|
| 1 | +#!/usr/bin/env bash |
| 2 | +# Shared helpers for Codex runtime-e2e tests. |
| 3 | +# |
| 4 | +# Each per-feature test sources this file, calls codex_register_mcp, |
| 5 | +# runs codex_exec with a tool-bearing prompt, and checks for the MCP |
| 6 | +# `started` / `(completed)` / `(failed)` markers in Codex's output. |
| 7 | +# |
| 8 | +# Codex doesn't expose a structured event stream the way Claude Code's |
| 9 | +# stream-json does, so we parse the human-readable diagnostic lines |
| 10 | +# Codex prints. Brittle if Codex changes that format, but it's the |
| 11 | +# only signal available today. |
| 12 | + |
| 13 | +set -uo pipefail |
| 14 | + |
| 15 | +: "${AXONFLOW_ENDPOINT:=http://localhost:8080}" |
| 16 | +: "${MCP_SERVER_NAME:=axonflow_w2_e2e}" |
| 17 | + |
| 18 | +runtime_e2e_skip_if_unavailable() { |
| 19 | + if ! command -v codex >/dev/null 2>&1; then |
| 20 | + echo "SKIP: codex CLI not on PATH" |
| 21 | + exit 0 |
| 22 | + fi |
| 23 | + if ! command -v jq >/dev/null 2>&1; then |
| 24 | + echo "SKIP: jq not on PATH" |
| 25 | + exit 0 |
| 26 | + fi |
| 27 | + if ! curl -sSf -o /dev/null --max-time 5 "$AXONFLOW_ENDPOINT/health"; then |
| 28 | + echo "SKIP: AxonFlow stack not reachable at $AXONFLOW_ENDPOINT/health" |
| 29 | + echo " Start one via axonflow-enterprise scripts/setup-e2e-testing.sh" |
| 30 | + exit 0 |
| 31 | + fi |
| 32 | +} |
| 33 | + |
| 34 | +codex_register_mcp() { |
| 35 | + codex mcp remove "$MCP_SERVER_NAME" >/dev/null 2>&1 || true |
| 36 | + codex mcp add "$MCP_SERVER_NAME" --url "$AXONFLOW_ENDPOINT/api/v1/mcp-server" >/dev/null |
| 37 | +} |
| 38 | + |
| 39 | +codex_cleanup_mcp() { |
| 40 | + codex mcp remove "$MCP_SERVER_NAME" >/dev/null 2>&1 || true |
| 41 | +} |
| 42 | + |
| 43 | +codex_exec_capture() { |
| 44 | + local prompt="$1" |
| 45 | + local output_file="$2" |
| 46 | + # Order matters: `>file 2>&1` first redirects stdout to file, then dups |
| 47 | + # stderr to the same fd (the file). The reverse order — `2>&1 >file` — |
| 48 | + # leaves stderr at the inherited terminal because the dup happens |
| 49 | + # against the pre-redirection stdout. We want both streams in the file |
| 50 | + # so the grep assertions can find Codex's `mcp: started/(completed)` |
| 51 | + # diagnostic lines. |
| 52 | + timeout 90 codex exec --skip-git-repo-check --dangerously-bypass-approvals-and-sandbox "$prompt" >"$output_file" 2>&1 || true |
| 53 | +} |
| 54 | + |
| 55 | +assert_mcp_started() { |
| 56 | + local output_file="$1" |
| 57 | + local tool="$2" |
| 58 | + grep -qE "mcp: $MCP_SERVER_NAME/$tool started" "$output_file" |
| 59 | +} |
| 60 | + |
| 61 | +assert_mcp_completed() { |
| 62 | + local output_file="$1" |
| 63 | + local tool="$2" |
| 64 | + grep -qE "mcp: $MCP_SERVER_NAME/$tool \(completed\)" "$output_file" |
| 65 | +} |
| 66 | + |
| 67 | +assert_mcp_failed() { |
| 68 | + local output_file="$1" |
| 69 | + local tool="$2" |
