Ben Stull
36635049c7
- Five new integration test files raise the suite from 75 to 96 green: test_hygiene_vertical (7), test_branch_path_routing (4), test_metadata_pr_merge (3), test_cache_bootstrap (4), test_e2e_smoke (3). The smoke test walks propose → super-draft → edit branch → body-edit PR → graduate → active-RFC PR → merge → notification → hygiene-sweep deletion end-to-end. - deploy/RUNBOOK.md replaces the prior DEPLOY.md stub as a real runbook: prerequisites, first-time bring-up, day-2 ops (logs, DB backup, secret rotation, the §12 hygiene cadence), rollback shape, troubleshooting table. - backend/.env.example grows the SMTP block, HYGIENE_TICK_SECONDS, and WEBHOOK_EMAIL_BOUNCE_SECRET with inline commentary. - README points to RUNBOOK.md; the "what the build lets you do" section adds Slices 7 and 8. - docs/DEV.md gets a Slice 8 — shipped section; the "Next slice" footer becomes the v1-complete epitaph. - SPEC corrections per the §19.3 working agreement: §10.7 names the shared §12 sweep; §12 names the bot as actuator and the per-user branch_chat_seen preservation contract; §19.1 marks v1 complete and records Slice 8; the five §19.2 candidates Slice 8 folded in are marked settled with pointers at the resolution. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
250 lines
10 KiB
Python
250 lines
10 KiB
Python
"""End-to-end smoke test for the Slice 8 hardening pass.
|
|
|
|
Walks the full user lifecycle against FakeGitea: propose → owner
|
|
merges → super-draft view → start edit branch → AI proposes (seeded
|
|
directly) → accept → open body-edit PR → owner merges → graduate →
|
|
active-RFC PR open → owner merges → §12 hygiene sweep deletes the
|
|
post-merge branch. The cases are long, and they catch the integration
|
|
seams a per-slice test would miss — that's the point per the §19.1
|
|
brief.
|
|
|
|
Plus the bounce-webhook signing-seam test: when
|
|
`WEBHOOK_EMAIL_BOUNCE_SECRET` is set, an unsigned POST is refused.
|
|
"""
|
|
from __future__ import annotations
|
|
|
|
import asyncio
|
|
import json as _json
|
|
from datetime import datetime, timedelta, timezone
|
|
|
|
import pytest
|
|
|
|
from test_propose_vertical import ( # noqa: F401
|
|
FakeGitea,
|
|
app_with_fake_gitea,
|
|
provision_user_row,
|
|
sign_in_as,
|
|
tmp_env,
|
|
)
|
|
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# The lifecycle walk
|
|
# ---------------------------------------------------------------------------
|
|
|
|
|
|
def test_full_user_lifecycle_propose_through_hygiene(app_with_fake_gitea):
|
|
"""Propose → merge → super-draft view → edit branch → accept change
|
|
→ body-edit PR → merge → graduate → active-RFC PR → merge →
|
|
§12 hygiene sweep cleans the post-merge branch.
|
|
|
|
The §15 notification path runs through `bot._log`'s fan_out at
|
|
every step; we assert at the end that the inbox has rows."""
|
|
from fastapi.testclient import TestClient
|
|
from app import cache as cache_mod, db, hygiene
|
|
|
|
app, fake = app_with_fake_gitea
|
|
with TestClient(app) as client:
|
|
provision_user_row(user_id=1, login="ben", role="owner")
|
|
provision_user_row(user_id=2, login="alice", role="contributor")
|
|
|
|
# --- 1. Alice proposes a new RFC. ---
|
|
sign_in_as(client, user_id=2, gitea_login="alice",
|
|
display_name="Alice", role="contributor", email="alice@test")
|
|
r = client.post("/api/rfcs/propose", json={
|
|
"title": "Open Human Model",
|
|
"slug": "ohm",
|
|
"pitch": "A shared definition of what we mean by *human*.",
|
|
"tags": ["identity"],
|
|
})
|
|
assert r.status_code == 200, r.text
|
|
proposal_pr = r.json()["pr_number"]
|
|
|
|
# --- 2. Ben (owner) merges the proposal → super-draft exists. ---
|
|
sign_in_as(client, user_id=1, gitea_login="ben",
|
|
display_name="Ben", role="owner", email="ben@test")
|
|
r = client.post(f"/api/proposals/{proposal_pr}/merge")
|
|
assert r.status_code == 200, r.text
|
|
|
|
d = client.get("/api/rfcs/ohm").json()
|
|
assert d["state"] == "super-draft"
|
|
|
|
# --- 3. Ben claims ownership so he can graduate later. ---
|
|
r = client.post("/api/rfcs/ohm/claim")
|
|
assert r.status_code == 200, r.text
|
|
claim_pr = r.json()["pr_number"]
