MrSphay/odysseus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
319ba50a446dfc3a7c50e9c3181e03514b03e679
odysseus/tests
History
Mubashir R 319ba50a44 fix: validate client-supplied image _endpoint to prevent SSRF (gallery proxies) (#1718) 
POST /api/image/harmonize and POST /api/image/inpaint read an `_endpoint` from
the request body and issue server-side httpx POSTs to it with no validation. A
caller can set `_endpoint` to http://169.254.169.254/ (cloud instance metadata)
or any internal/loopback address the server can reach, turning these routes into
an SSRF primitive.

routes/embedding_routes.py already runs its user-supplied endpoint through
src.url_safety.check_outbound_url; these two routes were missing the same guard.
Validate `_endpoint` the same way before any outbound request: non-HTTP(S)
schemes and the link-local metadata range are always rejected, and
IMAGE_BLOCK_PRIVATE_IPS=true blocks private/loopback for full lockdown (the
local-first default still allows LAN diffusion servers).

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-03 13:34:17 +09:00
..
bombadil-spec.ts
Odysseus v1.0
2026-05-31 23:58:26 +09:00
conftest.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
markdown_codefence_placeholder_regression.mjs
fix(markdown): keep allowed-html placeholders out of fenced code (#1788)
2026-06-03 13:25:26 +09:00
test_action_intents.py
Route calendar action requests to tools
2026-06-01 14:32:41 +09:00
test_active_document_clear.py
fix: closed document stays active & leaks into new chats (#1160) (#1238)
2026-06-03 01:47:13 +09:00
test_admin_wipe_gallery.py
Admin: wipe gallery albums with images
2026-06-02 20:35:57 +09:00
test_agent_loop.py
fix(agent): extract web search sources from output key
2026-06-02 13:06:09 +09:00
test_amd_gpu_check_args.py
Parse all AMD GPU check args (#1586)
2026-06-03 08:56:48 +09:00
test_anthropic_response_parse.py
fix: Anthropic responses with multiple text blocks lose all but the first (#1255)
2026-06-03 00:57:20 +09:00
test_api_key_manager_corrupt_load.py
fix: APIKeyManager.load crashes app startup on a corrupt/wrong-shape api_keys.json (#1565)
2026-06-03 08:11:37 +09:00
test_api_key_manager_resilience.py
API keys: skip undecryptable entries on load
2026-06-02 20:28:26 +09:00
test_api_token_routes.py
tests: cover API token CRUD routes
2026-06-02 20:42:32 +09:00
test_app_static_mime.py
fix: normalize JS static MIME types on Windows
2026-06-02 01:32:00 +02:00
test_app.py
Fix fresh checkout test failures
2026-06-01 02:22:17 +00:00
test_auth_event_loop.py
Stabilize security regression tests
2026-06-02 05:48:59 +09:00
test_auth_regressions.py
Add tests for open-signup endpoint
2026-06-02 20:42:10 +09:00
test_auth_session_revocation.py
Stabilize auth session revocation tests
2026-06-02 06:02:49 +09:00
test_backup_cli_security.py
Reject backup output inside data dir (#1587)
2026-06-03 08:38:27 +09:00
test_backup_import_cross_user_dedup.py
fix: backup import drops a user's memory when its text matches another user's (#1743)
2026-06-03 13:29:14 +09:00
test_builtin_actions_nonstring.py
fix: builtin_actions heuristics crash on a truthy non-string input (#1639)
2026-06-03 08:59:16 +09:00
test_builtin_memory_consolidation.py
Scope memory consolidation by owner group
2026-06-02 12:40:28 +09:00
test_caldav_url_hardening.py
Harden CalDAV credentials and URLs (#1310)
2026-06-03 02:50:02 +09:00
test_caldav_url_nonstring.py
fix: validate_caldav_url crashes with TypeError on a non-string URL (#1608)
2026-06-03 08:35:16 +09:00
test_caldav_writeback_route.py
feat: CalDAV write-back — push local event create/update/delete to the remote (#800) (#1282)
2026-06-03 01:44:02 +09:00
test_caldav_writeback.py
Reject CalDAV writeback events without uid (#1582)
2026-06-03 08:57:15 +09:00
test_calendar_event_contrast.py
Improve calendar event text contrast (#1184)
2026-06-02 23:14:52 +09:00
test_calendar_owner_scope.py
tests: cover calendar route owner gates
2026-06-02 20:42:37 +09:00
test_calendar_recurrence.py
