PyPI - wafer-cli - Versions diffs - 0.2.49__tar.gz → 0.2.51__tar.gz - Mend

wafer-cli 0.2.49tar.gz → 0.2.51tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (121) hide show

{wafer_cli-0.2.49 → wafer_cli-0.2.51}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: wafer-cli
-Version: 0.2.49
+Version: 0.2.51
 Summary: CLI for running GPU workloads, managing remote workspaces, and evaluating/optimizing kernels
 Requires-Python: >=3.11
 Description-Content-Type: text/markdown

{wafer_cli-0.2.49 → wafer_cli-0.2.51}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [project]
 name = "wafer-cli"
-version = "0.2.49"
+version = "0.2.51"
 description = "CLI for running GPU workloads, managing remote workspaces, and evaluating/optimizing kernels"
 readme = "README.md"
 requires-python = ">=3.11"
@@ -37,7 +37,7 @@ where = ["."]
 include = ["wafer*"]
 [tool.setuptools.package-data]
-wafer = ["GUIDE.md", "skills/*/SKILL.md"]
+wafer = ["GUIDE.md", "skills/*/SKILL.md", "corpora/**/*.md"]
 [tool.ruff]
 line-length = 100

wafer_cli-0.2.51/tests/test_auth.py ADDED Viewed

@@ -0,0 +1,311 @@
+"""Tests for authentication and credential management.
+Tests the auth module's local JWT exp check, token refresh, and
+network error handling.
+Run with: PYTHONPATH=. uv run pytest tests/test_auth.py -v
+"""
+import base64
+import json
+import time
+from unittest.mock import MagicMock, patch
+import httpx
+import pytest
+def _make_jwt(exp: float, extra: dict | None = None) -> str:
+    """Build a fake JWT with the given exp claim.
+    The token has no valid signature — we only need the payload section
+    for _token_expired() to decode.
+    """
+    header = base64.urlsafe_b64encode(json.dumps({"alg": "HS256"}).encode()).rstrip(b"=")
+    payload_dict = {"exp": exp, "sub": "user_123"}
+    if extra:
+        payload_dict.update(extra)
+    payload = base64.urlsafe_b64encode(json.dumps(payload_dict).encode()).rstrip(b"=")
+    signature = base64.urlsafe_b64encode(b"fakesig").rstrip(b"=")
+    return f"{header.decode()}.{payload.decode()}.{signature.decode()}"
+# =============================================================================
+# Unit Tests for _token_expired (pure function, no mocks needed)
+# =============================================================================
+class TestTokenExpired:
+    """Test local JWT exp claim checking."""
+    def test_valid_token_not_expired(self) -> None:
+        """Token with exp far in the future is not expired."""
+        from wafer.auth import _token_expired
+        token = _make_jwt(exp=time.time() + 3600)
+        assert _token_expired(token) is False
+    def test_expired_token(self) -> None:
+        """Token with exp in the past is expired."""
+        from wafer.auth import _token_expired
+        token = _make_jwt(exp=time.time() - 60)
+        assert _token_expired(token) is True
+    def test_token_within_margin_is_expired(self) -> None:
+        """Token expiring within the margin (30s) is treated as expired."""
+        from wafer.auth import _EXPIRY_MARGIN_SECONDS, _token_expired
+        token = _make_jwt(exp=time.time() + _EXPIRY_MARGIN_SECONDS - 1)
+        assert _token_expired(token) is True
+    def test_token_just_outside_margin_is_valid(self) -> None:
+        """Token expiring just beyond the margin is still valid."""
+        from wafer.auth import _EXPIRY_MARGIN_SECONDS, _token_expired
+        token = _make_jwt(exp=time.time() + _EXPIRY_MARGIN_SECONDS + 10)
+        assert _token_expired(token) is False
+    def test_garbage_token_is_expired(self) -> None:
+        """Unparseable token is treated as expired (fail closed)."""
+        from wafer.auth import _token_expired
+        assert _token_expired("not-a-jwt") is True
+    def test_missing_exp_claim_is_expired(self) -> None:
+        """Token without exp claim is treated as expired."""
+        from wafer.auth import _token_expired
+        header = base64.urlsafe_b64encode(json.dumps({"alg": "HS256"}).encode()).rstrip(b"=")
+        payload = base64.urlsafe_b64encode(json.dumps({"sub": "user_123"}).encode()).rstrip(b"=")
+        sig = base64.urlsafe_b64encode(b"fakesig").rstrip(b"=")
+        token = f"{header.decode()}.{payload.decode()}.{sig.decode()}"
+        assert _token_expired(token) is True
+    def test_empty_string_is_expired(self) -> None:
+        """Empty string is treated as expired."""
+        from wafer.auth import _token_expired
+        assert _token_expired("") is True
+# =============================================================================
+# Unit Tests for get_valid_token
+# =============================================================================
+class TestGetValidToken:
+    """Test that get_valid_token uses local exp check and handles refresh."""
+    def test_returns_token_when_not_expired(self) -> None:
+        """get_valid_token returns token directly when exp is in the future."""
+        from wafer.auth import Credentials, get_valid_token
+        valid_token = _make_jwt(exp=time.time() + 3600)
+        mock_creds = Credentials(
+            access_token=valid_token,
+            refresh_token="test_refresh",
+            email="test@example.com",
+        )
+        with patch("wafer.auth.load_credentials", return_value=mock_creds):
+            result = get_valid_token()
+        assert result == valid_token
+    def test_returns_none_when_no_credentials(self) -> None:
+        """get_valid_token returns None when no credentials are stored."""
+        from wafer.auth import get_valid_token
+        with patch("wafer.auth.load_credentials", return_value=None):
+            result = get_valid_token()
+        assert result is None
+    def test_refreshes_expired_token(self) -> None:
+        """get_valid_token refreshes and returns new token when expired."""
+        from wafer.auth import Credentials, get_valid_token
+        expired_token = _make_jwt(exp=time.time() - 60)
+        new_token = _make_jwt(exp=time.time() + 3600)
+        mock_creds = Credentials(
+            access_token=expired_token,
+            refresh_token="test_refresh",
+            email="test@example.com",
+        )
+        with patch("wafer.auth.load_credentials", return_value=mock_creds):
+            with patch("wafer.auth.refresh_access_token", return_value=(new_token, "new_refresh")):
+                with patch("wafer.auth.save_credentials") as mock_save:
+                    result = get_valid_token()
+        assert result == new_token
+        mock_save.assert_called_once_with(new_token, "new_refresh", "test@example.com")
+    def test_returns_none_when_expired_and_no_refresh_token(self) -> None:
+        """get_valid_token returns None when expired with no refresh token."""
