mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-05-30 06:41:51 +00:00
176 lines
6.8 KiB
Python
176 lines
6.8 KiB
Python
"""Tests for webhook adapter dynamic route loading."""
|
|
|
|
import json
|
|
import os
|
|
import pytest
|
|
from pathlib import Path
|
|
|
|
from gateway.config import PlatformConfig
|
|
from gateway.platforms.webhook import (
|
|
WebhookAdapter,
|
|
_DYNAMIC_ROUTES_FILENAME,
|
|
_INSECURE_NO_AUTH,
|
|
)
|
|
|
|
|
|
def _make_adapter(routes=None, extra=None):
|
|
_extra = extra or {}
|
|
if routes:
|
|
_extra["routes"] = routes
|
|
_extra.setdefault("secret", "test-global-secret")
|
|
config = PlatformConfig(enabled=True, extra=_extra)
|
|
return WebhookAdapter(config)
|
|
|
|
|
|
@pytest.fixture(autouse=True)
|
|
def _isolate(tmp_path, monkeypatch):
|
|
monkeypatch.setenv("HERMES_HOME", str(tmp_path))
|
|
|
|
|
|
class TestDynamicRouteLoading:
|
|
def test_no_dynamic_file(self):
|
|
adapter = _make_adapter(routes={"static": {"secret": "s"}})
|
|
adapter._reload_dynamic_routes()
|
|
assert "static" in adapter._routes
|
|
assert len(adapter._dynamic_routes) == 0
|
|
|
|
def test_loads_dynamic_routes(self, tmp_path):
|
|
subs = {"my-hook": {"secret": "dynamic-secret", "prompt": "test", "events": []}}
|
|
(tmp_path / _DYNAMIC_ROUTES_FILENAME).write_text(json.dumps(subs))
|
|
|
|
adapter = _make_adapter(routes={"static": {"secret": "s"}})
|
|
adapter._reload_dynamic_routes()
|
|
assert "my-hook" in adapter._routes
|
|
assert "static" in adapter._routes
|
|
|
|
def test_static_takes_precedence(self, tmp_path):
|
|
(tmp_path / _DYNAMIC_ROUTES_FILENAME).write_text(
|
|
json.dumps({"conflict": {"secret": "dynamic", "prompt": "dyn"}})
|
|
)
|
|
adapter = _make_adapter(routes={"conflict": {"secret": "static", "prompt": "stat"}})
|
|
adapter._reload_dynamic_routes()
|
|
assert adapter._routes["conflict"]["secret"] == "static"
|
|
|
|
def test_mtime_gated(self, tmp_path):
|
|
import time
|
|
path = tmp_path / _DYNAMIC_ROUTES_FILENAME
|
|
path.write_text(json.dumps({"v1": {"secret": "s"}}))
|
|
|
|
adapter = _make_adapter()
|
|
adapter._reload_dynamic_routes()
|
|
assert "v1" in adapter._dynamic_routes
|
|
|
|
# Same mtime — no reload
|
|
adapter._dynamic_routes["injected"] = True
|
|
adapter._reload_dynamic_routes()
|
|
assert "injected" in adapter._dynamic_routes
|
|
|
|
# New write — reloads
|
|
time.sleep(0.05)
|
|
path.write_text(json.dumps({"v2": {"secret": "s"}}))
|
|
adapter._reload_dynamic_routes()
|
|
assert "v2" in adapter._dynamic_routes
|
|
assert "v1" not in adapter._dynamic_routes
|
|
|
|
def test_file_removal_clears(self, tmp_path):
|
|
path = tmp_path / _DYNAMIC_ROUTES_FILENAME
|
|
path.write_text(json.dumps({"temp": {"secret": "s"}}))
|
|
adapter = _make_adapter()
|
|
adapter._reload_dynamic_routes()
|
|
assert "temp" in adapter._dynamic_routes
|
|
|
|
path.unlink()
|
|
adapter._reload_dynamic_routes()
|
|
assert len(adapter._dynamic_routes) == 0
|
|
|
|
def test_corrupted_file(self, tmp_path):
|
|
(tmp_path / _DYNAMIC_ROUTES_FILENAME).write_text("not json")
|
|
adapter = _make_adapter(routes={"static": {"secret": "s"}})
|
|
adapter._reload_dynamic_routes()
|
|
assert "static" in adapter._routes
|
|
assert len(adapter._dynamic_routes) == 0
|
|
|
|
|
|
class TestDynamicRouteSecretValidation:
|
|
"""Empty/missing secrets must be rejected during hot-reload.
