diff --git a/.agent/skills/smoke-test/SKILL.md b/.agent/skills/smoke-test/SKILL.md index 263b05a9f..c185068cd 100644 --- a/.agent/skills/smoke-test/SKILL.md +++ b/.agent/skills/smoke-test/SKILL.md @@ -97,14 +97,14 @@ smoke-test/ 2. **Check frontend service** - Visit `http://localhost:2026` and verify that the page loads 3. **Check API Gateway** - Verify the `http://localhost:2026/health` endpoint 4. **Check LangGraph-compatible API** - Verify the `/api/langgraph/*` route exposed by Gateway -5. **Frontend route smoke check** - Run `bash .agent/skills/smoke-test/scripts/frontend_check.sh` to verify key routes under `/workspace` +5. **Frontend route smoke check** - Run `bash .agent/skills/smoke-test/scripts/frontend_check.sh` to verify key routes under `/workspace`. The script auto-detects whether authentication is enabled and, if so, registers / logs in a smoke-test user so the real pages are verified rather than the login redirect. **Docker mode health check** (when using Docker): 1. **Check container status** - Run `docker ps` and confirm that all containers are running 2. **Check frontend service** - Visit `http://localhost:2026` and verify that the page loads 3. **Check API Gateway** - Verify the `http://localhost:2026/health` endpoint 4. **Check LangGraph-compatible API** - Verify the `/api/langgraph/*` route exposed by Gateway -5. **Frontend route smoke check** - Run `bash .agent/skills/smoke-test/scripts/frontend_check.sh` to verify key routes under `/workspace` +5. **Frontend route smoke check** - Run `bash .agent/skills/smoke-test/scripts/frontend_check.sh` to verify key routes under `/workspace`. The script auto-detects whether authentication is enabled and, if so, registers / logs in a smoke-test user so the real pages are verified rather than the login redirect. ### Optional Functional Verification @@ -136,6 +136,7 @@ smoke-test/ The following warnings can appear during smoke testing and do not block a successful result: - Feishu/Lark SSL errors in Gateway logs (certificate verification failure) can be ignored if that channel is not enabled - Warnings in Gateway logs about missing methods in the custom checkpointer, such as `adelete_for_runs` or `aprune`, do not affect the core functionality +- The `frontend_check.sh` script automatically handles authentication. When auth is enabled it registers / logs in a smoke-test user (`smoke-test@deerflow.dev` by default) to verify the real `/workspace/*` pages. The registration may produce a log entry from the auth provider, which is expected and harmless. ## Key Tools diff --git a/.agent/skills/smoke-test/references/SOP.md b/.agent/skills/smoke-test/references/SOP.md index 0dfac7c1a..6b2cca888 100644 --- a/.agent/skills/smoke-test/references/SOP.md +++ b/.agent/skills/smoke-test/references/SOP.md @@ -361,6 +361,22 @@ curl http://localhost:2026/health --- +#### 5.1.5 Frontend Route Smoke Check + +**Objective**: Verify key `/workspace/*` frontend routes render correctly. + +**Steps**: +1. Run `bash .agent/skills/smoke-test/scripts/frontend_check.sh`. +2. The script auto-detects whether authentication (`DEER_FLOW_AUTH_DISABLED`) is enabled. +3. When auth is on, the script registers / logs in a smoke-test user (`smoke-test@deerflow.dev` by default) and passes the session cookie so the real `/workspace/*` pages are verified — not the login redirect. +4. When auth is off, the routes are checked anonymously as before. + +**Customisation**: +- `SMOKE_TEST_EMAIL` — email for the test account (default: `smoke-test@deerflow.dev`). +- `SMOKE_TEST_PASSWORD` — password for the test account (default: `SmokeTest123!