koda-core 0.2.17

Core engine for the Koda AI coding agent (macOS and Linux only)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298

//! HTTP-client configuration tests for [`build_http_client`].
//!
//! Exercises proxy-honoring, localhost-bypass, basic-auth-via-env-vars,
//! and the graceful-degradation path for invalid `HTTP_PROXY` URLs.
//!
//! ## Why not an in-source unit test?
//!
//! The behaviors under test require a real TCP socket on loopback
//! (the reqwest proxy machinery only kicks in on actual `.send()`).
//! That makes them integration tests, not unit tests.
//!
//! ## Test isolation
//!
//! All tests in this file mutate process-wide state in
//! [`koda_core::runtime_env`] (the runtime env-var map).
//! [`koda_test_utils::ENV_MUTEX`] serializes them so concurrent test
//! runners don't trample each other, and [`EnvGuard`] (defined below)
//! removes any keys this test set when it returns — even on panic.
//!
//! Related: #914 covers the missing retry/backoff/timeout layer; once
//! that lands, retry-on-429 and timeout-on-stall tests can use the
//! same `FakeLlmServer` fixtures.

use std::sync::OnceLock;

use koda_core::providers::openai_compat::OpenAiCompatProvider;
use koda_core::providers::{ChatMessage, LlmProvider};
use koda_core::{config::ModelSettings, config::ProviderType, runtime_env};
use koda_test_utils::ENV_MUTEX;
use koda_test_utils::network::FakeLlmServer;
use serde_json::{Value, json};

// ── Helpers ───────────────────────────────────────────────────────────────

/// Drops registered runtime-env keys when scope ends. Survives test panics
/// thanks to RAII, so a failing test cannot leak env state into siblings.
struct EnvGuard<'a> {
    keys: Vec<&'a str>,
}

impl<'a> EnvGuard<'a> {
    fn new() -> Self {
        Self { keys: Vec::new() }
    }

    /// Set the runtime-env var and remember to remove it at drop.
    fn set(&mut self, key: &'a str, value: &str) {
        runtime_env::set(key, value);
        self.keys.push(key);
    }
}

impl Drop for EnvGuard<'_> {
    fn drop(&mut self) {
        for k in &self.keys {
            runtime_env::remove(k);
        }
    }
}

/// Pre-clear every proxy-related env var in the **process** environment.
///
/// We can't use [`runtime_env::remove`] for these because the runtime-env
/// fallback to `std::env::var` would still surface them.
/// Returns the original values so [`PROCESS_ENV_GUARD`] can restore them.
fn snapshot_and_clear_process_proxy_env() -> Vec<(&'static str, Option<String>)> {
    const KEYS: &[&str] = &[
        "HTTP_PROXY",
        "HTTPS_PROXY",
        "http_proxy",
        "https_proxy",
        "PROXY_USER",
        "PROXY_PASS",
    ];
    let snap: Vec<_> = KEYS.iter().map(|k| (*k, std::env::var(k).ok())).collect();
    // SAFETY: ENV_MUTEX is held by the caller, so no other thread is reading
    // these vars concurrently. This block only runs in tests.
    unsafe {
        for k in KEYS {
            std::env::remove_var(k);
        }
    }
    snap
}

fn restore_process_env(snap: Vec<(&'static str, Option<String>)>) {
    // SAFETY: ENV_MUTEX still held by the caller.
    unsafe {
        for (k, v) in snap {
            match v {
                Some(val) => std::env::set_var(k, val),
                None => std::env::remove_var(k),
            }
        }
    }
}

fn ok_chat_body() -> Value {
    json!({
        "id": "chatcmpl-test",
        "object": "chat.completion",
        "created": 1_700_000_000,
        "model": "gpt-4o",
        "choices": [{
            "index": 0,
            "message": { "role": "assistant", "content": "ok" },
            "finish_reason": "stop"
        }],
        "usage": { "prompt_tokens": 1, "completion_tokens": 1, "total_tokens": 2 }
    })
}

fn settings() -> ModelSettings {
    static S: OnceLock<ModelSettings> = OnceLock::new();
    S.get_or_init(|| ModelSettings::defaults_for("gpt-4o", &ProviderType::OpenAI))
        .clone()
}

fn user_msg() -> ChatMessage {
    ChatMessage::text("user", "hi")
}

// ── Tests ─────────────────────────────────────────────────────────────────

#[tokio::test]
async fn http_proxy_routes_remote_requests_through_proxy() {
    let _g = ENV_MUTEX.lock().await;
    let proc_snap = snapshot_and_clear_process_proxy_env();

    // The proxy is a FakeLlmServer — it won't actually forward, just match
    // the path regex on the inbound proxied request and respond 200. That's
    // enough to prove "the request hit the proxy, not the origin".
    let proxy = FakeLlmServer::spawn().await;
    proxy.mount_chat_ok(ok_chat_body()).await;

    let mut env = EnvGuard::new();
    env.set("HTTP_PROXY", &proxy.url());

    // Target a non-localhost host so the proxy is consulted (the bypass
    // list excludes only localhost/127.0.0.1/::1).
    let provider =
        OpenAiCompatProvider::new("http://upstream.test.invalid", Some("sk-test".into()));
    provider
        .chat(&[user_msg()], &[], &settings())
        .await
        .expect("chat must succeed via proxy");

    let proxied = proxy.received_requests().await;
    assert_eq!(proxied.len(), 1, "request must be routed through the proxy");

    drop(env);
    restore_process_env(proc_snap);
}

#[tokio::test]
async fn localhost_traffic_bypasses_proxy_even_when_set() {
    let _g = ENV_MUTEX.lock().await;
    let proc_snap = snapshot_and_clear_process_proxy_env();

