PyPI - roksta - Versions diffs - 0.2.4__cp313-cp313-win_amd64.whl → 0.2.5__cp313-cp313-win_amd64.whl - Mend

roksta 0.2.4__cp313-cp313-win_amd64.whl → 0.2.5__cp313-cp313-win_amd64.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of roksta might be problematic. Click here for more details.

Files changed (78) hide show

roksta/__init__.cp313-win_amd64.pyd +0 -0
roksta/ai/__init__.cp313-win_amd64.pyd +0 -0
roksta/ai/call_ai.cp313-win_amd64.pyd +0 -0
roksta/ai/gemini.cp313-win_amd64.pyd +0 -0
roksta/ai/generic.cp313-win_amd64.pyd +0 -0
roksta/ai/llm.cp313-win_amd64.pyd +0 -0
roksta/ai/openai.cp313-win_amd64.pyd +0 -0
roksta/ai/tools.cp313-win_amd64.pyd +0 -0
roksta/analytics.cp313-win_amd64.pyd +0 -0
roksta/balance.cp313-win_amd64.pyd +0 -0
roksta/build_project.cp313-win_amd64.pyd +0 -0
roksta/chat_workflow.cp313-win_amd64.pyd +0 -0
roksta/check_for_updates.cp313-win_amd64.pyd +0 -0
roksta/checkpoints.cp313-win_amd64.pyd +0 -0
roksta/clarify_goal.cp313-win_amd64.pyd +0 -0
roksta/codebase_listing.cp313-win_amd64.pyd +0 -0
roksta/command_handlers.cp313-win_amd64.pyd +0 -0
roksta/create_default_config.cp313-win_amd64.pyd +0 -0
roksta/default_config.cp313-win_amd64.pyd +0 -0
roksta/enums.cp313-win_amd64.pyd +0 -0
roksta/env.cp313-win_amd64.pyd +0 -0
roksta/extended_text_area.cp313-win_amd64.pyd +0 -0
roksta/firebase.cp313-win_amd64.pyd +0 -0
roksta/firebase_auth_web.cp313-win_amd64.pyd +0 -0
roksta/firebase_config.cp313-win_amd64.pyd +0 -0
roksta/fix_tests.cp313-win_amd64.pyd +0 -0
roksta/gen_codebase_summaries.cp313-win_amd64.pyd +0 -0
roksta/gen_one_line_goal.cp313-win_amd64.pyd +0 -0
roksta/get_codebase_structure.cp313-win_amd64.pyd +0 -0
roksta/get_failing_tests.cp313-win_amd64.pyd +0 -0
roksta/goal_workflow.cp313-win_amd64.pyd +0 -0
roksta/init_codebase.cp313-win_amd64.pyd +0 -0
roksta/lint_code.cp313-win_amd64.pyd +0 -0
roksta/logger.cp313-win_amd64.pyd +0 -0
roksta/main.cp313-win_amd64.pyd +0 -0
roksta/make_issue.cp313-win_amd64.pyd +0 -0
roksta/new_features.cp313-win_amd64.pyd +0 -0
roksta/parse_readme.cp313-win_amd64.pyd +0 -0
roksta/propose_solution.cp313-win_amd64.pyd +0 -0
roksta/response_formats.cp313-win_amd64.pyd +0 -0
roksta/rewrite_goal.cp313-win_amd64.pyd +0 -0
roksta/roksta.cp313-win_amd64.pyd +0 -0
roksta/select_files.cp313-win_amd64.pyd +0 -0
roksta/tips.cp313-win_amd64.pyd +0 -0
roksta/utils.cp313-win_amd64.pyd +0 -0
roksta/write_code.cp313-win_amd64.pyd +0 -0
{roksta-0.2.4.dist-info → roksta-0.2.5.dist-info}/METADATA +1 -1
roksta-0.2.5.dist-info/RECORD +77 -0
{roksta-0.2.4.dist-info → roksta-0.2.5.dist-info}/top_level.txt +1 -0
tests/__init__.py +2 -0
tests/conftest.py +169 -0
tests/functions/__init__.py +2 -0
tests/functions/api_v0_01/__init__.py +2 -0
tests/functions/api_v0_01/test__analytics.py +417 -0
tests/functions/api_v0_01/test__gemini_proxy.py +307 -0
tests/functions/api_v0_01/test__generic_proxy.py +399 -0
tests/functions/api_v0_01/test__get_payment_details.py +356 -0
tests/functions/api_v0_01/test__openai_proxy.py +413 -0
tests/functions/api_v0_01/test__redeem_credit_code.py +167 -0
tests/functions/api_v0_01/test__sync_emails.py +324 -0
tests/functions/api_v0_01/test__take_payment.py +491 -0
tests/functions/api_v0_01/test__use_activation_code.py +437 -0
tests/functions/api_v1_00/__init__.py +2 -0
tests/functions/api_v1_00/test__analytics.py +416 -0
tests/functions/api_v1_00/test__gemini_proxy.py +352 -0
tests/functions/api_v1_00/test__generic_proxy.py +428 -0
tests/functions/api_v1_00/test__get_payment_details.py +356 -0
