PyPI - arthexis - Versions diffs - 0.1.16__py3-none-any.whl → 0.1.26__py3-none-any.whl - Mend

arthexis 0.1.16py3-none-any.whl → 0.1.26py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of arthexis might be problematic. Click here for more details.

Files changed (63) hide show

{arthexis-0.1.16.dist-info → arthexis-0.1.26.dist-info}/METADATA +84 -35
arthexis-0.1.26.dist-info/RECORD +111 -0
config/asgi.py +1 -15
config/middleware.py +47 -1
config/settings.py +15 -30
config/urls.py +53 -1
core/admin.py +540 -450
core/apps.py +0 -6
core/auto_upgrade.py +19 -4
core/backends.py +13 -3
core/changelog.py +66 -5
core/environment.py +4 -5
core/models.py +1566 -203
core/notifications.py +1 -1
core/reference_utils.py +10 -11
core/release.py +55 -7
core/sigil_builder.py +2 -2
core/sigil_resolver.py +1 -66
core/system.py +268 -2
core/tasks.py +174 -48
core/tests.py +314 -16
core/user_data.py +42 -2
core/views.py +278 -183
nodes/admin.py +557 -65
nodes/apps.py +11 -0
nodes/models.py +658 -113
nodes/rfid_sync.py +1 -1
nodes/tasks.py +97 -2
nodes/tests.py +1212 -116
nodes/urls.py +15 -1
nodes/utils.py +51 -3
nodes/views.py +1239 -154
ocpp/admin.py +979 -152
ocpp/consumers.py +268 -28
ocpp/models.py +488 -3
ocpp/network.py +398 -0
ocpp/store.py +6 -4
ocpp/tasks.py +296 -2
ocpp/test_export_import.py +1 -0
ocpp/test_rfid.py +121 -4
ocpp/tests.py +950 -11
ocpp/transactions_io.py +9 -1
ocpp/urls.py +3 -3
ocpp/views.py +596 -51
pages/admin.py +262 -30
pages/apps.py +35 -0
pages/context_processors.py +26 -21
pages/defaults.py +1 -1
pages/forms.py +31 -8
pages/middleware.py +6 -2
pages/models.py +77 -2
pages/module_defaults.py +5 -5
pages/site_config.py +137 -0
pages/tests.py +885 -109
pages/urls.py +13 -2
pages/utils.py +70 -0
pages/views.py +558 -55
arthexis-0.1.16.dist-info/RECORD +0 -111
core/workgroup_urls.py +0 -17
core/workgroup_views.py +0 -94
{arthexis-0.1.16.dist-info → arthexis-0.1.26.dist-info}/WHEEL +0 -0
{arthexis-0.1.16.dist-info → arthexis-0.1.26.dist-info}/licenses/LICENSE +0 -0
{arthexis-0.1.16.dist-info → arthexis-0.1.26.dist-info}/top_level.txt +0 -0

nodes/tests.py CHANGED Viewed

@@ -2,6 +2,7 @@ import os
 os.environ.setdefault("DJANGO_SETTINGS_MODULE", "config.settings")
 import django
+import pytest
 try:  # Use the pytest-specific setup when available for database readiness
     from tests.conftest import safe_setup as _safe_setup  # type: ignore
@@ -14,10 +15,11 @@ else:  # pragma: no cover - fallback when pytest fixtures are unavailable
     django.setup()
 from pathlib import Path
-from types import SimpleNamespace
+from types import MethodType, SimpleNamespace
 import unittest.mock as mock
 from unittest.mock import patch, call, MagicMock
 from django.core import mail
+from django.core.cache import cache
 from django.core.mail import EmailMessage
 from django.core.management import call_command
 import socket
@@ -30,14 +32,23 @@ import stat
 import time
 from datetime import datetime, timedelta
-from django.test import Client, SimpleTestCase, TestCase, TransactionTestCase, override_settings
+from django.test import (
+    Client,
+    RequestFactory,
+    SimpleTestCase,
+    TestCase,
+    TransactionTestCase,
+    override_settings,
+)
 from django.urls import reverse
 from django.contrib.auth import get_user_model
 from django.contrib import admin
+from django.contrib.admin import helpers
 from django.contrib.auth.models import Permission
 from django_celery_beat.models import IntervalSchedule, PeriodicTask
 from django.conf import settings
 from django.utils import timezone
+from urllib.parse import urlparse
 from dns import resolver as dns_resolver
 from . import dns as dns_utils
 from selenium.common.exceptions import WebDriverException
@@ -45,6 +56,7 @@ from .classifiers import run_default_classifiers
 from .utils import capture_rpi_snapshot, capture_screenshot, save_screenshot
 from django.db.utils import DatabaseError
+from .admin import NodeAdmin
 from .models import (
     Node,
     EmailOutbox,
@@ -56,28 +68,31 @@ from .models import (
     NodeFeature,
     NodeFeatureAssignment,
     NetMessage,
+    PendingNetMessage,
     NodeManager,
     DNSRecord,
 )
 from .backends import OutboxEmailBackend
-from .tasks import capture_node_screenshot, sample_clipboard
+from .tasks import capture_node_screenshot, poll_unreachable_upstream, sample_clipboard
+from ocpp.models import Charger
 from cryptography.hazmat.primitives.asymmetric import rsa, padding
 from cryptography.hazmat.primitives import serialization, hashes
-from core.models import Package, PackageRelease, SecurityGroup, RFID, EnergyAccount
+from core.models import Package, PackageRelease, SecurityGroup, RFID, EnergyAccount, Todo
+from requests.exceptions import SSLError
 class NodeBadgeColorTests(TestCase):
     def setUp(self):
-        self.constellation, _ = NodeRole.objects.get_or_create(name="Constellation")
+        self.watchtower, _ = NodeRole.objects.get_or_create(name="Watchtower")
         self.control, _ = NodeRole.objects.get_or_create(name="Control")
-    def test_constellation_role_defaults_to_goldenrod(self):
+    def test_watchtower_role_defaults_to_goldenrod(self):
         node = Node.objects.create(
-            hostname="constellation",
+            hostname="watchtower",
             address="10.1.0.1",
             port=8000,
             mac_address="00:aa:bb:cc:dd:01",
-            role=self.constellation,
+            role=self.watchtower,
         )
         self.assertEqual(node.badge_color, "#daa520")
@@ -97,7 +112,7 @@ class NodeBadgeColorTests(TestCase):
             address="10.1.0.3",
             port=8002,
             mac_address="00:aa:bb:cc:dd:03",
-            role=self.constellation,
+            role=self.watchtower,
             badge_color="#123456",
         )
         self.assertEqual(node.badge_color, "#123456")
@@ -110,6 +125,7 @@ class NodeTests(TestCase):
         self.user = User.objects.create_user(username="nodeuser", password="pwd")
         self.client.force_login(self.user)
         NodeRole.objects.get_or_create(name="Terminal")
+        NodeRole.objects.get_or_create(name="Interface")
 class NodeGetLocalDatabaseUnavailableTests(SimpleTestCase):
@@ -125,6 +141,12 @@ class NodeGetLocalDatabaseUnavailableTests(SimpleTestCase):
 class NodeGetLocalTests(TestCase):
+    def setUp(self):
+        super().setUp()
+        User = get_user_model()
+        self.user = User.objects.create_user(username="localtester", password="pwd")
+        self.client.force_login(self.user)
     def test_normalize_relation_handles_various_inputs(self):
         self.assertEqual(
             Node.normalize_relation(Node.Relation.UPSTREAM),
@@ -166,6 +188,7 @@ class NodeGetLocalTests(TestCase):
                     patch(
                         "nodes.models.socket.gethostbyname", return_value="127.0.0.1"
                     ),
+                    patch.object(Node, "_resolve_ip_addresses", return_value=([], [])),
                     patch("nodes.models.revision.get_revision", return_value="rev"),
                     patch.object(Node, "ensure_keys"),
                 ):
@@ -177,7 +200,7 @@ class NodeGetLocalTests(TestCase):
     def test_register_current_updates_role_from_lock_file(self):
         NodeRole.objects.get_or_create(name="Terminal")
-        NodeRole.objects.get_or_create(name="Constellation")
+        NodeRole.objects.get_or_create(name="Watchtower")
         with TemporaryDirectory() as tmp:
             base = Path(tmp)
             lock_dir = base / "locks"
@@ -194,6 +217,7 @@ class NodeGetLocalTests(TestCase):
                     patch(
                         "nodes.models.socket.gethostbyname", return_value="127.0.0.1"
                     ),
+                    patch.object(Node, "_resolve_ip_addresses", return_value=([], [])),
                     patch("nodes.models.revision.get_revision", return_value="rev"),
                     patch.object(Node, "ensure_keys"),
                     patch.object(Node, "notify_peers_of_update"),
@@ -202,7 +226,7 @@ class NodeGetLocalTests(TestCase):
             self.assertTrue(created)
             self.assertEqual(node.role.name, "Terminal")
-            role_file.write_text("Constellation")
+            role_file.write_text("Watchtower")
             with override_settings(BASE_DIR=base):
                 with (
                     patch(
@@ -213,6 +237,7 @@ class NodeGetLocalTests(TestCase):
                     patch(
                         "nodes.models.socket.gethostbyname", return_value="127.0.0.1"
                     ),
+                    patch.object(Node, "_resolve_ip_addresses", return_value=([], [])),
                     patch("nodes.models.revision.get_revision", return_value="rev"),
                     patch.object(Node, "ensure_keys"),
                     patch.object(Node, "notify_peers_of_update"),
@@ -221,7 +246,70 @@ class NodeGetLocalTests(TestCase):
             self.assertFalse(created_again)
             node.refresh_from_db()
-            self.assertEqual(node.role.name, "Constellation")
+            self.assertEqual(node.role.name, "Watchtower")
+            role_file.write_text("Constellation")
+            with override_settings(BASE_DIR=base):
+                with (
+                    patch(
+                        "nodes.models.Node.get_current_mac",
+                        return_value="00:aa:bb:cc:dd:ee",
+                    ),
+                    patch("nodes.models.socket.gethostname", return_value="role-host"),
+                    patch(
+                        "nodes.models.socket.gethostbyname", return_value="127.0.0.1"
+                    ),
+                    patch.object(Node, "_resolve_ip_addresses", return_value=([], [])),
+                    patch("nodes.models.revision.get_revision", return_value="rev"),
