mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-07-09 13:21:42 +00:00
Follow-up on the #56966 salvage: - is_provider_explicitly_configured(): an env-seeded credential-pool entry only counts as explicit while its env var still resolves to a usable secret. A stale auth.json entry left behind after the user deletes the var no longer keeps the provider in the picker forever (#55790). - TUI modelPicker + dashboard ModelPickerDialog/api.getModelOptions pass include_unconfigured=true explicitly, preserving their full-universe setup-affordance behavior now that the backend defaults to the configured subset. - desktop lib/model-options.ts routes explicit_only through the shared requestModelOptions() helper (added on main after the PR branched). - regression tests for ambient (gh_cli) pool sources, explicit manual/ device-code sources, and stale vs live env-seeded entries.
173 lines
6.4 KiB
Python
173 lines
6.4 KiB
Python
"""Tests for is_provider_explicitly_configured()."""
|
|
|
|
import json
|
|
import pytest
|
|
|
|
|
|
def _write_config(tmp_path, config: dict) -> None:
|
|
hermes_home = tmp_path / "hermes"
|
|
hermes_home.mkdir(parents=True, exist_ok=True)
|
|
import yaml
|
|
(hermes_home / "config.yaml").write_text(yaml.dump(config))
|
|
|
|
|
|
def _write_auth_store(tmp_path, payload: dict) -> None:
|
|
hermes_home = tmp_path / "hermes"
|
|
hermes_home.mkdir(parents=True, exist_ok=True)
|
|
(hermes_home / "auth.json").write_text(json.dumps(payload, indent=2))
|
|
|
|
|
|
@pytest.fixture(autouse=True)
|
|
def _clean_anthropic_env(monkeypatch):
|
|
"""Strip Anthropic env vars so CI secrets don't leak into tests."""
|
|
for key in ("ANTHROPIC_API_KEY", "ANTHROPIC_TOKEN", "CLAUDE_CODE_OAUTH_TOKEN"):
|
|
monkeypatch.delenv(key, raising=False)
|
|
|
|
|
|
def test_returns_false_when_no_config(tmp_path, monkeypatch):
|
|
monkeypatch.setenv("HERMES_HOME", str(tmp_path / "hermes"))
|
|
(tmp_path / "hermes").mkdir(parents=True, exist_ok=True)
|
|
|
|
from hermes_cli.auth import is_provider_explicitly_configured
|
|
assert is_provider_explicitly_configured("anthropic") is False
|
|
|
|
|
|
def test_returns_true_when_active_provider_matches(tmp_path, monkeypatch):
|
|
monkeypatch.setenv("HERMES_HOME", str(tmp_path / "hermes"))
|
|
_write_auth_store(tmp_path, {
|
|
"version": 1,
|
|
"providers": {},
|
|
"active_provider": "anthropic",
|
|
})
|
|
|
|
from hermes_cli.auth import is_provider_explicitly_configured
|
|
assert is_provider_explicitly_configured("anthropic") is True
|
|
|
|
|
|
def test_returns_true_when_config_provider_matches(tmp_path, monkeypatch):
|
|
monkeypatch.setenv("HERMES_HOME", str(tmp_path / "hermes"))
|
|
_write_config(tmp_path, {"model": {"provider": "anthropic", "default": "claude-sonnet-4-6"}})
|
|
|
|
from hermes_cli.auth import is_provider_explicitly_configured
|
|
assert is_provider_explicitly_configured("anthropic") is True
|
|
|
|
|
|
def test_returns_false_when_config_provider_is_different(tmp_path, monkeypatch):
|
|
monkeypatch.setenv("HERMES_HOME", str(tmp_path / "hermes"))
|
|
_write_config(tmp_path, {"model": {"provider": "kimi-coding", "default": "kimi-k2"}})
|
|
_write_auth_store(tmp_path, {
|
|
"version": 1,
|
|
"providers": {},
|
|
"active_provider": None,
|
|
})
|
|
|
|
from hermes_cli.auth import is_provider_explicitly_configured
|
|
assert is_provider_explicitly_configured("anthropic") is False
|
|
|
|
|
|
def test_returns_true_when_anthropic_env_var_set(tmp_path, monkeypatch):
|
|
monkeypatch.setenv("HERMES_HOME", str(tmp_path / "hermes"))
|
|
monkeypatch.setenv("ANTHROPIC_API_KEY", "sk-ant-api03-realkey")
|
|
(tmp_path / "hermes").mkdir(parents=True, exist_ok=True)
|
|
|
|
from hermes_cli.auth import is_provider_explicitly_configured
|
|
assert is_provider_explicitly_configured("anthropic") is True
|
|
|
|
|
|
def test_claude_code_oauth_token_does_not_count_as_explicit(tmp_path, monkeypatch):
|
|
"""CLAUDE_CODE_OAUTH_TOKEN is set by Claude Code, not the user — must not gate."""
