@heytherevibin/skillforge 0.2.1 → 0.8.0

package/python/tests/test_mcp_contract.py

@@ -0,0 +1,137 @@
+"""Tests for MCP Phase 0 response contract (no heavy deps)."""
+from __future__ import annotations
+
+from types import SimpleNamespace
+
+from app.mcp_contract import MCP_RESPONSE_SCHEMA_VERSION, build_route_skills_meta
+
+
+def test_build_route_skills_meta_basic() -> None:
+    sk_a = SimpleNamespace(name="skill-a", body="alpha" * 100)
+    sk_b = SimpleNamespace(name="skill-b", body="beta")
+    skills_map = {"skill-a": sk_a, "skill-b": sk_b}
+    cand_skill = SimpleNamespace(name="skill-a")
+    result = {
+        "candidates": [(cand_skill, 0.91), (sk_b, 0.5)],
+        "reasoning": "test",
+        "session_id": "sid-1",
+        "rerouted": False,
+        "change": 0.2,
+        "route_ms": 12.3,
+    }
+    text = "# header\n\nbody"
+    meta = build_route_skills_meta(
+        result=result,
+        picked_names=["skill-a"],
+        user_id="u1",
+        db_path="/tmp/db.sqlite",
+        skills_map=skills_map,
+        response_text=text,
+    )
+    assert meta["schema_version"] == MCP_RESPONSE_SCHEMA_VERSION
+    assert "fusion" not in meta
+    assert meta["context_items_count"] == 0
+    assert meta["budget"]["chars_project_chunks"] == 0
+    assert meta["budget"]["chars_context_items_total"] == meta["budget"]["chars_skill_bodies"]
+    assert meta["sources"] == [
+        {"kind": "skill", "ref": "skill-a", "line_start": None, "line_end": None, "score": None},
+    ]
+    assert meta["budget"]["chars_skill_bodies"] == 100 * len("alpha")
+    assert meta["budget"]["chars_response_total"] == len(text)
+    assert meta["picked"] == ["skill-a"]
+    assert len(meta["candidates_preview"]) >= 1
+    assert meta["candidates_preview"][0]["name"] == "skill-a"
+
+
+def test_build_route_skills_meta_with_context_items() -> None:
+    sk = __import__("types").SimpleNamespace(name="skill-a", body="full")
+    skills_map = {"skill-a": sk}
+    result = {"candidates": [], "reasoning": "r", "session_id": "s", "rerouted": False, "change": 0.0, "route_ms": 1.0}
+    items = [
+        {"skill": "skill-a", "path": None, "line_start": 1, "line_end": 5, "text": "chunktext", "score": 0.88},
+    ]
+    meta = build_route_skills_meta(
+        result=result,
+        picked_names=["skill-a"],
+        user_id="u",
+        db_path="db.sqlite",
+        skills_map=skills_map,
+        response_text="out",
+        context_items=items,
+    )
+    assert meta["schema_version"] == MCP_RESPONSE_SCHEMA_VERSION
+    assert meta["context_items_count"] == 1
+    assert meta["sources"][0]["line_start"] == 1
+    assert meta["sources"][0]["line_end"] == 5
+    assert meta["budget"]["chars_skill_bodies"] == len("chunktext")
+    assert meta["budget"]["chars_project_chunks"] == 0
+    assert meta["budget"]["chars_context_items_total"] == len("chunktext")
+
+
+def test_build_route_skills_meta_mixed_skill_and_file() -> None:
+    skills_map = {}
+    result = {"candidates": [], "session_id": "s", "rerouted": False, "change": 0.0, "route_ms": 1.0}
+    items = [
+        {"skill": "sk", "path": None, "line_start": 1, "line_end": 2, "text": "AA", "score": 0.9},
+        {"skill": None, "path": "lib/x.py", "line_start": 10, "line_end": 12, "text": "BB", "score": 0.8},
+    ]
+    meta = build_route_skills_meta(
+        result=result,
+        picked_names=["sk"],
+        user_id="u",
+        db_path="db.sqlite",
+        skills_map=skills_map,
+        response_text="o",
+        context_items=items,
+    )
+    assert meta["sources"][0]["kind"] == "skill"
+    assert meta["sources"][1]["kind"] == "file"
+    assert meta["sources"][1]["ref"] == "lib/x.py"
+    assert meta["budget"]["chars_skill_bodies"] == 2
+    assert meta["budget"]["chars_project_chunks"] == 2
+    assert meta["budget"]["chars_context_items_total"] == 4
+
+
+def test_build_route_skills_meta_includes_fusion() -> None:
+    items = [
+        {"skill": "sk", "path": None, "line_start": 1, "line_end": 2, "text": "a", "score": 0.9, "mmr_rank": 1},
+    ]
+    meta = build_route_skills_meta(
+        result={"candidates": [], "session_id": "s", "rerouted": False, "change": 0.0, "route_ms": 1.0},
+        picked_names=["sk"],
+        user_id="u",
+        db_path="db.sqlite",
+        skills_map={},
+        response_text="o",
+        context_items=items,
+        fusion={"enabled": True, "lambda": 0.7, "selected_count": 1},
+    )
+    assert meta["fusion"]["enabled"] is True
+    assert meta["sources"][0].get("mmr_rank") == 1
+
+
+def test_build_route_skills_meta_includes_context_redaction() -> None:
+    meta = build_route_skills_meta(
+        result={"candidates": [], "session_id": "s", "rerouted": False, "change": 0.0, "route_ms": 1.0},
+        picked_names=[],
+        user_id="u",
+        db_path="db.sqlite",
+        skills_map={},
+        response_text="x",
+        context_redaction={"enabled": True, "secret_hits": 2, "path_hits": 1},
+    )
+    assert meta["context_redaction"]["secret_hits"] == 2
+
+
+def test_build_route_skills_meta_error_field() -> None:
+    meta = build_route_skills_meta(
+        result={"candidates": []},
+        picked_names=[],
+        user_id="",
+        db_path="x.db",
+        skills_map={},
+        response_text="err",
+        error="empty_prompt",
+    )
+    assert meta["error"] == "empty_prompt"
+    assert meta["sources"] == []

