"""Tests for runtime context, profile activation, profile listing, and enhanced error clarity. Covers Issue #131 requirements. """ import os import sys import json import tempfile import unittest from unittest.mock import patch, MagicMock sys.path.insert(0, str(__import__("pathlib").Path(__file__).resolve().parent.parent)) import gitea_config import gitea_auth import mcp_server CONFIG_SWITCHING_DISABLED = { "version": 2, "contexts": { "ctx": { "enabled": True, "gitea": { "enabled": True, "base_url": "https://gitea.example.com" } } }, "profiles": { "author-profile": { "enabled": True, "context": "ctx", "role": "author", "username": "author-user", "auth": {"type": "env", "name": "GITEA_TOKEN_AUTHOR"}, "allowed_operations": ["gitea.read", "gitea.pr.create", "gitea.branch.push"], "forbidden_operations": ["gitea.pr.approve", "gitea.pr.merge"], "execution_profile": "author-profile" }, "reviewer-profile": { "enabled": True, "context": "ctx", "role": "reviewer", "username": "reviewer-user", "auth": {"type": "env", "name": "GITEA_TOKEN_REVIEWER"}, "allowed_operations": ["gitea.read", "gitea.pr.approve", "gitea.pr.merge"], "forbidden_operations": ["gitea.pr.create", "gitea.branch.push"], "execution_profile": "reviewer-profile" } }, "rules": { "allow_runtime_switching": False } } CONFIG_SWITCHING_ENABLED = { **CONFIG_SWITCHING_DISABLED, "rules": { "allow_runtime_switching": True } } class TestRuntimeClarity(unittest.TestCase): def setUp(self): self._remotes_patch = patch.dict(mcp_server.REMOTES, { "dadeschools": {"host": "gitea.example.com", "org": "Example-Org", "repo": "Example-Repo"}, "prgs": {"host": "gitea.example.com", "org": "Example-Org", "repo": "Example-Repo"} }) self._remotes_patch.start() mcp_server._IDENTITY_CACHE.clear() gitea_config._active_profile_override = None self._dir = tempfile.TemporaryDirectory() self.config_path = os.path.join(self._dir.name, "profiles.json") self._write_config(CONFIG_SWITCHING_DISABLED) def tearDown(self): self._remotes_patch.stop() mcp_server._IDENTITY_CACHE.clear() gitea_config._active_profile_override = None self._dir.cleanup() def _write_config(self, obj): with open(self.config_path, "w", encoding="utf-8") as fh: fh.write(json.dumps(obj)) def _env(self, profile="author-profile", reveal="0"): return { "GITEA_MCP_CONFIG": self.config_path, "GITEA_MCP_PROFILE": profile, "GITEA_MCP_REVEAL_ENDPOINTS": reveal, "GITEA_TOKEN_AUTHOR": "author-pass", "GITEA_TOKEN_REVIEWER": "reviewer-pass", } # ------------------------------------------------------------------------- # gitea_get_runtime_context # ------------------------------------------------------------------------- @patch("mcp_server.api_request", return_value={"login": "author-user"}) @patch("mcp_server.get_auth_header", return_value="token author-pass") def test_get_runtime_context_author(self, _auth, _api): with patch.dict(os.environ, self._env("author-profile"), clear=True): ctx = mcp_server.gitea_get_runtime_context(remote="dadeschools") self.assertEqual(ctx["active_profile"], "author-profile") self.assertEqual(ctx["authenticated_username"], "author-user") self.assertEqual(ctx["config_model"], "v2-contexts") self.assertEqual(ctx["profile_source"], "config file profile") self.assertFalse(ctx["runtime_switching_supported"]) self.assertEqual(ctx["profile_mode"], "static-profile") self.assertFalse(ctx["review_merge_allowed"]) self.assertEqual(ctx["suggested_fix"], "reviewer namespace") self.assertIn("does not permit review or merge", ctx["review_merge_blocked_reasons"][0]) self.assertIn("Switch to the reviewer MCP session", ctx["safe_next_action"]) @patch("mcp_server.api_request", return_value={"login": "reviewer-user"}) @patch("mcp_server.get_auth_header", return_value="token reviewer-pass") def test_get_runtime_context_reviewer(self, _auth, _api): with patch.dict(os.environ, self._env("reviewer-profile"), clear=True): ctx = mcp_server.gitea_get_runtime_context(remote="dadeschools") self.assertEqual(ctx["active_profile"], "reviewer-profile") self.assertEqual(ctx["authenticated_username"], "reviewer-user") self.assertTrue(ctx["review_merge_allowed"]) self.assertEqual(ctx["suggested_fix"], "none") self.assertEqual(ctx["safe_next_action"], "None; ready for operations.") # ------------------------------------------------------------------------- # gitea_list_profiles # ------------------------------------------------------------------------- @patch("mcp_server.api_request", return_value={"login": "author-user"}) @patch("mcp_server.get_auth_header", return_value="token author-pass") def test_list_profiles_redacted_by_default(self, _auth, _api): with patch.dict(os.environ, self._env("author-profile", reveal="0"), clear=True): res = mcp_server.gitea_list_profiles() profiles = res["profiles"] self.assertEqual(len(profiles), 2) author_prof = next(p for p in profiles if p["name"] == "author-profile") self.assertTrue(author_prof["is_active"]) self.assertEqual(author_prof["role_kind"], "author") self.assertEqual(author_prof["auth"]["name"], "") self.assertEqual(author_prof["base_url"], "") self.assertEqual(author_prof["identity_status"], "verified") reviewer_prof = next(p for p in profiles if p["name"] == "reviewer-profile") self.assertFalse(reviewer_prof["is_active"]) self.assertEqual(reviewer_prof["role_kind"], "reviewer") self.assertEqual(reviewer_prof["auth"]["name"], "") self.assertEqual(reviewer_prof["base_url"], "") self.assertEqual(reviewer_prof["identity_status"], "credentials