mirror of
https://github.com/multica-ai/multica.git
synced 2026-07-06 05:49:12 +02:00
* feat(integrations): add platform-agnostic channel foundation Introduce server/internal/integrations/channel — the contract every inbound IM integration implements, so the core never learns a platform's event JSON. Four pieces: - Channel interface (Type/Connect/Disconnect/Send/Capabilities) + Factory + Config (channel_type + opaque JSON blob, maps to channel_installation). - Normalized InboundMessage/OutboundMessage envelopes + Source/MediaRef/ ReplyCtx/MsgType/ChatType. Envelope holds only cross-platform-true fields; platform specifics live in Raw, read only by the adapter. - Capability bitmask: declaration only, no degrade logic in core. - Registry: Type->Factory map, last-writer-wins, concurrency-safe. Pure package (no DB/network/platform deps). Foundation for MUL-3515; the lark cutover + lark_*->channel_* generalization land in follow-up PRs. MUL-3515 Co-authored-by: multica-agent <github@multica.ai> * feat(channel): generalize lark_* tables into channel_* (DB layer) Migration 123 creates channel_installation / channel_user_binding / channel_chat_session_binding / channel_inbound_message_dedup / channel_inbound_audit / channel_outbound_card_message / channel_binding_token. Each carries a channel_type discriminator and a JSONB config for platform-specific identifiers/credentials; cross-platform columns stay flat. Existing Feishu rows are backfilled (channel_type= 'feishu', app_secret_encrypted via base64). NO foreign keys / cascades (MUL-3515 §4) — integrity moves to the app layer in the cutover. queries/channel.sql ports the lark query surface to channel_*, JSONB-aware, plus DeleteChannelUserBindingsByWorkspaceMember / DeleteChannelChatSessionBindingBySession for the app-layer cleanup that replaces the removed cascades. lark_* tables/queries are left in place here and removed once the Go cutover lands, so this commit ships green on its own. Verified: sqlc generate, go build ./..., full migrate chain (1..123) on Postgres 17, and a real-data backfill spot-check (base64 round-trip, NULL-strip, functional unique index on (channel_type, app_id)). MUL-3515 Co-authored-by: multica-agent <github@multica.ai> * fix(channel): name app_id query param + multi-IM install key + null-safe binding merge Addresses review on MUL-3515 (PR #4412): - GetChannelInstallationByAppID: explicitly name params and cast app_id to ::text so sqlc emits AppID string. A bare $2 next to `config ->> 'app_id'` was mis-attributed to the JSONB config column, generating Config []byte. - channel_installation uniqueness -> (workspace_id, agent_id, channel_type), with the UpsertChannelInstallation conflict key matched. Lets one agent hold one installation per IM (feishu + slack + ...) instead of a later install clobbering an earlier one. Behaviorally identical in the current feishu-only world; "one agent, at most one IM overall" stays an app-layer rule per MUL-3515 §4, not a DB constraint. - CreateChannelUserBinding merges jsonb_strip_nulls(EXCLUDED.config) so a re-bind carrying {"union_id": null} no longer erases an already-captured union_id, restoring the old COALESCE(EXCLUDED.union_id, ...) semantics. Regenerated with sqlc v1.31.1. Verified on PG17: re-install replaces in place, feishu+slack coexist, null re-bind keeps union_id, real union_id wins. Co-authored-by: multica-agent <github@multica.ai> * feat(lark): channel-backed Feishu store + fix base64 backfill wrapping Cutover step 1 of switching the lark Go code from lark_* onto the channel_* tables (MUL-3515). Introduces the JSONB config boundary the rest of the cutover sits on, and fixes a latent backfill bug surfaced while building it. - migration 123: strip newlines from the app_secret_encrypted base64 backfill. PostgreSQL encode(...,'base64') MIME-wraps at 76 chars, and a secretbox- sealed ~72-byte secret exceeds that. Go's encoding/json decodes a JSON string into []byte with base64.StdEncoding, which rejects embedded newlines, so without the strip every migrated installation would fail to decrypt its app secret once reads move to channel_installation.config. - store.go: flat domain types (Installation / UserBinding / ChatSessionBinding) with field parity to the retired db.Lark* rows, plus the feishu config codec. Row->domain mappers decode the JSONB config; the secret decoder is whitespace-tolerant so legacy MIME-wrapped data still round-trips, while the encoder emits unwrapped base64. Binding config encodes an absent union_id as "{}" so the upsert's jsonb_strip_nulls merge never clobbers a stored union_id. - store_test.go: 72-byte secret round-trip, MIME-wrapped tolerance, optional null-strip, and flat-column preservation. Verified on PG17. Field parity keeps the upcoming ~190 db.LarkInstallation call sites a mechanical rename. No call sites switched yet; behavior unchanged. Co-authored-by: multica-agent <github@multica.ai> * feat(lark): route inbound integration onto channel_* + explicit membership checks Cutover step 2 (MUL-3515): switch the Feishu Go code from the lark_* queries to channel_* via a ChannelStore adapter, and replace the removed member foreign key with explicit application-layer membership checks. No user-visible behavior change. - channel_store.go: ChannelStore embeds *db.Queries and SHADOWS the ~24 lark query methods with channel_*-backed equivalents, keeping the db.Lark* signatures so the dispatcher/hub/services and their ~20k lines of tests stay untouched; the feishu JSONB config is (de)coded by store.go. Adds IsWorkspaceMember and a tx-aware WithTx. Only production wiring swaps *db.Queries for *ChannelStore. - Membership re-check (§4 removed the lark_user_binding -> member FK, so a binding row no longer proves current membership): * the dispatcher inbound identity step verifies membership after the binding lookup; a former member's stale binding is dropped as non_workspace_member + audited and never reaches chat_session (§4.3 safety property). * RedeemAndBind and BindInstallerTx replace the now-dead FK (23503) branch with an explicit IsWorkspaceMember gate, preserving the existing ErrBindingNotWorkspaceMember outcome without burning