RubyGems - tep - Versions diffs - 0.11.0 - Mend

tep 0.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (193) hide show

checksums.yaml +7 -0
data/LICENSE +21 -0
data/Makefile +134 -0
data/README.md +247 -0
data/SINATRA_COMPAT.md +376 -0
data/bin/tep +2156 -0
data/examples/agentic_chat/README.md +103 -0
data/examples/agentic_chat/app.rb +310 -0
data/examples/api_gateway/README.md +49 -0
data/examples/api_gateway/app.rb +66 -0
data/examples/blog/app.rb +367 -0
data/examples/blog/views/index.erb +36 -0
data/examples/blog/views/login.erb +28 -0
data/examples/blog/views/new_post.erb +25 -0
data/examples/blog/views/show.erb +16 -0
data/examples/chat/app.rb +278 -0
data/examples/chat/assets/logo.svg +13 -0
data/examples/chat/assets/style.css +209 -0
data/examples/chat/views/index.erb +142 -0
data/examples/chatbot/README.md +111 -0
data/examples/chatbot/app.rb +1024 -0
data/examples/chatbot/assets/chat.js +249 -0
data/examples/chatbot/assets/compare.js +93 -0
data/examples/chatbot/assets/markdown.js +84 -0
data/examples/chatbot/assets/style.css +215 -0
data/examples/chatbot/schema.sql +25 -0
data/examples/chatbot/views/compare.erb +43 -0
data/examples/chatbot/views/index.erb +42 -0
data/examples/chatbot/views/login.erb +22 -0
data/examples/chatbot/views/setup.erb +23 -0
data/examples/counter/README.md +68 -0
data/examples/counter/app.rb +85 -0
data/examples/experiments/AGENTS.md +91 -0
data/examples/experiments/README.md +99 -0
data/examples/experiments/app.rb +225 -0
data/examples/geohash/Gemfile +11 -0
data/examples/geohash/Gemfile.lock +17 -0
data/examples/geohash/README.md +58 -0
data/examples/geohash/app.rb +33 -0
data/examples/hello.rb +120 -0
data/examples/llm_gateway/README.md +73 -0
data/examples/llm_gateway/app.rb +91 -0
data/examples/maidenhead/Gemfile +7 -0
data/examples/maidenhead/Gemfile.lock +17 -0
data/examples/maidenhead/README.md +47 -0
data/examples/maidenhead/app.rb +46 -0
data/examples/pg_hello.rb +76 -0
data/examples/qdrant/Gemfile +11 -0
data/examples/qdrant/Gemfile.lock +29 -0
data/examples/qdrant/README.md +54 -0
data/examples/sinatra_style.rb +32 -0
data/examples/websocket_echo.rb +37 -0
data/lib/tep/agent_delegation.rb +35 -0
data/lib/tep/app.rb +291 -0
data/lib/tep/assets.rb +52 -0
data/lib/tep/auth.rb +78 -0
data/lib/tep/auth_bearer_token.rb +126 -0
data/lib/tep/auth_oauth2.rb +189 -0
data/lib/tep/auth_oauth2_client.rb +29 -0
data/lib/tep/auth_oauth2_code.rb +40 -0
data/lib/tep/auth_session_cookie.rb +132 -0
data/lib/tep/broadcast.rb +265 -0
data/lib/tep/broadcast_subscription.rb +42 -0
data/lib/tep/cache.rb +49 -0
data/lib/tep/events.rb +257 -0
data/lib/tep/filter.rb +21 -0
data/lib/tep/handler.rb +35 -0
data/lib/tep/http.rb +599 -0
data/lib/tep/identity.rb +67 -0
data/lib/tep/job.rb +186 -0
data/lib/tep/json.rb +572 -0
data/lib/tep/jwt.rb +126 -0
data/lib/tep/live_view.rb +219 -0
data/lib/tep/llm.rb +505 -0
data/lib/tep/logger.rb +85 -0
data/lib/tep/mcp.rb +203 -0
data/lib/tep/multipart.rb +98 -0
data/lib/tep/net.rb +155 -0
data/lib/tep/openai_server.rb +725 -0
data/lib/tep/parallel.rb +168 -0
data/lib/tep/parser.rb +81 -0
data/lib/tep/password.rb +102 -0
data/lib/tep/pg.rb +1128 -0
data/lib/tep/presence.rb +589 -0
data/lib/tep/presence_entry.rb +52 -0
data/lib/tep/proxy.rb +801 -0
data/lib/tep/request.rb +194 -0
data/lib/tep/response.rb +134 -0
data/lib/tep/router.rb +137 -0
data/lib/tep/scheduler.rb +342 -0
data/lib/tep/security.rb +140 -0
data/lib/tep/server.rb +276 -0
data/lib/tep/server_scheduled.rb +375 -0
data/lib/tep/session.rb +98 -0
