create-workframe 0.1.0 → 0.1.2

package/workframe-api/tests/test_kanban_delegation.py

@@ -1,185 +0,0 @@
-"""Kanban assignee validation with delegation grants and workspace board mapping."""
-
-import tempfile
-import unittest
-from pathlib import Path
-from unittest.mock import patch
-
-import server
-import credential_vault
-import vault_kek
-from db_setup import ensure_workframe_schemas
-
-
-class KanbanDelegationTests(unittest.TestCase):
-    def setUp(self) -> None:
-        self._tmp = tempfile.TemporaryDirectory()
-        self.addCleanup(self._tmp.cleanup)
-        self._old_data_dir = server.DATA_DIR
-        self._old_auth_db_path = server.AUTH_DB_PATH
-        self._old_hermes_data = server.HERMES_DATA
-        server.DATA_DIR = Path(self._tmp.name)
-        server.AUTH_DB_PATH = Path(self._tmp.name) / "auth.db"
-        server.HERMES_DATA = Path(self._tmp.name) / "hermes"
-        (server.HERMES_DATA / "profiles").mkdir(parents=True)
-        credential_vault.DATA_DIR = server.DATA_DIR
-        credential_vault.VAULT_DB = server.DATA_DIR / "credential_vault.db"
-        vault_kek.DATA_DIR = server.DATA_DIR
-        vault_kek.VAULT_KEK_FILE = server.DATA_DIR / ".vault_kek"
-        credential_vault.ensure_schema()
-        credential_vault.unseal_for_tests()
-        ensure_workframe_schemas()
-        self.workspace_id = "ws-kanban"
-        self.user_a = "cb6a2db4-ac86-4c49-8247-14a1d68aca72"
-        self.user_b = "44fb344c-0954-47b6-a19a-ebbcf20e9680"
-        conn = server._workframe_db()
-        try:
-            now = "1"
-            conn.execute(
-                "INSERT INTO workspaces (id, slug, display_name, owner_id, status, created_at, updated_at) VALUES (?,?,?,?,?,?,?)",
-                (self.workspace_id, "dogfood", "Dogfood", self.user_a, "active", now, now),
-            )
-            for uid, name in ((self.user_a, "Fab"), (self.user_b, "Alan")):
-                conn.execute(
-                    "INSERT INTO users (id, display_name, role, status, created_at, updated_at) VALUES (?,?,?,?,?,?)",
-                    (uid, name, "member", "active", now, now),
-                )
-                conn.execute(
-                    """
-                    INSERT INTO workspace_memberships (id, workspace_id, user_id, role, status, created_at, updated_at)
-                    VALUES (?, ?, ?, 'member', 'active', ?, ?)
-                    """,
-                    (f"wm-{uid}", self.workspace_id, uid, now, now),
-                )
-            for slug, name in (("workframe-agent", "Workframe Agent"), ("architect", "Architect")):
-                conn.execute(
-                    """
-                    INSERT INTO agent_profiles (id, workspace_id, slug, display_name, is_native, status, created_at, updated_at)
-                    VALUES (?, ?, ?, ?, ?, 'available', ?, ?)
