soroush.asadi
0bcf16e77f
Reusable agent definitions authored as AGENTS.md (YAML frontmatter + a Markdown body that becomes the agent's operating guide). Mirrors the skill library, including its review hardening. - AgentProfile entity (OrgBoard): org-scoped + versioned by (OrganizationId, ProfileKey, Version), NULLS NOT DISTINCT unique index; Origin Builtin|Authored|Installed; ProfileVisibility + ProfileStatus with the Public⟹Published invariant enforced in Apply()/SetVisibility(). AGENTS.md parser (YamlDotNet). AgentProfileWriter is the single upsert path (insert-only mode for install). - Free builtins: AgentProfileSeeder seeds Aria (PO), Quill (QA), Edison (backend) on startup via a new IStartupSeeder + SeederRunner (runs after migrations). Idempotent, null-org, visible to all. - Endpoints (/api/orgboard/agent-profiles): upload, list (resolvable-winner order), get versions, publish/unpublish, fork, marketplace (per-(key,version) AlreadyInLibrary), install (insert-only → clean 409, no clobber). ConfigureAgents to author/manage; ViewBoard to browse; audited. - Persona: Agent gains Persona; ConfigureAgent stores it; AgentRunContext carries it; PromptAssembler injects it as "# Operating guide" (data, not instructions) so an applied profile shapes the run. - Client: Agent profiles page (library + marketplace tabs, upload editor, publish/unlist/fork/install), routed + in the nav. Verified: ArchitectureTests 8/8, IntegrationTests 55/55 (new AgentProfilesTests: builtins seeded, upload + validation, publish, cross-org marketplace list→install→private copy, duplicate 409, per- version flag, Member 403; persona renders as the operating guide), client build green. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
159 lines
7.8 KiB
C#
159 lines
7.8 KiB
C#
using System.Net;
|
|
using System.Net.Http.Headers;
|
|
using System.Net.Http.Json;
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
using TeamUp.Modules.OrgBoard.Domain;
|
|
using TeamUp.Modules.OrgBoard.Profiles;
|
|
using Xunit;
|
|
|
|
namespace TeamUp.IntegrationTests;
|
|
|
|
/// <summary>
|
|
/// The agent-profile library (AGENTS.md): free builtins seed for every org, an org uploads + versions
|
|
/// its own profiles, and publishing lists one on the marketplace where another org installs a private
|
|
/// copy. Mirrors the skill library, including its hardening (insert-only install, per-version flag).
|
|
/// </summary>
|
|
public sealed class AgentProfilesTests(PostgresFixture postgres) : IClassFixture<PostgresFixture>
|
|
{
|
|
private sealed record BootstrapResponse(string Token, Guid MemberId, Guid OrganizationId);
|
|
|
|
private sealed record AuthResponse(string Token, Guid MemberId);
|
|
|
|
private sealed record InviteResponse(Guid InvitationId, string Token);
|
|
|
|
private sealed record ProfileSummary(
|
|
Guid Id, Guid? OrganizationId, string Origin, string ProfileKey, string Name, string Version,
|
|
string? Summary, List<string> Roles, string? Monogram, string RecommendedAutonomy,
|
|
List<string> SkillKeys, string Visibility, string Status);
|
|
|
|
private sealed record Detail(ProfileSummary Profile, string Body);
|
|
|
|
private sealed record MarketEntry(ProfileSummary Profile, bool AlreadyInLibrary);
|
|
|
|
private const string CustomProfile =
|
|
"---\n" +
|
|
"id: house-engineer\n" +
|
|
"name: House Engineer\n" +
|
|
"version: 1.0.0\n" +
|
|
"roles: [engineer]\n" +
|
|
"monogram: HE\n" +
|
|
"autonomy: gated\n" +
|
|
"skills: [code-implementation]\n" +
|
|
"visibility: private\n" +
|
|
"---\n" +
|
|
"You are the house engineer. Implement to the acceptance criteria.";
|
|
|
|
[Fact]
|
|
public async Task Builtins_seed_upload_publish_and_cross_org_install()
|
|
{
|
|
await using var factory = new TeamUpWebFactory(postgres.ConnectionString);
|
|
using var anon = factory.CreateClient();
|
|
|
|
var owner = await PostOk<BootstrapResponse>(anon, "/api/identity/bootstrap", new
|
|
{
|
|
organizationName = "AliaSaaS",
|
|
ownerEmail = "owner@alia.test",
|
|
ownerDisplayName = "Owner",
|
|
ownerPassword = "Passw0rd!",
|
|
});
|
|
using var client = Authed(factory, owner.Token);
|
|
|
|
// Free builtins seeded on startup, visible to the org as Published builtins.
|
|
var library = await client.GetFromJsonAsync<List<ProfileSummary>>($"/api/orgboard/agent-profiles?organizationId={owner.OrganizationId}");
|
|
var builtin = Assert.Single(library!, p => p.ProfileKey == "product-owner");
|
|
Assert.Equal("Builtin", builtin.Origin);
|
|
Assert.Equal("Published", builtin.Status);
|
|
Assert.Null(builtin.OrganizationId);
|
|
Assert.Contains(library!, p => p.ProfileKey == "qa-engineer");
|
|
Assert.Contains(library!, p => p.ProfileKey == "backend-engineer");
|
|
|
|
// Upload a custom AGENTS.md → an org-owned Authored profile, private until published.