data/lib/tep/shell.rb +62 -0
data/lib/tep/sphttp.c +858 -0
data/lib/tep/sqlite.rb +215 -0
data/lib/tep/streamer.rb +31 -0
data/lib/tep/tep_pg.c +769 -0
data/lib/tep/tep_sqlite.c +320 -0
data/lib/tep/url.rb +161 -0
data/lib/tep/version.rb +3 -0
data/lib/tep/websocket/connection.rb +171 -0
data/lib/tep/websocket/driver.rb +169 -0
data/lib/tep/websocket/frame.rb +238 -0
data/lib/tep/websocket/handshake.rb +159 -0
data/lib/tep/websocket.rb +68 -0
data/lib/tep.rb +981 -0
data/public/hello.txt +1 -0
data/public/style.css +4 -0
data/spinel-ext.json +33 -0
data/test/helper.rb +248 -0
data/test/real_world/01_simple.rb +5 -0
data/test/real_world/02_lifecycle.rb +20 -0
data/test/real_world/03_chat.rb +75 -0
data/test/real_world/04_health_api.rb +25 -0
data/test/real_world/05_todo_api.rb +57 -0
data/test/real_world/06_basic_auth.rb +25 -0
data/test/real_world/07_bbc_rest_api.rb +228 -0
data/test/real_world/07_sklise_things.rb +109 -0
data/test/real_world/08_jwd83_helloworld.rb +56 -0
data/test/run_all.rb +7 -0
data/test/run_parallel.rb +89 -0
data/test/spinel_scheduled_burst_segv_repro.rb +33 -0
data/test/test_api_gateway.rb +76 -0
data/test/test_auth.rb +223 -0
data/test/test_auth_oauth2.rb +208 -0
data/test/test_auth_session_cookie.rb +198 -0
data/test/test_broadcast.rb +197 -0
data/test/test_broadcast_pg.rb +135 -0
data/test/test_cache.rb +98 -0
data/test/test_cache_static.rb +48 -0
data/test/test_cookies.rb +52 -0
data/test/test_erb.rb +53 -0
data/test/test_erb_ivars.rb +58 -0
data/test/test_events.rb +114 -0
data/test/test_filters.rb +41 -0
data/test/test_geohash_example.rb +89 -0
data/test/test_http.rb +137 -0
data/test/test_http_pool.rb +122 -0
data/test/test_http_pool_send.rb +57 -0
data/test/test_identity.rb +165 -0
data/test/test_inbound_tls.rb +101 -0
data/test/test_inbound_tls_scheduled.rb +101 -0
data/test/test_job.rb +108 -0
data/test/test_json.rb +168 -0
data/test/test_jwt.rb +143 -0
data/test/test_live_view.rb +324 -0
data/test/test_llm.rb +250 -0
data/test/test_llm_gateway.rb +95 -0
data/test/test_logger.rb +101 -0
data/test/test_maidenhead_example.rb +86 -0
data/test/test_mcp.rb +264 -0
data/test/test_misc_v02.rb +54 -0
data/test/test_modular.rb +43 -0
data/test/test_multi_filters.rb +40 -0
data/test/test_mustache.rb +57 -0
data/test/test_openai_server.rb +598 -0
data/test/test_optional_segments.rb +45 -0
data/test/test_parallel.rb +102 -0
data/test/test_params.rb +99 -0
data/test/test_pass.rb +42 -0
data/test/test_password.rb +101 -0
data/test/test_pg.rb +673 -0
data/test/test_presence.rb +374 -0
data/test/test_presence_pg.rb +309 -0
data/test/test_proxy.rb +556 -0
data/test/test_proxy_dsl.rb +119 -0
data/test/test_proxy_streaming.rb +146 -0
data/test/test_real_world.rb +397 -0
data/test/test_regex_routes.rb +52 -0
data/test/test_request_methods.rb +102 -0
data/test/test_response.rb +123 -0
data/test/test_routing.rb +109 -0
data/test/test_scheduler.rb +153 -0
data/test/test_security.rb +72 -0
data/test/test_server_scheduled.rb +56 -0
data/test/test_sessions.rb +59 -0
data/test/test_shell.rb +54 -0
data/test/test_sqlite.rb +148 -0
data/test/test_sqlite_cached.rb +171 -0
data/test/test_static.rb +57 -0
data/test/test_streaming.rb +96 -0
data/test/test_unsupported.rb +32 -0
data/test/test_websocket.rb +152 -0
data/test/test_websocket_echo.rb +138 -0
data/test/views/greet.erb +5 -0
data/test/views/hello.erb +5 -0
data/test/views/list.erb +5 -0
data/test/views/m_ivars.mustache +3 -0
data/test/views/m_simple.mustache +4 -0
data/test/views/mixed.erb +3 -0
metadata +264 -0

