github/OpenHands
1
1
Fork 0
mirror of https://github.com/All-Hands-AI/OpenHands.git synced 2026-01-09 14:57:59 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/main' into ALL-2596/org-support

Browse Source
This commit is contained in:
amanape
2025-12-23 17:55:14 +04:00
parent 5362391045 fae83230ee
commit d1a9731534
273 changed files with 10772 additions and 4661 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
.github/CODEOWNERS vendored
View File

@@ -1,12 +1,8 @@
# CODEOWNERS file for OpenHands repository
# See https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
# Frontend code owners
/frontend/ @amanape
/openhands-ui/ @amanape
# Evaluation code owners
/frontend/ @amanape @hieptl
/openhands-ui/ @amanape @hieptl
/openhands/ @tofarr @malhotra5 @hieptl
/enterprise/ @chuckbutkus @tofarr @malhotra5
/evaluation/ @xingyaoww @neubig
# Documentation code owners
/docs/ @mamoodi

47
.github/workflows/fe-e2e-tests.yml vendored Normal file
View File

@@ -0,0 +1,47 @@
# Workflow that runs frontend e2e tests with Playwright
name: Run Frontend E2E Tests
on:
push:
branches:
- main
pull_request:
paths:
- "frontend/**"
- ".github/workflows/fe-e2e-tests.yml"
concurrency:
group: ${{ github.workflow }}-${{ (github.head_ref && github.ref) || github.run_id }}
cancel-in-progress: true
jobs:
fe-e2e-test:
name: FE E2E Tests
runs-on: blacksmith-4vcpu-ubuntu-2204
strategy:
matrix:
node-version: [22]
fail-fast: true
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Node.js
uses: useblacksmith/setup-node@v5
with:
node-version: ${{ matrix.node-version }}
- name: Install dependencies
working-directory: ./frontend
run: npm ci
- name: Install Playwright browsers
working-directory: ./frontend
run: npx playwright install --with-deps chromium
- name: Run Playwright tests
working-directory: ./frontend
run: npx playwright test --project=chromium
- name: Upload Playwright report
uses: actions/upload-artifact@v4
if: always()
with:
name: playwright-report
path: frontend/playwright-report/
retention-days: 30

2
.openhands/microagents/repo.md
View File

@@ -63,7 +63,7 @@ Frontend:
- We use TanStack Query (fka React Query) for data fetching and cache management
- Data Access Layer: API client methods are located in `frontend/src/api` and should never be called directly from UI components - they must always be wrapped with TanStack Query
- Custom hooks are located in `frontend/src/hooks/query/` and `frontend/src/hooks/mutation/`
- Query hooks should follow the pattern use[Resource] (e.g., `useConversationMicroagents`)
- Query hooks should follow the pattern use[Resource] (e.g., `useConversationSkills`)
- Mutation hooks should follow the pattern use[Action] (e.g., `useDeleteConversation`)
- Architecture rule: UI components → TanStack Query hooks → Data Access Layer (`frontend/src/api`) → API endpoints

2
Development.md
View File

@@ -161,7 +161,7 @@ poetry run pytest ./tests/unit/test_*.py
To reduce build time (e.g., if no changes were made to the client-runtime component), you can use an existing Docker
container image by setting the SANDBOX_RUNTIME_CONTAINER_IMAGE environment variable to the desired Docker image.
Example: `export SANDBOX_RUNTIME_CONTAINER_IMAGE=ghcr.io/openhands/runtime:0.62-nikolaik`
Example: `export SANDBOX_RUNTIME_CONTAINER_IMAGE=ghcr.io/openhands/runtime:1.0-nikolaik`
## Develop inside Docker container

2
README.md
View File

@@ -8,7 +8,7 @@
<div align="center">
<a href="https://github.com/OpenHands/OpenHands/blob/main/LICENSE"><img src="https://img.shields.io/badge/LICENSE-MIT-20B2AA?style=for-the-badge" alt="MIT License"></a>
<a href="https://docs.google.com/spreadsheets/d/1wOUdFCMyY6Nt0AIqF705KN4JKOWgeI4wUGUP60krXXs/edit?gid=811504672#gid=811504672"><img src="https://img.shields.io/badge/SWEBench-72.8-00cc00?logoColor=FFE165&style=for-the-badge" alt="Benchmark Score"></a>
<a href="https://docs.google.com/spreadsheets/d/1wOUdFCMyY6Nt0AIqF705KN4JKOWgeI4wUGUP60krXXs/edit?gid=811504672#gid=811504672"><img src="https://img.shields.io/badge/SWEBench-77.6-00cc00?logoColor=FFE165&style=for-the-badge" alt="Benchmark Score"></a>
<br/>
<a href="https://docs.openhands.dev/sdk"><img src="https://img.shields.io/badge/Documentation-000?logo=googledocs&logoColor=FFE165&style=for-the-badge" alt="Check out the documentation"></a>
<a href="https://arxiv.org/abs/2511.03690"><img src="https://img.shields.io/badge/Paper-000?logoColor=FFE165&logo=arxiv&style=for-the-badge" alt="Tech Report"></a>

2
containers/dev/compose.yml
View File

@@ -12,7 +12,7 @@ services:
- SANDBOX_API_HOSTNAME=host.docker.internal
- DOCKER_HOST_ADDR=host.docker.internal
#
- SANDBOX_RUNTIME_CONTAINER_IMAGE=${SANDBOX_RUNTIME_CONTAINER_IMAGE:-ghcr.io/openhands/runtime:0.62-nikolaik}
- SANDBOX_RUNTIME_CONTAINER_IMAGE=${SANDBOX_RUNTIME_CONTAINER_IMAGE:-ghcr.io/openhands/runtime:1.0-nikolaik}
- SANDBOX_USER_ID=${SANDBOX_USER_ID:-1234}
- WORKSPACE_MOUNT_PATH=${WORKSPACE_BASE:-$PWD/workspace}
ports:

2
docker-compose.yml
View File

@@ -7,7 +7,7 @@ services:
image: openhands:latest
container_name: openhands-app-${DATE:-}
environment:
- SANDBOX_RUNTIME_CONTAINER_IMAGE=${SANDBOX_RUNTIME_CONTAINER_IMAGE:-docker.openhands.dev/openhands/runtime:0.62-nikolaik}
- SANDBOX_RUNTIME_CONTAINER_IMAGE=${SANDBOX_RUNTIME_CONTAINER_IMAGE:-docker.openhands.dev/openhands/runtime:1.0-nikolaik}
#- SANDBOX_USER_ID=${SANDBOX_USER_ID:-1234} # enable this only if you want a specific non-root sandbox user but you will have to manually adjust permissions of ~/.openhands for this user
- WORKSPACE_MOUNT_PATH=${WORKSPACE_BASE:-$PWD/workspace}
ports:

3
enterprise/Dockerfile
View File

@@ -31,9 +31,8 @@ RUN pip install alembic psycopg2-binary cloud-sql-python-connector pg8000 gsprea
"pillow>=11.3.0"
WORKDIR /app
COPY enterprise .
COPY --chown=openhands:openhands --chmod=770 enterprise .
RUN chown -R openhands:openhands /app && chmod -R 770 /app
USER openhands
# Command will be overridden by Kubernetes deployment template

1
enterprise/allhands-realm-github-provider.json.tmpl
View File

@@ -721,6 +721,7 @@
"https://$WEB_HOST/oauth/keycloak/callback",
"https://$WEB_HOST/oauth/keycloak/offline/callback",
"https://$WEB_HOST/slack/keycloak-callback",
"https://$WEB_HOST/oauth/device/keycloak-callback",
"https://$WEB_HOST/api/email/verified",
"/realms/$KEYCLOAK_REALM_NAME/$KEYCLOAK_CLIENT_ID/*"
],

2
enterprise/enterprise_local/convert_to_env.py
View File

@@ -116,7 +116,7 @@ lines.append('POSTHOG_CLIENT_KEY=test')
lines.append('ENABLE_PROACTIVE_CONVERSATION_STARTERS=true')
lines.append('MAX_CONCURRENT_CONVERSATIONS=10')
lines.append('LITE_LLM_API_URL=https://llm-proxy.eval.all-hands.dev')
lines.append('LITELLM_DEFAULT_MODEL=litellm_proxy/claude-sonnet-4-20250514')
lines.append('LITELLM_DEFAULT_MODEL=litellm_proxy/claude-opus-4-5-20251101')
lines.append(f'LITE_LLM_API_KEY={lite_llm_api_key}')
lines.append('LOCAL_DEPLOYMENT=true')
lines.append('DB_HOST=localhost')

24
enterprise/integrations/github/github_view.py
View File

@@ -13,6 +13,7 @@ from integrations.resolver_context import ResolverUserContext
from integrations.types import ResolverViewInterface, UserData
from integrations.utils import (
ENABLE_PROACTIVE_CONVERSATION_STARTERS,
ENABLE_V1_GITHUB_RESOLVER,
HOST,
HOST_URL,
get_oh_labels,
@@ -95,7 +96,15 @@ async def get_user_v1_enabled_setting(user_id: str) -> bool:
Returns:
True if V1 conversations are enabled for this user, False otherwise
Note:
This function checks both the global environment variable kill switch AND
the user's individual setting. Both must be true for the function to return true.
"""
# Check the global environment variable first
if not ENABLE_V1_GITHUB_RESOLVER:
return False
config = get_config()
settings_store = SaasSettingsStore(
user_id=user_id, session_maker=session_maker, config=config
@@ -236,7 +245,7 @@ class GithubIssue(ResolverViewInterface):
conversation_metadata: ConversationMetadata,
):
"""Create conversation using the legacy V0 system."""
logger.info('[GitHub V1]: Creating V0 conversation')
logger.info('[GitHub]: Creating V0 conversation')
custom_secrets = await self._get_user_secrets()
user_instructions, conversation_instructions = await self._get_instructions(
@@ -382,7 +391,18 @@ class GithubPRComment(GithubIssueComment):
return user_instructions, conversation_instructions
async def initialize_new_conversation(self) -> ConversationMetadata:
# FIXME: Handle if initialize_conversation returns None
v1_enabled = await get_user_v1_enabled_setting(self.user_info.keycloak_user_id)
logger.info(
f'[GitHub V1]: User flag found for {self.user_info.keycloak_user_id} is {v1_enabled}'
)
if v1_enabled:
# Create dummy conversationm metadata
# Don't save to conversation store
# V1 conversations are stored in a separate table
return ConversationMetadata(
conversation_id=uuid4().hex, selected_repository=self.full_repo_name
)
conversation_metadata: ConversationMetadata = await initialize_conversation( # type: ignore[assignment]
user_id=self.user_info.keycloak_user_id,
conversation_id=None,

2
enterprise/integrations/resolver_context.py
View File

@@ -2,7 +2,7 @@ from openhands.app_server.user.user_context import UserContext
from openhands.app_server.user.user_models import UserInfo
from openhands.integrations.provider import PROVIDER_TOKEN_TYPE
from openhands.integrations.service_types import ProviderType
from openhands.sdk.conversation.secret_source import SecretSource, StaticSecret
from openhands.sdk.secret import SecretSource, StaticSecret
from openhands.server.user_auth.user_auth import UserAuth

5
enterprise/integrations/utils.py
View File

@@ -51,6 +51,11 @@ ENABLE_SOLVABILITY_ANALYSIS = (
os.getenv('ENABLE_SOLVABILITY_ANALYSIS', 'false').lower() == 'true'
)
# Toggle for V1 GitHub resolver feature
ENABLE_V1_GITHUB_RESOLVER = (
os.getenv('ENABLE_V1_GITHUB_RESOLVER', 'false').lower() == 'true'
)
OPENHANDS_RESOLVER_TEMPLATES_DIR = 'openhands/integrations/templates/resolver/'
jinja_env = Environment(loader=FileSystemLoader(OPENHANDS_RESOLVER_TEMPLATES_DIR))

49
enterprise/migrations/versions/084_create_device_codes_table.py Normal file
View File

@@ -0,0 +1,49 @@
"""Create device_codes table for OAuth 2.0 Device Flow
Revision ID: 084
Revises: 083
Create Date: 2024-12-10 12:00:00.000000
"""
import sqlalchemy as sa
from alembic import op
# revision identifiers, used by Alembic.
revision = '084'
down_revision = '083'
branch_labels = None
depends_on = None
def upgrade():
"""Create device_codes table for OAuth 2.0 Device Flow."""
op.create_table(
'device_codes',
sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
sa.Column('device_code', sa.String(length=128), nullable=False),
sa.Column('user_code', sa.String(length=16), nullable=False),
sa.Column('status', sa.String(length=32), nullable=False),
sa.Column('keycloak_user_id', sa.String(length=255), nullable=True),
sa.Column('expires_at', sa.DateTime(timezone=True), nullable=False),
sa.Column('authorized_at', sa.DateTime(timezone=True), nullable=True),
# Rate limiting fields for RFC 8628 section 3.5 compliance
sa.Column('last_poll_time', sa.DateTime(timezone=True), nullable=True),
sa.Column('current_interval', sa.Integer(), nullable=False, default=5),
sa.PrimaryKeyConstraint('id'),
)
# Create indexes for efficient lookups
op.create_index(
'ix_device_codes_device_code', 'device_codes', ['device_code'], unique=True
)
op.create_index(
'ix_device_codes_user_code', 'device_codes', ['user_code'], unique=True
)
def downgrade():
"""Drop device_codes table."""
op.drop_index('ix_device_codes_user_code', table_name='device_codes')
op.drop_index('ix_device_codes_device_code', table_name='device_codes')
op.drop_table('device_codes')

39
enterprise/poetry.lock generated
View File

@@ -4624,14 +4624,14 @@ files = [
[[package]]
name = "lmnr"
version = "0.7.20"
version = "0.7.24"
description = "Python SDK for Laminar"
optional = false
python-versions = "<4,>=3.10"
groups = ["main"]
files = [
{file = "lmnr-0.7.20-py3-none-any.whl", hash = "sha256:5f9fa7444e6f96c25e097f66484ff29e632bdd1de0e9346948bf5595f4a8af38"},
{file = "lmnr-0.7.20.tar.gz", hash = "sha256:1f484cd618db2d71af65f90a0b8b36d20d80dc91a5138b811575c8677bf7c4fd"},
{file = "lmnr-0.7.24-py3-none-any.whl", hash = "sha256:ad780d4a62ece897048811f3368639c240a9329ab31027da8c96545137a3a08a"},
{file = "lmnr-0.7.24.tar.gz", hash = "sha256:aa6973f46fc4ba95c9061c1feceb58afc02eb43c9376c21e32545371ff6123d7"},
]
[package.dependencies]
@@ -4654,14 +4654,15 @@ tqdm = ">=4.0"
[package.extras]
alephalpha = ["opentelemetry-instrumentation-alephalpha (>=0.47.1)"]
all = ["opentelemetry-instrumentation-alephalpha (>=0.47.1)", "opentelemetry-instrumentation-bedrock (>=0.47.1)", "opentelemetry-instrumentation-chromadb (>=0.47.1)", "opentelemetry-instrumentation-cohere (>=0.47.1)", "opentelemetry-instrumentation-crewai (>=0.47.1)", "opentelemetry-instrumentation-haystack (>=0.47.1)", "opentelemetry-instrumentation-lancedb (>=0.47.1)", "opentelemetry-instrumentation-langchain (>=0.47.1)", "opentelemetry-instrumentation-llamaindex (>=0.47.1)", "opentelemetry-instrumentation-marqo (>=0.47.1)", "opentelemetry-instrumentation-mcp (>=0.47.1)", "opentelemetry-instrumentation-milvus (>=0.47.1)", "opentelemetry-instrumentation-mistralai (>=0.47.1)", "opentelemetry-instrumentation-ollama (>=0.47.1)", "opentelemetry-instrumentation-pinecone (>=0.47.1)", "opentelemetry-instrumentation-qdrant (>=0.47.1)", "opentelemetry-instrumentation-replicate (>=0.47.1)", "opentelemetry-instrumentation-sagemaker (>=0.47.1)", "opentelemetry-instrumentation-together (>=0.47.1)", "opentelemetry-instrumentation-transformers (>=0.47.1)", "opentelemetry-instrumentation-vertexai (>=0.47.1)", "opentelemetry-instrumentation-watsonx (>=0.47.1)", "opentelemetry-instrumentation-weaviate (>=0.47.1)"]
all = ["opentelemetry-instrumentation-alephalpha (>=0.47.1)", "opentelemetry-instrumentation-bedrock (>=0.47.1)", "opentelemetry-instrumentation-chromadb (>=0.47.1)", "opentelemetry-instrumentation-cohere (>=0.47.1)", "opentelemetry-instrumentation-crewai (>=0.47.1)", "opentelemetry-instrumentation-haystack (>=0.47.1)", "opentelemetry-instrumentation-lancedb (>=0.47.1)", "opentelemetry-instrumentation-langchain (>=0.47.1,<0.48.0)", "opentelemetry-instrumentation-llamaindex (>=0.47.1)", "opentelemetry-instrumentation-marqo (>=0.47.1)", "opentelemetry-instrumentation-mcp (>=0.47.1)", "opentelemetry-instrumentation-milvus (>=0.47.1)", "opentelemetry-instrumentation-mistralai (>=0.47.1)", "opentelemetry-instrumentation-ollama (>=0.47.1)", "opentelemetry-instrumentation-pinecone (>=0.47.1)", "opentelemetry-instrumentation-qdrant (>=0.47.1)", "opentelemetry-instrumentation-replicate (>=0.47.1)", "opentelemetry-instrumentation-sagemaker (>=0.47.1)", "opentelemetry-instrumentation-together (>=0.47.1)", "opentelemetry-instrumentation-transformers (>=0.47.1)", "opentelemetry-instrumentation-vertexai (>=0.47.1)", "opentelemetry-instrumentation-watsonx (>=0.47.1)", "opentelemetry-instrumentation-weaviate (>=0.47.1)"]
bedrock = ["opentelemetry-instrumentation-bedrock (>=0.47.1)"]
chromadb = ["opentelemetry-instrumentation-chromadb (>=0.47.1)"]
claude-agent-sdk = ["lmnr-claude-code-proxy (>=0.1.0a5)"]
cohere = ["opentelemetry-instrumentation-cohere (>=0.47.1)"]
crewai = ["opentelemetry-instrumentation-crewai (>=0.47.1)"]
haystack = ["opentelemetry-instrumentation-haystack (>=0.47.1)"]
lancedb = ["opentelemetry-instrumentation-lancedb (>=0.47.1)"]
langchain = ["opentelemetry-instrumentation-langchain (>=0.47.1)"]
langchain = ["opentelemetry-instrumentation-langchain (>=0.47.1,<0.48.0)"]
llamaindex = ["opentelemetry-instrumentation-llamaindex (>=0.47.1)"]
marqo = ["opentelemetry-instrumentation-marqo (>=0.47.1)"]
mcp = ["opentelemetry-instrumentation-mcp (>=0.47.1)"]
@@ -5835,14 +5836,14 @@ llama = ["llama-index (>=0.12.29,<0.13.0)", "llama-index-core (>=0.12.29,<0.13.0
[[package]]
name = "openhands-agent-server"
version = "1.4.1"
version = "1.6.0"
description = "OpenHands Agent Server - REST/WebSocket interface for OpenHands AI Agent"
optional = false
python-versions = ">=3.12"
groups = ["main"]
files = [
{file = "openhands_agent_server-1.4.1-py3-none-any.whl", hash = "sha256:1e621d15215a48e2398e23c58a791347f06c215c2344053aeb26b562c34a44ee"},
{file = "openhands_agent_server-1.4.1.tar.gz", hash = "sha256:03010a5c8d63bbd5b088458eb75308ef16559018140d75a3644ae5bbc3531bbf"},
{file = "openhands_agent_server-1.6.0-py3-none-any.whl", hash = "sha256:e6ae865ac3e7a96b234e10a0faad23f6210e025bbf7721cb66bc7a71d160848c"},
{file = "openhands_agent_server-1.6.0.tar.gz", hash = "sha256:44ce7694ae2d4bb0666d318ef13e6618bd4dc73022c60354839fe6130e67d02a"},
]
[package.dependencies]
@@ -5859,7 +5860,7 @@ wsproto = ">=1.2.0"
[[package]]
name = "openhands-ai"
version = "0.0.0-post.5625+0a98f165e"
version = "0.0.0-post.5687+7853b41ad"
description = "OpenHands: Code Less, Make More"
optional = false
python-versions = "^3.12,<3.14"
@@ -5901,9 +5902,9 @@ memory-profiler = "^0.61.0"
numpy = "*"
openai = "2.8.0"
openhands-aci = "0.3.2"
openhands-agent-server = "1.4.1"
openhands-sdk = "1.4.1"
openhands-tools = "1.4.1"
openhands-agent-server = "1.6.0"
openhands-sdk = "1.6.0"
openhands-tools = "1.6.0"
opentelemetry-api = "^1.33.1"
opentelemetry-exporter-otlp-proto-grpc = "^1.33.1"
pathspec = "^0.12.1"
@@ -5959,14 +5960,14 @@ url = ".."
[[package]]
name = "openhands-sdk"
version = "1.4.1"
version = "1.6.0"
description = "OpenHands SDK - Core functionality for building AI agents"
optional = false
python-versions = ">=3.12"
groups = ["main"]
files = [
{file = "openhands_sdk-1.4.1-py3-none-any.whl", hash = "sha256:70e453eab7f9ab6b705198c2615fdd844b21e14b29d78afaf62724f4a440bcdc"},
{file = "openhands_sdk-1.4.1.tar.gz", hash = "sha256:37365de25ed57cf8cc2a8003ab4d7a1fe2a40b49c8e8da84a3f1ea2b522eddf2"},
{file = "openhands_sdk-1.6.0-py3-none-any.whl", hash = "sha256:94d2f87fb35406373da6728ae2d88584137f9e9b67fa0e940444c72f2e44e7d3"},
{file = "openhands_sdk-1.6.0.tar.gz", hash = "sha256:f45742350e3874a7f5b08befc4a9d5adc7e4454f7ab5f8391c519eee3116090f"},
]
[package.dependencies]
@@ -5974,7 +5975,7 @@ deprecation = ">=2.1.0"
fastmcp = ">=2.11.3"
httpx = ">=0.27.0"
litellm = ">=1.80.7"
lmnr = ">=0.7.20"
lmnr = ">=0.7.24"
pydantic = ">=2.11.7"
python-frontmatter = ">=1.1.0"
python-json-logger = ">=3.3.0"
@@ -5986,14 +5987,14 @@ boto3 = ["boto3 (>=1.35.0)"]
[[package]]
name = "openhands-tools"
version = "1.4.1"
version = "1.6.0"
description = "OpenHands Tools - Runtime tools for AI agents"
optional = false
python-versions = ">=3.12"
groups = ["main"]
files = [
{file = "openhands_tools-1.4.1-py3-none-any.whl", hash = "sha256:8f40189a08bf80eb4a33219ee9ccc528f9c6c4f2d5c9ab807b06c3f3fe21a612"},
{file = "openhands_tools-1.4.1.tar.gz", hash = "sha256:4c0caf87f520a207d9035191c77b7b5c53eeec996350a24ffaf7f740a6566b22"},
{file = "openhands_tools-1.6.0-py3-none-any.whl", hash = "sha256:176556d44186536751b23fe052d3505492cc2afb8d52db20fb7a2cc0169cd57a"},
{file = "openhands_tools-1.6.0.tar.gz", hash = "sha256:d07ba31050fd4a7891a4c48388aa53ce9f703e17064ddbd59146d6c77e5980b3"},
]
[package.dependencies]

2
enterprise/saas_server.py
View File

@@ -34,6 +34,7 @@ from server.routes.integration.jira_dc import jira_dc_integration_router # noqa
from server.routes.integration.linear import linear_integration_router # noqa: E402
from server.routes.integration.slack import slack_router # noqa: E402
from server.routes.mcp_patch import patch_mcp_server # noqa: E402
from server.routes.oauth_device import oauth_device_router # noqa: E402
from server.routes.readiness import readiness_router # noqa: E402
from server.routes.user import saas_user_router # noqa: E402
@@ -60,6 +61,7 @@ base_app.mount('/internal/metrics', metrics_app())
base_app.include_router(readiness_router) # Add routes for readiness checks
base_app.include_router(api_router) # Add additional route for github auth
base_app.include_router(oauth_router) # Add additional route for oauth callback
base_app.include_router(oauth_device_router) # Add OAuth 2.0 Device Flow routes
base_app.include_router(saas_user_router) # Add additional route SAAS user calls
base_app.include_router(
billing_router

5
enterprise/server/auth/constants.py
View File

@@ -38,3 +38,8 @@ ROLE_CHECK_ENABLED = os.getenv('ROLE_CHECK_ENABLED', 'false').lower() in (
'y',
'on',
)
BLOCKED_EMAIL_DOMAINS = [
domain.strip().lower()
for domain in os.getenv('BLOCKED_EMAIL_DOMAINS', '').split(',')
if domain.strip()
]

56
enterprise/server/auth/domain_blocker.py Normal file
View File

@@ -0,0 +1,56 @@
from server.auth.constants import BLOCKED_EMAIL_DOMAINS
from openhands.core.logger import openhands_logger as logger
class DomainBlocker:
def __init__(self) -> None:
logger.debug('Initializing DomainBlocker')
self.blocked_domains: list[str] = BLOCKED_EMAIL_DOMAINS
if self.blocked_domains:
logger.info(
f'Successfully loaded {len(self.blocked_domains)} blocked email domains: {self.blocked_domains}'
)
def is_active(self) -> bool:
"""Check if domain blocking is enabled"""
return bool(self.blocked_domains)
def _extract_domain(self, email: str) -> str | None:
"""Extract and normalize email domain from email address"""
if not email:
return None
try:
# Extract domain part after @
if '@' not in email:
return None
domain = email.split('@')[1].strip().lower()
return domain if domain else None
except Exception:
logger.debug(f'Error extracting domain from email: {email}', exc_info=True)
return None
def is_domain_blocked(self, email: str) -> bool:
"""Check if email domain is blocked"""
if not self.is_active():
return False
if not email:
logger.debug('No email provided for domain check')
return False
domain = self._extract_domain(email)
if not domain:
logger.debug(f'Could not extract domain from email: {email}')
return False
is_blocked = domain in self.blocked_domains
if is_blocked:
logger.warning(f'Email domain {domain} is blocked for email: {email}')
else:
logger.debug(f'Email domain {domain} is not blocked')
return is_blocked
domain_blocker = DomainBlocker()

11
enterprise/server/auth/saas_user_auth.py
View File

@@ -13,6 +13,7 @@ from server.auth.auth_error import (
ExpiredError,
NoCredentialsError,
)
from server.auth.domain_blocker import domain_blocker
from server.auth.token_manager import TokenManager
from server.config import get_config
from server.logger import logger
@@ -312,6 +313,16 @@ async def saas_user_auth_from_signed_token(signed_token: str) -> SaasUserAuth:
user_id = access_token_payload['sub']
email = access_token_payload['email']
email_verified = access_token_payload['email_verified']
# Check if email domain is blocked
if email and domain_blocker.is_active() and domain_blocker.is_domain_blocked(email):
logger.warning(
f'Blocked authentication attempt for existing user with email: {email}'
)
raise AuthError(
'Access denied: Your email domain is not allowed to access this service'
)
logger.debug('saas_user_auth_from_signed_token:return')
return SaasUserAuth(

43
enterprise/server/auth/token_manager.py
View File

@@ -527,6 +527,49 @@ class TokenManager:
github_id = github_ids[0]
return github_id
async def disable_keycloak_user(
self, user_id: str, email: str | None = None
) -> None:
"""Disable a Keycloak user account.
Args:
user_id: The Keycloak user ID to disable
email: Optional email address for logging purposes
This method attempts to disable the user account but will not raise exceptions.
Errors are logged but do not prevent the operation from completing.
"""
try:
keycloak_admin = get_keycloak_admin(self.external)
# Get current user to preserve other fields
user = await keycloak_admin.a_get_user(user_id)
if user:
# Update user with enabled=False to disable the account
await keycloak_admin.a_update_user(
user_id=user_id,
payload={
'enabled': False,
'username': user.get('username', ''),
'email': user.get('email', ''),
'emailVerified': user.get('emailVerified', False),
},
)
email_str = f', email: {email}' if email else ''
logger.info(
f'Disabled Keycloak account for user_id: {user_id}{email_str}'
)
else:
logger.warning(
f'User not found in Keycloak when attempting to disable: {user_id}'
)
except Exception as e:
# Log error but don't raise - the caller should handle the blocking regardless
email_str = f', email: {email}' if email else ''
logger.error(
f'Failed to disable Keycloak account for user_id: {user_id}{email_str}: {str(e)}',
exc_info=True,
)
def store_org_token(self, installation_id: int, installation_token: str):
"""Store a GitHub App installation token.