the token. - router wires the ChannelStore into the patcher, typing indicator, dispatcher, hub, and the union_id/region backfills; constructor-based services wrap *db.Queries internally so their signatures and nil-check tests are unchanged. Verified: go build ./... ; go vet ; gofmt ; go test -race ./internal/integrations/... (full lark suite green unchanged + new membership drop/error tests). Adapter field mappings (secret base64, union_id RMW, chat-id/open-id remaps, dedup, token, card) checked end-to-end against a PG17 channel_* schema. lark_* tables and queries remain (unused at runtime) until the S3 cleanup-hooks and S4 drop-tables/rename commits. Co-authored-by: multica-agent <github@multica.ai> * fix(channel): renumber generalization migration 123 -> 124 main merged 123_issue_stage after this branch forked, so the branch's 123_channel_generalization now collides on the migration number. The runner keys schema_migrations by full version string and would still apply both, but a duplicate number is a merge hazard and convention violation, so move the channel migration to the next free slot (124). issue_stage (ALTER issue ADD COLUMN stage) and the channel generalization touch disjoint tables; verified on PG17 that 123_issue_stage applies cleanly on a DB already carrying 124_channel_generalization, so the two are order-independent. sqlc regenerated (v1.31.1): only the migration-number comment changed. MUL-3515 Co-authored-by: multica-agent <github@multica.ai> * feat(channel): prune channel bindings on member removal + chat session delete MUL-3515 §4 dropped every channel_* foreign key, so the old ON DELETE CASCADE that cleared a user's channel_user_binding when they left a workspace, and a chat's channel_chat_session_binding when its chat_session was deleted, no longer fires. Re-establish that integrity in the application layer, inside the existing transactions: revokeAndRemoveMember -> DeleteChannelUserBindingsByWorkspaceMember, DeleteChatSession -> DeleteChannelChatSessionBindingBySession. Adds real-DB tests for both paths, including a scoping check that a remaining member's binding survives the prune. Verified on PG17: both new tests plus the existing revocation tests and the full handler package pass. MUL-3515 Co-authored-by: multica-agent <github@multica.ai> * fix(channel): scope Lark/Feishu store reads to channel_type='feishu' The S2 cutover routed the Feishu integration onto channel_*, but the Lark-facing ChannelStore wrappers read installation / chat-session-binding / outbound-card rows across ALL channel_type values. Once a second IM exists, that would let the Lark hub supervise a non-Feishu installation, the Lark install list show it, /lark/installations/{id} revoke another channel's row, and the outbound patcher / typing indicator act on a non-Feishu chat binding or card. Add a channel_type predicate to the six read/list channel queries and pass channelTypeFeishu from every wrapper: GetChannelInstallation, GetChannelInstallationInWorkspace, ListChannelInstallationsByWorkspace, ListActiveChannelInstallations, GetChannelChatSessionBindingBySession, GetChannelOutboundCardByTask. The S3 cleanup deletes (DeleteChannelUserBindingsByWorkspaceMember / DeleteChannelChatSessionBindingBySession) stay all-channel on purpose: a member leaving or a chat_session being deleted should clear every IM's binding. Adds a real-DB test that seeds a Slack installation/binding/card next to the Feishu ones and asserts the Lark wrappers never return them. MUL-3515 Co-authored-by: multica-agent <github@multica.ai> * refactor(channel): replace db.Lark* translation layer with lark domain types S2 introduced ChannelStore as a translation layer that read/wrote channel_* but kept the retired db.Lark* struct/param shapes so the dispatcher/hub/services and their ~20k lines of tests did not have to change. This collapses that layer: the store now takes and returns the package's flat domain types (Installation, UserBinding, ChatSessionBinding, InboundMessageDedup, BindingTokenRow, OutboundCardMessage) and the *Params types in params.go, with channel-neutral field names (ChannelUserID / ChannelChatID / ...). All call sites, fakes, and tests move to the domain types. No behavior change: only channel_* is read/written (as before); db.Lark* is now unused, and the lark_* tables + queries/lark.sql are removed in the next commit. Verified on PG17: go build / vet / gofmt clean, go test -race ./internal/integrations/... green (the ~20k-line fake suite), and the lark + handler suites pass. MUL-3515 Co-authored-by: multica-agent <github@multica.ai> * refactor(channel): drop lark_* tables and queries (remove old path) The Go cutover (previous commit) moved the lark package entirely onto channel_* and the domain types, leaving the lark_* tables, queries/lark.sql, and the generated db.Lark* models unused. Remove them per the design (§5: replace, do not keep both): migration 125 drops the seven lark_* tables (data already lives in channel_* since migration 124), and queries/lark.sql is deleted + sqlc regenerated, removing the db.Lark* models and lark query methods. The 125 down recreates the authoritative pre-drop schema (bot_union_id, region, per-installation dedup PK, thread-reply columns). Verified on PG17: fresh migrate up ends with lark_* gone + channel_* present; isolated 125 down/up round-trips correctly; go build / vet / gofmt clean; go test -race ./internal/integrations/... and the handler suite pass. MUL-3515 Co-authored-by: multica-agent <github@multica.ai> * fix(migrations): remove trailing blank line at EOF of 125 down migration git diff --check flagged a blank line at EOF of 125_drop_lark_tables.down.sql (a pg_dump-generation artifact). Whitespace only; the recreate SQL is unchanged. MUL-3515 Co-authored-by: multica-agent <github@multica.ai> * refactor(channel): defer lark_* table drop to a follow-up migration Preflight deploy review: dropping lark_* in the same release that cuts over (old migration 125) is not rollback/rolling-safe — the v0.3.27 release still reads lark_*, so a rolling deploy or a post-deploy code rollback would hit "relation does not exist". Remove the drop and keep the