create-workframe 0.1.0 → 0.1.2

package/workframe-api/tests/test_credential_isolation.py

@@ -1,448 +0,0 @@
-"""Red-team oriented tests: credential resolution, cohort assignee boundaries, runtime ownership."""
-
-import os
-import tempfile
-import unittest
-from pathlib import Path
-from unittest.mock import patch
-
-import internal_proxy_auth
-import server
-from db_setup import ensure_workframe_schemas
-import credential_vault
-import turn_credentials
-import vault_kek
-
-
-class CredentialIsolationTests(unittest.TestCase):
-    def setUp(self) -> None:
-        self._tmp = tempfile.TemporaryDirectory()
-        self.addCleanup(self._tmp.cleanup)
-        self._old_data_dir = server.DATA_DIR
-        self._old_auth_db_path = server.AUTH_DB_PATH
-        self._old_hermes_data = server.HERMES_DATA
-        server.DATA_DIR = Path(self._tmp.name)
-        server.AUTH_DB_PATH = Path(self._tmp.name) / "auth.db"
-        server.HERMES_DATA = Path(self._tmp.name) / "hermes"
-        (server.HERMES_DATA / "profiles").mkdir(parents=True)
-        (server._profile_dir("workframe-agent")).mkdir(parents=True, exist_ok=True)
-        credential_vault.DATA_DIR = server.DATA_DIR
-        credential_vault.VAULT_DB = server.DATA_DIR / "credential_vault.db"
-        vault_kek.DATA_DIR = server.DATA_DIR
-        vault_kek.VAULT_KEK_FILE = server.DATA_DIR / ".vault_kek"
-        credential_vault.ensure_schema()
-        credential_vault.unseal_for_tests()
-        turn_credentials.DATA_DIR = server.DATA_DIR
-        turn_credentials.WORKFRAME_DB = server.DATA_DIR / "workframe.db"
-        turn_credentials.ensure_schema()
-        ensure_workframe_schemas()
-        self.workspace_id = "ws-iso"
-        self.user_a = "cb6a2db4-ac86-4c49-8247-14a1d68aca72"
-        self.user_b = "44fb344c-0954-47b6-a19a-ebbcf20e9680"
-        conn = server._workframe_db()
-        try:
-            now = "1"
-            conn.execute(
-                "INSERT INTO workspaces (id, slug, display_name, owner_id, status, created_at, updated_at) VALUES (?,?,?,?,?,?,?)",
-                (self.workspace_id, "iso", "Iso", self.user_a, "active", now, now),
-            )
-            for uid, name in ((self.user_a, "Fab"), (self.user_b, "Alan Borger")):
-                conn.execute(
-                    "INSERT INTO users (id, display_name, role, status, created_at, updated_at) VALUES (?,?,?,?,?,?)",
-                    (uid, name, "member", "active", now, now),
-                )
-                conn.execute(
-                    """
-                    INSERT INTO workspace_memberships (id, workspace_id, user_id, role, status, created_at, updated_at)
-                    VALUES (?, ?, ?, 'member', 'active', ?, ?)
-                    """,
-                    (f"wm-{uid}", self.workspace_id, uid, now, now),
-                )
-            for slug, name in (("workframe-agent", "Workframe Agent"), ("architect", "Architect")):
-                conn.execute(
-                    """
-                    INSERT INTO agent_profiles (id, workspace_id, slug, display_name, is_native, status, created_at, updated_at)
-                    VALUES (?, ?, ?, ?, ?, 'available', ?, ?)
