.md")
assert result is not None
assert result == (skill_dir / "SKILL.md").resolve()
def test_dotdot_segment_escaping_root_returns_none(self, tmp_path):
from app.api.marketplace import _safe_join
root = self._plugin_root(tmp_path)
# Plant a sibling plugin's file that `..` traversal would otherwise reach.
sibling = tmp_path / "marketplaces" / "mkt-x" / "plugins" / "beta"
sibling.mkdir(parents=True)
(sibling / "SECRET.md").write_text("cross-plugin secret", encoding="utf-8")
# /skills/../../beta/SECRET.md would resolve to the sibling's file.
assert _safe_join(root, "skills", "..", "..", "beta", "SECRET.md") is None
def test_symlink_outside_plugin_returns_none(self, tmp_path):
import os, sys
if sys.platform == "win32":
pytest.skip("Symlink creation requires elevated permissions on Windows")
from app.api.marketplace import _safe_join
root = self._plugin_root(tmp_path)
outside = tmp_path / "secrets" / "OTHER.md"
outside.parent.mkdir(parents=True)
outside.write_text("cross-plugin secret", encoding="utf-8")
# A curator-planted symlink inside skills/evil/ pointing outside the
# plugin tree must not resolve through the guard.
evil_dir = root / "skills" / "evil"
evil_dir.mkdir()
os.symlink(outside, evil_dir / "SKILL.md")
assert _safe_join(root, "skills", "evil", "SKILL.md") is None
def test_missing_file_returns_none(self, tmp_path):
from app.api.marketplace import _safe_join
root = self._plugin_root(tmp_path)
assert _safe_join(root, "skills", "nope", "SKILL.md") is None
def test_inner_endpoint_404s_on_symlink_escape(self, web_client, tmp_path):
"""End-to-end: the symlink containment check actually wires through
the HTTP endpoint to a 404 (not a leaked 200)."""
import os, sys
if sys.platform == "win32":
pytest.skip("Symlink creation requires elevated permissions on Windows")
user_id, cookies = _create_user(web_client, "alice@x.com")
_seed_curated_grant(user_id=user_id, marketplace="mkt-x", plugin="alpha")
outside = tmp_path / "secrets" / "OTHER.md"
outside.parent.mkdir(parents=True)
outside.write_text(
"---\nname: leaked\n---\ncross-plugin secret", encoding="utf-8",
)
evil_dir = (
tmp_path / "marketplaces" / "mkt-x" / "plugins" / "alpha"
/ "skills" / "evil"
)
evil_dir.mkdir(parents=True)
os.symlink(outside, evil_dir / "SKILL.md")
r = web_client.get(
"/api/marketplace/curated/mkt-x/alpha/skill/evil",
cookies=cookies,
)
assert r.status_code == 404, r.text
assert r.json()["detail"] == "skill_not_found"
# ---------------------------------------------------------------------------
# Flea standalone detail — extended response shape
# ---------------------------------------------------------------------------
class TestFleaDetail:
def test_flea_skill_detail_populates_files_owner_install_count(
self, web_client,
):
_, cookies = _create_user(web_client, "alice@x.com")
# Upload a skill into the Store.
up = web_client.post(
"/api/store/entities",
files={"file": ("s.zip", _make_skill_zip("alpha"), "application/zip")},
data={"type": "skill", "description": _OK_DESC}, cookies=cookies,
)
assert up.status_code == 201, up.text
entity_id = up.json()["id"]
r = web_client.get(
f"/api/marketplace/flea/{entity_id}/detail", cookies=cookies,
)
assert r.status_code == 200, r.text
d = r.json()
assert d["source"] == "flea"