+                    patch.object(Node, "ensure_keys"),
+                    patch.object(Node, "notify_peers_of_update"),
+                ):
+                    Node.register_current()
+            node.refresh_from_db()
+            self.assertEqual(node.role.name, "Watchtower")
+    def test_register_current_respects_node_hostname_env(self):
+        with TemporaryDirectory() as tmp:
+            base = Path(tmp)
+            with override_settings(BASE_DIR=base):
+                with (
+                    patch.dict(os.environ, {"NODE_HOSTNAME": "gway-002"}, clear=False),
+                    patch("nodes.models.Node.get_current_mac", return_value="00:11:22:33:44:55"),
+                    patch("nodes.models.socket.gethostname", return_value="localhost"),
+                    patch("nodes.models.socket.gethostbyname", return_value="127.0.0.1"),
+                    patch.object(Node, "_resolve_ip_addresses", return_value=([], [])),
+                    patch("nodes.models.revision.get_revision", return_value="rev"),
+                    patch.object(Node, "ensure_keys"),
+                    patch.object(Node, "notify_peers_of_update"),
+                ):
+                    node, created = Node.register_current()
+        self.assertTrue(created)
+        self.assertEqual(node.hostname, "gway-002")
+        self.assertEqual(node.public_endpoint, "gway-002")
+    def test_register_current_respects_public_endpoint_env(self):
+        with TemporaryDirectory() as tmp:
+            base = Path(tmp)
+            with override_settings(BASE_DIR=base):
+                with (
+                    patch.dict(
+                        os.environ,
+                        {"NODE_HOSTNAME": "gway-alpha", "NODE_PUBLIC_ENDPOINT": "gway-002"},
+                        clear=False,
+                    ),
+                    patch("nodes.models.Node.get_current_mac", return_value="00:11:22:33:44:56"),
+                    patch("nodes.models.socket.gethostname", return_value="localhost"),
+                    patch("nodes.models.socket.gethostbyname", return_value="127.0.0.1"),
+                    patch.object(Node, "_resolve_ip_addresses", return_value=([], [])),
+                    patch("nodes.models.revision.get_revision", return_value="rev"),
+                    patch.object(Node, "ensure_keys"),
+                    patch.object(Node, "notify_peers_of_update"),
+                ):
+                    node, created = Node.register_current()
+        self.assertTrue(created)
+        self.assertEqual(node.hostname, "gway-alpha")
+        self.assertEqual(node.public_endpoint, "gway-002")
     def test_register_and_list_node(self):
         response = self.client.post(
@@ -309,6 +397,101 @@ class NodeGetLocalTests(TestCase):
         self.assertNotEqual(node_one.public_endpoint, node_two.public_endpoint)
         self.assertTrue(node_two.public_endpoint.startswith("duplicate-host-"))
+    def test_register_node_accepts_network_hostname_without_address(self):
+        response = self.client.post(
+            reverse("register-node"),
+            data={
+                "hostname": "domain-node",
+                "network_hostname": "domain-node.example.com",
+                "port": 8050,
+                "mac_address": "aa:bb:cc:dd:ee:ff",
+            },
+            content_type="application/json",
+        )
+        self.assertEqual(response.status_code, 200)
+        node = Node.objects.get(mac_address="aa:bb:cc:dd:ee:ff")
+        self.assertEqual(node.network_hostname, "domain-node.example.com")
+        self.assertIsNone(node.address)
+        self.assertIsNone(node.ipv4_address)
+        self.assertIsNone(node.ipv6_address)
+    def test_register_node_populates_missing_ip_fields_from_address(self):
+        response = self.client.post(
+            reverse("register-node"),
+            data={
+                "hostname": "address-node",
+                "address": "203.0.113.10",
+                "port": 8040,
+                "mac_address": "aa:bb:cc:dd:ee:01",
+            },
+            content_type="application/json",
+        )
+        self.assertEqual(response.status_code, 200)
+        node = Node.objects.get(mac_address="aa:bb:cc:dd:ee:01")
+        self.assertEqual(node.address, "203.0.113.10")
+        self.assertEqual(node.ipv4_address, "203.0.113.10")
+        self.assertIsNone(node.ipv6_address)
+    def test_get_best_ip_ignores_non_ip_values(self):
+        node = Node.objects.create(
+            hostname="best-ip",
+            address="gateway.local",
+            ipv4_address="198.51.100.5",
+            port=8000,
+            mac_address="00:11:22:33:44:77",
+        )
+        self.assertEqual(node.get_best_ip(), "198.51.100.5")
+    def test_register_node_requires_contact_information(self):
+        response = self.client.post(
+            reverse("register-node"),
+            data={
+                "hostname": "missing-host",
+                "port": 8051,
+                "mac_address": "aa:bb:cc:dd:ee:00",
+            },
+            content_type="application/json",
+        )
+        self.assertEqual(response.status_code, 400)
+        self.assertIn("at least one", response.json()["detail"])
+    def test_register_node_assigns_interface_role_and_returns_uuid(self):
+        NodeRole.objects.get_or_create(name="Interface")
+        private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
+        public_bytes = private_key.public_key().public_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PublicFormat.SubjectPublicKeyInfo,
+        ).decode()
+        token = "interface-token"
+        signature = base64.b64encode(
+            private_key.sign(
+                token.encode(),
+                padding.PKCS1v15(),
+                hashes.SHA256(),
+            )
+        ).decode()
+        mac = "aa:bb:cc:dd:ee:99"
+        payload = {
+            "hostname": "interface",
+            "address": "127.0.0.1",
+            "port": 8443,
+            "mac_address": mac,
+            "public_key": public_bytes,
+            "token": token,
+            "signature": signature,
+            "role": "Interface",
+        }
+        response = self.client.post(
+            reverse("register-node"),
+            data=json.dumps(payload),
+            content_type="application/json",
+        )
+        self.assertEqual(response.status_code, 200)
+        data = response.json()
+        self.assertIn("uuid", data)
+        node = Node.objects.get(mac_address=mac)
+        self.assertEqual(node.role.name, "Interface")
     def test_register_node_feature_toggle(self):
         NodeFeature.objects.get_or_create(
             slug="clipboard-poll", defaults={"display": "Clipboard Poll"}
@@ -640,6 +823,125 @@ class NodeGetLocalTests(TestCase):
         self.assertEqual(node.current_relation, Node.Relation.UPSTREAM)
+class NodeEnsureKeysTests(TestCase):
+    def setUp(self):
+        self.tempdir = TemporaryDirectory()
+        self.base = Path(self.tempdir.name)
+        self.override = override_settings(BASE_DIR=self.base)
+        self.override.enable()
+        self.node = Node.objects.create(
+            hostname="ensure-host",
+            address="127.0.0.1",
+            port=8000,
+            mac_address="00:11:22:33:44:55",
+        )
+    def tearDown(self):
+        self.override.disable()
+        self.tempdir.cleanup()
+    def test_regenerates_missing_keys(self):
+        self.node.ensure_keys()
+        security_dir = self.base / "security"
+        priv_path = security_dir / self.node.public_endpoint
+        pub_path = security_dir / f"{self.node.public_endpoint}.pub"
+        original_public = self.node.public_key
+        priv_path.unlink()
+        pub_path.unlink()
+        self.node.ensure_keys()
+        self.assertTrue(priv_path.exists())
+        self.assertTrue(pub_path.exists())
+        self.assertNotEqual(self.node.public_key, original_public)
+    def test_regenerates_outdated_keys(self):
+        self.node.ensure_keys()
+        security_dir = self.base / "security"
+        priv_path = security_dir / self.node.public_endpoint
+        pub_path = security_dir / f"{self.node.public_endpoint}.pub"
+        original_private = priv_path.read_bytes()
+        original_public = pub_path.read_bytes()
+        old_time = (timezone.now() - timedelta(seconds=5)).timestamp()
+        os.utime(priv_path, (old_time, old_time))
+        os.utime(pub_path, (old_time, old_time))
+        with override_settings(NODE_KEY_MAX_AGE=timedelta(seconds=1)):
+            self.node.ensure_keys()
+        self.node.refresh_from_db()
+        self.assertNotEqual(priv_path.read_bytes(), original_private)
+        self.assertNotEqual(pub_path.read_bytes(), original_public)
+        self.assertNotEqual(self.node.public_key, original_public.decode())
+class NodeInfoViewTests(TestCase):
+    def setUp(self):
+        self.mac = "02:00:00:00:00:01"
+        self.patcher = patch("nodes.models.Node.get_current_mac", return_value=self.mac)
+        self.patcher.start()
+        self.addCleanup(self.patcher.stop)
+        self.node = Node.objects.create(
+            hostname="local",
+            network_hostname="local.example.com",
+            address="10.0.0.10",
+            ipv4_address="10.0.0.10",
+            ipv6_address="2001:db8::10",
+            port=8000,
+            mac_address=self.mac,
+            public_endpoint="local",
+            current_relation=Node.Relation.SELF,
+        )
+        self.url = reverse("node-info")
+    def test_returns_https_port_for_secure_domain_request(self):
+        with self.settings(ALLOWED_HOSTS=["arthexis.com"]):
+            response = self.client.get(
+                self.url,
