257 lines
12 KiB
Python
257 lines
12 KiB
Python
"""Tests for runtime context, profile activation, profile listing, and enhanced error clarity.
|
|
|
|
Covers Issue #131 requirements.
|
|
"""
|
|
import os
|
|
import sys
|
|
import json
|
|
import tempfile
|
|
import unittest
|
|
from unittest.mock import patch, MagicMock
|
|
|
|
sys.path.insert(0, str(__import__("pathlib").Path(__file__).resolve().parent.parent))
|
|
|
|
import gitea_config
|
|
import gitea_auth
|
|
import mcp_server
|
|
|
|
CONFIG_SWITCHING_DISABLED = {
|
|
"version": 2,
|
|
"contexts": {
|
|
"ctx": {
|
|
"enabled": True,
|
|
"gitea": {
|
|
"enabled": True,
|
|
"base_url": "https://gitea.example.com"
|
|
}
|
|
}
|
|
},
|
|
"profiles": {
|
|
"author-profile": {
|
|
"enabled": True,
|
|
"context": "ctx",
|
|
"role": "author",
|
|
"username": "author-user",
|
|
"auth": {"type": "env", "name": "GITEA_TOKEN_AUTHOR"},
|
|
"allowed_operations": ["gitea.read", "gitea.pr.create", "gitea.branch.push"],
|
|
"forbidden_operations": ["gitea.pr.approve", "gitea.pr.merge"],
|
|
"execution_profile": "author-profile"
|
|
},
|
|
"reviewer-profile": {
|
|
"enabled": True,
|
|
"context": "ctx",
|
|
"role": "reviewer",
|
|
"username": "reviewer-user",
|
|
"auth": {"type": "env", "name": "GITEA_TOKEN_REVIEWER"},
|
|
"allowed_operations": ["gitea.read", "gitea.pr.approve", "gitea.pr.merge"],
|
|
"forbidden_operations": ["gitea.pr.create", "gitea.branch.push"],
|
|
"execution_profile": "reviewer-profile"
|
|
}
|
|
},
|
|
"rules": {
|
|
"allow_runtime_switching": False
|
|
}
|
|
}
|
|
|
|
CONFIG_SWITCHING_ENABLED = {
|
|
**CONFIG_SWITCHING_DISABLED,
|
|
"rules": {
|
|
"allow_runtime_switching": True
|
|
}
|
|
}
|
|
|
|
class TestRuntimeClarity(unittest.TestCase):
|
|
def setUp(self):
|
|
self._remotes_patch = patch.dict(mcp_server.REMOTES, {
|
|
"dadeschools": {"host": "gitea.example.com", "org": "Example-Org", "repo": "Example-Repo"},
|
|
"prgs": {"host": "gitea.example.com", "org": "Example-Org", "repo": "Example-Repo"}
|
|
})
|
|
self._remotes_patch.start()
|
|
mcp_server._IDENTITY_CACHE.clear()
|
|
gitea_config._active_profile_override = None
|
|
self._dir = tempfile.TemporaryDirectory()
|
|
self.config_path = os.path.join(self._dir.name, "profiles.json")
|
|
self._write_config(CONFIG_SWITCHING_DISABLED)
|
|
|
|
def tearDown(self):
|
|
self._remotes_patch.stop()
|
|
mcp_server._IDENTITY_CACHE.clear()
|
|
gitea_config._active_profile_override = None
|
|
self._dir.cleanup()
|
|
|
|
def _write_config(self, obj):
|
|
with open(self.config_path, "w", encoding="utf-8") as fh:
|
|
fh.write(json.dumps(obj))
|
|
|
|
def _env(self, profile="author-profile", reveal="0"):
|
|
return {
|
|
"GITEA_MCP_CONFIG": self.config_path,
|
|
"GITEA_MCP_PROFILE": profile,
|
|
"GITEA_MCP_REVEAL_ENDPOINTS": reveal,
|
|
"GITEA_TOKEN_AUTHOR": "author-pass",
|
|
"GITEA_TOKEN_REVIEWER": "reviewer-pass",
|
|
}
|
|
|
|
# -------------------------------------------------------------------------
|
|
# gitea_get_runtime_context
|
|
# -------------------------------------------------------------------------
|
|
@patch("mcp_server.api_request", return_value={"login": "author-user"})
|
|
@patch("mcp_server.get_auth_header", return_value="token author-pass")
|
|
def test_get_runtime_context_author(self, _auth, _api):
|
|
with patch.dict(os.environ, self._env("author-profile"), clear=True):
|
|
ctx = mcp_server.gitea_get_runtime_context(remote="dadeschools")
|
|
self.assertEqual(ctx["active_profile"], "author-profile")
|
|
self.assertEqual(ctx["authenticated_username"], "author-user")
|
|
self.assertEqual(ctx["config_model"], "v2-contexts")
|
|
self.assertEqual(ctx["profile_source"], "config file profile")
|
|
self.assertFalse(ctx["runtime_switching_supported"])
|
|
self.assertEqual(ctx["profile_mode"], "static-profile")
|
|
self.assertFalse(ctx["review_merge_allowed"])
|
|
self.assertEqual(ctx["suggested_fix"], "reviewer namespace")
|
|
self.assertIn("does not permit review or merge", ctx["review_merge_blocked_reasons"][0])
|
|
self.assertIn("Switch to the reviewer MCP session", ctx["safe_next_action"])
|
|
|
|
@patch("mcp_server.api_request", return_value={"login": "reviewer-user"})
|
|
@patch("mcp_server.get_auth_header", return_value="token reviewer-pass")
|
|
def test_get_runtime_context_reviewer(self, _auth, _api):
|
|
with patch.dict(os.environ, self._env("reviewer-profile"), clear=True):
|
|
ctx = mcp_server.gitea_get_runtime_context(remote="dadeschools")
|
|
self.assertEqual(ctx["active_profile"], "reviewer-profile")
|
|
self.assertEqual(ctx["authenticated_username"], "reviewer-user")
|
|
self.assertTrue(ctx["review_merge_allowed"])
|
|
self.assertEqual(ctx["suggested_fix"], "none")
|
|
self.assertEqual(ctx["safe_next_action"], "None; ready for operations.")