package/python/tests/test_project_index.py

@@ -0,0 +1,76 @@
+"""Project index: DB + retrieval (lightweight fake embedder)."""
+from __future__ import annotations
+
+import sqlite3
+from pathlib import Path
+
+import numpy as np
+
+from app.project_index import (
+    ensure_project_index_schema,
+    index_project,
+    is_indexable_file,
+    retrieve_project_context_items,
+    should_skip_dir,
+)
+
+
+class _FakeEmbed:
+    dim = 16
+
+    def encode(self, texts, **kwargs):
+        if isinstance(texts, str):
+            texts = [texts]
+        out = []
+        for t in texts:
+            seed = sum(ord(c) for c in t[:120]) % (2**31)
+            rng = np.random.RandomState(seed)
+            v = rng.randn(self.dim).astype(np.float32)
+            nrm = float(np.linalg.norm(v)) or 1.0
+            v /= nrm
+            out.append(v)
+        return np.stack(out, axis=0)
+
+    def get_sentence_embedding_dimension(self):
+        return self.dim
+
+
+def test_should_skip_dir() -> None:
+    assert should_skip_dir("node_modules")
+    assert not should_skip_dir("src")
+
+
+def test_is_indexable_file() -> None:
+    assert is_indexable_file(Path("foo.py"))
+    assert not is_indexable_file(Path("image.png"))
+
+
+def test_index_and_retrieve_roundtrip(tmp_path, monkeypatch) -> None:
+    monkeypatch.setenv("SKILLFORGE_EMBED_MODEL", "fake-for-test")
+    monkeypatch.setenv("SKILLFORGE_PROJECT_RAG_MAX_CHARS", "8000")
+
+    root = tmp_path / "proj"
+    root.mkdir()
+    (root / "src").mkdir()
+    (root / "src" / "hello.py").write_text(
+        "def hello():\n    return 42\n\n# explanation\n",
+        encoding="utf-8",
+    )
+
+    db_path = tmp_path / "orchestrator.db"
+    con = sqlite3.connect(str(db_path))
+    ensure_project_index_schema(con)
+    try:
+        fake = _FakeEmbed()
+        stats = index_project(con, root, fake, reset=True)
+        assert stats["chunks_written"] >= 1
+        cur = con.execute("SELECT COUNT(*) FROM project_chunks")
+        assert int(cur.fetchone()[0]) >= 1
+
+        items = retrieve_project_context_items(con, fake, "hello function return", max_total_chars=5000)
+        assert items
+        assert items[0]["path"] == "src/hello.py"
+        assert items[0]["line_start"] >= 1
+        assert "42" in items[0]["text"] or "hello" in items[0]["text"]
+    finally:
+        con.close()

