roberto/adiuva-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

step 10 complete: plugin marketplace with catalog, review workflow, and revenue split

Browse Source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
roberto
2026-03-02 22:32:44 +01:00
parent 3e07fff958
commit 8f7bc25611
7 changed files with 962 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

387
tests/test_plugins.py Normal file
View File

@@ -0,0 +1,387 @@
"""Tests for Step 10: Plugin Marketplace.
Covers:
- PluginRegistry: catalog management, filtering, sorting, install counts
- ReviewQueue: pending queue, review decisions, manifest security checklist
- RevenueShare: install event recording, earnings aggregation
- Route integration: tier gate, list/get/install/uninstall via TestClient
"""
from __future__ import annotations
import time
import uuid
import pytest
import pytest_asyncio
from fastapi.testclient import TestClient
from jose import jwt
from unittest.mock import patch
from app.config.settings import settings
from app.main import app
from app.marketplace.plugin_registry import PluginRegistry
from app.marketplace.plugin_review import ReviewQueue, validate_manifest
from app.marketplace.revenue_share import RevenueShare
from app.schemas import PluginManifest
# ---------------------------------------------------------------------------
# Helpers
# ---------------------------------------------------------------------------
def _make_jwt(tier: str = "power", user_id: str | None = None) -> str:
uid = user_id or str(uuid.uuid4())
now = int(time.time())
payload = {
"sub": uid,
"email": f"{uid[:8]}@example.com",
"tier": tier,
"exp": now + 3600,
"iat": now,
}
return jwt.encode(payload, settings.JWT_SECRET, algorithm=settings.JWT_ALGORITHM)
def _auth(tier: str = "power") -> dict[str, str]:
return {"Authorization": f"Bearer {_make_jwt(tier)}"}
def _fresh_manifest(
plugin_id: str | None = None,
category: str = "productivity",
price_cents: int = 0,
permissions: list[str] | None = None,
) -> PluginManifest:
pid = plugin_id or f"plugin-{uuid.uuid4().hex[:8]}"
return PluginManifest(
id=pid,
name=f"Plugin {pid}",
description=f"Description for {pid}",
version="1.0.0",
author="test-author",
permissions=permissions or ["read:tasks"],
category=category,
price_cents=price_cents,
)
# ---------------------------------------------------------------------------
# PluginRegistry
# ---------------------------------------------------------------------------
class TestPluginRegistry:
"""Each test uses a fresh PluginRegistry instance to avoid catalog pollution."""
@pytest.fixture
def reg(self) -> PluginRegistry:
return PluginRegistry()
@pytest.mark.asyncio
async def test_seed_plugins_are_approved(self, reg: PluginRegistry) -> None:
result = await reg.list_plugins()
assert result.total == 3
assert all(p.id.startswith("plugin-") for p in result.plugins)
@pytest.mark.asyncio
async def test_list_approved_only(self, reg: PluginRegistry) -> None:
manifest = _fresh_manifest()
await reg.submit_plugin(manifest, "plugins/key.zip")
result = await reg.list_plugins()
ids = [p.id for p in result.plugins]
assert manifest.id not in ids # still pending
@pytest.mark.asyncio
async def test_list_filter_by_category(self, reg: PluginRegistry) -> None:
result = await reg.list_plugins(category="communication")
assert result.total == 1
assert result.plugins[0].id == "plugin-slack-notify"
@pytest.mark.asyncio
async def test_list_filter_by_query(self, reg: PluginRegistry) -> None:
result = await reg.list_plugins(query="time")
assert result.total == 1
assert result.plugins[0].id == "plugin-time-tracker"
@pytest.mark.asyncio
async def test_list_sort_by_installs(self, reg: PluginRegistry) -> None:
await reg.record_install("plugin-slack-notify")
await reg.record_install("plugin-slack-notify")
result = await reg.list_plugins(sort="installs")
assert result.plugins[0].id == "plugin-slack-notify"
@pytest.mark.asyncio
async def test_get_plugin_found(self, reg: PluginRegistry) -> None:
entry = await reg.get_plugin("plugin-github-sync")
assert entry is not None
assert entry["manifest"].id == "plugin-github-sync"
assert "install_count" in entry
@pytest.mark.asyncio
async def test_get_plugin_not_found(self, reg: PluginRegistry) -> None:
entry = await reg.get_plugin("no-such-plugin")
assert entry is None
@pytest.mark.asyncio
async def test_submit_sets_pending(self, reg: PluginRegistry) -> None:
manifest = _fresh_manifest()