Fix YEARLY recurring CalDAV events only showing on DTSTART year (#179)
2026-06-01 13:42:44 +09:00
test_calendar_rrule.py
feat: document rrule in the manage_calendar tool schema (#1320) (#1324)
2026-06-03 02:37:45 +09:00
test_chat_attachment_picker.py
Chat attachments: allow picker to choose any file type
2026-06-02 20:55:30 +09:00
test_chat_cached_model_normalization.py
Chat: use cached endpoint model ids before probing
2026-06-02 21:00:58 +09:00
test_chat_image_routing.py
Chat: route image sessions only to matching image endpoints
2026-06-02 20:52:03 +09:00
test_chat_metrics.py
Chat metrics: surface backend generation speed
2026-06-02 20:52:08 +09:00
test_chat_stream_scope.py
Fix chat stream recovery and PDF library indexing (#468)
2026-06-01 22:33:35 +09:00
test_check_outbound_url_nonstring.py
fix: check_outbound_url crashes on a truthy non-string URL (#1623)
2026-06-03 08:59:49 +09:00
test_chroma_client.py
fix: ChromaDB unreachable blocks app startup for 30-60s (#326) (#476)
2026-06-01 22:22:41 +09:00
test_cleanup_owner_scope.py
tests: cover cleanup owner scope
2026-06-02 20:42:21 +09:00
test_companion_pairing.py
Companion: fix pairing admin guard import
2026-06-02 20:29:37 +09:00
test_companion_readonly.py
Tests: companion model JSON resilience
2026-06-02 13:15:22 +09:00
test_compare_js.py
Fix duplicate compare modal on repeated clicks (#491)
2026-06-01 22:24:27 +09:00
test_context_budget.py
fix(agent): make context-budget hard_max configurable via agent_input_token_hard_max setting (#1273)
2026-06-03 01:36:57 +09:00
test_context_compactor.py
Stop conversations crashing during compaction on tool-call turns (#1777)
2026-06-03 13:25:33 +09:00
test_cookbook_cpu_only_serve.py
Drop GPU-only flags from the CPU-only (-ngl 0) serve command (#1433)
2026-06-03 04:26:15 +09:00
test_cookbook_dependency_completion_regression.py
Fix Cookbook dependency install completion state
2026-06-02 12:59:29 +09:00
test_cookbook_download_toast_duration.py
Keep Cookbook download-failure toasts visible long enough to read (#1412)
2026-06-03 03:48:25 +09:00
test_cookbook_endpoint_registration.py
Fix Cookbook container-local model endpoints (#1223)
2026-06-03 00:09:48 +09:00
test_cookbook_helpers.py
Add a 'Rebuild llama.cpp' Cookbook action to force a fresh GPU build (#1787)
2026-06-03 13:28:19 +09:00
test_cookbook_package_detection.py
fix(cookbook): detect llama-cpp-python via its real distribution name (#1020) (#1167)
2026-06-02 22:52:37 +09:00
test_cookbook_progress_signal_js.py
Don't falsely declare a dependency build stale (#1568) (#1768)
2026-06-03 13:23:35 +09:00
test_ddg_redirect_resolution.py
Match host, not substring, when resolving DuckDuckGo redirects (#886)
2026-06-02 12:25:56 +09:00
test_deep_research_date_context.py
Inject current date into deep research planning and query prompts (#1347)
2026-06-03 03:00:52 +09:00
test_deep_research_extraction_controls.py
Allow longer deep research extraction timeouts (#651)
2026-06-02 11:50:03 +09:00
test_deep_research_search_error.py
Research: report empty search provider results clearly
2026-06-02 20:34:25 +09:00
test_deep_research_synthesis_resilience.py
Don't lose deep-research findings when synthesis times out (#1551) (#1562)
2026-06-03 08:11:44 +09:00
test_delete_message_no_session.py
Let the output "x" delete work when no model/session exists (#1431)
2026-06-03 04:20:48 +09:00
test_deleted_session_sidebar_regression.py
Fix stale deleted sessions in sidebar (#1203)
2026-06-02 23:52:22 +09:00
test_derive_title_nonstring.py
fix: _derive_title crashes on non-string content instead of returning Untitled (#1751)
2026-06-03 13:25:41 +09:00
test_dialog_aria.py
Add dialog accessibility semantics
2026-06-02 12:41:25 +09:00
test_digest_windows.py
fix: calendar check-in digest drops events 7-8 days out (#1249)
2026-06-03 01:03:58 +09:00
test_doc_library_open_orphaned.py
Let orphaned documents be reopened from the library (#1602) (#1761)
2026-06-03 13:28:31 +09:00
test_docs_no_orphan_images.py
Remove stray PR screenshots accidentally committed under docs/ (#1351)