package/python/tests/test_redaction.py

@@ -0,0 +1,51 @@
+"""Tests for context redaction (stdlib)."""
+from __future__ import annotations
+
+import app.redaction as R
+from app.redaction import (
+    redact_context_path_field,
+    redact_home_path_prefix,
+    redact_secret_patterns,
+    sanitize_context_items,
+)
+
+
+def test_redact_anthropic_key_shape() -> None:
+    t, n = redact_secret_patterns(
+        "token sk-ant-api03-ABCDEFGHIJKLMNOPQRSTUVWXYZ123456"
+    )
+    assert n >= 1
+    assert "sk-ant-api" not in t
+    assert "[REDACTED_ANTHROPIC_KEY]" in t
+
+
+def test_redact_assignment_line() -> None:
+    t, n = redact_secret_patterns("export ANTHROPIC_API_KEY=sk-not-real-value-here")
+    assert n >= 1
+    assert "sk-not-real" not in t
+
+
+def test_redact_home_path_prefix() -> None:
+    R._HOME_RESOLVED = "/Users/testuser"
+    s, n = redact_home_path_prefix("/Users/testuser/repos/app/main.py")
+    assert n == 1
+    assert s == "[HOME]/repos/app/main.py"
+    R._HOME_RESOLVED = None  # reset for other tests
+
+
+def test_sanitize_context_mutates_text_and_path() -> None:
+    R._HOME_RESOLVED = "/Users/x"
+    items = [
+        {"skill": "s", "path": "/Users/x/p/a.py", "text": "k sk-ant-api03-AAAAAAAAAAAAAAAAAAAAAAAAAAAA", "line_start": 1, "line_end": 2},
+    ]
+    sh, ph = sanitize_context_items(items)
+    assert sh >= 1
+    assert ph >= 1
+    assert "sk-ant" not in items[0]["text"]
+    assert str(items[0]["path"]).startswith("[HOME]/")
+    R._HOME_RESOLVED = None
+
+
+def test_redact_context_path_none() -> None:
+    s, n = redact_context_path_field(None)
+    assert s is None and n == 0

