create-workframe 0.1.0 → 0.1.2

package/workframe-api/tests/db_setup.py

@@ -1,13 +0,0 @@
-"""Ensure workframe.db schema exists in isolated test temp dirs."""
-import server
-
-
-def ensure_workframe_schemas() -> None:
-    server._ensure_workframe_db_schema()
-    server._ensure_agent_runs_schema()
-    server._ensure_invites_schema()
-    server._ensure_memory_schema()
-    server._ensure_policies_schema()
-    server._ensure_budgets_grants_schema()
-    server._ensure_user_prefs_schema()
-    server._ensure_runtime_tokens_table()

package/workframe-api/tests/test_admin_updates_gated.py

@@ -1,30 +0,0 @@
-import os
-import unittest
-from unittest import mock
-
-import updates
-
-
-class AdminUpdatesGatedTests(unittest.TestCase):
-  def test_apply_update_disabled_without_flag(self) -> None:
-    with mock.patch.dict(os.environ, {"WORKFRAME_ENABLE_ADMIN_UPDATES": "0"}, clear=False):
-      with self.assertRaises(ValueError) as ctx:
-        updates.apply_update("workframe")
-      self.assertIn("admin_updates_disabled", str(ctx.exception))
-
-  def test_apply_update_enabled_with_flag(self) -> None:
-    with mock.patch.dict(os.environ, {"WORKFRAME_ENABLE_ADMIN_UPDATES": "1"}, clear=False):
-      with mock.patch.object(updates.Path, "exists", return_value=False):
-        with self.assertRaises(ValueError) as ctx:
-          updates.apply_update("workframe")
-        self.assertIn("docker_unavailable", str(ctx.exception))
-
-  def test_restart_gateway_disabled_without_flag(self) -> None:
-    with mock.patch.dict(os.environ, {"WORKFRAME_ENABLE_ADMIN_UPDATES": "0"}, clear=False):
-      with self.assertRaises(ValueError) as ctx:
-        updates.restart_gateway()
-      self.assertIn("admin_updates_disabled", str(ctx.exception))
-
-
-if __name__ == "__main__":
-  unittest.main()