data/test/test_response.rb ADDED Viewed

@@ -0,0 +1,123 @@
+require_relative "helper"
+# Status codes, custom headers, content-type, redirect, halt.
+class TestResponse < TepTest
+  app_source <<~RB
+    get '/ok' do
+      "ok"
+    end
+    get '/created' do
+      status 201
+      "made"
+    end
+    get '/no-content' do
+      status 204
+      ""
+    end
+    get '/server-err' do
+      status 500
+      "boom"
+    end
+    get '/plain' do
+      content_type 'text/plain; charset=utf-8'
+      "plain text"
+    end
+    get '/json' do
+      content_type 'application/json'
+      '{"ok":true}'
+    end
+    get '/custom-header' do
+      headers["X-Tep-Test"] = "yep"
+      "with header"
+    end
+    get '/redirect' do
+      redirect '/ok'
+    end
+    get '/redirect-301' do
+      redirect '/ok', 301
+    end
+    get '/halt-401' do
+      halt 401, "denied"
+    end
+    get '/halt-bare' do
+      halt 418
+    end
+  RB
+  def test_default_200
+    res = get("/ok")
+    assert_equal "200", res.code
+    assert_equal "OK", res.message
+  end
+  def test_status_201
+    assert_equal "201", get("/created").code
+  end
+  def test_status_204
+    assert_equal "204", get("/no-content").code
+  end
+  def test_status_500
+    assert_equal "500", get("/server-err").code
+  end
+  def test_default_content_type_html
+    res = get("/ok")
+    assert_match(/text\/html/, res["content-type"])
+  end
+  def test_explicit_content_type_plain
+    res = get("/plain")
+    assert_equal "text/plain; charset=utf-8", res["content-type"]
+  end
+  def test_explicit_content_type_json
+    res = get("/json")
+    assert_equal "application/json", res["content-type"]
+    assert_equal '{"ok":true}', res.body
+  end
+  def test_custom_header
+    res = get("/custom-header")
+    assert_equal "yep", res["x-tep-test"]
+  end
+  def test_redirect_default_302
+    res = get("/redirect")
+    assert_equal "302", res.code
+    assert_equal "/ok", res["location"]
+  end
+  def test_redirect_explicit_301
+    res = get("/redirect-301")
+    assert_equal "301", res.code
+    assert_equal "/ok", res["location"]
+  end
+  def test_halt_with_body
+    res = get("/halt-401")
+    assert_equal "401", res.code
+    assert_equal "denied", res.body
+  end
+  def test_halt_status_only
+    res = get("/halt-bare")
+    assert_equal "418", res.code
+  end
+  def test_content_length
+    res = get("/ok")
+    assert_equal "2", res["content-length"]
+  end
+end