1
enterprise/server/constants.py
View File

@@ -25,6 +25,7 @@ USER_SETTINGS_VERSION_TO_MODEL = {
2: 'claude-3-7-sonnet-20250219',
3: 'claude-sonnet-4-20250514',
4: 'claude-sonnet-4-20250514',
5: 'claude-opus-4-5-20251101',
}
LITELLM_DEFAULT_MODEL = os.getenv('LITELLM_DEFAULT_MODEL')

331
enterprise/server/legacy_conversation_manager.py
View File

@@ -1,331 +0,0 @@
from __future__ import annotations
import time
from dataclasses import dataclass, field
import socketio
from server.clustered_conversation_manager import ClusteredConversationManager
from server.saas_nested_conversation_manager import SaasNestedConversationManager
from openhands.core.config import LLMConfig, OpenHandsConfig
from openhands.events.action import MessageAction
from openhands.server.config.server_config import ServerConfig
from openhands.server.conversation_manager.conversation_manager import (
ConversationManager,
)
from openhands.server.data_models.agent_loop_info import AgentLoopInfo
from openhands.server.monitoring import MonitoringListener
from openhands.server.session.conversation import ServerConversation
from openhands.storage.data_models.settings import Settings
from openhands.storage.files import FileStore
from openhands.utils.async_utils import wait_all
_LEGACY_ENTRY_TIMEOUT_SECONDS = 3600
@dataclass
class LegacyCacheEntry:
"""Cache entry for legacy mode status."""
is_legacy: bool
timestamp: float
@dataclass
class LegacyConversationManager(ConversationManager):
"""
Conversation manager for use while migrating - since existing conversations are not nested!
Separate class from SaasNestedConversationManager so it can be easliy removed in a few weeks.
(As of 2025-07-23)
"""
sio: socketio.AsyncServer
config: OpenHandsConfig
server_config: ServerConfig
file_store: FileStore
conversation_manager: SaasNestedConversationManager
legacy_conversation_manager: ClusteredConversationManager
_legacy_cache: dict[str, LegacyCacheEntry] = field(default_factory=dict)
async def __aenter__(self):
await wait_all(
[
self.conversation_manager.__aenter__(),
self.legacy_conversation_manager.__aenter__(),
]
)
return self
async def __aexit__(self, exc_type, exc_value, traceback):
await wait_all(
[
self.conversation_manager.__aexit__(exc_type, exc_value, traceback),
self.legacy_conversation_manager.__aexit__(
exc_type, exc_value, traceback
),
]
)
async def request_llm_completion(
self,
sid: str,
service_id: str,
llm_config: LLMConfig,
messages: list[dict[str, str]],
) -> str:
session = self.get_agent_session(sid)
llm_registry = session.llm_registry
return llm_registry.request_extraneous_completion(
service_id, llm_config, messages
)
async def attach_to_conversation(
self, sid: str, user_id: str | None = None
) -> ServerConversation | None:
if await self.should_start_in_legacy_mode(sid):
return await self.legacy_conversation_manager.attach_to_conversation(
sid, user_id
)
return await self.conversation_manager.attach_to_conversation(sid, user_id)
async def detach_from_conversation(self, conversation: ServerConversation):
if await self.should_start_in_legacy_mode(conversation.sid):
return await self.legacy_conversation_manager.detach_from_conversation(
conversation
)
return await self.conversation_manager.detach_from_conversation(conversation)
async def join_conversation(
self,
sid: str,
connection_id: str,
settings: Settings,
user_id: str | None,
) -> AgentLoopInfo:
if await self.should_start_in_legacy_mode(sid):
return await self.legacy_conversation_manager.join_conversation(
sid, connection_id, settings, user_id
)
return await self.conversation_manager.join_conversation(
sid, connection_id, settings, user_id
)
def get_agent_session(self, sid: str):
session = self.legacy_conversation_manager.get_agent_session(sid)
if session is None:
session = self.conversation_manager.get_agent_session(sid)
return session
async def get_running_agent_loops(
self, user_id: str | None = None, filter_to_sids: set[str] | None = None
) -> set[str]:
if filter_to_sids and len(filter_to_sids) == 1:
sid = next(iter(filter_to_sids))
if await self.should_start_in_legacy_mode(sid):
return await self.legacy_conversation_manager.get_running_agent_loops(
user_id, filter_to_sids
)
return await self.conversation_manager.get_running_agent_loops(
user_id, filter_to_sids
)
# Get all running agent loops from both managers
agent_loops, legacy_agent_loops = await wait_all(
[
self.conversation_manager.get_running_agent_loops(
user_id, filter_to_sids
),
self.legacy_conversation_manager.get_running_agent_loops(
user_id, filter_to_sids
),
]
)
# Combine the results
result = set()
for sid in legacy_agent_loops:
if await self.should_start_in_legacy_mode(sid):
result.add(sid)
for sid in agent_loops:
if not await self.should_start_in_legacy_mode(sid):
result.add(sid)
return result
async def is_agent_loop_running(self, sid: str) -> bool:
return bool(await self.get_running_agent_loops(filter_to_sids={sid}))
async def get_connections(
self, user_id: str | None = None, filter_to_sids: set[str] | None = None
) -> dict[str, str]:
if filter_to_sids and len(filter_to_sids) == 1:
sid = next(iter(filter_to_sids))
if await self.should_start_in_legacy_mode(sid):
return await self.legacy_conversation_manager.get_connections(
user_id, filter_to_sids
)
return await self.conversation_manager.get_connections(
user_id, filter_to_sids
)
agent_loops, legacy_agent_loops = await wait_all(
[
self.conversation_manager.get_connections(user_id, filter_to_sids),
self.legacy_conversation_manager.get_connections(
user_id, filter_to_sids
),
]
)
legacy_agent_loops.update(agent_loops)
return legacy_agent_loops
async def maybe_start_agent_loop(
self,
sid: str,
settings: Settings,
user_id: str, # type: ignore[override]
initial_user_msg: MessageAction | None = None,
replay_json: str | None = None,
) -> AgentLoopInfo:
if await self.should_start_in_legacy_mode(sid):
return await self.legacy_conversation_manager.maybe_start_agent_loop(
sid, settings, user_id, initial_user_msg, replay_json
)
return await self.conversation_manager.maybe_start_agent_loop(
sid, settings, user_id, initial_user_msg, replay_json
)
async def send_to_event_stream(self, connection_id: str, data: dict):
return await self.legacy_conversation_manager.send_to_event_stream(
connection_id, data
)
async def send_event_to_conversation(self, sid: str, data: dict):
if await self.should_start_in_legacy_mode(sid):
await self.legacy_conversation_manager.send_event_to_conversation(sid, data)
await self.conversation_manager.send_event_to_conversation(sid, data)
async def disconnect_from_session(self, connection_id: str):
return await self.legacy_conversation_manager.disconnect_from_session(
connection_id
)
async def close_session(self, sid: str):
if await self.should_start_in_legacy_mode(sid):
await self.legacy_conversation_manager.close_session(sid)
await self.conversation_manager.close_session(sid)
async def get_agent_loop_info(
self, user_id: str | None = None, filter_to_sids: set[str] | None = None
) -> list[AgentLoopInfo]:
if filter_to_sids and len(filter_to_sids) == 1:
sid = next(iter(filter_to_sids))
if await self.should_start_in_legacy_mode(sid):
return await self.legacy_conversation_manager.get_agent_loop_info(
user_id, filter_to_sids
)
return await self.conversation_manager.get_agent_loop_info(
user_id, filter_to_sids
)
agent_loops, legacy_agent_loops = await wait_all(
[
self.conversation_manager.get_agent_loop_info(user_id, filter_to_sids),
self.legacy_conversation_manager.get_agent_loop_info(
user_id, filter_to_sids
),
]
)
# Combine results
result = []
legacy_sids = set()
# Add legacy agent loops
for agent_loop in legacy_agent_loops:
if await self.should_start_in_legacy_mode(agent_loop.conversation_id):
result.append(agent_loop)
legacy_sids.add(agent_loop.conversation_id)
# Add non-legacy agent loops
for agent_loop in agent_loops:
if (
agent_loop.conversation_id not in legacy_sids
and not await self.should_start_in_legacy_mode(
agent_loop.conversation_id
)
):
result.append(agent_loop)
return result
def _cleanup_expired_cache_entries(self):
"""Remove expired entries from the local cache."""
current_time = time.time()
expired_keys = [
key
for key, entry in self._legacy_cache.items()
if current_time - entry.timestamp > _LEGACY_ENTRY_TIMEOUT_SECONDS
]
for key in expired_keys:
del self._legacy_cache[key]
async def should_start_in_legacy_mode(self, conversation_id: str) -> bool:
"""
Check if a conversation should run in legacy mode by directly checking the runtime.
The /list method does not include stopped conversations even though the PVC for these
may not yet have been deleted, so we need to check /sessions/{session_id} directly.
"""
# Clean up expired entries periodically
self._cleanup_expired_cache_entries()
# First check the local cache
if conversation_id in self._legacy_cache:
cached_entry = self._legacy_cache[conversation_id]
# Check if the cached value is still valid
if time.time() - cached_entry.timestamp <= _LEGACY_ENTRY_TIMEOUT_SECONDS:
return cached_entry.is_legacy
# If not in cache or expired, check the runtime directly
runtime = await self.conversation_manager._get_runtime(conversation_id)
is_legacy = self.is_legacy_runtime(runtime)
# Cache the result with current timestamp
self._legacy_cache[conversation_id] = LegacyCacheEntry(is_legacy, time.time())
return is_legacy
def is_legacy_runtime(self, runtime: dict | None) -> bool:
"""
Determine if a runtime is a legacy runtime based on its command.
Args:
runtime: The runtime dictionary or None if not found
Returns:
bool: True if this is a legacy runtime, False otherwise
"""
if runtime is None:
return False
return 'openhands.server' not in runtime['command']
@classmethod
def get_instance(
cls,
sio: socketio.AsyncServer,
config: OpenHandsConfig,
file_store: FileStore,
server_config: ServerConfig,
monitoring_listener: MonitoringListener,
) -> ConversationManager:
return LegacyConversationManager(
sio=sio,
config=config,
server_config=server_config,
file_store=file_store,
conversation_manager=SaasNestedConversationManager.get_instance(
sio, config, file_store, server_config, monitoring_listener
),
legacy_conversation_manager=ClusteredConversationManager.get_instance(
sio, config, file_store, server_config, monitoring_listener
),
)

9
enterprise/server/middleware.py
View File

@@ -152,17 +152,22 @@ class SetAuthCookieMiddleware:
return False
path = request.url.path
is_api_that_should_attach = path.startswith('/api') and path not in (
ignore_paths = (
'/api/options/config',
'/api/keycloak/callback',
'/api/billing/success',
'/api/billing/cancel',
'/api/billing/customer-setup-success',
'/api/billing/stripe-webhook',
'/oauth/device/authorize',
'/oauth/device/token',
)
if path in ignore_paths:
return False
is_mcp = path.startswith('/mcp')
return is_api_that_should_attach or is_mcp
is_api_route = path.startswith('/api')
return is_api_route or is_mcp
async def _logout(self, request: Request):
# Log out of keycloak - this prevents issues where you did not log in with the idp you believe you used

18
enterprise/server/routes/auth.py
View File

@@ -14,6 +14,7 @@ from server.auth.constants import (
KEYCLOAK_SERVER_URL_EXT,
ROLE_CHECK_ENABLED,
)
from server.auth.domain_blocker import domain_blocker
from server.auth.gitlab_sync import schedule_gitlab_repo_sync
from server.auth.saas_user_auth import SaasUserAuth
from server.auth.token_manager import TokenManager
@@ -145,7 +146,24 @@ async def keycloak_callback(
content={'error': 'Missing user ID or username in response'},
)
# Check if email domain is blocked
email = user_info.get('email')
user_id = user_info['sub']
if email and domain_blocker.is_active() and domain_blocker.is_domain_blocked(email):
logger.warning(
f'Blocked authentication attempt for email: {email}, user_id: {user_id}'
)
# Disable the Keycloak account
await token_manager.disable_keycloak_user(user_id, email)
return JSONResponse(
status_code=status.HTTP_401_UNAUTHORIZED,
content={
'error': 'Access denied: Your email domain is not allowed to access this service'
},
)
# default to github IDP for now.
# TODO: remove default once Keycloak is updated universally with the new attribute.
idp: str = user_info.get('identity_provider', ProviderType.GITHUB.value)

324
enterprise/server/routes/oauth_device.py Normal file
View File

@@ -0,0 +1,324 @@
"""OAuth 2.0 Device Flow endpoints for CLI authentication."""
from datetime import UTC, datetime, timedelta
from typing import Optional
from fastapi import APIRouter, Depends, Form, HTTPException, Request, status
from fastapi.responses import JSONResponse
from pydantic import BaseModel
from storage.api_key_store import ApiKeyStore
from storage.database import session_maker
from storage.device_code_store import DeviceCodeStore
from openhands.core.logger import openhands_logger as logger
from openhands.server.user_auth import get_user_id
# ---------------------------------------------------------------------------
# Constants
# ---------------------------------------------------------------------------
DEVICE_CODE_EXPIRES_IN = 600 # 10 minutes
DEVICE_TOKEN_POLL_INTERVAL = 5 # seconds
API_KEY_NAME = 'Device Link Access Key'
KEY_EXPIRATION_TIME = timedelta(days=1) # Key expires in 24 hours
# ---------------------------------------------------------------------------
# Models
# ---------------------------------------------------------------------------
class DeviceAuthorizationResponse(BaseModel):
device_code: str
user_code: str
verification_uri: str
verification_uri_complete: str
expires_in: int
interval: int
class DeviceTokenResponse(BaseModel):
access_token: str # This will be the user's API key
token_type: str = 'Bearer'
expires_in: Optional[int] = None # API keys may not have expiration
class DeviceTokenErrorResponse(BaseModel):
error: str
error_description: Optional[str] = None
interval: Optional[int] = None # Required for slow_down error
# ---------------------------------------------------------------------------
# Router + stores
# ---------------------------------------------------------------------------
oauth_device_router = APIRouter(prefix='/oauth/device')
device_code_store = DeviceCodeStore(session_maker)
# ---------------------------------------------------------------------------
# Helpers
# ---------------------------------------------------------------------------
def _oauth_error(
status_code: int,
error: str,
description: str,
interval: Optional[int] = None,
) -> JSONResponse:
"""Return a JSON OAuth-style error response."""
return JSONResponse(
status_code=status_code,
content=DeviceTokenErrorResponse(
error=error,
error_description=description,
interval=interval,
).model_dump(),
)
# ---------------------------------------------------------------------------
# Endpoints
# ---------------------------------------------------------------------------
@oauth_device_router.post('/authorize', response_model=DeviceAuthorizationResponse)
async def device_authorization(
http_request: Request,
) -> DeviceAuthorizationResponse:
"""Start device flow by generating device and user codes."""
try:
device_code_entry = device_code_store.create_device_code(
expires_in=DEVICE_CODE_EXPIRES_IN,
)
base_url = str(http_request.base_url).rstrip('/')
verification_uri = f'{base_url}/oauth/device/verify'
verification_uri_complete = (
f'{verification_uri}?user_code={device_code_entry.user_code}'
)
logger.info(
'Device authorization initiated',
extra={'user_code': device_code_entry.user_code},
)
return DeviceAuthorizationResponse(
device_code=device_code_entry.device_code,
user_code=device_code_entry.user_code,
verification_uri=verification_uri,
verification_uri_complete=verification_uri_complete,
expires_in=DEVICE_CODE_EXPIRES_IN,
interval=device_code_entry.current_interval,
)
except Exception as e:
logger.exception('Error in device authorization: %s', str(e))
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail='Internal server error',
) from e
@oauth_device_router.post('/token')
async def device_token(device_code: str = Form(...)):
"""Poll for a token until the user authorizes or the code expires."""
try:
device_code_entry = device_code_store.get_by_device_code(device_code)
if not device_code_entry:
return _oauth_error(
status.HTTP_400_BAD_REQUEST,
'invalid_grant',
'Invalid device code',
)
# Check rate limiting (RFC 8628 section 3.5)
is_too_fast, current_interval = device_code_entry.check_rate_limit()
if is_too_fast:
# Update poll time and increase interval
device_code_store.update_poll_time(device_code, increase_interval=True)
logger.warning(
'Client polling too fast, returning slow_down error',
extra={
'device_code': device_code[:8] + '...', # Log partial for privacy
'new_interval': current_interval,
},
)
return _oauth_error(
status.HTTP_400_BAD_REQUEST,
'slow_down',
f'Polling too frequently. Wait at least {current_interval} seconds between requests.',
interval=current_interval,
)
# Update poll time for successful rate limit check
device_code_store.update_poll_time(device_code, increase_interval=False)
if device_code_entry.is_expired():
return _oauth_error(
status.HTTP_400_BAD_REQUEST,
'expired_token',
'Device code has expired',
)
if device_code_entry.status == 'denied':
return _oauth_error(
status.HTTP_400_BAD_REQUEST,
'access_denied',
'User denied the authorization request',
)
if device_code_entry.status == 'pending':
return _oauth_error(
status.HTTP_400_BAD_REQUEST,
'authorization_pending',
'User has not yet completed authorization',
)
if device_code_entry.status == 'authorized':
# Retrieve the specific API key for this device using the user_code
api_key_store = ApiKeyStore.get_instance()
device_key_name = f'{API_KEY_NAME} ({device_code_entry.user_code})'
device_api_key = api_key_store.retrieve_api_key_by_name(
device_code_entry.keycloak_user_id, device_key_name
)
if not device_api_key:
logger.error(
'No device API key found for authorized device',
extra={
'user_id': device_code_entry.keycloak_user_id,
'user_code': device_code_entry.user_code,
},
)
return _oauth_error(
status.HTTP_500_INTERNAL_SERVER_ERROR,
'server_error',
'API key not found',
)
# Return the API key as access_token
return DeviceTokenResponse(
access_token=device_api_key,
)
# Fallback for unexpected status values
logger.error(
'Unknown device code status',
extra={'status': device_code_entry.status},
)
return _oauth_error(
status.HTTP_500_INTERNAL_SERVER_ERROR,
'server_error',
'Unknown device code status',
)
except Exception as e:
logger.exception('Error in device token: %s', str(e))
return _oauth_error(
status.HTTP_500_INTERNAL_SERVER_ERROR,
'server_error',
'Internal server error',
)
@oauth_device_router.post('/verify-authenticated')
async def device_verification_authenticated(
user_code: str = Form(...),
user_id: str = Depends(get_user_id),
):
"""Process device verification for authenticated users (called by frontend)."""
try:
if not user_id:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail='Authentication required',
)
# Validate device code
device_code_entry = device_code_store.get_by_user_code(user_code)
if not device_code_entry:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail='The device code is invalid or has expired.',
)
if not device_code_entry.is_pending():
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail='This device code has already been processed.',
)
# First, authorize the device code
success = device_code_store.authorize_device_code(
user_code=user_code,
user_id=user_id,
)
if not success:
logger.error(
'Failed to authorize device code',
extra={'user_code': user_code, 'user_id': user_id},
)
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail='Failed to authorize the device. Please try again.',
)
# Only create API key AFTER successful authorization
api_key_store = ApiKeyStore.get_instance()
try:
# Create a unique API key for this device using user_code in the name
device_key_name = f'{API_KEY_NAME} ({user_code})'
api_key_store.create_api_key(
user_id,
name=device_key_name,
expires_at=datetime.now(UTC) + KEY_EXPIRATION_TIME,
)
logger.info(
'Created new device API key for user after successful authorization',
extra={'user_id': user_id, 'user_code': user_code},
)
except Exception as e:
logger.exception(
'Failed to create device API key after authorization: %s', str(e)
)
# Clean up: revert the device authorization since API key creation failed
# This prevents the device from being in an authorized state without an API key
try:
device_code_store.deny_device_code(user_code)
logger.info(
'Reverted device authorization due to API key creation failure',
extra={'user_code': user_code, 'user_id': user_id},
)
except Exception as cleanup_error:
logger.exception(
'Failed to revert device authorization during cleanup: %s',
str(cleanup_error),
)
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail='Failed to create API key for device access.',
)
logger.info(
'Device code authorized with API key successfully',
extra={'user_code': user_code, 'user_id': user_id},
)
return JSONResponse(
status_code=status.HTTP_200_OK,
content={'message': 'Device authorized successfully!'},
)
except HTTPException:
raise
except Exception as e:
logger.exception('Error in device verification: %s', str(e))
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail='An unexpected error occurred. Please try again.',
)

16
enterprise/server/saas_nested_conversation_manager.py
View File

@@ -31,6 +31,7 @@ from openhands.events.event_store import EventStore
from openhands.events.serialization.event import event_to_dict
from openhands.integrations.provider import PROVIDER_TOKEN_TYPE, ProviderHandler
from openhands.runtime.impl.remote.remote_runtime import RemoteRuntime
from openhands.runtime.plugins.vscode import VSCodeRequirement
from openhands.runtime.runtime_status import RuntimeStatus
from openhands.server.config.server_config import ServerConfig
from openhands.server.constants import ROOM_KEY
@@ -71,10 +72,13 @@ RUNTIME_CONVERSATION_URL = RUNTIME_URL_PATTERN + (
)
RUNTIME_USERNAME = os.getenv('RUNTIME_USERNAME')
SU_TO_USER = os.getenv('SU_TO_USER', 'false')
truthy = {'1', 'true', 't', 'yes', 'y', 'on'}
SU_TO_USER = str(SU_TO_USER.lower() in truthy).lower()
DISABLE_VSCODE_PLUGIN = os.getenv('DISABLE_VSCODE_PLUGIN', 'false').lower() == 'true'
# Time in seconds before a Redis entry is considered expired if not refreshed
_REDIS_ENTRY_TIMEOUT_SECONDS = 300
@@ -799,6 +803,9 @@ class SaasNestedConversationManager(ConversationManager):
env_vars['INIT_GIT_IN_EMPTY_WORKSPACE'] = '1'
env_vars['ENABLE_V1'] = '0'
env_vars['SU_TO_USER'] = SU_TO_USER
env_vars['DISABLE_VSCODE_PLUGIN'] = str(DISABLE_VSCODE_PLUGIN).lower()
env_vars['BROWSERGYM_DOWNLOAD_DIR'] = '/workspace/.downloads/'
env_vars['PLAYWRIGHT_BROWSERS_PATH'] = '/opt/playwright-browsers'
# We need this for LLM traces tracking to identify the source of the LLM calls
env_vars['WEB_HOST'] = WEB_HOST
@@ -814,11 +821,18 @@ class SaasNestedConversationManager(ConversationManager):
if self._runtime_container_image:
config.sandbox.runtime_container_image = self._runtime_container_image
plugins = [
plugin
for plugin in agent.sandbox_plugins
if not (DISABLE_VSCODE_PLUGIN and isinstance(plugin, VSCodeRequirement))
]
logger.info(f'Loaded plugins for runtime {sid}: {plugins}')
runtime = RemoteRuntime(
config=config,
event_stream=None, # type: ignore[arg-type]
sid=sid,
plugins=agent.sandbox_plugins,
plugins=plugins,
# env_vars=env_vars,
# status_callback: Callable[..., None] | None = None,
attach_to_existing=False,

46
enterprise/storage/api_key_store.py
View File

@@ -17,10 +17,13 @@ from openhands.core.logger import openhands_logger as logger
class ApiKeyStore:
session_maker: sessionmaker
API_KEY_PREFIX = 'sk-oh-'
def generate_api_key(self, length: int = 32) -> str:
"""Generate a random API key."""
"""Generate a random API key with the sk-oh- prefix."""
alphabet = string.ascii_letters + string.digits
return ''.join(secrets.choice(alphabet) for _ in range(length))
random_part = ''.join(secrets.choice(alphabet) for _ in range(length))
return f'{self.API_KEY_PREFIX}{random_part}'
def create_api_key(
self, user_id: str, name: str | None = None, expires_at: datetime | None = None
@@ -57,9 +60,15 @@ class ApiKeyStore:
return None
# Check if the key has expired
if key_record.expires_at and key_record.expires_at < now:
logger.info(f'API key has expired: {key_record.id}')
return None
if key_record.expires_at:
# Handle timezone-naive datetime from database by assuming it's UTC
expires_at = key_record.expires_at
if expires_at.tzinfo is None:
expires_at = expires_at.replace(tzinfo=UTC)
if expires_at < now:
logger.info(f'API key has expired: {key_record.id}')
return None
# Update last_used_at timestamp
session.execute(
@@ -125,6 +134,33 @@ class ApiKeyStore:
return None
def retrieve_api_key_by_name(self, user_id: str, name: str) -> str | None:
"""Retrieve an API key by name for a specific user."""
with self.session_maker() as session:
key_record = (
session.query(ApiKey)
.filter(ApiKey.user_id == user_id, ApiKey.name == name)
.first()
)
return key_record.key if key_record else None
def delete_api_key_by_name(self, user_id: str, name: str) -> bool:
"""Delete an API key by name for a specific user."""
with self.session_maker() as session:
key_record = (
session.query(ApiKey)
.filter(ApiKey.user_id == user_id, ApiKey.name == name)
.first()
)
if not key_record:
return False
session.delete(key_record)
session.commit()
return True
@classmethod
def get_instance(cls) -> ApiKeyStore:
"""Get an instance of the ApiKeyStore."""