2026-06-03 03:31:09 +09:00
test_document_actions_nonstring.py
fix: document_actions title/content helpers crash on non-string input (#1621)
2026-06-03 08:59:55 +09:00
test_document_close_clears_active_route.py
fix: closed document stays active & leaks into new chats (#1160) (#1238)
2026-06-03 01:47:13 +09:00
test_document_deeplink.py
fix: open #document deep-links on refresh and surface load errors (#631)
2026-06-02 11:48:54 +09:00
test_document_library_language_facet.py
fix: document library language facet undercounts text documents (#1758)
2026-06-03 13:28:38 +09:00
test_document_pdf_marker.py
Documents: strip PDF marker without corrupting text
2026-06-02 20:35:27 +09:00
test_document_tidy_null_timestamp.py
fix: document tidy crashes on a duplicate with NULL timestamps (#1772)
2026-06-03 13:23:01 +09:00
test_document_tool_owner_scope.py
Scope document tools to caller owner
2026-06-02 06:00:02 +09:00
test_email_fallback_reconnect.py
Reconnect after a failed SEARCH ALL so the email poller doesn't desync IMAP (#1613) (#1748)
2026-06-03 13:28:53 +09:00
test_email_imap_timeout.py
Use shared IMAP timeout for account tests (#1088)
2026-06-02 23:11:04 +09:00
test_email_library_bulk_actions.py
Email: persist bulk read state to provider
2026-06-02 20:28:01 +09:00
test_email_owner_scope.py
Scope email account workflows by owner (#1309)
2026-06-03 02:21:02 +09:00
test_email_polly_imap_leak.py
fix(email): no-op IMAP connection leak in _auto_summarize_pass_single on exception (#1423)
2026-06-03 04:13:52 +09:00
test_email_smtp_security.py
Email: add explicit SMTP security mode
2026-06-02 13:15:06 +09:00
test_email_split_border_css.py
fix(ui): contain email split divider (#1194)
2026-06-02 23:28:24 +09:00
test_endpoint_probing.py
fix: Cookbook local GGUF serving inside Docker (#1264)
2026-06-03 02:08:09 +09:00
test_endpoint_resolver.py
Never resolve to a disabled endpoint model (#861)
2026-06-02 11:10:43 +09:00
test_esc_menu_stack_js.py
fix: make transient dropdown/popup menus close on Escape
2026-06-01 14:23:22 -04:00
test_extract_quotes.py
fix: extract_quotes accepts mismatched opening/closing quotes (#1113)
2026-06-02 22:34:52 +09:00
test_extract_skill_json_nonstring.py
fix: _extract_skill_json crashes on a truthy non-string teacher response (#1630)
2026-06-03 08:59:36 +09:00
test_extract_statistics.py
fix: extract_statistics drops large numbers and trailing % signs (#1153)
2026-06-02 22:35:30 +09:00
test_forwarded_message_divider.py
Email: recognize forwarded message dividers
2026-06-02 20:32:56 +09:00
test_gallery_cli_preview.py
fix: gallery CLI image serialization crashes on a non-string prompt (#1598)
2026-06-03 08:36:51 +09:00
test_gallery_endpoint_matching.py
Gallery: match image endpoint URLs with exact v1 suffix
2026-06-02 20:34:05 +09:00
test_gallery_endpoint_ssrf.py
fix: validate client-supplied image _endpoint to prevent SSRF (gallery proxies) (#1718)
2026-06-03 13:34:17 +09:00
test_gallery_image_privileges.py
Gate image editor AI endpoints by privilege (#447)
2026-06-01 22:35:24 +09:00
test_gallery_owner_filter_single_user.py
fix: gallery tag filters and tag-cleanup are empty in single-user mode (#1771)
2026-06-03 13:23:08 +09:00
test_group_chat_storage.py
Keep group chat session cache loading (#1418)
2026-06-03 04:05:40 +09:00
test_hex_to_rgb_js.py
fix: theme color parsing breaks on #rgb shorthand hex (#1213)
2026-06-03 00:30:03 +09:00
test_history_db_fallback_hidden.py
fix: history DB fallback returned hidden (compaction) messages to the client (#1726)
2026-06-03 13:30:11 +09:00
test_history_topics_owner_scope.py
fix(history): scope topic analysis to authenticated owner only (#744)
2026-06-02 11:36:01 +09:00
test_hwfit_amd.py
Cookbook fit: steer consumer AMD to GGUF recommendations
2026-06-02 21:01:42 +09:00
test_hwfit_macos.py
fix: require GGUF sources for llama downloads (#368)
2026-06-01 22:47:47 +09:00
test_hwfit_manual_backend.py
fix(hwfit): honor manual "metal" backend in the hardware simulator (#1090)
2026-06-02 23:12:34 +09:00