package/workframe-api/tests/test_agent_dm_bootstrap.py

@@ -1,196 +0,0 @@
-"""Agent DM lane bootstrap — runtime + room + session parity with install complete."""
-import os
-import tempfile
-import unittest
-from pathlib import Path
-from unittest import mock
-
-import server
-from db_setup import ensure_workframe_schemas
-
-
-class AgentDmBootstrapTests(unittest.TestCase):
-    def setUp(self) -> None:
-        self.tmp = tempfile.TemporaryDirectory()
-        self.addCleanup(self.tmp.cleanup)
-        data = Path(self.tmp.name) / "data"
-        data.mkdir()
-        self.patches = [
-            mock.patch.object(server, "DATA_DIR", data),
-            mock.patch.object(server, "AUTH_DB_PATH", data / "auth.db"),
-            mock.patch.object(server, "_workframe_db_path", return_value=data / "workframe.db"),
-            mock.patch.dict(os.environ, {"WORKFRAME_PROJECT": "Workframe"}, clear=False),
-        ]
-        for patch in self.patches:
-            patch.start()
-            self.addCleanup(patch.stop)
-        ensure_workframe_schemas()
-        self.workspace_id = "ws-1"
-        self.user_id = "user-1"
-        self.agent_id = "a0000000-0000-4000-8000-000000000001"
-        self.agent_slug = "dev"
-        conn = server._workframe_db()
-        try:
-            now = "1"
-            conn.execute(
-                "INSERT INTO workspaces (id, slug, display_name, owner_id, status, created_at, updated_at) VALUES (?,?,?,?,?,?,?)",
-                (self.workspace_id, "default", "Workframe", self.user_id, "active", now, now),
-            )
-            conn.execute(
-                """
-                INSERT INTO agent_profiles (id, workspace_id, slug, display_name, status, created_at, updated_at)
-                VALUES (?, ?, ?, ?, 'available', ?, ?)
-                """,
-                (self.agent_id, self.workspace_id, self.agent_slug, "Dev", now, now),
-            )
-            conn.commit()
-        finally:
-            conn.close()
-
-    @mock.patch.object(server, "ensure_profile_api", return_value={"ok": True, "api_port": 1})
-    @mock.patch.object(server, "room_chat_bind", return_value={"ok": True, "session_id": "sid-1"})
-    @mock.patch.object(server, "_bootstrap_profile_providers", return_value=True)
-    @mock.patch.object(server, "ensure_runtime_profile")
-    @mock.patch.object(server, "resolve_validated_profile", side_effect=lambda slug: slug)
-    def test_bootstrap_creates_agent_profile_row_before_dm_room(
-        self,
-        _resolve,
-        _ensure_runtime,
-        _bootstrap,
-        _bind,
-        _ensure_api,
-    ) -> None:
-        conn = server._workframe_db()
-        try:
-            conn.execute("DELETE FROM agent_profiles WHERE workspace_id = ?", (self.workspace_id,))
-            conn.commit()
-            count = conn.execute(
-                "SELECT COUNT(*) FROM agent_profiles WHERE workspace_id = ? AND slug = ?",
-                (self.workspace_id, self.agent_slug),
-            ).fetchone()[0]
-        finally:
-            conn.close()
-        self.assertEqual(count, 0)
-
-        out = server.bootstrap_agent_dm_lane(self.user_id, self.workspace_id, self.agent_slug)
-        self.assertTrue(out["ok"], out)
-        self.assertTrue(str(out.get("room_id") or "").strip())
-
-        conn = server._workframe_db()
-        try:
-            row = conn.execute(
-                "SELECT id FROM agent_profiles WHERE workspace_id = ? AND slug = ?",
-                (self.workspace_id, self.agent_slug),
-            ).fetchone()
-            room = conn.execute(
-                "SELECT id FROM rooms WHERE workspace_id = ? AND room_type = 'direct' AND deleted_at IS NULL",
-                (self.workspace_id,),
-            ).fetchone()
-        finally:
-            conn.close()
-        self.assertIsNotNone(row)
-        self.assertIsNotNone(room)
-
-    @mock.patch.object(server, "ensure_profile_api", return_value={"ok": True, "api_port": 1})
-    @mock.patch.object(server, "room_chat_bind", return_value={"ok": True, "session_id": "sid-1"})
-    @mock.patch.object(server, "_create_room", return_value=(201, {"ok": True, "room": {"id": "room-dev", "room_type": "direct"}}))
-    @mock.patch.object(server, "_bootstrap_profile_providers", return_value=True)
-    @mock.patch.object(server, "ensure_runtime_profile")