tests/functions/api_v1_00/test__openai_proxy.py +449 -0
tests/functions/api_v1_00/test__redeem_credit_code.py +167 -0
tests/functions/api_v1_00/test__sync_emails.py +325 -0
tests/functions/api_v1_00/test__take_payment.py +491 -0
tests/functions/api_v1_00/test__use_activation_code.py +438 -0
tests/functions/test_auth.py +24 -0
tests/functions/test_main_functions.py +73 -0
tests/functions/test_utils_functions.py +222 -0
roksta-0.2.4.dist-info/RECORD +0 -51
{roksta-0.2.4.dist-info → roksta-0.2.5.dist-info}/WHEEL +0 -0
{roksta-0.2.4.dist-info → roksta-0.2.5.dist-info}/entry_points.txt +0 -0

tests/functions/api_v0_01/test__openai_proxy.py ADDED Viewed

@@ -0,0 +1,413 @@
+import os
+import sys
+import json
+import types
+import importlib
+from unittest.mock import patch
+# Ensure the functions/ directory is importable as a top-level module location
+PROJECT_ROOT = os.path.abspath(os.path.join(os.path.dirname(__file__), '..', '..'))
+FUNCTIONS_DIR = os.path.join(PROJECT_ROOT, 'functions')
+if FUNCTIONS_DIR not in sys.path:
+    sys.path.insert(0, FUNCTIONS_DIR)
+# Prepare lightweight fake modules to satisfy imports inside _openai_proxy
+# We'll temporarily inject these into sys.modules while importing the module
+# Save any originals so we can restore them after import
+_orig_sys_modules = {}
+_names_to_fake = [
+    'firebase_functions',
+    'utils',
+    'auth',
+    'openai',
+]
+for name in _names_to_fake:
+    _orig_sys_modules[name] = sys.modules.get(name)
+# Fake firebase_functions.https_fn.Response to capture returned data
+firebase_functions = types.ModuleType('firebase_functions')
+class FakeResponse:
+    def __init__(self, response=None, mimetype=None, status=200, **kwargs):
+        # Mirror the small subset of the interface tests expect
+        self.status_code = status
+        if isinstance(response, (dict, list)):
+            self._body_text = json.dumps(response)
+        else:
+            self._body_text = '' if response is None else response
+        self.headers = kwargs.get('headers', {})
+    def get_data(self, as_text=False):
+        if as_text:
+            return self._body_text
+        return self._body_text.encode('utf-8')
+firebase_functions.https_fn = types.SimpleNamespace(Request=object, Response=FakeResponse)
+sys.modules['firebase_functions'] = firebase_functions
+# Fake utils module (provides functions imported by _openai_proxy)
+utils_mod = types.ModuleType('utils')
+def _fake_create_json_response(success: bool, payload: any, status_code: int):
+    response_body = {"success": success, "payload": payload}
+    return firebase_functions.https_fn.Response(response=json.dumps(response_body), status=status_code, headers={'Content-Type': 'application/json'})
+def _fake_get_api_key(llm_family=None):
+    return 'DUMMY_KEY'
+def _fake_verify_firebase_token(req):
+    # Default: no-op (successful)
+    return {}
+utils_mod.create_json_response = _fake_create_json_response
+utils_mod.get_api_key = _fake_get_api_key
+utils_mod.verify_firebase_token = _fake_verify_firebase_token
+sys.modules['utils'] = utils_mod
+# Fake auth module with validate_auth_key
+auth_mod = types.ModuleType('auth')
+def _fake_validate_auth_key(val: str) -> bool:
+    return True
+auth_mod.validate_auth_key = _fake_validate_auth_key
+sys.modules['auth'] = auth_mod
+# Fake openai module with APIError and a default OpenAI class
+repo_root = os.path.abspath(os.path.join(os.path.dirname(__file__), '..', '..', '..'))