|
|
|
|
Regression for HMAC bypass: prior to the fix, an agent-induced
|
|
dynamic route with `"secret": ""` would be merged into self._routes
|
|
by _reload_dynamic_routes(), then _handle_webhook's
|
|
`if secret and secret != _INSECURE_NO_AUTH` would skip signature
|
|
validation because empty string is falsy. Unauthenticated POSTs
|
|
would then execute the webhook prompt.
|
|
"""
|
|
|
|
def test_empty_secret_rejected(self, tmp_path):
|
|
# Explicit empty-string secret must NOT fall back to the global
|
|
# secret, and the route must be skipped entirely.
|
|
(tmp_path / _DYNAMIC_ROUTES_FILENAME).write_text(
|
|
json.dumps({"evil": {"secret": "", "prompt": "rm -rf"}})
|
|
)
|
|
adapter = _make_adapter() # has global secret
|
|
adapter._reload_dynamic_routes()
|
|
assert "evil" not in adapter._routes
|
|
assert "evil" not in adapter._dynamic_routes
|
|
|
|
def test_missing_secret_no_global_rejected(self, tmp_path):
|
|
(tmp_path / _DYNAMIC_ROUTES_FILENAME).write_text(
|
|
json.dumps({"orphan": {"prompt": "test"}})
|
|
)
|
|
# No global secret configured
|
|
adapter = _make_adapter(extra={"secret": ""})
|
|
adapter._reload_dynamic_routes()
|
|
assert "orphan" not in adapter._routes
|
|
assert "orphan" not in adapter._dynamic_routes
|
|
|
|
def test_missing_secret_inherits_global(self, tmp_path):
|
|
# No per-route secret but a global one is set → route is kept,
|
|
# the global secret protects it. Preserves existing fallback.
|
|
(tmp_path / _DYNAMIC_ROUTES_FILENAME).write_text(
|
|
json.dumps({"valid": {"prompt": "ok"}})
|
|
)
|
|
adapter = _make_adapter() # global secret set
|
|
adapter._reload_dynamic_routes()
|
|
assert "valid" in adapter._routes
|
|
|
|
def test_insecure_no_auth_preserved(self, tmp_path):
|
|
# Explicit opt-in escape hatch for local testing — must still load.
|
|
(tmp_path / _DYNAMIC_ROUTES_FILENAME).write_text(
|
|
json.dumps({"test": {"secret": _INSECURE_NO_AUTH, "prompt": "p"}})
|
|
)
|
|
adapter = _make_adapter(extra={"host": "127.0.0.1"})
|
|
adapter._reload_dynamic_routes()
|
|
assert "test" in adapter._routes
|
|
|
|
def test_insecure_no_auth_rejected_on_non_loopback_bind(self, tmp_path):
|
|
# Dynamic INSECURE_NO_AUTH routes are only valid on loopback hosts.
|
|
(tmp_path / _DYNAMIC_ROUTES_FILENAME).write_text(
|
|
json.dumps({"pub": {"secret": _INSECURE_NO_AUTH, "prompt": "p"}})
|
|
)
|
|
adapter = _make_adapter(extra={"host": "0.0.0.0"})
|
|
adapter._reload_dynamic_routes()
|
|
assert "pub" not in adapter._routes
|
|
assert "pub" not in adapter._dynamic_routes
|
|
|
|
def test_warning_logged_on_skip(self, tmp_path, caplog):
|
|
import logging
|
|
(tmp_path / _DYNAMIC_ROUTES_FILENAME).write_text(
|
|
json.dumps({"silent": {"secret": "", "prompt": "x"}})
|
|
)
|
|
adapter = _make_adapter()
|
|
with caplog.at_level(logging.WARNING, logger="gateway.platforms.webhook"):
|
|
adapter._reload_dynamic_routes()
|
|
assert any("silent" in rec.message for rec in caplog.records)
|
|
|
|
def test_partial_skip(self, tmp_path):
|
|
# One route bad, one route good — only the bad one is dropped.
|
|
(tmp_path / _DYNAMIC_ROUTES_FILENAME).write_text(
|
|
json.dumps({
|
|
"bad": {"secret": "", "prompt": "x"},
|
|
"good": {"secret": "valid-secret", "prompt": "y"},
|
|
})
|
|
)
|
|
adapter = _make_adapter()
|
|
adapter._reload_dynamic_routes()
|
|
assert "good" in adapter._routes
|
|
assert "bad" not in adapter._routes
|