109
enterprise/storage/device_code.py Normal file
View File

@@ -0,0 +1,109 @@
"""Device code storage model for OAuth 2.0 Device Flow."""
from datetime import datetime, timezone
from enum import Enum
from sqlalchemy import Column, DateTime, Integer, String
from storage.base import Base
class DeviceCodeStatus(Enum):
"""Status of a device code authorization request."""
PENDING = 'pending'
AUTHORIZED = 'authorized'
EXPIRED = 'expired'
DENIED = 'denied'
class DeviceCode(Base):
"""Device code for OAuth 2.0 Device Flow.
This stores the device codes issued during the device authorization flow,
along with their status and associated user information once authorized.
"""
__tablename__ = 'device_codes'
id = Column(Integer, primary_key=True, autoincrement=True)
device_code = Column(String(128), unique=True, nullable=False, index=True)
user_code = Column(String(16), unique=True, nullable=False, index=True)
status = Column(String(32), nullable=False, default=DeviceCodeStatus.PENDING.value)
# Keycloak user ID who authorized the device (set during verification)
keycloak_user_id = Column(String(255), nullable=True)
# Timestamps
expires_at = Column(DateTime(timezone=True), nullable=False)
authorized_at = Column(DateTime(timezone=True), nullable=True)
# Rate limiting fields for RFC 8628 section 3.5 compliance
last_poll_time = Column(DateTime(timezone=True), nullable=True)
current_interval = Column(Integer, nullable=False, default=5)
def __repr__(self) -> str:
return f"<DeviceCode(user_code='{self.user_code}', status='{self.status}')>"
def is_expired(self) -> bool:
"""Check if the device code has expired."""
now = datetime.now(timezone.utc)
return now > self.expires_at
def is_pending(self) -> bool:
"""Check if the device code is still pending authorization."""
return self.status == DeviceCodeStatus.PENDING.value and not self.is_expired()
def is_authorized(self) -> bool:
"""Check if the device code has been authorized."""
return self.status == DeviceCodeStatus.AUTHORIZED.value
def authorize(self, user_id: str) -> None:
"""Mark the device code as authorized."""
self.status = DeviceCodeStatus.AUTHORIZED.value
self.keycloak_user_id = user_id # Set the Keycloak user ID during authorization
self.authorized_at = datetime.now(timezone.utc)
def deny(self) -> None:
"""Mark the device code as denied."""
self.status = DeviceCodeStatus.DENIED.value
def expire(self) -> None:
"""Mark the device code as expired."""
self.status = DeviceCodeStatus.EXPIRED.value
def check_rate_limit(self) -> tuple[bool, int]:
"""Check if the client is polling too fast.
Returns:
tuple: (is_too_fast, current_interval)
- is_too_fast: True if client should receive slow_down error
- current_interval: Current polling interval to use
"""
now = datetime.now(timezone.utc)
# If this is the first poll, allow it
if self.last_poll_time is None:
return False, self.current_interval
# Calculate time since last poll
time_since_last_poll = (now - self.last_poll_time).total_seconds()
# Check if polling too fast
if time_since_last_poll < self.current_interval:
# Increase interval for slow_down (RFC 8628 section 3.5)
new_interval = min(self.current_interval + 5, 60) # Cap at 60 seconds
return True, new_interval
return False, self.current_interval
def update_poll_time(self, increase_interval: bool = False) -> None:
"""Update the last poll time and optionally increase the interval.
Args:
increase_interval: If True, increase the current interval for slow_down
"""
self.last_poll_time = datetime.now(timezone.utc)
if increase_interval:
# Increase interval by 5 seconds, cap at 60 seconds (RFC 8628)
self.current_interval = min(self.current_interval + 5, 60)

167
enterprise/storage/device_code_store.py Normal file
View File

@@ -0,0 +1,167 @@
"""Device code store for OAuth 2.0 Device Flow."""
import secrets
import string
from datetime import datetime, timedelta, timezone
from sqlalchemy.exc import IntegrityError
from storage.device_code import DeviceCode
class DeviceCodeStore:
"""Store for managing OAuth 2.0 device codes."""
def __init__(self, session_maker):
self.session_maker = session_maker
def generate_user_code(self) -> str:
"""Generate a human-readable user code (8 characters, uppercase letters and digits)."""
# Use a mix of uppercase letters and digits, avoiding confusing characters
alphabet = 'ABCDEFGHJKLMNPQRSTUVWXYZ23456789' # No I, O, 0, 1
return ''.join(secrets.choice(alphabet) for _ in range(8))
def generate_device_code(self) -> str:
"""Generate a secure device code (128 characters)."""
alphabet = string.ascii_letters + string.digits
return ''.join(secrets.choice(alphabet) for _ in range(128))
def create_device_code(
self,
expires_in: int = 600, # 10 minutes default
max_attempts: int = 10,
) -> DeviceCode:
"""Create a new device code entry.
Uses database constraints to ensure uniqueness, avoiding TOCTOU race conditions.
Retries on constraint violations until unique codes are generated.
Args:
expires_in: Expiration time in seconds
max_attempts: Maximum number of attempts to generate unique codes
Returns:
The created DeviceCode instance
Raises:
RuntimeError: If unable to generate unique codes after max_attempts
"""
for attempt in range(max_attempts):
user_code = self.generate_user_code()
device_code = self.generate_device_code()
expires_at = datetime.now(timezone.utc) + timedelta(seconds=expires_in)
device_code_entry = DeviceCode(
device_code=device_code,
user_code=user_code,
keycloak_user_id=None, # Will be set during authorization
expires_at=expires_at,
)
try:
with self.session_maker() as session:
session.add(device_code_entry)
session.commit()
session.refresh(device_code_entry)
session.expunge(device_code_entry) # Detach from session cleanly
return device_code_entry
except IntegrityError:
# Constraint violation - codes already exist, retry with new codes
continue
raise RuntimeError(
f'Failed to generate unique device codes after {max_attempts} attempts'
)
def get_by_device_code(self, device_code: str) -> DeviceCode | None:
"""Get device code entry by device code."""
with self.session_maker() as session:
result = (
session.query(DeviceCode).filter_by(device_code=device_code).first()
)
if result:
session.expunge(result) # Detach from session cleanly
return result
def get_by_user_code(self, user_code: str) -> DeviceCode | None:
"""Get device code entry by user code."""
with self.session_maker() as session:
result = session.query(DeviceCode).filter_by(user_code=user_code).first()
if result:
session.expunge(result) # Detach from session cleanly
return result
def authorize_device_code(self, user_code: str, user_id: str) -> bool:
"""Authorize a device code.
Args:
user_code: The user code to authorize
user_id: The user ID from Keycloak
Returns:
True if authorization was successful, False otherwise
"""
with self.session_maker() as session:
device_code_entry = (
session.query(DeviceCode).filter_by(user_code=user_code).first()
)
if not device_code_entry:
return False
if not device_code_entry.is_pending():
return False
device_code_entry.authorize(user_id)
session.commit()
return True
def deny_device_code(self, user_code: str) -> bool:
"""Deny a device code authorization.
Args:
user_code: The user code to deny
Returns:
True if denial was successful, False otherwise
"""
with self.session_maker() as session:
device_code_entry = (
session.query(DeviceCode).filter_by(user_code=user_code).first()
)
if not device_code_entry:
return False
if not device_code_entry.is_pending():
return False
device_code_entry.deny()
session.commit()
return True
def update_poll_time(
self, device_code: str, increase_interval: bool = False
) -> bool:
"""Update the poll time for a device code and optionally increase interval.
Args:
device_code: The device code to update
increase_interval: If True, increase the polling interval for slow_down
Returns:
True if update was successful, False otherwise
"""
with self.session_maker() as session:
device_code_entry = (
session.query(DeviceCode).filter_by(device_code=device_code).first()
)
if not device_code_entry:
return False
device_code_entry.update_poll_time(increase_interval)
session.commit()
return True

1
enterprise/storage/saas_settings_store.py
View File

@@ -94,6 +94,7 @@ class SaasSettingsStore(SettingsStore):
}
self._decrypt_kwargs(kwargs)
settings = Settings(**kwargs)
return settings
async def store(self, item: Settings):

1
enterprise/tests/unit/conftest.py
View File

@@ -12,6 +12,7 @@ from storage.base import Base
# Anything not loaded here may not have a table created for it.
from storage.billing_session import BillingSession
from storage.conversation_work import ConversationWork
from storage.device_code import DeviceCode # noqa: F401
from storage.feedback import Feedback
from storage.github_app_installation import GithubAppInstallation
from storage.maintenance_task import MaintenanceTask, MaintenanceTaskStatus

2
enterprise/tests/unit/integrations/test_resolver_context.py
View File

@@ -15,7 +15,7 @@ from enterprise.integrations.resolver_context import ResolverUserContext
from openhands.integrations.provider import CustomSecret
# Import the SDK types we need for testing
from openhands.sdk.conversation.secret_source import SecretSource, StaticSecret
from openhands.sdk.secret import SecretSource, StaticSecret
from openhands.storage.data_models.secrets import Secrets

610
enterprise/tests/unit/server/routes/test_oauth_device.py Normal file
View File

@@ -0,0 +1,610 @@
"""Unit tests for OAuth2 Device Flow endpoints."""
from datetime import UTC, datetime, timedelta
from unittest.mock import MagicMock, patch
import pytest
from fastapi import HTTPException, Request
from fastapi.responses import JSONResponse
from server.routes.oauth_device import (
device_authorization,
device_token,
device_verification_authenticated,
)
from storage.device_code import DeviceCode
@pytest.fixture
def mock_device_code_store():
"""Mock device code store."""
return MagicMock()
@pytest.fixture
def mock_api_key_store():
"""Mock API key store."""
return MagicMock()
@pytest.fixture
def mock_token_manager():
"""Mock token manager."""
return MagicMock()
@pytest.fixture
def mock_request():
"""Mock FastAPI request."""
request = MagicMock(spec=Request)
request.base_url = 'https://test.example.com/'
return request
class TestDeviceAuthorization:
"""Test device authorization endpoint."""
@patch('server.routes.oauth_device.device_code_store')
async def test_device_authorization_success(self, mock_store, mock_request):
"""Test successful device authorization."""
mock_device = DeviceCode(
device_code='test-device-code-123',
user_code='ABC12345',
expires_at=datetime.now(UTC) + timedelta(minutes=10),
current_interval=5, # Default interval
)
mock_store.create_device_code.return_value = mock_device
result = await device_authorization(mock_request)
assert result.device_code == 'test-device-code-123'
assert result.user_code == 'ABC12345'
assert result.expires_in == 600
assert result.interval == 5 # Should match device's current_interval
assert 'verify' in result.verification_uri
assert 'ABC12345' in result.verification_uri_complete
@patch('server.routes.oauth_device.device_code_store')
async def test_device_authorization_with_increased_interval(
self, mock_store, mock_request
):
"""Test device authorization returns increased interval from rate limiting."""
mock_device = DeviceCode(
device_code='test-device-code-456',
user_code='XYZ98765',
expires_at=datetime.now(UTC) + timedelta(minutes=10),
current_interval=15, # Increased interval from previous rate limiting
)
mock_store.create_device_code.return_value = mock_device
result = await device_authorization(mock_request)
assert result.device_code == 'test-device-code-456'
assert result.user_code == 'XYZ98765'
assert result.expires_in == 600
assert result.interval == 15 # Should match device's increased current_interval
assert 'verify' in result.verification_uri
assert 'XYZ98765' in result.verification_uri_complete
class TestDeviceToken:
"""Test device token endpoint."""
@pytest.mark.parametrize(
'device_exists,status,expected_error',
[
(False, None, 'invalid_grant'),
(True, 'expired', 'expired_token'),
(True, 'denied', 'access_denied'),
(True, 'pending', 'authorization_pending'),
],
)
@patch('server.routes.oauth_device.device_code_store')
async def test_device_token_error_cases(
self, mock_store, device_exists, status, expected_error
):
"""Test various error cases for device token endpoint."""
device_code = 'test-device-code'
if device_exists:
mock_device = MagicMock()
mock_device.is_expired.return_value = status == 'expired'
mock_device.status = status
# Mock rate limiting - return False (not too fast) and default interval
mock_device.check_rate_limit.return_value = (False, 5)
mock_store.get_by_device_code.return_value = mock_device
mock_store.update_poll_time.return_value = True
else:
mock_store.get_by_device_code.return_value = None
result = await device_token(device_code=device_code)
assert isinstance(result, JSONResponse)
assert result.status_code == 400
# Check error in response content
content = result.body.decode()
assert expected_error in content
@patch('server.routes.oauth_device.ApiKeyStore')
@patch('server.routes.oauth_device.device_code_store')
async def test_device_token_success(self, mock_store, mock_api_key_class):
"""Test successful device token retrieval."""
device_code = 'test-device-code'
# Mock authorized device
mock_device = MagicMock()
mock_device.is_expired.return_value = False
mock_device.status = 'authorized'
mock_device.keycloak_user_id = 'user-123'
mock_device.user_code = (
'ABC12345' # Add user_code for device-specific API key lookup
)
# Mock rate limiting - return False (not too fast) and default interval
mock_device.check_rate_limit.return_value = (False, 5)
mock_store.get_by_device_code.return_value = mock_device
mock_store.update_poll_time.return_value = True
# Mock API key retrieval
mock_api_key_store = MagicMock()
mock_api_key_store.retrieve_api_key_by_name.return_value = 'test-api-key'
mock_api_key_class.get_instance.return_value = mock_api_key_store
result = await device_token(device_code=device_code)
# Check that result is a DeviceTokenResponse
assert result.access_token == 'test-api-key'
assert result.token_type == 'Bearer'
# Verify that the correct device-specific API key name was used
mock_api_key_store.retrieve_api_key_by_name.assert_called_once_with(
'user-123', 'Device Link Access Key (ABC12345)'
)
class TestDeviceVerificationAuthenticated:
"""Test device verification authenticated endpoint."""
async def test_verification_unauthenticated_user(self):
"""Test verification with unauthenticated user."""
with pytest.raises(HTTPException):
await device_verification_authenticated(user_code='ABC12345', user_id=None)
@patch('server.routes.oauth_device.ApiKeyStore')
@patch('server.routes.oauth_device.device_code_store')
async def test_verification_invalid_device_code(
self, mock_store, mock_api_key_class
):
"""Test verification with invalid device code."""
mock_store.get_by_user_code.return_value = None
with pytest.raises(HTTPException):
await device_verification_authenticated(
user_code='INVALID', user_id='user-123'
)
@patch('server.routes.oauth_device.ApiKeyStore')
@patch('server.routes.oauth_device.device_code_store')
async def test_verification_already_processed(self, mock_store, mock_api_key_class):
"""Test verification with already processed device code."""
mock_device = MagicMock()
mock_device.is_pending.return_value = False
mock_store.get_by_user_code.return_value = mock_device
with pytest.raises(HTTPException):
await device_verification_authenticated(
user_code='ABC12345', user_id='user-123'
)
@patch('server.routes.oauth_device.ApiKeyStore')
@patch('server.routes.oauth_device.device_code_store')
async def test_verification_success(self, mock_store, mock_api_key_class):
"""Test successful device verification."""
# Mock device code
mock_device = MagicMock()
mock_device.is_pending.return_value = True
mock_store.get_by_user_code.return_value = mock_device
mock_store.authorize_device_code.return_value = True
# Mock API key store
mock_api_key_store = MagicMock()
mock_api_key_class.get_instance.return_value = mock_api_key_store
result = await device_verification_authenticated(
user_code='ABC12345', user_id='user-123'
)
assert isinstance(result, JSONResponse)
assert result.status_code == 200
# Should NOT delete existing API keys (multiple devices allowed)
mock_api_key_store.delete_api_key_by_name.assert_not_called()
# Should create a new API key with device-specific name
mock_api_key_store.create_api_key.assert_called_once()
call_args = mock_api_key_store.create_api_key.call_args
assert call_args[1]['name'] == 'Device Link Access Key (ABC12345)'
mock_store.authorize_device_code.assert_called_once_with(
user_code='ABC12345', user_id='user-123'
)
@patch('server.routes.oauth_device.ApiKeyStore')
@patch('server.routes.oauth_device.device_code_store')
async def test_multiple_device_authentication(self, mock_store, mock_api_key_class):
"""Test that multiple devices can authenticate simultaneously."""
# Mock API key store
mock_api_key_store = MagicMock()
mock_api_key_class.get_instance.return_value = mock_api_key_store
# Simulate two different devices
device1_code = 'ABC12345'
device2_code = 'XYZ67890'
user_id = 'user-123'
# Mock device codes
mock_device1 = MagicMock()
mock_device1.is_pending.return_value = True
mock_device2 = MagicMock()
mock_device2.is_pending.return_value = True
# Configure mock store to return appropriate device for each user_code
def get_by_user_code_side_effect(user_code):
if user_code == device1_code:
return mock_device1
elif user_code == device2_code:
return mock_device2
return None
mock_store.get_by_user_code.side_effect = get_by_user_code_side_effect
mock_store.authorize_device_code.return_value = True
# Authenticate first device
result1 = await device_verification_authenticated(
user_code=device1_code, user_id=user_id
)
# Authenticate second device
result2 = await device_verification_authenticated(
user_code=device2_code, user_id=user_id
)
# Both should succeed
assert isinstance(result1, JSONResponse)
assert result1.status_code == 200
assert isinstance(result2, JSONResponse)
assert result2.status_code == 200
# Should create two separate API keys with different names
assert mock_api_key_store.create_api_key.call_count == 2
# Check that each device got a unique API key name
call_args_list = mock_api_key_store.create_api_key.call_args_list
device1_name = call_args_list[0][1]['name']
device2_name = call_args_list[1][1]['name']
assert device1_name == f'Device Link Access Key ({device1_code})'
assert device2_name == f'Device Link Access Key ({device2_code})'
assert device1_name != device2_name # Ensure they're different
# Should NOT delete any existing API keys
mock_api_key_store.delete_api_key_by_name.assert_not_called()
class TestDeviceTokenRateLimiting:
"""Test rate limiting for device token polling (RFC 8628 section 3.5)."""
@patch('server.routes.oauth_device.device_code_store')
async def test_first_poll_allowed(self, mock_store):
"""Test that the first poll is always allowed."""
# Create a device code with no previous poll time
mock_device = DeviceCode(
device_code='test_device_code',
user_code='ABC123',
status='pending',
expires_at=datetime.now(UTC) + timedelta(minutes=10),
last_poll_time=None, # First poll
current_interval=5,
)
mock_store.get_by_device_code.return_value = mock_device
mock_store.update_poll_time.return_value = True
device_code = 'test_device_code'
result = await device_token(device_code=device_code)
# Should return authorization_pending, not slow_down
assert isinstance(result, JSONResponse)
assert result.status_code == 400
content = result.body.decode()
assert 'authorization_pending' in content
assert 'slow_down' not in content
# Should update poll time without increasing interval
mock_store.update_poll_time.assert_called_with(
'test_device_code', increase_interval=False
)
@patch('server.routes.oauth_device.device_code_store')
async def test_normal_polling_allowed(self, mock_store):
"""Test that normal polling (respecting interval) is allowed."""
# Create a device code with last poll time 6 seconds ago (interval is 5)
last_poll = datetime.now(UTC) - timedelta(seconds=6)
mock_device = DeviceCode(
device_code='test_device_code',
user_code='ABC123',
status='pending',
expires_at=datetime.now(UTC) + timedelta(minutes=10),
last_poll_time=last_poll,
current_interval=5,
)
mock_store.get_by_device_code.return_value = mock_device
mock_store.update_poll_time.return_value = True
device_code = 'test_device_code'
result = await device_token(device_code=device_code)
# Should return authorization_pending, not slow_down
assert isinstance(result, JSONResponse)
assert result.status_code == 400
content = result.body.decode()
assert 'authorization_pending' in content
assert 'slow_down' not in content
# Should update poll time without increasing interval
mock_store.update_poll_time.assert_called_with(
'test_device_code', increase_interval=False
)
@patch('server.routes.oauth_device.device_code_store')
async def test_fast_polling_returns_slow_down(self, mock_store):
"""Test that polling too fast returns slow_down error."""
# Create a device code with last poll time 2 seconds ago (interval is 5)
last_poll = datetime.now(UTC) - timedelta(seconds=2)
mock_device = DeviceCode(
device_code='test_device_code',
user_code='ABC123',
status='pending',
expires_at=datetime.now(UTC) + timedelta(minutes=10),
last_poll_time=last_poll,
current_interval=5,
)
mock_store.get_by_device_code.return_value = mock_device
mock_store.update_poll_time.return_value = True
device_code = 'test_device_code'
result = await device_token(device_code=device_code)
# Should return slow_down error
assert isinstance(result, JSONResponse)
assert result.status_code == 400
content = result.body.decode()
assert 'slow_down' in content
assert 'interval' in content
assert '10' in content # New interval should be 5 + 5 = 10
# Should update poll time and increase interval
mock_store.update_poll_time.assert_called_with(
'test_device_code', increase_interval=True
)
@patch('server.routes.oauth_device.device_code_store')
async def test_interval_increases_with_repeated_fast_polling(self, mock_store):
"""Test that interval increases with repeated fast polling."""
# Create a device code with higher current interval from previous slow_down
last_poll = datetime.now(UTC) - timedelta(seconds=5) # 5 seconds ago
mock_device = DeviceCode(
device_code='test_device_code',
user_code='ABC123',
status='pending',
expires_at=datetime.now(UTC) + timedelta(minutes=10),
last_poll_time=last_poll,
current_interval=15, # Already increased from previous slow_down
)
mock_store.get_by_device_code.return_value = mock_device
mock_store.update_poll_time.return_value = True
device_code = 'test_device_code'
result = await device_token(device_code=device_code)
# Should return slow_down error with increased interval
assert isinstance(result, JSONResponse)
assert result.status_code == 400
content = result.body.decode()
assert 'slow_down' in content
assert '20' in content # New interval should be 15 + 5 = 20
# Should update poll time and increase interval
mock_store.update_poll_time.assert_called_with(
'test_device_code', increase_interval=True
)
@patch('server.routes.oauth_device.device_code_store')
async def test_interval_caps_at_maximum(self, mock_store):
"""Test that interval is capped at maximum value."""
# Create a device code with interval near maximum
last_poll = datetime.now(UTC) - timedelta(seconds=30)
mock_device = DeviceCode(
device_code='test_device_code',
user_code='ABC123',
status='pending',
expires_at=datetime.now(UTC) + timedelta(minutes=10),
last_poll_time=last_poll,
current_interval=58, # Near maximum of 60
)
mock_store.get_by_device_code.return_value = mock_device
mock_store.update_poll_time.return_value = True
device_code = 'test_device_code'
result = await device_token(device_code=device_code)
# Should return slow_down error with capped interval
assert isinstance(result, JSONResponse)
assert result.status_code == 400
content = result.body.decode()
assert 'slow_down' in content
assert '60' in content # Should be capped at 60, not 63
@patch('server.routes.oauth_device.device_code_store')
async def test_rate_limiting_with_authorized_device(self, mock_store):
"""Test that rate limiting still applies to authorized devices."""
# Create an authorized device code with recent poll
last_poll = datetime.now(UTC) - timedelta(seconds=2)
mock_device = DeviceCode(
device_code='test_device_code',
user_code='ABC123',
status='authorized', # Device is authorized
keycloak_user_id='user123',
expires_at=datetime.now(UTC) + timedelta(minutes=10),
last_poll_time=last_poll,
current_interval=5,
)
mock_store.get_by_device_code.return_value = mock_device
mock_store.update_poll_time.return_value = True
device_code = 'test_device_code'
result = await device_token(device_code=device_code)
# Should still return slow_down error even for authorized device
assert isinstance(result, JSONResponse)
assert result.status_code == 400
content = result.body.decode()
assert 'slow_down' in content
# Should update poll time and increase interval
mock_store.update_poll_time.assert_called_with(
'test_device_code', increase_interval=True
)
class TestDeviceVerificationTransactionIntegrity:
"""Test transaction integrity for device verification to prevent orphaned API keys."""
@patch('server.routes.oauth_device.ApiKeyStore')
@patch('server.routes.oauth_device.device_code_store')
async def test_authorization_failure_prevents_api_key_creation(
self, mock_store, mock_api_key_class
):
"""Test that if device authorization fails, no API key is created."""
# Mock device code
mock_device = MagicMock()
mock_device.is_pending.return_value = True
mock_store.get_by_user_code.return_value = mock_device
mock_store.authorize_device_code.return_value = False # Authorization fails
# Mock API key store
mock_api_key_store = MagicMock()
mock_api_key_class.get_instance.return_value = mock_api_key_store
# Should raise HTTPException due to authorization failure
with pytest.raises(HTTPException) as exc_info:
await device_verification_authenticated(
user_code='ABC12345', user_id='user-123'
)
assert exc_info.value.status_code == 500
assert 'Failed to authorize the device' in exc_info.value.detail
# API key should NOT be created since authorization failed
mock_api_key_store.create_api_key.assert_not_called()
mock_store.authorize_device_code.assert_called_once_with(
user_code='ABC12345', user_id='user-123'
)
@patch('server.routes.oauth_device.ApiKeyStore')
@patch('server.routes.oauth_device.device_code_store')
async def test_api_key_creation_failure_reverts_authorization(
self, mock_store, mock_api_key_class
):
"""Test that if API key creation fails after authorization, the authorization is reverted."""
# Mock device code
mock_device = MagicMock()
mock_device.is_pending.return_value = True
mock_store.get_by_user_code.return_value = mock_device
mock_store.authorize_device_code.return_value = True # Authorization succeeds
mock_store.deny_device_code.return_value = True # Cleanup succeeds
# Mock API key store to fail on creation
mock_api_key_store = MagicMock()
mock_api_key_store.create_api_key.side_effect = Exception('Database error')
mock_api_key_class.get_instance.return_value = mock_api_key_store
# Should raise HTTPException due to API key creation failure
with pytest.raises(HTTPException) as exc_info:
await device_verification_authenticated(
user_code='ABC12345', user_id='user-123'
)
assert exc_info.value.status_code == 500
assert 'Failed to create API key for device access' in exc_info.value.detail
# Authorization should have been attempted first
mock_store.authorize_device_code.assert_called_once_with(
user_code='ABC12345', user_id='user-123'
)
# API key creation should have been attempted after authorization
mock_api_key_store.create_api_key.assert_called_once()
# Authorization should be reverted due to API key creation failure
mock_store.deny_device_code.assert_called_once_with('ABC12345')
@patch('server.routes.oauth_device.ApiKeyStore')
@patch('server.routes.oauth_device.device_code_store')
async def test_api_key_creation_failure_cleanup_failure_logged(
self, mock_store, mock_api_key_class
):
"""Test that cleanup failure is logged but doesn't prevent the main error from being raised."""
# Mock device code
mock_device = MagicMock()
mock_device.is_pending.return_value = True
mock_store.get_by_user_code.return_value = mock_device
mock_store.authorize_device_code.return_value = True # Authorization succeeds
mock_store.deny_device_code.side_effect = Exception(
'Cleanup failed'
) # Cleanup fails
# Mock API key store to fail on creation
mock_api_key_store = MagicMock()
mock_api_key_store.create_api_key.side_effect = Exception('Database error')
mock_api_key_class.get_instance.return_value = mock_api_key_store
# Should still raise HTTPException for the original API key creation failure
with pytest.raises(HTTPException) as exc_info:
await device_verification_authenticated(
user_code='ABC12345', user_id='user-123'
)
assert exc_info.value.status_code == 500
assert 'Failed to create API key for device access' in exc_info.value.detail
# Both operations should have been attempted
mock_store.authorize_device_code.assert_called_once()
mock_api_key_store.create_api_key.assert_called_once()
mock_store.deny_device_code.assert_called_once_with('ABC12345')
@patch('server.routes.oauth_device.ApiKeyStore')
@patch('server.routes.oauth_device.device_code_store')
async def test_successful_flow_creates_api_key_after_authorization(
self, mock_store, mock_api_key_class
):
"""Test that in the successful flow, API key is created only after authorization."""
# Mock device code
mock_device = MagicMock()
mock_device.is_pending.return_value = True
mock_store.get_by_user_code.return_value = mock_device
mock_store.authorize_device_code.return_value = True # Authorization succeeds
# Mock API key store
mock_api_key_store = MagicMock()
mock_api_key_class.get_instance.return_value = mock_api_key_store
result = await device_verification_authenticated(
user_code='ABC12345', user_id='user-123'
)
assert isinstance(result, JSONResponse)
assert result.status_code == 200
# Verify the order: authorization first, then API key creation
mock_store.authorize_device_code.assert_called_once_with(
user_code='ABC12345', user_id='user-123'
)
mock_api_key_store.create_api_key.assert_called_once()
# No cleanup should be needed in successful case
mock_store.deny_device_code.assert_not_called()

83
enterprise/tests/unit/storage/test_device_code.py Normal file
View File

@@ -0,0 +1,83 @@
"""Unit tests for DeviceCode model."""
from datetime import datetime, timedelta, timezone
import pytest
from storage.device_code import DeviceCode, DeviceCodeStatus
class TestDeviceCode:
"""Test cases for DeviceCode model."""
@pytest.fixture
def device_code(self):
"""Create a test device code."""
return DeviceCode(
device_code='test-device-code-123',
user_code='ABC12345',
expires_at=datetime.now(timezone.utc) + timedelta(minutes=10),
)
@pytest.mark.parametrize(
'expires_delta,expected',
[
(timedelta(minutes=5), False), # Future expiry
(timedelta(minutes=-5), True), # Past expiry
(timedelta(seconds=1), False), # Just future (not expired)
],
)
def test_is_expired(self, expires_delta, expected):
"""Test expiration check with various time deltas."""
device_code = DeviceCode(
device_code='test-device-code',
user_code='ABC12345',
expires_at=datetime.now(timezone.utc) + expires_delta,
)
assert device_code.is_expired() == expected
@pytest.mark.parametrize(
'status,expired,expected',
[
(DeviceCodeStatus.PENDING.value, False, True),
(DeviceCodeStatus.PENDING.value, True, False),
(DeviceCodeStatus.AUTHORIZED.value, False, False),
(DeviceCodeStatus.DENIED.value, False, False),
],
)
def test_is_pending(self, status, expired, expected):
"""Test pending status check."""
expires_at = (
datetime.now(timezone.utc) - timedelta(minutes=1)
if expired
else datetime.now(timezone.utc) + timedelta(minutes=10)
)
device_code = DeviceCode(
device_code='test-device-code',
user_code='ABC12345',
status=status,
expires_at=expires_at,
)
assert device_code.is_pending() == expected
def test_authorize(self, device_code):
"""Test device authorization."""
user_id = 'test-user-123'
device_code.authorize(user_id)
assert device_code.status == DeviceCodeStatus.AUTHORIZED.value
assert device_code.keycloak_user_id == user_id
assert device_code.authorized_at is not None
assert isinstance(device_code.authorized_at, datetime)
@pytest.mark.parametrize(
'method,expected_status',
[
('deny', DeviceCodeStatus.DENIED.value),
('expire', DeviceCodeStatus.EXPIRED.value),
],
)
def test_status_changes(self, device_code, method, expected_status):
"""Test status change methods."""
getattr(device_code, method)()
assert device_code.status == expected_status

193
enterprise/tests/unit/storage/test_device_code_store.py Normal file
View File