old tables for one release (standard expand/contract): migration 124 already backfilled lark_* -> channel_*, the new code reads/writes only channel_*, and the physical drop moves to a separate cleanup migration once this ships and is observed. The lark_* tables remain in the schema, so sqlc regenerates the (now unused) db.Lark* models; queries/lark.sql stays deleted (the new code uses channel_*). No code path reads lark_* — only the destructive drop is deferred, keeping the design's no-compat-layer / no-dual-write rule while being deploy-safe. MUL-3515 Co-authored-by: multica-agent <github@multica.ai> * fix(channel): skip orphaned installations in hub-boot active scan Preflight deploy review: channel_installation dropped the workspace/agent FK (MUL-3515 §4), so unlike lark_installation it does not cascade away when its workspace is deleted or its agent is hard-deleted (e.g. runtime teardown). The hub-boot query then keeps opening a WebSocket for a bot whose owner is gone. JOIN ListActiveChannelInstallations to live workspace + agent so an orphaned installation is never connected, uniformly for every deletion path. The JOIN matches the old ON DELETE CASCADE semantics (row existence, not agent archival), so an archived-but-present agent's installation is still listed; the orphaned row's encrypted secret is thereby never decrypted/used. Tests: a real-DB handler test asserts a deleted-workspace/agent installation and a non-Feishu one are both excluded; the lark scope test's active-list assertion moved there since the JOIN now needs real workspace/agent fixtures. (Physically deleting dormant orphaned channel rows on workspace/agent deletion is a separate app-layer-cleanup follow-up.) MUL-3515 Co-authored-by: multica-agent <github@multica.ai> * docs(channel): document non-rolling cutover constraint for the lark->channel migration Elon deploy review: keeping the lark_* tables (deferred drop) stops old v0.3.27 code from crashing, but is not full expand/contract. Migration 124 is a one-time backfill; afterwards new code runs on channel_* (lease + dedup on channel_*) while pre-cutover code runs on lark_* (lease + dedup on lark_*). If both run concurrently during a rolling deploy, each side claims the same Feishu bot's WS lease on its own table and double-processes inbound events. This release therefore requires a NON-ROLLING cutover (stop the old hub before applying migration 124 + starting new code; rollback is not lossless once new code writes channel_*). Documented where deployers/reviewers see it: migration 124 header gains a ROLLOUT note; the channel_store.go header is corrected (lark_* tables are retained one release for rollback safety, not "gone"; the store still never touches them). Comment-only — no schema/codegen/behavior change. MUL-3515 Co-authored-by: multica-agent <github@multica.ai> * feat(lark): add MULTICA_LARK_HUB_DISABLED switch for the channel cutover The lark_*->channel_* cutover needs a way to make the Feishu bot briefly unavailable WITHOUT taking down the whole multica-api process — the Lark hub is a goroutine inside it, not a separate Deployment. MULTICA_LARK_HUB_DISABLED=true parks the hub at startup: the API serves HTTP normally but never claims a WS lease or opens a Feishu connection. Rollout (see migration 124 ROLLOUT note): ship the new release with the flag SET so new pods run API-only while old pods (hub on lark_*) drain during the rolling deploy — the two hubs never overlap. After the old pods are gone and migration 124 has run, flip the flag off; the new hub comes up on channel_*. The old backend does NOT need this switch — its hub stops when k8s terminates the old pods, not via a flag. Nil-ing LarkHub reuses the existing not-configured path so both the startup start and the shutdown join skip it. MUL-3515 Co-authored-by: multica-agent <github@multica.ai> * docs(channel): point migration 124 ROLLOUT note at the hub-disable switch Refine the rollout note to use MULTICA_LARK_HUB_DISABLED for a bot-only cutover (new pods serve API with the hub parked while old pods drain; flip the switch off after the migration), instead of the earlier whole-API recreate. Comment-only. MUL-3515 Co-authored-by: multica-agent <github@multica.ai> * docs(channel): fix migration 124 rollout order and document self-host cutover The previous ROLLOUT note shipped the new (channel_*) build before running migration 124, so the channel_*-backed HTTP paths (installation list/install/revoke, chat-session delete, member revoke) would 500 in the window between new-pod boot and the deferred migration. Restate the runbook around two explicit invariants — channel_* must exist before the new build serves those paths, and the old/new hubs must never overlap — and order the steps so channel_* is created first (park old hub -> snapshot -> deploy parked new build -> unpark). Document that default self-host (entrypoint migrate + single-replica Recreate) satisfies both invariants automatically and needs no manual steps; only prd / multi-replica rolling self-host needs the switch procedure. Clarify in main.go that the hub-park switch is generation-agnostic (parks whichever hub the build carries), which is what enables the preparatory release. Refs MUL-3515 Co-authored-by: multica-agent <github@multica.ai> --------- Co-authored-by: J <j@multica.ai> Co-authored-by: multica-agent <github@multica.ai>
508 lines
18 KiB
Go
508 lines
18 KiB
Go
package handler
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"encoding/json"
|
|
"mime/multipart"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"net/url"
|
|
"testing"
|
|
|
|
"github.com/multica-ai/multica/server/internal/middleware"
|
|
"github.com/multica-ai/multica/server/internal/util"
|
|
db "github.com/multica-ai/multica/server/pkg/db/generated"
|
|
)
|
|
|
|
// withChatTestWorkspaceCtx injects the workspace+member context that the
|
|
// real chi middleware chain would normally set. SendChatMessage (and most
|
|
// other chat handlers) read workspace ID from ctxWorkspaceID; without this
|
|
// the test harness, which calls handlers directly, gets "invalid workspace
|
|
// id" on the parseUUIDOrBadRequest call inside SendChatMessage.
