mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-06-12 08:51:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 14
hermes-agent/tests/hermes_cli/test_secrets_bitwarden_non_tty.py
Teknium 89040e0db3
fix(secrets): fail early with clear error when bitwarden setup runs without TTY (#40571) 
Salvaged from #40280; cleaned up, re-verified against main, tests added.

Co-authored-by: liuhao1024 <liuhao1024@users.noreply.github.com>
2026-06-06 18:36:40 -07:00

159 lines
6.5 KiB
Python
Raw Blame History

"""Regression tests for hermes secrets bitwarden setup non-TTY guard.
Issue #40274: cmd_setup() crashes with EOFError when stdin is not a TTY
because getpass.getpass() and console.input() require an interactive terminal.
"""
from __future__ import annotations
import argparse
from unittest.mock import patch
import pytest
class TestCmdSetupNonTtyGuard:
"""cmd_setup should fail early with a clear error in non-TTY environments."""
@staticmethod
def _make_args(**overrides):
ns = argparse.Namespace(
access_token=overrides.get("access_token", ""),
server_url=overrides.get("server_url", ""),
project_id=overrides.get("project_id", ""),
)
return ns
def test_missing_all_flags_returns_1(self, monkeypatch, capsys):
"""Non-TTY with no flags → exit 1 with missing flags listed."""
monkeypatch.setattr("sys.stdin.isatty", lambda: False)
monkeypatch.setattr(
"hermes_cli.secrets_cli.bw.find_bws", lambda install_if_missing=False: "/usr/bin/bws"
)
monkeypatch.setattr(
"hermes_cli.secrets_cli._bws_version", lambda _: "2.0.0"
)
from hermes_cli.secrets_cli import cmd_setup
result = cmd_setup(self._make_args())
assert result == 1
captured = capsys.readouterr()
assert "Non-interactive mode" in captured.out
assert "--access-token" in captured.out
assert "--server-url" in captured.out
assert "--project-id" in captured.out
def test_missing_access_token_only(self, monkeypatch, capsys):
"""Non-TTY with server-url and project-id but no token → reports --access-token."""
monkeypatch.setattr("sys.stdin.isatty", lambda: False)
monkeypatch.setattr(
"hermes_cli.secrets_cli.bw.find_bws", lambda install_if_missing=False: "/usr/bin/bws"
)
monkeypatch.setattr(
"hermes_cli.secrets_cli._bws_version", lambda _: "2.0.0"
)
from hermes_cli.secrets_cli import cmd_setup
result = cmd_setup(self._make_args(
server_url="https://vault.bitwarden.com",
project_id="aaaa-bbbb",
))
assert result == 1
captured = capsys.readouterr()
# The "Missing:" line should list --access-token only
assert "Missing:" in captured.out
assert "--access-token" in captured.out
# The usage example contains --server-url and --project-id, so check
# the missing line specifically: it should NOT list them as missing
missing_line = [l for l in captured.out.split("\n") if "Missing:" in l][0]
assert "--access-token" in missing_line
assert "--server-url" not in missing_line
assert "--project-id" not in missing_line
def test_missing_server_url_with_env_var_passes(self, monkeypatch):
"""Non-TTY with BWS_SERVER_URL env set → server-url not required."""
monkeypatch.setattr("sys.stdin.isatty", lambda: False)
monkeypatch.setenv("BWS_SERVER_URL", "https://vault.bitwarden.com")
monkeypatch.setattr(
"hermes_cli.secrets_cli.bw.find_bws", lambda install_if_missing=False: "/usr/bin/bws"
)
monkeypatch.setattr(
"hermes_cli.secrets_cli._bws_version", lambda _: "2.0.0"
)
monkeypatch.setattr("hermes_cli.secrets_cli.load_config", lambda: {})
monkeypatch.setattr("hermes_cli.secrets_cli.save_env_value", lambda *a: None)
monkeypatch.setattr("hermes_cli.secrets_cli.get_env_path", lambda: "/tmp/.env")
monkeypatch.setattr(
"hermes_cli.secrets_cli.bw.fetch_bitwarden_secrets",
lambda **kw: ({"KEY": "val"}, []),
)
from hermes_cli.secrets_cli import cmd_setup
result = cmd_setup(self._make_args(
access_token="0.valid-token",
project_id="aaaa-bbbb",
))
assert result == 0
def test_all_flags_provided_passes_guard(self, monkeypatch):
"""Non-TTY with all three flags → guard passes, proceeds to setup."""
monkeypatch.setattr("sys.stdin.isatty", lambda: False)
monkeypatch.setattr(
"hermes_cli.secrets_cli.bw.find_bws", lambda install_if_missing=False: "/usr/bin/bws"
)
monkeypatch.setattr(
"hermes_cli.secrets_cli._bws_version", lambda _: "2.0.0"
)
monkeypatch.setattr("hermes_cli.secrets_cli.load_config", lambda: {})
monkeypatch.setattr("hermes_cli.secrets_cli.save_env_value", lambda *a: None)
monkeypatch.setattr("hermes_cli.secrets_cli.get_env_path", lambda: "/tmp/.env")
monkeypatch.setattr(
"hermes_cli.secrets_cli.bw.fetch_bitwarden_secrets",
lambda **kw: ({"KEY": "val"}, []),
)
from hermes_cli.secrets_cli import cmd_setup
result = cmd_setup(self._make_args(
access_token="0.valid-token",
server_url="https://vault.bitwarden.com",
project_id="aaaa-bbbb",
))
assert result == 0
def test_tty_does_not_trigger_guard(self, monkeypatch):
"""With TTY, the guard should not trigger (interactive mode allowed)."""
monkeypatch.setattr("sys.stdin.isatty", lambda: True)
monkeypatch.setattr(
"hermes_cli.secrets_cli.bw.find_bws", lambda install_if_missing=False: "/usr/bin/bws"
)
monkeypatch.setattr(
"hermes_cli.secrets_cli._bws_version", lambda _: "2.0.0"
)
monkeypatch.setattr(
"hermes_cli.secrets_cli.masked_secret_prompt", lambda prompt: "0.valid-token"
)
monkeypatch.setattr("hermes_cli.secrets_cli.load_config", lambda: {})
monkeypatch.setattr("hermes_cli.secrets_cli.save_env_value", lambda *a: None)
monkeypatch.setattr("hermes_cli.secrets_cli.get_env_path", lambda: "/tmp/.env")
monkeypatch.setattr(
"hermes_cli.secrets_cli._resolve_server_url",
lambda *a: "https://vault.bitwarden.com",
)
# Provide project_id directly to avoid interactive project prompt
monkeypatch.setattr(
"hermes_cli.secrets_cli.bw.fetch_bitwarden_secrets",
lambda **kw: ({"KEY": "val"}, []),
)
from hermes_cli.secrets_cli import cmd_setup
# With TTY + all flags → should complete without hitting guard
result = cmd_setup(self._make_args(
access_token="0.valid-token",
server_url="https://vault.bitwarden.com",
project_id="aaaa-bbbb",
))
assert result == 0
Reference in a new issue View git blame Copy permalink