mito-ai 0.1.58__py3-none-any.whl → 0.1.60__py3-none-any.whl

mito_ai/rules/utils.py

@@ -1,37 +1,166 @@
 # Copyright (c) Saga Inc.
 # Distributed under the terms of the GNU Affero General Public License v3.0 License.
 
-from typing import Any, Final, List, Optional
+from typing import Any, Final, List, Optional, cast
 import os
+import json
 from mito_ai.utils.schema import MITO_FOLDER
 
 RULES_DIR_PATH: Final[str] = os.path.join(MITO_FOLDER, 'rules')
+RULES_METADATA_FILENAME: Final[str] = '_metadata.json'
+
+
+def _sanitize_rule_name(rule_name: str) -> str:
+    """
+    Sanitizes a rule name to prevent path traversal attacks.
+    Raises ValueError if the rule name contains unsafe characters.
+    
+    Args:
+        rule_name: The rule name to sanitize
+        
+    Returns:
+        The sanitized rule name (with .md extension stripped if present)
+        
+    Raises:
+        ValueError: If the rule name contains path traversal sequences or other unsafe characters
+    """
+    if not rule_name:
+        raise ValueError("Rule name cannot be empty")
+    
+    # Strip .md extension if present
+    if rule_name.endswith('.md'):
+        rule_name = rule_name[:-3]
+    
+    # Check for path traversal sequences
+    if '..' in rule_name or '/' in rule_name or '\\' in rule_name:
+        raise ValueError(f"Rule name contains invalid characters: {rule_name}")
+    
+    # Check for absolute paths
+    if os.path.isabs(rule_name):
+        raise ValueError(f"Rule name cannot be an absolute path: {rule_name}")
+    
+    # Check for null bytes or other control characters
+    if '\x00' in rule_name:
+        raise ValueError("Rule name cannot contain null bytes")
+    
+    # Ensure it's a valid filename (no reserved characters on Windows)
+    # Windows reserved: < > : " | ? * 
+    invalid_chars = set('<>:|?*"')
+    if any(c in rule_name for c in invalid_chars):
+        raise ValueError(f"Rule name contains invalid filename characters: {rule_name}")
+    
+    return rule_name
+
+
+def _validate_rule_path(file_path: str, rule_name: str) -> None:
+    """
+    Validates that a rule file path is within the rules directory.
+    This provides defense-in-depth protection against path traversal attacks.
+    
+    Args:
+        file_path: The file path to validate
+        rule_name: The rule name (for error messages)
+        
+    Raises:
+        ValueError: If the resolved path is outside RULES_DIR_PATH
+    """
+    resolved_path = os.path.abspath(file_path)
+    rules_dir_abs = os.path.abspath(RULES_DIR_PATH)
+    if not resolved_path.startswith(rules_dir_abs):
+        raise ValueError(f"Invalid rule name: {rule_name}")
+
+
+def _get_metadata_path() -> str:
+    return os.path.join(RULES_DIR_PATH, RULES_METADATA_FILENAME)
+
+
+def _load_metadata() -> dict[Any, Any]:
+    path = _get_metadata_path()
+    if not os.path.exists(path):
+        return {}
+    try:
+        with open(path, 'r') as f:
+            return cast(dict[Any, Any], json.load(f))
+    except (json.JSONDecodeError, OSError):
+        return {}
+
+
+def _save_metadata(metadata: dict) -> None:
+    if not os.path.exists(RULES_DIR_PATH):
+        os.makedirs(RULES_DIR_PATH)
+    path = _get_metadata_path()
+    with open(path, 'w') as f:
+        json.dump(metadata, f, indent=2)
+
+
+def get_rule_default(rule_name: str) -> bool:
+    """Returns whether the rule is marked as a default (auto-applied) rule."""
+    if rule_name.endswith('.md'):
+        rule_name = rule_name[:-3]
+    metadata = _load_metadata()
+    entry = metadata.get(rule_name, {})
+    return bool(entry.get('is_default', False))
+
+
+def set_rule_default(rule_name: str, is_default: bool) -> None:
+    """Sets whether the rule is a default (auto-applied) rule."""
+    if rule_name.endswith('.md'):
+        rule_name = rule_name[:-3]
+    metadata = _load_metadata()
+    metadata[rule_name] = {**metadata.get(rule_name, {}), 'is_default': is_default}
+    _save_metadata(metadata)
+
 
 def set_rules_file(rule_name: str, value: Any) -> None:
     """
     Updates the value of a specific rule file in the rules directory
     """
+    # Sanitize rule name to prevent path traversal
+    rule_name = _sanitize_rule_name(rule_name)
+    
     # Ensure the directory exists
     if not os.path.exists(RULES_DIR_PATH):
         os.makedirs(RULES_DIR_PATH)
-    
+
     # Create the file path to the rule name as a .md file
     file_path = os.path.join(RULES_DIR_PATH, f"{rule_name}.md")
     