|
|
func withChatTestWorkspaceCtx(t *testing.T, req *http.Request) *http.Request {
|
|
t.Helper()
|
|
memberRow, err := testHandler.Queries.GetMemberByUserAndWorkspace(context.Background(), db.GetMemberByUserAndWorkspaceParams{
|
|
UserID: util.MustParseUUID(testUserID),
|
|
WorkspaceID: util.MustParseUUID(testWorkspaceID),
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("load test member row: %v", err)
|
|
}
|
|
return req.WithContext(middleware.SetMemberContext(req.Context(), testWorkspaceID, memberRow))
|
|
}
|
|
|
|
// TestSendChatMessage_LinksAttachments verifies that attachments uploaded
|
|
// against a chat_session (chat_message_id NULL) are back-filled with the
|
|
// message_id when SendChatMessage receives the matching attachment_ids.
|
|
func TestSendChatMessage_LinksAttachments(t *testing.T) {
|
|
origStorage := testHandler.Storage
|
|
testHandler.Storage = &mockStorage{}
|
|
defer func() { testHandler.Storage = origStorage }()
|
|
|
|
agentID := createHandlerTestAgent(t, "ChatSendAttachAgent", []byte("[]"))
|
|
sessionID := createHandlerTestChatSession(t, agentID)
|
|
|
|
// 1. Upload a file against the chat session.
|
|
var body bytes.Buffer
|
|
writer := multipart.NewWriter(&body)
|
|
part, _ := writer.CreateFormFile("file", "send-link.png")
|
|
part.Write([]byte("\x89PNG\r\n\x1a\nbytes"))
|
|
writer.WriteField("chat_session_id", sessionID)
|
|
writer.Close()
|
|
|
|
uploadReq := httptest.NewRequest("POST", "/api/upload-file", &body)
|
|
uploadReq.Header.Set("Content-Type", writer.FormDataContentType())
|
|
uploadReq.Header.Set("X-User-ID", testUserID)
|
|
uploadReq.Header.Set("X-Workspace-ID", testWorkspaceID)
|
|
|
|
uploadW := httptest.NewRecorder()
|
|
testHandler.UploadFile(uploadW, uploadReq)
|
|
if uploadW.Code != http.StatusOK {
|
|
t.Fatalf("upload precondition: %d %s", uploadW.Code, uploadW.Body.String())
|
|
}
|
|
var uploadResp AttachmentResponse
|
|
if err := json.Unmarshal(uploadW.Body.Bytes(), &uploadResp); err != nil {
|
|
t.Fatalf("decode upload: %v", err)
|
|
}
|
|
attachmentID := uploadResp.ID
|
|
t.Cleanup(func() {
|
|
testPool.Exec(context.Background(), `DELETE FROM attachment WHERE id = $1`, attachmentID)
|
|
})
|
|
|
|
// 2. Send a chat message that references the attachment.
|
|
sendReq := newRequest("POST", "/api/chat-sessions/"+sessionID+"/messages", map[string]any{
|
|
"content": "look at this ",
|
|
"attachment_ids": []string{attachmentID},
|
|
})
|
|
sendReq = withURLParam(sendReq, "sessionId", sessionID)
|
|
sendReq = withChatTestWorkspaceCtx(t, sendReq)
|
|
sendW := httptest.NewRecorder()
|
|
testHandler.SendChatMessage(sendW, sendReq)
|
|
if sendW.Code != http.StatusCreated {
|
|
t.Fatalf("SendChatMessage: expected 201, got %d: %s", sendW.Code, sendW.Body.String())
|
|
}
|
|
|
|
var sendResp SendChatMessageResponse
|
|
if err := json.Unmarshal(sendW.Body.Bytes(), &sendResp); err != nil {
|
|
t.Fatalf("decode send: %v", err)
|
|
}
|
|
if sendResp.MessageID == "" {
|
|
t.Fatal("expected non-empty message_id in send response")
|
|
}
|
|
if sendResp.TaskID == "" {
|
|
t.Fatal("expected non-empty task_id in send response")
|
|
}
|
|
|
|
var messageTaskID string
|
|
if err := testPool.QueryRow(
|
|
context.Background(),
|
|
`SELECT COALESCE(task_id::text, '') FROM chat_message WHERE id = $1`,
|
|
sendResp.MessageID,
|
|
).Scan(&messageTaskID); err != nil {
|
|
t.Fatalf("query chat message task id: %v", err)
|
|
}
|
|
if messageTaskID != sendResp.TaskID {
|
|
t.Fatalf("chat message task_id mismatch: want %s, got %s", sendResp.TaskID, messageTaskID)
|
|
}
|
|
|
|
// 3. Verify the attachment row now points at the new message.