+functions_root = os.path.join(repo_root, 'functions')
+module_path = os.path.join(functions_root, 'api_v0_01', '_openai_proxy.py')
+spec = importlib.util.spec_from_file_location('api_v0_01._openai_proxy', module_path)
+_openai = importlib.util.module_from_spec(spec)
+spec.loader.exec_module(_openai)
+class APIError(Exception):
+    pass
+class DummyOpenAI:
+    def __init__(self, api_key=None, timeout=None):
+        self.api_key = api_key
+        self.timeout = timeout
+        # The proxy expects openai_client.responses.create / parse
+        self.responses = self
+    def create(self, **params):
+        raise NotImplementedError("create not implemented for dummy client")
+    def parse(self, **params):
+        raise NotImplementedError("parse not implemented for dummy client")
+_openai.OpenAI = DummyOpenAI
+_openai.APIError = APIError
+sys.modules['openai'] = _openai
+# Import the module under test after preparing the fake imports
+_openai = importlib.import_module('_openai_proxy')
+# Restore original sys.modules mappings to avoid side-effects for other tests
+for name, orig in _orig_sys_modules.items():
+    if orig is None:
+        try:
+            del sys.modules[name]
+        except KeyError:
+            pass
+    else:
+        sys.modules[name] = orig
+# Helper request stub used in tests
+class DummyRequest:
+    def __init__(self, headers=None, method='POST', json_data=None, raise_on_get_json=False):
+        self.headers = headers or {}
+        self.method = method
+        self._json_data = json_data
+        self._raise = raise_on_get_json
+    def get_json(self, silent=False):
+        if self._raise:
+            raise Exception('Malformed JSON')
+        return self._json_data
+def _parse_response(resp):
+    data = resp.get_data(as_text=True)
+    return json.loads(data)
+# -----------------------------
+# Tests
+# -----------------------------
+def test_verify_firebase_token_failure_returns_401():
+    req = DummyRequest(headers={_openai.AUTH_HEADER_NAME: 'ok'}, method='POST')
+    with patch.object(_openai, 'verify_firebase_token', side_effect=Exception('invalid token')):
+        resp = _openai._openai_proxy(req)
+    assert resp.status_code == 401
+    payload = _parse_response(resp)
+    assert payload['success'] is False
+    assert 'Unauthorized' in payload['payload']
+def test_missing_auth_header_returns_401():
+    # no app auth header
+    req = DummyRequest(headers={}, method='POST', json_data={'call_type': 'create', 'call_params': {}})
+    with patch.object(_openai, 'validate_auth_key', return_value=True), patch.object(_openai, 'verify_firebase_token', return_value={}):
+        resp = _openai._openai_proxy(req)
+    assert resp.status_code == 401
+    payload = _parse_response(resp)
+    assert payload['success'] is False
+    assert 'Missing app authentication key' in payload['payload']
+def test_invalid_auth_key_returns_403():
+    headers = {_openai.AUTH_HEADER_NAME: 'bad'}
+    req = DummyRequest(headers=headers, method='POST', json_data={'call_type': 'create', 'call_params': {}})
+    with patch.object(_openai, 'validate_auth_key', return_value=False), patch.object(_openai, 'verify_firebase_token', return_value={}):
+        resp = _openai._openai_proxy(req)
+    assert resp.status_code == 403
+    payload = _parse_response(resp)
+    assert payload['success'] is False
+    assert 'Invalid app authentication key' in payload['payload']
+def test_non_post_method_returns_405():
+    headers = {_openai.AUTH_HEADER_NAME: 'ok'}
+    req = DummyRequest(headers=headers, method='GET')
+    with patch.object(_openai, 'validate_auth_key', return_value=True), patch.object(_openai, 'verify_firebase_token', return_value={}):
+        resp = _openai._openai_proxy(req)
+    assert resp.status_code == 405
+    payload = _parse_response(resp)
+    assert payload['success'] is False
+    assert 'POST method required' in payload['payload']