-                    """,
-                    (f"ap-{slug}", self.workspace_id, slug, name, slug == "workframe-agent", now, now),
-                )
-            conn.commit()
-        finally:
-            conn.close()
-        self.runtime_a_arch = server._runtime_profile_slug(self.user_a, "architect")
-        self.runtime_b_arch = server._runtime_profile_slug(self.user_b, "architect")
-
-    def tearDown(self) -> None:
-        server.DATA_DIR = self._old_data_dir
-        server.AUTH_DB_PATH = self._old_auth_db_path
-        server.HERMES_DATA = self._old_hermes_data
-
-    def test_cross_user_assignee_blocked_without_grant(self) -> None:
-        ok, reason = server.validate_kanban_assignee(
-            self.runtime_a_arch,
-            self.user_b,
-            self.workspace_id,
-        )
-        self.assertFalse(ok)
-        self.assertEqual(reason, "assignee_owner_forbidden")
-
-    def test_delegate_grant_allows_cross_user_assignee(self) -> None:
-        server.create_delegation_grant(self.workspace_id, self.user_a, self.user_b)
-        ok, reason = server.validate_kanban_assignee(
-            self.runtime_a_arch,
-            self.user_b,
-            self.workspace_id,
-        )
-        self.assertTrue(ok)
-        self.assertEqual(reason, self.user_a)
-
-    def test_template_assignee_forbidden_by_default(self) -> None:
-        ok, reason = server.validate_kanban_assignee("architect", self.user_a, self.workspace_id)
-        self.assertFalse(ok)
-        self.assertEqual(reason, "template_assignee_forbidden")
-
-    @patch.object(server, "_gateway_exec", return_value=(0, "created t_test"))
-    @patch.object(server, "resolve_runtime_assignee", side_effect=lambda t, u, w: server._runtime_profile_slug(u, t))
-    def test_kanban_proxy_create_rejects_cross_user(self, _resolve, _exec) -> None:
-        with self.assertRaises(PermissionError):
-            server.kanban_proxy_create_task(
-                self.workspace_id,
-                self.user_b,
-                {"title": "nope", "template_slug": "architect", "assignee_user_id": self.user_a},
-            )
-        _exec.assert_not_called()
-
-    @patch.object(server, "_gateway_exec", return_value=(0, "created t_ok"))
-    @patch.object(server, "resolve_runtime_assignee", side_effect=lambda t, u, w: server._runtime_profile_slug(u, t))
-    def test_kanban_proxy_create_with_grant(self, _resolve, _exec) -> None:
-        server.create_delegation_grant(self.workspace_id, self.user_a, self.user_b)
-        result = server.kanban_proxy_create_task(
-            self.workspace_id,
-            self.user_b,
-            {"title": "ok", "template_slug": "architect", "assignee_user_id": self.user_a},
-        )
-        self.assertTrue(result["ok"])
-        _exec.assert_called_once()
-        args = _exec.call_args[0][1]
-        self.assertIn("--board", args)
-        self.assertIn(self.runtime_a_arch, args)
-
-    def test_ensure_workspace_kanban_board_persists_slug(self) -> None:
-        with patch.object(server, "_gateway_exec", return_value=(0, "ok")):
-            slug = server.ensure_workspace_kanban_board(self.workspace_id)
-        self.assertEqual(slug, "dogfood")
-        row = server._workspace_kanban_board_row(self.workspace_id)
-        self.assertIsNotNone(row)
-        self.assertEqual(str(row["hermes_board_slug"]), "dogfood")
-
-    @patch.object(server, "ensure_workspace_kanban_board", return_value="dogfood")
-    @patch.object(server, "_gateway_exec", return_value=(0, "created t_cred"))
-    @patch.object(server, "resolve_runtime_assignee", side_effect=lambda t, u, w: server._runtime_profile_slug(u, t))
-    def test_delegated_kanban_uses_assignee_owner_credentials(
-        self,
-        _resolve: object,
-        _exec: object,
-        _board: object,
-    ) -> None:
-        """Bob delegates to Alice's runtime; credentials must be Alice's, not Bob's."""
-        server.create_delegation_grant(self.workspace_id, self.user_a, self.user_b)
-        prof_dir = server._profile_dir(self.runtime_a_arch)
-        prof_dir.mkdir(parents=True, exist_ok=True)
-        (prof_dir / "config.yaml").write_text(
-            "model:\n  default: openrouter/test\n  provider: openrouter\n",
-            encoding="utf-8",
-        )
-        server._user_hermes_home(self.user_a).mkdir(parents=True, exist_ok=True)
-        server._user_hermes_home(self.user_b).mkdir(parents=True, exist_ok=True)
-        credential_vault.store_secret(
-            "alice-or", "sk-alice-owner", env_var="OPENROUTER_API_KEY", provider="openrouter", user_id=self.user_a,
-        )
-        conn = server._workframe_db()
-        try:
-            now = "1"
-            conn.execute(
-                """
-                INSERT INTO credential_bindings (
-                    id, workspace_id, user_id, agent_profile_id, provider,
-                    credential_type, credential_ref, label, is_active,
-                    expires_at, created_by, created_at, updated_at, deleted_at
-                ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
-                """,
-                (
-                    "alice-or", None, self.user_a, None, "openrouter",
-                    "api_key", credential_vault.vault_ref("alice-or"), "Alice OR", 1, None, self.user_a,
-                    now, now, None,
-                ),
-            )
-            conn.commit()
-        finally:
-            conn.close()
-        server.kanban_proxy_create_task(
-            self.workspace_id,
-            self.user_b,
-            {"title": "delegated", "template_slug": "architect", "assignee_user_id": self.user_a},
-        )
-        env_text = (prof_dir / ".env").read_text(encoding="utf-8") if (prof_dir / ".env").is_file() else ""
-        self.assertNotIn("sk-alice-owner", env_text)
-        self.assertNotIn("sk-bob-initiator", env_text)
-        self.assertTrue(server._user_can_use_llm(self.user_a, self.workspace_id))
-
-
-if __name__ == "__main__":
-    unittest.main()

package/workframe-api/tests/test_llm_proxy.py

@@ -1,155 +0,0 @@
-"""LLM proxy path normalization."""