`). + +--- + ### 5.2 Docker Mode Health Check (When Using Docker) #### 5.2.1 Check Container Status @@ -411,6 +427,22 @@ curl http://localhost:2026/health --- +#### 5.2.5 Frontend Route Smoke Check + +**Objective**: Verify key `/workspace/*` frontend routes render correctly. + +**Steps**: +1. Run `bash .agent/skills/smoke-test/scripts/frontend_check.sh`. +2. The script auto-detects whether authentication (`DEER_FLOW_AUTH_DISABLED`) is enabled. +3. When auth is on, the script registers / logs in a smoke-test user (`smoke-test@deerflow.dev` by default) and passes the session cookie so the real `/workspace/*` pages are verified — not the login redirect. +4. When auth is off, the routes are checked anonymously as before. + +**Customisation**: +- `SMOKE_TEST_EMAIL` — email for the test account (default: `smoke-test@deerflow.dev`). +- `SMOKE_TEST_PASSWORD` — password for the test account (default: `SmokeTest123!`). + +--- + ## Optional Functional Verification ### 6.1 List Available Models diff --git a/.agent/skills/smoke-test/scripts/frontend_check.sh b/.agent/skills/smoke-test/scripts/frontend_check.sh index 4fcaf031b..024ce32f3 100644 --- a/.agent/skills/smoke-test/scripts/frontend_check.sh +++ b/.agent/skills/smoke-test/scripts/frontend_check.sh @@ -9,6 +9,99 @@ echo "" BASE_URL="${BASE_URL:-http://localhost:2026}" DOC_PATH="${DOC_PATH:-/en/docs}" +# When the gateway has authentication enabled (DEER_FLOW_AUTH_DISABLED != 1), +# protected /workspace/* routes redirect anonymous requests to /login. +# We detect auth, register / log in a smoke-test user, and pass the session +# cookie to all curl calls so the real pages are verified, not the login form. +SMOKE_TEST_EMAIL="${SMOKE_TEST_EMAIL:-smoke-test@deerflow.dev}" +SMOKE_TEST_PASSWORD="${SMOKE_TEST_PASSWORD:-SmokeTest123!}" +COOKIE_JAR=$(mktemp /tmp/deerflow-smoke-cookies.XXXXXX) +trap 'rm -f "$COOKIE_JAR"' EXIT +CURL_AUTH_OPTS="" + +authenticate() { + # Make sure the service is reachable before detecting auth + local health + health=$(curl -s -o /dev/null -w "%{http_code}" "${BASE_URL}/" 2>/dev/null) + if [ "$health" = "000" ]; then + echo "✗ Cannot reach ${BASE_URL} — is the service running?" + return 1 + fi + + # A protected endpoint returns 401 when auth is on + local auth_check + auth_check=$(curl -s -o /dev/null -w "%{http_code}" "${BASE_URL}/api/models" 2>/dev/null) + if [ "$auth_check" != "401" ]; then + echo "ℹ Auth is disabled — no login needed" + return 0 + fi + + echo "🔐 Auth is enabled — setting up smoke test session..." + + # Check whether the system needs first-boot initialization + local needs_setup + needs_setup=$(curl -s "${BASE_URL}/api/v1/auth/setup-status" \ + | grep -o '"needs_setup":[^,}]*' | grep -o 'true\|false') + if [ "$needs_setup" = "true" ]; then + echo " Initializing system with smoke test admin..." + local init_code + init_code=$(curl -s -o /dev/null -w "%{http_code}" \ + -X POST "${BASE_URL}/api/v1/auth/initialize" \ + -H "Content-Type: application/json" \ + -d "{\"email\":\"${SMOKE_TEST_EMAIL}\",\"password\":\"${SMOKE_TEST_PASSWORD}\"}" \ + -c "$COOKIE_JAR" 2>/dev/null) + if [ "$init_code" != "201" ]; then + echo "✗ Initialize failed (HTTP $init_code)" + return 1 + fi + echo "✓ Admin initialized & logged in" + elif [ -z "$needs_setup" ]; then + echo "⚠ Could not determine setup status — skipping initialize, trying register/login" + else + # Register first — on success (201) it also auto-logs-in via the cookie. + # This avoids a wasted login attempt that counts toward rate-limiting. + local auth_code + auth_code=$(curl -s -o /dev/null -w "%{http_code}" \ + -X POST "${BASE_URL}/api/v1/auth/register" \ + -H "Content-Type: application/json" \ + -d "{\"email\":\"${SMOKE_TEST_EMAIL}\",\"password\":\"${SMOKE_TEST_PASSWORD}\"}" \ + -c "$COOKIE_JAR" 2>/dev/null) + + if [ "$auth_code" = "201" ]; then + echo "✓ Registered as ${SMOKE_TEST_EMAIL}" + else + # User already exists — clear stale cookies from register attempt, then log in + : > "$COOKIE_JAR" + local login_code + login_code=$(curl -s -o /dev/null -w "%{http_code}" \ + -X POST "${BASE_URL}/api/v1/auth/login/local" \ + --data-urlencode "username=${SMOKE_TEST_EMAIL}" \ + --data-urlencode "password=${SMOKE_TEST_PASSWORD}" \ + -c "$COOKIE_JAR" 2>/dev/null) + if [ "$login_code" != "200" ]; then + echo "✗ Login failed (HTTP $login_code)" + return 1 + fi + echo "✓ Logged in as ${SMOKE_TEST_EMAIL}" + fi + fi + + # Verify the session cookie works across all branches + local me_code + me_code=$(curl -s -o /dev/null -w "%{http_code}" \ + -b "$COOKIE_JAR" "${BASE_URL}/api/v1/auth/me" 2>/dev/null) + + if [ "$me_code" = "200" ]; then + echo "✓ Session verified for ${SMOKE_TEST_EMAIL}" + CURL_AUTH_OPTS="-b $COOKIE_JAR" + return 0 + fi + + echo "✗ Auth failed — session cookie not accepted (HTTP $me_code)" + echo " Set SMOKE_TEST_EMAIL / SMOKE_TEST_PASSWORD or check the existing account" + return 1 +} + all_passed=true check_status() { @@ -17,7 +110,7 @@ check_status() { local expected_re="$3" local status - status="$(curl -s -o /dev/null -w "%{http_code}" -L "$url")" + status="$(curl -s -o /dev/null -w "%{http_code}" -L ${CURL_AUTH_OPTS} "$url")" if echo "$status" | grep -Eq "$expected_re"; then echo "✓ $name ($url) -> $status" else @@ -32,7 +125,7 @@ check_final_url() { local expected_path_re="$3" local effective - effective="$(curl -s -o /dev/null -w "%{url_effective}" -L "$url")" + effective="$(curl -s -o /dev/null -w "%{url_effective}" -L ${CURL_AUTH_OPTS} "$url")" if echo "$effective" | grep -Eq "$expected_path_re"; then echo "✓ $name redirect target -> $effective" else @@ -41,6 +134,10 @@ check_final_url() { fi } +# Authenticate before checking protected routes +authenticate || exit 1 + +echo "" echo "1. Checking entry pages..." check_status "Landing page" "${BASE_URL}/" "200" check_status "Workspace redirect" "${BASE_URL}/workspace" "200|301|302|307|308" @@ -49,8 +146,11 @@ echo "" echo "2. Checking key workspace routes..." check_status "New chat page" "${BASE_URL}/workspace/chats/new" "200" +check_final_url "New chat page" "${BASE_URL}/workspace/chats/new" "/workspace/" check_status "Chats list page" "${BASE_URL}/workspace/chats" "200" +check_final_url "Chats list page" "${BASE_URL}/workspace/chats" "/workspace/" check_status "Agents gallery page" "${BASE_URL}/workspace/agents" "200" +check_final_url "Agents gallery page" "${BASE_URL}/workspace/agents" "/workspace/agents" echo "" echo "3. Checking docs route (optional)..."