+    # Additional safety check: ensure the resolved path is still within RULES_DIR_PATH
+    _validate_rule_path(file_path, rule_name)
+
     with open(file_path, 'w+') as f:
         f.write(value)
+
+
+def delete_rule(rule_name: str) -> None:
+    """
+    Deletes a rule file from the rules directory. Normalizes rule_name (strips .md).
+    Metadata for this rule is removed by cleanup_rules_metadata().
+    """
+    # Sanitize rule name to prevent path traversal
+    rule_name = _sanitize_rule_name(rule_name)
+    
+    file_path = os.path.join(RULES_DIR_PATH, f"{rule_name}.md")
+    
+    # Additional safety check: ensure the resolved path is still within RULES_DIR_PATH
+    _validate_rule_path(file_path, rule_name)
     
+    if os.path.exists(file_path):
+        os.remove(file_path)
+
 
 def get_rule(rule_name: str) -> Optional[str]:
     """
     Retrieves the value of a specific rule file from the rules directory
     """
-    
-    if rule_name.endswith('.md'):
-        rule_name = rule_name[:-3]
+    # Sanitize rule name to prevent path traversal
+    rule_name = _sanitize_rule_name(rule_name)
     
     file_path = os.path.join(RULES_DIR_PATH, f"{rule_name}.md")
     
+    # Additional safety check: ensure the resolved path is still within RULES_DIR_PATH
+    _validate_rule_path(file_path, rule_name)
+    
     if not os.path.exists(file_path):
         return None
     
@@ -47,10 +176,45 @@ def get_all_rules() -> List[str]:
     if not os.path.exists(RULES_DIR_PATH):
         os.makedirs(RULES_DIR_PATH)
         return []  # Return empty list if directory didn't exist
-    
+
     try:
         return [f for f in os.listdir(RULES_DIR_PATH) if f.endswith('.md')]
     except OSError as e:
         # Log the error if needed and return empty list
         print(f"Error reading rules directory: {e}")
         return []
+
+
+def cleanup_rules_metadata() -> None:
+    """
+    Removes metadata entries for rules that no longer exist on disk (deleted or renamed).
+    Call after rule create/update so metadata stays in sync with actual rule files.
+    """
+    current_files = get_all_rules()
+    current_rule_names = {f[:-3] if f.endswith('.md') else f for f in current_files}
+    metadata = _load_metadata()
+    if not metadata:
+        return
+    keys_to_remove = [k for k in metadata if k not in current_rule_names]
+    if not keys_to_remove:
+        return
+    for k in keys_to_remove:
+        del metadata[k]
+    _save_metadata(metadata)
+
+
+def get_default_rules_content() -> str:
+    """
+    Returns the concatenated content of all rules marked as default (auto-applied).
+    Each rule is included as "Rule name:\n\n{content}". Returns empty string if no default rules.
+    """
+    rule_files = get_all_rules()
+    parts: List[str] = []
+    for f in rule_files:
+        rule_name = f[:-3] if f.endswith('.md') else f
+        if not get_rule_default(rule_name):
+            continue
+        content = get_rule(rule_name)
+        if content and content.strip():
+            parts.append(f"{rule_name}:\n\n{content}")
+    return '\n\n'.join(parts) if parts else ""

mito_ai/tests/message_history/test_generate_short_chat_name.py

@@ -23,7 +23,8 @@ PROVIDER_TEST_CASES = [
     ("gpt-4.1", "mito_ai.provider_manager.OpenAIClient"),
     ("claude-sonnet-4-5-20250929", "mito_ai.provider_manager.AnthropicClient"),
     ("gemini-3-flash-preview", "mito_ai.provider_manager.GeminiClient"),
-    ("openai/gpt-4o", "mito_ai.provider_manager.LiteLLMClient"),  # LiteLLM test case
+    ("litellm/openai/gpt-4o", "mito_ai.provider_manager.LiteLLMClient"),  # LiteLLM test case
+    ("Abacus/gpt-4.1", "mito_ai.provider_manager.OpenAIClient"),  # Abacus test case (uses OpenAIClient)
 ]
 