data/test/test_routing.rb ADDED Viewed

@@ -0,0 +1,109 @@
+require_relative "helper"
+# Routing checklist: verbs, path params, query, splat, 404, method
+# mismatch. Mirrors the surface in Sinatra's routing_test.rb that
+# matches our v0.1 scope.
+class TestRouting < TepTest
+  app_source <<~RB
+    get '/' do
+      "root"
+    end
+    get '/hi/:name' do
+      "hi, " + params[:name]
+    end
+    get '/users/:id/posts/:post_id' do
+      "user " + params[:id] + " post " + params[:post_id]
+    end
+    get '/search' do
+      params[:q] + "/" + params[:page]
+    end
+    get '/files/*' do
+      "splat"
+    end
+    post '/echo' do
+      params[:msg]
+    end
+    put '/widgets/:id' do
+      "put " + params[:id]
+    end
+    patch '/widgets/:id' do
+      "patch " + params[:id]
+    end
+    delete '/widgets/:id' do
+      "delete " + params[:id]
+    end
+  RB
+  def test_root
+    res = get("/")
+    assert_equal "200", res.code
+    assert_equal "root", res.body
+  end
+  def test_path_param
+    res = get("/hi/world")
+    assert_equal "200", res.code
+    assert_equal "hi, world", res.body
+  end
+  def test_two_path_params
+    res = get("/users/42/posts/7")
+    assert_equal "200", res.code
+    assert_equal "user 42 post 7", res.body
+  end
+  def test_query_string
+    res = get("/search?q=ruby&page=2")
+    assert_equal "200", res.code
+    assert_equal "ruby/2", res.body
+  end
+  def test_splat
+    res = get("/files/anything")
+    assert_equal "200", res.code
+    assert_equal "splat", res.body
+  end
+  def test_post_form
+    res = post("/echo", "msg=hello",
+               "Content-Type" => "application/x-www-form-urlencoded")
+    assert_equal "200", res.code
+    assert_equal "hello", res.body
+  end
+  def test_put
+    res = put("/widgets/1")
+    assert_equal "200", res.code
+    assert_equal "put 1", res.body
+  end
+  def test_patch
+    res = patch("/widgets/1")
+    assert_equal "200", res.code
+    assert_equal "patch 1", res.body
+  end
+  def test_delete
+    res = delete("/widgets/1")
+    assert_equal "200", res.code
+    assert_equal "delete 1", res.body
+  end
+  def test_404_unknown_path
+    res = get("/nowhere")
+    assert_equal "404", res.code
+  end
+  def test_404_method_mismatch
+    res = post("/", "")
+    assert_equal "404", res.code
+  end
+end