+                secure=True,
+                HTTP_HOST="arthexis.com",
+            )
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+        self.assertEqual(payload["port"], 443)
+    def test_returns_http_port_for_plain_domain_request(self):
+        with self.settings(ALLOWED_HOSTS=["arthexis.com"]):
+            response = self.client.get(
+                self.url,
+                HTTP_HOST="arthexis.com",
+            )
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+        self.assertEqual(payload["port"], 80)
+        self.assertEqual(payload.get("network_hostname"), "local.example.com")
+        self.assertIn("local.example.com", payload.get("contact_hosts", []))
+    def test_preserves_explicit_port_in_host_header(self):
+        with self.settings(ALLOWED_HOSTS=["arthexis.com"]):
+            response = self.client.get(
+                self.url,
+                secure=True,
+                HTTP_HOST="arthexis.com:8443",
+            )
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+        self.assertEqual(payload["port"], 8443)
+    def test_includes_role_in_payload(self):
+        role, _ = NodeRole.objects.get_or_create(name="Terminal")
+        self.node.role = role
+        self.node.save(update_fields=["role"])
+        response = self.client.get(self.url)
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+        self.assertEqual(payload.get("role"), "Terminal")
+        self.assertEqual(payload.get("ipv4_address"), "10.0.0.10")
+        self.assertEqual(payload.get("ipv6_address"), "2001:db8::10")
 class RegisterVisitorNodeMessageTests(TestCase):
     def setUp(self):
         self.client = Client()
@@ -719,6 +1021,7 @@ class NodeRegisterCurrentTests(TestCase):
                     patch(
                         "nodes.models.socket.gethostbyname", return_value="127.0.0.1"
                     ),
+                    patch.object(Node, "_resolve_ip_addresses", return_value=([], [])),
                     patch("nodes.models.revision.get_revision", return_value="rev"),
                     patch.object(Node, "ensure_keys"),
                     patch.object(Node, "notify_peers_of_update") as mock_notify,
@@ -746,6 +1049,7 @@ class NodeRegisterCurrentTests(TestCase):
                     patch(
                         "nodes.models.socket.gethostbyname", return_value="127.0.0.1"
                     ),
+                    patch.object(Node, "_resolve_ip_addresses", return_value=([], [])),
                     patch("nodes.models.revision.get_revision", return_value="rev"),
                     patch.object(Node, "ensure_keys"),
                 ):
@@ -764,6 +1068,7 @@ class NodeRegisterCurrentTests(TestCase):
                     patch(
                         "nodes.models.socket.gethostbyname", return_value="127.0.0.1"
                     ),
+                    patch.object(Node, "_resolve_ip_addresses", return_value=([], [])),
                     patch("nodes.models.revision.get_revision", return_value="rev"),
                     patch.object(Node, "ensure_keys"),
                 ):
@@ -783,6 +1088,7 @@ class NodeRegisterCurrentTests(TestCase):
                     patch(
                         "nodes.models.socket.gethostbyname", return_value="127.0.0.1"
                     ),
+                    patch.object(Node, "_resolve_ip_addresses", return_value=([], [])),
                     patch("nodes.models.revision.get_revision", return_value="rev"),
                     patch.object(Node, "ensure_keys"),
                 ):
@@ -808,10 +1114,20 @@ class NodeRegisterCurrentTests(TestCase):
                         return_value="00:ff:ee:dd:cc:bb",
                     ),
                     patch("nodes.models.socket.gethostname", return_value="localnode"),
+                    patch("nodes.models.socket.getfqdn", return_value="localnode.example.com"),
                     patch(
                         "nodes.models.socket.gethostbyname",
                         return_value="192.168.1.5",
                     ),
+                    patch.dict(os.environ, {"HOSTNAME": ""}, clear=False),
+                    patch.object(
+                        Node,
+                        "_resolve_ip_addresses",
+                        return_value=(
+                            ["192.168.1.5", "93.184.216.34"],
+                            ["fe80::1", "2001:4860:4860::8888"],
+                        ),
+                    ),
                     patch("nodes.models.revision.get_revision", return_value="newrev"),
                     patch("requests.post") as mock_post,
                 ):
@@ -835,6 +1151,9 @@ class NodeRegisterCurrentTests(TestCase):
         self.assertEqual(payload["hostname"], "localnode")
         self.assertEqual(payload["installed_version"], "2.0.0")
         self.assertEqual(payload["installed_revision"], "newrev")
+        self.assertEqual(payload.get("network_hostname"), "localnode.example.com")
+        self.assertEqual(payload.get("ipv4_address"), "93.184.216.34")
+        self.assertEqual(payload.get("ipv6_address"), "2001:4860:4860::8888")
     def test_register_current_notifies_peers_without_version_change(self):
         Node.objects.create(
@@ -853,10 +1172,20 @@ class NodeRegisterCurrentTests(TestCase):
                         return_value="00:ff:ee:dd:cc:cc",
                     ),
                     patch("nodes.models.socket.gethostname", return_value="samever"),
+                    patch("nodes.models.socket.getfqdn", return_value="samever.example.com"),
                     patch(
                         "nodes.models.socket.gethostbyname",
                         return_value="192.168.1.6",
                     ),
+                    patch.dict(os.environ, {"HOSTNAME": ""}, clear=False),
+                    patch.object(
+                        Node,
+                        "_resolve_ip_addresses",
+                        return_value=(
+                            ["192.168.1.6", "93.184.216.35"],
+                            ["fe80::2", "2001:4860:4860::8844"],
+                        ),
+                    ),
                     patch("nodes.models.revision.get_revision", return_value="rev1"),
                     patch("requests.post") as mock_post,
                 ):
@@ -878,6 +1207,44 @@ class NodeRegisterCurrentTests(TestCase):
         payload = json.loads(kwargs["data"])
         self.assertEqual(payload["installed_version"], "1.0.0")
         self.assertEqual(payload.get("installed_revision"), "rev1")
+        self.assertEqual(payload.get("network_hostname"), "samever.example.com")
+        self.assertEqual(payload.get("ipv4_address"), "93.184.216.35")
+        self.assertEqual(payload.get("ipv6_address"), "2001:4860:4860::8844")
+    def test_register_current_populates_network_fields(self):
+        with TemporaryDirectory() as tmp:
+            base = Path(tmp)
+            with override_settings(BASE_DIR=base):
+                with (
+                    patch(
+                        "nodes.models.Node.get_current_mac",
+                        return_value="00:12:34:56:78:90",
+                    ),
+                    patch("nodes.models.socket.gethostname", return_value="nodehost"),
+                    patch("nodes.models.socket.getfqdn", return_value="nodehost.example.com"),
+                    patch(
+                        "nodes.models.socket.gethostbyname",
+                        return_value="10.0.0.5",
+                    ),
+                    patch.dict(os.environ, {"HOSTNAME": ""}, clear=False),
+                    patch.object(
+                        Node,
+                        "_resolve_ip_addresses",
+                        return_value=(
+                            ["10.0.0.5", "93.184.216.36"],
+                            ["fe80::5", "2001:4860:4860::1"],
+                        ),
+                    ),
+                    patch("nodes.models.revision.get_revision", return_value="revX"),
+                    patch.object(Node, "ensure_keys"),
+                    patch.object(Node, "notify_peers_of_update"),
+                ):
+                    node, created = Node.register_current()
+        self.assertTrue(created)
+        self.assertEqual(node.network_hostname, "nodehost.example.com")
+        self.assertEqual(node.ipv4_address, "93.184.216.36")
+        self.assertEqual(node.ipv6_address, "2001:4860:4860::1")
+        self.assertEqual(node.address, "93.184.216.36")
     @patch("nodes.views.capture_screenshot")
     def test_capture_screenshot(self, mock_capture):
@@ -1236,6 +1603,7 @@ class NodeRegisterCurrentTests(TestCase):
         existing_role.refresh_from_db()
         self.assertEqual(existing_role.description, "updated via attachment")
+    @pytest.mark.feature("clipboard-poll")
     def test_clipboard_polling_creates_task(self):
         feature, _ = NodeFeature.objects.get_or_create(
             slug="clipboard-poll", defaults={"display": "Clipboard Poll"}
@@ -1253,6 +1621,7 @@ class NodeRegisterCurrentTests(TestCase):
         NodeFeatureAssignment.objects.filter(node=node, feature=feature).delete()
         self.assertFalse(PeriodicTask.objects.filter(name=task_name).exists())
+    @pytest.mark.feature("screenshot-poll")
     def test_screenshot_polling_creates_task(self):
         feature, _ = NodeFeature.objects.get_or_create(
             slug="screenshot-poll", defaults={"display": "Screenshot Poll"}
@@ -1381,6 +1750,7 @@ class NodeAdminTests(TestCase):
         action_url = reverse("admin:core_rfid_scan")
         self.assertContains(response, f'href="{action_url}"')
+    @pytest.mark.feature("rpi-camera")
     def test_node_feature_list_shows_all_actions_for_rpi_camera(self):
         node = self._create_local_node()
