Refactor installation and runner scripts for enhanced usability and security

- Updated the installation script to clarify that production wrappers do not include fixed test secrets, improving user guidance for local testing.
- Modified the jiggablend-manager and jiggablend-runner scripts to remove fixed test configurations, emphasizing the use of local test credentials via `make init-test`.
- Enhanced error handling in the runner script to ensure that an API key is provided, improving security and user feedback.
- Added new flags and options for the runner, including sandboxing capabilities and GPU ray tracing control, enhancing flexibility for users.
- Improved README documentation to reflect changes in usage and configuration, ensuring users have clear instructions for setup and execution.
This commit is contained in:
2026-07-12 10:01:15 -05:00
parent a3defe5cf6
commit 1a69fcfd04
47 changed files with 2718 additions and 402 deletions
+32
View File
@@ -6,6 +6,7 @@ import (
"net/http/httptest"
"os"
"testing"
"time"
)
func TestContextHelpers(t *testing.T) {
@@ -54,3 +55,34 @@ func TestIsProductionMode_DefaultFalse(t *testing.T) {
}
}
func TestOAuthState_CreateConsumeAndReject(t *testing.T) {
a := &Auth{oauthStates: make(map[string]time.Time)}
state := a.CreateOAuthState()
if state == "" {
t.Fatal("expected non-empty state")
}
if !a.ConsumeOAuthState(state) {
t.Fatal("expected valid state to be accepted once")
}
if a.ConsumeOAuthState(state) {
t.Fatal("expected state to be single-use")
}
if a.ConsumeOAuthState("") {
t.Fatal("empty state must be rejected")
}
if a.ConsumeOAuthState("unknown-state") {
t.Fatal("unknown state must be rejected")
}
}
func TestOAuthState_ExpiredRejected(t *testing.T) {
a := &Auth{oauthStates: make(map[string]time.Time)}
state := "expired-state"
a.oauthMu.Lock()
a.oauthStates[state] = time.Now().Add(-time.Minute)
a.oauthMu.Unlock()
if a.ConsumeOAuthState(state) {
t.Fatal("expired state must be rejected")
}
}