insforge 1.3.0 → 1.4.8

package/backend/tests/manual/test-ai-model-plugins.sh

@@ -0,0 +1,258 @@
+#!/bin/bash
+
+# AI Web Search and Thinking mode test script
+# Tests the new webSearch and thinking parameters for chat completion
+
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+source "$SCRIPT_DIR/../test-config.sh"
+
+echo "🧪 Testing AI Web Search and Thinking features..."
+
+API_BASE="$TEST_API_BASE"
+ADMIN_TOKEN=""
+
+# Get admin token
+echo "🔑 Getting admin token..."
+ADMIN_TOKEN=$(get_admin_token)
+
+if [ -z "$ADMIN_TOKEN" ]; then
+    print_fail "Failed to get admin token"
+    exit 1
+fi
+print_success "Got admin token"
+echo ""
+
+# 1. Test chat completion with Web Search
+echo "🔍 Test 1: Chat completion with Web Search..."
+websearch_response=$(curl -s -w "\n%{http_code}" -X POST "$API_BASE/ai/chat/completion" \
+    -H "Authorization: Bearer $ADMIN_TOKEN" \
+    -H "Content-Type: application/json" \
+    -d '{
+        "model": "openai/gpt-4o",
+        "messages": [{"role": "user", "content": "What are the latest AI news today?"}],
+        "webSearch": {
+            "enabled": true,
+            "maxResults": 3
+        }
+    }')
+
+status=$(echo "$websearch_response" | tail -n 1)
+body=$(echo "$websearch_response" | sed '$d')
+
+if [ "$status" -eq 200 ]; then
+    print_success "Chat completion with Web Search succeeded"
+    # Check if annotations are present in the response
+    if echo "$body" | grep -q "annotations"; then
+        print_success "Response contains URL citations (annotations)"
+    else
+        echo "Note: No annotations in response (may depend on model/query)"
+    fi
+    echo "Response preview: $(echo "$body" | head -c 500)"
+    echo ""
+else
+    print_fail "Chat completion with Web Search failed (status: $status)"
+    echo "Response: $body"
+    track_test_failure
+fi
+echo ""
+
+# 2. Test chat completion with Web Search using Exa engine
+echo "🔍 Test 2: Chat completion with Web Search (Exa engine)..."
+exa_response=$(curl -s -w "\n%{http_code}" -X POST "$API_BASE/ai/chat/completion" \
+    -H "Authorization: Bearer $ADMIN_TOKEN" \
+    -H "Content-Type: application/json" \
+    -d '{
+        "model": "openai/gpt-4o",
+        "messages": [{"role": "user", "content": "What is the current weather in Tokyo?"}],
+        "webSearch": {
+            "enabled": true,
+            "engine": "exa",
+            "maxResults": 2
+        }
+    }')
+
+status=$(echo "$exa_response" | tail -n 1)
+body=$(echo "$exa_response" | sed '$d')
+
+if [ "$status" -eq 200 ]; then
+    print_success "Chat completion with Exa Web Search succeeded"
+    echo "Response preview: $(echo "$body" | head -c 500)"
+    echo ""
+else
+    print_fail "Chat completion with Exa Web Search failed (status: $status)"
+    echo "Response: $body"
+    track_test_failure
+fi
+echo ""
+
+# 3. Test chat completion with Thinking mode
+echo "🧠 Test 3: Chat completion with Thinking mode..."
+thinking_response=$(curl -s -w "\n%{http_code}" -X POST "$API_BASE/ai/chat/completion" \
+    -H "Authorization: Bearer $ADMIN_TOKEN" \
+    -H "Content-Type: application/json" \
+    -d '{
+        "model": "anthropic/claude-3.7-sonnet:thinking",
+        "messages": [{"role": "user", "content": "What is 15 + 27?"}]
+    }')
+
+status=$(echo "$thinking_response" | tail -n 1)
+body=$(echo "$thinking_response" | sed '$d')
+
+if [ "$status" -eq 200 ]; then
+    print_success "Chat completion with Thinking mode succeeded"
+    echo "Response preview: $(echo "$body" | head -c 500)"
+    echo ""
+else
+    print_fail "Chat completion with Thinking mode failed (status: $status)"
+    echo "Response: $body"
+    track_test_failure
+fi
+echo ""
+
+# 4. Test chat completion with both Web Search and Thinking
+echo "🔍🧠 Test 4: Chat completion with Web Search + Thinking..."
+combined_response=$(curl -s -w "\n%{http_code}" -X POST "$API_BASE/ai/chat/completion" \
+    -H "Authorization: Bearer $ADMIN_TOKEN" \
+    -H "Content-Type: application/json" \
+    -d '{
+        "model": "anthropic/claude-3.7-sonnet",
+        "messages": [{"role": "user", "content": "What are the recent developments in AI?"}],
+        "webSearch": {
+            "enabled": true,
+            "engine": "native",
+            "maxResults": 3
+        },
+        "thinking": true
+    }')
+
+status=$(echo "$combined_response" | tail -n 1)
+body=$(echo "$combined_response" | sed '$d')
+
+if [ "$status" -eq 200 ]; then