| 70 | + grep -qE "mcp: $MCP_SERVER_NAME/$tool \(failed\)" "$output_file" |
| 71 | +} |
| 72 | + |
| 73 | +assert_smoke_result() { |
| 74 | + local output_file="$1" |
| 75 | + grep -q "SMOKE_RESULT:" "$output_file" |
| 76 | +} |
| 77 | + |
| 78 | +assert_output_contains() { |
| 79 | + local output_file="$1" |
| 80 | + local needle="$2" |
| 81 | + grep -q "$needle" "$output_file" |
| 82 | +} |
| 83 | + |
| 84 | +# Seed an override via the SAME unauthenticated MCP path codex uses, so the |
| 85 | +# tenant resolves to the same value (community in community-mode docker). |
| 86 | +# Direct REST seeds via /api/v1/overrides resolve to a different tenant |
| 87 | +# (demo-client) under community-mode auth, which would invisibly break |
| 88 | +# tenant-scoped lookups (revoke / explain) the agent later issues. |
| 89 | +# Echoes the override id on stdout, or empty string on failure. |
| 90 | +mcp_seed_override() { |
| 91 | + local policy_id="${1:-sys_pii_email}" |
| 92 | + local reason="${2:-mcp-seed}" |
| 93 | + local ttl="${3:-300}" |
| 94 | + local payload |
| 95 | + payload=$(jq -n --arg pid "$policy_id" --arg r "$reason" --argjson ttl "$ttl" \ |
| 96 | + '{jsonrpc:"2.0",id:"1",method:"tools/call",params:{name:"create_override",arguments:{policy_id:$pid,policy_type:"static",override_reason:$r,ttl_seconds:$ttl}}}') |
| 97 | + curl -s -X POST -H "Content-Type: application/json" -d "$payload" \ |
| 98 | + "$AXONFLOW_ENDPOINT/api/v1/mcp-server" \ |
| 99 | + | jq -r '.result.content[0].text // ""' \ |
| 100 | + | jq -r '.id // ""' 2>/dev/null |
| 101 | +} |
| 102 | + |
| 103 | +# Trigger a SQLi-block decision through the unauth MCP path so the resulting |
| 104 | +# decision_id + audit row land in the same tenant codex sees. Echoes the |
| 105 | +# decision_id on stdout. |
| 106 | +mcp_seed_block() { |
| 107 | + local marker="${1:-mcp-block-$(date +%s)}" |
| 108 | + local payload |
| 109 | + payload=$(jq -n --arg m "SELECT * FROM users WHERE id=1 OR 1=1; -- $marker" \ |
| 110 | + '{jsonrpc:"2.0",id:"1",method:"tools/call",params:{name:"check_policy",arguments:{connector_type:"sql",statement:$m,operation:"query"}}}') |
| 111 | + curl -s -X POST -H "Content-Type: application/json" -d "$payload" \ |
| 112 | + "$AXONFLOW_ENDPOINT/api/v1/mcp-server" \ |
| 113 | + | jq -r '.result.content[0].text // ""' \ |
| 114 | + | jq -r '.decision_id // ""' 2>/dev/null |
| 115 | +} |
| 116 | + |
| 117 | +# Revoke-by-id via unauth MCP for cleanup. Quiet on failure. |
| 118 | +mcp_cleanup_override() { |
| 119 | + local id="$1" |
| 120 | + [ -z "$id" ] && return |
| 121 | + local payload |
| 122 | + payload=$(jq -n --arg id "$id" \ |
| 123 | + '{jsonrpc:"2.0",id:"1",method:"tools/call",params:{name:"delete_override",arguments:{override_id:$id}}}') |
| 124 | + curl -s -X POST -H "Content-Type: application/json" -d "$payload" \ |
| 125 | + "$AXONFLOW_ENDPOINT/api/v1/mcp-server" >/dev/null 2>&1 || true |
| 126 | +} |
0 commit comments