package server
import (
"bytes"
"database/sql"
"encoding/json"
"net/http"
"net/http/httptest"
"os"
"path/filepath"
"strings"
"testing"
"codex-agent-manager/internal/app"
_ "modernc.org/sqlite"
)
func TestAgentsEndpointReturnsAgentItems(t *testing.T) {
root := t.TempDir()
agentsDir := filepath.Join(root, "agents")
if err := os.MkdirAll(agentsDir, 0o755); err != nil {
t.Fatal(err)
}
content := `name = "代码员"
description = "负责实现"
`
if err := os.WriteFile(filepath.Join(agentsDir, "coder.toml"), []byte(content), 0o644); err != nil {
t.Fatal(err)
}
req := httptest.NewRequest(http.MethodGet, "/api/agents", nil)
rec := httptest.NewRecorder()
New(app.Config{CodexHome: root, HTTPAddr: "127.0.0.1:0", WorkspaceRoot: root}).ServeHTTP(rec, req)
if rec.Code != http.StatusOK {
t.Fatalf("status = %d, body = %s", rec.Code, rec.Body.String())
}
var body struct {
Items []struct {
ID string `json:"id"`
Name string `json:"name"`
Description string `json:"description"`
ParseStatus string `json:"parseStatus"`
} `json:"items"`
}
if err := json.Unmarshal(rec.Body.Bytes(), &body); err != nil {
t.Fatalf("invalid json: %v", err)
}
if len(body.Items) != 1 || body.Items[0].Name != "代码员" || body.Items[0].ParseStatus != "valid" {
t.Fatalf("unexpected response: %#v", body)
}
}
func TestAgentsEndpointRejectsUnsupportedMethod(t *testing.T) {
req := httptest.NewRequest(http.MethodPost, "/api/agents", nil)
rec := httptest.NewRecorder()
New(app.Config{CodexHome: t.TempDir(), HTTPAddr: "127.0.0.1:0"}).ServeHTTP(rec, req)
if rec.Code != http.StatusMethodNotAllowed {
t.Fatalf("status = %d, want %d", rec.Code, http.StatusMethodNotAllowed)
}
}
func TestProjectsEndpointReturnsProjects(t *testing.T) {
root := t.TempDir()
projectPath := filepath.Join(root, "repo")
if err := os.MkdirAll(projectPath, 0o755); err != nil {
t.Fatal(err)
}
config := `[projects."` + projectPath + `"]
trust_level = "trusted"
display_name = "Repo"
`
if err := os.WriteFile(filepath.Join(root, "config.toml"), []byte(config), 0o644); err != nil {
t.Fatal(err)
}
req := httptest.NewRequest(http.MethodGet, "/api/projects", nil)
rec := httptest.NewRecorder()
New(app.Config{CodexHome: root, HTTPAddr: "127.0.0.1:0", WorkspaceRoot: root}).ServeHTTP(rec, req)
if rec.Code != http.StatusOK {
t.Fatalf("status = %d, body = %s", rec.Code, rec.Body.String())
}
var body struct {
Items []struct {
Path string `json:"path"`
DisplayName string `json:"displayName"`
TrustLevel string `json:"trustLevel"`
DirectoryExists bool `json:"directoryExists"`
} `json:"items"`
}
if err := json.Unmarshal(rec.Body.Bytes(), &body); err != nil {
t.Fatalf("invalid json: %v", err)
}
if len(body.Items) != 1 || body.Items[0].Path != projectPath || body.Items[0].DisplayName != "Repo" || !body.Items[0].DirectoryExists {
t.Fatalf("unexpected response: %#v", body)
}
}
func TestRuntimeThreadsEndpointReturnsEmptyWhenSQLiteMissing(t *testing.T) {
req := httptest.NewRequest(http.MethodGet, "/api/runtime/threads", nil)
rec := httptest.NewRecorder()
New(app.Config{CodexHome: t.TempDir(), HTTPAddr: "127.0.0.1:0"}).ServeHTTP(rec, req)
if rec.Code != http.StatusOK {
t.Fatalf("status = %d, body = %s", rec.Code, rec.Body.String())
}
var body struct {
Items []any `json:"items"`
Source struct {
Kind string `json:"kind"`
Confidence string `json:"confidence"`
} `json:"source"`
}
if err := json.Unmarshal(rec.Body.Bytes(), &body); err != nil {
t.Fatalf("invalid json: %v", err)
}
if len(body.Items) != 0 || body.Source.Kind != "sqlite_missing" || body.Source.Confidence != "low" {
t.Fatalf("unexpected response: %#v", body)
}
}
func TestRuntimeThreadsEndpointReturnsPartialSourceEvidence(t *testing.T) {
root := t.TempDir()
db, err := sql.Open("sqlite", filepath.Join(root, "goals_1.sqlite"))
if err != nil {