-    @mock.patch.object(server, "resolve_validated_profile", side_effect=lambda slug: slug)
-    def test_bootstrap_agent_dm_lane_end_to_end(
-        self,
-        _resolve,
-        ensure_runtime,
-        _bootstrap,
-        _create_room,
-        _bind,
-        _ensure_api,
-    ) -> None:
-        out = server.bootstrap_agent_dm_lane(self.user_id, self.workspace_id, self.agent_slug)
-        self.assertTrue(out["ok"])
-        self.assertEqual(out["room_id"], "room-dev")
-        self.assertEqual(out["session_id"], "sid-1")
-        ensure_runtime.assert_called_once()
-        _bind.assert_called_once()
-
-    @mock.patch.object(server, "ensure_profile_api", return_value={"ok": True, "api_port": 1})
-    @mock.patch.object(server, "room_chat_bind", return_value={"ok": True, "session_id": "sid-1"})
-    @mock.patch.object(server, "_create_room", return_value=(201, {"ok": True, "room": {"id": "room-dev", "room_type": "direct"}}))
-    @mock.patch.object(server, "_bootstrap_profile_providers", return_value=True)
-    @mock.patch.object(server, "ensure_runtime_profile")
-    @mock.patch.object(server, "resolve_validated_profile", side_effect=lambda slug: slug)
-    def test_bootstrap_skips_second_provider_bootstrap(
-        self,
-        _resolve,
-        _ensure_runtime,
-        bootstrap,
-        _create_room,
-        _bind,
-        ensure_api,
-    ) -> None:
-        server.bootstrap_agent_dm_lane(self.user_id, self.workspace_id, self.agent_slug)
-        bootstrap.assert_called_once()
-        ensure_api.assert_called_once_with(
-            mock.ANY,
-            self.user_id,
-            self.workspace_id,
-            bootstrap_providers=False,
-        )
-
-    @mock.patch.object(server, "ensure_runtime_profile", side_effect=ValueError("gateway down"))
-    @mock.patch.object(server, "resolve_validated_profile", side_effect=lambda slug: slug)
-    def test_bootstrap_agent_dm_lane_runtime_failure(self, _resolve, _ensure) -> None:
-        out = server.bootstrap_agent_dm_lane(self.user_id, self.workspace_id, self.agent_slug)
-        self.assertFalse(out["ok"])
-        self.assertIn("gateway down", str(out.get("error")))
-
-    @mock.patch.object(
-        server,
-        "ensure_profile_api",
-        side_effect=[
-            ValueError("profile api did not become healthy: u-user-dev"),
-            ValueError("profile api did not become healthy: u-user-dev"),
-            {"ok": True, "api_port": 1},
-        ],
-    )
-    @mock.patch.object(server, "room_chat_bind", return_value={"ok": True, "session_id": "sid-1"})
-    @mock.patch.object(server, "_create_room", return_value=(201, {"ok": True, "room": {"id": "room-dev", "room_type": "direct"}}))
-    @mock.patch.object(server, "_bootstrap_profile_providers", return_value=True)
-    @mock.patch.object(server, "ensure_runtime_profile")
-    @mock.patch.object(server, "resolve_validated_profile", side_effect=lambda slug: slug)
-    def test_bootstrap_retries_gateway_start_once(
-        self,
-        _resolve,
-        _ensure_runtime,
-        _bootstrap,
-        _create_room,
-        _bind,
-        ensure_api,
-    ) -> None:
-        out = server.bootstrap_agent_dm_lane(self.user_id, self.workspace_id, self.agent_slug)
-        self.assertTrue(out["ok"])
-        self.assertEqual(ensure_api.call_count, 3)
-
-    @mock.patch.object(server, "ensure_profile_api", return_value={"ok": True, "api_port": 1})
-    @mock.patch.object(server, "room_chat_bind", return_value={})
-    @mock.patch.object(server, "_create_room", return_value=(201, {"ok": True, "room": {"id": "room-dev", "room_type": "direct"}}))
-    @mock.patch.object(server, "_bootstrap_profile_providers", return_value=True)
-    @mock.patch.object(server, "ensure_runtime_profile")
-    @mock.patch.object(server, "resolve_validated_profile", side_effect=lambda slug: slug)
-    def test_bootstrap_bind_failure_returns_ok_false(
-        self,
-        _resolve,
-        ensure_runtime,
-        _bootstrap,
-        _create_room,
-        _bind,
-        _ensure_api,
-    ) -> None:
-        out = server.bootstrap_agent_dm_lane(self.user_id, self.workspace_id, self.agent_slug)
-        self.assertFalse(out["ok"])
-        self.assertEqual(out.get("error"), "room_chat_bind_failed")
-        ensure_runtime.assert_called_once()
-
-
-if __name__ == "__main__":
-    unittest.main()

