fix test backend

root · root · commit e347b9637137 · 2026-05-07T09:11:27.000Z
diff --git a/Makefile b/Makefile
diff --git a/backend/build/reports/gitleaks-report.json b/backend/build/reports/gitleaks-report.json
@@ -0,0 +1,191 @@
+[
+ {
+  "RuleID": "private-key",
+  "Description": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption.",
+  "StartLine": 72,
+  "EndLine": 86,
+  "StartColumn": 77,
+  "EndColumn": 110,
+  "Match": "REDACTED",
+  "Secret": "REDACTED",
+  "File": "domain/certs/resolve_test.go",
+  "SymlinkFile": "",
+  "Commit": "",
+  "Entropy": 5.166665,
+  "Author": "",
+  "Email": "",
+  "Date": "",
+  "Message": "",
+  "Tags": [],
+  "Fingerprint": "domain/certs/resolve_test.go:private-key:72"
+ },
+ {
+  "RuleID": "generic-api-key",
+  "Description": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.",
+  "StartLine": 218,
+  "EndLine": 218,
+  "StartColumn": 12,
+  "EndColumn": 79,
+  "Match": "secrets.EnvSecretKey, \"REDACTED\"",
+  "Secret": "REDACTED",
+  "File": "domain/monitor/signals/agent/agent_test.go",
+  "SymlinkFile": "",
+  "Commit": "",
+  "Entropy": 4.6523914,
+  "Author": "",
+  "Email": "",
+  "Date": "",
+  "Message": "",
+  "Tags": [],
+  "Fingerprint": "domain/monitor/signals/agent/agent_test.go:generic-api-key:218"
+ },
+ {
+  "RuleID": "generic-api-key",
+  "Description": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.",
+  "StartLine": 218,
+  "EndLine": 218,
+  "StartColumn": 12,
+  "EndColumn": 79,
+  "Match": "secrets.EnvSecretKey, \"REDACTED\"",
+  "Secret": "REDACTED",
+  "File": "domain/monitor/signals/agent/agent_test.go",
+  "SymlinkFile": "",
+  "Commit": "",
+  "Entropy": 4,
+  "Author": "",
+  "Email": "",
+  "Date": "",
+  "Message": "",
+  "Tags": [
+   "decoded:base64",
+   "decode-depth:1"
+  ],
+  "Fingerprint": "domain/monitor/signals/agent/agent_test.go:generic-api-key:218"
+ },
+ {
+  "RuleID": "generic-api-key",
+  "Description": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.",
+  "StartLine": 158,
+  "EndLine": 158,
+  "StartColumn": 12,
+  "EndColumn": 79,
+  "Match": "secrets.EnvSecretKey, \"REDACTED\"",
+  "Secret": "REDACTED",
+  "File": "domain/monitor/signals/checks/credential_sweep_test.go",
+  "SymlinkFile": "",
+  "Commit": "",
+  "Entropy": 4.6523914,
+  "Author": "",
+  "Email": "",
+  "Date": "",
+  "Message": "",
+  "Tags": [],
+  "Fingerprint": "domain/monitor/signals/checks/credential_sweep_test.go:generic-api-key:158"
+ },
+ {
+  "RuleID": "generic-api-key",
+  "Description": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.",
+  "StartLine": 158,
+  "EndLine": 158,
+  "StartColumn": 12,
+  "EndColumn": 79,
+  "Match": "secrets.EnvSecretKey, \"REDACTED\"",
+  "Secret": "REDACTED",
+  "File": "domain/monitor/signals/checks/credential_sweep_test.go",
+  "SymlinkFile": "",
+  "Commit": "",
+  "Entropy": 4,