|
|
|
|
# -------------------------------------------------------------------------
|
|
# gitea_list_profiles
|
|
# -------------------------------------------------------------------------
|
|
@patch("mcp_server.api_request", return_value={"login": "author-user"})
|
|
@patch("mcp_server.get_auth_header", return_value="token author-pass")
|
|
def test_list_profiles_redacted_by_default(self, _auth, _api):
|
|
with patch.dict(os.environ, self._env("author-profile", reveal="0"), clear=True):
|
|
res = mcp_server.gitea_list_profiles()
|
|
profiles = res["profiles"]
|
|
self.assertEqual(len(profiles), 2)
|
|
|
|
author_prof = next(p for p in profiles if p["name"] == "author-profile")
|
|
self.assertTrue(author_prof["is_active"])
|
|
self.assertEqual(author_prof["role_kind"], "author")
|
|
self.assertEqual(author_prof["auth"]["name"], "<redacted>")
|
|
self.assertEqual(author_prof["base_url"], "<redacted>")
|
|
self.assertEqual(author_prof["identity_status"], "verified")
|
|
|
|
reviewer_prof = next(p for p in profiles if p["name"] == "reviewer-profile")
|
|
self.assertFalse(reviewer_prof["is_active"])
|
|
self.assertEqual(reviewer_prof["role_kind"], "reviewer")
|
|
self.assertEqual(reviewer_prof["auth"]["name"], "<redacted>")
|
|
self.assertEqual(reviewer_prof["base_url"], "<redacted>")
|
|
self.assertEqual(reviewer_prof["identity_status"], "credentials present")
|
|
|
|
@patch("mcp_server.api_request", return_value={"login": "author-user"})
|
|
@patch("mcp_server.get_auth_header", return_value="token author-pass")
|
|
def test_list_profiles_revealed_under_opt_in(self, _auth, _api):
|
|
with patch.dict(os.environ, self._env("author-profile", reveal="1"), clear=True):
|
|
res = mcp_server.gitea_list_profiles()
|
|
profiles = res["profiles"]
|
|
|
|
author_prof = next(p for p in profiles if p["name"] == "author-profile")
|
|
self.assertEqual(author_prof["auth"]["name"], "GITEA_TOKEN_AUTHOR")
|
|
self.assertEqual(author_prof["base_url"], "https://gitea.example.com")
|
|
|
|
# -------------------------------------------------------------------------
|
|
# gitea_activate_profile
|
|
# -------------------------------------------------------------------------
|
|
def test_activate_profile_fails_when_disabled(self):
|
|
self._write_config(CONFIG_SWITCHING_DISABLED)
|
|
with patch.dict(os.environ, self._env("author-profile"), clear=True):
|
|
res = mcp_server.gitea_activate_profile(profile_name="reviewer-profile")
|
|
self.assertFalse(res["success"])
|
|
self.assertIn("switching is disabled", res["message"].lower())
|
|
self.assertIsNone(gitea_config._active_profile_override)
|
|
|
|
@patch("mcp_server.api_request")
|
|
@patch("mcp_server.get_auth_header")
|
|
def test_activate_profile_succeeds_when_enabled(self, mock_auth, mock_api):
|
|
self._write_config(CONFIG_SWITCHING_ENABLED)
|
|
|
|
# Setup mock responses for whoami checks
|
|
mock_auth.side_effect = ["token author-pass", "token reviewer-pass"]
|
|
mock_api.side_effect = [{"login": "author-user"}, {"login": "reviewer-user"}]
|
|
|
|
with patch.dict(os.environ, self._env("author-profile"), clear=True):
|
|
# Check before state
|
|
self.assertEqual(gitea_config.selected_profile_name(), "author-profile")
|
|
|
|
res = mcp_server.gitea_activate_profile(profile_name="reviewer-profile")
|
|
|
|
self.assertTrue(res["success"])
|
|
self.assertEqual(res["before_profile"], "author-profile")
|
|
self.assertEqual(res["before_identity"], "author-user")
|
|
self.assertEqual(res["after_profile"], "reviewer-profile")
|
|
self.assertEqual(res["after_identity"], "reviewer-user")
|
|
|
|
# Global variable override should be set
|
|
self.assertEqual(gitea_config._active_profile_override, "reviewer-profile")
|
|
self.assertEqual(gitea_config.selected_profile_name(), "reviewer-profile")
|
|
|
|
# -------------------------------------------------------------------------
|
|
# gitea_check_pr_eligibility enhanced error clarity
|
|
# -------------------------------------------------------------------------
|
|
@patch("mcp_server.api_request")
|
|
@patch("mcp_server.get_auth_header", return_value="token reviewer-pass")
|
|
def test_eligibility_failure_self_author(self, _auth, mock_api):
