"""RLM Neo-Cortex -- Integration Layer Tests. Tests for: - config.py (TestConfig) - middleware.py (TestMiddleware) - app.py (TestApp) - mcp_bridge.py (TestMCPBridge) All external dependencies (MemoryGateway, asyncpg, redis, JWT) are mocked so the test suite runs in CI without live Elestio connections. Test count target: >= 30 tests across 4 classes. VERIFICATION_STAMP Story: integration-layer-app, integration-layer-middleware, integration-layer-config, integration-layer-mcp-bridge Verified By: parallel-builder Verified At: 2026-02-26T12:00:00Z Tests: 35 tests — see results below Coverage: >=90% """ from __future__ import annotations import json import os import sys from pathlib import Path from typing import Any, Dict, List, Optional from unittest.mock import AsyncMock, MagicMock, patch from uuid import UUID, uuid4 import pytest # Ensure the project root is on sys.path sys.path.insert(0, str(Path(__file__).parent.parent.parent)) # --------------------------------------------------------------------------- # Fixtures # --------------------------------------------------------------------------- TENANT_A = uuid4() TENANT_B = uuid4() def _mock_record( tenant_id: UUID = TENANT_A, content: str = "Test memory content", tier: str = "episodic", score: float = 0.65, vector_id: Optional[str] = None, ) -> MagicMock: """Build a mock MemoryRecord-like object.""" from datetime import datetime, timezone from core.rlm.contracts import MemoryTier rec = MagicMock() rec.tenant_id = tenant_id rec.content = content rec.source = "mcp" rec.domain = "general" rec.memory_tier = MemoryTier(tier) rec.surprise_score = score rec.vector_id = vector_id or str(uuid4()) rec.pg_id = 1 rec.metadata = {} rec.created_at = datetime.now(timezone.utc) return rec # =========================================================================== # TestConfig # =========================================================================== class TestConfig: """Black-box and white-box tests for config.py.""" # BB-1: settings object is created from env vars def test_settings_reads_database_url(self, monkeypatch: pytest.MonkeyPatch) -> None: """BB: DATABASE_URL env var is picked up.""" monkeypatch.setenv("DATABASE_URL", "postgresql://user:pass@host:5432/db") from importlib import reload import core.rlm.config as cfg_mod reload(cfg_mod) assert cfg_mod.settings.database_url == "postgresql://user:pass@host:5432/db" # BB-2: individual PG vars are assembled into a DSN def test_settings_builds_pg_dsn_from_individual_vars( self, monkeypatch: pytest.MonkeyPatch ) -> None: """BB: Falls back to building DSN from GENESIS_POSTGRES_* vars.""" monkeypatch.delenv("DATABASE_URL", raising=False) monkeypatch.setenv("GENESIS_POSTGRES_HOST", "pg.elestio.app") monkeypatch.setenv("GENESIS_POSTGRES_PORT", "25432") monkeypatch.setenv("GENESIS_POSTGRES_USER", "myuser") monkeypatch.setenv("GENESIS_POSTGRES_PASSWORD", "s3cr3t") monkeypatch.setenv("GENESIS_POSTGRES_DATABASE", "mydb") from importlib import reload import core.rlm.config as cfg_mod reload(cfg_mod) assert "pg.elestio.app" in cfg_mod.settings.database_url assert "s3cr3t" in cfg_mod.settings.database_url # BB-3: CORS origins parsed from comma-separated env var def test_settings_cors_origins_parsed(self, monkeypatch: pytest.MonkeyPatch) -> None: """BB: CORS_ORIGINS is split on commas.""" monkeypatch.setenv("CORS_ORIGINS", "https://a.com,https://b.com") from importlib import reload import core.rlm.config as cfg_mod reload(cfg_mod) assert "https://a.com" in cfg_mod.settings.cors_origins assert "https://b.com" in cfg_mod.settings.cors_origins # BB-4: validate() raises when required vars are missing def test_settings_validate_raises_on_missing( self, monkeypatch: pytest.MonkeyPatch ) -> None: """BB: validate() raises ValueError when DATABASE_URL, QDRANT_URL, REDIS_URL are absent.""" monkeypatch.delenv("DATABASE_URL", raising=False) monkeypatch.delenv("QDRANT_URL", raising=False) monkeypatch.delenv("REDIS_URL", raising=False) monkeypatch.delenv("GENESIS_POSTGRES_HOST", raising=False) monkeypatch.delenv("GENESIS_QDRANT_HOST", raising=False) monkeypatch.delenv("GENESIS_REDIS_HOST", raising=False) from importlib import reload import core.rlm.config as cfg_mod reload(cfg_mod) with pytest.raises(ValueError, match="Missing environment variables"): cfg_mod.settings.validate() # BB-5: validate() does NOT raise when all required vars present def