-
-import os
-import unittest
-from unittest.mock import patch
-
-import internal_proxy_auth
-import llm_proxy
-
-
-class LlmProxyPathTests(unittest.TestCase):
-    def setUp(self) -> None:
-        internal_proxy_auth.reset_proxy_token_for_tests()
-        os.environ.pop("WORKFRAME_PROXY_TOKEN", None)
-
-    def tearDown(self) -> None:
-        internal_proxy_auth.reset_proxy_token_for_tests()
-        os.environ.pop("WORKFRAME_PROXY_TOKEN", None)
-    def test_normalize_dedup_v1_prefix(self) -> None:
-        base = "https://openrouter.ai/api/v1"
-        self.assertEqual(
-            llm_proxy.normalize_upstream_path(base, "/v1/chat/completions"),
-            "/chat/completions",
-        )
-        self.assertEqual(llm_proxy.normalize_upstream_path(base, "/v1"), "")
-
-    def test_normalize_keeps_other_paths(self) -> None:
-        base = "https://api.anthropic.com"
-        self.assertEqual(
-            llm_proxy.normalize_upstream_path(base, "/v1/messages"),
-            "/v1/messages",
-        )
-
-    def test_handler_streams_success_response_chunks(self) -> None:
-        class FakeResponse:
-            status = 200
-            headers = {"Content-Type": "text/event-stream"}
-
-            def __init__(self) -> None:
-                self._chunks = [b"data: one\n\n", b"data: two\n\n", b""]
-
-            def __enter__(self):
-                return self
-
-            def __exit__(self, *_args):
-                return False
-
-            def read(self, _size: int = -1) -> bytes:
-                return self._chunks.pop(0)
-
-            def readline(self) -> bytes:
-                return self._chunks.pop(0)
-
-        class FakeWriter:
-            def __init__(self) -> None:
-                self.writes: list[bytes] = []
-                self.flushes = 0
-
-            def write(self, data: bytes) -> None:
-                self.writes.append(data)
-
-            def flush(self) -> None:
-                self.flushes += 1
-
-        class FakeHandler:
-            client_address = ("172.19.0.2", 1234)
-            headers = {
-                "Authorization": "Bearer wf_rt_test",
-                "X-Workframe-Profile": "u-alice-architect",
-            }
-
-            def __init__(self) -> None:
-                self.wfile = FakeWriter()
-                self.status = 0
-                self.headers_sent: list[tuple[str, str]] = []
-
-            def send_response(self, status: int) -> None:
-                self.status = status
-
-            def send_header(self, key: str, value: str) -> None:
-                self.headers_sent.append((key, value))
-
-            def end_headers(self) -> None:
-                pass
-
-        handler = FakeHandler()
-        with patch.object(
-            llm_proxy.turn_credentials,
-            "validate_lease",
-            return_value={
-                "provider": "openrouter",
-                "profile_slug": "u-alice-architect",
-            },
-        ), patch.object(
-            llm_proxy.turn_credentials,
-            "resolve_lease_secret",
-            return_value=("OPENROUTER_API_KEY", "sk-test"),
-        ), patch.object(llm_proxy.urllib.request, "urlopen", return_value=FakeResponse()):
-            handled = llm_proxy.handle_proxy_request(
-                handler,
-                "/internal/llm/openrouter/v1/chat/completions",
-                "POST",
-                b'{"stream":true}',
-                resolve_secret=lambda *_args: ("OPENROUTER_API_KEY", "sk-test"),
-            )
-
-        self.assertTrue(handled)
-        self.assertEqual(handler.status, 200)
-        self.assertEqual(handler.wfile.writes, [b"data: one\n\n", b"data: two\n\n"])