         feature, _ = NodeFeature.objects.get_or_create(
@@ -1393,6 +1763,7 @@ class NodeAdminTests(TestCase):
         self.assertContains(response, f'href="{snapshot_url}"')
         self.assertContains(response, f'href="{stream_url}"')
+    @pytest.mark.feature("audio-capture")
     def test_node_feature_list_shows_waveform_action_when_enabled(self):
         node = self._create_local_node()
         feature, _ = NodeFeature.objects.get_or_create(
@@ -1403,6 +1774,7 @@ class NodeAdminTests(TestCase):
         action_url = reverse("admin:nodes_nodefeature_view_waveform")
         self.assertContains(response, f'href="{action_url}"')
+    @pytest.mark.feature("screenshot-poll")
     def test_node_feature_list_hides_default_action_when_disabled(self):
         self._create_local_node()
         NodeFeature.objects.get_or_create(
@@ -1495,6 +1867,129 @@ class NodeAdminTests(TestCase):
             response, reverse("admin:nodes_node_register_current")
         )
+    def test_apply_remote_node_info_updates_role(self):
+        terminal, _ = NodeRole.objects.get_or_create(name="Terminal")
+        control, _ = NodeRole.objects.get_or_create(name="Control")
+        node = Node.objects.create(
+            hostname="remote-node",
+            address="10.0.0.20",
+            port=8001,
+            mac_address="00:11:22:33:44:aa",
+            role=terminal,
+        )
+        admin_instance = NodeAdmin(Node, admin.site)
+        payload = {
+            "hostname": node.hostname,
+            "network_hostname": "remote-node.example.com",
+            "address": node.address,
+            "ipv4_address": "198.51.100.10",
+            "ipv6_address": "2001:db8::10",
+            "port": node.port,
+            "role": "Control",
+        }
+        changed = admin_instance._apply_remote_node_info(node, payload)
+        node.refresh_from_db()
+        self.assertIn("role", changed)
+        self.assertIn("network_hostname", changed)
+        self.assertIn("ipv4_address", changed)
+        self.assertIn("ipv6_address", changed)
+        self.assertEqual(node.role, control)
+        self.assertEqual(node.network_hostname, "remote-node.example.com")
+        self.assertEqual(node.ipv4_address, "198.51.100.10")
+        self.assertEqual(node.ipv6_address, "2001:db8::10")
+        self.assertTrue(control.node_set.filter(pk=node.pk).exists())
+        self.assertFalse(terminal.node_set.filter(pk=node.pk).exists())
+    def test_apply_remote_node_info_accepts_role_name_key(self):
+        terminal, _ = NodeRole.objects.get_or_create(name="Terminal")
+        control, _ = NodeRole.objects.get_or_create(name="Control")
+        node = Node.objects.create(
+            hostname="role-name-node",
+            address="10.0.0.21",
+            port=8002,
+            mac_address="00:11:22:33:44:bb",
+            role=terminal,
+        )
+        admin_instance = NodeAdmin(Node, admin.site)
+        payload = {
+            "hostname": node.hostname,
+            "network_hostname": "role-name-node.example.com",
+            "address": node.address,
+            "ipv4_address": "198.51.100.11",
+            "ipv6_address": "2001:db8::11",
+            "port": node.port,
+            "role_name": "Control",
+        }
+        changed = admin_instance._apply_remote_node_info(node, payload)
+        node.refresh_from_db()
+        self.assertIn("role", changed)
+        self.assertEqual(node.network_hostname, "role-name-node.example.com")
+        self.assertEqual(node.ipv4_address, "198.51.100.11")
+        self.assertEqual(node.ipv6_address, "2001:db8::11")
+        self.assertEqual(node.role, control)
+        self.assertTrue(control.node_set.filter(pk=node.pk).exists())
+        self.assertFalse(terminal.node_set.filter(pk=node.pk).exists())
+    @patch("nodes.admin.requests.post")
+    def test_send_forwarding_metadata_retries_until_success(self, mock_post):
+        request = RequestFactory().get("/")
+        local_node = Node.objects.create(
+            hostname="local",
+            address="127.0.0.1",
+            port=8000,
+            mac_address="00:11:22:33:44:aa",
+            public_key="LOCAL-PUB",
+        )
+        class DummyNode:
+            def __init__(self):
+                self.port = 8443
+                self.urls: list[str] = []
+            def iter_remote_urls(self, path: str):
+                self.urls.append(path)
+                yield "https://unreachable.example"
+                yield "https://reachable.example"
+            def __str__(self):  # pragma: no cover - trivial representation
+                return "dummy-node"
+        target = DummyNode()
+        private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
+        charger = Charger.objects.create(charger_id="FORWARD-1")
+        failure = MagicMock()
+        failure.ok = False
+        failure.status_code = 404
+        failure.json.return_value = {"detail": "not found"}
+        success = MagicMock()
+        success.ok = True
+        success.status_code = 200
+        success.json.return_value = {"status": "ok"}
+        mock_post.side_effect = [failure, success]
+        admin_instance = NodeAdmin(Node, admin.site)
+        result = admin_instance._send_forwarding_metadata(
+            request, target, [charger], local_node, private_key
+        )
+        self.assertTrue(result)
+        self.assertEqual(
+            target.urls, ["/nodes/network/chargers/forward/"]
+        )
+        self.assertEqual(mock_post.call_count, 2)
+        self.assertEqual(
+            mock_post.call_args_list[1].args[0], "https://reachable.example"
+        )
+    @pytest.mark.feature("screenshot-poll")
     @patch("nodes.admin.capture_screenshot")
     def test_capture_site_screenshot_from_admin(self, mock_capture_screenshot):
         screenshot_dir = settings.LOG_DIR / "screenshots"
@@ -1540,6 +2035,53 @@ class NodeAdminTests(TestCase):
         self.assertEqual(response.status_code, 200)
         self.assertContains(response, "data:image/png;base64")
+    def test_visit_link_uses_local_admin_dashboard_for_local_node(self):
+        node_admin = admin.site._registry[Node]
+        local_node = self._create_local_node()
+        link_html = node_admin.visit_link(local_node)
+        self.assertIn(reverse("admin:index"), link_html)
+        self.assertIn("target=\"_blank\"", link_html)
+    def test_visit_link_prefers_remote_hostname_for_dashboard(self):
+        node_admin = admin.site._registry[Node]
+        remote = Node.objects.create(
+            hostname="remote.example.com",
+            address="198.51.100.20",
+            port=8443,
+            mac_address="aa:bb:cc:dd:ee:ff",
+        )
+        link_html = node_admin.visit_link(remote)
+        self.assertIn("https://remote.example.com:8443/admin/", link_html)
+        self.assertIn("target=\"_blank\"", link_html)
+    def test_iter_remote_urls_handles_hostname_with_path_and_port(self):
+        node_admin = admin.site._registry[Node]
+        remote = SimpleNamespace(
+            public_endpoint="",
+            address="",
+            hostname="example.com/interface",
+            port=8443,
+        )
+        urls = list(node_admin._iter_remote_urls(remote, "/nodes/info/"))
+        self.assertIn(
+            "https://example.com:8443/interface/nodes/info/",
+            urls,
+        )
+        self.assertIn(
+            "http://example.com:8443/interface/nodes/info/",
+            urls,
+        )
+        combined = "".join(urls)
+        self.assertNotIn("interface:8443", combined)
+    @pytest.mark.feature("screenshot-poll")
     @override_settings(SCREENSHOT_SOURCES=["/one", "/two"])
     @patch("nodes.admin.capture_screenshot")
     def test_take_screenshots_action(self, mock_capture):
@@ -1572,6 +2114,7 @@ class NodeAdminTests(TestCase):
         samples = list(ContentSample.objects.filter(kind=ContentSample.IMAGE))
         self.assertEqual(samples[0].transaction_uuid, samples[1].transaction_uuid)
+    @pytest.mark.feature("screenshot-poll")
     @patch("nodes.admin.capture_screenshot")
     def test_take_screenshot_default_action_creates_sample(
         self, mock_capture_screenshot
@@ -1646,6 +2189,7 @@ class NodeAdminTests(TestCase):
             response, "Completed 0 of 1 feature check(s) successfully.", html=False
         )
+    @pytest.mark.feature("screenshot-poll")
     def test_enable_selected_features_enables_manual_feature(self):
         node = self._create_local_node()
         feature, _ = NodeFeature.objects.get_or_create(
@@ -1690,6 +2234,7 @@ class NodeAdminTests(TestCase):
             html=False,
         )
+    @pytest.mark.feature("screenshot-poll")
     def test_take_screenshot_default_action_requires_enabled_feature(self):
         self._create_local_node()
         NodeFeature.objects.get_or_create(
@@ -1704,6 +2249,7 @@ class NodeAdminTests(TestCase):
         self.assertEqual(ContentSample.objects.count(), 0)
         self.assertContains(response, "Screenshot Poll feature is not enabled")
+    @pytest.mark.feature("rpi-camera")
     @patch("nodes.admin.capture_rpi_snapshot")
     def test_take_snapshot_default_action_creates_sample(self, mock_snapshot):
         node = self._create_local_node()
@@ -1726,6 +2272,7 @@ class NodeAdminTests(TestCase):
         change_url = reverse("admin:nodes_contentsample_change", args=[sample.pk])
         self.assertEqual(response.redirect_chain[-1][0], change_url)
+    @pytest.mark.feature("rpi-camera")
     def test_view_stream_requires_enabled_feature(self):
         self._create_local_node()
         NodeFeature.objects.get_or_create(
@@ -1741,6 +2288,7 @@ class NodeAdminTests(TestCase):
             response, "Raspberry Pi Camera feature is not enabled on this node."