+    print_success "Chat completion with Web Search + Thinking succeeded"
+    echo "Response preview: $(echo "$body" | head -c 500)"
+    echo ""
+else
+    print_fail "Chat completion with Web Search + Thinking failed (status: $status)"
+    echo "Response: $body"
+    track_test_failure
+fi
+echo ""
+
+# 5. Test streaming with Web Search
+echo "📡 Test 5: Streaming chat with Web Search..."
+echo "Streaming response (first 20 events):"
+stream_output=$(curl -s -N -X POST "$API_BASE/ai/chat/completion" \
+    -H "Authorization: Bearer $ADMIN_TOKEN" \
+    -H "Content-Type: application/json" \
+    -d '{
+        "model": "openai/gpt-4o",
+        "messages": [{"role": "user", "content": "Latest tech news in one sentence"}],
+        "stream": true,
+        "webSearch": {
+            "enabled": true,
+            "maxResults": 2
+        }
+    }' 2>&1 | head -20)
+
+echo "$stream_output"
+
+if echo "$stream_output" | grep -q "data:"; then
+    print_success "Streaming with Web Search returned SSE events"
+else
+    print_fail "Streaming with Web Search did not return expected SSE format"
+    track_test_failure
+fi
+echo ""
+
+# 6. Test streaming with Thinking mode
+echo "📡 Test 6: Streaming chat with Thinking mode..."
+echo "Streaming response (first 20 events):"
+thinking_stream=$(curl -s -N -X POST "$API_BASE/ai/chat/completion" \
+    -H "Authorization: Bearer $ADMIN_TOKEN" \
+    -H "Content-Type: application/json" \
+    -d '{
+        "model": "anthropic/claude-3.7-sonnet",
+        "messages": [{"role": "user", "content": "What is 2+2?"}],
+        "stream": true,
+        "thinking": true
+    }' 2>&1 | head -20)
+
+echo "$thinking_stream"
+
+if echo "$thinking_stream" | grep -q "data:"; then
+    print_success "Streaming with Thinking mode returned SSE events"
+else
+    print_fail "Streaming with Thinking mode did not return expected SSE format"
+    track_test_failure
+fi
+echo ""
+
+# 7. Test Web Search with custom search prompt
+echo "🔍 Test 7: Web Search with custom search prompt..."
+custom_prompt_response=$(curl -s -w "\n%{http_code}" -X POST "$API_BASE/ai/chat/completion" \
+    -H "Authorization: Bearer $ADMIN_TOKEN" \
+    -H "Content-Type: application/json" \
+    -d '{
+        "model": "openai/gpt-4o",
+        "messages": [{"role": "user", "content": "Tell me about SpaceX launches"}],
+        "webSearch": {
+            "enabled": true,
+            "maxResults": 3,
+            "searchPrompt": "Here are some relevant web search results about SpaceX:"
+        }
+    }')
+
+status=$(echo "$custom_prompt_response" | tail -n 1)
+body=$(echo "$custom_prompt_response" | sed '$d')
+
+if [ "$status" -eq 200 ]; then
+    print_success "Web Search with custom prompt succeeded"
+    echo "Response preview: $(echo "$body" | head -c 500)"
+    echo ""
+else
+    print_fail "Web Search with custom prompt failed (status: $status)"
+    echo "Response: $body"
+    track_test_failure
+fi
+echo ""
+
+# 8. Test PDF file processing with file-parser plugin
+# Note: Using pdf-text engine (free) instead of native, as native requires models with built-in PDF support
+# For URL-based PDFs, OpenRouter's file-parser plugin will fetch and parse the PDF
+echo "📄 Test 8: PDF file processing with file-parser plugin..."
+pdf_response=$(curl -s -w "\n%{http_code}" -X POST "$API_BASE/ai/chat/completion" \
+    -H "Authorization: Bearer $ADMIN_TOKEN" \
+    -H "Content-Type: application/json" \
+    -d '{
+        "model": "openai/gpt-4o",
+        "messages": [{
+            "role": "user",
+            "content": [
+                {"type": "text", "text": "Please summarize the content of this PDF document."},
+                {"type": "file", "file": {"filename": "sample.pdf", "file_data": "https://pdfco-test-files.s3.us-west-2.amazonaws.com/pdf-to-csv/sample.pdf"}}
+            ]
+        }],
+        "fileParser": {
+            "enabled": true,
+            "pdf": {
+                "engine": "pdf-text"
+            }
+        }
+    }')
+
+status=$(echo "$pdf_response" | tail -n 1)
+body=$(echo "$pdf_response" | sed '$d')
+
+if [ "$status" -eq 200 ]; then
+    print_success "PDF file processing succeeded"
+    echo "Response preview: $(echo "$body" | head -c 800)"
+    echo ""
+else
+    print_fail "PDF file processing failed (status: $status)"
+    echo "Response: $body"
+    track_test_failure
+fi
+echo ""
+
+print_success "🎉 AI Web Search and Thinking test completed!"