package/workframe-api/tests/test_agent_profile_sync.py

@@ -1,76 +0,0 @@
-import tempfile
-import unittest
-from pathlib import Path
-from unittest.mock import patch
-
-import server
-from db_setup import ensure_workframe_schemas
-
-
-class AgentProfileSyncTests(unittest.TestCase):
-    def setUp(self) -> None:
-        self._tmp = tempfile.TemporaryDirectory()
-        self.addCleanup(self._tmp.cleanup)
-        self._old_data_dir = server.DATA_DIR
-        self._old_auth_db_path = server.AUTH_DB_PATH
-        server.DATA_DIR = Path(self._tmp.name)
-        server.AUTH_DB_PATH = Path(self._tmp.name) / "auth.db"
-        ensure_workframe_schemas()
-        conn = server._workframe_db()
-        try:
-            now = "1"
-            conn.execute(
-                """
-                INSERT INTO workspaces (id, slug, display_name, owner_id, status, created_at, updated_at)
-                VALUES (?, ?, ?, ?, ?, ?, ?)
-                """,
-                ("ws-1", "default", "Default", "user-1", "active", now, now),
-            )
-            conn.execute(
-                """
-                INSERT INTO agent_profiles (
-                    id, workspace_id, slug, display_name, status, created_at, updated_at
-                ) VALUES (?, ?, ?, ?, ?, ?, ?)
-                """,
-                ("agent-1", "ws-1", "workframe-agent", "Workframe Agent", "available", now, now),
-            )
-            conn.commit()
-        finally:
-            conn.close()
-
-    def tearDown(self) -> None:
-        server.DATA_DIR = self._old_data_dir
-        server.AUTH_DB_PATH = self._old_auth_db_path
-
-    def test_sync_agent_profile_db_writes_avatar_url(self) -> None:
-        avatar = "data:image/png;base64,abc"
-        server._sync_agent_profile_db("workframe-agent", {"avatar_url": avatar, "display_name": "WF"})
-        conn = server._workframe_db()
-        try:
-            row = conn.execute(
-                "SELECT display_name, avatar_url FROM agent_profiles WHERE slug = ?",
-                ("workframe-agent",),
-            ).fetchone()
-        finally:
-            conn.close()
-        self.assertIsNotNone(row)
-        self.assertEqual(row["display_name"], "WF")
-        self.assertEqual(row["avatar_url"], avatar)
-
-    @patch.object(server, "route_status_for_profile", return_value="available")
-    @patch.object(server, "_gateway_platform", return_value="local")
-    def test_crew_data_reads_registry_by_full_profile_slug(self, *_mocks) -> None:
-        registry = {
-            "workframe-agent": {
-                "profile": "workframe-agent",
-                "avatar_url": "data:image/png;base64,crew",
-            },
-        }
-        with patch.object(server, "load_agent_registry", return_value=registry):
-            crew = server.crew_data(["workframe-agent"], "workframe-agent", {"ok": True, "state": "running"})
-        self.assertEqual(len(crew), 1)
-        self.assertEqual(crew[0]["avatar_url"], "data:image/png;base64,crew")
-
-
-if __name__ == "__main__":
-    unittest.main()