         )
+    @pytest.mark.feature("rpi-camera")
     def test_view_stream_renders_when_feature_enabled(self):
         node = self._create_local_node()
         feature, _ = NodeFeature.objects.get_or_create(
@@ -1756,6 +2304,7 @@ class NodeAdminTests(TestCase):
         self.assertContains(response, expected_stream)
         self.assertContains(response, "camera-stream__frame")
+    @pytest.mark.feature("rpi-camera")
     def test_view_stream_uses_configured_stream_url(self):
         node = self._create_local_node()
         feature, _ = NodeFeature.objects.get_or_create(
@@ -1773,6 +2322,7 @@ class NodeAdminTests(TestCase):
         self.assertEqual(response.context_data["stream_embed"], "iframe")
         self.assertContains(response, configured_stream)
+    @pytest.mark.feature("rpi-camera")
     def test_view_stream_detects_mjpeg_stream(self):
         node = self._create_local_node()
         feature, _ = NodeFeature.objects.get_or_create(
@@ -1789,6 +2339,7 @@ class NodeAdminTests(TestCase):
         self.assertEqual(response.context_data["stream_embed"], "mjpeg")
         self.assertContains(response, "<img", html=False)
+    @pytest.mark.feature("rpi-camera")
     def test_view_stream_marks_rtsp_stream_as_unsupported(self):
         node = self._create_local_node()
         feature, _ = NodeFeature.objects.get_or_create(
@@ -1805,6 +2356,7 @@ class NodeAdminTests(TestCase):
         self.assertEqual(response.context_data["stream_embed"], "unsupported")
         self.assertContains(response, "camera-stream__unsupported")
+    @pytest.mark.feature("audio-capture")
     def test_view_waveform_requires_enabled_feature(self):
         self._create_local_node()
         NodeFeature.objects.get_or_create(
@@ -1820,6 +2372,7 @@ class NodeAdminTests(TestCase):
             response, "Audio Capture feature is not enabled on this node."
         )
+    @pytest.mark.feature("audio-capture")
     def test_view_waveform_renders_when_feature_enabled(self):
         node = self._create_local_node()
         feature, _ = NodeFeature.objects.get_or_create(
@@ -2072,6 +2625,53 @@ class NodeAdminTests(TestCase):
         )
         self.assertContains(response, str(remote))
+    def test_send_net_message_action_displays_form(self):
+        target = Node.objects.create(
+            hostname="remote-one", address="10.0.0.10", port=8020
+        )
+        response = self.client.post(
+            reverse("admin:nodes_node_changelist"),
+            {
+                "action": "send_net_message",
+                helpers.ACTION_CHECKBOX_NAME: [str(target.pk)],
+            },
+            follow=False,
+        )
+        self.assertEqual(response.status_code, 200)
+        response.render()
+        self.assertContains(response, "Send Net Message")
+        self.assertContains(response, str(target))
+        self.assertContains(response, 'name="apply"')
+        self.assertContains(response, "Selected node (1)")
+    @patch("nodes.admin.NetMessage.propagate")
+    def test_send_net_message_action_creates_messages(self, mock_propagate):
+        first = Node.objects.create(
+            hostname="remote-two", address="10.0.0.11", port=8021
+        )
+        second = Node.objects.create(
+            hostname="remote-three", address="10.0.0.12", port=8022
+        )
+        url = reverse("admin:nodes_node_changelist")
+        payload = {
+            "action": "send_net_message",
+            "apply": "1",
+            helpers.ACTION_CHECKBOX_NAME: [str(first.pk), str(second.pk)],
+            "subject": "Maintenance",
+            "body": "We will reboot tonight.",
+        }
+        existing_ids = set(NetMessage.objects.values_list("pk", flat=True))
+        response = self.client.post(url, payload, follow=True)
+        self.assertEqual(response.status_code, 200)
+        new_messages = NetMessage.objects.exclude(pk__in=existing_ids)
+        self.assertEqual(new_messages.count(), 2)
+        self.assertEqual(mock_propagate.call_count, 2)
+        for node in (first, second):
+            message = new_messages.get(filter_node=node)
+            self.assertEqual(message.subject, "Maintenance")
+            self.assertEqual(message.body, "We will reboot tonight.")
+        self.assertContains(response, "Sent 2 net messages.")
     @patch("nodes.admin.requests.post")
     @patch("nodes.admin.requests.get")
     def test_update_selected_nodes_progress_updates_remote(
@@ -2142,22 +2742,202 @@ class NodeAdminTests(TestCase):
         self.assertEqual(post_data["mac_address"], local.mac_address)
-class NodeRFIDAPITests(TestCase):
-    def test_import_endpoint_applies_payload_without_creating_accounts(self):
-        remote = Node.objects.create(
-            hostname="remote", address="127.0.0.10", port=8050
+class NodeProxyGatewayTests(TestCase):
+    def setUp(self):
+        cache.clear()
+        self.client = Client()
+        self.private_key = rsa.generate_private_key(
+            public_exponent=65537, key_size=2048
         )
-        key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
-        remote.public_key = key.public_key().public_bytes(
+        public_key = self.private_key.public_key().public_bytes(
             encoding=serialization.Encoding.PEM,
             format=serialization.PublicFormat.SubjectPublicKeyInfo,
         ).decode()
-        remote.save(update_fields=["public_key"])
+        self.node = Node.objects.create(
+            hostname="requester",
+            address="127.0.0.1",
+            port=8000,
+            mac_address="aa:bb:cc:dd:ee:aa",
+            public_key=public_key,
+        )
+        patcher = patch("requests.post")
+        self.addCleanup(patcher.stop)
+        self.mock_requests_post = patcher.start()
+        self.mock_requests_post.return_value = SimpleNamespace(
+            ok=True,
+            status_code=200,
+            json=lambda: {},
+            text="",
+        )
-        existing = EnergyAccount.objects.create(name="KNOWN")
+    def tearDown(self):
+        cache.clear()
-        payload = {
-            "requester": str(remote.uuid),
+    def _sign(self, payload):
+        body = json.dumps(payload, separators=(",", ":"), sort_keys=True)
+        signature = base64.b64encode(
+            self.private_key.sign(
+                body.encode(), padding.PKCS1v15(), hashes.SHA256()
+            )
+        ).decode()
+        return body, signature
+    def test_proxy_session_creates_login_url(self):
+        payload = {
+            "requester": str(self.node.uuid),
+            "user": {
+                "username": "proxy-user",
+                "email": "proxy@example.com",
+                "first_name": "Proxy",
+                "last_name": "User",
+                "is_staff": True,
+                "is_superuser": True,
+                "groups": [],
+                "permissions": [],
+            },
+            "target": "/admin/",
+        }
+        body, signature = self._sign(payload)
+        response = self.client.post(
+            reverse("node-proxy-session"),
+            data=body,
+            content_type="application/json",
+            HTTP_X_SIGNATURE=signature,
+        )
+        self.assertEqual(response.status_code, 200)
+        data = response.json()
+        self.assertIn("login_url", data)
+        user = get_user_model().objects.get(username="proxy-user")
+        self.assertTrue(user.is_staff)
+        parsed = urlparse(data["login_url"])
+        login_response = self.client.get(parsed.path)
+        self.assertEqual(login_response.status_code, 302)
+        self.assertEqual(login_response["Location"], "/admin/")
+        self.assertEqual(self.client.session.get("_auth_user_id"), str(user.pk))
+        second = self.client.get(parsed.path)
+        self.assertEqual(second.status_code, 410)
+    def test_proxy_session_accepts_mac_hint_when_uuid_unknown(self):
+        payload = {
+            "requester": str(uuid.uuid4()),
+            "requester_mac": self.node.mac_address,
+            "requester_public_key": self.node.public_key,
+            "user": {
+                "username": "proxy-user",
+                "email": "proxy@example.com",
+                "first_name": "Proxy",
+                "last_name": "User",
+                "is_staff": True,
+                "is_superuser": True,
+                "groups": [],
+                "permissions": [],
+            },
+            "target": "/admin/",
+        }
+        body, signature = self._sign(payload)
+        response = self.client.post(
+            reverse("node-proxy-session"),
+            data=body,
+            content_type="application/json",
+            HTTP_X_SIGNATURE=signature,
+        )
+        self.assertEqual(response.status_code, 200)
+    def test_proxy_execute_lists_nodes(self):
+        Node.objects.create(
+            hostname="target",
+            address="127.0.0.5",
+            port=8010,
+            mac_address="aa:bb:cc:dd:ee:bb",
+        )
+        payload = {
+            "requester": str(self.node.uuid),
+            "action": "list",
+            "model": "nodes.Node",
+            "filters": {"hostname": "target"},
+            "credentials": {
+                "username": "suite-user",
+                "password": "secret",
+                "first_name": "Suite",
+                "last_name": "User",
+            },
+        }
+        body, signature = self._sign(payload)
+        response = self.client.post(
+            reverse("node-proxy-execute"),
+            data=body,
+            content_type="application/json",
+            HTTP_X_SIGNATURE=signature,
+        )
+        self.assertEqual(response.status_code, 200)
+        data = response.json()
+        self.assertEqual(len(data.get("objects", [])), 1)
+        record = data["objects"][0]
+        self.assertEqual(record["fields"]["hostname"], "target")
+        user = get_user_model().objects.get(username="suite-user")
+        self.assertTrue(user.is_superuser)