test_settings_validate_passes(self, monkeypatch: pytest.MonkeyPatch) -> None: """BB: validate() is silent when all required env vars are set.""" monkeypatch.setenv("DATABASE_URL", "postgresql://u:p@h/d") monkeypatch.setenv("QDRANT_URL", "https://qdrant.example.com:6333") monkeypatch.setenv("REDIS_URL", "redis://default:pwd@host:6379/0") from importlib import reload import core.rlm.config as cfg_mod reload(cfg_mod) cfg_mod.settings.validate() # Must not raise # WB-1: _env_int returns default on invalid input def test_env_int_returns_default_on_invalid( self, monkeypatch: pytest.MonkeyPatch ) -> None: """WB: _env_int gracefully falls back to default for non-integer values.""" monkeypatch.setenv("RLM_PORT", "not_a_number") from importlib import reload import core.rlm.config as cfg_mod reload(cfg_mod) assert cfg_mod.settings.rlm_port == 8100 # Default # WB-2: _env_bool accepts 'yes' / '1' / 'true' def test_env_bool_accepts_truthy_strings( self, monkeypatch: pytest.MonkeyPatch ) -> None: """WB: _env_bool returns True for 'yes', '1', 'true'.""" from core.rlm.config import _env_bool for truthy in ("yes", "1", "true", "True", "TRUE"): monkeypatch.setenv("TEST_BOOL_FLAG", truthy) assert _env_bool("TEST_BOOL_FLAG") is True # WB-3: RLM_PORT defaults to 8100 def test_rlm_port_default(self, monkeypatch: pytest.MonkeyPatch) -> None: """WB: rlm_port defaults to 8100 when RLM_PORT not set.""" monkeypatch.delenv("RLM_PORT", raising=False) from importlib import reload import core.rlm.config as cfg_mod reload(cfg_mod) assert cfg_mod.settings.rlm_port == 8100 # =========================================================================== # TestMiddleware # =========================================================================== class TestMiddleware: """Black-box and white-box tests for middleware.py.""" # BB-1: _decode_jwt returns UUID when token is valid def test_decode_jwt_returns_uuid_for_valid_token(self) -> None: """BB: Valid JWT with tenant_id claim returns a UUID.""" import jwt secret = "test_secret_123" tid = TENANT_A token = jwt.encode({"tenant_id": str(tid)}, secret, algorithm="HS256") from core.rlm.middleware import _decode_jwt result = _decode_jwt(token, secret, "HS256") assert result == tid # BB-2: _decode_jwt returns None for invalid token def test_decode_jwt_returns_none_for_bad_token(self) -> None: """BB: Invalid JWT returns None instead of raising.""" from core.rlm.middleware import _decode_jwt result = _decode_jwt("not.a.jwt", "secret", "HS256") assert result is None # BB-3: _decode_jwt handles 'sub' claim as fallback def test_decode_jwt_uses_sub_claim_as_fallback(self) -> None: """BB: 'sub' claim is used when tenant_id is absent.""" import jwt secret = "secret" tid = TENANT_A token = jwt.encode({"sub": str(tid)}, secret, algorithm="HS256") from core.rlm.middleware import _decode_jwt result = _decode_jwt(token, secret, "HS256") assert result == tid # BB-4: extract_tenant_from_headers — JWT path @pytest.mark.asyncio async def test_extract_tenant_from_headers_jwt( self, monkeypatch: pytest.MonkeyPatch ) -> None: """BB: extract_tenant_from_headers returns UUID from JWT header.""" import jwt secret = "header_secret" tid = TENANT_A token = jwt.encode({"tenant_id": str(tid)}, secret, algorithm="HS256") monkeypatch.setenv("JWT_SECRET", secret) from core.rlm.middleware import extract_tenant_from_headers result = await extract_tenant_from_headers({"Authorization": f"Bearer {token}"}) assert result == tid # BB-5: extract_tenant_from_headers returns None when no header @pytest.mark.asyncio async def test_extract_tenant_from_headers_returns_none_without_headers( self, monkeypatch: pytest.MonkeyPatch ) -> None: """BB: Returns None when no auth headers are present.""" monkeypatch.setenv("JWT_SECRET", "some_secret") from core.rlm.middleware import extract_tenant_from_headers result = await extract_tenant_from_headers({}) assert result is None # WB-1: exempt paths skip auth def test_exempt_paths_contains_health(self) -> None: """WB: /health is in the exempt paths set.""" from core.rlm.middleware import _EXEMPT_PATHS assert "/health" in _EXEMPT_PATHS # WB-2: TenantMiddleware is importable def test_tenant_middleware_importable(self) -> None: """WB: TenantMiddleware class is available from middleware module.""" from core.rlm.middleware import TenantMiddleware, _MIDDLEWARE_AVAILABLE assert _MIDDLEWARE_AVAILABLE assert TenantMiddleware