package/workframe-api/tests/test_auth_email.py

@@ -1,222 +0,0 @@
-"""Auth email / OTP start behavior."""
-
-from __future__ import annotations
-
-import os
-import sqlite3
-import tempfile
-import unittest
-import json
-from pathlib import Path
-from unittest import mock
-
-import zk_auth as zk
-
-
-class AuthEmailStartTests(unittest.TestCase):
-    def setUp(self) -> None:
-        self._tmpdir = tempfile.TemporaryDirectory()
-        self.addCleanup(self._tmpdir.cleanup)
-        os.environ["WORKFRAME_API_DATA_DIR"] = self._tmpdir.name
-
-    @mock.patch("email_sender.send_verification_email")
-    def test_dev_unsafe_returns_otp_when_smtp_missing(self, send_email: mock.MagicMock) -> None:
-        send_email.side_effect = RuntimeError("SMTP_HOST not configured")
-
-        result = zk.start_email_verification("user@example.com", dev_local_unsafe=True)
-
-        self.assertFalse(result["email_sent"])
-        self.assertIn("SMTP_HOST", result.get("email_error", ""))
-        self.assertEqual(len(result["otp_code"]), 6)
-        self.assertTrue(result["otp_code"].isdigit())
-
-    @mock.patch("email_sender.send_verification_email")
-    def test_secure_mode_does_not_return_otp_when_smtp_missing(self, send_email: mock.MagicMock) -> None:
-        send_email.side_effect = RuntimeError("SMTP_HOST not configured")
-
-        result = zk.start_email_verification("user@example.com", dev_local_unsafe=False)
-
-        self.assertFalse(result["email_sent"])
-        self.assertNotIn("otp_code", result)
-
-    @mock.patch("email_sender.send_verification_email")
-    def test_email_sent_does_not_return_otp_even_in_dev(self, send_email: mock.MagicMock) -> None:
-        send_email.return_value = None
-
-        result = zk.start_email_verification("user@example.com", dev_local_unsafe=True)
-
-        self.assertTrue(result["email_sent"])
-        self.assertNotIn("otp_code", result)
-
-    @mock.patch("email_sender.send_verification_email")
-    def test_expose_otp_returns_code_when_email_sent(self, send_email: mock.MagicMock) -> None:
-        send_email.return_value = None
-
-        result = zk.start_email_verification("user@example.com", expose_otp=True)
-
-        self.assertTrue(result["email_sent"])
-        self.assertEqual(len(result["otp_code"]), 6)
-
-
-class StackConfigTests(unittest.TestCase):
-    def setUp(self) -> None:
-        self._tmpdir = tempfile.TemporaryDirectory()
-        self.addCleanup(self._tmpdir.cleanup)
-        os.environ["WORKFRAME_API_DATA_DIR"] = self._tmpdir.name
-        import importlib
-
-        import stack_config as sc
-
-        self.sc = importlib.reload(sc)
-
-    def test_patch_and_resolve_smtp(self) -> None:
-        self.sc.patch_stack_config(
-            {
-                "deployment_mode": "trusted_team",
-                "smtp": {
-                    "provider": "gmail",
-                    "host": "smtp.gmail.com",
-                    "port": 587,
-                    "user": "ops@example.com",
-                    "password": "secret",
-                    "from": "ops@example.com",
-                },
-            }
-        )
-        cfg = self.sc.get_stack_config()
-        self.assertEqual(cfg["deployment_mode"], "trusted_team")
-        self.assertTrue(self.sc.smtp_configured())
-        resolved = self.sc.resolved_smtp()
-        self.assertEqual(resolved["host"], "smtp.gmail.com")
-        self.assertEqual(resolved["user"], "ops@example.com")
-
-    def test_env_overrides_stack_file(self) -> None:
-        self.sc.patch_stack_config({"smtp": {"host": "smtp.file.test", "user": "a", "password": "b"}})
-        os.environ["SMTP_HOST"] = "smtp.env.test"
-        os.environ["SMTP_USER"] = "env-user"
-        resolved = self.sc.resolved_smtp()
-        self.assertEqual(resolved["source"], "env")
-        self.assertEqual(resolved["host"], "smtp.env.test")
-        os.environ.pop("SMTP_HOST", None)
-        os.environ.pop("SMTP_USER", None)
-
-
-class OtpLockoutTests(unittest.TestCase):
-    def setUp(self) -> None:
-        self._tmpdir = tempfile.TemporaryDirectory()
-        self.addCleanup(self._tmpdir.cleanup)
-        os.environ["WORKFRAME_API_DATA_DIR"] = self._tmpdir.name
-
-    @mock.patch("email_sender.send_verification_email", return_value=None)
-    def test_lockout_before_correct_code_after_max_wrong(self, _send: mock.MagicMock) -> None:
-        started = zk.start_email_verification(
-            "lock@example.com", dev_local_unsafe=True, expose_otp=True,
-        )
-        good = started["otp_code"]