 @pytest.mark.parametrize("selected_model,client_patch_path", PROVIDER_TEST_CASES)
@@ -49,13 +50,27 @@ async def test_generate_short_chat_name_uses_correct_provider_and_fast_model(
         # Patch constants both at the source and where they're imported in model_utils
         monkeypatch.setattr("mito_ai.constants.LITELLM_BASE_URL", "https://litellm-server.com")
         monkeypatch.setattr("mito_ai.constants.LITELLM_API_KEY", "fake-litellm-key")
-        monkeypatch.setattr("mito_ai.constants.LITELLM_MODELS", ["openai/gpt-4o", "anthropic/claude-3-5-sonnet"])
+        monkeypatch.setattr("mito_ai.constants.LITELLM_MODELS", ["litellm/openai/gpt-4o", "litellm/anthropic/claude-3-5-sonnet"])
         # Also patch where constants is imported in model_utils (where get_available_models uses it)
         monkeypatch.setattr("mito_ai.utils.model_utils.constants.LITELLM_BASE_URL", "https://litellm-server.com")
-        monkeypatch.setattr("mito_ai.utils.model_utils.constants.LITELLM_MODELS", ["openai/gpt-4o", "anthropic/claude-3-5-sonnet"])
+        monkeypatch.setattr("mito_ai.utils.model_utils.constants.LITELLM_MODELS", ["litellm/openai/gpt-4o", "litellm/anthropic/claude-3-5-sonnet"])
         # Mock is_enterprise to return True so LiteLLM models are available
         monkeypatch.setattr("mito_ai.utils.version_utils.is_enterprise", lambda: True)
     
+    # Set up Abacus constants if testing Abacus
+    if selected_model.startswith("Abacus/"):
+        # Patch constants both at the source and where they're imported in model_utils
+        monkeypatch.setattr("mito_ai.constants.ABACUS_BASE_URL", "https://routellm.abacus.ai/v1")
+        monkeypatch.setattr("mito_ai.constants.ABACUS_API_KEY", "fake-abacus-key")
+        monkeypatch.setattr("mito_ai.constants.ABACUS_MODELS", ["Abacus/gpt-4.1", "Abacus/claude-haiku-4-5-20251001"])
+        # Also patch where constants is imported in model_utils (where get_available_models uses it)
+        monkeypatch.setattr("mito_ai.utils.model_utils.constants.ABACUS_BASE_URL", "https://routellm.abacus.ai/v1")
+        monkeypatch.setattr("mito_ai.utils.model_utils.constants.ABACUS_MODELS", ["Abacus/gpt-4.1", "Abacus/claude-haiku-4-5-20251001"])
+        # Mock is_abacus_configured to return True so Abacus models are available
+        monkeypatch.setattr("mito_ai.utils.model_utils.is_abacus_configured", lambda: True)
+        # Mock is_enterprise to return True so enterprise models are available
+        monkeypatch.setattr("mito_ai.utils.version_utils.is_enterprise", lambda: True)
+    
     # Create mock client for the specific provider being tested
     mock_client = MagicMock()
     mock_client.request_completions = AsyncMock(return_value="Test Chat Name")
@@ -87,12 +102,28 @@ async def test_generate_short_chat_name_uses_correct_provider_and_fast_model(
         # Patch LiteLLMClient where it's defined (it's imported inside request_completions)
         # Also patch get_available_models to return LiteLLM models
         with patch("mito_ai.enterprise.litellm_client.LiteLLMClient", return_value=mock_client), \
-             patch("mito_ai.provider_manager.get_available_models", return_value=["openai/gpt-4o", "anthropic/claude-3-5-sonnet"]):
+             patch("mito_ai.provider_manager.get_available_models", return_value=["litellm/openai/gpt-4o", "litellm/anthropic/claude-3-5-sonnet"]):
+            result = await generate_short_chat_name(
+                user_message="What is the capital of France?",
+                assistant_message="The capital of France is Paris.",
+                llm_provider=llm_provider
+            )
+    elif selected_model.startswith("Abacus/"):
+        # For Abacus, it uses OpenAIClient, so patch the instance's method
+        # Also patch get_available_models to return Abacus models
+        assert llm_provider._openai_client is not None, "OpenAI client should be initialized for Abacus"
+        with patch.object(llm_provider._openai_client, 'request_completions', new_callable=AsyncMock, return_value="Test Chat Name") as mock_abacus_request, \
+             patch("mito_ai.provider_manager.get_available_models", return_value=["Abacus/gpt-4.1", "Abacus/claude-haiku-4-5-20251001"]):
             result = await generate_short_chat_name(
                 user_message="What is the capital of France?",
                 assistant_message="The capital of France is Paris.",
                 llm_provider=llm_provider
             )
+            # Verify that the OpenAI client's request_completions was called (Abacus uses OpenAIClient)
+            mock_abacus_request.assert_called_once()  # type: ignore
+            # As a double check, if we have used the correct client, then we must get the correct result
+            assert result == "Test Chat Name"
+            return
     else:  # OpenAI
         # For OpenAI, patch the instance's method since the client is created in __init__
         assert llm_provider._openai_client is not None, "OpenAI client should be initialized"