-                    """,
-                    (f"ap-{slug}", self.workspace_id, slug, name, slug == "workframe-agent", now, now),
-                )
-            conn.executemany(
-                """
-                INSERT INTO credential_bindings (
-                    id, workspace_id, user_id, agent_profile_id, provider,
-                    credential_type, credential_ref, label, is_active,
-                    expires_at, created_by, created_at, updated_at, deleted_at
-                ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
-                """,
-                [
-                    (
-                        "fab-or", None, self.user_a, None, "openrouter",
-                        "api_key", credential_vault.vault_ref("fab-or"), "Fab OR", 1, None, self.user_a,
-                        now, now, None,
-                    ),
-                    (
-                        "alan-or", None, self.user_b, None, "openrouter",
-                        "api_key", credential_vault.vault_ref("alan-or"), "Alan OR", 1, None, self.user_b,
-                        now, now, None,
-                    ),
-                ],
-            )
-            conn.commit()
-        finally:
-            conn.close()
-        credential_vault.store_secret("fab-or", "sk-fab-only", env_var="OPENROUTER_API_KEY", provider="openrouter", user_id=self.user_a)
-        credential_vault.store_secret("alan-or", "sk-alan-only", env_var="OPENROUTER_API_KEY", provider="openrouter", user_id=self.user_b)
-
-    def tearDown(self) -> None:
-        server.DATA_DIR = self._old_data_dir
-        server.AUTH_DB_PATH = self._old_auth_db_path
-        server.HERMES_DATA = self._old_hermes_data
-
-    def test_runtime_slug_ownership_is_distinct_per_user(self) -> None:
-        fab_arch = server._runtime_profile_slug(self.user_a, "architect")
-        alan_arch = server._runtime_profile_slug(self.user_b, "architect")
-        self.assertNotEqual(fab_arch, alan_arch)
-        self.assertEqual(server._user_id_for_runtime_slug(fab_arch, self.workspace_id), self.user_a)
-        self.assertEqual(server._user_id_for_runtime_slug(alan_arch, self.workspace_id), self.user_b)
-
-    def test_user_a_cannot_assign_kanban_to_user_b_runtime(self) -> None:
-        alan_arch = server._runtime_profile_slug(self.user_b, "architect")
-        ok, reason = server.validate_kanban_assignee(alan_arch, self.user_a, self.workspace_id)
-        self.assertFalse(ok)
-        self.assertEqual(reason, "assignee_owner_forbidden")
-
-    def test_user_a_can_assign_to_own_runtime(self) -> None:
-        fab_arch = server._runtime_profile_slug(self.user_a, "architect")
-        ok, owner = server.validate_kanban_assignee(fab_arch, self.user_a, self.workspace_id)
-        self.assertTrue(ok)
-        self.assertEqual(owner, self.user_a)
-
-    def test_template_assignee_rejected_by_default(self) -> None:
-        ok, reason = server.validate_kanban_assignee("architect", self.user_a, self.workspace_id)
-        self.assertFalse(ok)
-        self.assertEqual(reason, "template_assignee_forbidden")
-
-    def test_delegate_grant_allows_partner_assignee(self) -> None:
-        alan_arch = server._runtime_profile_slug(self.user_b, "architect")
-        ok, owner = server.validate_kanban_assignee(
-            alan_arch,
-            self.user_a,
-            self.workspace_id,
-            delegate_user_ids=frozenset({self.user_b}),
-        )
-        self.assertTrue(ok)
-        self.assertEqual(owner, self.user_b)
-
-    @patch.object(server, "_wait_profile_api_healthy", return_value=True)
-    def test_overlay_writes_only_acting_user_secret(self, _wait_mock) -> None:
-        cred_id = "fab-or"
-        credential_vault.store_secret(cred_id, "sk-fab-only", env_var="OPENROUTER_API_KEY", provider="openrouter", user_id=self.user_a)
-        conn = server._workframe_db()
-        try:
-            conn.execute(
-                "UPDATE credential_bindings SET credential_ref = ? WHERE id = ?",