test_hwfit_quant_formats.py
Fix native Cookbook quant classification
2026-06-02 13:07:20 +09:00
test_hwfit_unified_nvidia.py
fix(hwfit): detect unified-memory NVIDIA (Grace Blackwell GB10 / DGX Spark) instead of 'No GPU' (#1340) (#1372)
2026-06-03 03:19:39 +09:00
test_ics_escape.py
fix: ICS export doesn't escape commas/semicolons in event fields (#1161)
2026-06-02 22:36:12 +09:00
test_ics_export_escaping.py
fix: ICS export — escape X-WR-CALNAME and honour is_utc on DTSTART/DTEND (#1174)
2026-06-02 23:02:28 +09:00
test_inside_base_dir_nonstring.py
fix: inside_base_dir raises TypeError on a non-string path instead of failing closed (#1619)
2026-06-03 09:00:04 +09:00
test_is_youtube_url_nonstring_svc.py
fix: is_youtube_url (services) crashes on a non-string url (#1753)
2026-06-03 13:24:24 +09:00
test_is_youtube_url_nonstring.py
fix: is_youtube_url crashes on a non-string url (#1752)
2026-06-03 13:24:33 +09:00
test_keybind_altgr_js.py
Ignore AltGr keystrokes in Ctrl+Alt keyboard shortcuts (#825)
2026-06-02 11:12:54 +09:00
test_lang_icon_null_opts_js.py
fix: langIcon throws on an explicit null opts argument (#1740)
2026-06-03 13:29:21 +09:00
test_llm_core_anthropic_cache.py
Add Anthropic prompt caching to the agent loop (#812)
2026-06-02 11:14:31 +09:00
test_llm_core_anthropic_temp_clamp.py
Clamp Anthropic temperature to [0.0, 1.0] in _build_anthropic_payload (#1737)
2026-06-03 13:29:36 +09:00
test_llm_core_concurrency.py
Make LLM host health maps thread-safe
2026-06-02 05:54:23 +09:00
test_llm_core_fallback.py
Don't attempt the same (url, model) route twice in the fallback chains (#1733)
2026-06-03 13:33:50 +09:00
test_llm_core_ollama.py
Ollama: pass discovered num_ctx in chat requests
2026-06-02 20:27:24 +09:00
test_llm_core_reasoning_content_fallback.py
fix: surface reasoning_content when content is empty (thinking models) (#1233)
2026-06-03 01:41:24 +09:00
test_llm_core_reasoning.py
Support vLLM 0.20.2 / NIM reasoning-parser output end-to-end (surface + agent context + render) (#602)
2026-06-02 11:48:17 +09:00
test_llm_core_sanitize_tool_calls.py
Chat: merge consecutive user messages for strict providers
2026-06-02 20:44:13 +09:00
test_llm_core_streaming.py
Fix native tool-calling follow-up round on Gemini and Ollama (#867)
2026-06-02 11:39:40 +09:00
test_llm_core_temperature.py
Providers: omit temperature for OpenAI reasoning models
2026-06-02 20:58:33 +09:00
test_lmstudio_discovery.py
Discover LM Studio via host/port scanning and native-API fingerprint (#1126)
2026-06-02 23:04:58 +09:00
test_lmstudio_vision.py
Use LM Studio-reported vision capability for image passthrough (#1130)
2026-06-02 23:01:04 +09:00
test_local_endpoint_api_key_js.py
Models: allow API keys for local endpoints
2026-06-02 20:36:54 +09:00
test_local_endpoint_js.py
fix: don't bill self-hosted models reached by a container/service hostname (#596)
2026-06-02 11:47:58 +09:00
test_logs_cli_resolve_nonstring.py
fix: logs CLI _resolve crashes on a non-string name (#1631)
2026-06-03 08:59:30 +09:00
test_mail_cli_read_empty_fetch.py
fix: odysseus-mail read crashes on an empty IMAP fetch payload (#1730)
2026-06-03 13:31:10 +09:00
test_mail_cli_recipients.py
Reject empty mail CLI recipients (#1581)
2026-06-03 08:57:23 +09:00
test_manage_settings_token_budget.py
fix: agent_input_token_budget wrongly treated as a secret and unsettable from chat (#1294)
2026-06-03 01:53:47 +09:00
test_markdown_rendering_js.py
fix: markdown table renders separator row as visible data (#1252)
2026-06-03 01:59:05 +09:00
test_markdown_table_row_js.py
fix: markdown tables drop empty cells and misalign columns (#1164)
2026-06-02 22:41:27 +09:00
test_markitdown_format_nonstring.py
fix: is_markitdown_format crashes on a non-string path (#1618)
2026-06-03 09:00:10 +09:00
test_markitdown_runtime.py
Add optional markitdown extraction for Office/EPUB documents (#766)
2026-06-02 11:28:52 +09:00
test_mcp_cache_invalidation.py
fix(mcp): invalidate tool prompt cache on connect/disconnect/error (#1235)
2026-06-03 00:49:29 +09:00
