roof/pic
1
0
Fork 0
Code Issues Pull Requests Actions Wiki Activity
Files
4b3d695805aecd8d84691a53404e1f72dbe7ff10
pic/tests
T
History
roof 2ab3d2d5ac feat: secure build phase 2 — enforce image verification by default 
All store images are now digest-pinned and cosign-signed by the publish
pipeline, so the warn-by-default training-wheels period is over: an
unsigned or undigested image must not install unless the admin
explicitly opts out. The service_composer fallback used when the config
manager is unavailable or corrupt also flips to enforce — config
corruption must fail closed rather than silently weaken verification.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-11 14:12:58 -04:00
..
e2e
fix: use sudo for nft list tables — /usr/sbin not in roof user PATH
2026-06-06 15:46:09 -04:00
integration
test: raise coverage 68.7% -> ~80.4%; add ~250 tests for new egress/DDNS/network paths
2026-06-10 09:03:39 -04:00
__init__.py
init
2025-09-12 23:04:52 +03:00
conftest.py
test: raise coverage 68.7% -> ~80.4%; add ~250 tests for new egress/DDNS/network paths
2026-06-10 09:03:39 -04:00
run_tests.py
init
2025-09-12 23:04:52 +03:00
test_account_manager.py
feat: add HTTP dispatch to AccountManager for generic store services
2026-05-30 00:46:54 -04:00
test_api_endpoints.py
test: raise coverage 68.7% -> ~80.4%; add ~250 tests for new egress/DDNS/network paths
2026-06-10 09:03:39 -04:00
test_app_health_connectivity.py
test: cover startup Caddyfile regeneration to prevent restart-loop regression
2026-06-10 13:18:42 -04:00
test_app_misc.py
Fix CI unit test failures and DDNS config wiring
2026-05-10 04:20:19 -04:00
test_audit_hook_routes.py
feat: connectivity redesign phase 3+4 — per-connection health, per-peer fallback, connection CRUD API
2026-06-10 21:50:45 -04:00
test_audit_manager.py
feat: audit/change log — owner-visible record of who changed what
2026-06-10 20:19:38 -04:00
test_auth_manager.py
feat: add authentication and authorization system
2026-04-25 15:00:06 -04:00
test_auth_routes.py
Fix session cookie name collision when running multiple PIC instances on localhost
2026-05-04 09:15:42 -04:00
test_backup_service_data.py
feat: add Steps 1-4 implementation files (AccountManager, ServiceComposer, builtins, tests)
2026-05-29 04:39:19 -04:00
test_caddy_manager.py
fix: logging verbosity now actually applies + per-service log levels
2026-06-10 19:14:01 -04:00
test_caddy_registry_integration.py
feat: Phase 2 — remove builtins layer, ServiceRegistry is installed-only
2026-05-29 08:53:44 -04:00
test_calendar_endpoints.py
feat: Phase 6 — require_active_service decorator + wizard install wiring
2026-05-29 16:58:57 -04:00
test_calendar_manager.py
test: raise coverage 68.7% -> ~80.4%; add ~250 tests for new egress/DDNS/network paths
2026-06-10 09:03:39 -04:00
test_cell_cli_extra.py
test: raise coverage 68.7% -> ~80.4%; add ~250 tests for new egress/DDNS/network paths
2026-06-10 09:03:39 -04:00
test_cell_link_dns.py
fix: logging verbosity now actually applies + per-service log levels
2026-06-10 19:14:01 -04:00
test_cell_link_manager.py
Add domain conflict validation when changing domain or accepting heal invite
2026-05-04 09:46:58 -04:00
test_cell_manager.py
fix: all 214 tests passing (from 36 failures)
2026-04-19 16:43:07 -04:00
test_cells_endpoints.py
feat: Phase 4 hardening — retry/backoff, loop detection, sync status UI + tests
2026-05-04 04:18:36 -04:00
test_cli_tool.py
fix: all 214 tests passing (from 36 failures)
2026-04-19 16:43:07 -04:00
test_config_apply.py
fix: resolve all Cell Identity banner and cert issues
2026-06-10 04:17:56 -04:00
test_config_backup_overhaul.py
feat: audit/change log — owner-visible record of who changed what
2026-06-10 20:19:38 -04:00
test_config_backup_restore_http.py
fix: clean-install bugs — Tor false-installed, WG port-check honesty, encrypted backup upload
2026-06-11 01:52:26 -04:00
test_config_manager_extra.py
test: raise coverage 68.7% -> ~80.4%; add ~250 tests for new egress/DDNS/network paths
2026-06-10 09:03:39 -04:00
test_config_manager.py
feat: secure build phase 2 — enforce image verification by default
2026-06-11 14:12:58 -04:00
test_config_validation.py
Add subnet conflict validation for wireguard.address and ip_range changes
2026-05-04 10:00:58 -04:00