present") @patch("mcp_server.api_request", return_value={"login": "author-user"}) @patch("mcp_server.get_auth_header", return_value="token author-pass") def test_list_profiles_revealed_under_opt_in(self, _auth, _api): with patch.dict(os.environ, self._env("author-profile", reveal="1"), clear=True): res = mcp_server.gitea_list_profiles() profiles = res["profiles"] author_prof = next(p for p in profiles if p["name"] == "author-profile") self.assertEqual(author_prof["auth"]["name"], "GITEA_TOKEN_AUTHOR") self.assertEqual(author_prof["base_url"], "https://gitea.example.com") # ------------------------------------------------------------------------- # gitea_activate_profile # ------------------------------------------------------------------------- def test_activate_profile_fails_when_disabled(self): self._write_config(CONFIG_SWITCHING_DISABLED) with patch.dict(os.environ, self._env("author-profile"), clear=True): res = mcp_server.gitea_activate_profile(profile_name="reviewer-profile") self.assertFalse(res["success"]) self.assertIn("switching is disabled", res["message"].lower()) self.assertIsNone(gitea_config._active_profile_override) @patch("mcp_server.api_request") @patch("mcp_server.get_auth_header") def test_activate_profile_succeeds_when_enabled(self, mock_auth, mock_api): self._write_config(CONFIG_SWITCHING_ENABLED) # Setup mock responses for whoami checks mock_auth.side_effect = ["token author-pass", "token reviewer-pass"] mock_api.side_effect = [{"login": "author-user"}, {"login": "reviewer-user"}] with patch.dict(os.environ, self._env("author-profile"), clear=True): # Check before state self.assertEqual(gitea_config.selected_profile_name(), "author-profile") res = mcp_server.gitea_activate_profile(profile_name="reviewer-profile") self.assertTrue(res["success"]) self.assertEqual(res["before_profile"], "author-profile") self.assertEqual(res["before_identity"], "author-user") self.assertEqual(res["after_profile"], "reviewer-profile") self.assertEqual(res["after_identity"], "reviewer-user") # Global variable override should be set self.assertEqual(gitea_config._active_profile_override, "reviewer-profile") self.assertEqual(gitea_config.selected_profile_name(), "reviewer-profile") # ------------------------------------------------------------------------- # gitea_check_pr_eligibility enhanced error clarity # ------------------------------------------------------------------------- @patch("mcp_server.api_request") @patch("mcp_server.get_auth_header", return_value="token reviewer-pass") def test_eligibility_failure_self_author(self, _auth, mock_api): # PR is authored by "reviewer-user" and reviewer-user is trying to approve it. mock_api.side_effect = [ {"login": "reviewer-user"}, # user whoami lookup {"user": {"login": "reviewer-user"}, "state": "open", "head": {"sha": "abc123sha"}, "mergeable": True} # PR details ] with patch.dict(os.environ, self._env("reviewer-profile"), clear=True): res = mcp_server.gitea_check_pr_eligibility(pr_number=42, action="approve") self.assertFalse(res["eligible"]) self.assertEqual(res["active_identity"], "reviewer-user") self.assertTrue(res["self_author"]) self.assertEqual(res["required_identity"], "Any Gitea user other than PR author 'reviewer-user'") self.assertIn("Self-review/self-merge is forbidden", res["safe_next_step"]) @patch("mcp_server.api_request") @patch("mcp_server.get_auth_header", return_value="token author-pass") def test_eligibility_failure_missing_permissions(self, _auth, mock_api): # PR is authored by "someone-else" and author-user (who lacks approve) is trying to approve it. mock_api.side_effect = [ {"login": "author-user"}, # user whoami lookup {"user": {"login": "someone-else"}, "state": "open", "head": {"sha": "abc123sha"}, "mergeable": True} # PR details ] self._write_config(CONFIG_SWITCHING_ENABLED) # Enable switching to verify fixable_by_profile_switch with patch.dict(os.environ, self._env("author-profile"), clear=True): res = mcp_server.gitea_check_pr_eligibility(pr_number=42, action="approve") self.assertFalse(res["eligible"]) self.assertEqual(res["missing_permission"], "gitea.pr.approve") self.assertTrue(res["fixable_by_profile_switch"]) self.assertFalse(res["requires_different_namespace"]) self.assertIn("Switch to a reviewer profile by calling gitea_activate_profile", res["safe_next_step"]) @patch("mcp_server.api_request") @patch("mcp_server.get_auth_header", return_value="token author-pass") def test_eligibility_failure_missing_permissions_switching_disabled(self, _auth, mock_api): # PR is authored by "someone-else" and author-user (lacks approve) tries to approve it when switching is disabled. mock_api.side_effect = [ {"login": "author-user"}, # user whoami lookup {"user": {"login": "someone-else"}, "state": "open", "head": {"sha": "abc123sha"}, "mergeable": True} # PR details ] self._write_config(CONFIG_SWITCHING_DISABLED) # Disable switching with patch.dict(os.environ, self._env("author-profile"), clear=True): res = mcp_server.gitea_check_pr_eligibility(pr_number=42, action="approve") self.assertFalse(res["eligible"]) self.assertEqual(res["missing_permission"], "gitea.pr.approve") self.assertFalse(res["fixable_by_profile_switch"]) self.assertTrue(res["requires_different_namespace"]) self.assertIn("Switch to the reviewer MCP session", res["safe_next_step"])