+    def test_proxy_execute_requires_valid_password_for_existing_user(self):
+        User = get_user_model()
+        User.objects.create_user(username="suite-user", password="correct")
+        payload = {
+            "requester": str(self.node.uuid),
+            "action": "list",
+            "model": "nodes.Node",
+            "credentials": {
+                "username": "suite-user",
+                "password": "wrong",
+            },
+        }
+        body, signature = self._sign(payload)
+        response = self.client.post(
+            reverse("node-proxy-execute"),
+            data=body,
+            content_type="application/json",
+            HTTP_X_SIGNATURE=signature,
+        )
+        self.assertEqual(response.status_code, 403)
+    def test_proxy_execute_schema_returns_models(self):
+        payload = {
+            "requester": str(self.node.uuid),
+            "action": "schema",
+            "credentials": {
+                "username": "suite-user",
+                "password": "secret",
+            },
+        }
+        body, signature = self._sign(payload)
+        response = self.client.post(
+            reverse("node-proxy-execute"),
+            data=body,
+            content_type="application/json",
+            HTTP_X_SIGNATURE=signature,
+        )
+        self.assertEqual(response.status_code, 200)
+        data = response.json()
+        models = data.get("models", [])
+        self.assertTrue(models)
+        suite_names = {entry.get("suite_name") for entry in models}
+        self.assertIn("Nodes", suite_names)
+class NodeRFIDAPITests(TestCase):
+    def test_import_endpoint_applies_payload_without_creating_accounts(self):
+        remote = Node.objects.create(
+            hostname="remote", address="127.0.0.10", port=8050
+        )
+        key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
+        remote.public_key = key.public_key().public_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PublicFormat.SubjectPublicKeyInfo,
+        ).decode()
+        remote.save(update_fields=["public_key"])
+        existing = EnergyAccount.objects.create(name="KNOWN")
+        payload = {
+            "requester": str(remote.uuid),
             "rfids": [
                 {
                     "rfid": "deadface",
@@ -2315,37 +3095,14 @@ class NetMessageAdminTests(TransactionTestCase):
         self.assertEqual(form["subject"].value(), "Re: Ping")
         self.assertEqual(str(form["filter_node"].value()), str(node.pk))
-class LastNetMessageViewTests(TestCase):
-    def setUp(self):
-        self.client = Client()
-        NodeRole.objects.get_or_create(name="Terminal")
-    def test_returns_latest_message(self):
-        NetMessage.objects.create(subject="old", body="msg1")
-        latest = NetMessage.objects.create(subject="new", body="msg2")
-        resp = self.client.get(reverse("last-net-message"))
-        self.assertEqual(resp.status_code, 200)
-        self.assertEqual(
-            resp.json(),
-            {
-                "subject": "new",
-                "body": "msg2",
-                "admin_url": reverse(
-                    "admin:nodes_netmessage_change", args=[latest.pk]
-                ),
-            },
-        )
 class NetMessageReachTests(TestCase):
     def setUp(self):
         self.roles = {}
-        for name in ["Terminal", "Control", "Satellite", "Constellation"]:
+        for name in ["Terminal", "Control", "Satellite", "Watchtower"]:
             self.roles[name], _ = NodeRole.objects.get_or_create(name=name)
         self.nodes = {}
         for idx, name in enumerate(
-            ["Terminal", "Control", "Satellite", "Constellation"], start=1
+            ["Terminal", "Control", "Satellite", "Watchtower"], start=1
         ):
             self.nodes[name] = Node.objects.create(
                 hostname=name.lower(),
@@ -2389,15 +3146,15 @@ class NetMessageReachTests(TestCase):
         self.assertEqual(mock_post.call_count, 3)
     @patch("requests.post")
-    def test_constellation_reach_prioritizes_constellation(self, mock_post):
+    def test_watchtower_reach_prioritizes_watchtower(self, mock_post):
         msg = NetMessage.objects.create(
-            subject="s", body="b", reach=self.roles["Constellation"]
+            subject="s", body="b", reach=self.roles["Watchtower"]
         )
         with patch.object(Node, "get_local", return_value=None):
             msg.propagate()
         roles = set(msg.propagated_to.values_list("role__name", flat=True))
         self.assertEqual(
-            roles, {"Constellation", "Satellite", "Control", "Terminal"}
+            roles, {"Watchtower", "Satellite", "Control", "Terminal"}
         )
         self.assertEqual(mock_post.call_count, 4)
@@ -2572,7 +3329,7 @@ class NetMessagePropagationTests(TestCase):
         with patch.object(Node, "get_local", return_value=self.local):
             msg = NetMessage.broadcast(subject="subject", body="body")
         self.assertEqual(msg.node_origin, self.local)
-        self.assertIsNone(msg.reach)
+        self.assertEqual(msg.reach, self.role)
     @patch("requests.post")
     @patch("core.notifications.notify")
@@ -2597,13 +3354,6 @@ class NetMessagePropagationTests(TestCase):
         self.assertNotIn(sender_addr, targets)
         self.assertEqual(msg.propagated_to.count(), 4)
         self.assertTrue(msg.complete)
-        self.assertEqual(len(msg.confirmed_peers), mock_post.call_count)
-        self.assertTrue(
-            all(entry["status"] == "acknowledged" for entry in msg.confirmed_peers.values())
-        )
-        self.assertTrue(
-            all(entry["status_code"] == 200 for entry in msg.confirmed_peers.values())
-        )
     @patch("requests.post")
     @patch("core.notifications.notify", return_value=False)
@@ -2689,10 +3439,240 @@ class NetMessagePropagationTests(TestCase):
         ):
             msg.propagate()
-        self.assertTrue(msg.confirmed_peers)
-        self.assertTrue(
-            all(entry["status"] == "error" for entry in msg.confirmed_peers.values())
+        self.assertEqual(msg.propagated_to.count(), len(self.remotes))
+        self.assertTrue(msg.complete)
+class NetMessageQueueTests(TestCase):
+    def setUp(self):
+        self.role, _ = NodeRole.objects.get_or_create(name="Terminal")
+        self.feature, _ = NodeFeature.objects.get_or_create(
+            slug="celery-queue", defaults={"display": "Celery Queue"}
+        )
+    def test_propagate_queues_unreachable_downstream(self):
+        local = Node.objects.create(
+            hostname="local",
+            address="10.0.0.1",
+            port=8000,
+            mac_address="00:11:22:33:44:10",
+            role=self.role,
+            public_endpoint="local",
+        )
+        downstream = Node.objects.create(
+            hostname="downstream",
+            address="10.0.0.2",
+            port=8001,
+            mac_address="00:11:22:33:44:11",
+            role=self.role,
+            current_relation=Node.Relation.DOWNSTREAM,
+        )
+        message = NetMessage.objects.create(subject="Queued", body="Body", reach=self.role)
+        with patch.object(Node, "get_local", return_value=local), patch.object(
+            Node, "get_private_key", return_value=None
+        ), patch("core.notifications.notify", return_value=False), patch(
+            "requests.post", side_effect=Exception("fail")
+        ):
+            message.propagate()
+        entry = PendingNetMessage.objects.get(node=downstream, message=message)
+        self.assertIn(str(downstream.uuid), entry.seen)
+        self.assertGreater(entry.stale_at, timezone.now())
+    def test_queue_limit_enforced(self):
+        downstream = Node.objects.create(
+            hostname="limit",
+            address="10.0.0.3",
+            port=8002,
+            mac_address="00:11:22:33:44:12",
+            role=self.role,
+            current_relation=Node.Relation.DOWNSTREAM,
+            message_queue_length=1,
+        )
+        msg1 = NetMessage.objects.create(subject="Old", body="One", reach=self.role)
+        msg2 = NetMessage.objects.create(subject="New", body="Two", reach=self.role)
+        msg1.queue_for_node(downstream, [str(downstream.uuid)])
+        msg2.queue_for_node(downstream, [str(downstream.uuid)])
+        entries = list(PendingNetMessage.objects.filter(node=downstream))
+        self.assertEqual(len(entries), 1)
+        self.assertEqual(entries[0].message, msg2)
+    def test_queue_duplicate_updates_stale(self):
+        downstream = Node.objects.create(
+            hostname="dup",
+            address="10.0.0.4",
+            port=8003,
+            mac_address="00:11:22:33:44:13",
+            role=self.role,
+            current_relation=Node.Relation.DOWNSTREAM,
+        )
+        message = NetMessage.objects.create(subject="Dup", body="Dup", reach=self.role)
+        first = timezone.now()
+        second = first + timedelta(minutes=5)
+        with patch(
+            "nodes.models.timezone.now", side_effect=[first, second, second]
+        ):
+            message.queue_for_node(downstream, ["first"])
+            message.queue_for_node(downstream, ["second"])
+        entry = PendingNetMessage.objects.get(node=downstream, message=message)
+        self.assertEqual(entry.seen, ["second"])
+        self.assertEqual(entry.queued_at, second)
+        self.assertEqual(entry.stale_at, second + timedelta(hours=1))
+    def test_pull_endpoint_returns_and_clears_messages(self):
+        local_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
+        downstream_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
+        local = Node.objects.create(
+            hostname="hub",
+            address="10.0.0.5",
+            port=8004,
+            mac_address="00:11:22:33:44:14",
+            role=self.role,
+            public_endpoint="hub",
+        )
+        downstream = Node.objects.create(
+            hostname="remote",