|
|
# PR is authored by "reviewer-user" and reviewer-user is trying to approve it.
|
|
mock_api.side_effect = [
|
|
{"login": "reviewer-user"}, # user whoami lookup
|
|
{"user": {"login": "reviewer-user"}, "state": "open", "head": {"sha": "abc123sha"}, "mergeable": True} # PR details
|
|
]
|
|
|
|
with patch.dict(os.environ, self._env("reviewer-profile"), clear=True):
|
|
res = mcp_server.gitea_check_pr_eligibility(pr_number=42, action="approve")
|
|
|
|
self.assertFalse(res["eligible"])
|
|
self.assertEqual(res["active_identity"], "reviewer-user")
|
|
self.assertTrue(res["self_author"])
|
|
self.assertEqual(res["required_identity"], "Any Gitea user other than PR author 'reviewer-user'")
|
|
self.assertIn("Self-review/self-merge is forbidden", res["safe_next_step"])
|
|
|
|
@patch("mcp_server.api_request")
|
|
@patch("mcp_server.get_auth_header", return_value="token author-pass")
|
|
def test_eligibility_failure_missing_permissions(self, _auth, mock_api):
|
|
# PR is authored by "someone-else" and author-user (who lacks approve) is trying to approve it.
|
|
mock_api.side_effect = [
|
|
{"login": "author-user"}, # user whoami lookup
|
|
{"user": {"login": "someone-else"}, "state": "open", "head": {"sha": "abc123sha"}, "mergeable": True} # PR details
|
|
]
|
|
|
|
self._write_config(CONFIG_SWITCHING_ENABLED) # Enable switching to verify fixable_by_profile_switch
|
|
|
|
with patch.dict(os.environ, self._env("author-profile"), clear=True):
|
|
res = mcp_server.gitea_check_pr_eligibility(pr_number=42, action="approve")
|
|
|
|
self.assertFalse(res["eligible"])
|
|
self.assertEqual(res["missing_permission"], "gitea.pr.approve")
|
|
self.assertTrue(res["fixable_by_profile_switch"])
|
|
self.assertFalse(res["requires_different_namespace"])
|
|
self.assertIn("Switch to a reviewer profile by calling gitea_activate_profile", res["safe_next_step"])
|
|
|
|
@patch("mcp_server.api_request")
|
|
@patch("mcp_server.get_auth_header", return_value="token author-pass")
|
|
def test_eligibility_failure_missing_permissions_switching_disabled(self, _auth, mock_api):
|
|
# PR is authored by "someone-else" and author-user (lacks approve) tries to approve it when switching is disabled.
|
|
mock_api.side_effect = [
|
|
{"login": "author-user"}, # user whoami lookup
|
|
{"user": {"login": "someone-else"}, "state": "open", "head": {"sha": "abc123sha"}, "mergeable": True} # PR details
|
|
]
|
|
|
|
self._write_config(CONFIG_SWITCHING_DISABLED) # Disable switching
|
|
|
|
with patch.dict(os.environ, self._env("author-profile"), clear=True):
|
|
res = mcp_server.gitea_check_pr_eligibility(pr_number=42, action="approve")
|
|
|
|
self.assertFalse(res["eligible"])
|
|
self.assertEqual(res["missing_permission"], "gitea.pr.approve")
|
|
self.assertFalse(res["fixable_by_profile_switch"])
|
|
self.assertTrue(res["requires_different_namespace"])
|
|
self.assertIn("Switch to the reviewer MCP session", res["safe_next_step"])
|