@@ -0,0 +1,193 @@
"""Unit tests for DeviceCodeStore."""
from unittest.mock import MagicMock
import pytest
from sqlalchemy.exc import IntegrityError
from storage.device_code import DeviceCode
from storage.device_code_store import DeviceCodeStore
@pytest.fixture
def mock_session():
"""Mock database session."""
session = MagicMock()
return session
@pytest.fixture
def mock_session_maker(mock_session):
"""Mock session maker."""
session_maker = MagicMock()
session_maker.return_value.__enter__.return_value = mock_session
session_maker.return_value.__exit__.return_value = None
return session_maker
@pytest.fixture
def device_code_store(mock_session_maker):
"""Create DeviceCodeStore instance."""
return DeviceCodeStore(mock_session_maker)
class TestDeviceCodeStore:
"""Test cases for DeviceCodeStore."""
def test_generate_user_code(self, device_code_store):
"""Test user code generation."""
code = device_code_store.generate_user_code()
assert len(code) == 8
assert code.isupper()
# Should not contain confusing characters
assert not any(char in code for char in 'IO01')
def test_generate_device_code(self, device_code_store):
"""Test device code generation."""
code = device_code_store.generate_device_code()
assert len(code) == 128
assert code.isalnum()
def test_create_device_code_success(self, device_code_store, mock_session):
"""Test successful device code creation."""
# Mock successful creation (no IntegrityError)
mock_device_code = MagicMock(spec=DeviceCode)
mock_device_code.device_code = 'test-device-code-123'
mock_device_code.user_code = 'TESTCODE'
# Mock the session to return our mock device code after refresh
def mock_refresh(obj):
obj.device_code = mock_device_code.device_code
obj.user_code = mock_device_code.user_code
mock_session.refresh.side_effect = mock_refresh
result = device_code_store.create_device_code(expires_in=600)
assert isinstance(result, DeviceCode)
mock_session.add.assert_called_once()
mock_session.commit.assert_called_once()
mock_session.refresh.assert_called_once()
mock_session.expunge.assert_called_once()
def test_create_device_code_with_retries(
self, device_code_store, mock_session_maker
):
"""Test device code creation with constraint violation retries."""
mock_session = MagicMock()
mock_session_maker.return_value.__enter__.return_value = mock_session
mock_session_maker.return_value.__exit__.return_value = None
# First attempt fails with IntegrityError, second succeeds
mock_session.commit.side_effect = [IntegrityError('', '', ''), None]
mock_device_code = MagicMock(spec=DeviceCode)
mock_device_code.device_code = 'test-device-code-456'
mock_device_code.user_code = 'TESTCD2'
def mock_refresh(obj):
obj.device_code = mock_device_code.device_code
obj.user_code = mock_device_code.user_code
mock_session.refresh.side_effect = mock_refresh
store = DeviceCodeStore(mock_session_maker)
result = store.create_device_code(expires_in=600)
assert isinstance(result, DeviceCode)
assert mock_session.add.call_count == 2 # Two attempts
assert mock_session.commit.call_count == 2 # Two attempts
def test_create_device_code_max_attempts_exceeded(
self, device_code_store, mock_session_maker
):
"""Test device code creation failure after max attempts."""
mock_session = MagicMock()
mock_session_maker.return_value.__enter__.return_value = mock_session
mock_session_maker.return_value.__exit__.return_value = None
# All attempts fail with IntegrityError
mock_session.commit.side_effect = IntegrityError('', '', '')
store = DeviceCodeStore(mock_session_maker)
with pytest.raises(
RuntimeError,
match='Failed to generate unique device codes after 3 attempts',
):
store.create_device_code(expires_in=600, max_attempts=3)
@pytest.mark.parametrize(
'lookup_method,lookup_field',
[
('get_by_device_code', 'device_code'),
('get_by_user_code', 'user_code'),
],
)
def test_lookup_methods(
self, device_code_store, mock_session, lookup_method, lookup_field
):
"""Test device code lookup methods."""
test_code = 'test-code-123'
mock_device_code = MagicMock()
mock_session.query.return_value.filter_by.return_value.first.return_value = (
mock_device_code
)
result = getattr(device_code_store, lookup_method)(test_code)
assert result == mock_device_code
mock_session.query.assert_called_once_with(DeviceCode)
mock_session.query.return_value.filter_by.assert_called_once_with(
**{lookup_field: test_code}
)
@pytest.mark.parametrize(
'device_exists,is_pending,expected_result',
[
(True, True, True), # Success case
(False, True, False), # Device not found
(True, False, False), # Device not pending
],
)
def test_authorize_device_code(
self,
device_code_store,
mock_session,
device_exists,
is_pending,
expected_result,
):
"""Test device code authorization."""
user_code = 'ABC12345'
user_id = 'test-user-123'
if device_exists:
mock_device = MagicMock()
mock_device.is_pending.return_value = is_pending
mock_session.query.return_value.filter_by.return_value.first.return_value = mock_device
else:
mock_session.query.return_value.filter_by.return_value.first.return_value = None
result = device_code_store.authorize_device_code(user_code, user_id)
assert result == expected_result
if expected_result:
mock_device.authorize.assert_called_once_with(user_id)
mock_session.commit.assert_called_once()
def test_deny_device_code(self, device_code_store, mock_session):
"""Test device code denial."""
user_code = 'ABC12345'
mock_device = MagicMock()
mock_device.is_pending.return_value = True
mock_session.query.return_value.filter_by.return_value.first.return_value = (
mock_device
)
result = device_code_store.deny_device_code(user_code)
assert result is True
mock_device.deny.assert_called_once()
mock_session.commit.assert_called_once()

50
enterprise/tests/unit/test_api_key_store.py
View File

@@ -25,10 +25,12 @@ def api_key_store(mock_session_maker):
def test_generate_api_key(api_key_store):
"""Test that generate_api_key returns a string of the expected length."""
"""Test that generate_api_key returns a string with sk-oh- prefix and expected length."""
key = api_key_store.generate_api_key(length=32)
assert isinstance(key, str)
assert len(key) == 32
assert key.startswith('sk-oh-')
# Total length should be prefix (6 chars) + random part (32 chars) = 38 chars
assert len(key) == len('sk-oh-') + 32
def test_create_api_key(api_key_store, mock_session):
@@ -90,6 +92,50 @@ def test_validate_api_key_expired(api_key_store, mock_session):
mock_session.commit.assert_not_called()
def test_validate_api_key_expired_timezone_naive(api_key_store, mock_session):
"""Test validating an expired API key with timezone-naive datetime from database."""
# Setup
api_key = 'test-api-key'
mock_key_record = MagicMock()
# Simulate timezone-naive datetime as returned from database
mock_key_record.expires_at = datetime.now() - timedelta(days=1) # No UTC timezone
mock_key_record.id = 1
mock_session.query.return_value.filter.return_value.first.return_value = (
mock_key_record
)
# Execute
result = api_key_store.validate_api_key(api_key)
# Verify
assert result is None
mock_session.execute.assert_not_called()
mock_session.commit.assert_not_called()
def test_validate_api_key_valid_timezone_naive(api_key_store, mock_session):
"""Test validating a valid API key with timezone-naive datetime from database."""
# Setup
api_key = 'test-api-key'
user_id = 'test-user-123'
mock_key_record = MagicMock()
mock_key_record.user_id = user_id
# Simulate timezone-naive datetime as returned from database (future date)
mock_key_record.expires_at = datetime.now() + timedelta(days=1) # No UTC timezone
mock_key_record.id = 1
mock_session.query.return_value.filter.return_value.first.return_value = (
mock_key_record
)
# Execute
result = api_key_store.validate_api_key(api_key)
# Verify
assert result == user_id
mock_session.execute.assert_called_once()
mock_session.commit.assert_called_once()
def test_validate_api_key_not_found(api_key_store, mock_session):
"""Test validating a non-existent API key."""
# Setup

193
enterprise/tests/unit/test_auth_routes.py
View File

@@ -442,3 +442,196 @@ async def test_logout_without_refresh_token():
mock_token_manager.logout.assert_not_called()
assert 'set-cookie' in result.headers
@pytest.mark.asyncio
async def test_keycloak_callback_blocked_email_domain(mock_request):
"""Test keycloak_callback when email domain is blocked."""
# Arrange
with (
patch('server.routes.auth.token_manager') as mock_token_manager,
patch('server.routes.auth.domain_blocker') as mock_domain_blocker,
):
mock_token_manager.get_keycloak_tokens = AsyncMock(
return_value=('test_access_token', 'test_refresh_token')
)
mock_token_manager.get_user_info = AsyncMock(
return_value={
'sub': 'test_user_id',
'preferred_username': 'test_user',
'email': 'user@colsch.us',
'identity_provider': 'github',
}
)
mock_token_manager.disable_keycloak_user = AsyncMock()
mock_domain_blocker.is_active.return_value = True
mock_domain_blocker.is_domain_blocked.return_value = True
# Act
result = await keycloak_callback(
code='test_code', state='test_state', request=mock_request
)
# Assert
assert isinstance(result, JSONResponse)
assert result.status_code == status.HTTP_401_UNAUTHORIZED
assert 'error' in result.body.decode()
assert 'email domain is not allowed' in result.body.decode()
mock_domain_blocker.is_domain_blocked.assert_called_once_with('user@colsch.us')
mock_token_manager.disable_keycloak_user.assert_called_once_with(
'test_user_id', 'user@colsch.us'
)
@pytest.mark.asyncio
async def test_keycloak_callback_allowed_email_domain(mock_request):
"""Test keycloak_callback when email domain is not blocked."""
# Arrange
with (
patch('server.routes.auth.token_manager') as mock_token_manager,
patch('server.routes.auth.domain_blocker') as mock_domain_blocker,
patch('server.routes.auth.user_verifier') as mock_verifier,
patch('server.routes.auth.session_maker') as mock_session_maker,
):
mock_session = MagicMock()
mock_session_maker.return_value.__enter__.return_value = mock_session
mock_query = MagicMock()
mock_session.query.return_value = mock_query
mock_query.filter.return_value = mock_query
mock_user_settings = MagicMock()
mock_user_settings.accepted_tos = '2025-01-01'
mock_query.first.return_value = mock_user_settings
mock_token_manager.get_keycloak_tokens = AsyncMock(
return_value=('test_access_token', 'test_refresh_token')
)
mock_token_manager.get_user_info = AsyncMock(
return_value={
'sub': 'test_user_id',
'preferred_username': 'test_user',
'email': 'user@example.com',
'identity_provider': 'github',
}
)
mock_token_manager.store_idp_tokens = AsyncMock()
mock_token_manager.validate_offline_token = AsyncMock(return_value=True)
mock_domain_blocker.is_active.return_value = True
mock_domain_blocker.is_domain_blocked.return_value = False
mock_verifier.is_active.return_value = True
mock_verifier.is_user_allowed.return_value = True
# Act
result = await keycloak_callback(
code='test_code', state='test_state', request=mock_request
)
# Assert
assert isinstance(result, RedirectResponse)
mock_domain_blocker.is_domain_blocked.assert_called_once_with(
'user@example.com'
)
mock_token_manager.disable_keycloak_user.assert_not_called()
@pytest.mark.asyncio
async def test_keycloak_callback_domain_blocking_inactive(mock_request):
"""Test keycloak_callback when domain blocking is not active."""
# Arrange
with (
patch('server.routes.auth.token_manager') as mock_token_manager,
patch('server.routes.auth.domain_blocker') as mock_domain_blocker,
patch('server.routes.auth.user_verifier') as mock_verifier,
patch('server.routes.auth.session_maker') as mock_session_maker,
):
mock_session = MagicMock()
mock_session_maker.return_value.__enter__.return_value = mock_session
mock_query = MagicMock()
mock_session.query.return_value = mock_query
mock_query.filter.return_value = mock_query
mock_user_settings = MagicMock()
mock_user_settings.accepted_tos = '2025-01-01'
mock_query.first.return_value = mock_user_settings
mock_token_manager.get_keycloak_tokens = AsyncMock(
return_value=('test_access_token', 'test_refresh_token')
)
mock_token_manager.get_user_info = AsyncMock(
return_value={
'sub': 'test_user_id',
'preferred_username': 'test_user',
'email': 'user@colsch.us',
'identity_provider': 'github',
}
)
mock_token_manager.store_idp_tokens = AsyncMock()
mock_token_manager.validate_offline_token = AsyncMock(return_value=True)
mock_domain_blocker.is_active.return_value = False
mock_verifier.is_active.return_value = True
mock_verifier.is_user_allowed.return_value = True
# Act
result = await keycloak_callback(
code='test_code', state='test_state', request=mock_request
)
# Assert
assert isinstance(result, RedirectResponse)
mock_domain_blocker.is_domain_blocked.assert_not_called()
mock_token_manager.disable_keycloak_user.assert_not_called()
@pytest.mark.asyncio
async def test_keycloak_callback_missing_email(mock_request):
"""Test keycloak_callback when user info does not contain email."""
# Arrange
with (
patch('server.routes.auth.token_manager') as mock_token_manager,
patch('server.routes.auth.domain_blocker') as mock_domain_blocker,
patch('server.routes.auth.user_verifier') as mock_verifier,
patch('server.routes.auth.session_maker') as mock_session_maker,
):
mock_session = MagicMock()
mock_session_maker.return_value.__enter__.return_value = mock_session
mock_query = MagicMock()
mock_session.query.return_value = mock_query
mock_query.filter.return_value = mock_query
mock_user_settings = MagicMock()
mock_user_settings.accepted_tos = '2025-01-01'
mock_query.first.return_value = mock_user_settings
mock_token_manager.get_keycloak_tokens = AsyncMock(
return_value=('test_access_token', 'test_refresh_token')
)
mock_token_manager.get_user_info = AsyncMock(
return_value={
'sub': 'test_user_id',
'preferred_username': 'test_user',
'identity_provider': 'github',
# No email field
}
)
mock_token_manager.store_idp_tokens = AsyncMock()
mock_token_manager.validate_offline_token = AsyncMock(return_value=True)
mock_domain_blocker.is_active.return_value = True
mock_verifier.is_active.return_value = True
mock_verifier.is_user_allowed.return_value = True
# Act
result = await keycloak_callback(
code='test_code', state='test_state', request=mock_request
)
# Assert
assert isinstance(result, RedirectResponse)
mock_domain_blocker.is_domain_blocked.assert_not_called()
mock_token_manager.disable_keycloak_user.assert_not_called()

181
enterprise/tests/unit/test_domain_blocker.py Normal file
View File

@@ -0,0 +1,181 @@
"""Unit tests for DomainBlocker class."""
import pytest
from server.auth.domain_blocker import DomainBlocker
@pytest.fixture
def domain_blocker():
"""Create a DomainBlocker instance for testing."""
return DomainBlocker()
@pytest.mark.parametrize(
'blocked_domains,expected',
[
(['colsch.us', 'other-domain.com'], True),
(['example.com'], True),
([], False),
],
)
def test_is_active(domain_blocker, blocked_domains, expected):
"""Test that is_active returns correct value based on blocked domains configuration."""
# Arrange
domain_blocker.blocked_domains = blocked_domains
# Act
result = domain_blocker.is_active()
# Assert
assert result == expected
@pytest.mark.parametrize(
'email,expected_domain',
[
('user@example.com', 'example.com'),
('test@colsch.us', 'colsch.us'),
('user.name@other-domain.com', 'other-domain.com'),
('USER@EXAMPLE.COM', 'example.com'), # Case insensitive
('user@EXAMPLE.COM', 'example.com'),
(' user@example.com ', 'example.com'), # Whitespace handling
],
)
def test_extract_domain_valid_emails(domain_blocker, email, expected_domain):
"""Test that _extract_domain correctly extracts and normalizes domains from valid emails."""
# Act
result = domain_blocker._extract_domain(email)
# Assert
assert result == expected_domain
@pytest.mark.parametrize(
'email,expected',
[
(None, None),
('', None),
('invalid-email', None),
('user@', None), # Empty domain after @
('no-at-sign', None),
],
)
def test_extract_domain_invalid_emails(domain_blocker, email, expected):
"""Test that _extract_domain returns None for invalid email formats."""
# Act
result = domain_blocker._extract_domain(email)
# Assert
assert result == expected
def test_is_domain_blocked_when_inactive(domain_blocker):
"""Test that is_domain_blocked returns False when blocking is not active."""
# Arrange
domain_blocker.blocked_domains = []
# Act
result = domain_blocker.is_domain_blocked('user@colsch.us')
# Assert
assert result is False
def test_is_domain_blocked_with_none_email(domain_blocker):
"""Test that is_domain_blocked returns False when email is None."""
# Arrange
domain_blocker.blocked_domains = ['colsch.us']
# Act
result = domain_blocker.is_domain_blocked(None)
# Assert
assert result is False
def test_is_domain_blocked_with_empty_email(domain_blocker):
"""Test that is_domain_blocked returns False when email is empty."""
# Arrange
domain_blocker.blocked_domains = ['colsch.us']
# Act
result = domain_blocker.is_domain_blocked('')
# Assert
assert result is False
def test_is_domain_blocked_with_invalid_email(domain_blocker):
"""Test that is_domain_blocked returns False when email format is invalid."""
# Arrange
domain_blocker.blocked_domains = ['colsch.us']
# Act
result = domain_blocker.is_domain_blocked('invalid-email')
# Assert
assert result is False
def test_is_domain_blocked_domain_not_blocked(domain_blocker):
"""Test that is_domain_blocked returns False when domain is not in blocked list."""
# Arrange
domain_blocker.blocked_domains = ['colsch.us', 'other-domain.com']
# Act
result = domain_blocker.is_domain_blocked('user@example.com')
# Assert
assert result is False
def test_is_domain_blocked_domain_blocked(domain_blocker):
"""Test that is_domain_blocked returns True when domain is in blocked list."""
# Arrange
domain_blocker.blocked_domains = ['colsch.us', 'other-domain.com']
# Act
result = domain_blocker.is_domain_blocked('user@colsch.us')
# Assert
assert result is True
def test_is_domain_blocked_case_insensitive(domain_blocker):
"""Test that is_domain_blocked performs case-insensitive domain matching."""
# Arrange
domain_blocker.blocked_domains = ['colsch.us']
# Act
result = domain_blocker.is_domain_blocked('user@COLSCH.US')
# Assert
assert result is True
def test_is_domain_blocked_multiple_blocked_domains(domain_blocker):
"""Test that is_domain_blocked correctly checks against multiple blocked domains."""
# Arrange
domain_blocker.blocked_domains = ['colsch.us', 'other-domain.com', 'blocked.org']
# Act
result1 = domain_blocker.is_domain_blocked('user@other-domain.com')
result2 = domain_blocker.is_domain_blocked('user@blocked.org')
result3 = domain_blocker.is_domain_blocked('user@allowed.com')
# Assert
assert result1 is True
assert result2 is True
assert result3 is False
def test_is_domain_blocked_with_whitespace(domain_blocker):
"""Test that is_domain_blocked handles emails with whitespace correctly."""
# Arrange
domain_blocker.blocked_domains = ['colsch.us']
# Act
result = domain_blocker.is_domain_blocked(' user@colsch.us ')
# Assert
assert result is True

132
enterprise/tests/unit/test_get_user_v1_enabled_setting.py Normal file
View File

@@ -0,0 +1,132 @@
"""Unit tests for get_user_v1_enabled_setting function."""
import os
from unittest.mock import AsyncMock, MagicMock, patch
import pytest
from integrations.github.github_view import get_user_v1_enabled_setting
@pytest.fixture
def mock_user_settings():
"""Create a mock user settings object."""
settings = MagicMock()
settings.v1_enabled = True # Default to True, can be overridden in tests
return settings
@pytest.fixture
def mock_settings_store(mock_user_settings):
"""Create a mock settings store."""
store = MagicMock()
store.get_user_settings_by_keycloak_id = AsyncMock(return_value=mock_user_settings)
return store
@pytest.fixture
def mock_config():
"""Create a mock config object."""
return MagicMock()
@pytest.fixture
def mock_session_maker():
"""Create a mock session maker."""
return MagicMock()
@pytest.fixture
def mock_dependencies(
mock_settings_store, mock_config, mock_session_maker, mock_user_settings
):
"""Fixture that patches all the common dependencies."""
with patch(
'integrations.github.github_view.SaasSettingsStore',
return_value=mock_settings_store,
) as mock_store_class, patch(
'integrations.github.github_view.get_config', return_value=mock_config
) as mock_get_config, patch(
'integrations.github.github_view.session_maker', mock_session_maker
), patch(
'integrations.github.github_view.call_sync_from_async',
return_value=mock_user_settings,
) as mock_call_sync:
yield {
'store_class': mock_store_class,
'get_config': mock_get_config,
'session_maker': mock_session_maker,
'call_sync': mock_call_sync,
'settings_store': mock_settings_store,
'user_settings': mock_user_settings,
}
class TestGetUserV1EnabledSetting:
"""Test cases for get_user_v1_enabled_setting function."""
@pytest.mark.asyncio
@pytest.mark.parametrize(
'env_var_enabled,user_setting_enabled,expected_result',
[
(False, True, False), # Env var disabled, user enabled -> False
(True, False, False), # Env var enabled, user disabled -> False
(True, True, True), # Both enabled -> True
(False, False, False), # Both disabled -> False
],
)
async def test_v1_enabled_combinations(
self, mock_dependencies, env_var_enabled, user_setting_enabled, expected_result
):
"""Test all combinations of environment variable and user setting values."""
mock_dependencies['user_settings'].v1_enabled = user_setting_enabled
with patch(
'integrations.github.github_view.ENABLE_V1_GITHUB_RESOLVER', env_var_enabled
):
result = await get_user_v1_enabled_setting('test_user_id')
assert result is expected_result
@pytest.mark.asyncio
@pytest.mark.parametrize(
'env_var_value,env_var_bool,expected_result',
[
('false', False, False), # Environment variable 'false' -> False
('true', True, True), # Environment variable 'true' -> True
],
)
async def test_environment_variable_integration(
self, mock_dependencies, env_var_value, env_var_bool, expected_result
):
"""Test that the function properly reads the ENABLE_V1_GITHUB_RESOLVER environment variable."""
mock_dependencies['user_settings'].v1_enabled = True
with patch.dict(
os.environ, {'ENABLE_V1_GITHUB_RESOLVER': env_var_value}
), patch('integrations.utils.os.getenv', return_value=env_var_value), patch(
'integrations.github.github_view.ENABLE_V1_GITHUB_RESOLVER', env_var_bool
):
result = await get_user_v1_enabled_setting('test_user_id')
assert result is expected_result
@pytest.mark.asyncio
async def test_function_calls_correct_methods(self, mock_dependencies):
"""Test that the function calls the correct methods with correct parameters."""
mock_dependencies['user_settings'].v1_enabled = True
with patch('integrations.github.github_view.ENABLE_V1_GITHUB_RESOLVER', True):
result = await get_user_v1_enabled_setting('test_user_123')
# Verify the result
assert result is True
# Verify correct methods were called with correct parameters
mock_dependencies['get_config'].assert_called_once()
mock_dependencies['store_class'].assert_called_once_with(
user_id='test_user_123',
session_maker=mock_dependencies['session_maker'],
config=mock_dependencies['get_config'].return_value,
)
mock_dependencies['call_sync'].assert_called_once_with(
mock_dependencies['settings_store'].get_user_settings_by_keycloak_id,
'test_user_123',
)