+            address="10.0.0.6",
+            port=8005,
+            mac_address="00:11:22:33:44:15",
+            role=self.role,
+            current_relation=Node.Relation.DOWNSTREAM,
+            public_key=downstream_key.public_key()
+            .public_bytes(
+                serialization.Encoding.PEM,
+                serialization.PublicFormat.SubjectPublicKeyInfo,
+            )
+            .decode(),
+        )
+        message = NetMessage.objects.create(subject="Fresh", body="Body", reach=self.role)
+        stale_message = NetMessage.objects.create(subject="Stale", body="Body", reach=self.role)
+        now = timezone.now()
+        PendingNetMessage.objects.create(
+            node=downstream,
+            message=message,
+            seen=[str(downstream.uuid)],
+            stale_at=now + timedelta(minutes=30),
+        )
+        stale_entry = PendingNetMessage.objects.create(
+            node=downstream,
+            message=stale_message,
+            seen=["stale"],
+            stale_at=now - timedelta(minutes=5),
+        )
+        PendingNetMessage.objects.filter(pk=stale_entry.pk).update(
+            queued_at=now - timedelta(minutes=5)
+        )
+        def fake_get_private(node_obj):
+            if node_obj.pk == local.pk:
+                return local_key
+            return None
+        payload = {"requester": str(downstream.uuid)}
+        body = json.dumps(payload, separators=(",", ":"), sort_keys=True)
+        signature = base64.b64encode(
+            downstream_key.sign(
+                body.encode(),
+                padding.PKCS1v15(),
+                hashes.SHA256(),
+            )
+        ).decode()
+        with patch.object(Node, "get_local", return_value=local), patch.object(
+            Node, "get_private_key", return_value=local_key
+        ):
+            response = self.client.post(
+                reverse("net-message-pull"),
+                data=body,
+                content_type="application/json",
+                HTTP_X_SIGNATURE=signature,
+            )
+        self.assertEqual(response.status_code, 200)
+        data = response.json()
+        self.assertEqual(len(data.get("messages", [])), 1)
+        payload_data = data["messages"][0]["payload"]
+        self.assertEqual(payload_data["uuid"], str(message.uuid))
+        self.assertFalse(
+            PendingNetMessage.objects.filter(node=downstream, message=message).exists()
+        )
+        self.assertFalse(
+            PendingNetMessage.objects.filter(
+                node=downstream, message=stale_message
+            ).exists()
+        )
+        response_signature = data["messages"][0]["signature"]
+        local_public = local_key.public_key()
+        local_public.verify(
+            base64.b64decode(response_signature),
+            json.dumps(payload_data, separators=(",", ":"), sort_keys=True).encode(),
+            padding.PKCS1v15(),
+            hashes.SHA256(),
+        )
+    def test_poll_task_fetches_messages(self):
+        local_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
+        upstream_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
+        local = Node.objects.create(
+            hostname="downstream",
+            address="10.0.0.7",
+            port=8006,
+            mac_address="00:11:22:33:44:16",
+            role=self.role,
+            public_endpoint="downstream",
+        )
+        upstream = Node.objects.create(
+            hostname="upstream",
+            address="127.0.0.2",
+            port=8010,
+            mac_address="00:11:22:33:44:17",
+            role=self.role,
+            current_relation=Node.Relation.UPSTREAM,
+            public_key=upstream_key.public_key()
+            .public_bytes(
+                serialization.Encoding.PEM,
+                serialization.PublicFormat.SubjectPublicKeyInfo,
+            )
+            .decode(),
         )
+        NodeFeatureAssignment.objects.create(node=local, feature=self.feature)
+        payload = {
+            "uuid": str(uuid.uuid4()),
+            "subject": "Update",
+            "body": "Body",
+            "seen": [str(local.uuid)],
+            "origin": str(upstream.uuid),
+            "sender": str(upstream.uuid),
+        }
+        payload_text = json.dumps(payload, separators=(",", ":"), sort_keys=True)
+        payload_signature = base64.b64encode(
+            upstream_key.sign(
+                payload_text.encode(),
+                padding.PKCS1v15(),
+                hashes.SHA256(),
+            )
+        ).decode()
+        response = MagicMock()
+        response.ok = True
+        response.json.return_value = {
+            "messages": [{"payload": payload, "signature": payload_signature}]
+        }
+        with patch.object(Node, "get_local", return_value=local), patch.object(
+            Node, "get_private_key", return_value=local_key
+        ), patch("nodes.tasks.requests.post", return_value=response) as mock_post, patch.object(
+            NetMessage, "propagate"
+        ) as mock_propagate:
+            poll_unreachable_upstream()
+        created = NetMessage.objects.get(uuid=payload["uuid"])
+        self.assertEqual(created.subject, "Update")
+        self.assertEqual(created.node_origin, upstream)
+        mock_post.assert_called_once()
+        mock_propagate.assert_called_once()
 class NetMessageSignatureTests(TestCase):
@@ -2765,6 +3745,82 @@ class NetMessageSignatureTests(TestCase):
         self.assertTrue(signature_one)
         self.assertTrue(signature_two)
         self.assertNotEqual(signature_one, signature_two)
+class NetworkChargerActionSecurityTests(TestCase):
+    def setUp(self):
+        self.client = Client()
+        self.local_node = Node.objects.create(
+            hostname="local-node",
+            address="127.0.0.1",
+            port=8000,
+            mac_address="00:aa:bb:cc:dd:10",
+            public_endpoint="local-endpoint",
+        )
+        self.authorized_node = Node.objects.create(
+            hostname="authorized-node",
+            address="127.0.0.2",
+            port=8001,
+            mac_address="00:aa:bb:cc:dd:11",
+            public_endpoint="authorized-endpoint",
+        )
+        self.unauthorized_node, self.unauthorized_key = self._create_signed_node(
+            "unauthorized-node",
+            mac_suffix=0x12,
+        )
+        self.charger = Charger.objects.create(
+            charger_id="SECURE-TEST-1",
+            allow_remote=True,
+            manager_node=self.authorized_node,
+            node_origin=self.local_node,
+        )
+    def _create_signed_node(self, hostname: str, *, mac_suffix: int):
+        key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
+        public_bytes = key.public_key().public_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PublicFormat.SubjectPublicKeyInfo,
+        )
+        node = Node.objects.create(
+            hostname=hostname,
+            address="10.0.0.{:d}".format(mac_suffix),
+            port=8020,
+            mac_address="00:aa:bb:cc:dd:{:02x}".format(mac_suffix),
+            public_key=public_bytes.decode(),
+            public_endpoint=f"{hostname}-endpoint",
+        )
+        return node, key
+    def test_rejects_requests_from_unmanaged_nodes(self):
+        url = reverse("node-network-charger-action")
+        payload = {
+            "requester": str(self.unauthorized_node.uuid),
+            "charger_id": self.charger.charger_id,
+            "action": "reset",
+        }
+        body = json.dumps(payload).encode()
+        signature = self.unauthorized_key.sign(
+            body,
+            padding.PKCS1v15(),
+            hashes.SHA256(),
+        )
+        headers = {"HTTP_X_SIGNATURE": base64.b64encode(signature).decode()}
+        with patch.object(Node, "get_local", return_value=self.local_node):
+            response = self.client.post(
+                url,
+                data=body,
+                content_type="application/json",
+                **headers,
+            )
+        self.assertEqual(response.status_code, 403)
+        self.assertEqual(
+            response.json().get("detail"),
+            "requester does not manage this charger",
+        )
 class StartupNotificationTests(TestCase):
     def test_startup_notification_uses_hostname_and_revision(self):
         from nodes.apps import _startup_notification
@@ -2848,6 +3904,17 @@ class StartupHandlerTests(TestCase):
         mock_start.assert_called_once()
+    def test_handler_skips_during_migrate_command(self):
+        import sys
+        from nodes.apps import _trigger_startup_notification
+        with patch("nodes.apps._startup_notification") as mock_start:
+            with patch.object(sys, "argv", ["manage.py", "migrate"]):
+                _trigger_startup_notification()
+        mock_start.assert_not_called()
 class NotificationManagerTests(TestCase):
     def test_send_writes_trimmed_lines(self):
@@ -2930,6 +3997,7 @@ class ContentSampleTransactionTests(TestCase):
             sample1.save()
+@pytest.mark.feature("clipboard-poll")
 class ContentSampleAdminTests(TestCase):
     def setUp(self):
         User = get_user_model()
@@ -3106,6 +4174,7 @@ class EmailOutboxTests(TestCase):
 class ClipboardTaskTests(TestCase):
+    @pytest.mark.feature("clipboard-poll")
     @patch("nodes.tasks.pyperclip.paste")
     def test_sample_clipboard_task_creates_sample(self, mock_paste):
         mock_paste.return_value = "task text"
@@ -3130,6 +4199,7 @@ class ClipboardTaskTests(TestCase):
             ContentSample.objects.filter(kind=ContentSample.TEXT).count(), 1
         )
+    @pytest.mark.feature("screenshot-poll")
     @patch("nodes.tasks.capture_screenshot")
     def test_capture_node_screenshot_task(self, mock_capture):
         node = Node.objects.create(
@@ -3152,6 +4222,7 @@ class ClipboardTaskTests(TestCase):
         self.assertEqual(screenshot.path, "screenshots/test.png")
         self.assertEqual(screenshot.method, "TASK")