+        from wafer.auth import Credentials, get_valid_token
+        expired_token = _make_jwt(exp=time.time() - 60)
+        mock_creds = Credentials(
+            access_token=expired_token,
+            refresh_token=None,
+            email="test@example.com",
+        )
+        with patch("wafer.auth.load_credentials", return_value=mock_creds):
+            result = get_valid_token()
+        assert result is None
+    def test_returns_none_when_refresh_http_error(self) -> None:
+        """get_valid_token returns None when refresh gets HTTP error."""
+        from wafer.auth import Credentials, get_valid_token
+        expired_token = _make_jwt(exp=time.time() - 60)
+        mock_creds = Credentials(
+            access_token=expired_token,
+            refresh_token="test_refresh",
+            email="test@example.com",
+        )
+        mock_response = MagicMock()
+        mock_response.status_code = 401
+        http_error = httpx.HTTPStatusError("401", request=MagicMock(), response=mock_response)
+        with patch("wafer.auth.load_credentials", return_value=mock_creds):
+            with patch("wafer.auth.refresh_access_token", side_effect=http_error):
+                result = get_valid_token()
+        assert result is None
+    def test_returns_none_when_refresh_network_error(self) -> None:
+        """get_valid_token returns None when refresh has network error."""
+        from wafer.auth import Credentials, get_valid_token
+        expired_token = _make_jwt(exp=time.time() - 60)
+        mock_creds = Credentials(
+            access_token=expired_token,
+            refresh_token="test_refresh",
+            email="test@example.com",
+        )
+        with patch("wafer.auth.load_credentials", return_value=mock_creds):
+            with patch("wafer.auth.refresh_access_token", side_effect=httpx.ReadTimeout("timeout")):
+                result = get_valid_token()
+        assert result is None
+    def test_no_network_call_when_token_valid(self) -> None:
+        """get_valid_token makes NO network calls when token is not expired.
+        This is the core fix: the old code called verify_token() (network)
+        on every invocation. The new code only checks the JWT exp claim locally.
+        """
+        from wafer.auth import Credentials, get_valid_token
+        valid_token = _make_jwt(exp=time.time() + 3600)
+        mock_creds = Credentials(
+            access_token=valid_token,
+            refresh_token="test_refresh",
+            email="test@example.com",
+        )
+        with patch("wafer.auth.load_credentials", return_value=mock_creds):
+            with patch("wafer.auth.verify_token") as mock_verify:
+                with patch("wafer.auth.refresh_access_token") as mock_refresh:
+                    result = get_valid_token()
+        assert result == valid_token
+        mock_verify.assert_not_called()
+        mock_refresh.assert_not_called()
+# =============================================================================
+# Unit Tests for get_auth_headers
+# =============================================================================
+class TestGetAuthHeaders:
+    """Test get_auth_headers returns correct headers based on token validity."""
+    def test_returns_bearer_token_when_valid(self) -> None:
+        """get_auth_headers returns Bearer token when token is not expired."""
+        from wafer.auth import Credentials, get_auth_headers
+        valid_token = _make_jwt(exp=time.time() + 3600)
+        mock_creds = Credentials(
+            access_token=valid_token,
+            refresh_token="test_refresh",
+            email="test@example.com",
+        )
+        with patch("wafer.auth.load_credentials", return_value=mock_creds):
+            result = get_auth_headers()
+        assert result == {"Authorization": f"Bearer {valid_token}"}
+    def test_returns_empty_dict_when_expired_and_refresh_fails(self) -> None:
+        """get_auth_headers returns {} when token expired and refresh fails."""
+        from wafer.auth import Credentials, get_auth_headers
+        expired_token = _make_jwt(exp=time.time() - 60)
+        mock_creds = Credentials(
+            access_token=expired_token,
+            refresh_token="test_refresh",
+            email="test@example.com",
+        )
+        with patch("wafer.auth.load_credentials", return_value=mock_creds):
+            with patch("wafer.auth.refresh_access_token", side_effect=httpx.ReadTimeout("timeout")):
+                result = get_auth_headers()
+        assert result == {}
+    def test_returns_empty_dict_when_no_credentials(self) -> None:
+        """get_auth_headers returns {} when not logged in."""
+        from wafer.auth import get_auth_headers
+        with patch("wafer.auth.load_credentials", return_value=None):
+            result = get_auth_headers()
+        assert result == {}
+# =============================================================================
+# Unit Tests for verify_token (still exists for explicit verification)
+# =============================================================================
+class TestVerifyTokenRaisesOnNetworkError:
+    """Document that verify_token raises network errors (caller must handle)."""
+    def test_verify_token_raises_read_timeout(self) -> None:
+        """verify_token raises ReadTimeout when API times out."""
+        from wafer.auth import verify_token
+        with patch("wafer.auth.get_api_url", return_value="https://api.example.com"):
+            with patch("httpx.Client") as mock_client_class:
+                mock_client = MagicMock()
+                mock_client.__enter__ = MagicMock(return_value=mock_client)
+                mock_client.__exit__ = MagicMock(return_value=False)
+                mock_client.post.side_effect = httpx.ReadTimeout("timeout")
+                mock_client_class.return_value = mock_client
+                with pytest.raises(httpx.ReadTimeout):
+                    verify_token("test_token")
+    def test_verify_token_raises_connect_error(self) -> None:
+        """verify_token raises ConnectError when API is unreachable."""
+        from wafer.auth import verify_token
+        with patch("wafer.auth.get_api_url", return_value="https://api.example.com"):
+            with patch("httpx.Client") as mock_client_class:
+                mock_client = MagicMock()
+                mock_client.__enter__ = MagicMock(return_value=mock_client)
+                mock_client.__exit__ = MagicMock(return_value=False)
+                mock_client.post.side_effect = httpx.ConnectError("refused")
+                mock_client_class.return_value = mock_client
+                with pytest.raises(httpx.ConnectError):
+                    verify_token("test_token")