data/test/test_scheduler.rb ADDED Viewed

@@ -0,0 +1,153 @@
+require_relative "helper"
+# Tep::Scheduler -- cooperative fiber scheduler. End-to-end tests
+# covering both parking modes:
+#
+#   * Time-driven (run_until_empty / Fiber.yield)
+#   * I/O-driven (io_wait + poll(2)) -- a fiber parks on a listening
+#     socket, the handler issues an outbound connect against itself
+#     (sphttp_connect) to make the listener readable, the scheduler's
+#     next tick picks up the readiness and resumes the fiber.
+class TestScheduler < TepTest
+  # The prefork handler in /cooperate SIGSEGVs on the
+  # Tep::Scheduler.clear + spawn_fiber + run_until_empty path.
+  # Verified still failing on current spinel master (post the
+  # #641 wave). Minimal repro pending -- the prefork-vs-cooperative
+  # crossover here doesn't reproduce from a 6-class fiber probe.
+  # Class stays skipped so the suite's signal stays useful.
+  def setup
+    skip "Tep::Scheduler primitives SIGSEGV in prefork handlers; " \
+         "minimal repro pending"
+    super
+  end
+  app_source <<~RB
+    require 'sinatra'
+    # Fiber body must be a method call on `self` (no closure over
+    # locals -- see spinel's test/fiber_yield_across_method_call.rb).
+    # So Worker stashes the Fiber in an ivar at construction time
+    # with an implicit-self body `run`, and the handler reads it
+    # back via `fiber`. Each tick appends `name + remaining` to
+    # `@trail` -- per-instance ivar, no class variables (mixing
+    # @@cvar mutation across a Fiber yield boundary tickled a
+    # spinel-side crash on Linux that didn't reproduce on macOS).
+    class Worker
+      attr_accessor :name, :remaining, :trail, :fiber
+      def initialize(n, count)
+        @name = n
+        @remaining = count
+        @trail = ""
+        @fiber = Fiber.new { run }
+      end
+      def run
+        while @remaining > 0
+          if @trail.length > 0
+            @trail = @trail + ","
+          end
+          @trail = @trail + @name + @remaining.to_s
+          @remaining -= 1
+          Fiber.yield
+        end
+      end
+    end
+    get '/cooperate' do
+      Tep::Scheduler.clear
+      w1 = Worker.new("A", 3)
+      Tep::Scheduler.spawn_fiber(w1.fiber)
+      n = Tep::Scheduler.run_until_empty
+      "loops=" + n.to_s + " trail=" + w1.trail
+    end
+    get '/alive' do
+      Tep::Scheduler.clear
+      before = Tep::Scheduler.alive_count.to_s
+      Tep::Scheduler.spawn_fiber(Tep.seed_fiber)
+      after = Tep::Scheduler.alive_count.to_s
+      before + "->" + after
+    end
+    # Park a fiber on a listening socket via io_wait. From outside the
+    # fiber the handler kicks an outbound TCP connect against the same
+    # listener -- now `lfd` is read-ready (pending accept), the next
+    # tick's poll(2) round sees POLLIN, and resumes the fiber with
+    # the ready bits.
+    class IoWorker
+      attr_accessor :result, :lfd, :timeout, :fiber
+      def initialize(lfd, timeout)
+        @lfd = lfd
+        @timeout = timeout
+        @result = -1
+        @fiber = Fiber.new { run }
+      end
+      def run
+        @result = Tep::Scheduler.io_wait(@lfd, Tep::Scheduler::READ, @timeout)
+      end
+    end
+    get '/io_wait_ready' do
+      Tep::Scheduler.clear
+      lfd = Sock.sphttp_listen(15999, 0)
+      w = IoWorker.new(lfd, 3)
+      Tep::Scheduler.spawn_fiber(w.fiber)
+      cfd = Sock.sphttp_connect("127.0.0.1", 15999)
+      Tep::Scheduler.run_for(3)
+      Sock.sphttp_close(cfd)
+      Sock.sphttp_close(lfd)
+      "result=" + w.result.to_s + " cfd=" + (cfd > 0 ? "ok" : "fail")
+    end
+    get '/io_wait_timeout' do
+      Tep::Scheduler.clear
+      lfd = Sock.sphttp_listen(15998, 0)
+      t0 = Time.now.to_i
+      w = IoWorker.new(lfd, 1)
+      Tep::Scheduler.spawn_fiber(w.fiber)
+      Tep::Scheduler.run_for(2)
+      elapsed = Time.now.to_i - t0
+      Sock.sphttp_close(lfd)
+      "result=" + w.result.to_s + " elapsed=" + elapsed.to_s
+    end
+  RB
+  def test_one_fiber_drains_via_run_until_empty
+    res = get("/cooperate")
+    assert_equal "200", res.code
+    body = res.body
+    # 3 iterations of `while @remaining > 0` produce 3 yields. Each
+    # yield gives back control after run_until_empty's tick. After
+    # the third yield the next resume re-enters the while header,
+    # the loop exits, and the fiber body returns -- that's a 4th
+    # successful resume before alive? flips to false. So loops=4.
+    assert_match(/loops=4/, body)
+    assert_match(/trail=A3,A2,A1/, body)
+  end
+  def test_alive_count_changes_as_fibers_spawn
+    res = get("/alive")
+    assert_equal "200", res.code
+    assert_equal "0->1", res.body.strip
+  end
+  def test_io_wait_resumes_when_socket_becomes_readable
+    res = get("/io_wait_ready")
+    assert_equal "200", res.code
+    # READ bit is 1; the connect made the listener accept-ready, so
+    # the fiber should resume with result=1. cfd should be a real fd
+    # (> 0); if connect failed we'd see cfd=fail.
+    assert_match(/result=1/, res.body)
+    assert_match(/cfd=ok/,   res.body)
+  end
+  def test_io_wait_returns_zero_on_timeout
+    res = get("/io_wait_timeout")
+    assert_equal "200", res.code
+    # No connect happens, so the listener never becomes readable.
+    # After ~1s the timeout fires and io_wait returns 0.
+    assert_match(/result=0/, res.body)
+    # 1s timeout, run_for cap 2s, allow either 1 or 2 elapsed seconds
+    # (poll wake-up + clock granularity).
+    assert_match(/elapsed=[12]/, res.body)
+  end
+end