+def test_malformed_json_returns_400():
+    headers = {_openai.AUTH_HEADER_NAME: 'ok'}
+    req = DummyRequest(headers=headers, method='POST', raise_on_get_json=True)
+    with patch.object(_openai, 'validate_auth_key', return_value=True), patch.object(_openai, 'verify_firebase_token', return_value={}):
+        resp = _openai._openai_proxy(req)
+    assert resp.status_code == 400
+    payload = _parse_response(resp)
+    assert payload['success'] is False
+    assert 'Invalid JSON payload' in payload['payload']
+def test_missing_or_invalid_call_type_or_call_params_returns_400():
+    headers = {_openai.AUTH_HEADER_NAME: 'ok'}
+    req = DummyRequest(headers=headers, method='POST', json_data={'call_type': None, 'call_params': {}})
+    with patch.object(_openai, 'validate_auth_key', return_value=True), patch.object(_openai, 'verify_firebase_token', return_value={}):
+        resp = _openai._openai_proxy(req)
+    assert resp.status_code == 400
+    payload = _parse_response(resp)
+    assert payload['success'] is False
+    assert 'Missing or invalid required fields' in payload['payload']
+def test_invalid_call_type_returns_400():
+    headers = {_openai.AUTH_HEADER_NAME: 'ok'}
+    req = DummyRequest(headers=headers, method='POST', json_data={'call_type': 'bad', 'call_params': {}})
+    with patch.object(_openai, 'validate_auth_key', return_value=True), patch.object(_openai, 'verify_firebase_token', return_value={}):
+        resp = _openai._openai_proxy(req)
+    assert resp.status_code == 400
+    payload = _parse_response(resp)
+    assert payload['success'] is False
+    assert "Invalid 'call_type'" in payload['payload']
+def test_get_api_key_failure_returns_500():
+    headers = {_openai.AUTH_HEADER_NAME: 'ok'}
+    req = DummyRequest(headers=headers, method='POST', json_data={'call_type': 'create', 'call_params': {'model': 'm', 'input': 'hi'}})
+    with patch.object(_openai, 'validate_auth_key', return_value=True), \
+         patch.object(_openai, 'verify_firebase_token', return_value={}), \
+         patch.object(_openai, 'get_api_key', side_effect=Exception('boom')):
+        resp = _openai._openai_proxy(req)
+    assert resp.status_code == 500
+    payload = _parse_response(resp)
+    assert payload['success'] is False
+    assert 'Could not retrieve API key' in payload['payload']
+def test_parse_missing_input_or_text_format_returns_400():
+    headers = {_openai.AUTH_HEADER_NAME: 'ok'}
+    # missing 'text_format' to trigger the parse validation
+    req = DummyRequest(headers=headers, method='POST', json_data={'call_type': 'parse', 'call_params': {'model': 'm', 'input': 'hi'}})
+    class NoopOpenAI:
+        def __init__(self, api_key=None, timeout=None):
+            self.api_key = api_key
+            self.timeout = timeout
+            self.responses = self
+        def parse(self, **p):
+            return None
+        def create(self, **p):
+            return None
+    with patch.object(_openai, 'validate_auth_key', return_value=True), \
+         patch.object(_openai, 'verify_firebase_token', return_value={}), \
+         patch.object(_openai, 'get_api_key', return_value='KEY'), \
+         patch.object(_openai.openai, 'OpenAI', NoopOpenAI):
+        resp = _openai._openai_proxy(req)
+    assert resp.status_code == 400
+    payload = _parse_response(resp)
+    assert payload['success'] is False
+    assert "Missing 'input' or 'text_format' for parse call" in payload['payload']
+def test_create_missing_input_returns_400():
+    headers = {_openai.AUTH_HEADER_NAME: 'ok'}
+    req = DummyRequest(headers=headers, method='POST', json_data={'call_type': 'create', 'call_params': {'model': 'm'}})
+    class NoopOpenAI:
+        def __init__(self, api_key=None, timeout=None):
+            self.api_key = api_key
+            self.timeout = timeout
+            self.responses = self
+        def parse(self, **p):
+            return None
+        def create(self, **p):