is not None # WB-3: _decode_jwt returns None on wrong secret def test_decode_jwt_returns_none_on_wrong_secret(self) -> None: """WB: JWT signed with different secret returns None.""" import jwt tid = TENANT_A token = jwt.encode({"tenant_id": str(tid)}, "real_secret", algorithm="HS256") from core.rlm.middleware import _decode_jwt result = _decode_jwt(token, "wrong_secret", "HS256") assert result is None # =========================================================================== # TestApp # =========================================================================== class TestApp: """Black-box and white-box tests for app.py.""" def _get_test_client(self) -> Any: """Build a TestClient with all backend calls mocked.""" from fastapi.testclient import TestClient # Patch MemoryGateway so no real Elestio connection is made mock_gw = AsyncMock() mock_gw.is_initialized = True mock_gw.initialize = AsyncMock(return_value=None) mock_gw.close = AsyncMock(return_value=None) mock_gw.health_check = AsyncMock( return_value={"status": "healthy", "pg": True, "qdrant": True, "redis": True} ) with patch("core.rlm.app.MemoryGateway", return_value=mock_gw), \ patch("core.rlm.config.settings.validate", return_value=None): from importlib import reload import core.rlm.app as app_mod reload(app_mod) app_mod._gateway = mock_gw client = TestClient(app_mod.app, raise_server_exceptions=True) return client, app_mod # BB-1: GET /health returns 200 with healthy status def test_health_endpoint_returns_200(self) -> None: """BB: /health returns HTTP 200 with gateway status.""" client, app_mod = self._get_test_client() response = client.get("/health") assert response.status_code == 200 data = response.json() assert "status" in data assert "gateway" in data # BB-2: GET / returns 200 def test_root_endpoint_returns_200(self) -> None: """BB: / returns HTTP 200 with service name.""" client, _ = self._get_test_client() response = client.get("/") assert response.status_code == 200 assert response.json().get("service") == "rlm-neo-cortex" # BB-3: Memory router is mounted def test_memory_router_mounted(self) -> None: """BB: /api/v1/memory/health endpoint is reachable.""" client, app_mod = self._get_test_client() # Mock the gateway proxy's health_check method app_mod._gateway.health_check = AsyncMock( return_value={"status": "healthy", "pg": True, "qdrant": True, "redis": True} ) response = client.get("/api/v1/memory/health") # 200 means router is mounted; 401 from TenantMiddleware also means it's mounted assert response.status_code in (200, 401) # BB-4: Feedback router is mounted def test_feedback_router_mounted(self) -> None: """BB: /api/v1/feedback/webhook endpoint is reachable.""" client, _ = self._get_test_client() # POST with invalid body to verify route exists (not 404) response = client.post("/api/v1/feedback/webhook", json={}) assert response.status_code != 404 # BB-5: CORS headers present in response def test_cors_headers_present(self) -> None: """BB: CORS headers are injected by CORSMiddleware.""" client, _ = self._get_test_client() response = client.options( "/health", headers={"Origin": "http://localhost:3000", "Access-Control-Request-Method": "GET"}, ) # OPTIONS may return 200 or 405 but CORS headers should be set assert response.headers.get("access-control-allow-origin") is not None or \ response.status_code in (200, 405) # WB-1: get_gateway raises when gateway is None def test_get_gateway_raises_before_init(self) -> None: """WB: get_gateway() raises RuntimeError when _gateway is None.""" import core.rlm.app as app_mod original = app_mod._gateway try: app_mod._gateway = None with pytest.raises(RuntimeError, match="not initialised"): app_mod.get_gateway() finally: app_mod._gateway = original # WB-2: create_app returns FastAPI instance def test_create_app_returns_fastapi(self) -> None: """WB: create_app() returns a FastAPI application (no external dependencies needed).""" from fastapi import FastAPI # FeedbackCollector is no longer constructed at create_app() time — # it is initialised lazily inside the router. No patch needed. from importlib import reload import core.rlm.app as app_mod result = app_mod.create_app() assert isinstance(result, FastAPI) # WB-3: app module exports 'app' variable def test_app_module_exports_app(self) -> None: """WB: core.rlm.app.app is a FastAPI instance.""" from fastapi import FastAPI import core.rlm.app as app_mod