{wafer_cli-0.2.49 → wafer_cli-0.2.51}/tests/test_billing.py RENAMED Viewed

@@ -128,8 +128,8 @@ class TestFormatUsageText:
         assert "$20.00" in text  # topup
         assert "active" in text.lower()
-    def test_start_tier_shows_upgrade_prompt(self) -> None:
-        """Start tier should suggest upgrade."""
+    def test_start_tier_does_not_show_upgrade_prompt(self) -> None:
+        """Start tier should not suggest upgrade."""
         from wafer.billing import format_usage_text
         usage = {
@@ -145,8 +145,8 @@ class TestFormatUsageText:
         }
         text = format_usage_text(usage)
-        assert "Start" in text
-        assert "upgrade" in text.lower() or "portal" in text.lower()
+        assert "Hacker" in text
+        assert "upgrade" not in text.lower()
     def test_enterprise_tier_shows_unlimited(self) -> None:
         """Enterprise tier should show unlimited credits."""
@@ -394,7 +394,7 @@ class TestBillingTopupCommand:
         assert "500" in result.output  # Should mention maximum
     def test_start_tier_blocked(self) -> None:
-        """Start tier users should be blocked with upgrade message."""
+        """Start tier users should see a non-upgrade error message."""
         with patch("wafer.billing.get_auth_headers") as mock_auth:
             mock_auth.return_value = {"Authorization": "Bearer test"}
@@ -413,7 +413,8 @@ class TestBillingTopupCommand:
                     result = runner.invoke(app, ["billing", "topup"])
                     assert result.exit_code != 0
-                    assert "upgrade" in result.output.lower() or "portal" in result.output.lower()
+                    assert "upgrade" not in result.output.lower()
+                    assert "topup" in result.output.lower() or "top-up" in result.output.lower()
     def test_no_browser_flag(self) -> None:
         """--no-browser should print URL instead of opening browser."""

wafer-cli 0.2.49__tar.gz → 0.2.51__tar.gz

wafer-cli 0.2.49tar.gz → 0.2.51tar.gz