+            return None
+    with patch.object(_openai, 'validate_auth_key', return_value=True), \
+         patch.object(_openai, 'verify_firebase_token', return_value={}), \
+         patch.object(_openai, 'get_api_key', return_value='KEY'), \
+         patch.object(_openai.openai, 'OpenAI', NoopOpenAI):
+        resp = _openai._openai_proxy(req)
+    assert resp.status_code == 400
+    payload = _parse_response(resp)
+    assert payload['success'] is False
+    assert "Missing 'input' for create call" in payload['payload']
+def test_successful_create_calls_openai_and_returns_payload():
+    headers = {_openai.AUTH_HEADER_NAME: 'ok'}
+    req_payload = {'call_type': 'create', 'call_params': {'model': 'gem-model', 'input': 'hello'}}
+    req = DummyRequest(headers=headers, method='POST', json_data=req_payload)
+    class FakeClient:
+        def __init__(self, api_key, timeout=None):
+            self.api_key = api_key
+            self.timeout = timeout
+            self.responses = self
+        def create(self, **params):
+            class FakeResp:
+                def model_dump(self_inner, mode='json'):
+                    return {'result': 'ok', 'received_model': params.get('model')}
+            return FakeResp()
+    with patch.object(_openai, 'validate_auth_key', return_value=True), \
+         patch.object(_openai, 'verify_firebase_token', return_value={}), \
+         patch.object(_openai, 'get_api_key', return_value='OPENAI-KEY'), \
+         patch.object(_openai.openai, 'OpenAI', FakeClient):
+        resp = _openai._openai_proxy(req)
+    assert resp.status_code == 200
+    payload = _parse_response(resp)
+    assert payload['success'] is True
+    assert isinstance(payload['payload'], dict)
+    assert payload['payload']['result'] == 'ok'
+    assert payload['payload']['received_model'] == 'gem-model'
+def test_successful_parse_calls_openai_and_returns_parsed_and_usage():
+    headers = {_openai.AUTH_HEADER_NAME: 'ok'}
+    req_payload = {'call_type': 'parse', 'call_params': {'model': 'gem-model', 'input': 'hello', 'text_format': 'FileSummaryModel'}}
+    req = DummyRequest(headers=headers, method='POST', json_data=req_payload)
+    class FakeClient2:
+        def __init__(self, api_key, timeout=None):
+            self.api_key = api_key
+            self.timeout = timeout
+            self.responses = self
+        def parse(self, **params):
+            class FakeOutputParsed:
+                def __init__(self, data):
+                    self._data = data
+                def dict(self):
+                    return self._data
+            class FakeResp:
+                def __init__(self, data, usage):
+                    self.output_parsed = FakeOutputParsed(data)
+                    self._usage = usage
+                def model_dump(self_inner, mode='json'):
+                    return {'usage': self_inner._usage}
+            # detect whether text_format was left as a string
+            is_text_format_string = isinstance(params.get('text_format'), str)
+            parsed = {'result': 'ok', 'received_model': params.get('model'), 'is_text_format_string': is_text_format_string}
+            usage = {'prompt_tokens': 5}
+            return FakeResp(parsed, usage)
+    with patch.object(_openai, 'validate_auth_key', return_value=True), \
+         patch.object(_openai, 'verify_firebase_token', return_value={}), \
+         patch.object(_openai, 'get_api_key', return_value='OPENAI-KEY'), \
+         patch.object(_openai.openai, 'OpenAI', FakeClient2):
+        resp = _openai._openai_proxy(req)
+    assert resp.status_code == 200
+    payload = _parse_response(resp)
+    assert payload['success'] is True
+    assert payload['payload']['output_parsed']['result'] == 'ok'
+    assert payload['payload']['output_parsed']['received_model'] == 'gem-model'
+    # The proxy should have replaced the text_format string with the model (i.e., not a string)