|
|
monkeypatch.setenv("HERMES_HOME", str(tmp_path / "hermes"))
|
|
monkeypatch.setenv("CLAUDE_CODE_OAUTH_TOKEN", "sk-ant-oat01-auto-token")
|
|
(tmp_path / "hermes").mkdir(parents=True, exist_ok=True)
|
|
|
|
from hermes_cli.auth import is_provider_explicitly_configured
|
|
assert is_provider_explicitly_configured("anthropic") is False
|
|
|
|
|
|
def test_ambient_pool_source_does_not_count_as_explicit(tmp_path, monkeypatch):
|
|
"""gh_cli-seeded Copilot pool entries are ambient, not explicit config (#56974)."""
|
|
monkeypatch.setenv("HERMES_HOME", str(tmp_path / "hermes"))
|
|
monkeypatch.delenv("COPILOT_GITHUB_TOKEN", raising=False)
|
|
monkeypatch.delenv("GH_TOKEN", raising=False)
|
|
monkeypatch.delenv("GITHUB_TOKEN", raising=False)
|
|
_write_auth_store(tmp_path, {
|
|
"version": 1,
|
|
"providers": {},
|
|
"active_provider": None,
|
|
"credential_pool": {
|
|
"copilot": [{
|
|
"id": "abc123",
|
|
"source": "gh_cli",
|
|
"auth_type": "api_key",
|
|
"access_token": "ghu_sometoken",
|
|
}],
|
|
},
|
|
})
|
|
|
|
from hermes_cli.auth import is_provider_explicitly_configured
|
|
assert is_provider_explicitly_configured("copilot") is False
|
|
|
|
|
|
def test_explicit_pool_source_counts_as_explicit(tmp_path, monkeypatch):
|
|
"""manual / device_code / PKCE pool entries reflect explicit Hermes flows."""
|
|
monkeypatch.setenv("HERMES_HOME", str(tmp_path / "hermes"))
|
|
_write_auth_store(tmp_path, {
|
|
"version": 1,
|
|
"providers": {},
|
|
"active_provider": None,
|
|
"credential_pool": {
|
|
"anthropic": [{
|
|
"id": "def456",
|
|
"source": "manual:key-1",
|
|
"auth_type": "api_key",
|
|
"access_token": "sk-ant-api03-key",
|
|
}],
|
|
},
|
|
})
|
|
|
|
from hermes_cli.auth import is_provider_explicitly_configured
|
|
assert is_provider_explicitly_configured("anthropic") is True
|
|
|
|
|
|
def test_stale_env_pool_entry_does_not_count_when_var_unset(tmp_path, monkeypatch):
|
|
"""An env-seeded pool entry left in auth.json after the env var was removed
|
|
must not mark the provider configured (#55790): the picker showed removed
|
|
providers forever because the record existed even though no secret resolves."""
|
|
monkeypatch.setenv("HERMES_HOME", str(tmp_path / "hermes"))
|
|
monkeypatch.delenv("DEEPSEEK_API_KEY", raising=False)
|
|
_write_auth_store(tmp_path, {
|
|
"version": 1,
|
|
"providers": {},
|
|
"active_provider": None,
|
|
"credential_pool": {
|
|
"deepseek": [{
|
|
"id": "aaa111",
|
|
"source": "env:DEEPSEEK_API_KEY",
|
|
"auth_type": "api_key",
|
|
}],
|
|
},
|
|
})
|
|
|
|
from hermes_cli.auth import is_provider_explicitly_configured
|
|
assert is_provider_explicitly_configured("deepseek") is False
|
|
|
|
|
|
def test_env_pool_entry_counts_when_var_still_resolves(tmp_path, monkeypatch):
|
|
"""The same env-seeded pool entry IS explicit while the var still resolves."""
|
|
monkeypatch.setenv("HERMES_HOME", str(tmp_path / "hermes"))
|
|
monkeypatch.setenv("DEEPSEEK_API_KEY", "sk-deepseek-realkey-123456")
|
|
_write_auth_store(tmp_path, {
|
|
"version": 1,
|
|
"providers": {},
|
|
"active_provider": None,
|
|
"credential_pool": {
|
|
"deepseek": [{
|
|
"id": "aaa111",
|
|
"source": "env:DEEPSEEK_API_KEY",
|
|
"auth_type": "api_key",
|
|
}],
|
|
},
|
|
})
|
|
|
|
from hermes_cli.auth import is_provider_explicitly_configured
|
|
assert is_provider_explicitly_configured("deepseek") is True
|