plugin_id = await reg.submit_plugin(manifest, "key.zip")
assert plugin_id == manifest.id
assert reg._catalog[plugin_id]["status"] == "pending_review"
@pytest.mark.asyncio
async def test_approve_makes_visible(self, reg: PluginRegistry) -> None:
manifest = _fresh_manifest()
await reg.submit_plugin(manifest, "key.zip")
await reg.approve_plugin(manifest.id)
result = await reg.list_plugins()
assert manifest.id in [p.id for p in result.plugins]
@pytest.mark.asyncio
async def test_reject_stores_reason(self, reg: PluginRegistry) -> None:
manifest = _fresh_manifest()
await reg.submit_plugin(manifest, "key.zip")
await reg.reject_plugin(manifest.id, reason="Unsafe permissions")
assert reg._catalog[manifest.id]["status"] == "rejected"
assert reg._catalog[manifest.id]["rejection_reason"] == "Unsafe permissions"
result = await reg.list_plugins()
assert manifest.id not in [p.id for p in result.plugins]
@pytest.mark.asyncio
async def test_approve_unknown_raises_key_error(self, reg: PluginRegistry) -> None:
with pytest.raises(KeyError):
await reg.approve_plugin("ghost-plugin")
@pytest.mark.asyncio
async def test_record_install_increments_count(self, reg: PluginRegistry) -> None:
await reg.record_install("plugin-github-sync")
entry = await reg.get_plugin("plugin-github-sync")
assert entry is not None
assert entry["install_count"] == 1
@pytest.mark.asyncio
async def test_record_uninstall_decrements_count(self, reg: PluginRegistry) -> None:
await reg.record_install("plugin-github-sync")
await reg.record_install("plugin-github-sync")
await reg.record_uninstall("plugin-github-sync")
entry = await reg.get_plugin("plugin-github-sync")
assert entry is not None
assert entry["install_count"] == 1
@pytest.mark.asyncio
async def test_record_uninstall_floors_at_zero(self, reg: PluginRegistry) -> None:
await reg.record_uninstall("plugin-github-sync") # already 0
entry = await reg.get_plugin("plugin-github-sync")
assert entry is not None
assert entry["install_count"] == 0
# ---------------------------------------------------------------------------
# ReviewQueue
# ---------------------------------------------------------------------------
class TestReviewQueue:
@pytest.fixture
def reg(self) -> PluginRegistry:
return PluginRegistry()
@pytest.fixture
def queue(self, reg: PluginRegistry) -> ReviewQueue:
# Patch the 'registry' name as bound inside plugin_review.py
with patch("app.marketplace.plugin_review.registry", reg):
yield ReviewQueue()
@pytest.mark.asyncio
async def test_get_pending_returns_submitted_plugins(
self, reg: PluginRegistry, queue: ReviewQueue
) -> None:
manifest = _fresh_manifest()
await reg.submit_plugin(manifest, "key.zip")
pending = await queue.get_pending()
assert any(p["plugin_id"] == manifest.id for p in pending)
@pytest.mark.asyncio
async def test_submit_review_approved(
self, reg: PluginRegistry, queue: ReviewQueue
) -> None:
manifest = _fresh_manifest()
await reg.submit_plugin(manifest, "key.zip")
await queue.submit_review(manifest.id, "reviewer-1", "approved", "Looks good")
assert reg._catalog[manifest.id]["status"] == "approved"
@pytest.mark.asyncio
async def test_submit_review_rejected(
self, reg: PluginRegistry, queue: ReviewQueue
) -> None:
manifest = _fresh_manifest()
await reg.submit_plugin(manifest, "key.zip")
await queue.submit_review(manifest.id, "reviewer-1", "rejected", "Bad permissions")
assert reg._catalog[manifest.id]["status"] == "rejected"
def test_validate_manifest_ok(self) -> None:
manifest = _fresh_manifest(permissions=["read:tasks", "write:notes"])
validate_manifest(manifest) # should not raise
def test_validate_manifest_unknown_permission(self) -> None:
manifest = _fresh_manifest(permissions=["read:tasks", "read:secrets"])
with pytest.raises(ValueError, match="Unknown permission"):
validate_manifest(manifest)
def test_validate_manifest_invalid_id_format(self) -> None:
manifest = _fresh_manifest(plugin_id="Plugin_ID_Invalid")
with pytest.raises(ValueError, match="Invalid plugin id format"):
validate_manifest(manifest)
def test_validate_manifest_id_with_uppercase(self) -> None:
manifest = _fresh_manifest(plugin_id="UpperCase")
with pytest.raises(ValueError, match="Invalid plugin id format"):
validate_manifest(manifest)
# ---------------------------------------------------------------------------
# RevenueShare
# ---------------------------------------------------------------------------
class TestRevenueShare:
@pytest.fixture
def reg(self) -> PluginRegistry:
return PluginRegistry()
@pytest.fixture
def rs(self, reg: PluginRegistry) -> RevenueShare:
# Patch the 'registry' name as bound inside revenue_share.py
with patch("app.marketplace.revenue_share.registry", reg):
yield RevenueShare()
@pytest.mark.asyncio
async def test_record_install_free_plugin(
self, reg: PluginRegistry, rs: RevenueShare
) -> None:
await rs.record_install("plugin-github-sync", "user-1", amount_cents=0)
assert len(rs._events) == 1
assert rs._events[0]["developer_share_cents"] == 0
@pytest.mark.asyncio
async def test_record_install_paid_plugin_no_stripe(
self, reg: PluginRegistry, rs: RevenueShare
) -> None:
# No STRIPE_SECRET_KEY configured in test env — should not crash
await rs.record_install("plugin-slack-notify", "user-2", amount_cents=499)
assert len(rs._events) == 1
assert rs._events[0]["amount_cents"] == 499
assert rs._events[0]["developer_share_cents"] == int(499 * 0.70)
@pytest.mark.asyncio
async def test_record_install_increments_registry_count(
self, reg: PluginRegistry, rs: RevenueShare
) -> None:
await rs.record_install("plugin-github-sync", "user-1", amount_cents=0)
entry = await reg.get_plugin("plugin-github-sync")
assert entry is not None
assert entry["install_count"] == 1
@pytest.mark.asyncio
async def test_get_earnings_empty(
self, reg: PluginRegistry, rs: RevenueShare
) -> None:
result = await rs.get_earnings("unknown-dev")
assert result["total_installs"] == 0
assert result["total_revenue_cents"] == 0
assert result["developer_share_cents"] == 0
@pytest.mark.asyncio
async def test_get_earnings_aggregates(
self, reg: PluginRegistry, rs: RevenueShare
) -> None:
# "Adiuva" is the author of the seeded plugins
await rs.record_install("plugin-slack-notify", "u1", amount_cents=499)
await rs.record_install("plugin-slack-notify", "u2", amount_cents=499)
result = await rs.get_earnings("Adiuva")
assert result["total_installs"] == 2
assert result["total_revenue_cents"] == 998
assert result["developer_share_cents"] == int(499 * 0.70) * 2
# ---------------------------------------------------------------------------
# Route integration tests
# ---------------------------------------------------------------------------
class TestPluginRoutes:
def test_list_plugins_requires_power_tier(self) -> None:
with TestClient(app) as client:
resp = client.get("/api/v1/plugins", headers=_auth("free"))
assert resp.status_code == 403
def test_list_plugins_pro_tier_blocked(self) -> None:
with TestClient(app) as client:
resp = client.get("/api/v1/plugins", headers=_auth("pro"))
assert resp.status_code == 403
def test_list_plugins_power_tier_ok(self) -> None:
with TestClient(app) as client:
resp = client.get("/api/v1/plugins", headers=_auth("power"))
assert resp.status_code == 200
data = resp.json()
assert "plugins" in data
assert data["total"] >= 3
def test_list_plugins_team_tier_ok(self) -> None:
with TestClient(app) as client:
resp = client.get("/api/v1/plugins", headers=_auth("team"))
assert resp.status_code == 200
def test_get_plugin_found(self) -> None:
with TestClient(app) as client:
resp = client.get("/api/v1/plugins/plugin-github-sync", headers=_auth())
assert resp.status_code == 200
data = resp.json()
assert data["plugin"]["id"] == "plugin-github-sync"
assert "install_count" in data
def test_get_plugin_not_found(self) -> None:
with TestClient(app) as client:
resp = client.get("/api/v1/plugins/no-such-plugin", headers=_auth())
assert resp.status_code == 404
def test_install_plugin_free(self) -> None:
with TestClient(app) as client:
resp = client.post(
"/api/v1/plugins/plugin-github-sync/install",
json={"plugin_id": "plugin-github-sync"},
headers=_auth(),
)
assert resp.status_code == 200
data = resp.json()
assert data["ok"] is True
assert "download_url" in data
def test_install_plugin_not_found(self) -> None:
with TestClient(app) as client:
resp = client.post(
"/api/v1/plugins/ghost/install",
json={"plugin_id": "ghost"},
headers=_auth(),
)
assert resp.status_code == 404
def test_uninstall_plugin_ok(self) -> None:
with TestClient(app) as client:
resp = client.delete(
"/api/v1/plugins/plugin-github-sync/install",
headers=_auth(),
)
assert resp.status_code == 200
assert resp.json()["ok"] is True
def test_install_requires_power_tier(self) -> None:
with TestClient(app) as client:
resp = client.post(
"/api/v1/plugins/plugin-github-sync/install",
json={"plugin_id": "plugin-github-sync"},
headers=_auth("free"),
)
assert resp.status_code == 403