Files
steipete--codexbar/Tests/CodexBarTests/CodexAccountCompositeGuardTests.swift
2026-07-13 12:22:33 +08:00

146 lines
6.0 KiB
Swift

import CodexBarCore
import Foundation
import Testing
@testable import CodexBar
@MainActor
extension CodexAccountScopedRefreshTests {
@Test
func `shared workspace rejects stale member results without fingerprints`() {
self.assertSharedWorkspaceMemberSwitchRejectsStaleResults(
suite: "CodexAccountScopedRefreshTests-shared-workspace-nil-fingerprint",
authFingerprint: nil)
}
@Test
func `shared workspace rejects stale member results with stable fingerprints`() {
self.assertSharedWorkspaceMemberSwitchRejectsStaleResults(
suite: "CodexAccountScopedRefreshTests-shared-workspace-stable-fingerprint",
authFingerprint: "stable-auth")
}
@Test
func `provider identity without email fails every scoped guard closed`() {
let settings = self.makeSettingsStore(
suite: "CodexAccountScopedRefreshTests-provider-identity-missing-email")
settings.refreshFrequency = .manual
settings._test_liveSystemCodexAccount = self.providerAccount(
email: " ",
authFingerprint: nil,
workspaceLabel: "Workspace")
let store = self.makeUsageStore(settings: settings)
let expectedGuard = CodexAccountScopedRefreshGuard(
source: .liveSystem,
identity: .providerAccount(id: "shared-workspace"),
accountKey: nil,
authFingerprint: nil)
self.expectEveryScopedGuardRejects(
store: store,
expectedGuard: expectedGuard,
staleEmail: nil)
#expect(!UsageStore.codexScopedRefreshGuardsMatchAccount(expectedGuard, expectedGuard))
}
@Test
func `same member auth rotation keeps success admission policy`() {
let settings = self.makeSettingsStore(
suite: "CodexAccountScopedRefreshTests-same-member-auth-rotation")
settings.refreshFrequency = .manual
settings._test_liveSystemCodexAccount = self.providerAccount(
email: "Member@Example.com",
authFingerprint: "old-auth",
workspaceLabel: "Old label")
let store = self.makeUsageStore(settings: settings)
let expectedGuard = store.freshCodexAccountScopedRefreshGuard()
settings._test_liveSystemCodexAccount = self.providerAccount(
email: " member@example.com ",
authFingerprint: "new-auth",
workspaceLabel: "New label")
let usage = self.codexSnapshot(email: "member@example.com", usedPercent: 25)
#expect(store.shouldApplyCodexUsageResult(expectedGuard: expectedGuard, usage: usage))
#expect(store.shouldApplyCodexScopedNonUsageResult(expectedGuard: expectedGuard))
#expect(store.shouldApplyOpenAIDashboardRefreshGuard(
expectedGuard: expectedGuard,
routingTargetEmail: "member@example.com"))
#expect(store.shouldApplyOpenAIDashboardPolicyResult(
expectedGuard: expectedGuard,
routingTargetEmail: "member@example.com"))
#expect(!store.shouldApplyCodexScopedFailure(expectedGuard: expectedGuard))
#expect(!store.shouldApplyCodexScopedNonUsageFailure(expectedGuard: expectedGuard))
#expect(!store.shouldApplyOpenAIWebNonSuccessResult(
expectedGuard: expectedGuard,
routingTargetEmail: "member@example.com"))
}
private func assertSharedWorkspaceMemberSwitchRejectsStaleResults(
suite: String,
authFingerprint: String?)
{
let settings = self.makeSettingsStore(suite: suite)
settings.refreshFrequency = .manual
settings._test_liveSystemCodexAccount = self.providerAccount(
email: "alpha@example.com",
authFingerprint: authFingerprint,
workspaceLabel: "Alpha")
let store = self.makeUsageStore(settings: settings)
let expectedGuard = store.freshCodexAccountScopedRefreshGuard()
#expect(expectedGuard.identity == .providerAccount(id: "shared-workspace"))
#expect(expectedGuard.accountKey == "alpha@example.com")
settings._test_liveSystemCodexAccount = self.providerAccount(
email: "beta@example.com",
authFingerprint: authFingerprint,
workspaceLabel: "Beta")
self.expectEveryScopedGuardRejects(
store: store,
expectedGuard: expectedGuard,
staleEmail: "alpha@example.com")
#expect(!UsageStore.codexScopedRefreshGuardsMatchAccount(
expectedGuard,
store.freshCodexAccountScopedRefreshGuard()))
}
private func expectEveryScopedGuardRejects(
store: UsageStore,
expectedGuard: CodexAccountScopedRefreshGuard,
staleEmail: String?)
{
let usage = self.codexSnapshot(email: staleEmail ?? "", usedPercent: 25)
#expect(!store.shouldApplyCodexUsageResult(expectedGuard: expectedGuard, usage: usage))
#expect(!store.shouldApplyCodexScopedFailure(expectedGuard: expectedGuard))
#expect(!store.shouldApplyCodexScopedNonUsageResult(expectedGuard: expectedGuard))
#expect(!store.shouldApplyCodexScopedNonUsageFailure(expectedGuard: expectedGuard))
#expect(!store.shouldApplyOpenAIDashboardRefreshGuard(
expectedGuard: expectedGuard,
routingTargetEmail: staleEmail))
#expect(!store.shouldApplyOpenAIWebNonSuccessResult(
expectedGuard: expectedGuard,
routingTargetEmail: staleEmail))
#expect(!store.shouldApplyOpenAIDashboardPolicyResult(
expectedGuard: expectedGuard,
routingTargetEmail: staleEmail))
}
private func providerAccount(
email: String,
authFingerprint: String?,
workspaceLabel: String) -> ObservedSystemCodexAccount
{
ObservedSystemCodexAccount(
email: email,
workspaceLabel: workspaceLabel,
workspaceAccountID: "shared-workspace",
authFingerprint: authFingerprint,
codexHomePath: "/Users/test/.codex",
observedAt: Date(),
identity: .providerAccount(id: "shared-workspace"))
}
}