|
|
# Claim PR also auto-merges per §13.1's owner/admin path.
|
|
r = client.post(f"/api/rfcs/ohm/prs/{claim_pr}/merge")
|
|
assert r.status_code == 200, r.text
|
|
|
|
# --- 4. Ben starts an edit branch on the super-draft. ---
|
|
r = client.post("/api/rfcs/ohm/start-edit-branch", json={})
|
|
assert r.status_code == 200, r.text
|
|
edit_branch = r.json()["branch_name"]
|
|
assert edit_branch.startswith("edit-ohm-")
|
|
|
|
# --- 5. Materialize an AI-style change directly + accept. ---
|
|
view = client.get(f"/api/rfcs/ohm/branches/{edit_branch}").json()
|
|
thread_id = view["main_thread_id"]
|
|
cur = db.conn().execute(
|
|
"""
|
|
INSERT INTO changes (rfc_slug, branch_name, thread_id, kind, state,
|
|
original, proposed, reason)
|
|
VALUES ('ohm', ?, ?, 'ai', 'pending', ?, ?, 'tighten')
|
|
""",
|
|
(
|
|
edit_branch, thread_id,
|
|
"A shared definition of what we mean by *human*.",
|
|
"A shared, OHM-compatible definition of what we mean by *human*.",
|
|
),
|
|
)
|
|
change_id = cur.lastrowid
|
|
r = client.post(
|
|
f"/api/rfcs/ohm/branches/{edit_branch}/changes/{change_id}/accept",
|
|
json={
|
|
"proposed": "A shared, OHM-compatible definition of what we mean by *human*.",
|
|
"was_edited_before_accept": False,
|
|
},
|
|
)
|
|
assert r.status_code == 200, r.text
|
|
|
|
# --- 6. Open the body-edit PR + merge it. ---
|
|
r = client.post(
|
|
f"/api/rfcs/ohm/branches/{edit_branch}/open-pr",
|
|
json={"title": "OHM body edit", "description": "Add OHM-compatibility clause."},
|
|
)
|
|
assert r.status_code == 200, r.text
|
|
body_pr = r.json()["pr_number"]
|
|
r = client.post(f"/api/rfcs/ohm/prs/{body_pr}/merge")
|
|
assert r.status_code == 200, r.text
|
|
|
|
# --- 7. Graduate the super-draft. ---
|
|
r = client.post(
|
|
"/api/rfcs/ohm/graduate?_sync=1",
|
|
json={"rfc_id": "RFC-0001", "repo_name": "rfc-0001-ohm",
|
|
"owners": ["ben"]},
|
|
)
|
|
assert r.status_code == 200, r.text
|
|
assert r.json()["succeeded"] is True
|
|
d = client.get("/api/rfcs/ohm").json()
|
|
assert d["state"] == "active"
|
|
assert d["repo"] == "wiggleverse/rfc-0001-ohm"
|
|
|
|
# --- 8. Alice opens a PR on the now-active RFC's per-RFC repo. ---
|
|
sign_in_as(client, user_id=2, gitea_login="alice",
|
|
display_name="Alice", role="contributor", email="alice@test")
|
|
r = client.post("/api/rfcs/ohm/branches/main/promote-to-branch", json={})
|
|
assert r.status_code == 200, r.text
|
|
active_branch = r.json()["branch_name"]