-                (credential_vault.vault_ref(cred_id), cred_id),
-            )
-            conn.commit()
-        finally:
-            conn.close()
-        runtime = server._runtime_profile_slug(self.user_a, "architect")
-        prof_dir = server._profile_dir(runtime)
-        prof_dir.mkdir(parents=True, exist_ok=True)
-        env_path = prof_dir / ".env"
-        run_id = "run-iso-1"
-        server._overlay_turn_provider_env(runtime, self.user_a, self.workspace_id, "openrouter", run_id)
-        text = env_path.read_text(encoding="utf-8")
-        self.assertIn("wf_rt_", text)
-        self.assertNotIn("sk-fab-only", text)
-        self.assertNotIn("sk-alan-only", text)
-        token = next(
-            line.split("=", 1)[1].strip()
-            for line in text.splitlines()
-            if line.startswith("OPENAI_API_KEY=") or line.startswith("OPENROUTER_API_KEY=")
-        )
-        server._revoke_turn_credential_lease(run_id, runtime)
-        self.assertIsNone(turn_credentials.validate_lease(token))
-
-    def test_sync_runtime_strips_foreign_llm_key_and_sets_proxy(self) -> None:
-        runtime = server._runtime_profile_slug(self.user_b, "architect")
-        prof_dir = server._profile_dir(runtime)
-        prof_dir.mkdir(parents=True, exist_ok=True)
-        (prof_dir / "config.yaml").write_text("model:\n  default: openrouter/x\n", encoding="utf-8")
-        server._upsert_env_secret(prof_dir / ".env", "OPENROUTER_API_KEY", "sk-fab-only")
-        server._prepare_runtime_profile_credentials(runtime, self.user_b, self.workspace_id)
-        text = (prof_dir / ".env").read_text(encoding="utf-8") if (prof_dir / ".env").is_file() else ""
-        self.assertNotIn("sk-fab-only", text)
-        self.assertIn("base_url: http://workframe-api:8080/internal/llm/openrouter/v1", (prof_dir / "config.yaml").read_text(encoding="utf-8"))
-
-    def test_sync_runtime_strips_foreign_key_when_owner_has_none(self) -> None:
-        runtime = server._runtime_profile_slug(self.user_b, "architect")
-        prof_dir = server._profile_dir(runtime)
-        prof_dir.mkdir(parents=True, exist_ok=True)
-        server._upsert_env_secret(prof_dir / ".env", "OPENROUTER_API_KEY", "sk-fab-only")
-        server._prepare_runtime_profile_credentials(runtime, self.user_b, self.workspace_id)
-        text = (prof_dir / ".env").read_text(encoding="utf-8")
-        self.assertNotIn("sk-fab-only", text)
-        self.assertNotIn("OPENROUTER_API_KEY=", text)
-
-    def test_runtime_profile_rejects_stack_operator_key_bleed(self) -> None:
-        runtime = server._runtime_profile_slug(self.user_b, "architect")
-        prof_dir = server._profile_dir(runtime)
-        prof_dir.mkdir(parents=True, exist_ok=True)
-        primary = server._primary_profile() or "workframe-agent"
-        primary_dir = server._profile_dir(primary)
-        primary_dir.mkdir(parents=True, exist_ok=True)
-        server._upsert_env_secret(primary_dir / ".env", "OPENROUTER_API_KEY", "sk-stack-only")
-        server._upsert_env_secret(prof_dir / ".env", "OPENROUTER_API_KEY", "sk-stack-only")
-        server._prepare_runtime_profile_credentials(runtime, self.user_b, self.workspace_id)
-        text = (prof_dir / ".env").read_text(encoding="utf-8")
-        self.assertNotIn("sk-stack-only", text)
-        self.assertNotIn("OPENROUTER_API_KEY=", text)
-
-    @patch.object(server, "ensure_runtime_profile")
-    def test_cohort_slugs_are_user_scoped(self, _ensure: object) -> None:
-        fab_cohort = server.cohort_runtime_slugs(self.user_a, self.workspace_id)
-        alan_cohort = server.cohort_runtime_slugs(self.user_b, self.workspace_id)
-        self.assertTrue(fab_cohort.isdisjoint(alan_cohort))
-
-    def test_resolve_credential_user_only_never_crosses_users(self) -> None:
-        fab = server._resolve_credential(self.user_a, self.workspace_id, "openrouter", user_only=True)
-        alan = server._resolve_credential(self.user_b, self.workspace_id, "openrouter", user_only=True)