mito_ai/tests/open_ai_utils_test.py

@@ -104,17 +104,16 @@ def test_prepare_request_data_and_headers_null_message() -> None:
     with patch("mito_ai.utils.open_ai_utils.get_user_field") as mock_get_user_field:
         mock_get_user_field.side_effect = ["test@example.com", "user123"]
         
-        with patch("mito_ai.utils.open_ai_utils.check_mito_server_quota"):
-            data, _ = _prepare_request_data_and_headers(
-                last_message_content=None,
-                ai_completion_data={},
-                timeout=30,
-                max_retries=3,
-                message_type=MessageType.CHAT
-            )
-
-            # Verify empty string is used for null message
-            assert data["user_input"] == ""
+        data, _ = _prepare_request_data_and_headers(
+            last_message_content=None,
+            ai_completion_data={},
+            timeout=30,
+            max_retries=3,
+            message_type=MessageType.CHAT
+        )
+
+        # Verify empty string is used for null message
+        assert data["user_input"] == ""
 
 def test_prepare_request_data_and_headers_caches_user_info() -> None:
     """Test that user info is cached after first call"""
@@ -125,28 +124,27 @@ def test_prepare_request_data_and_headers_caches_user_info() -> None:
         
         mock_get_user_field.side_effect = ["test@example.com", "user123"]
         
-        with patch("mito_ai.utils.open_ai_utils.check_mito_server_quota"):
-            # First call
-            data1, _ = _prepare_request_data_and_headers(
-                last_message_content="test",
-                ai_completion_data={},
-                timeout=30,
-                max_retries=3,
-                message_type=MessageType.CHAT
-            )
-
-            # Second call
-            data2, _ = _prepare_request_data_and_headers(
-                last_message_content="test",
-                ai_completion_data={},
-                timeout=30,
-                max_retries=3,
-                message_type=MessageType.CHAT
-            )
-
-            # Verify get_user_field was only called twice (once for email, once for user_id)
-            assert mock_get_user_field.call_count == 2
-            
-            # Verify both calls return same user info
-            assert data1["email"] == data2["email"] == "test@example.com"
-            assert data1["user_id"] == data2["user_id"] == "user123"
+        # First call
+        data1, _ = _prepare_request_data_and_headers(
+            last_message_content="test",
+            ai_completion_data={},
+            timeout=30,
+            max_retries=3,
+            message_type=MessageType.CHAT
+        )
+
+        # Second call
+        data2, _ = _prepare_request_data_and_headers(
+            last_message_content="test",
+            ai_completion_data={},
+            timeout=30,
+            max_retries=3,
+            message_type=MessageType.CHAT
+        )
+
+        # Verify get_user_field was only called twice (once for email, once for user_id)
+        assert mock_get_user_field.call_count == 2
+        
+        # Verify both calls return same user info
+        assert data1["email"] == data2["email"] == "test@example.com"
+        assert data1["user_id"] == data2["user_id"] == "user123"

mito_ai/tests/providers/test_azure.py

@@ -176,11 +176,11 @@ class TestAzureOpenAIClientCreation:
             openai_client = OpenAIClient(config=provider_config)
             