package/backend/tests/manual/test-rawsql-modes.sh

@@ -74,7 +74,7 @@ test_endpoint \
     "STRICT" \
     "rawsql" \
     "Allow SELECT from system table" \
-    "SELECT * FROM _secrets LIMIT 1;" \
+    "SELECT * FROM system.secrets LIMIT 1;" \
     "pass"
 
 # Test 2: Strict mode blocks system table INSERT
@@ -82,7 +82,7 @@ test_endpoint \
     "STRICT" \
     "rawsql" \
     "Block INSERT into system table" \
-    "INSERT INTO _secrets (name, value_ciphertext) VALUES ('test', 'value');" \
+    "INSERT INTO system.secrets (name, value_ciphertext) VALUES ('test', 'value');" \
     "fail"
 
 # Test 3: Strict mode blocks pg_catalog
@@ -101,20 +101,20 @@ test_endpoint \
     "SELECT * FROM information_schema.tables LIMIT 1;" \
     "fail"
 
-# Test 5: Strict mode blocks INSERT into users
+# Test 5: Strict mode blocks INSERT into auth.users
 test_endpoint \
     "STRICT" \
     "rawsql" \
-    "Block INSERT into users table" \
-    "INSERT INTO users (id, nickname) VALUES (gen_random_uuid(), 'testuser');" \
+    "Block INSERT into auth.users table" \
+    "INSERT INTO auth.users (id, email, metadata) VALUES (gen_random_uuid(), 'test@example.com', '{}');" \
     "fail"
 
 # Test 6: Strict mode allows regular table operations
 test_endpoint \
     "STRICT" \
     "rawsql" \
-    "Allow SELECT from regular table" \
-    "SELECT COUNT(*) FROM users;" \
+    "Allow SELECT from auth.users table" \
+    "SELECT COUNT(*) FROM auth.users;" \
     "pass"
 
 echo -e "${BLUE}=== RELAXED MODE TESTS (/rawsql/unrestricted) ===${NC}"
@@ -125,7 +125,7 @@ test_endpoint \
     "RELAXED" \
     "rawsql/unrestricted" \
     "Allow SELECT from system table" \
-    "SELECT * FROM _secrets LIMIT 1;" \
+    "SELECT * FROM system.secrets LIMIT 1;" \
     "pass"
 
 # Test 8: Relaxed mode allows INSERT into system table
@@ -133,7 +133,7 @@ test_endpoint \
     "RELAXED" \
     "rawsql/unrestricted" \
     "Allow INSERT into system table" \
-    "INSERT INTO _audit_logs (actor, action, module) VALUES ('test_actor', 'TEST_ACTION', 'TEST_MODULE');" \
+    "INSERT INTO system.audit_logs (actor, action, module) VALUES ('test_actor', 'TEST_ACTION', 'TEST_MODULE');" \
     "pass"
 