test_connectivity_api.py
feat: connectivity redesign phase 3+4 — per-connection health, per-peer fallback, connection CRUD API
2026-06-10 21:50:45 -04:00
test_connectivity_cell_relay.py
feat: connectivity redesign phase 7 — cell-relay as a connection type
2026-06-10 23:58:19 -04:00
test_connectivity_connections.py
feat: connectivity redesign phase 5 — one container per connection instance
2026-06-10 22:56:31 -04:00
test_connectivity_health.py
feat: connectivity redesign phase 3+4 — per-connection health, per-peer fallback, connection CRUD API
2026-06-10 21:50:45 -04:00
test_connectivity_manager.py
fix: clean-install bugs — Tor false-installed, WG port-check honesty, encrypted backup upload
2026-06-11 01:52:26 -04:00
test_connectivity_proxy.py
feat: connectivity redesign phase 2 — instance-aware routing + reference connections by id
2026-06-10 17:35:28 -04:00
test_connectivity_sshuttle.py
feat: connectivity redesign phase 2 — instance-aware routing + reference connections by id
2026-06-10 17:35:28 -04:00
test_container_manager.py
add security fixes, port hardening, and expanded QA coverage
2026-04-25 13:08:24 -04:00
test_ddns_endpoints.py
test: raise coverage 68.7% -> ~80.4%; add ~250 tests for new egress/DDNS/network paths
2026-06-10 09:03:39 -04:00
test_ddns_manager.py
test: raise coverage 68.7% -> ~80.4%; add ~250 tests for new egress/DDNS/network paths
2026-06-10 09:03:39 -04:00
test_egress_manager.py
feat: connectivity redesign phase 2 — instance-aware routing + reference connections by id
2026-06-10 17:35:28 -04:00
test_email_endpoints.py
fix: EmailManager route calls get_email_users not get_users
2026-06-08 10:12:24 -04:00
test_email_manager.py
feat: make DDNS domain_name the effective domain across all services
2026-05-28 02:48:47 -04:00
test_enforce_auth_configured.py
fix: DDNS update token in body, webdav gating, regression tests
2026-06-07 16:56:12 -04:00
test_enhanced_api.py
test: raise coverage 68.7% -> ~80.4%; add ~250 tests for new egress/DDNS/network paths
2026-06-10 09:03:39 -04:00
test_enhanced_cli_extra.py
test: raise coverage 68.7% -> ~80.4%; add ~250 tests for new egress/DDNS/network paths
2026-06-10 09:03:39 -04:00
test_file_endpoints.py
feat: Phase 6 — require_active_service decorator + wizard install wiring
2026-05-29 16:58:57 -04:00
test_file_manager_extra.py
test: raise coverage 68.7% -> ~80.4%; add ~250 tests for new egress/DDNS/network paths
2026-06-10 09:03:39 -04:00
test_file_manager.py
init
2025-09-12 23:04:52 +03:00
test_firewall_manager_extra.py
test: raise coverage 68.7% -> ~80.4%; add ~250 tests for new egress/DDNS/network paths
2026-06-10 09:03:39 -04:00
test_firewall_manager.py
fix: logging verbosity now actually applies + per-service log levels
2026-06-10 19:14:01 -04:00
test_identity_validation.py
fix: autosave, cell name overflow, length validation, apply-and-verify tests
2026-04-24 05:29:09 -04:00
test_input_validation.py
fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests
2026-04-27 11:30:21 -04:00
test_install_process.py
fix: start-core missing cell-network creation breaks fresh install
2026-06-08 01:07:00 -04:00
test_integration.py
init
2025-09-12 23:04:52 +03:00
test_ip_utils_caddyfile.py
fix: architecture audit — security, atomicity, broken endpoints, test coverage
2026-04-24 03:27:52 -04:00
test_ip_utils.py
Fix CI failures on root — mock OSError instead of relying on filesystem
2026-05-10 06:19:24 -04:00
test_is_local_request_per_endpoint.py
test: raise coverage 68.7% -> ~80.4%; add ~250 tests for new egress/DDNS/network paths
2026-06-10 09:03:39 -04:00
test_legacy_cleanup.py
feat: Phase 5 — remove legacy service blocks, one-shot container cleanup
2026-05-29 15:57:45 -04:00
test_log_manager_extra.py
fix: logging verbosity now actually applies + per-service log levels
2026-06-10 19:14:01 -04:00
test_log_manager.py
init
2025-09-12 23:04:52 +03:00
test_logging_config.py
fix: logging verbosity now actually applies + per-service log levels
2026-06-10 19:14:01 -04:00
test_logs_endpoints.py
fix: logging verbosity now actually applies + per-service log levels
2026-06-10 19:14:01 -04:00
test_manifest_validator.py
feat: secure build phase 1 — cosign cell-side image verification (warn default) + Dockerfile validation
