fix: resolve all critical runtime errors and bugs from audit

- Add COMPLETIONS_API_KEY to config.py (env var + auto-generated fallback) - Fix perplexity auto-search: upstream sends logprobs=true, parse_llama_stream_chunk extracts per-token logprobs, all_logprobs populated during streaming - Fix all /api/models endpoints to target LLAMA_SERVER_BASE (port 8081) not OLLAMA_BASE - Fix RAG embedding endpoint URL from port 11434 (Ollama) to 8081 (llama-server) - Correct misleading error messages: 'inference server' not 'Ollama' - Remove raw_results leak from SSE event stream in /api/search - Fix weather query extractor: pattern-match instead of unconditional suffix append - Escape FTS5 operator keywords (AND/OR/NOT/NEAR) in memory search - Move auth.py BODY_LIMIT_DEFAULT_BYTES imports to module level - Change RAG injection log level from warning to info - Fix all 8 test files after modular refactor (rewire imports from correct modules) - Update AGENTS.md and README.md to reflect v1.8.0 changes
2026-06-27 15:10:32 -07:00
parent 41a8708c0d
commit 193829b7ff
20 changed files with 457 additions and 896 deletions
--- a/tests/test_skills_framework.py
+++ b/tests/test_skills_framework.py
@@ -1,19 +1,23 @@
+import asyncio
 import os
 from pathlib import Path

 from fastapi.testclient import TestClient

-import app as app_module
+import app
+import db
+from rag import build_system_prompt
+from security import SESSIONS, PIN_ATTEMPTS, RATE_EVENTS


 def make_client(tmp_path: Path) -> TestClient:
    os.environ["JARVISCHAT_ADMIN_PIN"] = "1234"
-    app_module.DB_PATH = tmp_path / "jarvischat-skills.db"
-    app_module.SESSIONS.clear()
-    app_module.PIN_ATTEMPTS.clear()
-    app_module.RATE_EVENTS.clear()
-    app_module.init_db()
-    return TestClient(app_module.app, raise_server_exceptions=False)
+    db.DB_PATH = tmp_path / "jarvischat-skills.db"
+    SESSIONS.clear()
+    PIN_ATTEMPTS.clear()
+    RATE_EVENTS.clear()
+    db.init_db()
+    return TestClient(app.app, raise_server_exceptions=False)


 def test_guest_can_list_skills(tmp_path: Path):
@@ -71,23 +75,23 @@ def test_unknown_skill_update_is_rejected(tmp_path: Path):

 def test_prompt_injection_respects_skills_enabled_setting(tmp_path: Path):
    with make_client(tmp_path):
-        db = app_module.get_db()
+        conn = db.get_db()
        try:
-            db.execute(
+            conn.execute(
                "INSERT OR REPLACE INTO settings (key, value) VALUES (?, ?)",
                ("skills_enabled", "false"),
            )
-            db.commit()
-            without_skills = app_module.build_system_prompt(db, "", "hello")
+            conn.commit()
+            without_skills = asyncio.run(build_system_prompt(conn, "", "hello"))
            assert "## Active Skills" not in without_skills

-            db.execute(
+            conn.execute(
                "INSERT OR REPLACE INTO settings (key, value) VALUES (?, ?)",
                ("skills_enabled", "true"),
            )
-            db.commit()
-            with_skills = app_module.build_system_prompt(db, "", "hello")
+            conn.commit()
+            with_skills = asyncio.run(build_system_prompt(conn, "", "hello"))
            assert "## Active Skills" in with_skills
            assert "memory.search" in with_skills
        finally:
-            db.close()
+            conn.close()