AI-Cognitive-Leap/agnes-the-ai-analyst
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
agnes-the-ai-analyst/tests/test_api_me_onboarded.py
Vojtech 2e2e1a1eca
feat(home): state-aware /home + /setup-advanced + schema v26 (#228) 
* feat(home+news): state-aware /home + /news + admin-edited news section

Squash of the vr/home-page feature work for clean rebase onto main.
Original 18-commit history preserved in branch backup/vr-home-page-pre-rebase.

What's in this PR:

**State-aware /home page**
- New `/home` route with hero + auto-mode + connectors (Asana / GWS /
  Atlassian) + lookarounds. Onboarded vs not-onboarded state-machine
  branches a single template (`home_not_onboarded.html`); the install
  steps, "Setup a new Claude Code" CTA (90-day PAT mint), and per-
  connector setup prompts hide once `users.onboarded=TRUE`. A
  completion badge replaces them.
- "Mark me as offboarded" button reverses the flag without an SQL UPDATE.
- `users.onboarded BOOLEAN` column added; default FALSE; flipped by the
  CLI's `agnes init` post-success POST and the `/admin/users` API.
- Connector setup prompts pre-check whether the tool is already
  installed/connected before re-running setup.
- GWS scope set widened to include Google Chat (`chat.spaces`,
  `chat.messages`).

**Single template + design tokens**
- `dashboard.html` now extends `base.html` via the new
  `{% block layout %}` opt-out (full-width pages skip the 800px
  `.container`). Net: every page shares one shell.
- `style-custom.css` `:root` extended with `--space-{7,9,10,12}`,
  `--radius-2xl`, `--shadow-{card,elevated}`, `--text-{muted,disabled}`,
  `--focus-ring`, `--transition-*`, `--width-{narrow,app,wide}` so
  inline page styles can migrate incrementally.

**Auth redirects honor AGNES_HOME_ROUTE**
- `safe_next_path` resolves the configured home route when no `default=`
  is passed; OAuth callbacks, magic-link clicks, password form, and
  LOCAL_DEV_MODE shortcuts now land on `/home` (or whatever the operator
  picked) instead of always /dashboard.

**News section + /news permalink + /admin/news editor**
- Schema-bumped `news_template` table (single versioned entity, draft +
  publish gate). `published BOOLEAN` distinguishes draft from public;
  monotonically-increasing `version` per save; rows >30d pruned on
  save except the currently-displayed published version.
- `/home` bottom-of-page renders the latest published intro with a
  "Read more →" link to `/news` (which renders the full body).
- `/admin/news` editor with sandboxed live preview, versions table,
  per-row Unpublish, Format-help cheatsheet.
- `agnes admin news show / draft / edit / publish / unpublish /
  versions / export` (CLI). Talks to the live server via the
  `/api/admin/news/*` endpoints (PAT-authed) — no direct DB access
  so it coexists with a running uvicorn.
- **Optimistic-lock guard**: `agnes admin news publish --version N` and
  PUT/PATCH endpoints accept `expected_version` and 409 with structured
  `{error: "version_conflict", expected, actual, actual_by}` when a
  concurrent admin replaced the draft. Edit refuses to overwrite a
  draft authored by someone else without `--force` or
  `--expect-version`.
- nh3 (Rust-backed ammonia) HTML sanitizer; iframe pre-pass strips
  any iframe whose src is not on the YouTube/Vimeo/Loom allowlist;
  javascript:/data: schemes blocked everywhere.
- Author CSS vocabulary: `.news-hero` (blue gradient hero block),
  `.callout`/`.callout-{info,warn,success,danger}`,
  `.video-embed`, `.news-section`, `.news-grid-{2,3}`, `.news-cta` —
  all consolidated in `style-custom.css` under "News content
  vocabulary (shared)" so /home perex, /news body, and /admin/news
  preview share one source of styling.
- Code-inside-`<pre>` contrast fix (was unreadable amber-on-silver).
- `.news-content` table styling (border, header band, row-hover).