+    @pytest.mark.feature("screenshot-poll")
     @patch("nodes.tasks.capture_screenshot")
     def test_capture_node_screenshot_handles_error(self, mock_capture):
         Node.objects.create(
@@ -3169,6 +4240,17 @@ class ClipboardTaskTests(TestCase):
 class CaptureScreenshotTests(TestCase):
+    def setUp(self):
+        super().setUp()
+        self.firefox_patcher = patch(
+            "nodes.utils._find_firefox_binary", return_value="/usr/bin/firefox"
+        )
+        self.ensure_geckodriver_patcher = patch("nodes.utils._ensure_geckodriver")
+        self.firefox_patcher.start()
+        self.ensure_geckodriver_patcher.start()
+        self.addCleanup(self.firefox_patcher.stop)
+        self.addCleanup(self.ensure_geckodriver_patcher.stop)
     @patch("nodes.utils.webdriver.Firefox")
     def test_connection_failure_does_not_raise(self, mock_firefox):
         browser = MagicMock()
@@ -3181,6 +4263,19 @@ class CaptureScreenshotTests(TestCase):
         self.assertEqual(result.parent, screenshot_dir)
         browser.save_screenshot.assert_called_once()
+    def test_missing_firefox_reports_clear_error(self):
+        with patch("nodes.utils._find_firefox_binary", return_value=None):
+            with self.assertRaises(RuntimeError) as excinfo:
+                capture_screenshot("http://example.com")
+        self.assertIn("Firefox is not installed", str(excinfo.exception))
+    @patch("nodes.utils.webdriver.Firefox")
+    def test_driver_install_hint_on_failure(self, mock_firefox):
+        mock_firefox.side_effect = WebDriverException("Unable to obtain driver for firefox")
+        with self.assertRaises(RuntimeError) as excinfo:
+            capture_screenshot("http://example.com")
+        self.assertIn("Firefox WebDriver is unavailable", str(excinfo.exception))
 class NodeRoleAdminTests(TestCase):
     def setUp(self):
@@ -3231,7 +4326,7 @@ class NodeRoleAdminTests(TestCase):
 class NodeFeatureFixtureTests(TestCase):
     def test_rfid_scanner_fixture_includes_control_role(self):
-        for name in ("Terminal", "Satellite", "Constellation", "Control"):
+        for name in ("Terminal", "Satellite", "Watchtower", "Control"):
             NodeRole.objects.get_or_create(name=name)
         fixture_path = (
             Path(__file__).resolve().parent
@@ -3243,6 +4338,7 @@ class NodeFeatureFixtureTests(TestCase):
         role_names = set(feature.roles.values_list("name", flat=True))
         self.assertIn("Control", role_names)
+    @pytest.mark.feature("ap-router")
     def test_ap_router_fixture_limits_roles(self):
         for name in ("Control", "Satellite"):
             NodeRole.objects.get_or_create(name=name)
@@ -3256,6 +4352,23 @@ class NodeFeatureFixtureTests(TestCase):
         role_names = set(feature.roles.values_list("name", flat=True))
         self.assertEqual(role_names, {"Satellite"})
+    @pytest.mark.feature("graphql")
+    def test_graphql_fixture_excludes_terminal_role(self):
+        for name in ("Control", "Interface", "Satellite", "Terminal", "Watchtower"):
+            NodeRole.objects.get_or_create(name=name)
+        fixture_path = (
+            Path(__file__).resolve().parent
+            / "fixtures"
+            / "node_features__nodefeature_graphql.json"
+        )
+        call_command("loaddata", str(fixture_path), verbosity=0)
+        feature = NodeFeature.objects.get(slug="graphql")
+        role_names = set(feature.roles.values_list("name", flat=True))
+        self.assertEqual(
+            role_names,
+            {"Control", "Interface", "Satellite", "Watchtower"},
+        )
 class NodeFeatureTests(TestCase):
     def setUp(self):
@@ -3293,6 +4406,7 @@ class NodeFeatureTests(TestCase):
         self.assertEqual(action.url_name, "admin:nodes_nodefeature_celery_report")
         self.assertEqual(feature.get_default_action(), action)
+    @pytest.mark.feature("rpi-camera")
     def test_rpi_camera_feature_has_multiple_actions(self):
         feature = NodeFeature.objects.create(
             slug="rpi-camera", display="Raspberry Pi Camera"
@@ -3303,6 +4417,7 @@ class NodeFeatureTests(TestCase):
         self.assertIn("Take a Snapshot", labels)
         self.assertIn("View stream", labels)
+    @pytest.mark.feature("audio-capture")
     def test_audio_capture_feature_has_view_waveform_action(self):
         feature = NodeFeature.objects.create(
             slug="audio-capture", display="Audio Capture"
@@ -3388,17 +4503,6 @@ class NodeFeatureTests(TestCase):
         ):
             self.assertTrue(feature.is_enabled)
-    @patch("nodes.models.Node._has_gway_runner", return_value=True)
-    def test_gway_runner_enabled_when_command_available(self, mock_has_runner):
-        feature = NodeFeature.objects.create(
-            slug="gway-runner", display="gway Runner"
-        )
-        with patch(
-            "nodes.models.Node.get_current_mac", return_value="00:11:22:33:44:55"
-        ):
-            self.assertTrue(feature.is_enabled)
-        mock_has_runner.assert_called_once_with()
     @patch("nodes.models.Node._has_rpi_camera", return_value=True)
     def test_rpi_camera_detection(self, mock_camera):
         feature = NodeFeature.objects.create(
@@ -3437,49 +4541,7 @@ class NodeFeatureTests(TestCase):
             ).exists()
         )
-    @patch("nodes.models.Node._find_gway_runner_command", return_value="/usr/bin/gway")
-    def test_gway_runner_detection(self, mock_find_command):
-        feature = NodeFeature.objects.create(
-            slug="gway-runner", display="gway Runner"
-        )
-        feature.roles.add(self.role)
-        with patch(
-            "nodes.models.Node.get_current_mac", return_value="00:11:22:33:44:55"
-        ):
-            self.node.refresh_features()
-        self.assertTrue(
-            NodeFeatureAssignment.objects.filter(
-                node=self.node, feature=feature
-            ).exists()
-        )
-        mock_find_command.assert_called_with()
-    @patch(
-        "nodes.models.Node._find_gway_runner_command",
-        side_effect=["/usr/bin/gway", None],
-    )
-    def test_gway_runner_removed_when_command_missing(self, mock_find_command):
-        feature = NodeFeature.objects.create(
-            slug="gway-runner", display="gway Runner"
-        )
-        feature.roles.add(self.role)
-        with patch(
-            "nodes.models.Node.get_current_mac", return_value="00:11:22:33:44:55"
-        ):
-            self.node.refresh_features()
-            self.assertTrue(
-                NodeFeatureAssignment.objects.filter(
-                    node=self.node, feature=feature
-                ).exists()
-            )
-            self.node.refresh_features()
-        self.assertFalse(
-            NodeFeatureAssignment.objects.filter(
-                node=self.node, feature=feature
-            ).exists()
-        )
-        self.assertEqual(mock_find_command.call_count, 2)
+    @pytest.mark.feature("ap-router")
     @patch("nodes.models.Node._hosts_gelectriic_ap", return_value=True)
     def test_ap_router_detection(self, mock_hosts):
         control_role, _ = NodeRole.objects.get_or_create(name="Control")
@@ -3499,6 +4561,7 @@ class NodeFeatureTests(TestCase):
             NodeFeatureAssignment.objects.filter(node=node, feature=feature).exists()
         )
+    @pytest.mark.feature("ap-router")
     @patch("nodes.models.Node._hosts_gelectriic_ap", return_value=True)
     def test_ap_router_detection_with_public_mode_lock(self, mock_hosts):
         control_role, _ = NodeRole.objects.get_or_create(name="Control")
@@ -3523,6 +4586,7 @@ class NodeFeatureTests(TestCase):
             NodeFeatureAssignment.objects.filter(node=node, feature=router).exists()
         )
+    @pytest.mark.feature("ap-router")
     @patch("nodes.models.Node._hosts_gelectriic_ap", side_effect=[True, False])
     def test_ap_router_removed_when_not_hosting(self, mock_hosts):
         control_role, _ = NodeRole.objects.get_or_create(name="Control")
@@ -3895,6 +4959,38 @@ class ContentClassifierTests(TestCase):
         tags = ContentClassification.objects.filter(sample=sample)
         self.assertTrue(tags.filter(tag__slug="screenshot-tag").exists())
+    def test_save_screenshot_returns_none_for_duplicate_without_linking(self):
+        with TemporaryDirectory() as tmp:
+            base = Path(tmp)
+            first_path = base / "capture.png"
+            first_path.write_bytes(b"binary image data")
+            duplicate_path = base / "duplicate.png"
+            duplicate_path.write_bytes(b"binary image data")
+            with override_settings(LOG_DIR=base):
+                original = save_screenshot(first_path, method="TEST")
+                duplicate = save_screenshot(duplicate_path, method="TEST")
+        self.assertIsNotNone(original)
+        self.assertIsNone(duplicate)
+        self.assertEqual(ContentSample.objects.count(), 1)
+    def test_save_screenshot_reuses_existing_sample_when_linking(self):
+        with TemporaryDirectory() as tmp:
+            base = Path(tmp)
+            first_path = base / "capture.png"
+            first_path.write_bytes(b"binary image data")
+            duplicate_path = base / "duplicate.png"
+            duplicate_path.write_bytes(b"binary image data")
+            with override_settings(LOG_DIR=base):
+                original = save_screenshot(first_path, method="TEST")
+                reused = save_screenshot(
+                    duplicate_path, method="TEST", link_duplicates=True
+                )
+        self.assertIsNotNone(original)
+        self.assertEqual(reused, original)
+        self.assertEqual(ContentSample.objects.count(), 1)
     def test_text_sample_runs_default_classifiers_without_duplicates(self):
         sample = ContentSample.objects.create(
             content="Example content", kind=ContentSample.TEXT

arthexis 0.1.16__py3-none-any.whl → 0.1.26__py3-none-any.whl

Potentially problematic release.

arthexis 0.1.16py3-none-any.whl → 0.1.26py3-none-any.whl