test_mcp_cli_env_serialize.py
fix: mcp CLI _serialize crashes when stored env JSON is a list (#1609)
2026-06-03 08:35:09 +09:00
test_mcp_common_truncate.py
fix: shared MCP truncate() crashes on None/non-string tool output (#1605)
2026-06-03 08:35:54 +09:00
test_mcp_manager.py
fix: add Browser MCP connection diagnostics (#662)
2026-06-02 11:50:17 +09:00
test_mcp_reconnect_args.py
fix: MCP reconnect via tool passes only server_id to connect_server (#1385)
2026-06-03 03:46:07 +09:00
test_memory_bullet_extraction.py
Fix AttributeError on bullet lines in extract_memory_from_chat (#873)
2026-06-02 11:46:06 +09:00
test_memory_extract_chat_nondict.py
fix: chat memory extraction crashes on a non-dict message (#1749)
2026-06-03 13:25:48 +09:00
test_memory_extractor_vector_degraded.py
fix: data integrity — deep-research result parsing + memory-extraction durability (#808)
2026-06-02 11:27:31 +09:00
test_modal_dock_composer_clearance.py
fix(ui): keep minimized windows above composer (#1197)
2026-06-02 23:31:09 +09:00
test_model_context.py
Models: prefer longest known context match
2026-06-02 20:33:09 +09:00
test_model_routes.py
fix(models): clear deleted endpoint fallback refs (#1207)
2026-06-02 23:41:04 +09:00
test_new_chat_clears_input.py
Clear the composer draft when entering the New Chat / welcome state (#1408)
2026-06-03 04:07:31 +09:00
test_new_chat_model_preference.py
Chat: prefer active model for new desktop chats
2026-06-02 21:00:50 +09:00
test_notes_update_due_date.py
Notes: parse natural-language due dates on update
2026-06-02 20:51:16 +09:00
test_null_owner_gates.py
Security: owner-scope v1 chat endpoint fallback
2026-06-02 20:31:35 +09:00
test_odysseus_dispatcher.py
Require runnable dispatcher subcommands (#1585)
2026-06-03 08:56:56 +09:00
test_og_image_extraction.py
fix: source thumbnails dropped for http-only og:image URLs (#667)
2026-06-02 11:41:33 +09:00
test_ollama_port_detection.py
Add Ollama port path detection regressions (#883)
2026-06-02 12:24:18 +09:00
test_ordinal_suffix_js.py
fix: monthly schedule label shows 21th/22th/31th (ordinal suffix for days >20) (#1577)
2026-06-03 08:57:47 +09:00
test_owned_document_query.py
fix: owner-less document query passes bare False to SQLAlchemy filter() (#1281)
2026-06-03 01:20:43 +09:00
test_pdf_runtime.py
Show a clear message when PyMuPDF is missing
2026-06-01 18:27:17 +09:00
test_personal_dir_symlink_escape.py
fix: personal-docs path confinement used abspath, allowing symlink escape (#1728)
2026-06-03 13:29:57 +09:00
test_personal_docs_exclusions.py
Docs: respect path boundary when clearing exclusions
2026-06-02 20:35:44 +09:00
test_personal_docs_lists.py
Save only string personal doc paths (#1566)
2026-06-03 08:37:29 +09:00
test_personal_docs_office_index.py
Add optional markitdown extraction for Office/EPUB documents (#766)
2026-06-02 11:28:52 +09:00
test_personal_docs_pdf_index.py
Fix chat stream recovery and PDF library indexing (#468)
2026-06-01 22:33:35 +09:00
test_personal_docs_state_store.py
Ignore invalid personal docs state (#1401)
2026-06-03 04:02:16 +09:00
test_personal_upload_isolation.py
Scope personal RAG uploads by owner (#446)
2026-06-01 22:36:53 +09:00
test_platform_compat.py
Windows: improve Git Bash detection
2026-06-02 20:45:48 +09:00
test_prefs_single_user_no_clobber.py
fix: disabling auth wipes all users' preferences on next pref save (#1764)
2026-06-03 13:23:50 +09:00
test_preset_cli_invalid_entries.py
Reject invalid preset CLI entries (#1579)
2026-06-03 08:57:35 +09:00
test_preset_cli_store.py
Reject invalid preset CLI stores (#1395)
2026-06-03 03:59:05 +09:00
test_preset_fill_missing_defaults.py
Presets: fill missing built-in defaults on load
2026-06-02 20:32:08 +09:00
test_preset_local_storage_js.py
Keep presets loading with bad local state (#1417)
2026-06-03 04:09:28 +09:00
test_prompt_bar_manual_resize.py
fix(ui): allow manual prompt bar resize (#1201)
2026-06-02 23:43:53 +09:00
test_provider_classification.py
Add provider classification and upstream-error tests
