npm - flowent - Versions diffs - 0.1.2 → 0.1.3 - Mend

flowent 0.1.2 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (51) hide show

package/backend/tests/test_permissions.py ADDED Viewed

@@ -0,0 +1,443 @@
+from pathlib import Path
+import pytest
+from fastapi.testclient import TestClient
+from flowent.main import create_app
+from flowent.permissions import WritablePathDecision, run_tool_with_path_permissions
+from flowent.sandbox import CommandResult, SandboxRunner
+from flowent.storage import StateStore
+from flowent.tools import ToolContext
+def test_app_state_persists_writable_paths_across_app_instances(
+    tmp_path, monkeypatch
+) -> None:
+    monkeypatch.setenv("FLOWENT_DATA_DIR", str(tmp_path / "data"))
+    monkeypatch.chdir(tmp_path)
+    client = TestClient(create_app(serve_frontend=False))
+    response = client.post(
+        "/api/permissions/writable-paths",
+        json={"path": "cache"},
+    )
+    assert response.status_code == 200
+    restarted_client = TestClient(create_app(serve_frontend=False))
+    state_response = restarted_client.get("/api/state")
+    assert state_response.status_code == 200
+    assert state_response.json()["writable_paths"][0]["path"] == str(tmp_path / "cache")
+    assert isinstance(state_response.json()["writable_paths"][0]["created_at"], int)
+def test_delete_writable_path_removes_permission(tmp_path, monkeypatch) -> None:
+    monkeypatch.setenv("FLOWENT_DATA_DIR", str(tmp_path / "data"))
+    monkeypatch.chdir(tmp_path)
+    client = TestClient(create_app(serve_frontend=False))
+    client.post("/api/permissions/writable-paths", json={"path": "cache"})
+    response = client.request(
+        "DELETE",
+        "/api/permissions/writable-paths",
+        json={"path": str(tmp_path / "cache")},
+    )
+    assert response.status_code == 200
+    assert response.json() == {"writable_paths": []}
+def test_writable_paths_are_saved_as_normalized_absolute_paths(
+    tmp_path, monkeypatch
+) -> None:
+    monkeypatch.setenv("FLOWENT_DATA_DIR", str(tmp_path / "data"))
+    monkeypatch.chdir(tmp_path)
+    store = StateStore()
+    store.save_writable_path(Path("cache") / ".." / "cache")
+    store.save_writable_path(tmp_path / "cache")
+    writable_paths = store.read_writable_paths()
+    assert [path.path for path in writable_paths] == [str(tmp_path / "cache")]
+@pytest.mark.anyio
+async def test_allow_once_runs_tool_with_declared_write_path(
+    tmp_path, monkeypatch
+) -> None:
+    cache_dir = tmp_path / "cache"
+    calls: list[list[Path]] = []
+    async def fake_run_async(self, command, **kwargs):
+        calls.append(self.writable_roots)
+        return CommandResult(
+            command=" ".join(command),
+            exit_code=0,
+            stderr="",
+            stdout="created",
+        )
+    async def approve(path: Path, reason: str) -> WritablePathDecision:
+        assert path == cache_dir
+        assert "shell command" in reason
+        return WritablePathDecision(decision="allow_once", path=path)
+    monkeypatch.setattr(SandboxRunner, "run_async", fake_run_async)
+    result = await run_tool_with_path_permissions(
+        "shell_command",
+        {
+            "additional_permissions": {"file_system": {"write": [str(cache_dir)]}},
+            "command": f"echo created > {cache_dir / 'file.txt'}",
+            "sandbox_permissions": "with_additional_permissions",
+        },
+        ToolContext(cwd=tmp_path / "work"),
+        request_writable_path=approve,
+        writable_paths=[],
+    )
+    assert result.ok
+    assert result.content == "created"
+    assert len(calls) == 1
+    assert cache_dir in calls[0]
+@pytest.mark.anyio
+async def test_always_allow_runs_tool_and_persists_declared_path(
+    tmp_path, monkeypatch
+) -> None:
+    monkeypatch.setenv("FLOWENT_DATA_DIR", str(tmp_path / "data"))
+    store = StateStore()
+    cache_dir = tmp_path / "cache"