package/python/tests/test_route_policies.py

@@ -0,0 +1,115 @@
+"""Tests for route policy loading and merge."""
+from __future__ import annotations
+
+import pytest
+
+from app.main import Skill, init_db
+from app.route_policies import load_route_policies_config, merge_policy_includes
+
+
+@pytest.fixture
+def skill_alpha() -> Skill:
+    return Skill(
+        name="alpha-skill",
+        title="Alpha",
+        description="test",
+        body="body",
+        source="bundled",
+    )
+
+
+def test_merge_adds_on_regex_match(tmp_path, skill_alpha, monkeypatch) -> None:
+    monkeypatch.delenv("SKILLFORGE_ROUTE_POLICIES", raising=False)
+    monkeypatch.delenv("SKILLFORGE_ROUTE_POLICIES_FILE", raising=False)
+    con = init_db(tmp_path / "x.db")
+    policies = {"rules": [{"if_text_matches": r"(?i)oauth", "include": ["alpha-skill"]}]}
+    by_name = {skill_alpha.name: skill_alpha}
+    merged, audit = merge_policy_includes(
+        "Fix OAuth callback",
+        ["other-skill"],
+        policies,
+        by_name,
+        con,
+        "",
+        max_active=7,
+    )
+    assert merged[0] == "other-skill"
+    assert "alpha-skill" in merged
+    assert any(r.get("effect") == "added" for r in audit)
+
+
+def test_merge_unknown_skill_audited(tmp_path, skill_alpha, monkeypatch) -> None:
+    monkeypatch.delenv("SKILLFORGE_ROUTE_POLICIES", raising=False)
+    con = init_db(tmp_path / "y.db")
+    policies = {"rules": [{"if_text_matches": "auth", "include": ["missing"]}]}
+    by_name = {skill_alpha.name: skill_alpha}
+    merged, audit = merge_policy_includes(
+        "auth bug",
+        [],
+        policies,
+        by_name,
+        con,
+        "",
+        max_active=7,
+    )
+    assert merged == []
+    assert any(r.get("effect") == "unknown_skill" for r in audit)
+
+
+def test_merge_respects_max_active(tmp_path, skill_alpha, monkeypatch) -> None:
+    monkeypatch.delenv("SKILLFORGE_ROUTE_POLICIES", raising=False)
+    con = init_db(tmp_path / "z.db")
+    policies = {"rules": [{"if_text_matches": "x", "include": ["alpha-skill"]}]}
+    by_name = {skill_alpha.name: skill_alpha}
+    picked = ["a", "b", "c", "d", "e", "f", "g"]
+    merged, audit = merge_policy_includes(
+        "x",
+        picked,
+        policies,
+        by_name,
+        con,
+        "",
+        max_active=7,
+    )
+    assert len(merged) == 7
+    assert "alpha-skill" not in merged
+    assert any(r.get("effect") == "skipped_max_active" for r in audit)
+
+
+def test_load_from_project_file(tmp_path, monkeypatch) -> None:
+    monkeypatch.delenv("SKILLFORGE_ROUTE_POLICIES", raising=False)
+    monkeypatch.delenv("SKILLFORGE_ROUTE_POLICIES_FILE", raising=False)
+    p = tmp_path / "skillforge-policies.json"
+    p.write_text(
+        '{"rules": [{"if_text_matches": "hi", "include": ["z"]}]}',
+        encoding="utf-8",
+    )
+    root = str(tmp_path)
+    cfg = load_route_policies_config(root)
+    assert len(cfg.get("rules") or []) == 1
+
+
+def test_load_inline_env_json(monkeypatch) -> None:
+    monkeypatch.setenv(
+        "SKILLFORGE_ROUTE_POLICIES",
+        '{"rules": [{"if_text_matches": "a", "include": ["b"]}]}',
+    )
+    cfg = load_route_policies_config(None)
+    assert cfg["rules"][0]["include"] == ["b"]
+
+
+def test_invalid_regex_recorded(tmp_path, skill_alpha, monkeypatch) -> None:
+    monkeypatch.delenv("SKILLFORGE_ROUTE_POLICIES", raising=False)
+    con = init_db(tmp_path / "r.db")
+    policies = {"rules": [{"if_text_matches": "(bad[regex", "include": ["alpha-skill"]}]}
+    by_name = {skill_alpha.name: skill_alpha}
+    _m, audit = merge_policy_includes(
+        "x",
+        [],
+        policies,
+        by_name,
+        con,
+        "",
+        max_active=7,
+    )
+    assert any(r.get("effect") == "invalid_regex" for r in audit)