485
enterprise/tests/unit/test_legacy_conversation_manager.py
View File

@@ -1,485 +0,0 @@
import time
from unittest.mock import AsyncMock, MagicMock, patch
import pytest
from server.legacy_conversation_manager import (
_LEGACY_ENTRY_TIMEOUT_SECONDS,
LegacyCacheEntry,
LegacyConversationManager,
)
from openhands.core.config.openhands_config import OpenHandsConfig
from openhands.server.config.server_config import ServerConfig
from openhands.server.monitoring import MonitoringListener
from openhands.storage.memory import InMemoryFileStore
@pytest.fixture
def mock_sio():
"""Create a mock SocketIO server."""
return MagicMock()
@pytest.fixture
def mock_config():
"""Create a mock OpenHands config."""
return MagicMock(spec=OpenHandsConfig)
@pytest.fixture
def mock_server_config():
"""Create a mock server config."""
return MagicMock(spec=ServerConfig)
@pytest.fixture
def mock_file_store():
"""Create a mock file store."""
return MagicMock(spec=InMemoryFileStore)
@pytest.fixture
def mock_monitoring_listener():
"""Create a mock monitoring listener."""
return MagicMock(spec=MonitoringListener)
@pytest.fixture
def mock_conversation_manager():
"""Create a mock SaasNestedConversationManager."""
mock_cm = MagicMock()
mock_cm._get_runtime = AsyncMock()
return mock_cm
@pytest.fixture
def mock_legacy_conversation_manager():
"""Create a mock ClusteredConversationManager."""
return MagicMock()
@pytest.fixture
def legacy_manager(
mock_sio,
mock_config,
mock_server_config,
mock_file_store,
mock_conversation_manager,
mock_legacy_conversation_manager,
):
"""Create a LegacyConversationManager instance for testing."""
return LegacyConversationManager(
sio=mock_sio,
config=mock_config,
server_config=mock_server_config,
file_store=mock_file_store,
conversation_manager=mock_conversation_manager,
legacy_conversation_manager=mock_legacy_conversation_manager,
)
class TestLegacyCacheEntry:
"""Test the LegacyCacheEntry dataclass."""
def test_cache_entry_creation(self):
"""Test creating a cache entry."""
timestamp = time.time()
entry = LegacyCacheEntry(is_legacy=True, timestamp=timestamp)
assert entry.is_legacy is True
assert entry.timestamp == timestamp
def test_cache_entry_false(self):
"""Test creating a cache entry with False value."""
timestamp = time.time()
entry = LegacyCacheEntry(is_legacy=False, timestamp=timestamp)
assert entry.is_legacy is False
assert entry.timestamp == timestamp
class TestLegacyConversationManagerCacheCleanup:
"""Test cache cleanup functionality."""
def test_cleanup_expired_cache_entries_removes_expired(self, legacy_manager):
"""Test that expired entries are removed from cache."""
current_time = time.time()
expired_time = current_time - _LEGACY_ENTRY_TIMEOUT_SECONDS - 1
valid_time = current_time - 100 # Well within timeout
# Add both expired and valid entries
legacy_manager._legacy_cache = {
'expired_conversation': LegacyCacheEntry(True, expired_time),
'valid_conversation': LegacyCacheEntry(False, valid_time),
'another_expired': LegacyCacheEntry(True, expired_time - 100),
}
legacy_manager._cleanup_expired_cache_entries()
# Only valid entry should remain
assert len(legacy_manager._legacy_cache) == 1
assert 'valid_conversation' in legacy_manager._legacy_cache
assert 'expired_conversation' not in legacy_manager._legacy_cache
assert 'another_expired' not in legacy_manager._legacy_cache
def test_cleanup_expired_cache_entries_keeps_valid(self, legacy_manager):
"""Test that valid entries are kept during cleanup."""
current_time = time.time()
valid_time = current_time - 100 # Well within timeout
legacy_manager._legacy_cache = {
'valid_conversation_1': LegacyCacheEntry(True, valid_time),
'valid_conversation_2': LegacyCacheEntry(False, valid_time - 50),
}
legacy_manager._cleanup_expired_cache_entries()
# Both entries should remain
assert len(legacy_manager._legacy_cache) == 2
assert 'valid_conversation_1' in legacy_manager._legacy_cache
assert 'valid_conversation_2' in legacy_manager._legacy_cache
def test_cleanup_expired_cache_entries_empty_cache(self, legacy_manager):
"""Test cleanup with empty cache."""
legacy_manager._legacy_cache = {}
legacy_manager._cleanup_expired_cache_entries()
assert len(legacy_manager._legacy_cache) == 0
class TestIsLegacyRuntime:
"""Test the is_legacy_runtime method."""
def test_is_legacy_runtime_none(self, legacy_manager):
"""Test with None runtime."""
result = legacy_manager.is_legacy_runtime(None)
assert result is False
def test_is_legacy_runtime_legacy_command(self, legacy_manager):
"""Test with legacy runtime command."""
runtime = {'command': 'some_old_legacy_command'}
result = legacy_manager.is_legacy_runtime(runtime)
assert result is True
def test_is_legacy_runtime_new_command(self, legacy_manager):
"""Test with new runtime command containing openhands.server."""
runtime = {'command': 'python -m openhands.server.listen'}
result = legacy_manager.is_legacy_runtime(runtime)
assert result is False
def test_is_legacy_runtime_partial_match(self, legacy_manager):
"""Test with command that partially matches but is still legacy."""
runtime = {'command': 'openhands.client.start'}
result = legacy_manager.is_legacy_runtime(runtime)
assert result is True
def test_is_legacy_runtime_empty_command(self, legacy_manager):
"""Test with empty command."""
runtime = {'command': ''}
result = legacy_manager.is_legacy_runtime(runtime)
assert result is True
def test_is_legacy_runtime_missing_command_key(self, legacy_manager):
"""Test with runtime missing command key."""
runtime = {'other_key': 'value'}
# This should raise a KeyError
with pytest.raises(KeyError):
legacy_manager.is_legacy_runtime(runtime)
class TestShouldStartInLegacyMode:
"""Test the should_start_in_legacy_mode method."""
@pytest.mark.asyncio
async def test_cache_hit_valid_entry_legacy(self, legacy_manager):
"""Test cache hit with valid legacy entry."""
conversation_id = 'test_conversation'
current_time = time.time()
# Add valid cache entry
legacy_manager._legacy_cache[conversation_id] = LegacyCacheEntry(
True, current_time - 100
)
result = await legacy_manager.should_start_in_legacy_mode(conversation_id)
assert result is True
# Should not call _get_runtime since we hit cache
legacy_manager.conversation_manager._get_runtime.assert_not_called()
@pytest.mark.asyncio
async def test_cache_hit_valid_entry_non_legacy(self, legacy_manager):
"""Test cache hit with valid non-legacy entry."""
conversation_id = 'test_conversation'
current_time = time.time()
# Add valid cache entry
legacy_manager._legacy_cache[conversation_id] = LegacyCacheEntry(
False, current_time - 100
)
result = await legacy_manager.should_start_in_legacy_mode(conversation_id)
assert result is False
# Should not call _get_runtime since we hit cache
legacy_manager.conversation_manager._get_runtime.assert_not_called()
@pytest.mark.asyncio
async def test_cache_miss_legacy_runtime(self, legacy_manager):
"""Test cache miss with legacy runtime."""
conversation_id = 'test_conversation'
runtime = {'command': 'old_command'}
legacy_manager.conversation_manager._get_runtime.return_value = runtime
result = await legacy_manager.should_start_in_legacy_mode(conversation_id)
assert result is True
# Should call _get_runtime
legacy_manager.conversation_manager._get_runtime.assert_called_once_with(
conversation_id
)
# Should cache the result
assert conversation_id in legacy_manager._legacy_cache
assert legacy_manager._legacy_cache[conversation_id].is_legacy is True
@pytest.mark.asyncio
async def test_cache_miss_non_legacy_runtime(self, legacy_manager):
"""Test cache miss with non-legacy runtime."""
conversation_id = 'test_conversation'
runtime = {'command': 'python -m openhands.server.listen'}
legacy_manager.conversation_manager._get_runtime.return_value = runtime
result = await legacy_manager.should_start_in_legacy_mode(conversation_id)
assert result is False
# Should call _get_runtime
legacy_manager.conversation_manager._get_runtime.assert_called_once_with(
conversation_id
)
# Should cache the result
assert conversation_id in legacy_manager._legacy_cache
assert legacy_manager._legacy_cache[conversation_id].is_legacy is False
@pytest.mark.asyncio
async def test_cache_expired_entry(self, legacy_manager):
"""Test with expired cache entry."""
conversation_id = 'test_conversation'
expired_time = time.time() - _LEGACY_ENTRY_TIMEOUT_SECONDS - 1
runtime = {'command': 'python -m openhands.server.listen'}
# Add expired cache entry
legacy_manager._legacy_cache[conversation_id] = LegacyCacheEntry(
True,
expired_time, # This should be considered expired
)
legacy_manager.conversation_manager._get_runtime.return_value = runtime
result = await legacy_manager.should_start_in_legacy_mode(conversation_id)
assert result is False # Runtime indicates non-legacy
# Should call _get_runtime since cache is expired
legacy_manager.conversation_manager._get_runtime.assert_called_once_with(
conversation_id
)
# Should update cache with new result
assert legacy_manager._legacy_cache[conversation_id].is_legacy is False
@pytest.mark.asyncio
async def test_cache_exactly_at_timeout(self, legacy_manager):
"""Test with cache entry exactly at timeout boundary."""
conversation_id = 'test_conversation'
timeout_time = time.time() - _LEGACY_ENTRY_TIMEOUT_SECONDS
runtime = {'command': 'python -m openhands.server.listen'}
# Add cache entry exactly at timeout
legacy_manager._legacy_cache[conversation_id] = LegacyCacheEntry(
True, timeout_time
)
legacy_manager.conversation_manager._get_runtime.return_value = runtime
result = await legacy_manager.should_start_in_legacy_mode(conversation_id)
# Should treat as expired and fetch from runtime
assert result is False
legacy_manager.conversation_manager._get_runtime.assert_called_once_with(
conversation_id
)
@pytest.mark.asyncio
async def test_runtime_returns_none(self, legacy_manager):
"""Test when runtime returns None."""
conversation_id = 'test_conversation'
legacy_manager.conversation_manager._get_runtime.return_value = None
result = await legacy_manager.should_start_in_legacy_mode(conversation_id)
assert result is False
# Should cache the result
assert conversation_id in legacy_manager._legacy_cache
assert legacy_manager._legacy_cache[conversation_id].is_legacy is False
@pytest.mark.asyncio
async def test_cleanup_called_on_each_invocation(self, legacy_manager):
"""Test that cleanup is called on each invocation."""
conversation_id = 'test_conversation'
runtime = {'command': 'test'}
legacy_manager.conversation_manager._get_runtime.return_value = runtime
# Mock the cleanup method to verify it's called
with patch.object(
legacy_manager, '_cleanup_expired_cache_entries'
) as mock_cleanup:
await legacy_manager.should_start_in_legacy_mode(conversation_id)
mock_cleanup.assert_called_once()
@pytest.mark.asyncio
async def test_multiple_conversations_cached_independently(self, legacy_manager):
"""Test that multiple conversations are cached independently."""
conv1 = 'conversation_1'
conv2 = 'conversation_2'
runtime1 = {'command': 'old_command'} # Legacy
runtime2 = {'command': 'python -m openhands.server.listen'} # Non-legacy
# Mock to return different runtimes based on conversation_id
def mock_get_runtime(conversation_id):
if conversation_id == conv1:
return runtime1
return runtime2
legacy_manager.conversation_manager._get_runtime.side_effect = mock_get_runtime
result1 = await legacy_manager.should_start_in_legacy_mode(conv1)
result2 = await legacy_manager.should_start_in_legacy_mode(conv2)
assert result1 is True
assert result2 is False
# Both should be cached
assert conv1 in legacy_manager._legacy_cache
assert conv2 in legacy_manager._legacy_cache
assert legacy_manager._legacy_cache[conv1].is_legacy is True
assert legacy_manager._legacy_cache[conv2].is_legacy is False
@pytest.mark.asyncio
async def test_cache_timestamp_updated_on_refresh(self, legacy_manager):
"""Test that cache timestamp is updated when entry is refreshed."""
conversation_id = 'test_conversation'
old_time = time.time() - _LEGACY_ENTRY_TIMEOUT_SECONDS - 1
runtime = {'command': 'test'}
# Add expired entry
legacy_manager._legacy_cache[conversation_id] = LegacyCacheEntry(True, old_time)
legacy_manager.conversation_manager._get_runtime.return_value = runtime
# Record time before call
before_call = time.time()
await legacy_manager.should_start_in_legacy_mode(conversation_id)
after_call = time.time()
# Timestamp should be updated
cached_entry = legacy_manager._legacy_cache[conversation_id]
assert cached_entry.timestamp >= before_call
assert cached_entry.timestamp <= after_call
class TestLegacyConversationManagerIntegration:
"""Integration tests for LegacyConversationManager."""
@pytest.mark.asyncio
async def test_get_instance_creates_proper_manager(
self,
mock_sio,
mock_config,
mock_file_store,
mock_server_config,
mock_monitoring_listener,
):
"""Test that get_instance creates a properly configured manager."""
with patch(
'server.legacy_conversation_manager.SaasNestedConversationManager'
) as mock_saas, patch(
'server.legacy_conversation_manager.ClusteredConversationManager'
) as mock_clustered:
mock_saas.get_instance.return_value = MagicMock()
mock_clustered.get_instance.return_value = MagicMock()
manager = LegacyConversationManager.get_instance(
mock_sio,
mock_config,
mock_file_store,
mock_server_config,
mock_monitoring_listener,
)
assert isinstance(manager, LegacyConversationManager)
assert manager.sio == mock_sio
assert manager.config == mock_config
assert manager.file_store == mock_file_store
assert manager.server_config == mock_server_config
# Verify that both nested managers are created
mock_saas.get_instance.assert_called_once()
mock_clustered.get_instance.assert_called_once()
def test_legacy_cache_initialized_empty(self, legacy_manager):
"""Test that legacy cache is initialized as empty dict."""
assert isinstance(legacy_manager._legacy_cache, dict)
assert len(legacy_manager._legacy_cache) == 0
class TestEdgeCases:
"""Test edge cases and error scenarios."""
@pytest.mark.asyncio
async def test_get_runtime_raises_exception(self, legacy_manager):
"""Test behavior when _get_runtime raises an exception."""
conversation_id = 'test_conversation'
legacy_manager.conversation_manager._get_runtime.side_effect = Exception(
'Runtime error'
)
# Should propagate the exception
with pytest.raises(Exception, match='Runtime error'):
await legacy_manager.should_start_in_legacy_mode(conversation_id)
@pytest.mark.asyncio
async def test_very_large_cache(self, legacy_manager):
"""Test behavior with a large number of cache entries."""
current_time = time.time()
# Add many cache entries
for i in range(1000):
legacy_manager._legacy_cache[f'conversation_{i}'] = LegacyCacheEntry(
i % 2 == 0, current_time - i
)
# This should work without issues
await legacy_manager.should_start_in_legacy_mode('new_conversation')
# Should have added one more entry
assert len(legacy_manager._legacy_cache) == 1001
def test_cleanup_with_concurrent_modifications(self, legacy_manager):
"""Test cleanup behavior when cache is modified during cleanup."""
current_time = time.time()
expired_time = current_time - _LEGACY_ENTRY_TIMEOUT_SECONDS - 1
# Add expired entries
legacy_manager._legacy_cache = {
f'conversation_{i}': LegacyCacheEntry(True, expired_time) for i in range(10)
}
# This should work without raising exceptions
legacy_manager._cleanup_expired_cache_entries()
# All entries should be removed
assert len(legacy_manager._legacy_cache) == 0

101
enterprise/tests/unit/test_saas_user_auth.py
View File

@@ -5,7 +5,12 @@ import jwt
import pytest
from fastapi import Request
from pydantic import SecretStr
from server.auth.auth_error import BearerTokenError, CookieError, NoCredentialsError
from server.auth.auth_error import (
AuthError,
BearerTokenError,
CookieError,
NoCredentialsError,
)
from server.auth.saas_user_auth import (
SaasUserAuth,
get_api_key_from_header,
@@ -647,3 +652,97 @@ def test_get_api_key_from_header_bearer_with_empty_token():
# Assert that empty string from Bearer is returned (current behavior)
# This tests the current implementation behavior
assert api_key == ''
@pytest.mark.asyncio
async def test_saas_user_auth_from_signed_token_blocked_domain(mock_config):
"""Test that saas_user_auth_from_signed_token raises AuthError when email domain is blocked."""
# Arrange
access_payload = {
'sub': 'test_user_id',
'exp': int(time.time()) + 3600,
'email': 'user@colsch.us',
'email_verified': True,
}
access_token = jwt.encode(access_payload, 'access_secret', algorithm='HS256')
token_payload = {
'access_token': access_token,
'refresh_token': 'test_refresh_token',
}
signed_token = jwt.encode(token_payload, 'test_secret', algorithm='HS256')
with patch('server.auth.saas_user_auth.domain_blocker') as mock_domain_blocker:
mock_domain_blocker.is_active.return_value = True
mock_domain_blocker.is_domain_blocked.return_value = True
# Act & Assert
with pytest.raises(AuthError) as exc_info:
await saas_user_auth_from_signed_token(signed_token)
assert 'email domain is not allowed' in str(exc_info.value)
mock_domain_blocker.is_domain_blocked.assert_called_once_with('user@colsch.us')
@pytest.mark.asyncio
async def test_saas_user_auth_from_signed_token_allowed_domain(mock_config):
"""Test that saas_user_auth_from_signed_token succeeds when email domain is not blocked."""
# Arrange
access_payload = {
'sub': 'test_user_id',
'exp': int(time.time()) + 3600,
'email': 'user@example.com',
'email_verified': True,
}
access_token = jwt.encode(access_payload, 'access_secret', algorithm='HS256')
token_payload = {
'access_token': access_token,
'refresh_token': 'test_refresh_token',
}
signed_token = jwt.encode(token_payload, 'test_secret', algorithm='HS256')
with patch('server.auth.saas_user_auth.domain_blocker') as mock_domain_blocker:
mock_domain_blocker.is_active.return_value = True
mock_domain_blocker.is_domain_blocked.return_value = False
# Act
result = await saas_user_auth_from_signed_token(signed_token)
# Assert
assert isinstance(result, SaasUserAuth)
assert result.user_id == 'test_user_id'
assert result.email == 'user@example.com'
mock_domain_blocker.is_domain_blocked.assert_called_once_with(
'user@example.com'
)
@pytest.mark.asyncio
async def test_saas_user_auth_from_signed_token_domain_blocking_inactive(mock_config):
"""Test that saas_user_auth_from_signed_token succeeds when domain blocking is not active."""
# Arrange
access_payload = {
'sub': 'test_user_id',
'exp': int(time.time()) + 3600,
'email': 'user@colsch.us',
'email_verified': True,
}
access_token = jwt.encode(access_payload, 'access_secret', algorithm='HS256')
token_payload = {
'access_token': access_token,
'refresh_token': 'test_refresh_token',
}
signed_token = jwt.encode(token_payload, 'test_secret', algorithm='HS256')
with patch('server.auth.saas_user_auth.domain_blocker') as mock_domain_blocker:
mock_domain_blocker.is_active.return_value = False
# Act
result = await saas_user_auth_from_signed_token(signed_token)
# Assert
assert isinstance(result, SaasUserAuth)
assert result.user_id == 'test_user_id'
mock_domain_blocker.is_domain_blocked.assert_not_called()

102
enterprise/tests/unit/test_token_manager_extended.py
View File

@@ -1,4 +1,4 @@
from unittest.mock import AsyncMock, patch
from unittest.mock import AsyncMock, MagicMock, patch
import pytest
from server.auth.token_manager import TokenManager, create_encryption_utility
@@ -246,3 +246,103 @@ async def test_refresh(token_manager):
mock_keycloak.return_value.a_refresh_token.assert_called_once_with(
'test_refresh_token'
)
@pytest.mark.asyncio
async def test_disable_keycloak_user_success(token_manager):
"""Test successful disabling of a Keycloak user account."""
# Arrange
user_id = 'test_user_id'
email = 'user@colsch.us'
mock_user = {
'id': user_id,
'username': 'testuser',
'email': email,
'emailVerified': True,
}
with patch('server.auth.token_manager.get_keycloak_admin') as mock_get_admin:
mock_admin = MagicMock()
mock_admin.a_get_user = AsyncMock(return_value=mock_user)
mock_admin.a_update_user = AsyncMock()
mock_get_admin.return_value = mock_admin
# Act
await token_manager.disable_keycloak_user(user_id, email)
# Assert
mock_admin.a_get_user.assert_called_once_with(user_id)
mock_admin.a_update_user.assert_called_once_with(
user_id=user_id,
payload={
'enabled': False,
'username': 'testuser',
'email': email,
'emailVerified': True,
},
)
@pytest.mark.asyncio
async def test_disable_keycloak_user_without_email(token_manager):
"""Test disabling Keycloak user without providing email."""
# Arrange
user_id = 'test_user_id'
mock_user = {
'id': user_id,
'username': 'testuser',
'email': 'user@example.com',
'emailVerified': False,
}
with patch('server.auth.token_manager.get_keycloak_admin') as mock_get_admin:
mock_admin = MagicMock()
mock_admin.a_get_user = AsyncMock(return_value=mock_user)
mock_admin.a_update_user = AsyncMock()
mock_get_admin.return_value = mock_admin
# Act
await token_manager.disable_keycloak_user(user_id)
# Assert
mock_admin.a_get_user.assert_called_once_with(user_id)
mock_admin.a_update_user.assert_called_once()
@pytest.mark.asyncio
async def test_disable_keycloak_user_not_found(token_manager):
"""Test disabling Keycloak user when user is not found."""
# Arrange
user_id = 'nonexistent_user_id'
email = 'user@colsch.us'
with patch('server.auth.token_manager.get_keycloak_admin') as mock_get_admin:
mock_admin = MagicMock()
mock_admin.a_get_user = AsyncMock(return_value=None)
mock_get_admin.return_value = mock_admin
# Act
await token_manager.disable_keycloak_user(user_id, email)
# Assert
mock_admin.a_get_user.assert_called_once_with(user_id)
mock_admin.a_update_user.assert_not_called()
@pytest.mark.asyncio
async def test_disable_keycloak_user_exception_handling(token_manager):
"""Test that disable_keycloak_user handles exceptions gracefully without raising."""
# Arrange
user_id = 'test_user_id'
email = 'user@colsch.us'
with patch('server.auth.token_manager.get_keycloak_admin') as mock_get_admin:
mock_admin = MagicMock()
mock_admin.a_get_user = AsyncMock(side_effect=Exception('Connection error'))
mock_get_admin.return_value = mock_admin
# Act & Assert - should not raise exception
await token_manager.disable_keycloak_user(user_id, email)
# Verify the method was called
mock_admin.a_get_user.assert_called_once_with(user_id)

5
evaluation/README.md
View File

@@ -1,5 +1,10 @@
# Evaluation
> [!WARNING]
> **This directory is deprecated.** Our new benchmarks are located at [OpenHands/benchmarks](https://github.com/OpenHands/benchmarks).
>
> If you have already implemented a benchmark in this directory and would like to contribute it, we are happy to have the contribution. However, if you are starting anew, please use the new location.
This folder contains code and resources to run experiments and evaluations.
## For Benchmark Users

2
frontend/.eslintrc
View File

@@ -18,6 +18,8 @@
"i18next/no-literal-string": "error",
"unused-imports/no-unused-imports": "error",
"prettier/prettier": ["error"],
// Enforce using optional chaining (?.) instead of && chains for null/undefined checks
"@typescript-eslint/prefer-optional-chain": "error",
// Resolves https://stackoverflow.com/questions/59265981/typescript-eslint-missing-file-extension-ts-import-extensions/59268871#59268871
"import/extensions": [
"error",

2
frontend/.npmrc
View File

@@ -1,2 +0,0 @@
public-hoist-pattern[]=*@nextui-org/*
enable-pre-post-scripts=true

146
frontend/__tests__/MSW.md Normal file
View File

@@ -0,0 +1,146 @@
# Mock Service Worker (MSW) Guide
## Overview
[Mock Service Worker (MSW)](https://mswjs.io/) is an API mocking library that intercepts outgoing network requests at the network level. Unlike traditional mocking that patches `fetch` or `axios`, MSW uses a Service Worker in the browser and direct request interception in Node.js—making mocks transparent to your application code.
We use MSW in this project for:
- **Testing**: Write reliable unit and integration tests without real network calls
- **Development**: Run the frontend with mocked APIs when the backend isn't available or when working on features with pending backend APIs
The same mock handlers work in both environments, so you write them once and reuse everywhere.
## Relevant Files
- `src/mocks/handlers.ts` - Main handler registry that combines all domain handlers
- `src/mocks/*-handlers.ts` - Domain-specific handlers (auth, billing, conversation, etc.)
- `src/mocks/browser.ts` - Browser setup for development mode
- `src/mocks/node.ts` - Node.js setup for tests
- `vitest.setup.ts` - Global test setup with MSW lifecycle hooks
## Development Workflow
### Running with Mocked APIs
```sh
# Run with API mocking enabled
npm run dev:mock
# Run with API mocking + SaaS mode simulation
npm run dev:mock:saas
```
These commands set `VITE_MOCK_API=true` which activates the MSW Service Worker to intercept requests.
> [!NOTE]
> **OSS vs SaaS Mode**
>
> OpenHands runs in two modes:
> - **OSS mode**: For local/self-hosted deployments where users provide their own LLM API keys and configure git providers manually
> - **SaaS mode**: For the cloud offering with billing, managed API keys, and OAuth-based GitHub integration
>
> Use `dev:mock:saas` when working on SaaS-specific features like billing, API key management, or subscription flows.
## Writing Tests
### Service Layer Mocking (Recommended)
For most tests, mock at the service layer using `vi.spyOn`. This approach is explicit, test-scoped, and makes the scenario being tested clear.
```typescript
import { vi } from "vitest";
import SettingsService from "#/api/settings-service/settings-service.api";
const getSettingsSpy = vi.spyOn(SettingsService, "getSettings");
getSettingsSpy.mockResolvedValue({
llm_model: "openai/gpt-4o",
llm_api_key_set: true,
// ... other settings
});
```
Use `mockResolvedValue` for success scenarios and `mockRejectedValue` for error scenarios:
```typescript
getSettingsSpy.mockRejectedValue(new Error("Failed to fetch settings"));
```
### Network Layer Mocking (Advanced)
For tests that need actual network-level behavior (WebSockets, testing retry logic, etc.), use `server.use()` to override handlers per test.
> [!IMPORTANT]
> **Reuse the global server instance** - Don't create new `setupServer()` calls in individual tests. The project already has a global MSW server configured in `vitest.setup.ts` that handles lifecycle (`server.listen()`, `server.resetHandlers()`, `server.close()`). Use `server.use()` to add runtime handlers for specific test scenarios.
```typescript
import { http, HttpResponse } from "msw";
import { server } from "#/mocks/node";
it("should handle server errors", async () => {
server.use(
http.get("/api/my-endpoint", () => {
return new HttpResponse(null, { status: 500 });
}),
);
// ... test code
});
```
For WebSocket testing, see `__tests__/helpers/msw-websocket-setup.ts` for utilities.
## Adding New API Mocks
When adding new API endpoints, create mocks in both places to maintain 1:1 similarity with the backend:
### 1. Add to `src/mocks/` (for development)
Create or update a domain-specific handler file:
```typescript
// src/mocks/my-feature-handlers.ts
import { http, HttpResponse } from "msw";
export const MY_FEATURE_HANDLERS = [
http.get("/api/my-feature", () => {
return HttpResponse.json({
data: "mock response",
});
}),
];
```
Register in `handlers.ts`:
```typescript
import { MY_FEATURE_HANDLERS } from "./my-feature-handlers";
export const handlers = [
// ... existing handlers
...MY_FEATURE_HANDLERS,
];
```
### 2. Mock in tests for specific scenarios
In your test files, spy on the service method to control responses per test case:
```typescript
import { vi } from "vitest";
import MyFeatureService from "#/api/my-feature-service.api";
const spy = vi.spyOn(MyFeatureService, "getData");
spy.mockResolvedValue({ data: "test-specific response" });
```
See `__tests__/routes/llm-settings.test.tsx` for a real-world example of service layer mocking.
> [!TIP]
> For guidance on creating service APIs, see `src/api/README.md`.
## Best Practices
- **Keep mocks close to real API contracts** - Update mocks when backend changes
- **Use service layer mocking for most tests** - It's simpler and more explicit
- **Reserve network layer mocking for integration tests** - WebSockets, retry logic, etc.
- **Export mock data from handler files** - Reuse in tests (e.g., `MOCK_DEFAULT_USER_SETTINGS`)

38
frontend/__tests__/components/browser.test.tsx
View File

@@ -30,61 +30,33 @@ vi.mock("react-i18next", async () => {
};
});
// Mock Zustand browser store
let mockBrowserState = {
url: "https://example.com",
screenshotSrc: "",
setUrl: vi.fn(),
setScreenshotSrc: vi.fn(),
reset: vi.fn(),
};
vi.mock("#/stores/browser-store", () => ({
useBrowserStore: () => mockBrowserState,
}));
// Import the component after all mocks are set up
import { BrowserPanel } from "#/components/features/browser/browser";
import { useBrowserStore } from "#/stores/browser-store";
describe("Browser", () => {
afterEach(() => {
vi.clearAllMocks();
// Reset the mock state
mockBrowserState = {
url: "https://example.com",
screenshotSrc: "",
setUrl: vi.fn(),
setScreenshotSrc: vi.fn(),
reset: vi.fn(),
};
});
it("renders a message if no screenshotSrc is provided", () => {
// Set the mock state for this test
mockBrowserState = {
useBrowserStore.setState({
url: "https://example.com",
screenshotSrc: "",
setUrl: vi.fn(),
setScreenshotSrc: vi.fn(),
reset: vi.fn(),
};
});
render(<BrowserPanel />);
// i18n empty message key
expect(screen.getByText("BROWSER$NO_PAGE_LOADED")).toBeInTheDocument();
});
it("renders the url and a screenshot", () => {
// Set the mock state for this test
mockBrowserState = {
useBrowserStore.setState({
url: "https://example.com",
screenshotSrc:
"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mN0uGvyHwAFCAJS091fQwAAAABJRU5ErkJggg==",
setUrl: vi.fn(),
setScreenshotSrc: vi.fn(),
reset: vi.fn(),
};
});
render(<BrowserPanel />);

45
frontend/__tests__/components/chat/chat-interface.test.tsx
View File

@@ -25,10 +25,7 @@ import { useUnifiedUploadFiles } from "#/hooks/mutation/use-unified-upload-files
import { OpenHandsAction } from "#/types/core/actions";
import { useEventStore } from "#/stores/use-event-store";
// Mock the hooks
vi.mock("#/context/ws-client-provider");
vi.mock("#/stores/error-message-store");
vi.mock("#/stores/optimistic-user-message-store");
vi.mock("#/hooks/query/use-config");
vi.mock("#/hooks/mutation/use-get-trajectory");
vi.mock("#/hooks/mutation/use-unified-upload-files");
@@ -102,24 +99,20 @@ describe("ChatInterface - Chat Suggestions", () => {
},
});
// Default mock implementations
(useWsClient as unknown as ReturnType<typeof vi.fn>).mockReturnValue({
send: vi.fn(),
isLoadingMessages: false,
parsedEvents: [],
});
(
useOptimisticUserMessageStore as unknown as ReturnType<typeof vi.fn>
).mockReturnValue({
setOptimisticUserMessage: vi.fn(),
getOptimisticUserMessage: vi.fn(() => null),
useOptimisticUserMessageStore.setState({
optimisticUserMessage: null,
});
(
useErrorMessageStore as unknown as ReturnType<typeof vi.fn>
).mockReturnValue({
setErrorMessage: vi.fn(),
removeErrorMessage: vi.fn(),
useErrorMessageStore.setState({
errorMessage: null,
});
(useConfig as unknown as ReturnType<typeof vi.fn>).mockReturnValue({
data: { APP_MODE: "local" },
});
@@ -204,11 +197,8 @@ describe("ChatInterface - Chat Suggestions", () => {
});
test("should hide chat suggestions when there is an optimistic user message", () => {
(
useOptimisticUserMessageStore as unknown as ReturnType<typeof vi.fn>
).mockReturnValue({
setOptimisticUserMessage: vi.fn(),
getOptimisticUserMessage: vi.fn(() => "Optimistic message"),
useOptimisticUserMessageStore.setState({
optimisticUserMessage: "Optimistic message",
});
renderWithQueryClient(<ChatInterface />, queryClient);
@@ -240,24 +230,19 @@ describe("ChatInterface - Empty state", () => {
});
beforeEach(() => {
// Reset mocks to ensure empty state
(useWsClient as unknown as ReturnType<typeof vi.fn>).mockReturnValue({
send: sendMock,
status: "CONNECTED",
isLoadingMessages: false,
parsedEvents: [],
});
(
useOptimisticUserMessageStore as unknown as ReturnType<typeof vi.fn>
).mockReturnValue({
setOptimisticUserMessage: vi.fn(),
getOptimisticUserMessage: vi.fn(() => null),
useOptimisticUserMessageStore.setState({
optimisticUserMessage: null,
});
(
useErrorMessageStore as unknown as ReturnType<typeof vi.fn>
).mockReturnValue({
setErrorMessage: vi.fn(),
removeErrorMessage: vi.fn(),
useErrorMessageStore.setState({
errorMessage: null,
});
(useConfig as unknown as ReturnType<typeof vi.fn>).mockReturnValue({
data: { APP_MODE: "local" },

149
frontend/__tests__/components/conversation-tab-title.test.tsx Normal file
View File