**`scripts/dev/run-local.sh`** — local uvicorn launcher. Pulls Google
OAuth client id/secret from GCP Secret Manager
(`AGNES_OAUTH_GCP_PROJECT`-driven, no vendor defaults), points
`AGNES_CLI_DIST_DIR` at `./dist` so the wheel endpoint resolves, and
`--dev` flips `LOCAL_DEV_MODE=1` + `AGNES_HOME_ROUTE=/home` for one-
command iteration. `LOCAL_DEV_MODE=1` also enables the FastAPI debug
toolbar.

**CLAUDE.md "Run tests before every push" section** codifies
`pytest tests/ -n auto -q` as non-negotiable before each push.

**Tests**: 51 + 14 + 8 = 73 new tests across news-template repo,
sanitizer, API, web, CLI; plus updated home/auth/template tests for
the new shared-shell architecture.

Origin docs (gitignored, customer-fork content):
docs/brainstorms/home-page-requirements.md,
docs/plans/2026-05-07-001-feat-home-page-plan.md.

* feat(cli): agnes onboarded {on,off,status} — self-scoped flag toggle

User-facing equivalent of the in-page "Mark me as (off)boarded" button
on /home. POSTs /api/me/onboarded with {onboarded, source}; --source
overrides the audit-log marker so flips made from the CLI vs the web
button vs agnes init automation stay distinguishable.

`status` reads via /api/me/profile (when present); falls back to a
quick body-marker scan of /home so the read path doesn't write an
audit_log row. PAT-authed via cli.client.api_post — same convention
as agnes admin news / agnes admin add-user etc.

Tests: 5 covering on/off/status round-trip, idempotency, and
audit-log source recording. Full suite holds at 12 pre-existing
failures (same set as before).

* ui(nav+home): primary nav reorg + green What's new band + /marketplace link fix

Primary nav (post-rebase audit + per-user feedback):

- Items: Home → Marketplace → Data Packages → Memory. Admin dropdown
  for admins only. The "Dashboard" label was renamed Home — point still
  resolves through `home_route` so customer instances on /dashboard
  still land there.
- Activity Center moved into the Admin dropdown. Per-team adoption
  analytics is admin-consumed in practice; the route still allows
  any authed user for direct deep-links so existing /home tile +
  bookmarks keep working.
- Memory link added (→ /corporate-memory) — was previously buried in
  the /home "Look around" tiles.
- Setup local agent + My Stack dropped from main nav. Setup is the
  /home install flow's home now; My Stack lives as a tab inside
  /marketplace.

/home tweaks:

- Plugin marketplace tile now points at /marketplace (was /store —
  legacy from before the marketplace rebrand landed in #230).
- "What's new" section header gets a green band (success-flavored
  D1FAE5 background, A7F3D0 border, darker green title) so the
  bottom-of-page news block visibly distinguishes from the blue
  install-hero at the top. Header strip only — body stays white.

Test fix: test_home_route_resolution renamed `dashboard_link_uses_home_route`
→ `home_link_uses_home_route` and asserts `href="/home">Home` instead
of `href="/home">Dashboard` after the label change.

* fix(home): decouple Step 3 + Connect-tools collapse from server onboarded flag

The server-side `users.onboarded` flip happens through two paths:

1. Explicit user click on "Mark me as onboarded" or `agnes onboarded on`.
2. Implicit `agnes init` POST → /api/me/onboarded on success.

Path 2 produced a UX surprise: an analyst running `agnes init` mid-flow
reloaded /home and saw Step 3 (auto-mode) + Connect-your-tools auto-
collapse to summary bars. They were actively working through those
sections — the install POST never signalled "I'm done with the rest
of setup", just "Agnes itself is installed".

Decouple the section-collapse decision from the server flag:

- Step 1 + Step 2 install blocks: still hidden on `onboarded=TRUE`
  (their completion is a hard server signal — Agnes IS installed).
- Step 3 + Connect-your-tools: render flat by default in BOTH states.
  Wrapped in `<details class="setup-collapsible" open>` so the
  browser's native disclosure handles per-section toggle without JS,
  but the `<summary>` is CSS-hidden until the page-level
  `data-setup-minimized="1"` attribute is set on `.home-mock`.
- New "Minimize setup view" toggle inside the blue install-hero,
  rendered only when onboarded. Click flips the data-attr on
  `.home-mock` AND removes the `open` attribute from each
  `<details>`. State persists in `localStorage["agnes_home_setup_minimized"]`
  so the choice survives reloads but is per-device.
- "Show full setup view" (the same button when minimized) re-opens
  both `<details>` and clears localStorage.