t.Fatal(err)
}
defer db.Close()
if _, err := db.Exec(`CREATE TABLE thread_goals (thread_id TEXT, goal TEXT, status TEXT, updated_at TEXT)`); err != nil {
t.Fatal(err)
}
req := httptest.NewRequest(http.MethodGet, "/api/runtime/threads", nil)
rec := httptest.NewRecorder()
New(app.Config{CodexHome: root, HTTPAddr: "127.0.0.1:0"}).ServeHTTP(rec, req)
if rec.Code != http.StatusOK {
t.Fatalf("status = %d, body = %s", rec.Code, rec.Body.String())
}
var body struct {
Source struct {
Kind string `json:"kind"`
Confidence string `json:"confidence"`
} `json:"source"`
Sources map[string]struct {
Kind string `json:"kind"`
Confidence string `json:"confidence"`
} `json:"sources"`
}
if err := json.Unmarshal(rec.Body.Bytes(), &body); err != nil {
t.Fatalf("invalid json: %v", err)
}
if body.Source.Kind != "sqlite_partial" || body.Source.Confidence != "medium" {
t.Fatalf("unexpected aggregate source: %#v", body.Source)
}
if body.Sources["state"].Kind != "sqlite_missing" || body.Sources["state"].Confidence != "low" {
t.Fatalf("unexpected state source: %#v", body.Sources["state"])
}
if body.Sources["goals"].Kind != "sqlite_readonly" || body.Sources["goals"].Confidence != "high" {
t.Fatalf("unexpected goals source: %#v", body.Sources["goals"])
}
}
func TestWorkflowEventsEndpointReturnsEvents(t *testing.T) {
root := t.TempDir()
if err := os.WriteFile(filepath.Join(root, "task_plan.md"), []byte("| 3 | in_progress | Runtime model |\n"), 0o644); err != nil {
t.Fatal(err)
}
req := httptest.NewRequest(http.MethodGet, "/api/workflow/events", nil)
rec := httptest.NewRecorder()
New(app.Config{CodexHome: root, HTTPAddr: "127.0.0.1:0", WorkspaceRoot: root}).ServeHTTP(rec, req)
if rec.Code != http.StatusOK {
t.Fatalf("status = %d, body = %s", rec.Code, rec.Body.String())
}
var body struct {
Items []struct {
Kind string `json:"kind"`
} `json:"items"`
}
if err := json.Unmarshal(rec.Body.Bytes(), &body); err != nil {
t.Fatalf("invalid json: %v", err)
}
if len(body.Items) != 1 || body.Items[0].Kind != "plan_file" {
t.Fatalf("unexpected response: %#v", body)
}
}
func TestReadOnlyEndpointsRejectUnsupportedMethods(t *testing.T) {
for _, path := range []string{"/api/projects", "/api/runtime/threads", "/api/workflow/events"} {
req := httptest.NewRequest(http.MethodPost, path, nil)
rec := httptest.NewRecorder()
New(app.Config{CodexHome: t.TempDir(), HTTPAddr: "127.0.0.1:0"}).ServeHTTP(rec, req)
if rec.Code != http.StatusMethodNotAllowed {
t.Fatalf("%s status = %d, want %d", path, rec.Code, http.StatusMethodNotAllowed)
}
}
}
func TestStaticFrontendServesIndexAndAssets(t *testing.T) {
root := t.TempDir()
staticDir := filepath.Join(root, "dist")
if err := os.MkdirAll(filepath.Join(staticDir, "assets"), 0o755); err != nil {
t.Fatal(err)
}
if err := os.WriteFile(filepath.Join(staticDir, "index.html"), []byte(`管理台`), 0o644); err != nil {
t.Fatal(err)
}
if err := os.WriteFile(filepath.Join(staticDir, "assets", "app.js"), []byte(`console.log("ok")`), 0o644); err != nil {
t.Fatal(err)
}
handler := New(app.Config{CodexHome: root, HTTPAddr: "127.0.0.1:0", StaticDir: staticDir})
for _, path := range []string{"/", "/workflow"} {
req := httptest.NewRequest(http.MethodGet, path, nil)
rec := httptest.NewRecorder()
handler.ServeHTTP(rec, req)
if rec.Code != http.StatusOK {
t.Fatalf("%s status = %d, body = %s", path, rec.Code, rec.Body.String())
}
if !strings.Contains(rec.Body.String(), "管理台") {
t.Fatalf("%s did not serve index.html: %s", path, rec.Body.String())
}
}
req := httptest.NewRequest(http.MethodGet, "/assets/app.js", nil)
rec := httptest.NewRecorder()
handler.ServeHTTP(rec, req)
if rec.Code != http.StatusOK || !strings.Contains(rec.Body.String(), `console.log("ok")`) {
t.Fatalf("asset status = %d, body = %s", rec.Code, rec.Body.String())