2026-06-02 20:42:43 +09:00
test_provider_detection.py
Provider detection: match by hostname instead of substring (re #768) (#815)
2026-06-02 11:11:17 +09:00
test_provider_endpoints.py
Add provider endpoint resolver tests
2026-06-02 12:53:50 +09:00
test_question_type_detection.py
fix: research query misclassifies 'whatsapp'/'however' as questions (#1247)
2026-06-03 01:10:06 +09:00
test_rag_keyword_fallback_owner.py
fix: RAG keyword fallback leaked owner-less documents across users (#1722)
2026-06-03 13:31:33 +09:00
test_rag_remove_directory_scope.py
Fix RAG remove_directory wiping the entire shared collection (#1660) (#1734)
2026-06-03 13:29:51 +09:00
test_rag_server_directory_nonstring.py
fix: rag_server add/remove_directory crashes on a non-string directory arg (#1614)
2026-06-03 08:36:45 +09:00
test_rag_vector_id_stability.py
fix(rag): use a stable hash for document IDs so dedup survives restarts (#1098)
2026-06-02 22:42:23 +09:00
test_rate_limiter.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
test_readiness.py
feat: add /api/ready readiness probe (DB, data dir, local-first) (#1200)
2026-06-02 23:33:22 +09:00
test_readme_ascii_fenced.py
Wrap the README banner in a code fence so it renders as typed (#1403)
2026-06-03 03:42:01 +09:00
test_rename_user_case_insensitive.py
fix(auth): case-insensitive owner migration on username rename (#1183)
2026-06-02 23:18:15 +09:00
test_reply_recipients_js.py
fix: reply-all Cc's the user's own other addresses (multi-account) (#672)
2026-06-02 11:42:20 +09:00
test_research_chat_stream_owner.py
fix: pass owner to start_research in chat stream path (#1265)
2026-06-03 02:32:38 +09:00
test_research_cli_preview.py
fix: research CLI summary crashes on a non-string query (#1596)
2026-06-03 08:36:57 +09:00
test_research_handler_raw_nondict.py
fix: a non-dict finding silently drops all raw research findings (#1739)
2026-06-03 13:29:29 +09:00
test_research_owner_scope_routes.py
tests: cover research route owner gates
2026-06-02 20:42:15 +09:00
test_research_probe_errors.py
Surface deep research probe errors (#1086)
2026-06-02 22:51:25 +09:00
test_research_query_fallback.py
Deep research: don't treat a bare 'yes' as the research topic (#858)
2026-06-02 11:30:53 +09:00
test_research_report_read.py
Route "read that report" to manage_research instead of the HTML render (#1375)
2026-06-03 03:24:09 +09:00
test_research_service.py
Skip invalid research service sources (#1583)
2026-06-03 08:57:09 +09:00
test_research_session_id_validation.py
fix(research): validate session_id to block path traversal
2026-06-01 23:25:38 +01:00
test_research_utils.py
fix: deep research discards valid sources mentioning cookies/copyright (#481)
2026-06-01 22:26:37 +09:00
test_reserved_username_admin_escalation.py
Reserve internal sentinel usernames
2026-06-02 05:58:58 +09:00
test_resolve_endpoint_fallbacks.py
Add resolve_endpoint fallback chain regressions (#890)
2026-06-02 12:24:50 +09:00
test_review_regressions.py
Models: avoid hidden models in default fallback
2026-06-02 20:37:14 +09:00
test_rewrite_persist_column.py
fix: rewriting a message is lost on reload due to a non-existent DB column (#1729)
2026-06-03 13:31:19 +09:00
test_sanitize_multimodal_merge.py
fix: merging consecutive user messages corrupts multimodal (image) content (#1277)
2026-06-03 01:21:57 +09:00
test_scheduler_restart_doublefire.py
fix(scheduler): push next_run forward on startup to stop restart double-fire (#708)
2026-06-02 11:43:30 +09:00
test_search_analytics_defaults.py
fix: search analytics crashes recording when the JSON file predates a counter (#1224)
2026-06-03 00:26:37 +09:00
test_search_cache_invalidation.py
Fix invalidate_search_cache using a key that never matches stored entries (#852)
2026-06-02 10:53:33 +09:00
test_search_config_no_key_leak.py
Stop GET /api/search/config from leaking the Brave API key (#1661) (#1750)
2026-06-03 13:24:17 +09:00
test_search_config_provider_key.py
Report provider-specific search API keys correctly (#1202)
2026-06-02 23:37:15 +09:00