When minimized, each `<details>` still has its own native expand/
collapse — click the gray summary bar to peek at one section without
toggling the page-level minimize off.

Tests:
- test_step3_and_connectors_render_flat_when_onboarded_by_default —
  asserts `<details class="setup-collapsible" ... open>` for both
  sections post-onboarding and the absence of any server-rendered
  `data-setup-minimized` attribute on the `.home-mock` root.
- test_minimize_toggle_visible_only_when_onboarded — toggle button
  rendered only when onboarded.

Full pytest holds at 12 pre-existing failures (same set).
2026-05-08 18:28:47 +02:00

252 lines
7.3 KiB
Python
Raw Blame History

"""POST /api/me/onboarded — flips users.onboarded TRUE for the calling user.
Self-scoped, idempotent, audit-logged. Body optional pydantic model with
`source` field distinguishing 'agnes_init' (CLI auto-fire) from
'self_acknowledged' (the on-page button for users who already set up
locally before v28 shipped).
See origin: docs/brainstorms/home-page-requirements.md §2 + §6.
"""
from __future__ import annotations
import json
import tempfile
import uuid
import pytest
@pytest.fixture
def fresh_db(monkeypatch):
"""Per-test DATA_DIR + JWT secret so the system DB is fresh."""
with tempfile.TemporaryDirectory() as tmp:
monkeypatch.setenv("DATA_DIR", tmp)
monkeypatch.setenv("TESTING", "1")
monkeypatch.setenv("JWT_SECRET_KEY", "test-jwt-secret-key-minimum-32-chars!!")
yield tmp
def _make_user_and_session(conn, email: str = "u@example.com"):
"""Create a non-admin user, return (user_id, session_jwt)."""
from src.repositories.users import UserRepository
from app.auth.jwt import create_access_token
uid = str(uuid.uuid4())
UserRepository(conn).create(id=uid, email=email, name=email.split("@")[0])
token = create_access_token(user_id=uid, email=email)
return uid, token
def _client():
from fastapi.testclient import TestClient
from app.main import app
return TestClient(app)
def _onboarded(conn, user_id: str) -> bool:
row = conn.execute(
"SELECT onboarded FROM users WHERE id = ?", [user_id]
).fetchone()
return bool(row[0])
def _audit_rows(conn, user_id: str, action: str = "user_onboarded"):
return conn.execute(
"SELECT id, action, params FROM audit_log "
"WHERE user_id = ? AND action = ? ORDER BY timestamp",
[user_id, action],
).fetchall()
def test_post_flips_onboarded_to_true(fresh_db):
"""Authed user with onboarded=FALSE → POST → onboarded=TRUE."""
from src.db import get_system_db, close_system_db
conn = get_system_db()
try:
uid, sess = _make_user_and_session(conn)
assert _onboarded(conn, uid) is False
finally:
conn.close()
close_system_db()
c = _client()
resp = c.post("/api/me/onboarded", cookies={"access_token": sess})
assert resp.status_code == 200
body = resp.json()
assert body["onboarded"] is True
conn = get_system_db()
try:
assert _onboarded(conn, uid) is True
finally:
conn.close()
close_system_db()
def test_post_default_source_is_agnes_init(fresh_db):
"""Empty body defaults to source='agnes_init' in audit_log."""
from src.db import get_system_db, close_system_db
conn = get_system_db()
try:
uid, sess = _make_user_and_session(conn)
finally:
conn.close()
close_system_db()
c = _client()
resp = c.post("/api/me/onboarded", cookies={"access_token": sess})
assert resp.status_code == 200
conn = get_system_db()
try:
rows = _audit_rows(conn, uid)
assert len(rows) == 1
params = json.loads(rows[0][2]) if isinstance(rows[0][2], str) else rows[0][2]
assert params.get("source") == "agnes_init"
finally:
conn.close()
close_system_db()
def test_post_self_acknowledged_source(fresh_db):