|
|
var dbMessageID *string
|
|
if err := testPool.QueryRow(
|
|
context.Background(),
|
|
`SELECT chat_message_id::text FROM attachment WHERE id = $1`,
|
|
attachmentID,
|
|
).Scan(&dbMessageID); err != nil {
|
|
t.Fatalf("query attachment: %v", err)
|
|
}
|
|
if dbMessageID == nil {
|
|
t.Fatal("chat_message_id is still NULL after send")
|
|
}
|
|
if *dbMessageID != sendResp.MessageID {
|
|
t.Fatalf("chat_message_id mismatch: want %s, got %s", sendResp.MessageID, *dbMessageID)
|
|
}
|
|
}
|
|
|
|
// TestSendChatMessage_LinksUnattachedAttachments verifies the new compose
|
|
// path: upload creates a workspace-scoped unattached attachment, and chat send
|
|
// binds it to both the session and the user message.
|
|
func TestSendChatMessage_LinksUnattachedAttachments(t *testing.T) {
|
|
origStorage := testHandler.Storage
|
|
testHandler.Storage = &mockStorage{}
|
|
defer func() { testHandler.Storage = origStorage }()
|
|
|
|
agentID := createHandlerTestAgent(t, "ChatSendUnattachedAttachAgent", []byte("[]"))
|
|
sessionID := createHandlerTestChatSession(t, agentID)
|
|
|
|
var body bytes.Buffer
|
|
writer := multipart.NewWriter(&body)
|
|
part, _ := writer.CreateFormFile("file", "send-unattached.png")
|
|
part.Write([]byte("\x89PNG\r\n\x1a\nbytes"))
|
|
writer.Close()
|
|
|
|
uploadReq := httptest.NewRequest("POST", "/api/upload-file", &body)
|
|
uploadReq.Header.Set("Content-Type", writer.FormDataContentType())
|
|
uploadReq.Header.Set("X-User-ID", testUserID)
|
|
uploadReq.Header.Set("X-Workspace-ID", testWorkspaceID)
|
|
|
|
uploadW := httptest.NewRecorder()
|
|
testHandler.UploadFile(uploadW, uploadReq)
|
|
if uploadW.Code != http.StatusOK {
|
|
t.Fatalf("upload precondition: %d %s", uploadW.Code, uploadW.Body.String())
|
|
}
|
|
var uploadResp AttachmentResponse
|
|
if err := json.Unmarshal(uploadW.Body.Bytes(), &uploadResp); err != nil {
|
|
t.Fatalf("decode upload: %v", err)
|
|
}
|
|
attachmentID := uploadResp.ID
|
|
t.Cleanup(func() {
|
|
testPool.Exec(context.Background(), `DELETE FROM attachment WHERE id = $1`, attachmentID)
|
|
})
|
|
if uploadResp.ChatSessionID != nil {
|
|
t.Fatalf("pre-send chat_session_id should be nil, got %v", *uploadResp.ChatSessionID)
|
|
}
|
|
if uploadResp.ChatMessageID != nil {
|
|
t.Fatalf("pre-send chat_message_id should be nil, got %v", *uploadResp.ChatMessageID)
|
|
}
|
|
|
|
sendReq := newRequest("POST", "/api/chat-sessions/"+sessionID+"/messages", map[string]any{
|
|
"content": "look at this ",
|
|
"attachment_ids": []string{attachmentID},
|
|
})
|
|
sendReq = withURLParam(sendReq, "sessionId", sessionID)
|
|
sendReq = withChatTestWorkspaceCtx(t, sendReq)
|
|
sendW := httptest.NewRecorder()
|
|
testHandler.SendChatMessage(sendW, sendReq)
|
|
if sendW.Code != http.StatusCreated {
|
|
t.Fatalf("SendChatMessage: expected 201, got %d: %s", sendW.Code, sendW.Body.String())
|
|
}
|
|
|
|
var sendResp SendChatMessageResponse
|
|
if err := json.Unmarshal(sendW.Body.Bytes(), &sendResp); err != nil {
|
|
t.Fatalf("decode send: %v", err)
|
|
}
|
|
|
|
var dbSessionID, dbMessageID *string
|
|
if err := testPool.QueryRow(
|
|
context.Background(),
|
|
`SELECT chat_session_id::text, chat_message_id::text FROM attachment WHERE id = $1`,
|
|
attachmentID,
|
|
).Scan(&dbSessionID, &dbMessageID); err != nil {
|
|
t.Fatalf("query attachment: %v", err)
|
|
}
|
|
if dbSessionID == nil || *dbSessionID != sessionID {
|
|
t.Fatalf("chat_session_id mismatch: want %s, got %v", sessionID, dbSessionID)
|
|
}
|
|
if dbMessageID == nil || *dbMessageID != sendResp.MessageID {
|
|
t.Fatalf("chat_message_id mismatch: want %s, got %v", sendResp.MessageID, dbMessageID)
|
|
}
|
|
}
|
|
|
|
// TestUpdateChatSession_RenamesTitle confirms PATCH writes the new title,
|
|
// returns the updated row, and the server-side row reflects it.