-        self.assertEqual(handler.wfile.flushes, 2)
-
-    def test_lease_rejects_profile_mismatch(self) -> None:
-        class FakeHandler:
-            client_address = ("172.19.0.2", 1234)
-            headers = {
-                "Authorization": "Bearer wf_rt_test",
-                "X-Workframe-Profile": "u-bob-architect",
-            }
-
-            def __init__(self) -> None:
-                self.wfile = type("W", (), {"write": lambda *_a, **_k: None})()
-                self.status = 0
-                self.body = b""
-
-            def send_response(self, status: int) -> None:
-                self.status = status
-
-            def send_header(self, _key: str, _value: str) -> None:
-                pass
-
-            def end_headers(self) -> None:
-                pass
-
-        handler = FakeHandler()
-        with patch.object(
-            llm_proxy.turn_credentials,
-            "validate_lease",
-            return_value={
-                "provider": "openrouter",
-                "profile_slug": "u-alice-architect",
-            },
-        ):
-            handled = llm_proxy.handle_proxy_request(
-                handler,
-                "/internal/llm/openrouter/v1/models",
-                "GET",
-                None,
-                resolve_secret=lambda *_args: ("OPENROUTER_API_KEY", "sk-test"),
-            )
-        self.assertTrue(handled)
-        self.assertEqual(handler.status, 403)
-
-
-if __name__ == "__main__":
-    unittest.main()

package/workframe-api/tests/test_login_access_policy.py

@@ -1,183 +0,0 @@
-"""Invite-only login for multi-user modes post-install."""
-
-from __future__ import annotations
-
-import hashlib
-import tempfile
-import time
-import unittest
-import uuid
-from pathlib import Path
-from unittest import mock
-
-import server
-import stack_config
-from db_setup import ensure_workframe_schemas
-
-
-class LoginAccessPolicyTests(unittest.TestCase):
-    def setUp(self) -> None:
-        self._tmp = tempfile.TemporaryDirectory()
-        self.addCleanup(self._tmp.cleanup)
-        self._old_data_dir = server.DATA_DIR
-        self._old_auth_db_path = server.AUTH_DB_PATH
-        self._old_mode = server.DEPLOYMENT_MODE
-        self._old_dev = server.DEV_LOCAL_UNSAFE
-        server.DATA_DIR = Path(self._tmp.name)
-        server.AUTH_DB_PATH = Path(self._tmp.name) / "auth.db"
-        server.DEV_LOCAL_UNSAFE = False
-        ensure_workframe_schemas()
-        stack_config.patch_stack_config({"install_complete": True, "deployment_mode": "public_multi_user"})
-        server.DEPLOYMENT_MODE = "public_multi_user"
-
-        self.workspace_id = "ws-closed"
-        self.owner_id = "user-owner"
-        self.owner_email = "owner@biz.test"
-        conn = server._workframe_db()
-        try:
-            now = str(int(time.time()))
-            conn.execute(
-                "INSERT INTO users (id, email, display_name, role, status, created_at, updated_at) VALUES (?,?,?,?,?,?,?)",
-                (self.owner_id, self.owner_email, "Owner", "owner", "active", now, now),
-            )
-            conn.execute(
-                """
-                INSERT INTO workspaces (id, slug, display_name, owner_id, status, created_at, updated_at)
-                VALUES (?, ?, ?, ?, ?, ?, ?)
-                """,
-                (self.workspace_id, "default", "Acme Corp", self.owner_id, "active", now, now),
-            )
-            conn.execute(
-                """
-                INSERT INTO workspace_memberships (id, workspace_id, user_id, role, status, created_at, updated_at)
-                VALUES (?, ?, ?, ?, ?, ?, ?)