+    assert payload['payload']['output_parsed']['is_text_format_string'] is False
+    assert payload['payload']['usage'] == {'prompt_tokens': 5}
+def test_openai_api_error_with_status_code_is_returned_as_error_status():
+    headers = {_openai.AUTH_HEADER_NAME: 'ok'}
+    req_payload = {'call_type': 'create', 'call_params': {'model': 'g', 'input': 'hey'}}
+    req = DummyRequest(headers=headers, method='POST', json_data=req_payload)
+    # Use the module's openai.APIError so the proxy's except block catches it
+    err = _openai.openai.APIError('rate limited')
+    err.status_code = 502
+    class ErrClient:
+        def __init__(self, api_key=None, timeout=None):
+            self.api_key = api_key
+            self.timeout = timeout
+            self.responses = self
+        def create(self, **params):
+            raise err
+    with patch.object(_openai, 'validate_auth_key', return_value=True), \
+         patch.object(_openai, 'verify_firebase_token', return_value={}), \
+         patch.object(_openai, 'get_api_key', return_value='OPENAI-KEY'), \
+         patch.object(_openai.openai, 'OpenAI', ErrClient):
+        resp = _openai._openai_proxy(req)
+    assert resp.status_code == 502
+    payload = _parse_response(resp)
+    assert payload['success'] is False
+    assert 'OpenAI API Error' in payload['payload']

tests/functions/api_v0_01/test__redeem_credit_code.py ADDED Viewed

@@ -0,0 +1,167 @@
+import os
+import sys
+import json
+import types
+import importlib
+from unittest.mock import patch
+# Ensure the functions/ directory is importable as a top-level module location
+PROJECT_ROOT = os.path.abspath(os.path.join(os.path.dirname(__file__), '..', '..'))
+FUNCTIONS_DIR = os.path.join(PROJECT_ROOT, 'functions')
+if FUNCTIONS_DIR not in sys.path:
+    sys.path.insert(0, FUNCTIONS_DIR)
+# -----------------------------
+# Provide lightweight fake modules to satisfy imports inside _redeem_credit_code
+# These are minimal and will be patched in individual tests as needed.
+# -----------------------------
+# Save original sys.modules entries so we can restore them after importing the module under test
+_orig_sys_modules = {}
+_names_to_fake = ['firebase_functions', 'utils', 'auth', 'firebase_admin']
+for name in _names_to_fake:
+    _orig_sys_modules[name] = sys.modules.get(name)
+# Fake firebase_functions.https_fn.Response to capture returned data
+firebase_functions = types.ModuleType('firebase_functions')
+class FakeResponse:
+    def __init__(self, response=None, mimetype=None, status=200, **kwargs):
+        # Mirror the small subset of the interface tests expect
+        self.status_code = status
+        if isinstance(response, (dict, list)):
+            self._body_text = json.dumps(response)
+        else:
+            self._body_text = '' if response is None else response
+        self.headers = kwargs.get('headers', {})
+    def get_data(self, as_text=False):
+        if as_text:
+            return self._body_text
+        return self._body_text.encode('utf-8')
+firebase_functions.https_fn = types.SimpleNamespace(Request=object, Response=FakeResponse)
+sys.modules['firebase_functions'] = firebase_functions
+# Fake utils module (verify_firebase_token, create_json_response)
+utils_mod = types.ModuleType('utils')
+def _dummy_verify_firebase_token(req: object) -> dict:
+    # Default behavior: return a decoded token with a uid
+    return {'uid': 'test_user'}
+def _create_json_response(success: bool, payload=None, status_code: int = 200):
+    # Normalize payload to include a message field
+    if isinstance(payload, dict):
+        message = payload.get('message', '')
+        data = {'success': success, 'message': message}
+        # include rest of payload under 'payload' to mirror production structure
+        data['payload'] = payload
+    else:
+        message = payload if payload is not None else ''
+        data = {'success': success, 'message': message}