+    async def fake_run_async(self, command, **kwargs):
+        assert cache_dir in self.writable_roots
+        return CommandResult(
+            command=" ".join(command),
+            exit_code=0,
+            stderr="",
+            stdout="created",
+        )
+    async def approve(path: Path, reason: str) -> WritablePathDecision:
+        saved = store.save_writable_path(path)
+        return WritablePathDecision(decision="always_allow", path=Path(saved.path))
+    monkeypatch.setattr(SandboxRunner, "run_async", fake_run_async)
+    result = await run_tool_with_path_permissions(
+        "shell_command",
+        {
+            "additional_permissions": {"file_system": {"write": [str(cache_dir)]}},
+            "command": f"mkdir -p {cache_dir}",
+            "sandbox_permissions": "with_additional_permissions",
+        },
+        ToolContext(cwd=tmp_path / "work"),
+        request_writable_path=approve,
+        writable_paths=[],
+    )
+    assert result.ok
+    assert [path.path for path in store.read_writable_paths()] == [str(cache_dir)]
+@pytest.mark.anyio
+async def test_deny_returns_failed_tool_result_before_running_command(
+    tmp_path, monkeypatch
+) -> None:
+    cache_dir = tmp_path / "cache"
+    calls = 0
+    async def fake_run_async(self, command, **kwargs):
+        nonlocal calls
+        calls += 1
+        return CommandResult(
+            command=" ".join(command),
+            exit_code=0,
+            stderr="",
+            stdout="created",
+        )
+    async def deny(path: Path, reason: str) -> WritablePathDecision:
+        return WritablePathDecision(decision="deny", path=path)
+    monkeypatch.setattr(SandboxRunner, "run_async", fake_run_async)
+    result = await run_tool_with_path_permissions(
+        "shell_command",
+        {
+            "additional_permissions": {"file_system": {"write": [str(cache_dir)]}},
+            "command": f"echo created > {cache_dir / 'file.txt'}",
+            "sandbox_permissions": "with_additional_permissions",
+        },
+        ToolContext(cwd=tmp_path / "work"),
+        request_writable_path=deny,
+        writable_paths=[],
+    )
+    assert not result.ok
+    assert "Permission denied for" in result.content
+    assert calls == 0
+@pytest.mark.anyio
+async def test_existing_writable_path_covers_declared_permission_request(
+    tmp_path, monkeypatch
+) -> None:
+    cache_dir = tmp_path / "cache"
+    requests = 0
+    async def fake_run_async(self, command, **kwargs):
+        assert cache_dir in self.writable_roots
+        return CommandResult(
+            command=" ".join(command),
+            exit_code=0,
+            stderr="",
+            stdout="created",
+        )
+    async def approve(path: Path, reason: str) -> WritablePathDecision:
+        nonlocal requests
+        requests += 1
+        return WritablePathDecision(decision="allow_once", path=path)
+    monkeypatch.setattr(SandboxRunner, "run_async", fake_run_async)
+    result = await run_tool_with_path_permissions(
+        "shell_command",
+        {
+            "additional_permissions": {"file_system": {"write": [str(cache_dir)]}},
+            "command": f"echo created > {cache_dir / 'file.txt'}",
+            "sandbox_permissions": "with_additional_permissions",
+        },
+        ToolContext(cwd=tmp_path / "work"),
+        request_writable_path=approve,
+        writable_paths=[cache_dir],
+    )
+    assert result.ok
+    assert requests == 0
+@pytest.mark.anyio
+async def test_multiple_declared_write_paths_request_each_missing_path(
+    tmp_path, monkeypatch
+) -> None:
+    first = tmp_path / "cache"
+    second = tmp_path / "downloads"
+    requested: list[Path] = []
+    async def fake_run_async(self, command, **kwargs):
+        assert first in self.writable_roots
+        assert second in self.writable_roots
+        return CommandResult(