assert d["entity_id"] == entity_id
# Files walked from disk.
assert isinstance(d["files"], list) and len(d["files"]) >= 1
# Friendly owner_display falls through to users.name (email local-part
# is the seeded `name` in _create_user → 'alice').
assert d["owner_display"] == "alice"
# install_count starts at 0; bumps after install/uninstall toggle.
assert d["install_count"] == 0
# docs is always a list (empty when uploader didn't ship any).
assert isinstance(d["docs"], list)
# ---------------------------------------------------------------------------
# v49 phase-2 — title + tagline + full-name owner on flea presentation
# ---------------------------------------------------------------------------
def _set_user_full_name(user_id: str, full_name: str) -> None:
"""Override the `users.name` field for an existing test user. Used to
simulate the real-world case where a user has a proper full name
(e.g. "Carolina Bsolinová Pauerová") distinct from their kebab-case
`owner_username` derived from email (`c-bsolinovapauerova`)."""
from src.db import get_system_db
conn = get_system_db()
try:
conn.execute("UPDATE users SET name = ? WHERE id = ?", [full_name, user_id])
finally:
conn.close()
class TestFleaPhase2Presentation:
"""v49 phase-2 — flea cards and detail pages surface `title` (humanized),
`tagline`, and the owner's full name (`users.name`) instead of the
kebab-case slug + bare username they used to render."""
def test_flea_card_carries_title_tagline_and_full_name_owner(self, web_client):
user_id, cookies = _create_user(web_client, "c_marustamyan@x.com")
# Simulate a real account whose users.name is the friendly form;
# owner_username on the entity will be the sanitized kebab-case
# local-part ("c-marustamyan").
_set_user_full_name(user_id, "Minas Arustamyan")
web_client.post(
"/api/store/entities",
files={
"file": ("s.zip", _make_skill_zip("mcp-builder"), "application/zip"),
},
data={
"type": "skill",
"description": _OK_DESC,
"tagline": "Spawns MCP servers from a one-line prompt.",
},
cookies=cookies,
)
r = web_client.get("/api/marketplace/items?tab=flea", cookies=cookies)
assert r.status_code == 200, r.text
items = r.json()["items"]
assert len(items) == 1
it = items[0]
# display_name carries the acronym-aware humanized title from
# store_entities.title; JS card uses it as the visible heading.
assert it["display_name"] == "MCP Builder"
# tagline rides the existing curated chain; JS prefers it over
# description for the card subtitle.
assert it["tagline"] == "Spawns MCP servers from a one-line prompt."
# owner is now the full users.name, not the kebab-case slug.
assert it["owner"] == "Minas Arustamyan"
# The technical suffixed slug stays on `name` as the JS-fallback
# identifier (legacy compat — no card UI surfaces it directly).
assert it["name"] == "mcp-builder-by-c-marustamyan"
def test_flea_card_owner_falls_back_to_email_then_username(self, web_client):
"""When users.name is NULL, owner display falls back to users.email;
when neither is present, to owner_username (defensive bottom)."""
from src.db import get_system_db
user_id, cookies = _create_user(web_client, "bob@x.com")
# Clear the seeded users.name so the fallback chain kicks in.
conn = get_system_db()
try:
conn.execute("UPDATE users SET name = NULL WHERE id = ?", [user_id])
finally:
conn.close()
web_client.post(
"/api/store/entities",
files={"file": ("s.zip", _make_skill_zip("alpha"), "application/zip")},
data={"type": "skill", "description": _OK_DESC},
cookies=cookies,
)
r = web_client.get("/api/marketplace/items?tab=flea", cookies=cookies)
assert r.status_code == 200
it = r.json()["items"][0]
# Fallback: users.name=NULL → users.email → "bob@x.com".
assert it["owner"] == "bob@x.com"
def test_flea_detail_exposes_title_and_tagline(self, web_client):
_, cookies = _create_user(web_client, "alice@x.com")
up = web_client.post(
"/api/store/entities",
files={
"file": ("s.zip", _make_skill_zip("oauth-server"), "application/zip"),
},
data={
"type": "skill",
"description": _OK_DESC,
"tagline": "Mock OAuth provider for integration tests.",
},
cookies=cookies,
)
entity_id = up.json()["id"]
r = web_client.get(
f"/api/marketplace/flea/{entity_id}/detail", cookies=cookies,
)
assert r.status_code == 200, r.text
d = r.json()
# `display_name` is the curated-style hero title — phase 2 wires
# it up for flea so the heroTitle JS chain renders the friendly
# form instead of falling through to plugin_name (= entity name).
assert d["display_name"] == "OAuth Server"
assert d["tagline"] == "Mock OAuth provider for integration tests."