             # Test with gpt-4.1 model
-            resolved_model = openai_client._adjust_model_for_azure_or_ollama("gpt-4.1")
+            resolved_model = openai_client._adjust_model_for_provider("gpt-4.1")
             assert resolved_model == FAKE_AZURE_MODEL
             
             # Test with any other model
-            resolved_model = openai_client._adjust_model_for_azure_or_ollama("gpt-3.5-turbo")
+            resolved_model = openai_client._adjust_model_for_provider("gpt-3.5-turbo")
             assert resolved_model == FAKE_AZURE_MODEL
 
 

mito_ai/tests/providers/test_providers.py

@@ -59,7 +59,7 @@ def reset_env_vars(monkeypatch: pytest.MonkeyPatch) -> None:
         "name": "claude", 
         "env_vars": {"ANTHROPIC_API_KEY": "claude-key"},
         "constants": {"ANTHROPIC_API_KEY": "claude-key", "OPENAI_API_KEY": None},
-        "model": "claude-sonnet-4-5-20250929",
+        "model": "claude-haiku-4-5-20251001",
         "mock_patch": "mito_ai.provider_manager.AnthropicClient",
         "mock_method": "request_completions",
         "provider_name": "Claude",
@@ -143,7 +143,7 @@ async def test_completion_request(
         "name": "claude", 
         "env_vars": {"ANTHROPIC_API_KEY": "claude-key"},
         "constants": {"ANTHROPIC_API_KEY": "claude-key", "OPENAI_API_KEY": None},
-        "model": "claude-sonnet-4-5-20250929",
+        "model": "claude-haiku-4-5-20251001",
         "mock_patch": "mito_ai.provider_manager.AnthropicClient",
         "mock_method": "stream_completions", 
         "provider_name": "Claude",
@@ -235,7 +235,7 @@ def test_claude_error_handling(monkeypatch: pytest.MonkeyPatch, provider_config:
 
     mock_client = MagicMock()
     mock_client.capabilities = AICapabilities(
-        configuration={"model": "claude-sonnet-4-5-20250929"},
+        configuration={"model": "claude-haiku-4-5-20251001"},
         provider="Claude",
         type="ai_capabilities"
     )
@@ -258,7 +258,7 @@ def test_claude_error_handling(monkeypatch: pytest.MonkeyPatch, provider_config:
     },
     {
         "name": "claude_fallback", 
-        "model": "claude-sonnet-4-5-20250929",
+        "model": "claude-haiku-4-5-20251001",
         "mock_function": "mito_ai.anthropic_client.get_anthropic_completion_from_mito_server",
         "provider_name": "Claude",
         "key_type": "claude"
@@ -315,7 +315,7 @@ async def test_mito_server_fallback_completion_request(
     },
     {
         "name": "claude_fallback", 
-        "model": "claude-sonnet-4-5-20250929",
+        "model": "claude-haiku-4-5-20251001",
         "mock_function": "mito_ai.anthropic_client.stream_anthropic_completion_from_mito_server",
         "provider_name": "Claude",
         "key_type": "claude"

mito_ai/tests/rules/rules_test.py

@@ -21,7 +21,7 @@ def test_put_rule_with_auth(jp_base_url):
 
     response_json = response.json()
     assert response_json["status"] == "updated"
-    assert response_json["rules file "] == RULE_NAME
+    assert response_json["rules_file"] == RULE_NAME
 
 
 def test_put_rule_with_no_auth(jp_base_url):
@@ -55,12 +55,22 @@ def test_put_rule_missing_content(jp_base_url):
 
 
 def test_get_rule_with_auth(jp_base_url):
+    # First create the rule
+    requests.put(
+        jp_base_url + f"/mito-ai/rules/{RULE_NAME}",
+        headers={"Authorization": f"token {TOKEN}"},
+        json={"content": RULE_CONTENT},
+    )
+    # Then get it
     response = requests.get(
         jp_base_url + f"/mito-ai/rules/{RULE_NAME}",
         headers={"Authorization": f"token {TOKEN}"},
     )
     assert response.status_code == 200
-    assert response.json() == {"key": RULE_NAME, "content": RULE_CONTENT}
+    response_json = response.json()
+    assert response_json["key"] == RULE_NAME
+    assert response_json["content"] == RULE_CONTENT
+    assert "is_default" in response_json  # is_default field should be present
 