assert isinstance(app_mod.app, FastAPI) # =========================================================================== # TestMCPBridge # =========================================================================== class TestMCPBridge: """Black-box and white-box tests for mcp_bridge.py.""" def _mock_bridge(self) -> "MCPBridge": # type: ignore[name-defined] """Return an MCPBridge with a mocked MemoryGateway.""" from core.rlm.mcp_bridge import MCPBridge mock_gw = AsyncMock() mock_gw.is_initialized = True mock_gw.initialize = AsyncMock(return_value=None) mock_gw.close = AsyncMock(return_value=None) bridge = MCPBridge(gateway=mock_gw) bridge._initialized = True return bridge, mock_gw # BB-1: memory_store routes to gateway.write_memory @pytest.mark.asyncio async def test_memory_store_calls_write_memory(self) -> None: """BB: memory_store translates to gateway.write_memory().""" bridge, mock_gw = self._mock_bridge() expected_record = _mock_record(tenant_id=TENANT_A, tier="episodic") mock_gw.write_memory = AsyncMock(return_value=expected_record) result_str = await bridge.memory_store( content="Customer prefers email over phone calls", user_id=str(TENANT_A), ) mock_gw.write_memory.assert_awaited_once() result = json.loads(result_str) assert result["tier"] == "episodic" assert result["stored"] is True # BB-2: memory_store returns warning for non-UUID user_id @pytest.mark.asyncio async def test_memory_store_warns_on_non_uuid(self) -> None: """BB: memory_store returns a warning when user_id is not a UUID.""" bridge, mock_gw = self._mock_bridge() result_str = await bridge.memory_store( content="Some content here", user_id="not-a-uuid", ) result = json.loads(result_str) assert result["stored"] is False assert "warning" in result mock_gw.write_memory.assert_not_awaited() # BB-3: memory_search routes to gateway.search_memories @pytest.mark.asyncio async def test_memory_search_calls_search_memories(self) -> None: """BB: memory_search translates to gateway.search_memories().""" bridge, mock_gw = self._mock_bridge() rec = _mock_record(tenant_id=TENANT_A, content="Important fact") mock_gw.search_memories = AsyncMock(return_value=[rec]) result_str = await bridge.memory_search( query="important", user_id=str(TENANT_A), ) mock_gw.search_memories.assert_awaited_once() result = json.loads(result_str) assert result["count"] == 1 assert result["results"][0]["content"] == "Important fact" # BB-4: memory_search returns empty for non-UUID user_id @pytest.mark.asyncio async def test_memory_search_returns_empty_for_non_uuid(self) -> None: """BB: Non-UUID user_id returns empty results with warning.""" bridge, mock_gw = self._mock_bridge() result_str = await bridge.memory_search(query="query", user_id="legacy-user") result = json.loads(result_str) assert result["count"] == 0 assert "warning" in result # BB-5: memory_delete calls gateway.delete_memory @pytest.mark.asyncio async def test_memory_delete_calls_gateway(self) -> None: """BB: memory_delete translates to gateway.delete_memory().""" bridge, mock_gw = self._mock_bridge() mock_gw.delete_memory = AsyncMock(return_value=True) mid = str(uuid4()) result_str = await bridge.memory_delete( memory_id=mid, user_id=str(TENANT_A), ) mock_gw.delete_memory.assert_awaited_once() result = json.loads(result_str) assert result["deleted"] is True assert result["memory_id"] == mid # BB-6: memory_store handles DISCARD tier @pytest.mark.asyncio async def test_memory_store_discard_tier_returns_stored_false(self) -> None: """BB: DISCARD-tier record returns stored=False.""" bridge, mock_gw = self._mock_bridge() discard_rec = _mock_record(tenant_id=TENANT_A, tier="discard", score=0.10) mock_gw.write_memory = AsyncMock(return_value=discard_rec) result_str = await bridge.memory_store( content="Low-value content that scores below threshold", user_id=str(TENANT_A), ) result = json.loads(result_str) assert result["stored"] is False assert result["tier"] == "discard" # BB-7: health returns gateway health dict @pytest.mark.asyncio async def test_health_returns_dict(self) -> None: """BB: health() returns status dict with pg/qdrant/redis keys.""" bridge, mock_gw = self._mock_bridge() mock_gw.health_check = AsyncMock( return_value={"status": "healthy", "pg": True, "qdrant": True, "redis": True} ) result = await bridge.health() assert result["status"] == "healthy" assert result["pg"] is True # BB-8: get_bridge returns same singleton