 # Test 9: Relaxed mode blocks UPDATE system table
@@ -141,7 +141,7 @@ test_endpoint \
     "RELAXED" \
     "rawsql/unrestricted" \
     "Block UPDATE system table" \
-    "UPDATE _audit_logs SET actor = 'updated' WHERE action = 'TEST_ACTION';" \
+    "UPDATE system.audit_logs SET actor = 'updated' WHERE action = 'TEST_ACTION';" \
     "fail"
 
 # Test 10: Relaxed mode blocks DELETE FROM system table
@@ -149,7 +149,7 @@ test_endpoint \
     "RELAXED" \
     "rawsql/unrestricted" \
     "Block DELETE FROM system table" \
-    "DELETE FROM _audit_logs WHERE action = 'TEST_ACTION';" \
+    "DELETE FROM system.audit_logs WHERE action = 'TEST_ACTION';" \
     "fail"
 
 # Test 11: Relaxed mode blocks DROP system table
@@ -157,31 +157,31 @@ test_endpoint \
     "RELAXED" \
     "rawsql/unrestricted" \
     "Block DROP system table" \
-    "DROP TABLE _secrets;" \
+    "DROP TABLE system.secrets;" \
     "fail"
 
-# Test 12: Relaxed mode allows SELECT from users (INSERT requires foreign key to _accounts, so skip)
+# Test 12: Relaxed mode allows SELECT from auth.users
 test_endpoint \
     "RELAXED" \
     "rawsql/unrestricted" \
-    "Allow SELECT from users table" \
-    "SELECT COUNT(*) FROM users;" \
+    "Allow SELECT from auth.users table" \
+    "SELECT COUNT(*) FROM auth.users;" \
     "pass"
 
-# Test 13: Relaxed mode blocks DROP users table
+# Test 13: Relaxed mode blocks DROP auth.users table
 test_endpoint \
     "RELAXED" \
     "rawsql/unrestricted" \
-    "Block DROP users table" \
-    "DROP TABLE users;" \
+    "Block DROP auth.users table" \
+    "DROP TABLE auth.users;" \
     "fail"
 
-# Test 14: Relaxed mode blocks RENAME users table
+# Test 14: Relaxed mode blocks RENAME auth.users table
 test_endpoint \
     "RELAXED" \
     "rawsql/unrestricted" \
-    "Block RENAME users table" \
-    "ALTER TABLE users RENAME TO users_backup;" \
+    "Block RENAME auth.users table" \
+    "ALTER TABLE auth.users RENAME TO users_backup;" \
     "fail"
 
 echo -e "${BLUE}=== BOTH MODES - DATABASE LEVEL BLOCKS ===${NC}"
@@ -226,18 +226,18 @@ echo ""
 echo -e "${GREEN}STRICT MODE (/rawsql):${NC}"
 echo "  - ✅ Allows SELECT from system tables (read-only)"
 echo "  - ❌ Blocks INSERT/UPDATE/DELETE/DROP/ALTER on system tables"
-echo "  - ❌ Blocks ALL operations on users table"
+echo "  - ❌ Blocks ALL operations on auth.users table"
 echo "  - ❌ Blocks pg_catalog and information_schema"
 echo "  - ❌ Blocks database-level operations"
 echo ""
 echo -e "${GREEN}RELAXED MODE (/rawsql/unrestricted):${NC}"
 echo "  - ✅ Allows SELECT from system tables"
 echo "  - ✅ Allows INSERT into system tables"
-echo "  - ✅ Allows SELECT from users table"
+echo "  - ✅ Allows SELECT from auth.users table"
 echo "  - ❌ Blocks UPDATE of system tables"
 echo "  - ❌ Blocks DELETE FROM system tables"
 echo "  - ❌ Blocks DROP/ALTER/TRUNCATE system tables"
-echo "  - ❌ Blocks DROP/RENAME users table"
+echo "  - ❌ Blocks DROP/RENAME auth.users table"
 echo "  - ❌ Blocks pg_catalog and information_schema"
 echo "  - ❌ Blocks database-level operations"
 echo ""