|
|
func TestUpdateChatSession_RenamesTitle(t *testing.T) {
|
|
agentID := createHandlerTestAgent(t, "ChatRenameAgent", []byte("[]"))
|
|
sessionID := createHandlerTestChatSession(t, agentID)
|
|
|
|
req := newRequest("PATCH", "/api/chat/sessions/"+sessionID, map[string]any{
|
|
"title": " Renamed Session ",
|
|
})
|
|
req = withURLParam(req, "sessionId", sessionID)
|
|
req = withChatTestWorkspaceCtx(t, req)
|
|
w := httptest.NewRecorder()
|
|
testHandler.UpdateChatSession(w, req)
|
|
if w.Code != http.StatusOK {
|
|
t.Fatalf("UpdateChatSession: expected 200, got %d: %s", w.Code, w.Body.String())
|
|
}
|
|
|
|
var resp ChatSessionResponse
|
|
if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
|
|
t.Fatalf("decode update: %v", err)
|
|
}
|
|
if resp.Title != "Renamed Session" {
|
|
t.Fatalf("response title: want %q, got %q", "Renamed Session", resp.Title)
|
|
}
|
|
|
|
var dbTitle string
|
|
if err := testPool.QueryRow(
|
|
context.Background(),
|
|
`SELECT title FROM chat_session WHERE id = $1`,
|
|
sessionID,
|
|
).Scan(&dbTitle); err != nil {
|
|
t.Fatalf("query chat_session: %v", err)
|
|
}
|
|
if dbTitle != "Renamed Session" {
|
|
t.Fatalf("db title: want %q, got %q", "Renamed Session", dbTitle)
|
|
}
|
|
}
|
|
|
|
// TestUpdateChatSession_RejectsBlank refuses an empty/whitespace title with 400.
|
|
// (Untitled is a render-side fallback, not a stored value.)
|
|
func TestUpdateChatSession_RejectsBlank(t *testing.T) {
|
|
agentID := createHandlerTestAgent(t, "ChatRenameBlankAgent", []byte("[]"))
|
|
sessionID := createHandlerTestChatSession(t, agentID)
|
|
|
|
req := newRequest("PATCH", "/api/chat/sessions/"+sessionID, map[string]any{
|
|
"title": " ",
|
|
})
|
|
req = withURLParam(req, "sessionId", sessionID)
|
|
req = withChatTestWorkspaceCtx(t, req)
|
|
w := httptest.NewRecorder()
|
|
testHandler.UpdateChatSession(w, req)
|
|
if w.Code != http.StatusBadRequest {
|
|
t.Fatalf("UpdateChatSession blank: expected 400, got %d: %s", w.Code, w.Body.String())
|
|
}
|
|
}
|
|
|
|
// TestSendChatMessage_InvalidAttachmentIDs rejects malformed UUIDs in
|
|
// attachment_ids with 400 before any side effects (no message row created).
|
|
func TestSendChatMessage_InvalidAttachmentIDs(t *testing.T) {
|
|
agentID := createHandlerTestAgent(t, "ChatBadAttachAgent", []byte("[]"))
|
|
sessionID := createHandlerTestChatSession(t, agentID)
|
|
|
|
req := newRequest("POST", "/api/chat-sessions/"+sessionID+"/messages", map[string]any{
|
|
"content": "hi",
|
|
"attachment_ids": []string{"not-a-uuid"},
|
|
})
|
|
req = withURLParam(req, "sessionId", sessionID)
|
|
req = withChatTestWorkspaceCtx(t, req)
|
|
w := httptest.NewRecorder()
|
|
testHandler.SendChatMessage(w, req)
|
|
if w.Code != http.StatusBadRequest {
|
|
t.Fatalf("SendChatMessage with bad attachment id: expected 400, got %d: %s", w.Code, w.Body.String())
|
|
}
|
|
|
|
// Confirm no message row was created.