2026-06-11 03:53:47 -04:00
test_network_endpoints.py
test: raise coverage 68.7% -> ~80.4%; add ~250 tests for new egress/DDNS/network paths
2026-06-10 09:03:39 -04:00
test_network_manager_extra.py
test: raise coverage 68.7% -> ~80.4%; add ~250 tests for new egress/DDNS/network paths
2026-06-10 09:03:39 -04:00
test_network_manager.py
test: raise coverage 68.7% -> ~80.4%; add ~250 tests for new egress/DDNS/network paths
2026-06-10 09:03:39 -04:00
test_optional_services_feature.py
harden containers: drop WG privileged, slim images, digest pins; fix WG path + empty chrony.conf
2026-06-10 14:07:54 -04:00
test_peer_dashboard_services.py
harden containers: drop WG privileged, slim images, digest pins; fix WG path + empty chrony.conf
2026-06-10 14:07:54 -04:00
test_peer_management_edge_cases.py
A5: Extract all route groups into Flask blueprints (app.py -1735 lines)
2026-05-01 06:11:21 -04:00
test_peer_management_update.py
fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests
2026-04-27 11:30:21 -04:00
test_peer_provisioning.py
test: raise coverage 68.7% -> ~80.4%; add ~250 tests for new egress/DDNS/network paths
2026-06-10 09:03:39 -04:00
test_peer_registry.py
feat: connectivity redesign phase 2 — instance-aware routing + reference connections by id
2026-06-10 17:35:28 -04:00
test_peer_route_via.py
test: add loop detection tests for PUT /api/peers/<peer>/route-via
2026-05-04 04:24:02 -04:00
test_peer_wg_integration.py
feat: add authentication and authorization system
2026-04-25 15:00:06 -04:00
test_pending_restart.py
test: add .env write verification for port changes
2026-04-22 14:06:20 -04:00
test_port_conflicts.py
feat: port conflict validation, autosave on Apply, extended integration tests
2026-04-24 04:45:47 -04:00
test_require_active_service.py
feat: Phase 6 — require_active_service decorator + wizard install wiring
2026-05-29 16:58:57 -04:00
test_route_protection.py
Fix: exempt /api/setup/* from enforce_auth so setup wizard works on fresh install
2026-05-11 05:03:44 -04:00
test_routes_containers.py
test: raise coverage 68.7% -> ~80.4%; add ~250 tests for new egress/DDNS/network paths
2026-06-10 09:03:39 -04:00
test_routes_service_store.py
test: raise coverage 68.7% -> ~80.4%; add ~250 tests for new egress/DDNS/network paths
2026-06-10 09:03:39 -04:00
test_routes_services_catalog.py
fix: logging verbosity now actually applies + per-service log levels
2026-06-10 19:14:01 -04:00
test_routing_endpoints.py
fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests
2026-04-27 11:30:21 -04:00
test_routing_manager.py
test: raise coverage 68.7% -> ~80.4%; add ~250 tests for new egress/DDNS/network paths
2026-06-10 09:03:39 -04:00
test_service_bus_extra.py
test: raise coverage 68.7% -> ~80.4%; add ~250 tests for new egress/DDNS/network paths
2026-06-10 09:03:39 -04:00
test_service_bus.py
feat: make DDNS domain_name the effective domain across all services
2026-05-28 02:48:47 -04:00
test_service_composer.py
feat: secure build phase 2 — enforce image verification by default
2026-06-11 14:12:58 -04:00
test_service_registry.py
feat: Phase 2 — remove builtins layer, ServiceRegistry is installed-only
2026-05-29 08:53:44 -04:00
test_service_store_manager.py
feat: secure build phase 2 — enforce image verification by default
2026-06-11 14:12:58 -04:00
test_services_active_endpoint.py
feat: Phase 4 — dynamic nav + service visibility based on installed services
2026-05-29 12:15:02 -04:00
test_setup_manager.py
fix: DNS first-install — split-horizon zone creation + CoreDNS inode bind-mount
2026-06-10 12:48:37 -04:00
test_setup_route.py
test: raise coverage 68.7% -> ~80.4%; add ~250 tests for new egress/DDNS/network paths
2026-06-10 09:03:39 -04:00
test_vault_api.py
fix: all 214 tests passing (from 36 failures)
2026-04-19 16:43:07 -04:00
test_vault_manager.py
init
2025-09-12 23:04:52 +03:00
test_wireguard_endpoints.py
fix: clean-install bugs — Tor false-installed, WG port-check honesty, encrypted backup upload
2026-06-11 01:52:26 -04:00
test_wireguard_manager.py
fix: clean-install bugs — Tor false-installed, WG port-check honesty, encrypted backup upload
2026-06-11 01:52:26 -04:00
test_wireguard_vpn_routing.py
feat: fix cross-cell service access — DNS DNAT, service DNAT, Caddy routing
2026-05-02 03:12:09 -04:00