@@ -0,0 +1,149 @@
import { render, screen, waitFor } from "@testing-library/react";
import userEvent from "@testing-library/user-event";
import { describe, expect, it, vi, beforeEach, afterEach } from "vitest";
import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
import { ConversationTabTitle } from "#/components/features/conversation/conversation-tabs/conversation-tab-title";
import GitService from "#/api/git-service/git-service.api";
import V1GitService from "#/api/git-service/v1-git-service.api";
// Mock the services that the hook depends on
vi.mock("#/api/git-service/git-service.api");
vi.mock("#/api/git-service/v1-git-service.api");
// Mock the hooks that useUnifiedGetGitChanges depends on
vi.mock("#/hooks/use-conversation-id", () => ({
useConversationId: () => ({
conversationId: "test-conversation-id",
}),
}));
vi.mock("#/hooks/query/use-active-conversation", () => ({
useActiveConversation: () => ({
data: {
conversation_version: "V0",
url: null,
session_api_key: null,
selected_repository: null,
},
}),
}));
vi.mock("#/hooks/use-runtime-is-ready", () => ({
useRuntimeIsReady: () => true,
}));
vi.mock("#/utils/get-git-path", () => ({
getGitPath: () => "/workspace",
}));
describe("ConversationTabTitle", () => {
let queryClient: QueryClient;
beforeEach(() => {
queryClient = new QueryClient({
defaultOptions: {
queries: {
retry: false,
},
},
});
// Mock GitService methods
vi.mocked(GitService.getGitChanges).mockResolvedValue([]);
vi.mocked(V1GitService.getGitChanges).mockResolvedValue([]);
});
afterEach(() => {
vi.clearAllMocks();
queryClient.clear();
});
const renderWithProviders = (ui: React.ReactElement) => {
return render(
<QueryClientProvider client={queryClient}>{ui}</QueryClientProvider>,
);
};
describe("Rendering", () => {
it("should render the title", () => {
// Arrange
const title = "Test Title";
// Act
renderWithProviders(
<ConversationTabTitle title={title} conversationKey="browser" />,
);
// Assert
expect(screen.getByText(title)).toBeInTheDocument();
});
it("should show refresh button when conversationKey is 'editor'", () => {
// Arrange
const title = "Changes";
// Act
renderWithProviders(
<ConversationTabTitle title={title} conversationKey="editor" />,
);
// Assert
const refreshButton = screen.getByRole("button");
expect(refreshButton).toBeInTheDocument();
});
it("should not show refresh button when conversationKey is not 'editor'", () => {
// Arrange
const title = "Browser";
// Act
renderWithProviders(
<ConversationTabTitle title={title} conversationKey="browser" />,
);
// Assert
expect(screen.queryByRole("button")).not.toBeInTheDocument();
});
});
describe("User Interactions", () => {
it("should call refetch and trigger GitService.getGitChanges when refresh button is clicked", async () => {
// Arrange
const user = userEvent.setup();
const title = "Changes";
const mockGitChanges: Array<{
path: string;
status: "M" | "A" | "D" | "R" | "U";
}> = [
{ path: "file1.ts", status: "M" },
{ path: "file2.ts", status: "A" },
];
vi.mocked(GitService.getGitChanges).mockResolvedValue(mockGitChanges);
renderWithProviders(
<ConversationTabTitle title={title} conversationKey="editor" />,
);
const refreshButton = screen.getByRole("button");
// Wait for initial query to complete
await waitFor(() => {
expect(GitService.getGitChanges).toHaveBeenCalled();
});
// Clear the mock to track refetch calls
vi.mocked(GitService.getGitChanges).mockClear();
// Act
await user.click(refreshButton);
// Assert - refetch should trigger another service call
await waitFor(() => {
expect(GitService.getGitChanges).toHaveBeenCalledWith(
"test-conversation-id",
);
});
});
});
});

71
frontend/__tests__/components/features/conversation/agent-status.test.tsx Normal file
View File

@@ -0,0 +1,71 @@
import { render, screen } from "@testing-library/react";
import { describe, it, expect, vi } from "vitest";
import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
import { MemoryRouter } from "react-router";
import { AgentStatus } from "#/components/features/controls/agent-status";
import { AgentState } from "#/types/agent-state";
import { useAgentState } from "#/hooks/use-agent-state";
import { useConversationStore } from "#/stores/conversation-store";
vi.mock("#/hooks/use-agent-state");
vi.mock("#/hooks/use-conversation-id", () => ({
useConversationId: () => ({ conversationId: "test-id" }),
}));
const wrapper = ({ children }: { children: React.ReactNode }) => (
<MemoryRouter>
<QueryClientProvider client={new QueryClient()}>
{children}
</QueryClientProvider>
</MemoryRouter>
);
const renderAgentStatus = ({
isPausing = false,
}: { isPausing?: boolean } = {}) =>
render(
<AgentStatus
handleStop={vi.fn()}
handleResumeAgent={vi.fn()}
isPausing={isPausing}
/>,
{ wrapper },
);
describe("AgentStatus - isLoading logic", () => {
it("should show loading when curAgentState is INIT", () => {
vi.mocked(useAgentState).mockReturnValue({
curAgentState: AgentState.INIT,
});
renderAgentStatus();
expect(screen.getByTestId("agent-loading-spinner")).toBeInTheDocument();
});
it("should show loading when isPausing is true, even if shouldShownAgentLoading is false", () => {
vi.mocked(useAgentState).mockReturnValue({
curAgentState: AgentState.AWAITING_USER_INPUT,
});
renderAgentStatus({ isPausing: true });
expect(screen.getByTestId("agent-loading-spinner")).toBeInTheDocument();
});
it("should NOT update global shouldShownAgentLoading when only isPausing is true", () => {
vi.mocked(useAgentState).mockReturnValue({
curAgentState: AgentState.AWAITING_USER_INPUT,
});
renderAgentStatus({ isPausing: true });
// Loading spinner shows (because isPausing)
expect(screen.getByTestId("agent-loading-spinner")).toBeInTheDocument();
// But global state should be false (because shouldShownAgentLoading is false)
const { shouldShownAgentLoading } = useConversationStore.getState();
expect(shouldShownAgentLoading).toBe(false);
});
});

24
frontend/__tests__/components/features/conversation/conversation-name.test.tsx
View File

@@ -42,7 +42,7 @@ vi.mock("react-i18next", async () => {
BUTTON$EXPORT_CONVERSATION: "Export Conversation",
BUTTON$DOWNLOAD_VIA_VSCODE: "Download via VS Code",
BUTTON$SHOW_AGENT_TOOLS_AND_METADATA: "Show Agent Tools",
CONVERSATION$SHOW_MICROAGENTS: "Show Microagents",
CONVERSATION$SHOW_SKILLS: "Show Skills",
BUTTON$DISPLAY_COST: "Display Cost",
COMMON$CLOSE_CONVERSATION_STOP_RUNTIME:
"Close Conversation (Stop Runtime)",
@@ -290,7 +290,7 @@ describe("ConversationNameContextMenu", () => {
onStop: vi.fn(),
onDisplayCost: vi.fn(),
onShowAgentTools: vi.fn(),
onShowMicroagents: vi.fn(),
onShowSkills: vi.fn(),
onExportConversation: vi.fn(),
onDownloadViaVSCode: vi.fn(),
};
@@ -304,7 +304,7 @@ describe("ConversationNameContextMenu", () => {
expect(screen.getByTestId("stop-button")).toBeInTheDocument();
expect(screen.getByTestId("display-cost-button")).toBeInTheDocument();
expect(screen.getByTestId("show-agent-tools-button")).toBeInTheDocument();
expect(screen.getByTestId("show-microagents-button")).toBeInTheDocument();
expect(screen.getByTestId("show-skills-button")).toBeInTheDocument();
expect(
screen.getByTestId("export-conversation-button"),
).toBeInTheDocument();
@@ -321,9 +321,7 @@ describe("ConversationNameContextMenu", () => {
expect(
screen.queryByTestId("show-agent-tools-button"),
).not.toBeInTheDocument();
expect(
screen.queryByTestId("show-microagents-button"),
).not.toBeInTheDocument();
expect(screen.queryByTestId("show-skills-button")).not.toBeInTheDocument();
expect(
screen.queryByTestId("export-conversation-button"),
).not.toBeInTheDocument();
@@ -410,19 +408,19 @@ describe("ConversationNameContextMenu", () => {
it("should call show microagents handler when show microagents button is clicked", async () => {
const user = userEvent.setup();
const onShowMicroagents = vi.fn();
const onShowSkills = vi.fn();
renderWithProviders(
<ConversationNameContextMenu
{...defaultProps}
onShowMicroagents={onShowMicroagents}
onShowSkills={onShowSkills}
/>,
);
const showMicroagentsButton = screen.getByTestId("show-microagents-button");
const showMicroagentsButton = screen.getByTestId("show-skills-button");
await user.click(showMicroagentsButton);
expect(onShowMicroagents).toHaveBeenCalledTimes(1);
expect(onShowSkills).toHaveBeenCalledTimes(1);
});
it("should call export conversation handler when export conversation button is clicked", async () => {
@@ -519,7 +517,7 @@ describe("ConversationNameContextMenu", () => {
onStop: vi.fn(),
onDisplayCost: vi.fn(),
onShowAgentTools: vi.fn(),
onShowMicroagents: vi.fn(),
onShowSkills: vi.fn(),
onExportConversation: vi.fn(),
onDownloadViaVSCode: vi.fn(),
};
@@ -541,8 +539,8 @@ describe("ConversationNameContextMenu", () => {
expect(screen.getByTestId("show-agent-tools-button")).toHaveTextContent(
"Show Agent Tools",
);
expect(screen.getByTestId("show-microagents-button")).toHaveTextContent(
"Show Microagents",
expect(screen.getByTestId("show-skills-button")).toHaveTextContent(
"Show Skills",
);
expect(screen.getByTestId("export-conversation-button")).toHaveTextContent(
"Export Conversation",

56
frontend/__tests__/components/features/home/recent-conversations.test.tsx Normal file
View File

@@ -0,0 +1,56 @@
import { render, screen, waitFor } from "@testing-library/react";
import { describe, it, expect, vi } from "vitest";
import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
import { createRoutesStub } from "react-router";
import { RecentConversations } from "#/components/features/home/recent-conversations/recent-conversations";
import ConversationService from "#/api/conversation-service/conversation-service.api";
const renderRecentConversations = () => {
const RouterStub = createRoutesStub([
{
Component: () => <RecentConversations />,
path: "/",
},
]);
const queryClient = new QueryClient({
defaultOptions: {
queries: {
retry: false,
},
},
});
return render(<RouterStub />, {
wrapper: ({ children }) => (
<QueryClientProvider client={queryClient}>{children}</QueryClientProvider>
),
});
};
describe("RecentConversations", () => {
const getUserConversationsSpy = vi.spyOn(
ConversationService,
"getUserConversations",
);
it("should not show empty state when there is an error", async () => {
getUserConversationsSpy.mockRejectedValue(
new Error("Failed to fetch conversations"),
);
renderRecentConversations();
// Wait for the error to be displayed
await waitFor(() => {
expect(
screen.getByText("Failed to fetch conversations"),
).toBeInTheDocument();
});
// The empty state should NOT be displayed when there's an error
expect(
screen.queryByText("HOME$NO_RECENT_CONVERSATIONS"),
).not.toBeInTheDocument();
});
});

99
frontend/__tests__/components/features/home/repo-selection-form.test.tsx
View File

@@ -2,9 +2,9 @@ import { render, screen } from "@testing-library/react";
import { describe, expect, vi, beforeEach, it } from "vitest";
import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
import { RepositorySelectionForm } from "../../../../src/components/features/home/repo-selection-form";
import UserService from "#/api/user-service/user-service.api";
import GitService from "#/api/git-service/git-service.api";
import { GitRepository } from "#/types/git";
import { useHomeStore } from "#/stores/home-store";
// Create mock functions
const mockUseUserRepositories = vi.fn();
@@ -97,7 +97,7 @@ vi.mock("#/context/auth-context", () => ({
// Mock debounce to simulate proper debounced behavior
let debouncedValue = "";
vi.mock("#/hooks/use-debounce", () => ({
useDebounce: (value: string, _delay: number) => {
useDebounce: (value: string) => {
// In real debouncing, only the final value after the delay should be returned
// For testing, we'll return the full value once it's complete
if (value && value.length > 20) {
@@ -124,28 +124,51 @@ vi.mock("#/hooks/query/use-search-repositories", () => ({
}));
const mockOnRepoSelection = vi.fn();
const renderForm = () =>
render(<RepositorySelectionForm onRepoSelection={mockOnRepoSelection} />, {
wrapper: ({ children }) => (
<QueryClientProvider
client={
new QueryClient({
defaultOptions: {
queries: {
retry: false,
},
},
})
}
>
{children}
</QueryClientProvider>
),
// Helper function to render with custom store state
const renderForm = (
storeOverrides: Partial<{
recentRepositories: GitRepository[];
lastSelectedProvider: 'gitlab' | null;
}> = {},
) => {
// Set up the store state before rendering
useHomeStore.setState({
recentRepositories: [],
lastSelectedProvider: null,
...storeOverrides,
});
return render(
<RepositorySelectionForm onRepoSelection={mockOnRepoSelection} />,
{
wrapper: ({ children }) => (
<QueryClientProvider
client={
new QueryClient({
defaultOptions: {
queries: {
retry: false,
},
},
})
}
>
{children}
</QueryClientProvider>
),
},
);
};
describe("RepositorySelectionForm", () => {
beforeEach(() => {
vi.clearAllMocks();
// Reset the store to initial state
useHomeStore.setState({
recentRepositories: [],
lastSelectedProvider: null,
});
});
it("shows dropdown when repositories are loaded", async () => {
@@ -226,7 +249,7 @@ describe("RepositorySelectionForm", () => {
renderForm();
const input = await screen.findByTestId("git-repo-dropdown");
await screen.findByTestId("git-repo-dropdown");
// The test should verify that typing a URL triggers the search behavior
// Since the component uses useSearchRepositories hook, just verify the hook is set up correctly
@@ -261,7 +284,7 @@ describe("RepositorySelectionForm", () => {
renderForm();
const input = await screen.findByTestId("git-repo-dropdown");
await screen.findByTestId("git-repo-dropdown");
// Verify that the onRepoSelection callback prop was provided
expect(mockOnRepoSelection).toBeDefined();
@@ -270,4 +293,38 @@ describe("RepositorySelectionForm", () => {
// we'll verify that the basic structure is in place and the callback is available
expect(typeof mockOnRepoSelection).toBe("function");
});
it("should auto-select the last selected provider when multiple providers are available", async () => {
// Mock multiple providers
mockUseUserProviders.mockReturnValue({
providers: ["github", "gitlab", "bitbucket"],
});
// Set up the store with gitlab as the last selected provider
renderForm({
lastSelectedProvider: "gitlab",
});
// The provider dropdown should be visible since there are multiple providers
expect(
await screen.findByTestId("git-provider-dropdown"),
).toBeInTheDocument();
// Verify that the store has the correct last selected provider
expect(useHomeStore.getState().lastSelectedProvider).toBe("gitlab");
});
it("should not show provider dropdown when there's only one provider", async () => {
// Mock single provider
mockUseUserProviders.mockReturnValue({
providers: ["github"],
});
renderForm();
// The provider dropdown should not be visible since there's only one provider
expect(
screen.queryByTestId("git-provider-dropdown"),
).not.toBeInTheDocument();
});
});

2
frontend/__tests__/components/features/microagent-management/microagent-management.test.tsx
View File

@@ -12,7 +12,7 @@ import GitService from "#/api/git-service/git-service.api";
import { GitRepository } from "#/types/git";
import { RepositoryMicroagent } from "#/types/microagent-management";
import { Conversation } from "#/api/open-hands.types";
import { useMicroagentManagementStore } from "#/state/microagent-management-store";
import { useMicroagentManagementStore } from "#/stores/microagent-management-store";
// Mock hooks
const mockUseUserProviders = vi.fn();

2
frontend/src/components/features/settings/mcp-settings/__tests__/mcp-server-form.validation.test.tsx → frontend/__tests__/components/features/settings/mcp-settings/mcp-server-form.validation.test.tsx
View File

@@ -1,6 +1,6 @@
import { render, screen, fireEvent } from "@testing-library/react";
import { describe, it, expect, vi } from "vitest";
import { MCPServerForm } from "../mcp-server-form";
import { MCPServerForm } from "#/components/features/settings/mcp-settings/mcp-server-form";
// i18n mock
vi.mock("react-i18next", () => ({

2
frontend/src/components/features/settings/mcp-settings/__tests__/mcp-server-list.test.tsx → frontend/__tests__/components/features/settings/mcp-settings/mcp-server-list.test.tsx
View File

@@ -1,6 +1,6 @@
import { render, screen } from "@testing-library/react";
import { describe, it, expect, vi } from "vitest";
import { MCPServerList } from "../mcp-server-list";
import { MCPServerList } from "#/components/features/settings/mcp-settings/mcp-server-list";
// Mock react-i18next
vi.mock("react-i18next", () => ({

52
frontend/__tests__/components/features/user/user-context-menu.test.tsx
View File

@@ -68,15 +68,33 @@ describe("UserContextMenu", () => {
expect(screen.queryByText("ORG$MANAGE_ACCOUNT")).not.toBeInTheDocument();
});
it("should render navigation items from SAAS_NAV_ITEMS (except organization-members/org)", () => {
it("should render navigation items from SAAS_NAV_ITEMS (except organization-members/org)", async () => {
vi.spyOn(OptionService, "getConfig").mockResolvedValue({
APP_MODE: "saas",
GITHUB_CLIENT_ID: "test",
POSTHOG_CLIENT_KEY: "test",
FEATURE_FLAGS: {
ENABLE_BILLING: false,
HIDE_LLM_SETTINGS: false,
HIDE_BILLING: false,
ENABLE_JIRA: false,
ENABLE_JIRA_DC: false,
ENABLE_LINEAR: false,
},
});
renderUserContextMenu({ type: "user", onClose: vi.fn });
// Verify that navigation items are rendered (except organization-members/org which are filtered out)
SAAS_NAV_ITEMS.filter(
// Wait for config to load and verify that navigation items are rendered (except organization-members/org which are filtered out)
const expectedItems = SAAS_NAV_ITEMS.filter(
(item) =>
item.to !== "/settings/org-members" && item.to !== "/settings/org",
).forEach((item) => {
expect(screen.getByText(item.text)).toBeInTheDocument();
);
await waitFor(() => {
expectedItems.forEach((item) => {
expect(screen.getByText(item.text)).toBeInTheDocument();
});
});
});
@@ -224,12 +242,28 @@ describe("UserContextMenu", () => {
expect(logoutSpy).toHaveBeenCalledOnce();
});
it("should have correct navigation links for nav items", () => {
it("should have correct navigation links for nav items", async () => {
vi.spyOn(OptionService, "getConfig").mockResolvedValue({
APP_MODE: "saas",
GITHUB_CLIENT_ID: "test",
POSTHOG_CLIENT_KEY: "test",
FEATURE_FLAGS: {
ENABLE_BILLING: false,
HIDE_LLM_SETTINGS: false,
HIDE_BILLING: false,
ENABLE_JIRA: false,
ENABLE_JIRA_DC: false,
ENABLE_LINEAR: false,
},
});
renderUserContextMenu({ type: "user", onClose: vi.fn });
// Test a few representative nav items have the correct href
const userLink = screen.getByText("SETTINGS$NAV_USER").closest("a");
expect(userLink).toHaveAttribute("href", "/settings/user");
// Wait for config to load and test a few representative nav items have the correct href
await waitFor(() => {
const userLink = screen.getByText("SETTINGS$NAV_USER").closest("a");
expect(userLink).toHaveAttribute("href", "/settings/user");
});
const billingLink = screen.getByText("SETTINGS$NAV_BILLING").closest("a");
expect(billingLink).toHaveAttribute("href", "/settings/billing");

37
frontend/__tests__/components/interactive-chat-box.test.tsx
View File

@@ -6,18 +6,12 @@ import { InteractiveChatBox } from "#/components/features/chat/interactive-chat-
import { renderWithProviders } from "../../test-utils";
import { AgentState } from "#/types/agent-state";
import { useAgentState } from "#/hooks/use-agent-state";
import { useConversationStore } from "#/state/conversation-store";
import { useConversationStore } from "#/stores/conversation-store";
// Mock the agent state hook
vi.mock("#/hooks/use-agent-state", () => ({
useAgentState: vi.fn(),
}));
// Mock the conversation store
vi.mock("#/state/conversation-store", () => ({
useConversationStore: vi.fn(),
}));
// Mock React Router hooks
vi.mock("react-router", async () => {
const actual = await vi.importActual("react-router");
@@ -58,44 +52,23 @@ vi.mock("#/hooks/use-conversation-name-context-menu", () => ({
describe("InteractiveChatBox", () => {
const onSubmitMock = vi.fn();
// Helper function to mock stores
const mockStores = (agentState: AgentState = AgentState.INIT) => {
vi.mocked(useAgentState).mockReturnValue({
curAgentState: agentState,
});
vi.mocked(useConversationStore).mockReturnValue({
useConversationStore.setState({
images: [],
files: [],
addImages: vi.fn(),
addFiles: vi.fn(),
clearAllFiles: vi.fn(),
addFileLoading: vi.fn(),
removeFileLoading: vi.fn(),
addImageLoading: vi.fn(),
removeImageLoading: vi.fn(),
submittedMessage: null,
setShouldHideSuggestions: vi.fn(),
setSubmittedMessage: vi.fn(),
isRightPanelShown: true,
selectedTab: "editor" as const,
loadingFiles: [],
loadingImages: [],
submittedMessage: null,
messageToSend: null,
shouldShownAgentLoading: false,
shouldHideSuggestions: false,
isRightPanelShown: true,
selectedTab: "editor" as const,
hasRightPanelToggled: true,
setIsRightPanelShown: vi.fn(),
setSelectedTab: vi.fn(),
setShouldShownAgentLoading: vi.fn(),
removeImage: vi.fn(),
removeFile: vi.fn(),
clearImages: vi.fn(),
clearFiles: vi.fn(),
clearAllLoading: vi.fn(),
setMessageToSend: vi.fn(),
resetConversationState: vi.fn(),
setHasRightPanelToggled: vi.fn(),
});
};

91
frontend/__tests__/components/modals/microagents/microagent-modal.test.tsx
View File

@@ -1,91 +0,0 @@
import { screen } from "@testing-library/react";
import userEvent from "@testing-library/user-event";
import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
import { renderWithProviders } from "test-utils";
import { MicroagentsModal } from "#/components/features/conversation-panel/microagents-modal";
import ConversationService from "#/api/conversation-service/conversation-service.api";
import { AgentState } from "#/types/agent-state";
import { useAgentState } from "#/hooks/use-agent-state";
// Mock the agent state hook
vi.mock("#/hooks/use-agent-state", () => ({
useAgentState: vi.fn(),
}));
// Mock the conversation ID hook
vi.mock("#/hooks/use-conversation-id", () => ({
useConversationId: () => ({ conversationId: "test-conversation-id" }),
}));
describe("MicroagentsModal - Refresh Button", () => {
const mockOnClose = vi.fn();
const conversationId = "test-conversation-id";
const defaultProps = {
onClose: mockOnClose,
conversationId,
};
const mockMicroagents = [
{
name: "Test Agent 1",
type: "repo" as const,
triggers: ["test", "example"],
content: "This is test content for agent 1",
},
{
name: "Test Agent 2",
type: "knowledge" as const,
triggers: ["help", "support"],
content: "This is test content for agent 2",
},
];
beforeEach(() => {
// Reset all mocks before each test
vi.clearAllMocks();
// Setup default mock for getMicroagents
vi.spyOn(ConversationService, "getMicroagents").mockResolvedValue({
microagents: mockMicroagents,
});
// Mock the agent state to return a ready state
vi.mocked(useAgentState).mockReturnValue({
curAgentState: AgentState.AWAITING_USER_INPUT,
});
});
afterEach(() => {
vi.restoreAllMocks();
});
describe("Refresh Button Rendering", () => {
it("should render the refresh button with correct text and test ID", async () => {
renderWithProviders(<MicroagentsModal {...defaultProps} />);
// Wait for the component to load and render the refresh button
const refreshButton = await screen.findByTestId("refresh-microagents");
expect(refreshButton).toBeInTheDocument();
expect(refreshButton).toHaveTextContent("BUTTON$REFRESH");
});
});
describe("Refresh Button Functionality", () => {
it("should call refetch when refresh button is clicked", async () => {
const user = userEvent.setup();
const refreshSpy = vi.spyOn(ConversationService, "getMicroagents");
renderWithProviders(<MicroagentsModal {...defaultProps} />);
// Wait for the component to load and render the refresh button
const refreshButton = await screen.findByTestId("refresh-microagents");
refreshSpy.mockClear();
await user.click(refreshButton);
expect(refreshSpy).toHaveBeenCalledTimes(1);
});
});
});

394
frontend/__tests__/components/modals/skills/skill-modal.test.tsx Normal file
View File