+  "Author": "",
+  "Email": "",
+  "Date": "",
+  "Message": "",
+  "Tags": [
+   "decoded:base64",
+   "decode-depth:1"
+  ],
+  "Fingerprint": "domain/monitor/signals/checks/credential_sweep_test.go:generic-api-key:158"
+ },
+ {
+  "RuleID": "generic-api-key",
+  "Description": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.",
+  "StartLine": 21,
+  "EndLine": 21,
+  "StartColumn": 8,
+  "EndColumn": 88,
+  "Match": "devLegacyKey = \"REDACTED\"",
+  "Secret": "REDACTED",
+  "File": "domain/secrets/legacy_encryption.go",
+  "SymlinkFile": "",
+  "Commit": "",
+  "Entropy": 4,
+  "Author": "",
+  "Email": "",
+  "Date": "",
+  "Message": "",
+  "Tags": [],
+  "Fingerprint": "domain/secrets/legacy_encryption.go:generic-api-key:21"
+ },
+ {
+  "RuleID": "generic-api-key",
+  "Description": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.",
+  "StartLine": 356,
+  "EndLine": 356,
+  "StartColumn": 12,
+  "EndColumn": 79,
+  "Match": "secrets.EnvSecretKey, \"REDACTED\"",
+  "Secret": "REDACTED",
+  "File": "domain/worker/monitoring_checks_test.go",
+  "SymlinkFile": "",
+  "Commit": "",
+  "Entropy": 4.6523914,
+  "Author": "",
+  "Email": "",
+  "Date": "",
+  "Message": "",
+  "Tags": [],
+  "Fingerprint": "domain/worker/monitoring_checks_test.go:generic-api-key:356"
+ },
+ {
+  "RuleID": "generic-api-key",
+  "Description": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.",
+  "StartLine": 356,
+  "EndLine": 356,
+  "StartColumn": 12,
+  "EndColumn": 79,
+  "Match": "secrets.EnvSecretKey, \"REDACTED\"",
+  "Secret": "REDACTED",
+  "File": "domain/worker/monitoring_checks_test.go",
+  "SymlinkFile": "",
+  "Commit": "",
+  "Entropy": 4,
+  "Author": "",
+  "Email": "",
+  "Date": "",
+  "Message": "",
+  "Tags": [
+   "decoded:base64",
+   "decode-depth:1"
+  ],
+  "Fingerprint": "domain/worker/monitoring_checks_test.go:generic-api-key:356"
+ },
+ {
+  "RuleID": "generic-api-key",
+  "Description": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.",
+  "StartLine": 27,
+  "EndLine": 27,
+  "StartColumn": 3,
+  "EndColumn": 77,
+  "Match": "devKey = \"REDACTED\"",
+  "Secret": "REDACTED",
+  "File": "infra/crypto/crypto.go",
+  "SymlinkFile": "",
+  "Commit": "",
+  "Entropy": 4,
+  "Author": "",
+  "Email": "",
+  "Date": "",
+  "Message": "",
+  "Tags": [],
+  "Fingerprint": "infra/crypto/crypto.go:generic-api-key:27"
+ }
+]
diff --git a/backend/cmd/openapi/merge.go b/backend/cmd/openapi/merge.go
@@ -238,4 +238,3 @@ func cloneMap(in map[string]any) map[string]any {
 	}
 	return out
 }
-
diff --git a/backend/domain/certs/test_fixture_test.go b/backend/domain/certs/test_fixture_test.go
diff --git a/backend/domain/lifecycle/projection/updater_test.go b/backend/domain/lifecycle/projection/updater_test.go
@@ -112,7 +112,6 @@ func TestReadAndApplyAppInstanceProjection(t *testing.T) {
 	}
 }
 