 
 def test_get_rule_with_no_auth(jp_base_url):
@@ -90,6 +100,13 @@ def test_get_nonexistent_rule_with_auth(jp_base_url):
 
 
 def test_get_all_rules_with_auth(jp_base_url):
+    # First create the rule
+    requests.put(
+        jp_base_url + f"/mito-ai/rules/{RULE_NAME}",
+        headers={"Authorization": f"token {TOKEN}"},
+        json={"content": RULE_CONTENT},
+    )
+    # Then get all rules
     response = requests.get(
         jp_base_url + f"/mito-ai/rules",
         headers={"Authorization": f"token {TOKEN}"},
@@ -98,8 +115,13 @@ def test_get_all_rules_with_auth(jp_base_url):
     
     response_json = response.json()
     assert isinstance(response_json, list)
-    # Should contain our test rule (with .md extension)
-    assert f"{RULE_NAME}.md" in response_json
+    # Should contain our test rule (with .md extension) as an object with name and is_default
+    rule_names = [rule["name"] for rule in response_json]
+    assert f"{RULE_NAME}.md" in rule_names
+    # Verify structure of rule objects
+    test_rule = next((r for r in response_json if r["name"] == f"{RULE_NAME}.md"), None)
+    assert test_rule is not None
+    assert "is_default" in test_rule
 
 
 def test_get_all_rules_with_no_auth(jp_base_url):
@@ -115,3 +137,77 @@ def test_get_all_rules_with_incorrect_auth(jp_base_url):
         headers={"Authorization": f"token incorrect-token"},
     )
     assert response.status_code == 403  # Forbidden
+
+
+# --- DELETE RULES ---
+
+
+def test_delete_rule_with_auth(jp_base_url):
+    # First create the rule
+    requests.put(
+        jp_base_url + f"/mito-ai/rules/{RULE_NAME}",
+        headers={"Authorization": f"token {TOKEN}"},
+        json={"content": RULE_CONTENT},
+    )
+    # Verify it exists
+    get_response = requests.get(
+        jp_base_url + f"/mito-ai/rules/{RULE_NAME}",
+        headers={"Authorization": f"token {TOKEN}"},
+    )
+    assert get_response.status_code == 200
+    
+    # Delete it
+    delete_response = requests.delete(
+        jp_base_url + f"/mito-ai/rules/{RULE_NAME}",
+        headers={"Authorization": f"token {TOKEN}"},
+    )
+    assert delete_response.status_code == 200
+    delete_json = delete_response.json()
+    assert delete_json["status"] == "deleted"
+    assert delete_json["key"] == RULE_NAME
+    
+    # Verify it no longer exists
+    get_response_after_delete = requests.get(
+        jp_base_url + f"/mito-ai/rules/{RULE_NAME}",
+        headers={"Authorization": f"token {TOKEN}"},
+    )
+    assert get_response_after_delete.status_code == 404
+
+
+def test_delete_rule_with_no_auth(jp_base_url):
+    response = requests.delete(
+        jp_base_url + f"/mito-ai/rules/{RULE_NAME}",
+    )
+    assert response.status_code == 403  # Forbidden
+
+
+def test_delete_rule_with_incorrect_auth(jp_base_url):
+    response = requests.delete(
+        jp_base_url + f"/mito-ai/rules/{RULE_NAME}",
+        headers={"Authorization": f"token incorrect-token"},  # <- wrong token
+    )
+    assert response.status_code == 403  # Forbidden
+
+
+def test_delete_nonexistent_rule_with_auth(jp_base_url):
+    # Delete a rule that doesn't exist (should succeed - idempotent operation)
+    response = requests.delete(
+        jp_base_url + f"/mito-ai/rules/nonexistent_rule",
+        headers={"Authorization": f"token {TOKEN}"},
+    )
+    assert response.status_code == 200
+    response_json = response.json()
+    assert response_json["status"] == "deleted"
+    assert response_json["key"] == "nonexistent_rule"
+
+
+def test_delete_rule_invalid_name(jp_base_url):
+    # Try to delete with invalid rule name (contains Windows reserved character ':')
+    # This will reach the handler but fail validation in _sanitize_rule_name
+    response = requests.delete(
+        jp_base_url + f"/mito-ai/rules/rule:with:colons",
+        headers={"Authorization": f"token {TOKEN}"},
+    )
+    assert response.status_code == 400  # Bad Request
+    response_json = response.json()
+    assert "error" in response_json