-                """,
-                ("wm-owner", self.workspace_id, self.owner_id, "owner", "active", now, now),
-            )
-            conn.commit()
-        finally:
-            conn.close()
-
-    def tearDown(self) -> None:
-        server.DATA_DIR = self._old_data_dir
-        server.AUTH_DB_PATH = self._old_auth_db_path
-        server.DEPLOYMENT_MODE = self._old_mode
-        server.DEV_LOCAL_UNSAFE = self._old_dev
-
-    def test_stranger_denied_when_invite_only(self) -> None:
-        self.assertTrue(server._invite_only_login_enforced())
-        allowed, meta = server._email_allowed_to_authenticate("stranger@evil.test")
-        self.assertFalse(allowed)
-        self.assertEqual(meta["error"], "private_workspace")
-        self.assertIn("Acme Corp", meta["message"])
-
-    def test_owner_allowed(self) -> None:
-        allowed, _ = server._email_allowed_to_authenticate(self.owner_email)
-        self.assertTrue(allowed)
-
-    def test_pending_invitee_allowed(self) -> None:
-        invite_email = "invitee@partner.test"
-        token = "invite-token-secret"
-        conn = server._workframe_db()
-        try:
-            conn.execute(
-                """
-                INSERT INTO workspace_invites
-                (id, workspace_id, email, role, token_hash, invited_by_user_id, expires_at, created_at)
-                VALUES (?, ?, ?, ?, ?, ?, ?, ?)
-                """,
-                (
-                    "inv-1",
-                    self.workspace_id,
-                    invite_email,
-                    "member",
-                    hashlib.sha256(token.encode()).hexdigest(),
-                    self.owner_id,
-                    str(int(time.time()) + 3600),
-                    str(int(time.time())),
-                ),
-            )
-            conn.commit()
-        finally:
-            conn.close()
-        allowed, _ = server._email_allowed_to_authenticate(invite_email)
-        self.assertTrue(allowed)
-        self.assertTrue(server._invite_token_allows_email(token, invite_email))
-
-    def test_trusted_team_denies_stranger_post_install(self) -> None:
-        server.DEPLOYMENT_MODE = "trusted_team"
-        allowed, meta = server._email_allowed_to_authenticate("stranger@evil.test")
-        self.assertFalse(allowed)
-        self.assertEqual(meta["error"], "private_workspace")
-
-    def test_owner_claim_blocked_after_install(self) -> None:
-        conn = server._workframe_db()
-        try:
-            now = str(int(time.time()))
-            conn.execute(
-                "INSERT INTO workspaces (id, slug, display_name, owner_id, status, created_at, updated_at) VALUES (?,?,?,?,?,?,?)",
-                ("ws-unclaimed", "unclaimed", "Unclaimed", "", "active", now, now),
-            )
-            conn.commit()
-            promoted = server._promote_workspace_owner_if_unclaimed(conn, "ws-unclaimed", "user-attacker")
-            conn.commit()
-            row = conn.execute(
-                "SELECT owner_id FROM workspaces WHERE id = ?", ("ws-unclaimed",)
-            ).fetchone()
-        finally:
-            conn.close()
-        self.assertFalse(promoted)
-        self.assertEqual(str(row["owner_id"] or ""), "")
-
-    def test_install_stack_get_denied_anonymous_post_install(self) -> None:
-        from http.server import BaseHTTPRequestHandler
-
-        handler = mock.Mock(spec=BaseHTTPRequestHandler)
-        handler.command = "GET"
-        handler.path = "/api/install/stack"
-        handler.headers = {}
-        with mock.patch.object(server, "_install_window_open", return_value=False), mock.patch.object(
-            server, "_session_id_from_request", return_value=""
-        ):
-            self.assertFalse(server._auth_check(handler))
-
-    def _handler(self) -> server.Handler:
-        from io import BytesIO
-        from unittest.mock import MagicMock
-
-        sock = MagicMock()
-        sock.makefile.return_value = BytesIO()
-        return server.Handler(sock, ("127.0.0.1", 0), None)
-
-    def test_ensure_user_does_not_auto_join_when_invite_only(self) -> None:
-        stranger_id = str(uuid.uuid4())
-        stranger_email = "stranger@evil.test"
-        self._handler()._ensure_user(stranger_id, stranger_email, stranger_email)
-        conn = server._workframe_db()
-        try:
-            row = conn.execute(
-                "SELECT id FROM workspace_memberships WHERE workspace_id = ? AND user_id = ? AND deleted_at IS NULL",
-                (self.workspace_id, stranger_id),
-            ).fetchone()
-            self.assertIsNone(row)