-        assert fab and alan
-        self.assertEqual(fab["credential_ref"], credential_vault.vault_ref("fab-or"))
-        self.assertEqual(alan["credential_ref"], credential_vault.vault_ref("alan-or"))
-        self.assertNotEqual(
-            server._credential_secret(fab, self.user_a),
-            server._credential_secret(alan, self.user_b),
-        )
-
-
-    def test_stack_install_key_does_not_show_admin_connected(self) -> None:
-        primary = server._primary_profile() or "workframe-agent"
-        primary_dir = server._profile_dir(primary)
-        primary_dir.mkdir(parents=True, exist_ok=True)
-        server._upsert_env_secret(primary_dir / ".env", "OPENROUTER_API_KEY", "sk-install-only")
-        alan_home = server._user_hermes_home(self.user_b)
-        alan_home.mkdir(parents=True, exist_ok=True)
-        server._remove_env_secret(server._user_hermes_env_path(self.user_b), "OPENROUTER_API_KEY")
-        conn = server._workframe_db()
-        try:
-            conn.execute("DELETE FROM credential_bindings WHERE user_id = ?", (self.user_b,))
-            conn.execute(
-                "UPDATE workspace_memberships SET role = 'owner' WHERE workspace_id = ? AND user_id = ?",
-                (self.workspace_id, self.user_b),
-            )
-            conn.commit()
-        finally:
-            conn.close()
-        openrouter = next(
-            row for row in server.list_user_providers(self.user_b, self.workspace_id)["providers"]
-            if row["id"] == "openrouter"
-        )
-        self.assertFalse(openrouter["connected"])
-
-    def test_migrate_adopts_primary_install_key_to_owner(self) -> None:
-        primary = server._primary_profile() or "workframe-agent"
-        primary_dir = server._profile_dir(primary)
-        primary_dir.mkdir(parents=True, exist_ok=True)
-        server._upsert_env_secret(primary_dir / ".env", "OPENROUTER_API_KEY", "sk-install-adopt")
-        alan_home = server._user_hermes_home(self.user_b)
-        alan_home.mkdir(parents=True, exist_ok=True)
-        server._remove_env_secret(server._user_hermes_env_path(self.user_b), "OPENROUTER_API_KEY")
-        conn = server._workframe_db()
-        try:
-            conn.execute("DELETE FROM credential_bindings WHERE user_id = ?", (self.user_b,))
-            conn.execute("DELETE FROM schema_migrations WHERE version = '12'")
-            conn.execute(
-                "UPDATE workspaces SET owner_id = ? WHERE id = ?",
-                (self.user_b, self.workspace_id),
-            )
-            conn.commit()
-            server._migrate_v12_adopt_install_keys_to_owners(conn)
-            conn.commit()
-        finally:
-            conn.close()
-        spec = server._catalog_provider("openrouter") or {"id": "openrouter", "category": "llm"}
-        self.assertTrue(server._user_provider_connected(self.user_b, spec))
-        binding = server._resolve_credential(self.user_b, self.workspace_id, "openrouter", user_only=True)
-        assert binding
-        self.assertEqual(server._credential_secret(binding, self.user_b), "sk-install-adopt")
-        self.assertFalse(server._user_hermes_env_path(self.user_b).is_file())
-
-    def test_strip_profile_llm_env_preserves_turn_lease(self) -> None:
-        runtime = server._runtime_profile_slug(self.user_b, "architect")
-        prof_dir = server._profile_dir(runtime)
-        prof_dir.mkdir(parents=True, exist_ok=True)
-        server._upsert_env_secret(prof_dir / ".env", "OPENROUTER_API_KEY", "sk-fab-only")
-        server._upsert_env_secret(
-            prof_dir / ".env",
-            "OPENROUTER_API_KEY",
-            f"{turn_credentials.LEASE_PREFIX}abc123",
-        )
-        server._strip_profile_llm_env(runtime)
-        text = (prof_dir / ".env").read_text(encoding="utf-8")
-        self.assertIn(f"{turn_credentials.LEASE_PREFIX}abc123", text)
-        self.assertNotIn("sk-fab-only", text)
-
-    def test_publish_gateway_secrets_makes_runtime_auth_readable(self) -> None:
-        runtime = server._runtime_profile_slug(self.user_b, "architect")
-        prof_dir = server._profile_dir(runtime)
-        prof_dir.mkdir(parents=True, exist_ok=True)
-        auth_path = prof_dir / "auth.json"
-        auth_path.write_text('{"version":1}\n', encoding="utf-8")
-        os.chmod(auth_path, 0o600)
-        server._publish_profile_gateway_secrets(runtime)
-        mode = auth_path.stat().st_mode & 0o777
-        self.assertTrue(mode & 0o444, f"auth.json not world-readable: {oct(mode)}")
-
-    def test_ensure_profile_api_keeps_lease_after_overlay(self) -> None:
-        runtime = server._runtime_profile_slug(self.user_b, "architect")
-        prof_dir = server._profile_dir(runtime)
-        prof_dir.mkdir(parents=True, exist_ok=True)
-        (prof_dir / "config.yaml").write_text(
-            "model:\n  provider: openrouter\n  default: openrouter/x\n",
-            encoding="utf-8",
-        )
-        run_id = "stream-order-test"
-        server._apply_turn_credential_lease(
-            runtime, self.user_b, self.workspace_id, "openrouter", run_id,
-        )
-        with patch.object(server, "_ensure_profile_toolsets"), patch.object(
-            server, "_profile_api_healthy", return_value=True,
-        ):
-            server.ensure_profile_api(runtime, self.user_b, self.workspace_id)
-        text = (prof_dir / ".env").read_text(encoding="utf-8")
-        self.assertIn(turn_credentials.LEASE_PREFIX, text)
-        server._revoke_turn_credential_lease(run_id, runtime)
-
-    @patch.object(server, "_restart_runtime_profile_gateway")
-    def test_runtime_lease_writes_config_and_reloads_gateway(self, restart_mock) -> None:
-        runtime = server._runtime_profile_slug(self.user_b, "architect")
-        prof_dir = server._profile_dir(runtime)
-        prof_dir.mkdir(parents=True, exist_ok=True)
-        (prof_dir / "config.yaml").write_text(
-            "model:\n  provider: custom\n  default: openrouter/x\n"
-            "  base_url: http://workframe-api:8080/internal/llm/openrouter/v1\n"
-            "  api_key: wf_rt_deadbeef\n",
-            encoding="utf-8",
-        )
-        token = server._apply_turn_credential_lease(
-            runtime, self.user_b, self.workspace_id, "openrouter", "lease-sync-1",
-        )
-        self.assertTrue(token.startswith(turn_credentials.LEASE_PREFIX))
-        self.assertEqual(server._read_config_model_api_key(runtime), token)
-        restart_mock.assert_called()
-
-    @patch.object(server, "_restart_runtime_profile_gateway")
-    def test_revoke_clears_stale_lease_from_config(self, restart_mock) -> None:
-        runtime = server._runtime_profile_slug(self.user_b, "architect")
-        prof_dir = server._profile_dir(runtime)
-        prof_dir.mkdir(parents=True, exist_ok=True)
-        token = turn_credentials.issue_lease(
-            "revoke-clear",
-            self.user_b,
-            self.workspace_id,
-            "openrouter",
-            runtime,
-            "alan-or",
-        )
-        (prof_dir / "config.yaml").write_text(
-            f"model:\n  provider: custom\n  api_key: {token}\n",
-            encoding="utf-8",
-        )
-        server._revoke_turn_credential_lease("revoke-clear", runtime)
-        self.assertEqual(server._read_config_model_api_key(runtime), "")
-        restart_mock.assert_called()
-
-    def test_ensure_profile_proxy_headers_writes_profile_slug(self) -> None:
-        runtime = server._runtime_profile_slug(self.user_b, "architect")
-        prof_dir = server._profile_dir(runtime)
-        prof_dir.mkdir(parents=True, exist_ok=True)
-        (prof_dir / "config.yaml").write_text(
-            "model:\n  provider: custom\n  default: openrouter/x\n",
-            encoding="utf-8",
-        )
-        server._ensure_profile_proxy_headers(runtime)
-        text = (prof_dir / "config.yaml").read_text(encoding="utf-8")
-        self.assertIn(f"X-Workframe-Profile: {runtime}", text)
-
-    def test_ensure_profile_proxy_headers_appends_proxy_token_to_existing_block(self) -> None:
-        runtime = server._runtime_profile_slug(self.user_b, "architect")
-        prof_dir = server._profile_dir(runtime)
-        prof_dir.mkdir(parents=True, exist_ok=True)
-        (prof_dir / "config.yaml").write_text(
-            "model:\n"
-            "  provider: custom\n"
-            "  base_url: http://workframe-api:8080/internal/llm/openrouter/v1\n"
-            "  default_headers:\n"
-            f"    X-Workframe-Profile: {runtime}\n"
-            "fallback_providers:\n"
-            "  model: openrouter/x\n",
-            encoding="utf-8",
-        )
-        with patch.dict(os.environ, {"WORKFRAME_PROXY_TOKEN": "proxy-test-token"}, clear=False):
-            internal_proxy_auth.reset_proxy_token_for_tests()
-            server._ensure_profile_proxy_headers(runtime)
-        text = (prof_dir / "config.yaml").read_text(encoding="utf-8")
-        self.assertEqual(text.count("default_headers:"), 1)
-        self.assertIn(f"X-Workframe-Profile: {runtime}", text)
-        self.assertIn("X-Workframe-Proxy-Token: ${WORKFRAME_PROXY_TOKEN}", text)
-        profile_pos = text.index("X-Workframe-Profile:")
-        proxy_pos = text.index("X-Workframe-Proxy-Token:")
-        fallback_pos = text.index("fallback_providers:")
-        self.assertLess(profile_pos, proxy_pos)
-        self.assertLess(proxy_pos, fallback_pos)
-
-    @patch.object(server, "_wait_profile_api_healthy", return_value=True)
-    def test_overlay_with_custom_routing_provider(self, _wait_mock) -> None:
-        runtime = server._runtime_profile_slug(self.user_b, "architect")
-        prof_dir = server._profile_dir(runtime)
-        prof_dir.mkdir(parents=True, exist_ok=True)
-        (prof_dir / "config.yaml").write_text(
-            "model:\n  provider: custom\n  default: openrouter/owl-alpha\n"
-            "  base_url: http://workframe-api:8080/internal/llm/openrouter/v1\n",
-            encoding="utf-8",
-        )
-        ready = server._overlay_chat_llm_env(
-            runtime, self.user_b, self.workspace_id, "custom",
-        )
-        self.assertTrue(ready)
-        text = (prof_dir / ".env").read_text(encoding="utf-8")
-        self.assertIn(turn_credentials.LEASE_PREFIX, text)
-        server._strip_profile_llm_env(runtime, include_leases=True)
-        server._clear_profile_model_api_key(runtime)
-
-    def test_strip_profile_llm_env_drops_custom_provider_lease(self) -> None:
-        runtime = server._runtime_profile_slug(self.user_b, "architect")
-        prof_dir = server._profile_dir(runtime)
-        prof_dir.mkdir(parents=True, exist_ok=True)
-        (prof_dir / ".env").write_text(
-            "OPENAI_API_KEY=wf_rt_expired_lease_token\nWORKFRAME_PROXY_TOKEN=proxy\n",
-            encoding="utf-8",
-        )
-        server._strip_profile_llm_env(runtime, include_leases=True)
-        text = (prof_dir / ".env").read_text(encoding="utf-8")
-        self.assertNotIn("wf_rt_", text)
-        self.assertIn("WORKFRAME_PROXY_TOKEN=proxy", text)
-
-    def test_ensure_profile_llm_proxy_rewrites_scalar_fallback_when_ready(self) -> None:
-        runtime = server._runtime_profile_slug(self.user_b, "architect")
-        prof_dir = server._profile_dir(runtime)
-        prof_dir.mkdir(parents=True, exist_ok=True)
-        (prof_dir / "config.yaml").write_text(
-            "model:\n"
-            "  provider: custom\n"
-            "  default: openrouter/owl-alpha\n"
-            "  base_url: http://workframe-api:8080/internal/llm/openrouter/v1\n"
-            "fallback_providers:\n"
-            "  model: openrouter/nvidia/nemotron-3-ultra-550b-a55b:free\n",
-            encoding="utf-8",
-        )
-        server._ensure_profile_llm_proxy(runtime, "openrouter")
-        text = (prof_dir / "config.yaml").read_text(encoding="utf-8")
-        self.assertIn("- provider: custom", text)
-        self.assertNotRegex(text, r"fallback_providers:\n  model:")
-
-
-if __name__ == "__main__":
-    unittest.main()