    // Two servers: a "proxy" we expect to be skipped, an "upstream" we
    // expect to receive the request directly because the URL is localhost.
    let proxy = FakeLlmServer::spawn().await;
    proxy.mount_chat_ok(ok_chat_body()).await;
    let upstream = FakeLlmServer::spawn().await;
    upstream.mount_chat_ok(ok_chat_body()).await;

    let mut env = EnvGuard::new();
    env.set("HTTP_PROXY", &proxy.url());

    let provider = OpenAiCompatProvider::new(&upstream.url(), Some("sk-test".into()));
    provider
        .chat(&[user_msg()], &[], &settings())
        .await
        .expect("chat must succeed directly to localhost upstream");

    assert_eq!(
        proxy.received_requests().await.len(),
        0,
        "proxy must be bypassed for localhost targets"
    );
    assert_eq!(
        upstream.received_requests().await.len(),
        1,
        "upstream must receive the request directly"
    );

    drop(env);
    restore_process_env(proc_snap);
}

#[tokio::test]
async fn proxy_basic_auth_from_env_vars_attaches_proxy_authorization_header() {
    let _g = ENV_MUTEX.lock().await;
    let proc_snap = snapshot_and_clear_process_proxy_env();

    let proxy = FakeLlmServer::spawn().await;
    proxy.mount_chat_ok(ok_chat_body()).await;

    let mut env = EnvGuard::new();
    env.set("HTTP_PROXY", &proxy.url());
    env.set("PROXY_USER", "alice");
    env.set("PROXY_PASS", "s3cret");

    let provider =
        OpenAiCompatProvider::new("http://upstream.test.invalid", Some("sk-test".into()));
    provider
        .chat(&[user_msg()], &[], &settings())
        .await
        .expect("chat must succeed via authenticated proxy");

    let proxied = proxy.received_requests().await;
    assert_eq!(proxied.len(), 1);
    let auth = proxied[0]
        .headers
        .get("proxy-authorization")
        .expect("Proxy-Authorization header must be set when PROXY_USER/PROXY_PASS are present");
    // Basic alice:s3cret = YWxpY2U6czNjcmV0
    assert_eq!(auth, "Basic YWxpY2U6czNjcmV0");

    drop(env);
    restore_process_env(proc_snap);
}

#[tokio::test]
async fn invalid_proxy_url_degrades_gracefully_to_no_proxy() {
    let _g = ENV_MUTEX.lock().await;
    let proc_snap = snapshot_and_clear_process_proxy_env();

    // Garbage proxy URL: the production code logs a warning and returns a
    // proxy-less client rather than panicking. Verify by making a request
    // to a localhost upstream and checking it actually arrives.
    let upstream = FakeLlmServer::spawn().await;
    upstream.mount_chat_ok(ok_chat_body()).await;

    let mut env = EnvGuard::new();
    env.set("HTTP_PROXY", "://this is not a url@@@");

    let provider = OpenAiCompatProvider::new(&upstream.url(), Some("sk-test".into()));
    provider
        .chat(&[user_msg()], &[], &settings())
        .await
        .expect("chat must still succeed when HTTP_PROXY is malformed");

    assert_eq!(
        upstream.received_requests().await.len(),
        1,
        "malformed proxy URL must not block legitimate localhost traffic"
    );

    drop(env);
    restore_process_env(proc_snap);
}

#[tokio::test]
async fn read_timeout_aborts_silent_servers_quickly() {
    // Regression: previously the reqwest client had no read_timeout, so a
    // server that accepted the connection but then went silent (or a
    // half-open socket a NAT box quietly dropped) would hang the agent
    // forever. Now KODA_READ_TIMEOUT_SECS bounds idle time between reads.
    let _g = ENV_MUTEX.lock().await;
    let proc_snap = snapshot_and_clear_process_proxy_env();

    let upstream = FakeLlmServer::spawn().await;
    // Server takes 3s to start sending; client should give up at ~1s.
    upstream
        .mount_chat_delayed(std::time::Duration::from_secs(3), ok_chat_body())
        .await;

    let mut env = EnvGuard::new();
    env.set("KODA_READ_TIMEOUT_SECS", "1");

    let provider = OpenAiCompatProvider::new(&upstream.url(), Some("sk-test".into()));

    let started = std::time::Instant::now();
    let result = provider.chat(&[user_msg()], &[], &settings()).await;
    let elapsed = started.elapsed();

    assert!(result.is_err(), "stalled server must produce an error");
    // Generous bound: must abort well before the 3s server delay finishes.
    // A passing test typically takes ~1.0–1.2s. >2s means the timeout
    // didn't fire and reqwest waited for the full server delay.
    assert!(
        elapsed < std::time::Duration::from_millis(2500),
        "should error in ~1s, took {elapsed:?} — read_timeout likely not applied"
    );

    let msg = format!("{:?}", result.unwrap_err()).to_lowercase();
    // reqwest surfaces this as a timeout-flavored error. Don't pin the
    // exact wording (varies by reqwest version) — just look for the
    // expected vocabulary.
    assert!(
        msg.contains("timeout") || msg.contains("timed out") || msg.contains("operation"),
        "error should mention timeout, got: {msg}"
    );

    drop(env);
    restore_process_env(proc_snap);
}