package/python/tests/test_routing_signals.py

@@ -0,0 +1,77 @@
+"""Tests for conversation-aware route text, skill cards, and hybrid helpers."""
+from __future__ import annotations
+
+import numpy as np
+import pytest
+
+from app.main import Skill, parse_skill_md
+from app.routing_signals import (
+    build_route_query_text,
+    keyword_overlap_scores,
+    normalize_minmax,
+    skill_routing_card,
+)
+
+
+def test_build_route_query_legacy(monkeypatch) -> None:
+    monkeypatch.setenv("SKILLFORGE_ROUTER_CONV_MAX_TURNS", "0")
+    out = build_route_query_text("hello", [{"role": "user", "content": "prev"}])
+    assert out == "hello"
+
+
+def test_build_route_query_merges_turns(monkeypatch) -> None:
+    monkeypatch.setenv("SKILLFORGE_ROUTER_CONV_MAX_TURNS", "2")
+    monkeypatch.setenv("SKILLFORGE_ROUTER_CONV_MSG_CHARS", "80")
+    conv = [
+        {"role": "user", "content": "first msg"},
+        {"role": "assistant", "content": "reply"},
+    ]
+    out = build_route_query_text("current ask", conv)
+    assert "user: first msg" in out
+    assert "assistant: reply" in out
+    assert "Current user message:" in out
+    assert out.endswith("current ask")
+
+
+def test_skill_routing_card_includes_triggers() -> None:
+    s = Skill(
+        name="x",
+        title="X Skill",
+        description="does things",
+        body="",
+        source="bundled",
+        triggers="when foo",
+        anti_triggers="not bar",
+    )
+    card = skill_routing_card(s)
+    assert "X Skill" in card
+    assert "Triggers: when foo" in card
+    assert "Anti-triggers: not bar" in card
+
+
+def test_normalize_minmax() -> None:
+    a = np.array([1.0, 3.0, 5.0])
+    assert np.allclose(normalize_minmax(a), [0.0, 0.5, 1.0])
+    flat = np.array([2.0, 2.0, 2.0])
+    assert np.allclose(normalize_minmax(flat), [0.0, 0.0, 0.0])
+
+
+def test_keyword_overlap_scores() -> None:
+    cards = ["alpha beta gamma", "foo bar"]
+    q = "beta search"
+    sc = keyword_overlap_scores(q, cards)
+    assert sc[0] > sc[1]
+
+
+def test_parse_skill_triggers(tmp_path) -> None:
+    md = tmp_path / "my-skill" / "SKILL.md"
+    md.parent.mkdir(parents=True, exist_ok=True)
+    md.write_text(
+        "---\nname: Nice\ndescription: Desc\ntriggers: when testing\n"
+        "anti_triggers: never for prod\n---\n\n# Body\n",
+        encoding="utf-8",
+    )
+    s = parse_skill_md(md, "bundled")
+    assert s is not None
+    assert s.triggers == "when testing"
+    assert s.anti_triggers == "never for prod"