# plugin_name + manifest_name unchanged — the JS chain in templates
# uses display_name first; these remain for backward compat with
# paths that have always read the slug.
assert d["plugin_name"] == "oauth-server"
assert d["manifest_name"] == "oauth-server-by-alice"
def test_flea_detail_tagline_null_when_omitted(self, web_client):
"""Tagline is optional — flea entity uploaded without it must
surface as None on detail so the hero element stays hidden."""
_, cookies = _create_user(web_client, "alice@x.com")
up = web_client.post(
"/api/store/entities",
files={"file": ("s.zip", _make_skill_zip("notagline"), "application/zip")},
data={"type": "skill", "description": _OK_DESC},
cookies=cookies,
)
entity_id = up.json()["id"]
r = web_client.get(
f"/api/marketplace/flea/{entity_id}/detail", cookies=cookies,
)
assert r.status_code == 200, r.text
d = r.json()
assert d["tagline"] is None
# display_name still set from the humanizer fallback in POST.
assert d["display_name"] == "Notagline"
def test_flea_inner_skill_parent_display_name_uses_title(self, web_client):
"""v49 phase-3: inner skill/agent detail of a flea plugin surfaces
the parent plugin's user-friendly ``title`` (humanized) via
``parent_display_name``. JS chains (breadcrumb 3rd segment, hero
"part of <plugin>", helper "This skill is part of <plugin>",
sidebar "Parent plugin") all read this field first — single
source swap drives every surface to the friendly form."""
_, cookies = _create_user(web_client, "alice@x.com")
up = web_client.post(
"/api/store/entities",
files={
"file": (
"p.zip",
_make_plugin_zip("codex-second-opinion", inner_skill="codex-setup"),
"application/zip",
),
},
data={
"type": "plugin",
"description": _OK_DESC,
"title": "Codex Second Opinion",
},
cookies=cookies,
)
assert up.status_code == 201, up.text
entity_id = up.json()["id"]
r = web_client.get(
f"/api/marketplace/flea/{entity_id}/skill/codex-setup",
cookies=cookies,
)
assert r.status_code == 200, r.text
d = r.json()
# Inner skill's own name still comes from frontmatter.
assert d["name"] == "codex-setup"
# Parent identification: manifest_name = entity.name (technical
# slug used by the rename / archive paths); parent_display_name =
# entity.title (the human form rendered everywhere on the UI).
assert d["manifest_name"] == "codex-second-opinion"
assert d["parent_display_name"] == "Codex Second Opinion"
def test_flea_card_and_detail_read_synthetic_name_from_db(self, web_client):
"""v49 phase-3: ``MarketplaceItem.name`` (card) and
``PluginDetailResponse.manifest_name`` (detail) source from the
stored ``synthetic_name`` column. Manually override the column to
a non-canonical value — both surfaces must reflect the override,
proving they read the column instead of recomputing
``<name>-by-<owner_username>``."""