-
 func newProjectionAppRecord() *core.Record {
 	collection := core.NewBaseCollection("app_instances")
 	record := core.NewRecord(collection)
diff --git a/backend/domain/routes/apps.go b/backend/domain/routes/apps.go
@@ -794,7 +794,7 @@ func validateAppComposeConfig(e *core.RequestEvent, serverID string, projectDir
 	tempPath := filepath.Join(projectDir, tempName)
 
 	if serverID == "local" {
-			if err := os.WriteFile(tempPath, []byte(content), 0o600); err != nil {
+		if err := os.WriteFile(tempPath, []byte(content), 0o600); err != nil {
 			return fmt.Errorf("write temp compose file: %w", err)
 		}
 		defer func() {
diff --git a/backend/domain/software/service/service_test.go b/backend/domain/software/service/service_test.go
@@ -220,6 +220,7 @@ func TestLastActionFromOperationMapsTerminalStatus(t *testing.T) {
 	})
 	if action == nil {
 		t.Fatal("expected last action summary")
+		return
 	}
 	if action.Action != string(software.ActionReinstall) {
 		t.Fatalf("expected reinstall action, got %q", action.Action)
@@ -237,6 +238,7 @@ func TestLastActionFromOperationMapsAttentionRequired(t *testing.T) {
 	})
 	if action == nil {
 		t.Fatal("expected last action summary")
+		return
 	}
 	if action.Result != "attention_required" {
 		t.Fatalf("expected attention_required result, got %q", action.Result)
diff --git a/backend/domain/worker/appos_agent_bindings.go b/backend/domain/worker/appos_agent_bindings.go
@@ -85,4 +85,4 @@ func mergeRuntimeEnv(existing map[string]string, injected map[string]string) map
 		merged[key] = value
 	}
 	return merged
-}
+}
diff --git a/backend/domain/worker/appos_agent_bindings_test.go b/backend/domain/worker/appos_agent_bindings_test.go
@@ -41,4 +41,4 @@ func TestApplyServerExecutionBindings_AppOSAgentPrefersExplicitBaseURL(t *testin
 	if baseURL != "https://console.example.com:8443" {
 		t.Fatalf("expected explicit app url to win, got %q", baseURL)
 	}
-}
+}
diff --git a/backend/domain/worker/lifecycle_operations.go b/backend/domain/worker/lifecycle_operations.go
@@ -744,7 +744,6 @@ func (w *Worker) executorFor(execCtx *lifecycleExecutionContext) lifecycleruntim
 	return execCtx.executor
 }
 
-
 func (w *Worker) operationActor(operation *core.Record) (string, string) {
 	if operation == nil {
 		return "", ""
diff --git a/backend/domain/worker/test_fixture_test.go b/backend/domain/worker/test_fixture_test.go
@@ -99,4 +99,4 @@ func resetWorkerTestState(t *testing.T, app *tests.TestApp) {
 			}
 		}
 	}
-}
+}
diff --git a/backend/infra/docker/ssh.go b/backend/infra/docker/ssh.go
@@ -228,11 +228,12 @@ func resolveHostKeyCallback() (ssh.HostKeyCallback, error) {
 	candidates := make([]string, 0, 3)
 	if knownHostsPath != "" {
 		candidates = append(candidates, knownHostsPath)
+	} else {
+		if homeDir, err := os.UserHomeDir(); err == nil && homeDir != "" {
+			candidates = append(candidates, filepath.Join(homeDir, ".ssh", "known_hosts"))
+		}
+		candidates = append(candidates, "/etc/ssh/ssh_known_hosts")
 	}
-	if homeDir, err := os.UserHomeDir(); err == nil && homeDir != "" {
-		candidates = append(candidates, filepath.Join(homeDir, ".ssh", "known_hosts"))
-	}
-	candidates = append(candidates, "/etc/ssh/ssh_known_hosts")
 
 	existing := make([]string, 0, len(candidates))
 	seen := make(map[string]struct{}, len(candidates))
diff --git a/backend/infra/docker/ssh_test.go b/backend/infra/docker/ssh_test.go
@@ -62,4 +62,4 @@ func TestResolveHostKeyCallbackUsesConfiguredKnownHosts(t *testing.T) {
 	if callback == nil {
 		t.Fatal("expected non-nil host key callback")
 	}
-}
+}
diff --git a/backend/infra/migrations/test_fixture_test.go b/backend/infra/migrations/test_fixture_test.go
@@ -85,4 +85,4 @@ func newIsolatedMigrationsTestApp(t *testing.T) *tests.TestApp {
 	})
 