-        for wrong in ("000000", "111111", "222222", "333333", "444444"):
-            with self.assertRaises(ValueError) as ctx:
-                zk.verify_email_code("lock@example.com", wrong)
-            self.assertEqual(str(ctx.exception), "Invalid or expired verification code.")
-        with self.assertRaises(ValueError) as ctx:
-            zk.verify_email_code("lock@example.com", good)
-        self.assertEqual(str(ctx.exception), "Invalid or expired verification code.")
-
-
-class InstallWindowTests(unittest.TestCase):
-    def setUp(self) -> None:
-        self._tmpdir = tempfile.TemporaryDirectory()
-        self.addCleanup(self._tmpdir.cleanup)
-        os.environ["WORKFRAME_API_DATA_DIR"] = self._tmpdir.name
-        import importlib
-
-        import stack_config as sc
-        import install_api as ia
-
-        self.sc = importlib.reload(sc)
-        self.ia = importlib.reload(ia)
-        self.db_path = str(Path(self._tmpdir.name) / "workframe.db")
-
-    def test_window_open_until_install_complete_even_with_users(self) -> None:
-        Path(self.db_path).write_text("", encoding="utf-8")
-        conn = sqlite3.connect(self.db_path)
-        conn.execute(
-            "CREATE TABLE users (id TEXT PRIMARY KEY, email TEXT, display_name TEXT, role TEXT, status TEXT, created_at TEXT, updated_at TEXT)"
-        )
-        conn.execute(
-            "INSERT INTO users (id, email, display_name, role, status, created_at, updated_at) VALUES (?,?,?,?,?,?,?)",
-            ("u1", "a@b.com", "A", "owner", "active", "1", "1"),
-        )
-        conn.commit()
-        conn.close()
-        self.assertTrue(self.ia.install_window_open(self.db_path))
-        self.sc.patch_stack_config({"install_complete": True})
-        self.assertFalse(self.ia.install_window_open(self.db_path))
-
-
-class SmtpSecureNormalizeTests(unittest.TestCase):
-    def test_port_465_uses_ssl_even_when_starttls(self) -> None:
-        import stack_config as sc
-
-        self.assertEqual(sc.normalize_smtp_secure(465, "starttls"), "ssl")
-        self.assertEqual(sc.normalize_smtp_secure(465, "true"), "ssl")
-        self.assertEqual(sc.normalize_smtp_secure(587, "true"), "ssl")
-        self.assertEqual(sc.normalize_smtp_secure(587, "starttls"), "starttls")
-        self.assertEqual(sc.normalize_smtp_secure(587, ""), "starttls")
-
-
-class ResolvedSmtpTests(unittest.TestCase):
-    def setUp(self) -> None:
-        self._tmpdir = tempfile.TemporaryDirectory()
-        self.addCleanup(self._tmpdir.cleanup)
-        os.environ["WORKFRAME_API_DATA_DIR"] = self._tmpdir.name
-        import importlib
-
-        import stack_config as sc
-
-        self.sc = importlib.reload(sc)
-
-    def test_stack_password_not_redacted_from_public_get(self) -> None:
-        cfg_path = Path(self._tmpdir.name) / "stack_config.json"
-        cfg_path.write_text(
-            json.dumps(
-                {
-                    "smtp": {
-                        "host": "smtp.test",
-                        "user": "login@test.com",
-                        "password": "secret-pass",
-                        "from": "alias@test.com",
-                        "port": 465,
-                        "secure": "ssl",
-                    }
-                }
-            ),
-            encoding="utf-8",
-        )
-        public = self.sc.get_stack_config()["smtp"]
-        self.assertTrue(public["has_password"])
-        self.assertNotIn("password", public)
-        resolved = self.sc.resolved_smtp()
-        self.assertEqual(resolved["password"], "secret-pass")
-        self.assertEqual(resolved["from"], "alias@test.com")
-        self.assertEqual(resolved["user"], "login@test.com")
-
-    def test_env_pass_falls_back_to_stack_password(self) -> None:
-        cfg_path = Path(self._tmpdir.name) / "stack_config.json"
-        cfg_path.write_text(
-            json.dumps({"smtp": {"password": "stack-secret"}}),
-            encoding="utf-8",
-        )
-        os.environ["SMTP_HOST"] = "smtp.env.test"
-        os.environ["SMTP_USER"] = "env-user@test.com"
-        os.environ["EMAIL_FROM"] = "alias@test.com"
-        self.addCleanup(os.environ.pop, "SMTP_HOST", None)
-        self.addCleanup(os.environ.pop, "SMTP_USER", None)
-        self.addCleanup(os.environ.pop, "EMAIL_FROM", None)
-        resolved = self.sc.resolved_smtp()
-        self.assertEqual(resolved["password"], "stack-secret")
-        self.assertEqual(resolved["from"], "alias@test.com")
-        self.assertEqual(resolved["user"], "env-user@test.com")
-
-
-if __name__ == "__main__":
-    unittest.main()