test_search_content_extraction_parity.py
Search: align service content extraction
2026-06-02 20:53:07 +09:00
test_search_module_consolidation.py
Search: consolidate core and provider implementations
2026-06-02 21:02:26 +09:00
test_search_query_entities_nonstring.py
fix: _extract_entities crashes on a non-string query (#1724)
2026-06-03 13:30:28 +09:00
test_search_query_nonstring.py
fix: search query helpers crash on a non-string query (#1604)
2026-06-03 08:36:01 +09:00
test_search_query.py
Fix year extraction in research queries
2026-06-01 23:09:41 +09:00
test_search_ranking_recency.py
fix: rank recency by UTC, not local time (#1116) (#1234)
2026-06-03 00:18:15 +09:00
test_search_ranking.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
test_search_service_nondict_rows.py
fix: search service crashes on a non-dict result row (#1725)
2026-06-03 13:30:19 +09:00
test_searchservice_search_call.py
fix: SearchService.search() calls comprehensive_web_search incorrectly (broken public API) (#1720)
2026-06-03 13:33:56 +09:00
test_searxng_image_pinned.py
Pin the SearXNG image so a broken :latest can't block startup (#1419)
2026-06-03 03:56:54 +09:00
test_security_regressions.py
Security: sanitize export and gallery filenames
2026-06-02 20:29:56 +09:00
test_select_dropdown_theme_css.py
Normalize native select option theming (#1178)
2026-06-02 23:09:15 +09:00
test_sender_signature_skip_roles.py
fix: signature learning never skips support@/info@/admin@ senders (#1773)
2026-06-03 13:22:52 +09:00
test_serve_profiles.py
Cookbook serve profiles and engine filter
2026-06-02 12:34:42 +09:00
test_service_search_provider_guards.py
Search: consolidate core and provider implementations
2026-06-02 21:02:26 +09:00
test_session_endpoint_owner_scope.py
Harden session endpoint owner scope (#1308)
2026-06-03 02:40:22 +09:00
test_session_export_filename.py
fix: _sanitize_export_filename crashes on a non-string session name (#1607)
2026-06-03 08:35:47 +09:00
test_session_ghost_delete.py
Sessions: allow deleting memory-only ghost sessions
2026-06-02 20:51:26 +09:00
test_session_mode_helpers.py
Fix database stubs in regression tests (#301)
2026-06-01 16:55:09 +09:00
test_session_owner_attribution.py
Attribute API-token sessions to the token owner (effective_user) (#871)
2026-06-02 11:39:01 +09:00
test_sessions_cli.py
Normalize session CLI counters (#1578)
2026-06-03 08:57:41 +09:00
test_settings_scrub.py
Deep-scrub secrets from public settings
2026-06-01 23:11:50 +09:00
test_settings_store_shape.py
Fall back from invalid settings stores (#1416)
2026-06-03 03:53:05 +09:00
test_setup_admin_user.py
Normalize setup admin username (#448)
2026-06-01 22:38:56 +09:00
test_shell_routes.py
fix: distinguish external cookbook runtimes (#1188)
2026-06-02 23:20:00 +09:00
test_signature_cli_export.py
Validate signature CLI PNG data (#1580)
2026-06-03 08:57:28 +09:00
test_signature_fold_self_closing_br_js.py
fix: signature delimiter fold misses self-closing <br/> breaks (#1774)
2026-06-03 13:22:46 +09:00
test_skill_index_prompt_injection.py
fix(agent-loop): wrap matched skills + skill index in untrusted user-role message (#788)
2026-06-02 11:15:45 +09:00
test_skill_save_no_rename.py
fix(skills): markdown save must not rename the skill, so delete keeps working (#1333) (#1365)
2026-06-03 03:16:11 +09:00
test_skills_cli_preview.py
fix: skills CLI summary crashes on a non-string description (#1595)
2026-06-03 08:37:05 +09:00
test_skills_delete_owner.py
Skills: delete owner-scoped skills with owner
2026-06-02 20:28:36 +09:00
test_skills_manager_owner_isolation.py
Scope skills usage by owner (#1312)
2026-06-03 02:27:43 +09:00
test_skills_routes_nondict.py
fix: skill test-task / precision helpers crash on a non-dict skill (#1638)
2026-06-03 08:59:24 +09:00
test_skills_routes_owner_update.py
Fix owner-scoped skill updates (#1240)
2026-06-03 00:42:56 +09:00
test_speech_service_toggles.py
Honor disabled speech service toggles (#814)
2026-06-02 10:44:39 +09:00
test_split_chunks_no_duplicate_tail.py