-        finally:
-            conn.close()
-
-    @mock.patch.object(server, "_invite_only_login_enforced", return_value=False)
-    def test_ensure_user_auto_joins_when_not_invite_only(self, _enforced: mock.MagicMock) -> None:
-        stranger_id = str(uuid.uuid4())
-        stranger_email = "open@dogfood.test"
-        self._handler()._ensure_user(stranger_id, stranger_email, stranger_email)
-        conn = server._workframe_db()
-        try:
-            row = conn.execute(
-                "SELECT id FROM workspace_memberships WHERE workspace_id = ? AND user_id = ? AND deleted_at IS NULL",
-                (self.workspace_id, stranger_id),
-            ).fetchone()
-            self.assertIsNotNone(row)
-        finally:
-            conn.close()
-
-
-if __name__ == "__main__":
-    unittest.main()

package/workframe-api/tests/test_mvp_model_bootstrap.py

@@ -1,75 +0,0 @@
-import importlib.util
-import tempfile
-import unittest
-from pathlib import Path
-from unittest.mock import patch
-
-API = Path(__file__).resolve().parents[1] / "server.py"
-spec = importlib.util.spec_from_file_location("server", API)
-server = importlib.util.module_from_spec(spec)
-assert spec and spec.loader
-spec.loader.exec_module(server)
-
-
-class MvpModelBootstrapTest(unittest.TestCase):
-    def test_apply_mvp_openrouter_writes_config_yaml(self) -> None:
-        with tempfile.TemporaryDirectory() as tmp:
-            root = Path(tmp)
-            prof_dir = root / "profiles" / "u-test-user-workframe-agent"
-            prof_dir.mkdir(parents=True)
-            (prof_dir / "profile.yaml").write_text(
-                "model:\n  default: openrouter/owl-alpha\n  provider: openrouter\n",
-                encoding="utf-8",
-            )
-            with patch.object(server, "HERMES_DATA", root):
-                ok = server._apply_mvp_model_for_provider("u-test-user-workframe-agent", "openrouter")
-            self.assertTrue(ok)
-            cfg = prof_dir / "config.yaml"
-            self.assertTrue(cfg.is_file())
-            text = cfg.read_text(encoding="utf-8")
-            self.assertIn("default: openrouter/owl-alpha", text)
-            self.assertIn("provider: openrouter", text)
-            self.assertIn("openrouter/nex-agi", text)
-            self.assertIn("nemotron-3-ultra", text)
-
-    def test_bootstrap_runtime_sets_model_when_missing(self) -> None:
-        with tempfile.TemporaryDirectory() as tmp:
-            root = Path(tmp)
-            runtime = "u-test-user-workframe-agent"
-            runtime_dir = root / "profiles" / runtime
-            runtime_dir.mkdir(parents=True)
-            (runtime_dir / ".env").write_text("OPENROUTER_API_KEY=sk-test\n", encoding="utf-8")
-            user_home = root / "profiles" / "user-test"
-            user_home.mkdir(parents=True)
-            (user_home / ".env").write_text("OPENROUTER_API_KEY=sk-test\n", encoding="utf-8")
-            with patch.object(server, "HERMES_DATA", root), patch.object(
-                server, "NATIVE_PROFILE", "workframe-agent"
-            ), patch.object(server, "_primary_profile", return_value="workframe-agent"), patch.object(
-                server, "resolve_hermes_profile", side_effect=lambda p: p
-            ), patch.object(server, "_prepare_runtime_profile_credentials", return_value=True), patch.object(
-                server, "_resolve_credential", return_value={"credential_ref": "env:OPENROUTER_API_KEY", "env_var": "OPENROUTER_API_KEY"}
-            ):
-                server._bootstrap_profile_providers(runtime, "user-test", "ws-1")
-            cfg = runtime_dir / "config.yaml"
-            self.assertTrue(cfg.is_file())
-            self.assertIn("openrouter/owl-alpha", cfg.read_text(encoding="utf-8"))
-
-    def test_profile_model_reads_nested_default_without_crossing_lines(self) -> None:
-        with tempfile.TemporaryDirectory() as tmp:
-            root = Path(tmp)
-            runtime = "u-test-user-workframe-agent"
-            runtime_dir = root / "profiles" / runtime
-            runtime_dir.mkdir(parents=True)
-            (runtime_dir / "config.yaml").write_text(
-                "model:\n"
-                "  provider: custom\n"
-                "  default: openrouter/owl-alpha\n"
-                "  base_url: http://workframe-api:8080/internal/llm/openrouter/v1\n",
-                encoding="utf-8",
-            )
-            with patch.object(server, "HERMES_DATA", root):
-                self.assertEqual(server._profile_model(runtime), "openrouter/owl-alpha")
-
-
-if __name__ == "__main__":
-    unittest.main()