|
|
var count int
|
|
if err := testPool.QueryRow(
|
|
context.Background(),
|
|
`SELECT count(*) FROM chat_message WHERE chat_session_id = $1`,
|
|
sessionID,
|
|
).Scan(&count); err != nil {
|
|
t.Fatalf("count chat_message: %v", err)
|
|
}
|
|
if count != 0 {
|
|
t.Fatalf("expected 0 chat_message rows after rejected send, got %d", count)
|
|
}
|
|
}
|
|
|
|
func fetchChatMessagesPageForTest(t *testing.T, sessionID string, params url.Values) ChatMessagesPageResponse {
|
|
t.Helper()
|
|
target := "/api/chat/sessions/" + sessionID + "/messages/page"
|
|
if encoded := params.Encode(); encoded != "" {
|
|
target += "?" + encoded
|
|
}
|
|
req := httptest.NewRequest(http.MethodGet, target, nil)
|
|
req.Header.Set("X-User-ID", testUserID)
|
|
req = withURLParam(req, "sessionId", sessionID)
|
|
req = withChatTestWorkspaceCtx(t, req)
|
|
w := httptest.NewRecorder()
|
|
testHandler.ListChatMessagesPage(w, req)
|
|
if w.Code != http.StatusOK {
|
|
t.Fatalf("ListChatMessagesPage: expected 200, got %d: %s", w.Code, w.Body.String())
|
|
}
|
|
var page ChatMessagesPageResponse
|
|
if err := json.Unmarshal(w.Body.Bytes(), &page); err != nil {
|
|
t.Fatalf("decode page messages: %v", err)
|
|
}
|
|
return page
|
|
}
|
|
|
|
func TestListChatMessagesPage_UsesCursorWithoutChangingLegacyList(t *testing.T) {
|
|
agentID := createHandlerTestAgent(t, "ChatCursorPaginationAgent", []byte("[]"))
|
|
sessionID := createHandlerTestChatSession(t, agentID)
|
|
|
|
for i, content := range []string{"oldest", "middle", "newest"} {
|
|
_, err := testPool.Exec(
|
|
context.Background(),
|
|
`INSERT INTO chat_message (chat_session_id, role, content, created_at)
|
|
VALUES ($1, 'user', $2, timestamp '2026-01-01 00:00:00' + ($3::int * interval '1 second'))`,
|
|
sessionID,
|
|
content,
|
|
i,
|
|
)
|
|
if err != nil {
|
|
t.Fatalf("insert chat message %d: %v", i, err)
|
|
}
|
|
}
|
|
|
|
legacyReq := httptest.NewRequest(http.MethodGet, "/api/chat/sessions/"+sessionID+"/messages", nil)
|
|
legacyReq.Header.Set("X-User-ID", testUserID)
|
|
legacyReq = withURLParam(legacyReq, "sessionId", sessionID)
|
|
legacyReq = withChatTestWorkspaceCtx(t, legacyReq)
|
|
legacyW := httptest.NewRecorder()
|
|
testHandler.ListChatMessages(legacyW, legacyReq)
|
|
if legacyW.Code != http.StatusOK {
|
|
t.Fatalf("ListChatMessages: expected 200, got %d: %s", legacyW.Code, legacyW.Body.String())
|
|
}
|
|
var legacy []ChatMessageResponse
|
|
if err := json.Unmarshal(legacyW.Body.Bytes(), &legacy); err != nil {
|
|
t.Fatalf("decode legacy messages: %v", err)
|
|
}
|
|
if len(legacy) != 3 || legacy[0].Content != "oldest" || legacy[2].Content != "newest" {
|
|
t.Fatalf("legacy messages = %#v", legacy)
|
|
}
|
|
|
|
latest := fetchChatMessagesPageForTest(t, sessionID, url.Values{"limit": {"2"}})
|
|
if latest.Limit != 2 || !latest.HasMore || latest.NextCursor == nil {
|
|
t.Fatalf("latest page metadata = %#v", latest)
|
|
}
|
|
if len(latest.Messages) != 2 || latest.Messages[0].Content != "middle" || latest.Messages[1].Content != "newest" {
|
|
t.Fatalf("latest page messages = %#v", latest)
|
|
}
|
|
|
|
older := fetchChatMessagesPageForTest(t, sessionID, url.Values{
|
|
"limit": {"2"},
|
|
"before_created_at": {latest.NextCursor.CreatedAt},
|
|
"before_id": {latest.NextCursor.ID},
|
|
})
|
|
if older.HasMore || older.NextCursor != nil {
|
|
t.Fatalf("older page metadata = %#v", older)
|
|
}
|
|
if len(older.Messages) != 1 || older.Messages[0].Content != "oldest" {
|
|
t.Fatalf("older page messages = %#v", older)
|
|
}
|
|
}
|
|
|
|
func TestListChatMessagesPage_CursorTieBreaksSameTimestampWithoutDupesOrGaps(t *testing.T) {
|
|
agentID := createHandlerTestAgent(t, "ChatCursorTieBreakAgent", []byte("[]"))
|
|
sessionID := createHandlerTestChatSession(t, agentID)
|
|
|
|
contents := []string{"a", "b", "c", "d", "e"}
|
|
for _, content := range contents {
|
|
_, err := testPool.Exec(
|
|
context.Background(),
|
|
`INSERT INTO chat_message (chat_session_id, role, content, created_at)
|
|
VALUES ($1, 'user', $2, timestamp '2026-01-01 00:00:00')`,
|
|
sessionID,
|
|
content,
|
|
)
|
|
if err != nil {
|
|
t.Fatalf("insert chat message %q: %v", content, err)
|
|
}
|
|
}
|
|
|
|
seen := map[string]bool{}
|
|
var ordered []string
|
|
params := url.Values{"limit": {"2"}}
|
|
for {
|
|
page := fetchChatMessagesPageForTest(t, sessionID, params)
|
|
for _, msg := range page.Messages {
|
|
if seen[msg.ID] {
|
|
t.Fatalf("duplicate message id %s across cursor pages", msg.ID)
|
|
}
|
|
seen[msg.ID] = true
|
|
ordered = append(ordered, msg.Content)
|
|
}
|
|
if !page.HasMore {
|
|
if page.NextCursor != nil {
|
|
t.Fatalf("terminal page has next cursor: %#v", page.NextCursor)
|
|
}
|
|
break
|
|
}
|
|
if page.NextCursor == nil {
|
|
t.Fatalf("has_more page missing next cursor: %#v", page)
|
|
}
|
|
params = url.Values{
|
|
"limit": {"2"},
|
|
"before_created_at": {page.NextCursor.CreatedAt},
|
|
"before_id": {page.NextCursor.ID},
|
|
}
|
|
}
|
|
|
|
if len(ordered) != len(contents) {
|
|
t.Fatalf("expected %d messages across pages, got %d: %v", len(contents), len(ordered), ordered)
|
|
}
|
|
// Pages are newest-window first and chronological within each page. With all
|
|
// timestamps equal, the id tie-break must still produce a deterministic,
|
|
// gap-free traversal.