package/python/app/auth.py

@@ -1,63 +0,0 @@
-"""
-Bearer-token auth and per-user namespacing.
-
-Single-user mode (default): no token required, all state goes to user_id=''.
-Multi-user mode: set SKILLFORGE_AUTH_TOKENS env var to a JSON map of
-{"token-value": "user-id"}. Requests must send Authorization: Bearer <token>.
-The resolved user_id is then used to scope sessions, weights, and events.
-
-This keeps the architecture single-process (one SQLite, one router instance)
-while letting each user have isolated learning state.
-"""
-from __future__ import annotations
-
-import json
-import os
-from typing import Optional
-
-from fastapi import HTTPException, Request
-
-
-# ---- Token registry ----
-
-def _load_tokens() -> dict[str, str]:
-    """Read SKILLFORGE_AUTH_TOKENS env (JSON: {token: user_id})."""
-    raw = os.getenv("SKILLFORGE_AUTH_TOKENS", "").strip()
-    if not raw:
-        return {}
-    try:
-        m = json.loads(raw)
-        if not isinstance(m, dict):
-            print("[skillforge] SKILLFORGE_AUTH_TOKENS must be a JSON object")
-            return {}
-        return {str(k): str(v) for k, v in m.items()}
-    except json.JSONDecodeError:
-        print("[skillforge] SKILLFORGE_AUTH_TOKENS is not valid JSON, ignoring")
-        return {}
-
-
-_TOKENS = _load_tokens()
-_AUTH_REQUIRED = bool(_TOKENS)
-
-
-def auth_enabled() -> bool:
-    return _AUTH_REQUIRED
-
-
-def resolve_user(request: Request) -> str:
-    """Get user_id from a request.
-
-    - If auth is not configured (single-user mode): returns ''.
-    - If auth is configured: extracts bearer token, returns mapped user_id,
-      or raises 401.
-    """
-    if not _AUTH_REQUIRED:
-        return ""
-    header = request.headers.get("authorization", "")
-    if not header.lower().startswith("bearer "):
-        raise HTTPException(status_code=401, detail="Missing bearer token")
-    token = header[7:].strip()
-    user_id = _TOKENS.get(token)
-    if not user_id:
-        raise HTTPException(status_code=401, detail="Invalid token")
-    return user_id

package/python/app/cli.py

@@ -1,78 +0,0 @@
-"""Dev harness: terminal client for POST /chat (requires `skillforge start` + API key)."""
-import argparse
-import json
-import sys
-import uuid
-
-import httpx
-
-
-def main():
-    ap = argparse.ArgumentParser()
-    ap.add_argument("--url", default="http://localhost:8000")
-    args = ap.parse_args()
-
-    session_id = str(uuid.uuid4())
-    conversation = []
-    print(f"\nskillforge chat — session {session_id[:8]}")
-    print("Commands: 'exit' to quit, 'reset' for new session\n")
-
-    while True:
-        try:
-            prompt = input("you ▸ ").strip()
-        except (EOFError, KeyboardInterrupt):
-            print()
-            break
-        if not prompt:
-            continue
-        if prompt == "exit":
-            break
-        if prompt == "reset":
-            session_id = str(uuid.uuid4())
-            conversation = []
-            print(f"[new session: {session_id[:8]}]\n")
-            continue
-
-        full = []
-        picked = []
-        try:
-            with httpx.stream(
-                "POST",
-                f"{args.url}/chat",
-                json={"prompt": prompt, "session_id": session_id, "conversation": conversation},
-                timeout=120.0,
-            ) as r:
-                if r.status_code != 200:
-                    print(f"[error {r.status_code}] {r.read().decode()}")
-                    continue
-                print("claude ▸ ", end="", flush=True)
-                for line in r.iter_lines():
-                    if not line.startswith("data: "):
-                        continue
-                    try:
-                        data = json.loads(line[6:])
-                    except json.JSONDecodeError:
-                        continue
-                    if "delta" in data:
-                        sys.stdout.write(data["delta"])
-                        sys.stdout.flush()
-                        full.append(data["delta"])
-                    elif "done" in data:
-                        picked = data.get("picked", [])
-                    elif "error" in data:
-                        print(f"\n[stream error] {data['error']}")
-        except httpx.HTTPError as e:
-            print(f"\n[connection error] {e}")
-            print("Is the server running? Try: skillforge start")
-            continue
-
-        print()
-        if picked:
-            print(f"   \033[2m↳ skills used: {', '.join(picked)}\033[0m")
-        print()
-        conversation.append({"role": "user", "content": prompt})
-        conversation.append({"role": "assistant", "content": "".join(full)})
-
-
-if __name__ == "__main__":
-    main()