Files
RAG/backend/tests/unit/test_problem_validation.py
YoVinchen ecdb10c37a
Some checks failed
verify / verify (push) Has been cancelled
Make the governed RAG evidence path executable end to end
Separate local parsing from model indexing, bind review decisions to immutable manifests, persist vectors behind active profiles, and expose retrieval, chat, evaluation, and document workflows through the React workbench.

Constraint: Live Bailian authentication currently fails for all three configured capabilities

Rejected: Direct upload-to-embedding flow | bypasses local review and manifest binding

Confidence: high

Scope-risk: broad

Directive: Keep private-data deployment blocked until authentication, RBAC, and separate database roles land

Tested: make verify; fresh and replay Docker document smoke; worker recovery smoke; frozen synthetic evaluation; migration 0003-0004 roundtrip

Not-tested: Successful live Bailian calls, OCR, real multi-user authorization
2026-07-13 05:58:11 +08:00

39 lines
1.3 KiB
Python

from __future__ import annotations
import httpx
import pytest
from app.api.v1.retrieval import get_retrieval_service
from app.main import create_app
@pytest.mark.asyncio
async def test_request_validation_is_problem_json_without_rejected_value() -> None:
secret_shaped_value = "sk-" + "A" * 24
app = create_app()
app.dependency_overrides[get_retrieval_service] = lambda: object()
async with httpx.AsyncClient(
transport=httpx.ASGITransport(app=app),
base_url="http://test",
) as client:
response = await client.post(
"/api/v1/retrieval/search",
json={
"knowledge_base_id": secret_shaped_value,
"query": "铜矿",
"access_scope_id": secret_shaped_value,
},
)
assert response.status_code == 422
assert response.headers["content-type"].startswith("application/problem+json")
payload = response.json()
assert payload["code"] == "REQUEST_VALIDATION_FAILED"
assert payload["status"] == 422
assert payload["trace_id"] == response.headers["x-request-id"]
assert {item["field"] for item in payload["field_errors"]} == {
"knowledge_base_id",
"access_scope_id",
}
assert secret_shaped_value not in response.text