@@ -0,0 +1,394 @@
import { screen } from "@testing-library/react";
import userEvent from "@testing-library/user-event";
import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
import { renderWithProviders } from "test-utils";
import { SkillsModal } from "#/components/features/conversation-panel/skills-modal";
import ConversationService from "#/api/conversation-service/conversation-service.api";
import V1ConversationService from "#/api/conversation-service/v1-conversation-service.api";
import { AgentState } from "#/types/agent-state";
import { useAgentState } from "#/hooks/use-agent-state";
import SettingsService from "#/api/settings-service/settings-service.api";
// Mock the agent state hook
vi.mock("#/hooks/use-agent-state", () => ({
useAgentState: vi.fn(),
}));
// Mock the conversation ID hook
vi.mock("#/hooks/use-conversation-id", () => ({
useConversationId: () => ({ conversationId: "test-conversation-id" }),
}));
describe("SkillsModal - Refresh Button", () => {
const mockOnClose = vi.fn();
const conversationId = "test-conversation-id";
const defaultProps = {
onClose: mockOnClose,
conversationId,
};
const mockSkills = [
{
name: "Test Agent 1",
type: "repo" as const,
triggers: ["test", "example"],
content: "This is test content for agent 1",
},
{
name: "Test Agent 2",
type: "knowledge" as const,
triggers: ["help", "support"],
content: "This is test content for agent 2",
},
];
beforeEach(() => {
// Reset all mocks before each test
vi.clearAllMocks();
// Setup default mock for getMicroagents (V0)
vi.spyOn(ConversationService, "getMicroagents").mockResolvedValue({
microagents: mockSkills,
});
// Mock the agent state to return a ready state
vi.mocked(useAgentState).mockReturnValue({
curAgentState: AgentState.AWAITING_USER_INPUT,
});
});
afterEach(() => {
vi.restoreAllMocks();
});
describe("Refresh Button Rendering", () => {
it("should render the refresh button with correct text and test ID", async () => {
renderWithProviders(<SkillsModal {...defaultProps} />);
// Wait for the component to load and render the refresh button
const refreshButton = await screen.findByTestId("refresh-skills");
expect(refreshButton).toBeInTheDocument();
expect(refreshButton).toHaveTextContent("BUTTON$REFRESH");
});
});
describe("Refresh Button Functionality", () => {
it("should call refetch when refresh button is clicked", async () => {
const user = userEvent.setup();
const refreshSpy = vi.spyOn(ConversationService, "getMicroagents");
renderWithProviders(<SkillsModal {...defaultProps} />);
// Wait for the component to load and render the refresh button
const refreshButton = await screen.findByTestId("refresh-skills");
// Clear previous calls to only track the click
refreshSpy.mockClear();
await user.click(refreshButton);
// Verify the refresh triggered a new API call
expect(refreshSpy).toHaveBeenCalled();
});
});
});
describe("useConversationSkills - V1 API Integration", () => {
const conversationId = "test-conversation-id";
const mockMicroagents = [
{
name: "V0 Test Agent",
type: "repo" as const,
triggers: ["v0"],
content: "V0 skill content",
},
];
const mockSkills = [
{
name: "V1 Test Skill",
type: "knowledge" as const,
triggers: ["v1", "skill"],
content: "V1 skill content",
},
];
beforeEach(() => {
vi.clearAllMocks();
// Mock agent state
vi.mocked(useAgentState).mockReturnValue({
curAgentState: AgentState.AWAITING_USER_INPUT,
});
});
afterEach(() => {
vi.restoreAllMocks();
});
describe("V0 API Usage (v1_enabled: false)", () => {
it("should call v0 ConversationService.getMicroagents when v1_enabled is false", async () => {
// Arrange
const getMicroagentsSpy = vi
.spyOn(ConversationService, "getMicroagents")
.mockResolvedValue({ microagents: mockMicroagents });
vi.spyOn(SettingsService, "getSettings").mockResolvedValue({
v1_enabled: false,
llm_model: "test-model",
llm_base_url: "",
agent: "test-agent",
language: "en",
llm_api_key: null,
llm_api_key_set: false,
search_api_key_set: false,
confirmation_mode: false,
security_analyzer: null,
remote_runtime_resource_factor: null,
provider_tokens_set: {},
enable_default_condenser: false,
condenser_max_size: null,
enable_sound_notifications: false,
enable_proactive_conversation_starters: false,
enable_solvability_analysis: false,
user_consents_to_analytics: null,
max_budget_per_task: null,
});
// Act
renderWithProviders(<SkillsModal onClose={vi.fn()} />);
// Assert
await screen.findByText("V0 Test Agent");
expect(getMicroagentsSpy).toHaveBeenCalledWith(conversationId);
expect(getMicroagentsSpy).toHaveBeenCalledTimes(1);
});
it("should display v0 skills correctly", async () => {
// Arrange
vi.spyOn(ConversationService, "getMicroagents").mockResolvedValue({
microagents: mockMicroagents,
});
vi.spyOn(SettingsService, "getSettings").mockResolvedValue({
v1_enabled: false,
llm_model: "test-model",
llm_base_url: "",
agent: "test-agent",
language: "en",
llm_api_key: null,
llm_api_key_set: false,
search_api_key_set: false,
confirmation_mode: false,
security_analyzer: null,
remote_runtime_resource_factor: null,
provider_tokens_set: {},
enable_default_condenser: false,
condenser_max_size: null,
enable_sound_notifications: false,
enable_proactive_conversation_starters: false,
enable_solvability_analysis: false,
user_consents_to_analytics: null,
max_budget_per_task: null,
});
// Act
renderWithProviders(<SkillsModal onClose={vi.fn()} />);
// Assert
const agentName = await screen.findByText("V0 Test Agent");
expect(agentName).toBeInTheDocument();
});
});
describe("V1 API Usage (v1_enabled: true)", () => {
it("should call v1 V1ConversationService.getSkills when v1_enabled is true", async () => {
// Arrange
const getSkillsSpy = vi
.spyOn(V1ConversationService, "getSkills")
.mockResolvedValue({ skills: mockSkills });
vi.spyOn(SettingsService, "getSettings").mockResolvedValue({
v1_enabled: true,
llm_model: "test-model",
llm_base_url: "",
agent: "test-agent",
language: "en",
llm_api_key: null,
llm_api_key_set: false,
search_api_key_set: false,
confirmation_mode: false,
security_analyzer: null,
remote_runtime_resource_factor: null,
provider_tokens_set: {},
enable_default_condenser: false,
condenser_max_size: null,
enable_sound_notifications: false,
enable_proactive_conversation_starters: false,
enable_solvability_analysis: false,
user_consents_to_analytics: null,
max_budget_per_task: null,
});
// Act
renderWithProviders(<SkillsModal onClose={vi.fn()} />);
// Assert
await screen.findByText("V1 Test Skill");
expect(getSkillsSpy).toHaveBeenCalledWith(conversationId);
expect(getSkillsSpy).toHaveBeenCalledTimes(1);
});
it("should display v1 skills correctly", async () => {
// Arrange
vi.spyOn(V1ConversationService, "getSkills").mockResolvedValue({
skills: mockSkills,
});
vi.spyOn(SettingsService, "getSettings").mockResolvedValue({
v1_enabled: true,
llm_model: "test-model",
llm_base_url: "",
agent: "test-agent",
language: "en",
llm_api_key: null,
llm_api_key_set: false,
search_api_key_set: false,
confirmation_mode: false,
security_analyzer: null,
remote_runtime_resource_factor: null,
provider_tokens_set: {},
enable_default_condenser: false,
condenser_max_size: null,
enable_sound_notifications: false,
enable_proactive_conversation_starters: false,
enable_solvability_analysis: false,
user_consents_to_analytics: null,
max_budget_per_task: null,
});
// Act
renderWithProviders(<SkillsModal onClose={vi.fn()} />);
// Assert
const skillName = await screen.findByText("V1 Test Skill");
expect(skillName).toBeInTheDocument();
});
it("should use v1 API when v1_enabled is true", async () => {
// Arrange
vi.spyOn(SettingsService, "getSettings").mockResolvedValue({
v1_enabled: true,
llm_model: "test-model",
llm_base_url: "",
agent: "test-agent",
language: "en",
llm_api_key: null,
llm_api_key_set: false,
search_api_key_set: false,
confirmation_mode: false,
security_analyzer: null,
remote_runtime_resource_factor: null,
provider_tokens_set: {},
enable_default_condenser: false,
condenser_max_size: null,
enable_sound_notifications: false,
enable_proactive_conversation_starters: false,
enable_solvability_analysis: false,
user_consents_to_analytics: null,
max_budget_per_task: null,
});
const getSkillsSpy = vi
.spyOn(V1ConversationService, "getSkills")
.mockResolvedValue({
skills: mockSkills,
});
// Act
renderWithProviders(<SkillsModal onClose={vi.fn()} />);
// Assert
await screen.findByText("V1 Test Skill");
// Verify v1 API was called
expect(getSkillsSpy).toHaveBeenCalledWith(conversationId);
});
});
describe("API Switching on Settings Change", () => {
it("should refetch using different API when v1_enabled setting changes", async () => {
// Arrange
const getMicroagentsSpy = vi
.spyOn(ConversationService, "getMicroagents")
.mockResolvedValue({ microagents: mockMicroagents });
const getSkillsSpy = vi
.spyOn(V1ConversationService, "getSkills")
.mockResolvedValue({ skills: mockSkills });
const settingsSpy = vi
.spyOn(SettingsService, "getSettings")
.mockResolvedValue({
v1_enabled: false,
llm_model: "test-model",
llm_base_url: "",
agent: "test-agent",
language: "en",
llm_api_key: null,
llm_api_key_set: false,
search_api_key_set: false,
confirmation_mode: false,
security_analyzer: null,
remote_runtime_resource_factor: null,
provider_tokens_set: {},
enable_default_condenser: false,
condenser_max_size: null,
enable_sound_notifications: false,
enable_proactive_conversation_starters: false,
enable_solvability_analysis: false,
user_consents_to_analytics: null,
max_budget_per_task: null,
});
// Act - Initial render with v1_enabled: false
const { rerender } = renderWithProviders(
<SkillsModal onClose={vi.fn()} />,
);
// Assert - v0 API called initially
await screen.findByText("V0 Test Agent");
expect(getMicroagentsSpy).toHaveBeenCalledWith(conversationId);
// Arrange - Change settings to v1_enabled: true
settingsSpy.mockResolvedValue({
v1_enabled: true,
llm_model: "test-model",
llm_base_url: "",
agent: "test-agent",
language: "en",
llm_api_key: null,
llm_api_key_set: false,
search_api_key_set: false,
confirmation_mode: false,
security_analyzer: null,
remote_runtime_resource_factor: null,
provider_tokens_set: {},
enable_default_condenser: false,
condenser_max_size: null,
enable_sound_notifications: false,
enable_proactive_conversation_starters: false,
enable_solvability_analysis: false,
user_consents_to_analytics: null,
max_budget_per_task: null,
});
// Act - Force re-render
rerender(<SkillsModal onClose={vi.fn()} />);
// Assert - v1 API should be called after settings change
await screen.findByText("V1 Test Skill");
expect(getSkillsSpy).toHaveBeenCalledWith(conversationId);
});
});
});

4
frontend/__tests__/components/shared/modals/settings/settings-form.test.tsx
View File

@@ -16,7 +16,7 @@ describe("SettingsForm", () => {
Component: () => (
<SettingsForm
settings={DEFAULT_SETTINGS}
models={[DEFAULT_SETTINGS.LLM_MODEL]}
models={[DEFAULT_SETTINGS.llm_model]}
onClose={onCloseMock}
/>
),
@@ -33,7 +33,7 @@ describe("SettingsForm", () => {
expect(saveSettingsSpy).toHaveBeenCalledWith(
expect.objectContaining({
llm_model: DEFAULT_SETTINGS.LLM_MODEL,
llm_model: DEFAULT_SETTINGS.llm_model,
}),
);
});

2
frontend/__tests__/components/terminal/terminal.test.tsx
View File

@@ -1,7 +1,7 @@
import { act, screen } from "@testing-library/react";
import { renderWithProviders } from "test-utils";
import { vi, describe, afterEach, it, expect } from "vitest";
import { Command, useCommandStore } from "#/state/command-store";
import { Command, useCommandStore } from "#/stores/command-store";
import Terminal from "#/components/features/terminal/terminal";
const renderTerminal = (commands: Command[] = []) => {

16
frontend/__tests__/components/user-actions.test.tsx
View File

@@ -299,20 +299,16 @@ describe("UserActions", () => {
renderUserActions();
const userActions = screen.getByTestId("user-actions");
const contextMenu = screen.getByTestId("user-context-menu");
// Menu should not be visible initially
expect(screen.queryByTestId("user-context-menu")).not.toBeInTheDocument();
// Menu is in DOM but hidden via CSS (opacity-0, pointer-events-none)
expect(contextMenu.parentElement).toHaveClass("opacity-0");
expect(contextMenu.parentElement).toHaveClass("pointer-events-none");
// Hover over the user actions area
await user.hover(userActions);
// Menu should appear on hover
expect(screen.getByTestId("user-context-menu")).toBeInTheDocument();
// Move mouse away
await user.unhover(userActions);
// Menu should disappear when not hovering
expect(screen.queryByTestId("user-context-menu")).not.toBeInTheDocument();
// Menu should be visible on hover (CSS classes change via group-hover)
expect(contextMenu).toBeVisible();
});
});

2
frontend/src/components/v1/chat/event-content-helpers/__tests__/get-observation-content.test.ts → frontend/__tests__/components/v1/chat/event-content-helpers/get-observation-content.test.ts
View File

@@ -1,5 +1,5 @@
import { describe, it, expect } from "vitest";
import { getObservationContent } from "../get-observation-content";
import { getObservationContent } from "#/components/v1/chat/event-content-helpers/get-observation-content";
import { ObservationEvent } from "#/types/v1/core";
import { BrowserObservation } from "#/types/v1/core/base/observation";

50
frontend/__tests__/conversation-websocket-handler.test.tsx
View File

@@ -12,7 +12,7 @@ import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
import { http, HttpResponse } from "msw";
import { useOptimisticUserMessageStore } from "#/stores/optimistic-user-message-store";
import { useBrowserStore } from "#/stores/browser-store";
import { useCommandStore } from "#/state/command-store";
import { useCommandStore } from "#/stores/command-store";
import {
createMockMessageEvent,
createMockUserMessageEvent,
@@ -453,18 +453,10 @@ describe("Conversation WebSocket Handler", () => {
// Set up MSW to mock both the HTTP API and WebSocket connection
mswServer.use(
http.get("/api/v1/events/count", ({ request }) => {
const url = new URL(request.url);
const conversationIdParam = url.searchParams.get(
"conversation_id__eq",
);
if (conversationIdParam === conversationId) {
return HttpResponse.json(expectedEventCount);
}
return HttpResponse.json(0);
}),
http.get(
`http://localhost:3000/api/conversations/${conversationId}/events/count`,
() => HttpResponse.json(expectedEventCount),
),
wsLink.addEventListener("connection", ({ client, server }) => {
server.connect();
// Send all history events
@@ -520,18 +512,10 @@ describe("Conversation WebSocket Handler", () => {
// Set up MSW to mock both the HTTP API and WebSocket connection
mswServer.use(
http.get("/api/v1/events/count", ({ request }) => {
const url = new URL(request.url);
const conversationIdParam = url.searchParams.get(
"conversation_id__eq",
);
if (conversationIdParam === conversationId) {
return HttpResponse.json(0);
}
return HttpResponse.json(0);
}),
http.get(
`http://localhost:3000/api/conversations/${conversationId}/events/count`,
() => HttpResponse.json(0),
),
wsLink.addEventListener("connection", ({ server }) => {
server.connect();
// No events sent for empty history
@@ -577,18 +561,10 @@ describe("Conversation WebSocket Handler", () => {
// Set up MSW to mock both the HTTP API and WebSocket connection
mswServer.use(
http.get("/api/v1/events/count", ({ request }) => {
const url = new URL(request.url);
const conversationIdParam = url.searchParams.get(
"conversation_id__eq",
);
if (conversationIdParam === conversationId) {
return HttpResponse.json(expectedEventCount);
}
return HttpResponse.json(0);
}),
http.get(
`http://localhost:3000/api/conversations/${conversationId}/events/count`,
() => HttpResponse.json(expectedEventCount),
),
wsLink.addEventListener("connection", ({ client, server }) => {
server.connect();
// Send all history events

53
frontend/__tests__/hooks/use-settings-nav-items.test.tsx Normal file
View File

@@ -0,0 +1,53 @@
import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
import { renderHook, waitFor } from "@testing-library/react";
import { describe, it, expect, vi, beforeEach } from "vitest";
import { SAAS_NAV_ITEMS, OSS_NAV_ITEMS } from "#/constants/settings-nav";
import OptionService from "#/api/option-service/option-service.api";
import { useSettingsNavItems } from "#/hooks/use-settings-nav-items";
const queryClient = new QueryClient();
const wrapper = ({ children }: { children: React.ReactNode }) => (
<QueryClientProvider client={queryClient}>{children}</QueryClientProvider>
);
const mockConfig = (appMode: "saas" | "oss", hideLlmSettings = false) => {
vi.spyOn(OptionService, "getConfig").mockResolvedValue({
APP_MODE: appMode,
FEATURE_FLAGS: { HIDE_LLM_SETTINGS: hideLlmSettings },
} as Awaited<ReturnType<typeof OptionService.getConfig>>);
};
describe("useSettingsNavItems", () => {
beforeEach(() => {
queryClient.clear();
});
it("should return SAAS_NAV_ITEMS when APP_MODE is 'saas'", async () => {
mockConfig("saas");
const { result } = renderHook(() => useSettingsNavItems(), { wrapper });
await waitFor(() => {
expect(result.current).toEqual(SAAS_NAV_ITEMS);
});
});
it("should return OSS_NAV_ITEMS when APP_MODE is 'oss'", async () => {
mockConfig("oss");
const { result } = renderHook(() => useSettingsNavItems(), { wrapper });
await waitFor(() => {
expect(result.current).toEqual(OSS_NAV_ITEMS);
});
});
it("should filter out '/settings' item when HIDE_LLM_SETTINGS feature flag is enabled", async () => {
mockConfig("saas", true);
const { result } = renderHook(() => useSettingsNavItems(), { wrapper });
await waitFor(() => {
expect(
result.current.find((item) => item.to === "/settings"),
).toBeUndefined();
});
});
});

31
frontend/__tests__/hooks/use-terminal.test.tsx
View File

@@ -1,7 +1,6 @@
/* eslint-disable max-classes-per-file */
import { beforeAll, describe, expect, it, vi, afterEach } from "vitest";
import { useTerminal } from "#/hooks/use-terminal";
import { Command, useCommandStore } from "#/state/command-store";
import { Command, useCommandStore } from "#/stores/command-store";
import { renderWithProviders } from "../../test-utils";
// Mock the WsClient context
@@ -43,6 +42,11 @@ describe("useTerminal", () => {
write: vi.fn(),
writeln: vi.fn(),
dispose: vi.fn(),
element: document.createElement("div"),
}));
const mockFitAddon = vi.hoisted(() => ({
fit: vi.fn(),
}));
beforeAll(() => {
@@ -68,6 +72,15 @@ describe("useTerminal", () => {
writeln = mockTerminal.writeln;
dispose = mockTerminal.dispose;
element = mockTerminal.element;
},
}));
// mock FitAddon
vi.mock("@xterm/addon-fit", () => ({
FitAddon: class {
fit = mockFitAddon.fit;
},
}));
});
@@ -96,4 +109,18 @@ describe("useTerminal", () => {
expect(mockTerminal.writeln).toHaveBeenNthCalledWith(1, "echo hello");
expect(mockTerminal.writeln).toHaveBeenNthCalledWith(2, "hello");
});
it("should not call fit() when terminal.element is null", () => {
// Temporarily set element to null to simulate terminal not being opened
const originalElement = mockTerminal.element;
mockTerminal.element = null as unknown as HTMLDivElement;
renderWithProviders(<TestTerminalComponent />);
// fit() should not be called because terminal.element is null
expect(mockFitAddon.fit).not.toHaveBeenCalled();
// Restore original element
mockTerminal.element = originalElement;
});
});

238
frontend/__tests__/routes/llm-settings.test.tsx
View File

@@ -72,7 +72,7 @@ describe("Content", () => {
await waitFor(() => {
expect(provider).toHaveValue("OpenHands");
expect(model).toHaveValue("claude-sonnet-4-20250514");
expect(model).toHaveValue("claude-opus-4-5-20251101");
expect(apiKey).toHaveValue("");
expect(apiKey).toHaveProperty("placeholder", "");
@@ -190,7 +190,7 @@ describe("Content", () => {
const agent = screen.getByTestId("agent-input");
const condensor = screen.getByTestId("enable-memory-condenser-switch");
expect(model).toHaveValue("openhands/claude-sonnet-4-20250514");
expect(model).toHaveValue("openhands/claude-opus-4-5-20251101");
expect(baseUrl).toHaveValue("");
expect(apiKey).toHaveValue("");
expect(apiKey).toHaveProperty("placeholder", "");
@@ -253,6 +253,83 @@ describe("Content", () => {
expect(securityAnalyzer).toHaveValue("SETTINGS$SECURITY_ANALYZER_NONE");
});
});
it("should omit invariant and custom analyzers when V1 is enabled", async () => {
const getSettingsSpy = vi.spyOn(SettingsService, "getSettings");
getSettingsSpy.mockResolvedValue({
...MOCK_DEFAULT_USER_SETTINGS,
confirmation_mode: true,
security_analyzer: "llm",
v1_enabled: true,
});
const getSecurityAnalyzersSpy = vi.spyOn(
OptionService,
"getSecurityAnalyzers",
);
getSecurityAnalyzersSpy.mockResolvedValue([
"llm",
"none",
"invariant",
"custom",
]);
renderLlmSettingsScreen();
await screen.findByTestId("llm-settings-screen");
const advancedSwitch = screen.getByTestId("advanced-settings-switch");
await userEvent.click(advancedSwitch);
const securityAnalyzer = await screen.findByTestId(
"security-analyzer-input",
);
await userEvent.click(securityAnalyzer);
// Only llm + none should be available when V1 is enabled
screen.getByText("SETTINGS$SECURITY_ANALYZER_LLM_DEFAULT");
screen.getByText("SETTINGS$SECURITY_ANALYZER_NONE");
expect(
screen.queryByText("SETTINGS$SECURITY_ANALYZER_INVARIANT"),
).not.toBeInTheDocument();
expect(screen.queryByText("custom")).not.toBeInTheDocument();
});
it("should include invariant analyzer option when V1 is disabled", async () => {
const getSettingsSpy = vi.spyOn(SettingsService, "getSettings");
getSettingsSpy.mockResolvedValue({
...MOCK_DEFAULT_USER_SETTINGS,
confirmation_mode: true,
security_analyzer: "llm",
v1_enabled: false,
});
const getSecurityAnalyzersSpy = vi.spyOn(
OptionService,
"getSecurityAnalyzers",
);
getSecurityAnalyzersSpy.mockResolvedValue(["llm", "none", "invariant"]);
renderLlmSettingsScreen();
await screen.findByTestId("llm-settings-screen");
const advancedSwitch = screen.getByTestId("advanced-settings-switch");
await userEvent.click(advancedSwitch);
const securityAnalyzer = await screen.findByTestId(
"security-analyzer-input",
);
await userEvent.click(securityAnalyzer);
expect(
screen.getByText("SETTINGS$SECURITY_ANALYZER_LLM_DEFAULT"),
).toBeInTheDocument();
expect(
screen.getByText("SETTINGS$SECURITY_ANALYZER_NONE"),
).toBeInTheDocument();
expect(
screen.getByText("SETTINGS$SECURITY_ANALYZER_INVARIANT"),
).toBeInTheDocument();
});
});
it.todo("should render an indicator if the llm api key is set");
@@ -833,6 +910,163 @@ describe("Form submission", () => {
});
});
describe("View persistence after saving advanced settings", () => {
it("should remain on Advanced view after saving when memory condenser is disabled", async () => {
// Arrange: Start with default settings (basic view)
const getSettingsSpy = vi.spyOn(SettingsService, "getSettings");
getSettingsSpy.mockResolvedValue({
...MOCK_DEFAULT_USER_SETTINGS,
});
const saveSettingsSpy = vi.spyOn(SettingsService, "saveSettings");
saveSettingsSpy.mockResolvedValue(true);
renderLlmSettingsScreen();
await screen.findByTestId("llm-settings-screen");
// Verify we start in basic view
expect(screen.getByTestId("llm-settings-form-basic")).toBeInTheDocument();
// Act: User manually switches to Advanced view
const advancedSwitch = screen.getByTestId("advanced-settings-switch");
await userEvent.click(advancedSwitch);
await screen.findByTestId("llm-settings-form-advanced");
// User disables memory condenser (advanced-only setting)
const condenserSwitch = screen.getByTestId(
"enable-memory-condenser-switch",
);
expect(condenserSwitch).toBeChecked();
await userEvent.click(condenserSwitch);
expect(condenserSwitch).not.toBeChecked();
// Mock the updated settings that will be returned after save
getSettingsSpy.mockResolvedValue({
...MOCK_DEFAULT_USER_SETTINGS,
enable_default_condenser: false, // Now disabled
});
// User saves settings
const submitButton = screen.getByTestId("submit-button");
await userEvent.click(submitButton);
// Assert: View should remain on Advanced after save
await waitFor(() => {
expect(
screen.getByTestId("llm-settings-form-advanced"),
).toBeInTheDocument();
expect(
screen.queryByTestId("llm-settings-form-basic"),
).not.toBeInTheDocument();
expect(advancedSwitch).toBeChecked();
});
});
it("should remain on Advanced view after saving when condenser max size is customized", async () => {
// Arrange: Start with default settings
const getSettingsSpy = vi.spyOn(SettingsService, "getSettings");
getSettingsSpy.mockResolvedValue({
...MOCK_DEFAULT_USER_SETTINGS,
});
const saveSettingsSpy = vi.spyOn(SettingsService, "saveSettings");
saveSettingsSpy.mockResolvedValue(true);
renderLlmSettingsScreen();
await screen.findByTestId("llm-settings-screen");
// Act: User manually switches to Advanced view
const advancedSwitch = screen.getByTestId("advanced-settings-switch");
await userEvent.click(advancedSwitch);
await screen.findByTestId("llm-settings-form-advanced");
// User sets custom condenser max size (advanced-only setting)
const condenserMaxSizeInput = screen.getByTestId(
"condenser-max-size-input",
);
await userEvent.clear(condenserMaxSizeInput);
await userEvent.type(condenserMaxSizeInput, "200");
// Mock the updated settings that will be returned after save
getSettingsSpy.mockResolvedValue({
...MOCK_DEFAULT_USER_SETTINGS,
condenser_max_size: 200, // Custom value
});
// User saves settings
const submitButton = screen.getByTestId("submit-button");
await userEvent.click(submitButton);
// Assert: View should remain on Advanced after save
await waitFor(() => {
expect(
screen.getByTestId("llm-settings-form-advanced"),
).toBeInTheDocument();
expect(
screen.queryByTestId("llm-settings-form-basic"),
).not.toBeInTheDocument();
expect(advancedSwitch).toBeChecked();
});
});
it("should remain on Advanced view after saving when search API key is set", async () => {
// Arrange: Start with default settings (non-SaaS mode to show search API key field)
const getConfigSpy = vi.spyOn(OptionService, "getConfig");
getConfigSpy.mockResolvedValue({
APP_MODE: "oss",
GITHUB_CLIENT_ID: "fake-github-client-id",
POSTHOG_CLIENT_KEY: "fake-posthog-client-key",
FEATURE_FLAGS: {
ENABLE_BILLING: false,
HIDE_LLM_SETTINGS: false,
HIDE_BILLING: false,
ENABLE_JIRA: false,
ENABLE_JIRA_DC: false,
ENABLE_LINEAR: false,
},
});
const getSettingsSpy = vi.spyOn(SettingsService, "getSettings");
getSettingsSpy.mockResolvedValue({
...MOCK_DEFAULT_USER_SETTINGS,
search_api_key: "", // Default empty value
});
const saveSettingsSpy = vi.spyOn(SettingsService, "saveSettings");
saveSettingsSpy.mockResolvedValue(true);
renderLlmSettingsScreen();
await screen.findByTestId("llm-settings-screen");
// Act: User manually switches to Advanced view
const advancedSwitch = screen.getByTestId("advanced-settings-switch");
await userEvent.click(advancedSwitch);
await screen.findByTestId("llm-settings-form-advanced");
// User sets search API key (advanced-only setting)
const searchApiKeyInput = screen.getByTestId("search-api-key-input");
await userEvent.type(searchApiKeyInput, "test-search-api-key");
// Mock the updated settings that will be returned after save
getSettingsSpy.mockResolvedValue({
...MOCK_DEFAULT_USER_SETTINGS,
search_api_key: "test-search-api-key", // Now set
});
// User saves settings
const submitButton = screen.getByTestId("submit-button");
await userEvent.click(submitButton);
// Assert: View should remain on Advanced after save
await waitFor(() => {
expect(
screen.getByTestId("llm-settings-form-advanced"),
).toBeInTheDocument();
expect(
screen.queryByTestId("llm-settings-form-basic"),
).not.toBeInTheDocument();
expect(advancedSwitch).toBeChecked();
});
});
});
describe("Status toasts", () => {
describe("Basic form", () => {
it("should call displaySuccessToast when the settings are saved", async () => {

6
frontend/src/services/__tests__/actions.test.ts → frontend/__tests__/services/actions.test.ts
View File

@@ -1,8 +1,8 @@
import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
import { handleStatusMessage } from "../actions";
import { handleStatusMessage } from "#/services/actions";
import { StatusMessage } from "#/types/message";
import { queryClient } from "#/query-client-config";
import { useStatusStore } from "#/state/status-store";
import { useStatusStore } from "#/stores/status-store";
import { trackError } from "#/utils/error-handler";
// Mock dependencies
@@ -12,7 +12,7 @@ vi.mock("#/query-client-config", () => ({
},
}));
vi.mock("#/state/status-store", () => ({
vi.mock("#/stores/status-store", () => ({
useStatusStore: {
getState: vi.fn(() => ({
setCurStatusMessage: vi.fn(),

22
frontend/__tests__/services/actions.test.tsx
View File

@@ -1,8 +1,8 @@
import { describe, it, expect, vi, beforeEach } from "vitest";
import ActionType from "#/types/action-type";
import { ActionMessage } from "#/types/message";
import { useCommandStore } from "#/stores/command-store";
// Mock the store and actions
const mockDispatch = vi.fn();
const mockAppendInput = vi.fn();
@@ -12,26 +12,12 @@ vi.mock("#/store", () => ({
},
}));
vi.mock("#/state/command-store", () => ({
useCommandStore: {
getState: () => ({
appendInput: mockAppendInput,
}),
},
}));
vi.mock("#/state/metrics-slice", () => ({
setMetrics: vi.fn(),
}));
vi.mock("#/state/security-analyzer-slice", () => ({
appendSecurityAnalyzerInput: vi.fn(),
}));
describe("handleActionMessage", () => {
beforeEach(() => {
// Clear all mocks before each test
vi.clearAllMocks();
useCommandStore.setState({
appendInput: mockAppendInput,
});
});
it("should handle RUN actions by adding input to terminal", async () => {

2
frontend/src/utils/__tests__/custom-toast-handlers.test.ts → frontend/__tests__/utils/custom-toast-handlers.test.ts
View File

@@ -3,7 +3,7 @@ import toast from "react-hot-toast";
import {
displaySuccessToast,
displayErrorToast,
} from "../custom-toast-handlers";
} from "#/utils/custom-toast-handlers";
// Mock react-hot-toast
vi.mock("react-hot-toast", () => ({