}
}
func TestStaticFrontendDoesNotMaskMissingAPIRoutes(t *testing.T) {
root := t.TempDir()
staticDir := filepath.Join(root, "dist")
if err := os.MkdirAll(staticDir, 0o755); err != nil {
t.Fatal(err)
}
if err := os.WriteFile(filepath.Join(staticDir, "index.html"), []byte(`index`), 0o644); err != nil {
t.Fatal(err)
}
req := httptest.NewRequest(http.MethodGet, "/api/missing", nil)
rec := httptest.NewRecorder()
New(app.Config{CodexHome: root, HTTPAddr: "127.0.0.1:0", StaticDir: staticDir}).ServeHTTP(rec, req)
if rec.Code != http.StatusNotFound {
t.Fatalf("status = %d, want %d, body = %s", rec.Code, http.StatusNotFound, rec.Body.String())
}
}
func TestAgentValidateEndpointReturnsDiffAndRejectsUnsupportedMethods(t *testing.T) {
root := t.TempDir()
agentsDir := filepath.Join(root, "agents")
if err := os.MkdirAll(agentsDir, 0o755); err != nil {
t.Fatal(err)
}
if err := os.WriteFile(filepath.Join(agentsDir, "backend.toml"), []byte(`name = "旧名称"`+"\n"), 0o644); err != nil {
t.Fatal(err)
}
req := httptest.NewRequest(http.MethodPost, "/api/agents/backend/validate", bytes.NewBufferString(`{"content":"name = \"新名称\"\n"}`))
rec := httptest.NewRecorder()
New(app.Config{CodexHome: root, HTTPAddr: "127.0.0.1:0"}).ServeHTTP(rec, req)
if rec.Code != http.StatusOK {
t.Fatalf("status = %d, body = %s", rec.Code, rec.Body.String())
}
var body struct {
Valid bool `json:"valid"`
Diff string `json:"diff"`
CurrentHash string `json:"currentHash"`
TargetPath string `json:"targetPath"`
}
if err := json.Unmarshal(rec.Body.Bytes(), &body); err != nil {
t.Fatalf("invalid json: %v", err)
}
if !body.Valid || body.CurrentHash == "" || body.TargetPath == "" || !strings.Contains(body.Diff, "新名称") {
t.Fatalf("unexpected validate body: %#v", body)
}
req = httptest.NewRequest(http.MethodGet, "/api/agents/backend/validate", nil)
rec = httptest.NewRecorder()
New(app.Config{CodexHome: root, HTTPAddr: "127.0.0.1:0"}).ServeHTTP(rec, req)
if rec.Code != http.StatusMethodNotAllowed {
t.Fatalf("GET validate status = %d, want %d", rec.Code, http.StatusMethodNotAllowed)
}
}
func TestAgentValidateEndpointReturnsBadRequestForInvalidBody(t *testing.T) {
req := httptest.NewRequest(http.MethodPost, "/api/agents/backend/validate", bytes.NewBufferString(`{`))
rec := httptest.NewRecorder()
New(app.Config{CodexHome: t.TempDir(), HTTPAddr: "127.0.0.1:0"}).ServeHTTP(rec, req)
if rec.Code != http.StatusBadRequest {
t.Fatalf("status = %d, body = %s", rec.Code, rec.Body.String())
}
}
func TestAgentValidateEndpointRejectsOversizeBody(t *testing.T) {
root := t.TempDir()
agentsDir := filepath.Join(root, "agents")
if err := os.MkdirAll(agentsDir, 0o755); err != nil {
t.Fatal(err)
}
if err := os.WriteFile(filepath.Join(agentsDir, "backend.toml"), []byte(`name = "旧名称"`+"\n"), 0o644); err != nil {
t.Fatal(err)
}
body := `{"content":"` + strings.Repeat("a", 1024*1024+1) + `"}`
req := httptest.NewRequest(http.MethodPost, "/api/agents/backend/validate", bytes.NewBufferString(body))
rec := httptest.NewRecorder()
New(app.Config{CodexHome: root, HTTPAddr: "127.0.0.1:0"}).ServeHTTP(rec, req)
if rec.Code != http.StatusRequestEntityTooLarge {
t.Fatalf("status = %d, want %d, body = %s", rec.Code, http.StatusRequestEntityTooLarge, rec.Body.String())
}
if !strings.Contains(rec.Body.String(), "请求体过大") {
t.Fatalf("expected Chinese oversize error, got %s", rec.Body.String())
}
}
func TestAgentValidateEndpointRejectsTrailingJSON(t *testing.T) {
root := t.TempDir()
agentsDir := filepath.Join(root, "agents")
if err := os.MkdirAll(agentsDir, 0o755); err != nil {
t.Fatal(err)
}
if err := os.WriteFile(filepath.Join(agentsDir, "backend.toml"), []byte(`name = "旧名称"`+"\n"), 0o644); err != nil {
t.Fatal(err)
}
