feat: code quality audit + autoresearch integration + infra hardening (#150)

2026-03-08 12:50:44 -04:00
parent fd0ede0d51
commit ae3bb1cc21
186 changed files with 5129 additions and 3289 deletions
--- a/tests/dashboard/middleware/test_security_headers.py
+++ b/tests/dashboard/middleware/test_security_headers.py
@@ -2,7 +2,7 @@

 import pytest
 from fastapi import FastAPI
-from fastapi.responses import JSONResponse, HTMLResponse
+from fastapi.responses import HTMLResponse, JSONResponse
 from fastapi.testclient import TestClient


@@ -13,18 +13,18 @@ class TestSecurityHeadersMiddleware:
    def client_with_headers(self):
        """Create a test client with security headers middleware."""
        from dashboard.middleware.security_headers import SecurityHeadersMiddleware
-        
+
        app = FastAPI()
        app.add_middleware(SecurityHeadersMiddleware)
-        
+
        @app.get("/test")
        def test_endpoint():
            return {"message": "success"}
-        
+
        @app.get("/html")
        def html_endpoint():
            return HTMLResponse(content="<html><body>Test</body></html>")
-        
+
        return TestClient(app)

    def test_x_content_type_options_header(self, client_with_headers):
@@ -66,17 +66,17 @@ class TestSecurityHeadersMiddleware:
    def test_strict_transport_security_in_production(self):
        """HSTS header should be set in production mode."""
        from dashboard.middleware.security_headers import SecurityHeadersMiddleware
-        
+
        app = FastAPI()
        app.add_middleware(SecurityHeadersMiddleware, production=True)
-        
+
        @app.get("/test")
        def test_endpoint():
            return {"message": "success"}
-        
+
        client = TestClient(app)
        response = client.get("/test")
-        
+
        hsts = response.headers.get("strict-transport-security")
        assert hsts is not None
        assert "max-age=" in hsts
@@ -89,18 +89,18 @@ class TestSecurityHeadersMiddleware:
    def test_headers_on_error_response(self):
        """Security headers should be set even on error responses."""
        from dashboard.middleware.security_headers import SecurityHeadersMiddleware
-        
+
        app = FastAPI()
        app.add_middleware(SecurityHeadersMiddleware)
-        
+
        @app.get("/error")
        def error_endpoint():
            raise ValueError("Test error")
-        
+
        # Use raise_server_exceptions=False to get the error response
        client = TestClient(app, raise_server_exceptions=False)
        response = client.get("/error")
-        
+
        # Even on 500 error, security headers should be present
        assert response.status_code == 500
        assert response.headers.get("x-content-type-options") == "nosniff"