package/workframe-api/tests/test_credential_resolution.py

@@ -1,206 +0,0 @@
-import tempfile
-import unittest
-from pathlib import Path
-from unittest.mock import patch
-
-import server
-from db_setup import ensure_workframe_schemas
-
-
-class CredentialResolutionTests(unittest.TestCase):
-    def setUp(self) -> None:
-        self._tmp = tempfile.TemporaryDirectory()
-        self.addCleanup(self._tmp.cleanup)
-        self._old_data_dir = server.DATA_DIR
-        self._old_auth_db_path = server.AUTH_DB_PATH
-        server.DATA_DIR = Path(self._tmp.name)
-        server.AUTH_DB_PATH = Path(self._tmp.name) / "auth.db"
-        ensure_workframe_schemas()
-
-    def tearDown(self) -> None:
-        server.DATA_DIR = self._old_data_dir
-        server.AUTH_DB_PATH = self._old_auth_db_path
-
-    def _seed(self, *rows: tuple[object, ...]) -> None:
-        conn = server._workframe_db()
-        try:
-            conn.executemany(
-                """
-                INSERT INTO credential_bindings (
-                    id, workspace_id, user_id, agent_profile_id, provider,
-                    credential_type, credential_ref, label, is_active,
-                    expires_at, created_by, created_at, updated_at, deleted_at
-                ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
-                """,
-                rows,
-            )
-            conn.commit()
-        finally:
-            conn.close()
-
-    def test_resolves_user_credential_before_workspace_credential(self) -> None:
-        self._seed(
-            (
-                "user-openai", None, "user-a", None, "openai",
-                "api_key", "user-ref", "User OpenAI", 1, None, "user-a",
-                "1", "1", None,
-            ),
-            (
-                "workspace-openai", "workspace-a", None, None, "openai",
-                "api_key", "workspace-ref", "Workspace OpenAI", 1, None, "user-a",
-                "1", "1", None,
-            ),
-        )
-
-        resolved = server._resolve_credential("user-a", "workspace-a", "openai")
-
-        self.assertEqual(resolved["credential_binding_id"], "user-openai")
-        self.assertEqual(resolved["scope"], "user")
-        self.assertEqual(resolved["credential_ref"], "user-ref")
-
-    def test_falls_back_to_workspace_when_user_has_no_matching_credential(self) -> None:
-        self._seed(
-            (
-                "workspace-openai", "workspace-a", None, None, "openai",
-                "api_key", "workspace-ref", "Workspace OpenAI", 1, None, "user-a",
-                "1", "1", None,
-            ),
-        )
-
-        resolved = server._resolve_credential("user-b", "workspace-a", "openai")
-
-        self.assertEqual(resolved["credential_binding_id"], "workspace-openai")
-        self.assertEqual(resolved["scope"], "workspace")
-        self.assertEqual(resolved["credential_ref"], "workspace-ref")
-
-    def test_user_only_denies_workspace_fallback_for_dev_providers(self) -> None:
-        self._seed(
-            (
-                "workspace-github", "workspace-a", None, None, "github",
-                "api_key", "env:GITHUB_TOKEN", "Workspace GitHub", 1, None, "user-a",
-                "1", "1", None,
-            ),
-        )
-
-        resolved = server._resolve_credential("user-b", "workspace-a", "github", user_only=True)
-
-        self.assertIsNone(resolved)
-
-    def test_resolves_user_env_without_db_binding(self) -> None:
-        old_hermes = server.HERMES_DATA
-        server.HERMES_DATA = Path(self._tmp.name) / "agents"
-        try:
-            user_id = "user-env-only"
-            user_home = server._user_hermes_home(user_id)
-            user_home.mkdir(parents=True, exist_ok=True)
-            server._upsert_env_secret(server._user_hermes_env_path(user_id), "OPENAI_API_KEY", "sk-user-env")
-
-            resolved = server._resolve_credential(user_id, "workspace-a", "openai")
-
-            self.assertIsNotNone(resolved)
-            assert resolved is not None