package/workframe-api/tests/test_auth_hole_fix_selfcheck.py

@@ -1,99 +0,0 @@
-"""Runnable self-check for the four signup-hole fixes (no pytest fixtures)."""
-
-from __future__ import annotations
-
-import os
-import tempfile
-import time
-import unittest
-from pathlib import Path
-from unittest import mock
-
-import stack_config
-from db_setup import ensure_workframe_schemas
-
-
-class AuthHoleFixSelfCheck(unittest.TestCase):
-    def setUp(self) -> None:
-        self._tmp = tempfile.TemporaryDirectory()
-        self.addCleanup(self._tmp.cleanup)
-        self._env = dict(os.environ)
-        self.addCleanup(lambda: os.environ.clear() or os.environ.update(self._env))
-
-        import server
-
-        self.server = server
-        self._old_data = server.DATA_DIR
-        self._old_auth = server.AUTH_DB_PATH
-        self._old_mode = server.DEPLOYMENT_MODE
-        server.DATA_DIR = Path(self._tmp.name) / "data"
-        server.DATA_DIR.mkdir(parents=True, exist_ok=True)
-        server.AUTH_DB_PATH = server.DATA_DIR / "auth.db"
-        stack_config.DATA_DIR = server.DATA_DIR
-        stack_config.CONFIG_PATH = server.DATA_DIR / "stack_config.json"
-        server.DEV_LOCAL_UNSAFE = False
-        ensure_workframe_schemas()
-        stack_config.patch_stack_config({"install_complete": True, "deployment_mode": "trusted_team"})
-        conn = server._workframe_db()
-        try:
-            now = str(int(time.time()))
-            conn.execute(
-                "INSERT INTO users (id, email, display_name, role, status, created_at, updated_at) VALUES (?,?,?,?,?,?,?)",
-                ("owner-1", "owner@biz.test", "Owner", "owner", "active", now, now),
-            )
-            conn.execute(
-                "INSERT INTO workspaces (id, slug, display_name, owner_id, status, created_at, updated_at) VALUES (?,?,?,?,?,?,?)",
-                ("ws-1", "default", "Acme", "owner-1", "active", now, now),
-            )
-            conn.execute(
-                "INSERT INTO workspace_memberships (id, workspace_id, user_id, role, status, created_at, updated_at) VALUES (?,?,?,?,?,?,?)",
-                ("wm-1", "ws-1", "owner-1", "owner", "active", now, now),
-            )
-            conn.commit()
-        finally:
-            conn.close()
-
-    def tearDown(self) -> None:
-        self.server.DATA_DIR = self._old_data
-        self.server.AUTH_DB_PATH = self._old_auth
-        self.server.DEPLOYMENT_MODE = self._old_mode
-
-    def test_env_beats_stale_stack_config(self) -> None:
-        os.environ["WORKFRAME_DEPLOYMENT_MODE"] = "public_multi_user"
-        self.assertEqual(stack_config.resolve_deployment_mode("trusted_team"), "public_multi_user")
-        self.assertEqual(stack_config.effective_deployment_mode("trusted_team"), "public_multi_user")
-        self.assertEqual(self.server._resolve_deployment_mode(), "public_multi_user")
-
-    def test_invite_trust_not_public_post(self) -> None:
-        from http.server import BaseHTTPRequestHandler
-
-        handler = mock.Mock(spec=BaseHTTPRequestHandler)
-        handler.command = "POST"
-        handler.path = "/api/auth/invite-trust"
-        handler.headers = {}
-        with mock.patch.object(self.server, "_session_id_from_request", return_value=""):
-            self.assertFalse(self.server._auth_check(handler))
-
-    def test_trusted_team_stranger_denied_at_auth_start_policy(self) -> None:
-        self.server.DEPLOYMENT_MODE = "trusted_team"
-        with mock.patch.object(self.server, "_install_window_open", return_value=False):
-            self.assertTrue(self.server._invite_only_login_enforced())
-            allowed, meta = self.server._email_allowed_to_authenticate("stranger@evil.test")
-        self.assertFalse(allowed)
-        self.assertEqual(meta.get("error"), "private_workspace")
-
-    def test_install_url_test_get_allowed_without_session_during_install(self) -> None:
-        from http.server import BaseHTTPRequestHandler
-
-        stack_config.patch_stack_config({"install_complete": False})
-        handler = mock.Mock(spec=BaseHTTPRequestHandler)
-        handler.command = "GET"
-        handler.path = "/api/install/url/test?url=https://example.com"
-        handler.headers = {}
-        with mock.patch.object(self.server, "_install_window_open", return_value=True):
-            with mock.patch.object(self.server, "_session_id_from_request", return_value=""):
-                self.assertTrue(self.server._auth_check(handler))
-
-
-if __name__ == "__main__":
-    unittest.main()

package/workframe-api/tests/test_auth_rate_limit.py

@@ -1,19 +0,0 @@
-import unittest
-
-import auth_rate_limit
-
-
-class AuthRateLimitTests(unittest.TestCase):
-    def setUp(self) -> None:
-        auth_rate_limit.reset_for_tests()
-
-    def test_blocks_burst_auth_start(self) -> None:
-        ip = "198.51.100.9"
-        email = "user@example.com"
-        for _ in range(5):
-            self.assertTrue(auth_rate_limit.allow_auth_request("start", ip, email))
-        self.assertFalse(auth_rate_limit.allow_auth_request("start", ip, email))
-
-
-if __name__ == "__main__":
-    unittest.main()