data/test/test_security.rb ADDED Viewed

@@ -0,0 +1,72 @@
+require_relative "helper"
+# Tep::Security::Cors + Tep::Security::Headers -- before / after
+# filter classes that wire into Tep.before / Tep.after.
+class TestSecurity < TepTest
+  app_source <<~RB
+    require 'sinatra'
+    CORS = Tep::Security::Cors.new
+    CORS.set_origin("https://app.example.com")
+    CORS.set_allowed_verbs("GET,POST,DELETE,OPTIONS")
+    CORS.set_allowed_headers("Content-Type,X-Custom")
+    CORS.set_max_age(7200)
+    Tep.before CORS
+    HEADERS = Tep::Security::Headers.new
+    HEADERS.set_hsts(31536000)   # 1 year
+    Tep.after HEADERS
+    get '/' do
+      "ok"
+    end
+    # Route that pre-sets X-Frame-Options before the Headers
+    # after-filter runs -- verifies the filter's
+    # `unless res.headers.key?` guard preserves handler-set values.
+    get '/custom_frame' do
+      res.headers["X-Frame-Options"] = "DENY"
+      "ok"
+    end
+  RB
+  def test_cors_origin_on_get
+    res = get("/")
+    assert_equal "200", res.code
+    assert_equal "https://app.example.com", res["Access-Control-Allow-Origin"]
+    assert_equal "Origin",                  res["Vary"]
+  end
+  def test_cors_preflight_returns_204
+    res = req(:options, "/", nil, {})
+    assert_equal "204",                            res.code
+    assert_equal "GET,POST,DELETE,OPTIONS",        res["Access-Control-Allow-Methods"]
+    assert_equal "Content-Type,X-Custom",          res["Access-Control-Allow-Headers"]
+    assert_equal "7200",                           res["Access-Control-Max-Age"]
+    assert_equal "https://app.example.com",        res["Access-Control-Allow-Origin"]
+  end
+  def test_default_secure_headers_on_response
+    res = get("/")
+    assert_equal "nosniff",                          res["X-Content-Type-Options"]
+    assert_equal "SAMEORIGIN",                       res["X-Frame-Options"]
+    assert_equal "strict-origin-when-cross-origin", res["Referrer-Policy"]
+    assert_equal "0",                                res["X-XSS-Protection"]
+  end
+  def test_hsts_when_configured
+    res = get("/")
+    assert_match(/max-age=31536000/, res["Strict-Transport-Security"])
+    assert_match(/includeSubDomains/, res["Strict-Transport-Security"])
+  end
+  def test_handler_set_header_survives_after_filter
+    # The Headers after-filter only sets each header when not already
+    # present (`unless res.headers.key?`). /custom_frame pre-sets
+    # X-Frame-Options to DENY; the filter must not overwrite it back
+    # to SAMEORIGIN.
+    res = get("/custom_frame")
+    assert_equal "200", res.code
+    assert_equal "DENY", res["X-Frame-Options"]
+  end
+end

data/test/test_server_scheduled.rb ADDED Viewed

@@ -0,0 +1,56 @@
+# Smoke test for Tep::Server::Scheduled (fiber-per-connection server).
+# Validates the basic HTTP request/response loop works under the
+# scheduler. Concurrent-connection / slow-client cases are out of
+# scope for this initial test -- they'll get their own coverage when
+# the WebSocket battery lands and exercises that surface for real.
+require_relative "helper"
+class TestServerScheduled < TepTest
+  app_source <<~RB
+    require "sinatra"
+    set :scheduler, :scheduled
+    get "/ping" do
+      "pong"
+    end
+    get "/echo/:word" do
+      params[:word]
+    end
+    post "/upper" do
+      request.body.upcase
+    end
+  RB
+  def test_basic_get_through_scheduler
+    res = get("/ping")
+    assert_equal "200", res.code
+    assert_equal "pong", res.body
+  end
+  def test_path_capture_through_scheduler
+    res = get("/echo/hello")
+    assert_equal "200", res.code
+    assert_equal "hello", res.body
+  end
+  def test_post_body_through_scheduler
+    res = post("/upper", "hello world")
+    assert_equal "200", res.code
+    assert_equal "HELLO WORLD", res.body
+  end
+  def test_two_sequential_requests
+    # Same connection, two HTTP/1.1 keep-alive requests. The
+    # scheduler's per-connection-fiber must handle the second
+    # iteration of its keep-alive loop correctly.
+    r1 = get("/ping")
+    r2 = get("/echo/two")
+    assert_equal "200", r1.code
+    assert_equal "200", r2.code
+    assert_equal "pong", r1.body
+    assert_equal "two", r2.body
+  end
+end