|
|
for _, content := range contents {
|
|
found := false
|
|
for _, got := range ordered {
|
|
if got == content {
|
|
found = true
|
|
break
|
|
}
|
|
}
|
|
if !found {
|
|
t.Fatalf("missing content %q across cursor pages: %v", content, ordered)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestListChatMessagesPage_RejectsInvalidLimit(t *testing.T) {
|
|
agentID := createHandlerTestAgent(t, "ChatPaginationBadLimitAgent", []byte("[]"))
|
|
sessionID := createHandlerTestChatSession(t, agentID)
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/api/chat/sessions/"+sessionID+"/messages/page?limit=0", nil)
|
|
req.Header.Set("X-User-ID", testUserID)
|
|
req = withURLParam(req, "sessionId", sessionID)
|
|
req = withChatTestWorkspaceCtx(t, req)
|
|
w := httptest.NewRecorder()
|
|
testHandler.ListChatMessagesPage(w, req)
|
|
if w.Code != http.StatusBadRequest {
|
|
t.Fatalf("ListChatMessagesPage invalid limit: expected 400, got %d: %s", w.Code, w.Body.String())
|
|
}
|
|
}
|
|
|
|
// TestDeleteChatSession_PrunesChannelChatSessionBinding verifies the
|
|
// application-layer replacement for the channel_chat_session_binding
|
|
// chat_session-FK cascade (MUL-3515 §4): deleting a chat session prunes its
|
|
// channel binding in the same tx that deletes the session row.
|
|
func TestDeleteChatSession_PrunesChannelChatSessionBinding(t *testing.T) {
|
|
agentID := createHandlerTestAgent(t, "ChatDeleteBindingAgent", []byte("[]"))
|
|
sessionID := createHandlerTestChatSession(t, agentID)
|
|
ctx := context.Background()
|
|
|
|
const appID = "cli_chat_delete_binding"
|
|
const channelChatID = "oc_chat_delete_binding"
|
|
|
|
// channel_* rows have no FK to chat_session/workspace (MUL-3515 §4), so
|
|
// they outlive the helper's chat_session cleanup; clear by deterministic
|
|
// key before and after.
|
|
cleanChannel := func() {
|
|
_, _ = testPool.Exec(context.Background(),
|
|
`DELETE FROM channel_chat_session_binding WHERE channel_chat_id = $1`, channelChatID)
|
|
_, _ = testPool.Exec(context.Background(),
|
|
`DELETE FROM channel_installation WHERE channel_type = 'feishu' AND config->>'app_id' = $1`, appID)
|
|
}
|
|
cleanChannel()
|
|
t.Cleanup(cleanChannel)
|
|
|
|
var installID string
|
|
if err := testPool.QueryRow(ctx, `
|
|
INSERT INTO channel_installation (workspace_id, agent_id, channel_type, config, installer_user_id)
|
|
VALUES ($1, $2, 'feishu', jsonb_build_object('app_id', $3::text), $4)
|
|
RETURNING id
|
|
`, testWorkspaceID, agentID, appID, testUserID).Scan(&installID); err != nil {
|
|
t.Fatalf("insert channel_installation: %v", err)
|
|
}
|
|
|
|
if _, err := testPool.Exec(ctx, `
|
|
INSERT INTO channel_chat_session_binding (chat_session_id, installation_id, channel_type, channel_chat_id, chat_type)
|
|
VALUES ($1, $2, 'feishu', $3, 'p2p')
|
|
`, sessionID, installID, channelChatID); err != nil {
|
|
t.Fatalf("insert channel_chat_session_binding: %v", err)
|
|
}
|
|
|
|
req := httptest.NewRequest(http.MethodDelete, "/api/chat/sessions/"+sessionID, nil)
|
|
req.Header.Set("X-User-ID", testUserID)
|
|
req = withURLParam(req, "sessionId", sessionID)
|
|
req = withChatTestWorkspaceCtx(t, req)
|
|
w := httptest.NewRecorder()
|
|
testHandler.DeleteChatSession(w, req)
|
|
|
|
if w.Code != http.StatusNoContent {
|
|
t.Fatalf("DeleteChatSession: expected 204, got %d: %s", w.Code, w.Body.String())
|
|
}
|
|
|
|
var bindingExists bool
|
|
if err := testPool.QueryRow(ctx,
|
|
`SELECT EXISTS (SELECT 1 FROM channel_chat_session_binding WHERE channel_chat_id = $1)`, channelChatID).Scan(&bindingExists); err != nil {
|
|
t.Fatalf("query chat session binding: %v", err)
|
|
}
|
|
if bindingExists {
|
|
t.Fatal("deleted chat session's channel_chat_session_binding was not pruned")
|
|
}
|
|
}
|