|
|
var uploaded = await PostOk<Detail>(client, "/api/orgboard/agent-profiles/upload",
|
|
new { organizationId = owner.OrganizationId, content = CustomProfile });
|
|
Assert.Equal("Authored", uploaded.Profile.Origin);
|
|
Assert.Equal("PrivateToOrg", uploaded.Profile.Visibility);
|
|
Assert.Equal("Published", uploaded.Profile.Status); // named + role + body ⇒ publishable
|
|
Assert.Equal(owner.OrganizationId, uploaded.Profile.OrganizationId);
|
|
|
|
// Malformed markdown is rejected.
|
|
var bad = await client.PostAsJsonAsync("/api/orgboard/agent-profiles/upload",
|
|
new { organizationId = owner.OrganizationId, content = "# no frontmatter here" });
|
|
Assert.Equal(HttpStatusCode.BadRequest, bad.StatusCode);
|
|
|
|
// Publish the org's profile (it does not appear on its own marketplace).
|
|
var published = await PostOk<Detail>(client, "/api/orgboard/agent-profiles/house-engineer/publish",
|
|
new { organizationId = owner.OrganizationId, version = "1.0.0" });
|
|
Assert.Equal("Public", published.Profile.Visibility);
|
|
|
|
// Another org publishes a profile; this org's marketplace surfaces it (not its own).
|
|
var sourceId = await SeedPublishedProfileAsync(factory, Guid.NewGuid(), "research-runner", "1.0.0");
|
|
var market = await client.GetFromJsonAsync<List<MarketEntry>>($"/api/orgboard/agent-profiles/marketplace?organizationId={owner.OrganizationId}");
|
|
var entry = Assert.Single(market!, e => e.Profile.Id == sourceId);
|
|
Assert.False(entry.AlreadyInLibrary);
|
|
Assert.DoesNotContain(market!, e => e.Profile.ProfileKey == "house-engineer");
|
|
|
|
// Install it → a private Installed copy in this org.
|
|
var installed = await PostOk<Detail>(client, "/api/orgboard/agent-profiles/install",
|
|
new { organizationId = owner.OrganizationId, sourceProfileId = sourceId });
|
|
Assert.Equal("Installed", installed.Profile.Origin);
|
|
Assert.Equal("PrivateToOrg", installed.Profile.Visibility);
|
|
|
|
// The marketplace now flags that (key, version) as owned; a duplicate install is a 409.
|
|
var market2 = await client.GetFromJsonAsync<List<MarketEntry>>($"/api/orgboard/agent-profiles/marketplace?organizationId={owner.OrganizationId}");
|
|
Assert.True(Assert.Single(market2!, e => e.Profile.Id == sourceId).AlreadyInLibrary);
|
|
var dup = await client.PostAsJsonAsync("/api/orgboard/agent-profiles/install",
|
|
new { organizationId = owner.OrganizationId, sourceProfileId = sourceId });
|
|
Assert.Equal(HttpStatusCode.Conflict, dup.StatusCode);
|
|
|
|
// A plain Member cannot author profiles (ConfigureAgents).
|
|
var invite = await PostOk<InviteResponse>(client, "/api/identity/invitations", new
|
|
{
|
|
email = "dev@alia.test",
|
|
scopeType = "Organization",
|
|
scopeId = owner.OrganizationId,
|
|
role = "Member",
|
|
organizationId = owner.OrganizationId,
|
|
});
|
|
var member = await PostOk<AuthResponse>(anon, "/api/identity/invitations/accept",
|
|
new { token = invite.Token, displayName = "Dev", password = "Passw0rd!" });
|
|
using var memberClient = Authed(factory, member.Token);
|
|
var forbidden = await memberClient.PostAsJsonAsync("/api/orgboard/agent-profiles/upload",
|
|
new { organizationId = owner.OrganizationId, content = CustomProfile });
|
|
Assert.Equal(HttpStatusCode.Forbidden, forbidden.StatusCode);
|
|
}
|
|
|
|
// Seeds another org's published, public profile directly (mirrors the cross-org skill seed).
|
|
private static async Task<Guid> SeedPublishedProfileAsync(TeamUpWebFactory factory, Guid orgId, string key, string version)
|
|
{
|
|
using var scope = factory.Services.CreateScope();
|
|
var writer = scope.ServiceProvider.GetRequiredService<AgentProfileWriter>();
|
|
var manifest = new AgentProfileManifest
|
|
{
|
|
Id = key,
|
|
Name = "Research Runner",
|
|
Version = version,
|
|
Roles = ["analyst"],
|
|
Skills = ["spec-writing"],
|
|
Visibility = "public",
|
|
};
|
|
var profile = await writer.UpsertAsync(manifest, "You research things.", orgId, ProfileOrigin.Authored, Guid.NewGuid());
|
|
return profile.Id;
|
|
}
|
|
|
|
private static HttpClient Authed(TeamUpWebFactory factory, string token)
|
|
{
|
|
var client = factory.CreateClient();
|
|
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
|
|
return client;
|
|
}
|
|
|
|
private static async Task<T> PostOk<T>(HttpClient client, string url, object body)
|
|
{
|
|
var response = await client.PostAsJsonAsync(url, body);
|
|
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
|
|
var value = await response.Content.ReadFromJsonAsync<T>();
|
|
Assert.NotNull(value);
|
|
return value!;
|
|
}
|
|
}
|