fix: split_chunks emits a duplicate trailing chunk for text over size-overlap (#1573)
2026-06-03 08:57:54 +09:00
test_sqlite_foreign_keys.py
DB: enable SQLite foreign key cascades
2026-06-02 20:36:13 +09:00
test_strip_think.py
Text: strip dangling think blocks after visible text
2026-06-02 20:36:37 +09:00
test_stt_leak.py
STT: clean temp audio files on transcription failure
2026-06-02 20:43:24 +09:00
test_task_scheduler_cancel.py
Tasks: clean up queued cancellation state
2026-06-02 20:51:21 +09:00
test_task_scheduler_session_delivery.py
Fix test suite: ESM module loading and stub isolation (#844)
2026-06-02 11:29:29 +09:00
test_teacher_eval_nonstring_reply.py
fix: evaluate_turn_regex crashes on a non-string agent_reply (#1723)
2026-06-03 13:31:26 +09:00
test_tool_index_keyword_boundaries.py
Tools: match keyword hints on word boundaries
2026-06-02 20:32:20 +09:00
test_tool_parsing_nonstring.py
fix: tool-block parsing crashes on a non-string input (#1628)
2026-06-03 08:59:42 +09:00
test_tool_path_confinement.py
fix(tools): strict path confinement with sensitive-subpath deny list (#1072)
2026-06-02 23:13:30 +09:00
test_tool_rag_keyword_hints.py
Don't force-include the email toolset on every "tell me" query (#1707) (#1735)
2026-06-03 13:33:43 +09:00
test_tool_support_heuristic.py
fix: deepseek-r1 on Ollama returns HTTP 400 when tool schemas are sent (#1169)
2026-06-02 23:22:57 +09:00
test_topic_analyzer.py
Topics: hydrate session history before analysis
2026-06-02 20:44:27 +09:00
test_totp_failclosed.py
fix: 2FA bypassed when enabled but TOTP secret is missing (fail-open) (#1286)
2026-06-03 01:26:47 +09:00
test_tts_cache_stats.py
TTS: include mp3 files in cache stats
2026-06-02 20:43:29 +09:00
test_ui_control_rag_toggle.py
fix: ui_control rejects the advertised rag toggle (#1763)
2026-06-03 13:24:00 +09:00
test_unknown_tool_calls.py
fix(agent): map native google_search and surface empty rounds
2026-06-02 12:57:45 +09:00
test_update_database_script.py
Remove duplicate update database body (#1584)
2026-06-03 08:57:03 +09:00
test_upload_error_surfaced.py
Surface upload failures instead of silently dropping the files (#1425)
2026-06-03 04:12:23 +09:00
test_upload_handler_atomicity.py
Ignore stale duplicate upload rows (#1256)
2026-06-03 00:59:01 +09:00
test_upload_id_extension.py
fix: uploads with _ or - in the extension become permanently unreadable (#1756)
2026-06-03 13:28:45 +09:00
test_upload_id_validation.py
fix: uploaded files with no extension become permanently unresolvable (#1275)
2026-06-03 01:16:30 +09:00
test_upload_multifile.py
Fix multi-file uploads tripping the per-IP concurrency guard (#1346) (#1362)
2026-06-03 04:04:19 +09:00
test_upload_routes_owner_scope.py
tests: cover upload route owner gates
2026-06-02 20:42:26 +09:00
test_url_safety.py
fix: SSRF hardening for the custom embedding endpoint URL (#132) (#1206)
2026-06-02 23:46:33 +09:00
test_vault_password_not_in_argv.py
Keep Bitwarden unlock password off argv (#1311)
2026-06-03 02:13:51 +09:00
test_venice_hosts.py
Treat Venice as a tool-capable SOTA cloud provider (#1173)
2026-06-02 23:03:46 +09:00
test_vision_model_detection.py
Recognize gemma3/llama4/mistral-small3.1+/multimodal as vision models (#1430)
2026-06-03 04:17:40 +09:00
test_visual_report.py
Fix visual report chapter navigation (#505)
2026-06-01 22:26:13 +09:00
test_webhook_ssrf_resilience.py
Webhook: block IPv6 SSRF bypasses
2026-06-02 20:28:12 +09:00
test_webhook_trigger_auth_exempt.py
Exempt task webhook trigger from session auth (#784)
2026-06-02 11:23:40 +09:00
test_windows_update_script.py
Windows: add Docker update script
2026-06-02 20:45:32 +09:00
test_youtube_comments_timeout.py
YouTube: enforce comment fetch timeout while waiting
2026-06-02 20:44:24 +09:00
test_youtube_svc_comments_nondict.py
fix: youtube (services) comment formatter crashes on a non-dict comment (#1746)
2026-06-03 13:29:01 +09:00
test_youtube_transcript_seg_nondict.py
fix: youtube transcript formatter crashes on a non-dict segment (#1745)
2026-06-03 13:29:08 +09:00