+    # Use the fake firebase_functions response object
+    return firebase_functions.https_fn.Response(response=data, status=status_code)
+utils_mod.verify_firebase_token = _dummy_verify_firebase_token
+utils_mod.create_json_response = _create_json_response
+sys.modules['utils'] = utils_mod
+# Fake auth module (validate_auth_key will be patched per-test as needed)
+auth_mod = types.ModuleType('auth')
+def _simple_validate_auth_key(val: str) -> bool:
+    return bool(val)
+auth_mod.validate_auth_key = _simple_validate_auth_key
+sys.modules['auth'] = auth_mod
+# Fake firebase_admin to prevent importing the real package during tests
+firebase_admin = types.ModuleType('firebase_admin')
+# Minimal fake firestore object with attributes referenced by the function
+fake_firestore = types.SimpleNamespace(
+    client=lambda: None,
+    transactional=lambda f: f,
+    SERVER_TIMESTAMP=None
+)
+firebase_admin.firestore = fake_firestore
+sys.modules['firebase_admin'] = firebase_admin
+# -----------------------------
+# Import the module under test after preparing the fake imports
+# -----------------------------
+repo_root = os.path.abspath(os.path.join(os.path.dirname(__file__), '..', '..', '..'))
+functions_root = os.path.join(repo_root, 'functions')
+module_path = os.path.join(functions_root, 'api_v0_01', '_redeem_credit_code.py')
+spec = importlib.util.spec_from_file_location('api_v0_01._redeem_credit_code', module_path)
+_redeem = importlib.util.module_from_spec(spec)
+spec.loader.exec_module(_redeem)
+# Restore original sys.modules mappings to avoid side-effects for other tests
+for name, orig in _orig_sys_modules.items():
+    if orig is None:
+        try:
+            del sys.modules[name]
+        except KeyError:
+            pass
+    else:
+        sys.modules[name] = orig
+# Simple helper request stub used in the tests
+class DummyRequest:
+    def __init__(self, headers=None, method='POST', json_data=None, raise_on_get_json=False):
+        self.headers = headers or {}
+        self.method = method
+        self._json_data = json_data
+        self._raise = raise_on_get_json
+    def get_json(self, silent=True):
+        if self._raise:
+            raise Exception('Malformed JSON')
+        return self._json_data
+def _parse_response(resp):
+    data = resp.get_data(as_text=True)
+    return json.loads(data)
+# -----------------------------
+# Tests
+# -----------------------------
+def test_missing_auth_header_returns_401():
+    req = DummyRequest(headers={}, method='POST')
+    # Ensure verify_firebase_token is not called when header is missing
+    with patch.object(_redeem, 'verify_firebase_token', side_effect=Exception('Should not be called')):
+        resp = _redeem._redeem_credit_code(req)
+    assert resp.status_code == 401
+    payload = _parse_response(resp)
+    assert payload['success'] is False
+    assert 'Missing authentication key' in payload['message']
+def test_invalid_auth_key_returns_403():
+    headers = {_redeem.AUTH_HEADER_NAME: 'bad-token'}
+    req = DummyRequest(headers=headers, method='POST')
+    with patch.object(_redeem, 'validate_auth_key', return_value=False):
+        resp = _redeem._redeem_credit_code(req)
+    assert resp.status_code == 403
+    payload = _parse_response(resp)
+    assert payload['success'] is False
+    assert 'Invalid authentication key' in payload['message']
+def test_valid_auth_key_passes_and_proceeds():
+    headers = {_redeem.AUTH_HEADER_NAME: 'ok'}
+    # Provide an empty JSON payload to trigger the existing JSON validation path
+    req = DummyRequest(headers=headers, method='POST', json_data={})
+    with patch.object(_redeem, 'validate_auth_key', return_value=True):
+        resp = _redeem._redeem_credit_code(req)
+    assert resp.status_code == 400
+    payload = _parse_response(resp)
+    assert payload['success'] is False
+    assert 'Invalid or missing JSON payload' in payload['message']