+            command=" ".join(command),
+            exit_code=0,
+            stderr="",
+            stdout="created",
+        )
+    async def approve(path: Path, reason: str) -> WritablePathDecision:
+        requested.append(path)
+        return WritablePathDecision(decision="allow_once", path=path)
+    monkeypatch.setattr(SandboxRunner, "run_async", fake_run_async)
+    result = await run_tool_with_path_permissions(
+        "shell_command",
+        {
+            "additional_permissions": {
+                "file_system": {"write": [str(first), str(second)]}
+            },
+            "command": "touch done",
+            "sandbox_permissions": "with_additional_permissions",
+        },
+        ToolContext(cwd=tmp_path / "work"),
+        request_writable_path=approve,
+        writable_paths=[],
+    )
+    assert result.ok
+    assert requested == [first, second]
+@pytest.mark.anyio
+async def test_command_text_is_not_used_to_guess_permissions(
+    tmp_path, monkeypatch
+) -> None:
+    outside = tmp_path / "outside"
+    requests = 0
+    async def fake_run_async(self, command, **kwargs):
+        assert outside not in self.writable_roots
+        return CommandResult(
+            command=" ".join(command),
+            exit_code=1,
+            stderr=f"rm: cannot remove '{outside / 'file.txt'}': Read-only file system\n",
+            stdout="",
+        )
+    async def approve(path: Path, reason: str) -> WritablePathDecision:
+        nonlocal requests
+        requests += 1
+        return WritablePathDecision(decision="allow_once", path=path)
+    monkeypatch.setattr(SandboxRunner, "run_async", fake_run_async)
+    result = await run_tool_with_path_permissions(
+        "shell_command",
+        {"command": f"rm -f {outside / 'file.txt'}"},
+        ToolContext(cwd=tmp_path / "work"),
+        request_writable_path=approve,
+        writable_paths=[],
+    )
+    assert not result.ok
+    assert requests == 0
+@pytest.mark.anyio
+async def test_additional_permissions_require_matching_sandbox_permissions(
+    tmp_path, monkeypatch
+) -> None:
+    cache_dir = tmp_path / "cache"
+    calls = 0
+    async def fake_run_async(self, command, **kwargs):
+        nonlocal calls
+        calls += 1
+        return CommandResult(
+            command=" ".join(command),
+            exit_code=0,
+            stderr="",
+            stdout="created",
+        )
+    async def approve(path: Path, reason: str) -> WritablePathDecision:
+        return WritablePathDecision(decision="allow_once", path=path)
+    monkeypatch.setattr(SandboxRunner, "run_async", fake_run_async)
+    result = await run_tool_with_path_permissions(
+        "shell_command",
+        {
+            "additional_permissions": {"file_system": {"write": [str(cache_dir)]}},
+            "command": f"touch {cache_dir / 'file.txt'}",
+        },
+        ToolContext(cwd=tmp_path / "work"),
+        request_writable_path=approve,
+        writable_paths=[],
+    )
+    assert not result.ok
+    assert "with_additional_permissions" in result.content
+    assert calls == 0
+@pytest.mark.anyio
+async def test_apply_patch_requests_permission_for_outside_workdir_file(
+    tmp_path, monkeypatch
+) -> None:
+    work_dir = tmp_path / "work"
+    work_dir.mkdir()
+    outside_dir = tmp_path / "outside"
+    outside_dir.mkdir()
+    target = outside_dir / "notes.txt"
+    target.write_text("alpha\n")
+    requested: list[Path] = []
+    async def approve(path: Path, reason: str) -> WritablePathDecision:
+        requested.append(path)
+        return WritablePathDecision(decision="allow_once", path=path)
+    patch = f"""*** Begin Patch
+*** Update File: {target}
+@@
+-alpha
++beta
+*** End Patch
+"""
+    result = await run_tool_with_path_permissions(
+        "apply_patch",
+        {"patch": patch},
+        ToolContext(cwd=work_dir),
+        request_writable_path=approve,