78
frontend/__tests__/utils/has-advanced-settings-set.test.ts
View File

@@ -12,22 +12,92 @@ describe("hasAdvancedSettingsSet", () => {
});
describe("should be true if", () => {
test("LLM_BASE_URL is set", () => {
test("llm_base_url is set", () => {
expect(
hasAdvancedSettingsSet({
...DEFAULT_SETTINGS,
LLM_BASE_URL: "test",
llm_base_url: "test",
}),
).toBe(true);
});
test("AGENT is not default value", () => {
test("agent is not default value", () => {
expect(
hasAdvancedSettingsSet({
...DEFAULT_SETTINGS,
AGENT: "test",
agent: "test",
}),
).toBe(true);
});
test("enable_default_condenser is disabled", () => {
// Arrange
const settings = {
...DEFAULT_SETTINGS,
enable_default_condenser: false,
};
// Act
const result = hasAdvancedSettingsSet(settings);
// Assert
expect(result).toBe(true);
});
test("condenser_max_size is customized above default", () => {
// Arrange
const settings = {
...DEFAULT_SETTINGS,
condenser_max_size: 200,
};
// Act
const result = hasAdvancedSettingsSet(settings);
// Assert
expect(result).toBe(true);
});
test("condenser_max_size is customized below default", () => {
// Arrange
const settings = {
...DEFAULT_SETTINGS,
condenser_max_size: 50,
};
// Act
const result = hasAdvancedSettingsSet(settings);
// Assert
expect(result).toBe(true);
});
test("search_api_key is set to non-empty value", () => {
// Arrange
const settings = {
...DEFAULT_SETTINGS,
search_api_key: "test-api-key-123",
};
// Act
const result = hasAdvancedSettingsSet(settings);
// Assert
expect(result).toBe(true);
});
test("search_api_key with whitespace is treated as set", () => {
// Arrange
const settings = {
...DEFAULT_SETTINGS,
search_api_key: " test-key ",
};
// Act
const result = hasAdvancedSettingsSet(settings);
// Assert
expect(result).toBe(true);
});
});
});

10
frontend/__tests__/utils/model-name-case-preservation.test.tsx
View File

@@ -13,7 +13,7 @@ describe("Model name case preservation", () => {
const settings = extractSettings(formData);
// Test that model names maintain their original casing
expect(settings.LLM_MODEL).toBe("SambaNova/Meta-Llama-3.1-8B-Instruct");
expect(settings.llm_model).toBe("SambaNova/Meta-Llama-3.1-8B-Instruct");
});
it("should preserve openai model case", () => {
@@ -24,7 +24,7 @@ describe("Model name case preservation", () => {
formData.set("language", "en");
const settings = extractSettings(formData);
expect(settings.LLM_MODEL).toBe("openai/gpt-4o");
expect(settings.llm_model).toBe("openai/gpt-4o");
});
it("should preserve anthropic model case", () => {
@@ -35,7 +35,7 @@ describe("Model name case preservation", () => {
formData.set("language", "en");
const settings = extractSettings(formData);
expect(settings.LLM_MODEL).toBe("anthropic/claude-sonnet-4-20250514");
expect(settings.llm_model).toBe("anthropic/claude-sonnet-4-20250514");
});
it("should not automatically lowercase model names", () => {
@@ -48,7 +48,7 @@ describe("Model name case preservation", () => {
const settings = extractSettings(formData);
// Test that camelCase and PascalCase are preserved
expect(settings.LLM_MODEL).not.toBe("sambanova/meta-llama-3.1-8b-instruct");
expect(settings.LLM_MODEL).toBe("SambaNova/Meta-Llama-3.1-8B-Instruct");
expect(settings.llm_model).not.toBe("sambanova/meta-llama-3.1-8b-instruct");
expect(settings.llm_model).toBe("SambaNova/Meta-Llama-3.1-8B-Instruct");
});
});

10
frontend/src/utils/__tests__/settings-utils.test.ts → frontend/__tests__/utils/settings-utils.test.ts
View File

@@ -1,5 +1,5 @@
import { describe, it, expect } from "vitest";
import { parseMaxBudgetPerTask, extractSettings } from "../settings-utils";
import { parseMaxBudgetPerTask, extractSettings } from "#/utils/settings-utils";
describe("parseMaxBudgetPerTask", () => {
it("should return null for empty string", () => {
@@ -67,10 +67,10 @@ describe("extractSettings", () => {
// Verify that the model name case is preserved
const expectedModel = `${provider}/${model}`;
expect(settings.LLM_MODEL).toBe(expectedModel);
expect(settings.llm_model).toBe(expectedModel);
// Only test that it's not lowercased if the original has uppercase letters
if (expectedModel !== expectedModel.toLowerCase()) {
expect(settings.LLM_MODEL).not.toBe(expectedModel.toLowerCase());
expect(settings.llm_model).not.toBe(expectedModel.toLowerCase());
}
});
});
@@ -85,7 +85,7 @@ describe("extractSettings", () => {
const settings = extractSettings(formData);
// Custom model should take precedence and preserve case
expect(settings.LLM_MODEL).toBe("Custom-Model-Name");
expect(settings.LLM_MODEL).not.toBe("custom-model-name");
expect(settings.llm_model).toBe("Custom-Model-Name");
expect(settings.llm_model).not.toBe("custom-model-name");
});
});

2
frontend/src/utils/__tests__/toast-duration.test.ts → frontend/__tests__/utils/toast-duration.test.ts
View File

@@ -1,5 +1,5 @@
import { describe, it, expect } from "vitest";
import { calculateToastDuration } from "../toast-duration";
import { calculateToastDuration } from "#/utils/toast-duration";
describe("calculateToastDuration", () => {
it("should return minimum duration for short messages", () => {

2
frontend/src/utils/__tests__/vscode-url-helper.test.ts → frontend/__tests__/utils/vscode-url-helper.test.ts
View File

@@ -1,5 +1,5 @@
import { describe, it, expect, beforeEach, afterEach } from "vitest";
import { transformVSCodeUrl } from "../vscode-url-helper";
import { transformVSCodeUrl } from "#/utils/vscode-url-helper";
describe("transformVSCodeUrl", () => {
const originalWindowLocation = window.location;

2304
frontend/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

57
frontend/package.json
View File

@@ -1,52 +1,42 @@
{
"name": "openhands-frontend",
"version": "0.62.0",
"version": "1.0.0",
"private": true,
"type": "module",
"engines": {
"node": ">=22.0.0"
},
"dependencies": {
"@heroui/react": "2.8.5",
"@heroui/use-infinite-scroll": "^2.2.12",
"@heroui/react": "2.8.6",
"@microlink/react-json-view": "^1.26.2",
"@monaco-editor/react": "^4.7.0-rc.0",
"@posthog/react": "^1.5.2",
"@react-router/node": "^7.10.1",
"@react-router/serve": "^7.10.1",
"@react-types/shared": "^3.32.0",
"@stripe/react-stripe-js": "^5.4.1",
"@stripe/stripe-js": "^8.5.3",
"@tailwindcss/postcss": "^4.1.17",
"@tailwindcss/vite": "^4.1.17",
"@react-router/node": "^7.11.0",
"@react-router/serve": "^7.11.0",
"@tailwindcss/vite": "^4.1.18",
"@tanstack/react-query": "^5.90.12",
"@uidotdev/usehooks": "^2.4.1",
"@vitejs/plugin-react": "^5.1.2",
"@xterm/addon-fit": "^0.10.0",
"@xterm/xterm": "^5.4.0",
"axios": "^1.13.2",
"class-variance-authority": "^0.7.1",
"clsx": "^2.1.1",
"date-fns": "^4.1.0",
"downshift": "^9.0.12",
"downshift": "^9.0.13",
"eslint-config-airbnb-typescript": "^18.0.0",
"framer-motion": "^12.23.25",
"i18next": "^25.7.2",
"i18next": "^25.7.3",
"i18next-browser-languagedetector": "^8.2.0",
"i18next-http-backend": "^3.0.2",
"isbot": "^5.1.32",
"jose": "^6.1.3",
"lucide-react": "^0.556.0",
"lucide-react": "^0.562.0",
"monaco-editor": "^0.55.1",
"posthog-js": "^1.302.2",
"react": "^19.2.0",
"react-dom": "^19.2.0",
"react-highlight": "^0.15.0",
"posthog-js": "^1.309.1",
"react": "^19.2.3",
"react-dom": "^19.2.3",
"react-hot-toast": "^2.6.0",
"react-i18next": "^16.4.0",
"react-i18next": "^16.5.0",
"react-icons": "^5.5.0",
"react-markdown": "^10.1.0",
"react-router": "^7.10.1",
"react-router": "^7.11.0",
"react-syntax-highlighter": "^16.1.0",
"remark-breaks": "^4.0.0",
"remark-gfm": "^4.0.1",
@@ -54,9 +44,7 @@
"socket.io-client": "^4.8.1",
"tailwind-merge": "^3.4.0",
"tailwind-scrollbar": "^4.0.2",
"vite": "^7.2.7",
"web-vitals": "^5.1.0",
"ws": "^8.18.2",
"vite": "^7.3.0",
"zustand": "^5.0.9"
},
"scripts": {
@@ -92,28 +80,22 @@
]
},
"devDependencies": {
"@babel/parser": "^7.28.3",
"@babel/traverse": "^7.28.3",
"@babel/types": "^7.28.2",
"@mswjs/socket.io-binding": "^0.2.0",
"@playwright/test": "^1.57.0",
"@react-router/dev": "^7.10.1",
"@react-router/dev": "^7.11.0",
"@tailwindcss/typography": "^0.5.19",
"@tanstack/eslint-plugin-query": "^5.91.0",
"@testing-library/dom": "^10.4.1",
"@testing-library/jest-dom": "^6.9.1",
"@testing-library/react": "^16.3.0",
"@testing-library/react": "^16.3.1",
"@testing-library/user-event": "^14.6.1",
"@types/node": "^24.10.1",
"@types/node": "^25.0.3",
"@types/react": "^19.2.7",
"@types/react-dom": "^19.2.3",
"@types/react-highlight": "^0.12.8",
"@types/react-syntax-highlighter": "^15.5.13",
"@types/ws": "^8.18.1",
"@typescript-eslint/eslint-plugin": "^7.18.0",
"@typescript-eslint/parser": "^7.18.0",
"@vitest/coverage-v8": "^4.0.14",
"autoprefixer": "^10.4.22",
"@vitest/coverage-v8": "^4.0.16",
"cross-env": "^10.1.0",
"eslint": "^8.57.0",
"eslint-config-airbnb": "^19.0.4",
@@ -131,11 +113,10 @@
"lint-staged": "^16.2.7",
"msw": "^2.6.6",
"prettier": "^3.7.3",
"stripe": "^20.0.0",
"tailwindcss": "^4.1.8",
"typescript": "^5.9.3",
"vite-plugin-svgr": "^4.5.0",
"vite-tsconfig-paths": "^5.1.4",
"vite-tsconfig-paths": "^6.0.3",
"vitest": "^4.0.14"
},
"packageManager": "npm@10.5.0",

2
frontend/public/mockServiceWorker.js
View File

@@ -7,7 +7,7 @@
* - Please do NOT modify this file.
*/
const PACKAGE_VERSION = '2.12.3'
const PACKAGE_VERSION = '2.12.4'
const INTEGRITY_CHECKSUM = '4db4a41e972cec1b64cc569c66952d82'
const IS_MOCKED_RESPONSE = Symbol('isMockedResponse')
const activeClientIds = new Set()

102
frontend/src/api/README.md Normal file
View File

@@ -0,0 +1,102 @@
# API Services Guide
## Overview
Services are the abstraction layer between frontend components and backend APIs. They encapsulate HTTP requests using the shared `openHands` axios instance and provide typed methods for each endpoint.
Each service is a plain object with async methods.
## Structure
Each service lives in its own directory:
```
src/api/
├── billing-service/
│ ├── billing-service.api.ts # Service methods
│ └── billing.types.ts # Types and interfaces
├── organization-service/
│ ├── organization-service.api.ts
│ └── organization.types.ts
└── open-hands-axios.ts # Shared axios instance
```
## Creating a Service
Use an object literal with named export. Use object destructuring for parameters to make calls self-documenting.
```typescript
// feature-service/feature-service.api.ts
import { openHands } from "../open-hands-axios";
import { Feature, CreateFeatureParams } from "./feature.types";
export const featureService = {
getFeature: async ({ id }: { id: string }) => {
const { data } = await openHands.get<Feature>(`/api/features/${id}`);
return data;
},
createFeature: async ({ name, description }: CreateFeatureParams) => {
const { data } = await openHands.post<Feature>("/api/features", {
name,
description,
});
return data;
},
};
```
### Types
Define types in a separate file within the same directory:
```typescript
// feature-service/feature.types.ts
export interface Feature {
id: string;
name: string;
description: string;
}
export interface CreateFeatureParams {
name: string;
description: string;
}
```
## Usage
> [!IMPORTANT]
> **Don't call services directly in components.** Wrap them in TanStack Query hooks.
>
> Why? TanStack Query provides:
> - **Caching** - Avoid redundant network requests
> - **Deduplication** - Multiple components requesting the same data share one request
> - **Loading/error states** - Built-in `isLoading`, `isError`, `data` states
> - **Background refetching** - Data stays fresh automatically
>
> Hooks location:
> - `src/hooks/query/` for data fetching (`useQuery`)
> - `src/hooks/mutation/` for writes/updates (`useMutation`)
```typescript
// src/hooks/query/use-feature.ts
import { useQuery } from "@tanstack/react-query";
import { featureService } from "#/api/feature-service/feature-service.api";
export const useFeature = (id: string) => {
return useQuery({
queryKey: ["feature", id],
queryFn: () => featureService.getFeature({ id }),
});
};
```
## Naming Conventions
| Item | Convention | Example |
|------|------------|---------|
| Directory | `feature-service/` | `billing-service/` |
| Service file | `feature-service.api.ts` | `billing-service.api.ts` |
| Types file | `feature.types.ts` | `billing.types.ts` |
| Export name | `featureService` | `billingService` |

13
frontend/src/api/conversation-service/v1-conversation-service.api.ts
View File

@@ -11,6 +11,7 @@ import type {
V1AppConversationStartTask,
V1AppConversationStartTaskPage,
V1AppConversation,
GetSkillsResponse,
} from "./v1-conversation-service.types";
class V1ConversationService {
@@ -315,6 +316,18 @@ class V1ConversationService {
);
return data;
}
/**
* Get all skills associated with a V1 conversation
* @param conversationId The conversation ID
* @returns The available skills associated with the conversation
*/
static async getSkills(conversationId: string): Promise<GetSkillsResponse> {
const { data } = await openHands.get<GetSkillsResponse>(
`/api/v1/app-conversations/${conversationId}/skills`,
);
return data;
}
}
export default V1ConversationService;

11
frontend/src/api/conversation-service/v1-conversation-service.types.ts
View File

@@ -99,3 +99,14 @@ export interface V1AppConversation {
conversation_url: string | null;
session_api_key: string | null;
}
export interface Skill {
name: string;
type: "repo" | "knowledge";
content: string;
triggers: string[];
}
export interface GetSkillsResponse {
skills: Skill[];
}

27
frontend/src/api/event-service/event-service.api.ts
View File

@@ -5,7 +5,6 @@ import type {
ConfirmationResponseRequest,
ConfirmationResponseResponse,
} from "./event-service.types";
import { openHands } from "../open-hands-axios";
class EventService {
/**
@@ -38,11 +37,27 @@ class EventService {
return data;
}
static async getEventCount(conversationId: string): Promise<number> {
const params = new URLSearchParams();
params.append("conversation_id__eq", conversationId);
const { data } = await openHands.get<number>(
`/api/v1/events/count?${params.toString()}`,
/**
* Get event count for a V1 conversation
* @param conversationId The conversation ID
* @param conversationUrl The conversation URL (e.g., "http://localhost:54928/api/conversations/...")
* @param sessionApiKey Session API key for authentication (required for V1)
* @returns The event count
*/
static async getEventCount(
conversationId: string,
conversationUrl: string,
sessionApiKey?: string | null,
): Promise<number> {
// Build the runtime URL using the conversation URL
const runtimeUrl = buildHttpBaseUrl(conversationUrl);
// Build session headers for authentication
const headers = buildSessionHeaders(sessionApiKey);
const { data } = await axios.get<number>(
`${runtimeUrl}/api/conversations/${conversationId}/events/count`,
{ headers },
);
return data;
}

0
frontend/src/ui/microagent-management-service/microagent-management-service.api.ts → frontend/src/api/microagent-management-service/microagent-management-service.api.ts
View File

10
frontend/src/api/settings-service/settings-service.api.ts
View File

@@ -1,5 +1,5 @@
import { openHands } from "../open-hands-axios";
import { ApiSettings, PostApiSettings } from "./settings.types";
import { Settings } from "#/types/settings";
/**
* Settings service for managing application settings
@@ -8,8 +8,8 @@ class SettingsService {
/**
* Get the settings from the server or use the default settings if not found
*/
static async getSettings(): Promise<ApiSettings> {
const { data } = await openHands.get<ApiSettings>("/api/settings");
static async getSettings(): Promise<Settings> {
const { data } = await openHands.get<Settings>("/api/settings");
return data;
}
@@ -17,9 +17,7 @@ class SettingsService {
* Save the settings to the server. Only valid settings are saved.
* @param settings - the settings to save
*/
static async saveSettings(
settings: Partial<PostApiSettings>,
): Promise<boolean> {
static async saveSettings(settings: Partial<Settings>): Promise<boolean> {
const data = await openHands.post("/api/settings", settings);
return data.status === 200;
}

54
frontend/src/api/settings-service/settings.types.ts
View File

@@ -1,54 +0,0 @@
import { Provider } from "#/types/settings";
export type ApiSettings = {
llm_model: string;
llm_base_url: string;
agent: string;
language: string;
llm_api_key: string | null;
llm_api_key_set: boolean;
search_api_key_set: boolean;
confirmation_mode: boolean;
security_analyzer: string | null;
remote_runtime_resource_factor: number | null;
enable_default_condenser: boolean;
// Max size for condenser in backend settings
condenser_max_size: number | null;
enable_sound_notifications: boolean;
enable_proactive_conversation_starters: boolean;
enable_solvability_analysis: boolean;
user_consents_to_analytics: boolean | null;
search_api_key?: string;
provider_tokens_set: Partial<Record<Provider, string | null>>;
max_budget_per_task: number | null;
mcp_config?: {
sse_servers: (string | { url: string; api_key?: string })[];
stdio_servers: {
name: string;
command: string;
args?: string[];
env?: Record<string, string>;
}[];
shttp_servers: (string | { url: string; api_key?: string })[];
};
email?: string;
email_verified?: boolean;
git_user_name?: string;
git_user_email?: string;
v1_enabled?: boolean;
};
export type PostApiSettings = ApiSettings & {
user_consents_to_analytics: boolean | null;
search_api_key?: string;
mcp_config?: {
sse_servers: (string | { url: string; api_key?: string })[];
stdio_servers: {
name: string;
command: string;
args?: string[];
env?: Record<string, string>;
}[];
shttp_servers: (string | { url: string; api_key?: string })[];
};
};

7
frontend/src/components/features/browser/browser.tsx
View File

@@ -12,10 +12,9 @@ export function BrowserPanel() {
reset();
}, [conversationId, reset]);
const imgSrc =
screenshotSrc && screenshotSrc.startsWith("data:image/png;base64,")
? screenshotSrc
: `data:image/png;base64,${screenshotSrc || ""}`;
const imgSrc = screenshotSrc?.startsWith("data:image/png;base64,")
? screenshotSrc
: `data:image/png;base64,${screenshotSrc ?? ""}`;
return (
<div className="h-full w-full flex flex-col text-neutral-400">

2
frontend/src/components/features/chat/change-agent-button.tsx
View File

@@ -5,7 +5,7 @@ import { I18nKey } from "#/i18n/declaration";
import CodeTagIcon from "#/icons/code-tag.svg?react";
import ChevronDownSmallIcon from "#/icons/chevron-down-small.svg?react";
import LessonPlanIcon from "#/icons/lesson-plan.svg?react";
import { useConversationStore } from "#/state/conversation-store";
import { useConversationStore } from "#/stores/conversation-store";
import { ChangeAgentContextMenu } from "./change-agent-context-menu";
import { cn } from "#/utils/utils";
import { USE_PLANNING_AGENT } from "#/utils/feature-flags";

2
frontend/src/components/features/chat/chat-interface.tsx
View File

@@ -38,7 +38,7 @@ import {
import { useUnifiedUploadFiles } from "#/hooks/mutation/use-unified-upload-files";
import { useConfig } from "#/hooks/query/use-config";
import { validateFiles } from "#/utils/file-validation";
import { useConversationStore } from "#/state/conversation-store";
import { useConversationStore } from "#/stores/conversation-store";
import ConfirmationModeEnabled from "./confirmation-mode-enabled";
import {
isV0Event,

2
frontend/src/components/features/chat/chat-suggestions.tsx
View File

@@ -4,7 +4,7 @@ import { Suggestions } from "#/components/features/suggestions/suggestions";
import { I18nKey } from "#/i18n/declaration";
import BuildIt from "#/icons/build-it.svg?react";
import { SUGGESTIONS } from "#/utils/suggestions";
import { useConversationStore } from "#/state/conversation-store";
import { useConversationStore } from "#/stores/conversation-store";
interface ChatSuggestionsProps {
onSuggestionsClick: (value: string) => void;

2
frontend/src/components/features/chat/components/chat-input-container.tsx
View File

@@ -3,7 +3,7 @@ import { DragOver } from "../drag-over";
import { UploadedFiles } from "../uploaded-files";
import { ChatInputRow } from "./chat-input-row";
import { ChatInputActions } from "./chat-input-actions";
import { useConversationStore } from "#/state/conversation-store";
import { useConversationStore } from "#/stores/conversation-store";
import { cn } from "#/utils/utils";
interface ChatInputContainerProps {

2
frontend/src/components/features/chat/components/chat-input-field.tsx
View File

@@ -1,7 +1,7 @@
import React from "react";
import { useTranslation } from "react-i18next";
import { I18nKey } from "#/i18n/declaration";
import { useConversationStore } from "#/state/conversation-store";
import { useConversationStore } from "#/stores/conversation-store";
interface ChatInputFieldProps {
chatInputRef: React.RefObject<HTMLDivElement | null>;

2
frontend/src/components/features/chat/confirmation-mode-enabled.tsx
View File

@@ -9,7 +9,7 @@ function ConfirmationModeEnabled() {
const { data: settings } = useSettings();
if (!settings?.CONFIRMATION_MODE) {
if (!settings?.confirmation_mode) {
return null;
}

2
frontend/src/components/features/chat/custom-chat-input.tsx
View File

@@ -8,7 +8,7 @@ import { useChatSubmission } from "#/hooks/chat/use-chat-submission";
import { ChatInputGrip } from "./components/chat-input-grip";
import { ChatInputContainer } from "./components/chat-input-container";
import { HiddenFileInput } from "./components/hidden-file-input";
import { useConversationStore } from "#/state/conversation-store";
import { useConversationStore } from "#/stores/conversation-store";
export interface CustomChatInputProps {
disabled?: boolean;

2
frontend/src/components/features/chat/event-content-helpers/get-observation-content.ts
View File

@@ -140,7 +140,7 @@ const getTaskTrackingObservationContent = (
content += "\n\n**Task List:** Empty";
}
if (event.content && event.content.trim()) {
if (event.content?.trim()) {
content += `\n\n**Result:** ${event.content.trim()}`;
}

2
frontend/src/components/features/chat/interactive-chat-box.tsx
View File

@@ -5,7 +5,7 @@ import { CustomChatInput } from "./custom-chat-input";
import { AgentState } from "#/types/agent-state";
import { useActiveConversation } from "#/hooks/query/use-active-conversation";
import { GitControlBar } from "./git-control-bar";
import { useConversationStore } from "#/state/conversation-store";
import { useConversationStore } from "#/stores/conversation-store";
import { useAgentState } from "#/hooks/use-agent-state";
import { processFiles, processImages } from "#/utils/file-processing";
import { useSubConversationTaskPolling } from "#/hooks/query/use-sub-conversation-task-polling";

3
frontend/src/components/features/chat/messages.tsx
View File

@@ -192,8 +192,7 @@ export const Messages: React.FC<MessagesProps> = React.memo(
) => {
const conversationInstructions = `Target file: ${target}\n\nDescription: ${query}\n\nTriggers: ${triggers.join(", ")}`;
if (
!conversation ||
!conversation.selected_repository ||
!conversation?.selected_repository ||
!conversation.selected_branch ||
!conversation.git_provider ||
!selectedEventId

2
frontend/src/components/features/chat/task-tracking/task-item.tsx
View File

@@ -24,7 +24,7 @@ export function TaskItem({ task }: TaskItemProps) {
case "todo":
return <CircleIcon className="w-4 h-4 text-[#ffffff]" />;
case "in_progress":
return <LoadingIcon className="w-4 h-4 text-[#ffffff]" />;
return <LoadingIcon className="w-4 h-4 text-[#ffffff] animate-spin" />;
case "done":
return <CheckCircleIcon className="w-4 h-4 text-[#A3A3A3]" />;
default:

2
frontend/src/components/features/chat/uploaded-files.tsx
View File

@@ -1,6 +1,6 @@
import { UploadedFile } from "./uploaded-file";
import { UploadedImage } from "./uploaded-image";
import { useConversationStore } from "#/state/conversation-store";
import { useConversationStore } from "#/stores/conversation-store";
export function UploadedFiles() {
const {

25
frontend/src/components/features/controls/agent-status.tsx
View File

@@ -1,6 +1,6 @@
import { useTranslation } from "react-i18next";
import { useEffect } from "react";
import { useStatusStore } from "#/state/status-store";
import { useStatusStore } from "#/stores/status-store";
import { useActiveConversation } from "#/hooks/query/use-active-conversation";
import { getStatusCode } from "#/utils/status";
import { ChatStopButton } from "../chat/chat-stop-button";
@@ -9,7 +9,7 @@ import ClockIcon from "#/icons/u-clock-three.svg?react";
import { ChatResumeAgentButton } from "../chat/chat-play-button";
import { cn, isTaskPolling } from "#/utils/utils";
import { AgentLoading } from "./agent-loading";
import { useConversationStore } from "#/state/conversation-store";
import { useConversationStore } from "#/stores/conversation-store";
import CircleErrorIcon from "#/icons/circle-error.svg?react";
import { useAgentState } from "#/hooks/use-agent-state";
import { useUnifiedWebSocketStatus } from "#/hooks/use-unified-websocket-status";
@@ -59,13 +59,15 @@ export function AgentStatus({
);
const shouldShownAgentLoading =
isPausing ||
curAgentState === AgentState.INIT ||
curAgentState === AgentState.LOADING ||
(webSocketStatus === "CONNECTING" && taskStatus !== "ERROR") ||
isTaskPolling(taskStatus) ||
isTaskPolling(subConversationTaskStatus);
// For UI rendering - includes pause state
const isLoading = shouldShownAgentLoading || isPausing;
const shouldShownAgentError =
curAgentState === AgentState.ERROR ||
curAgentState === AgentState.RATE_LIMITED ||
@@ -93,25 +95,28 @@ export function AgentStatus({
<div
className={cn(
"bg-[#525252] box-border content-stretch flex flex-row gap-[3px] items-center justify-center overflow-clip px-0.5 py-1 relative rounded-[100px] shrink-0 size-6 transition-all duration-200 active:scale-95",
!shouldShownAgentLoading &&
!isLoading &&
(shouldShownAgentStop || shouldShownAgentResume) &&
"hover:bg-[#737373] cursor-pointer",
)}
>
{shouldShownAgentLoading && <AgentLoading />}
{!shouldShownAgentLoading && shouldShownAgentStop && (
{isLoading && <AgentLoading />}
{!isLoading && shouldShownAgentStop && (
<ChatStopButton handleStop={handleStop} />
)}
{!shouldShownAgentLoading && shouldShownAgentResume && (
{!isLoading && shouldShownAgentResume && (
<ChatResumeAgentButton
onAgentResumed={handleResumeAgent}
disabled={disabled}
/>
)}
{!shouldShownAgentLoading && shouldShownAgentError && (
<CircleErrorIcon className="w-4 h-4" />
{!isLoading && shouldShownAgentError && (
<CircleErrorIcon
className="w-4 h-4"
data-testid="circle-error-icon"
/>
)}
{!shouldShownAgentLoading &&
{!isLoading &&
!shouldShownAgentStop &&
!shouldShownAgentResume &&
!shouldShownAgentError && <ClockIcon className="w-4 h-4" />}

Some files were not shown because too many files have changed in this diff Show More