 	return app
-}
+}
diff --git a/backend/infra/persistence/test_fixture_test.go b/backend/infra/persistence/test_fixture_test.go
@@ -82,4 +82,4 @@ func resetPersistenceTestState(t *testing.T, app *tests.TestApp) {
 			}
 		}
 	}
-}
+}
diff --git a/web/src/pages/apps/AppDetailPage.test.tsx b/web/src/pages/apps/AppDetailPage.test.tsx
@@ -38,7 +38,11 @@ vi.mock('@/pages/apps/AppDetailActionHistoryTable', () => ({
     actions,
     buildActionDetailHref,
   }: {
-    actions: Array<{ id: string; compose_project_name?: string; pipeline_selector?: { operation_type?: string } }>
+    actions: Array<{
+      id: string
+      compose_project_name?: string
+      pipeline_selector?: { operation_type?: string }
+    }>
     buildActionDetailHref: (actionId: string) => string
   }) => (
     <section aria-label="Action History Table">
@@ -1026,7 +1030,9 @@ describe('AppDetailPage', () => {
     expect(screen.queryByText('shared-platform-db')).not.toBeInTheDocument()
     expect(await screen.findByText('demo-app-data')).toBeInTheDocument()
     expect(screen.queryByText('shared-cache')).not.toBeInTheDocument()
-    expect(await screen.findByText('Platform backup inventory is not connected yet.')).toBeInTheDocument()
+    expect(
+      await screen.findByText('Platform backup inventory is not connected yet.')
+    ).toBeInTheDocument()
     await waitFor(() => {
       expect(sendMock).toHaveBeenCalledWith('/api/ext/docker/containers/container-1', {
         method: 'GET',
diff --git a/web/src/pages/deploy/CreateDeploymentPage.test.tsx b/web/src/pages/deploy/CreateDeploymentPage.test.tsx
diff --git a/web/src/pages/deploy/actions/action-utils.test.ts b/web/src/pages/deploy/actions/action-utils.test.ts
diff --git a/web/src/pages/overview/OverviewPage.test.tsx b/web/src/pages/overview/OverviewPage.test.tsx
diff --git a/web/src/routes/_app/_auth/resources/-servers.test.tsx b/web/src/routes/_app/_auth/resources/-servers.test.tsx

Original file line number	Diff line number	Diff line change
`@@ -238,4 +238,3 @@ func cloneMap(in map[string]any) map[string]any {`
`238`	`238`	`}`
`239`	`239`	`return out`
`240`	`240`	`}`
`241`		`-`
Original file line number	Diff line number	Diff line change
`@@ -112,7 +112,6 @@ func TestReadAndApplyAppInstanceProjection(t *testing.T) {`
`112`	`112`	`}`
`113`	`113`	`}`
`114`	`114`
`115`		`-`
`116`	`115`	`func newProjectionAppRecord() *core.Record {`
`117`	`116`	`collection := core.NewBaseCollection("app_instances")`
`118`	`117`	`record := core.NewRecord(collection)`
Original file line number	Diff line number	Diff line change
`@@ -794,7 +794,7 @@ func validateAppComposeConfig(e *core.RequestEvent, serverID string, projectDir`
`794`	`794`	`tempPath := filepath.Join(projectDir, tempName)`
`795`	`795`
`796`	`796`	`if serverID == "local" {`
`797`		`- if err := os.WriteFile(tempPath, []byte(content), 0o600); err != nil {`
	`797`	`+ if err := os.WriteFile(tempPath, []byte(content), 0o600); err != nil {`
`798`	`798`	`return fmt.Errorf("write temp compose file: %w", err)`
`799`	`799`	`}`
`800`	`800`	`defer func() {`
Original file line number	Diff line number	Diff line change
`@@ -85,4 +85,4 @@ func mergeRuntimeEnv(existing map[string]string, injected map[string]string) map`
`85`	`85`	`merged[key] = value`
`86`	`86`	`}`
`87`	`87`	`return merged`
`88`		`-}`
	`88`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -41,4 +41,4 @@ func TestApplyServerExecutionBindings_AppOSAgentPrefersExplicitBaseURL(t *testin`
`41`	`41`	`if baseURL != "https://console.example.com:8443" {`
`42`	`42`	`t.Fatalf("expected explicit app url to win, got %q", baseURL)`
`43`	`43`	`}`
`44`		`-}`
	`44`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -744,7 +744,6 @@ func (w Worker) executorFor(execCtx lifecycleExecutionContext) lifecycleruntim`
`744`	`744`	`return execCtx.executor`
`745`	`745`	`}`
`746`	`746`
`747`		`-`
`748`	`747`	`func (w Worker) operationActor(operation core.Record) (string, string) {`
`749`	`748`	`if operation == nil {`
`750`	`749`	`return "", ""`