|
|
# Materialize and accept a change so the branch has commits ahead.
|
|
view = client.get(f"/api/rfcs/ohm/branches/{active_branch}").json()
|
|
active_thread = view["main_thread_id"]
|
|
cur = db.conn().execute(
|
|
"""
|
|
INSERT INTO changes (rfc_slug, branch_name, thread_id, kind, state,
|
|
original, proposed, reason)
|
|
VALUES ('ohm', ?, ?, 'ai', 'pending', ?, ?, 'expand')
|
|
""",
|
|
(
|
|
active_branch, active_thread,
|
|
"OHM-compatible definition",
|
|
"OHM-compatible, traceable definition",
|
|
),
|
|
)
|
|
change_id = cur.lastrowid
|
|
r = client.post(
|
|
f"/api/rfcs/ohm/branches/{active_branch}/changes/{change_id}/accept",
|
|
json={"proposed": "OHM-compatible, traceable definition",
|
|
"was_edited_before_accept": False},
|
|
)
|
|
assert r.status_code == 200, r.text
|
|
r = client.post(
|
|
f"/api/rfcs/ohm/branches/{active_branch}/open-pr",
|
|
json={"title": "Traceability clause", "description": "Add a traceability term."},
|
|
)
|
|
assert r.status_code == 200, r.text
|
|
active_pr = r.json()["pr_number"]
|
|
|
|
# --- 9. Ben merges the active-RFC PR. ---
|
|
sign_in_as(client, user_id=1, gitea_login="ben",
|
|
display_name="Ben", role="owner", email="ben@test")
|
|
r = client.post(f"/api/rfcs/ohm/prs/{active_pr}/merge")
|
|
assert r.status_code == 200, r.text
|
|
|
|
# --- 10. Notifications fanned out — Ben's inbox carries rows. ---
|
|
r = client.get("/api/notifications")
|
|
assert r.status_code == 200, r.text
|
|
inbox = r.json()
|
|
assert "items" in inbox
|
|
# The merge of Alice's PR should at minimum have produced a
|
|
# structural beat to watchers (Ben auto-watched on his earlier
|
|
# gestures on the slug).
|
|
kinds = {item["event_kind"] for item in inbox["items"]}
|
|
assert kinds, f"expected non-empty inbox kinds, got: {inbox}"
|
|
|
|
# --- 11. Backdate the merge so the §12 hygiene sweep deletes
|
|
# the branch, then run the sweep. ---
|
|
long_ago = (datetime.now(timezone.utc) - timedelta(days=120)).strftime("%Y-%m-%d %H:%M:%S")
|
|
db.conn().execute(
|
|
"UPDATE cached_prs SET merged_at = ? WHERE pr_number = ?",
|
|
(long_ago, active_pr),
|
|
)
|
|
counters = asyncio.new_event_loop().run_until_complete(
|
|
hygiene.run_tick(config=app.state.config, bot=app.state.bot)
|
|
)
|
|
assert counters["deleted_post_merge"] >= 1, counters
|
|
|
|
# The branch is gone from FakeGitea + cached row flipped.
|
|
assert active_branch not in fake.branches[("wiggleverse", "rfc-0001-ohm")]
|
|
cached = db.conn().execute(
|
|
"SELECT state FROM cached_branches WHERE rfc_slug = 'ohm' AND branch_name = ?",
|
|
(active_branch,),
|
|
).fetchone()
|
|
assert cached["state"] == "deleted"
|
|
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# Bounce-webhook signing seam (§19.2 → settled)
|
|
# ---------------------------------------------------------------------------
|
|
|
|
|
|
def test_bounce_webhook_refuses_unsigned_when_secret_configured(app_with_fake_gitea, monkeypatch):
|
|
"""When `WEBHOOK_EMAIL_BOUNCE_SECRET` is set, the webhook requires
|
|
the same value in the `X-Webhook-Secret` header. An unsigned POST
|
|
returns 401."""
|
|
from fastapi.testclient import TestClient
|
|
|
|
monkeypatch.setenv("WEBHOOK_EMAIL_BOUNCE_SECRET", "shhh")
|
|
app, _ = app_with_fake_gitea
|
|
with TestClient(app) as client:
|
|
r = client.post(
|
|
"/api/webhooks/email-bounce",
|
|
json={"email": "stranger@example.com", "kind": "hard"},
|
|
)
|
|
assert r.status_code == 401, r.text
|
|
|
|
# With the right header, the call passes the guard. (No matching
|
|
# user exists, so we get {matched: False} — that's the v1 contract.)
|
|
r = client.post(
|
|
"/api/webhooks/email-bounce",
|
|
json={"email": "stranger@example.com", "kind": "hard"},
|
|
headers={"X-Webhook-Secret": "shhh"},
|
|
)
|
|
assert r.status_code == 200, r.text
|
|
assert r.json() == {"ok": True, "matched": False}
|
|
|
|
|
|
def test_bounce_webhook_open_when_secret_unset(app_with_fake_gitea):
|
|
"""The v1 contract: when no `WEBHOOK_EMAIL_BOUNCE_SECRET` is set,
|
|
the webhook stays unauthenticated for dev. The SMTP provider's
|
|
callback URL is the only contract."""
|
|
from fastapi.testclient import TestClient
|
|
|
|
app, _ = app_with_fake_gitea
|
|
with TestClient(app) as client:
|
|
r = client.post(
|
|
"/api/webhooks/email-bounce",
|
|
json={"email": "nobody@example.com", "kind": "complaint"},
|
|
)
|
|
assert r.status_code == 200, r.text
|