+        writable_paths=[],
+    )
+    assert result.ok
+    assert requested == [outside_dir]
+    assert target.read_text() == "beta\n"
+@pytest.mark.anyio
+async def test_apply_patch_uses_existing_writable_path_without_request(
+    tmp_path, monkeypatch
+) -> None:
+    work_dir = tmp_path / "work"
+    work_dir.mkdir()
+    outside_dir = tmp_path / "outside"
+    outside_dir.mkdir()
+    target = outside_dir / "notes.txt"
+    target.write_text("alpha\n")
+    requests = 0
+    async def approve(path: Path, reason: str) -> WritablePathDecision:
+        nonlocal requests
+        requests += 1
+        return WritablePathDecision(decision="allow_once", path=path)
+    patch = f"""*** Begin Patch
+*** Update File: {target}
+@@
+-alpha
++beta
+*** End Patch
+"""
+    result = await run_tool_with_path_permissions(
+        "apply_patch",
+        {"patch": patch},
+        ToolContext(cwd=work_dir),
+        request_writable_path=approve,
+        writable_paths=[outside_dir],
+    )
+    assert result.ok
+    assert requests == 0
+    assert target.read_text() == "beta\n"
+@pytest.mark.anyio
+async def test_denied_apply_patch_does_not_modify_file(tmp_path) -> None:
+    work_dir = tmp_path / "work"
+    work_dir.mkdir()
+    outside_dir = tmp_path / "outside"
+    outside_dir.mkdir()
+    target = outside_dir / "notes.txt"
+    target.write_text("alpha\n")
+    async def deny(path: Path, reason: str) -> WritablePathDecision:
+        return WritablePathDecision(decision="deny", path=path)
+    patch = f"""*** Begin Patch
+*** Update File: {target}
+@@
+-alpha
++beta
+*** End Patch
+"""
+    result = await run_tool_with_path_permissions(
+        "apply_patch",
+        {"patch": patch},
+        ToolContext(cwd=work_dir),
+        request_writable_path=deny,
+        writable_paths=[],
+    )
+    assert not result.ok
+    assert "Permission denied for" in result.content
+    assert target.read_text() == "alpha\n"

package/backend/tests/test_workspace_chat.py CHANGED Viewed

@@ -872,3 +872,130 @@ def test_workspace_marks_draft_complete_when_stream_finishes(
     assert assistant["author"] == "assistant"
     assert assistant["content"] == "Done."
     assert assistant.get("status", "completed") == "completed"
+@pytest.mark.anyio
+async def test_workspace_run_continues_without_stream_consumer(
+    tmp_path, monkeypatch
+) -> None:
+    monkeypatch.chdir(tmp_path)
+    monkeypatch.setenv("FLOWENT_DATA_DIR", str(tmp_path / "data"))
+    first_chunk_sent = asyncio.Event()
+    finish_response = asyncio.Event()
+    async def fake_completion(**request: object) -> object:
+        async def chunks() -> object:
+            yield {"choices": [{"delta": {"content": "Partial "}}]}
+            first_chunk_sent.set()
+            await asyncio.wait_for(finish_response.wait(), timeout=2)
+            yield {"choices": [{"delta": {"content": "answer."}}]}
+        return chunks()
+    app = create_app(serve_frontend=False, chat_completion=fake_completion)
+    async with httpx.AsyncClient(
+        transport=httpx.ASGITransport(app=app), base_url="http://testserver"
+    ) as client:
+        await configure_provider_async(client)
+        response = await client.post(
+            "/api/workspace/runs",
+            json={"content": "Keep working."},
+        )
+        assert response.status_code == 200
+        await asyncio.wait_for(first_chunk_sent.wait(), timeout=2)
+        finish_response.set()
+        for _ in range(20):
+            state = (await client.get("/api/state")).json()
+            assistant = state["messages"][-1]
+            if (
+                assistant["author"] == "assistant"
+                and assistant.get("status", "completed") == "completed"
+            ):
+                break
+            await asyncio.sleep(0.05)
+        else:
+            raise AssertionError("Workspace run did not complete.")