req := httptest.NewRequest(http.MethodPost, "/api/agents/backend/validate", bytes.NewBufferString(`{"content":"name = \"新名称\"\n"} {}`))
rec := httptest.NewRecorder()
New(app.Config{CodexHome: root, HTTPAddr: "127.0.0.1:0"}).ServeHTTP(rec, req)
if rec.Code != http.StatusBadRequest {
t.Fatalf("status = %d, want %d, body = %s", rec.Code, http.StatusBadRequest, rec.Body.String())
}
if !strings.Contains(rec.Body.String(), "请求体不是有效 JSON") {
t.Fatalf("expected Chinese invalid JSON error, got %s", rec.Body.String())
}
}
func TestAgentWritebackErrorsAreSanitized(t *testing.T) {
root := t.TempDir()
if err := os.MkdirAll(filepath.Join(root, "agents"), 0o755); err != nil {
t.Fatal(err)
}
req := httptest.NewRequest(http.MethodPost, "/api/agents/missing/validate", bytes.NewBufferString(`{"content":"name = \"新名称\"\n"}`))
rec := httptest.NewRecorder()
New(app.Config{CodexHome: root, HTTPAddr: "127.0.0.1:0"}).ServeHTTP(rec, req)
if rec.Code != http.StatusNotFound {
t.Fatalf("status = %d, want %d, body = %s", rec.Code, http.StatusNotFound, rec.Body.String())
}
if strings.Contains(rec.Body.String(), root) || strings.Contains(rec.Body.String(), "no such file") || !strings.Contains(rec.Body.String(), "目标智能体不存在") {
t.Fatalf("error leaked path or raw OS text: %s", rec.Body.String())
}
}
func TestAgentWriteEndpointCreatesBackupAndRejectsConflicts(t *testing.T) {
root := t.TempDir()
agentsDir := filepath.Join(root, "agents")
target := filepath.Join(agentsDir, "backend.toml")
if err := os.MkdirAll(agentsDir, 0o755); err != nil {
t.Fatal(err)
}
if err := os.WriteFile(target, []byte(`name = "旧名称"`+"\n"), 0o644); err != nil {
t.Fatal(err)
}
handler := New(app.Config{CodexHome: root, HTTPAddr: "127.0.0.1:0"})
validateReq := httptest.NewRequest(http.MethodPost, "/api/agents/backend/validate", bytes.NewBufferString(`{"content":"name = \"新名称\"\n"}`))
validateRec := httptest.NewRecorder()
handler.ServeHTTP(validateRec, validateReq)
if validateRec.Code != http.StatusOK {
t.Fatalf("validate status = %d, body = %s", validateRec.Code, validateRec.Body.String())
}
var validation struct {
CurrentHash string `json:"currentHash"`
}
if err := json.Unmarshal(validateRec.Body.Bytes(), &validation); err != nil {
t.Fatal(err)
}
writeBody := `{"content":"name = \"新名称\"\n","expectedHash":"` + validation.CurrentHash + `"}`
writeReq := httptest.NewRequest(http.MethodPost, "/api/agents/backend/write", bytes.NewBufferString(writeBody))
writeRec := httptest.NewRecorder()
handler.ServeHTTP(writeRec, writeReq)
if writeRec.Code != http.StatusOK {
t.Fatalf("write status = %d, body = %s", writeRec.Code, writeRec.Body.String())
}
var written struct {
Status string `json:"status"`
TargetPath string `json:"targetPath"`
BackupPath string `json:"backupPath"`
}
if err := json.Unmarshal(writeRec.Body.Bytes(), &written); err != nil {
t.Fatal(err)
}
if written.Status != "written" || written.TargetPath != target || written.BackupPath == "" {
t.Fatalf("unexpected write body: %#v", written)
}
if data, err := os.ReadFile(target); err != nil || string(data) != `name = "新名称"`+"\n" {
t.Fatalf("target content = %q, err = %v", string(data), err)
}
conflictReq := httptest.NewRequest(http.MethodPost, "/api/agents/backend/write", bytes.NewBufferString(writeBody))
conflictRec := httptest.NewRecorder()
handler.ServeHTTP(conflictRec, conflictReq)
if conflictRec.Code != http.StatusConflict {
t.Fatalf("conflict status = %d, want %d, body = %s", conflictRec.Code, http.StatusConflict, conflictRec.Body.String())
}
getReq := httptest.NewRequest(http.MethodGet, "/api/agents/backend/write", nil)
getRec := httptest.NewRecorder()
handler.ServeHTTP(getRec, getReq)
if getRec.Code != http.StatusMethodNotAllowed {
t.Fatalf("GET write status = %d, want %d", getRec.Code, http.StatusMethodNotAllowed)
}
}