-            self.assertEqual(resolved["scope"], "user")
-            self.assertEqual(resolved["credential_ref"], "env:OPENAI_API_KEY")
-        finally:
-            server.HERMES_DATA = old_hermes
-
-    def test_ignores_inactive_and_deleted_credentials(self) -> None:
-        self._seed(
-            (
-                "inactive-user-openai", None, "user-a", None, "openai",
-                "api_key", "inactive-ref", "Inactive User OpenAI", 0, None, "user-a",
-                "1", "1", None,
-            ),
-            (
-                "deleted-workspace-openai", "workspace-a", None, None, "openai",
-                "api_key", "deleted-ref", "Deleted Workspace OpenAI", 1, None, "user-a",
-                "1", "1", "1",
-            ),
-        )
-
-        resolved = server._resolve_credential("user-a", "workspace-a", "openai")
-
-        self.assertIsNone(resolved)
-
-    def test_byok_blocks_workspace_llm_fallback(self) -> None:
-        conn = server._workframe_db()
-        try:
-            conn.execute(
-                """
-                INSERT INTO workspaces (
-                    id, slug, display_name, owner_id, status, settings_json, created_at, updated_at
-                ) VALUES (?, ?, ?, ?, ?, ?, ?, ?)
-                """,
-                (
-                    "workspace-byok",
-                    "byok",
-                    "BYOK",
-                    "user-a",
-                    "active",
-                    '{"credential_mode":"byok"}',
-                    "1",
-                    "1",
-                ),
-            )
-            conn.commit()
-        finally:
-            conn.close()
-        self._seed(
-            (
-                "workspace-or", "workspace-byok", None, None, "openrouter",
-                "api_key", "env:OPENROUTER_API_KEY", "Workspace OR", 1, None, "user-a",
-                "1", "1", None,
-            ),
-        )
-        profile_dir = server._profile_dir("workframe-agent")
-        profile_dir.mkdir(parents=True, exist_ok=True)
-        server._upsert_env_secret(profile_dir / ".env", "OPENROUTER_API_KEY", "sk-workspace")
-
-        with self.assertRaises(ValueError) as ctx:
-            server._require_runtime_owner_provider("user-b", "workspace-byok", "openrouter")
-
-        self.assertIn("no_llm_provider_for_user", str(ctx.exception))
-
-    @patch.object(server, "_primary_profile", return_value="workframe-agent")
-    def test_workspace_mode_allows_llm_fallback(self, _primary) -> None:
-        conn = server._workframe_db()
-        try:
-            conn.execute(
-                """
-                INSERT INTO workspaces (
-                    id, slug, display_name, owner_id, status, settings_json, created_at, updated_at
-                ) VALUES (?, ?, ?, ?, ?, ?, ?, ?)
-                """,
-                (
-                    "workspace-pays",
-                    "pays",
-                    "Company pays",
-                    "user-a",
-                    "active",
-                    '{"credential_mode":"workspace"}',
-                    "1",
-                    "1",
-                ),
-            )
-            conn.commit()
-        finally:
-            conn.close()
-        self._seed(
-            (
-                "workspace-or-pays", "workspace-pays", None, None, "openrouter",
-                "api_key", "env:OPENROUTER_API_KEY", "Workspace OR", 1, None, "user-a",
-                "1", "1", None,
-            ),
-        )
-        profile_dir = server._profile_dir("workframe-agent")
-        profile_dir.mkdir(parents=True, exist_ok=True)
-        server._upsert_env_secret(profile_dir / ".env", "OPENROUTER_API_KEY", "sk-workspace")
-
-        resolved = server._require_runtime_owner_provider("user-b", "workspace-pays", "openrouter")
-
-        self.assertEqual(resolved["scope"], "workspace")
-        self.assertEqual(resolved["credential_ref"], "env:OPENROUTER_API_KEY")
-
-
-if __name__ == "__main__":
-    unittest.main()