+    assert assistant["content"] == "Partial answer."
+@pytest.mark.anyio
+async def test_workspace_state_exposes_active_run_for_reconnect(
+    tmp_path, monkeypatch
+) -> None:
+    monkeypatch.chdir(tmp_path)
+    monkeypatch.setenv("FLOWENT_DATA_DIR", str(tmp_path / "data"))
+    first_chunk_sent = asyncio.Event()
+    finish_response = asyncio.Event()
+    async def fake_completion(**request: object) -> object:
+        async def chunks() -> object:
+            yield {"choices": [{"delta": {"content": "First "}}]}
+            first_chunk_sent.set()
+            await asyncio.wait_for(finish_response.wait(), timeout=2)
+            yield {"choices": [{"delta": {"content": "second."}}]}
+        return chunks()
+    app = create_app(serve_frontend=False, chat_completion=fake_completion)
+    async with httpx.AsyncClient(
+        transport=httpx.ASGITransport(app=app), base_url="http://testserver"
+    ) as client:
+        await configure_provider_async(client)
+        response = await client.post(
+            "/api/workspace/runs",
+            json={"content": "Continue if I reconnect."},
+        )
+        run_id = response.json()["run_id"]
+        await asyncio.wait_for(first_chunk_sent.wait(), timeout=2)
+        state = (await client.get("/api/state")).json()
+        event_index = state["active_run_event_index"]
+        finish_response.set()
+        stream_response = await client.get(
+            f"/api/workspace/runs/{run_id}/stream?after={event_index}"
+        )
+    assert state["active_run_id"] == run_id
+    assert event_index > 0
+    events = stream_events(stream_response.text)
+    assert {"event": "delta", "data": '{"content": "First "}'} not in events
+    assert {"event": "delta", "data": '{"content": "second."}'} in events
+@pytest.mark.anyio
+async def test_workspace_clear_removes_running_run_draft(tmp_path, monkeypatch) -> None:
+    monkeypatch.chdir(tmp_path)
+    monkeypatch.setenv("FLOWENT_DATA_DIR", str(tmp_path / "data"))
+    first_chunk_sent = asyncio.Event()
+    finish_response = asyncio.Event()
+    async def fake_completion(**request: object) -> object:
+        async def chunks() -> object:
+            yield {"choices": [{"delta": {"content": "Partial"}}]}
+            first_chunk_sent.set()
+            await finish_response.wait()
+        return chunks()
+    app = create_app(serve_frontend=False, chat_completion=fake_completion)
+    async with httpx.AsyncClient(
+        transport=httpx.ASGITransport(app=app), base_url="http://testserver"
+    ) as client:
+        await configure_provider_async(client)
+        response = await client.post(
+            "/api/workspace/runs",
+            json={"content": "Keep working."},
+        )
+        assert response.status_code == 200
+        await asyncio.wait_for(first_chunk_sent.wait(), timeout=2)
+        clear_response = await client.put(
+            "/api/workspace/messages",
+            json={"messages": []},
+        )
+        await asyncio.sleep(0)
+        state = (await client.get("/api/state")).json()
+    assert clear_response.status_code == 200
+    assert state["messages"] == []
+    assert state["active_run_id"] is None

package/backend/uv.lock CHANGED Viewed

@@ -462,7 +462,7 @@ wheels = [
 [[package]]
 name = "flowent"
-version = "0.1.2"
+version = "0.1.3"
 source = { editable = "." }
 dependencies = [
     { name = "fastapi", extra = ["standard"] },