"""Body {source: 'self_acknowledged'} from /home self-mark button."""
from src.db import get_system_db, close_system_db
conn = get_system_db()
try:
uid, sess = _make_user_and_session(conn)
finally:
conn.close()
close_system_db()
c = _client()
resp = c.post(
"/api/me/onboarded",
json={"source": "self_acknowledged"},
cookies={"access_token": sess},
)
assert resp.status_code == 200
conn = get_system_db()
try:
rows = _audit_rows(conn, uid)
params = json.loads(rows[0][2]) if isinstance(rows[0][2], str) else rows[0][2]
assert params.get("source") == "self_acknowledged"
finally:
conn.close()
close_system_db()
def test_post_idempotent_already_onboarded(fresh_db):
"""Second POST on already-onboarded user returns 200 + writes second
audit_log row (cheap visibility on duplicate calls)."""
from src.db import get_system_db, close_system_db
conn = get_system_db()
try:
uid, sess = _make_user_and_session(conn)
finally:
conn.close()
close_system_db()
c = _client()
resp1 = c.post("/api/me/onboarded", cookies={"access_token": sess})
assert resp1.status_code == 200
resp2 = c.post("/api/me/onboarded", cookies={"access_token": sess})
assert resp2.status_code == 200
conn = get_system_db()
try:
rows = _audit_rows(conn, uid)
assert len(rows) == 2 # both calls logged
assert _onboarded(conn, uid) is True
finally:
conn.close()
close_system_db()
def test_post_unauthenticated_returns_401(fresh_db):
c = _client()
resp = c.post("/api/me/onboarded")
assert resp.status_code in (401, 403) # depending on auth dependency shape
def test_post_invalid_source_returns_422(fresh_db):
"""Pydantic rejects unknown source value."""
from src.db import get_system_db, close_system_db
conn = get_system_db()
try:
_, sess = _make_user_and_session(conn)
finally:
conn.close()
close_system_db()
c = _client()
resp = c.post(
"/api/me/onboarded",
json={"source": "fabricated"},
cookies={"access_token": sess},
)
assert resp.status_code == 422
def test_post_offboard_flips_to_false(fresh_db):
"""Body {onboarded: false, source: 'self_unmark'} flips back. Used by the
'Mark me as offboarded' button shown on the post-onboarding /home view."""
from src.db import get_system_db, close_system_db
conn = get_system_db()
try:
uid, sess = _make_user_and_session(conn)
finally:
conn.close()
close_system_db()
c = _client()
resp1 = c.post("/api/me/onboarded", cookies={"access_token": sess})
assert resp1.status_code == 200
resp2 = c.post(
"/api/me/onboarded",
json={"source": "self_unmark", "onboarded": False},
cookies={"access_token": sess},
)
assert resp2.status_code == 200
assert resp2.json()["onboarded"] is False
conn = get_system_db()
try:
assert _onboarded(conn, uid) is False
on_rows = _audit_rows(conn, uid, action="user_onboarded")
off_rows = _audit_rows(conn, uid, action="user_offboarded")
assert len(on_rows) == 1, "first POST should write user_onboarded"
assert len(off_rows) == 1, "second POST should write user_offboarded"
off_params = json.loads(off_rows[0][2]) if isinstance(off_rows[0][2], str) else off_rows[0][2]
assert off_params.get("source") == "self_unmark"
finally:
conn.close()
close_system_db()
def test_post_invalid_source_self_unmark_accepted(fresh_db):
"""`self_unmark` is now a valid source value (used by the offboard button)."""
from src.db import get_system_db, close_system_db
conn = get_system_db()
try:
_, sess = _make_user_and_session(conn)
finally:
conn.close()
close_system_db()
c = _client()
resp = c.post(
"/api/me/onboarded",
json={"source": "self_unmark", "onboarded": False},
cookies={"access_token": sess},
)
assert resp.status_code == 200
Reference in a new issue View git blame Copy permalink