data/test/test_sessions.rb ADDED Viewed

@@ -0,0 +1,59 @@
+require_relative "helper"
+class TestSessions < TepTest
+  app_source <<~RB
+    Tep.session_secret = "test-secret-1234567890abcdef"
+    get '/login' do
+      session["user"]  = "alice"
+      session["plan"]  = "pro"
+      "logged in"
+    end
+    get '/whoami' do
+      "user=" + session["user"] + " plan=" + session["plan"]
+    end
+    get '/no-session-write' do
+      "ok"
+    end
+  RB
+  def test_login_sets_signed_cookie
+    res = get("/login")
+    assert_equal "200", res.code
+    assert_match(/^tep\.session=/, res["set-cookie"])
+    assert_match(/HttpOnly/, res["set-cookie"])
+    assert_match(/SameSite=Lax/, res["set-cookie"])
+  end
+  def test_session_round_trip
+    login = get("/login")
+    cookie_line = login["set-cookie"]
+    # Extract the Cookie name=value before the first ';'.
+    cookie_pair = cookie_line.split(";").first
+    res = get("/whoami", "Cookie" => cookie_pair)
+    assert_equal "200", res.code
+    assert_equal "user=alice plan=pro", res.body
+  end
+  def test_no_write_no_set_cookie
+    res = get("/no-session-write")
+    assert_equal "200", res.code
+    assert_nil res["set-cookie"]
+  end
+  def test_tampered_cookie_rejected
+    # Take a real session cookie, corrupt the signature, and expect
+    # whoami to see no session data.
+    login    = get("/login")
+    line     = login["set-cookie"]
+    pair     = line.split(";").first
+    name, val = pair.split("=", 2)
+    # Flip a bit in the signature (last char): should fail HMAC verify.
+    tampered = val[0...-1] + (val[-1] == "0" ? "1" : "0")
+    res = get("/whoami", "Cookie" => "#{name}=#{tampered}")
+    # Session is rejected -> empty values for both keys.
+    assert_equal "user= plan=", res.body
+  end
+end

data/test/test_shell.rb ADDED Viewed

@@ -0,0 +1,54 @@
+require_relative "helper"
+# Tep::Shell -- popen + read. Lives behind FFI helpers
+# (sphttp_shell_capture, sphttp_file_read); this test boots a tiny
+# tep app that exercises both from inside a handler.
+class TestShell < TepTest
+  app_source <<~RB
+    require 'sinatra'
+    get '/echo' do
+      Tep::Shell.run("printf hello").strip
+    end
+    get '/run_limited' do
+      # Cap at 3 bytes; full output is "hello" -- we should see "hel".
+      Tep::Shell.run_limited("printf hello", 3)
+    end
+    get '/file' do
+      # /etc/hosts ships on Linux + macOS + BSDs; /etc/hostname is
+      # Linux-only (macOS keeps the hostname in scutil instead).
+      Tep::Shell.read("/etc/hosts").length.to_s
+    end
+    get '/missing' do
+      Tep::Shell.read("/does/not/exist/at/all").length.to_s
+    end
+  RB
+  def test_run_captures_stdout
+    res = get("/echo")
+    assert_equal "200", res.code
+    assert_equal "hello", res.body.strip
+  end
+  def test_run_respects_byte_cap
+    res = get("/run_limited")
+    assert_equal "200", res.code
+    assert_equal "hel", res.body
+  end
+  def test_read_returns_bytes_for_real_file
+    res = get("/file")
+    assert_equal "200", res.code
+    # /etc/hosts is always non-empty on any sane Unix.
+    assert_operator res.body.strip.to_i, :>=, 1
+  end
+  def test_read_returns_empty_on_missing_path
+    res = get("/missing")
+    assert_equal "200", res.code
+    assert_equal "0", res.body.strip
+  end
+end