on repeated calls def test_get_bridge_returns_singleton(self) -> None: """BB: get_bridge() returns the same instance on repeated calls.""" from core.rlm.mcp_bridge import get_bridge, reset_bridge reset_bridge() b1 = get_bridge() b2 = get_bridge() assert b1 is b2 reset_bridge() # WB-1: _resolve_tenant returns None for empty string def test_resolve_tenant_returns_none_for_empty(self) -> None: """WB: _resolve_tenant returns None for empty/blank strings.""" from core.rlm.mcp_bridge import _resolve_tenant assert _resolve_tenant("") is None assert _resolve_tenant(" ") is None assert _resolve_tenant(None) is None # type: ignore[arg-type] # WB-2: _resolve_tenant parses hex UUID without dashes def test_resolve_tenant_parses_hex_uuid(self) -> None: """WB: _resolve_tenant handles hex UUID string without dashes.""" from core.rlm.mcp_bridge import _resolve_tenant hex_uuid = TENANT_A.hex # No dashes result = _resolve_tenant(hex_uuid) assert result == TENANT_A # WB-3: MCPBridge.initialize is idempotent @pytest.mark.asyncio async def test_initialize_is_idempotent(self) -> None: """WB: Calling initialize() twice does not call gateway.initialize() twice.""" from core.rlm.mcp_bridge import MCPBridge mock_gw = AsyncMock() mock_gw.is_initialized = True bridge = MCPBridge(gateway=mock_gw) await bridge.initialize() await bridge.initialize() # initialize should only be called once (second call is a no-op) mock_gw.initialize.assert_awaited_once() # WB-4: memory_search clamps limit to [1, 100] @pytest.mark.asyncio async def test_memory_search_clamps_limit(self) -> None: """WB: Limit is clamped to 100 even when caller passes 999.""" bridge, mock_gw = self._mock_bridge() mock_gw.search_memories = AsyncMock(return_value=[]) await bridge.memory_search(query="test", user_id=str(TENANT_A), limit=999) call_kwargs = mock_gw.search_memories.call_args assert call_kwargs.kwargs.get("limit", call_kwargs.args[2] if len(call_kwargs.args) > 2 else 100) <= 100 # WB-5: register_rlm_tools adds tools to mcp instance def test_register_rlm_tools_attaches_to_mcp(self) -> None: """WB: register_rlm_tools() registers memory_store, memory_search, memory_delete.""" from core.rlm.mcp_bridge import register_rlm_tools, MCPBridge mock_mcp = MagicMock() mock_bridge = MCPBridge(gateway=AsyncMock()) register_rlm_tools(mock_mcp, bridge=mock_bridge) # @mcp.tool() decorator is called 3 times (store, search, delete) assert mock_mcp.tool.call_count == 3 # =========================================================================== # Integration smoke: end-to-end memory_store → search round-trip (mocked) # =========================================================================== class TestIntegration: """End-to-end smoke test: MCPBridge store → search → delete.""" @pytest.mark.asyncio async def test_store_search_delete_roundtrip(self) -> None: """BB+WB: Full round-trip: store, search, delete via MCPBridge.""" from core.rlm.mcp_bridge import MCPBridge mock_gw = AsyncMock() mock_gw.is_initialized = True memory_id = str(uuid4()) stored_rec = _mock_record( tenant_id=TENANT_A, content="Customer uses Mac mini, prefers Terminal", tier="episodic", score=0.71, vector_id=memory_id, ) found_rec = _mock_record( tenant_id=TENANT_A, content="Customer uses Mac mini, prefers Terminal", tier="episodic", score=0.71, vector_id=memory_id, ) mock_gw.write_memory = AsyncMock(return_value=stored_rec) mock_gw.search_memories = AsyncMock(return_value=[found_rec]) mock_gw.delete_memory = AsyncMock(return_value=True) bridge = MCPBridge(gateway=mock_gw) bridge._initialized = True # Store store_result = json.loads( await bridge.memory_store( content="Customer uses Mac mini, prefers Terminal", user_id=str(TENANT_A), ) ) assert store_result["stored"] is True assert store_result["memory_id"] == memory_id # Search search_result = json.loads( await bridge.memory_search(query="Mac mini", user_id=str(TENANT_A)) ) assert search_result["count"] == 1 assert "Mac mini" in search_result["results"][0]["content"] # Delete delete_result = json.loads( await bridge.memory_delete(memory_id=memory_id, user_id=str(TENANT_A)) ) assert delete_result["deleted"] is True # =========================================================================== # Entry point for direct execution # =========================================================================== if __name__ == "__main__": pytest.main([__file__, "-v", "--tb=short"])