from src.db import get_system_db
_, cookies = _create_user(web_client, "syntheticread@x.com")
up = web_client.post(
"/api/store/entities",
files={"file": ("s.zip", _make_skill_zip("orig"), "application/zip")},
data={"type": "skill", "description": _OK_DESC},
cookies=cookies,
)
eid = up.json()["id"]
conn = get_system_db()
try:
conn.execute(
"UPDATE store_entities SET synthetic_name = ? WHERE id = ?",
["manual-override-mkt", eid],
)
finally:
conn.close()
# Card
r = web_client.get("/api/marketplace/items?tab=flea", cookies=cookies)
assert r.status_code == 200, r.text
items = r.json()["items"]
assert len(items) == 1
assert items[0]["name"] == "manual-override-mkt"
# Detail
d = web_client.get(
f"/api/marketplace/flea/{eid}/detail", cookies=cookies,
)
assert d.status_code == 200, d.text
assert d.json()["manifest_name"] == "manual-override-mkt"
def test_flea_inner_skill_parent_display_name_humanize_fallback(self, web_client):
"""When title is omitted on upload, the POST endpoint humanizes the
plugin name as a fallback — phase 3 must thread that humanized form
into ``parent_display_name`` too, not the kebab-case slug."""
_, cookies = _create_user(web_client, "alice@x.com")
up = web_client.post(
"/api/store/entities",
files={
"file": (
"p.zip",
_make_plugin_zip("mcp-tools", inner_skill="dummy"),
"application/zip",
),
},
data={"type": "plugin", "description": _OK_DESC},
cookies=cookies,
)
entity_id = up.json()["id"]
r = web_client.get(
f"/api/marketplace/flea/{entity_id}/skill/dummy",
cookies=cookies,
)
assert r.status_code == 200, r.text
d = r.json()
# Humanizer + acronym dict from phase 1 — "mcp-tools" → "MCP Tools".
assert d["parent_display_name"] == "MCP Tools"
assert d["manifest_name"] == "mcp-tools"
# ---------------------------------------------------------------------------
# v49 hardening — owner-display N+1 regression guard
# ---------------------------------------------------------------------------
class TestFleaOwnerDisplayBatched:
"""Pre-fix, ``_flea_to_item`` called ``_resolve_owner_display`` for every
item in the list comprehension — one ``SELECT … FROM users WHERE id = ?``
per item. v49 hardening batches the prefetch via ``_load_users_display``
so the listing endpoint runs O(1) user lookups regardless of item count.
Regression guard: assert ``_resolve_owner_display`` is NEVER invoked
during the flea listing path. If a future change reintroduces the per-row
helper inside ``_flea_to_item``, this fails immediately."""
def test_listing_does_not_call_per_row_owner_resolver(self, web_client, monkeypatch):
# Three owners + three flea uploads — enough to make any per-row
# call obviously visible if it sneaks back in.
for email in ("alice@x.com", "bob@x.com", "carol@x.com"):
_, cookies = _create_user(web_client, email)
web_client.post(
"/api/store/entities",
files={
"file": (
"s.zip",
_make_skill_zip(f"skill-{email.split('@')[0]}"),
"application/zip",
),
},
data={"type": "skill", "description": _OK_DESC},
cookies=cookies,
)
# Any logged-in user can see the public flea tab.
_, viewer_cookies = _create_user(web_client, "viewer@x.com")
# Spy on the per-row resolver. The fixed implementation must not
# call it inside the listing comprehension.
from app.api import marketplace as marketplace_module
calls: list[str] = []
original = marketplace_module._resolve_owner_display
def spy(conn, owner_user_id, fallback):
calls.append(owner_user_id)
return original(conn, owner_user_id, fallback)
monkeypatch.setattr(marketplace_module, "_resolve_owner_display", spy)
r = web_client.get(
"/api/marketplace/items?tab=flea", cookies=viewer_cookies,
)
assert r.status_code == 200, r.text
items = r.json()["items"]
assert len(items) == 3
assert calls == [], (
f"_resolve_owner_display called {len(calls)} times inside the "
f"flea listing path — regression to the N+1 pattern."
)
# All three owner display strings still resolved correctly via the
# batch prefetch (so we're not just sidestepping the assertion by
# returning blank owners).
owners = sorted(it["owner"] for it in items)
assert owners == ["alice", "bob", "carol"]
Reference in a new issue View git blame Copy permalink